Branches for Squeeze

Author: Adam D. Barratt
Revision Date: 2014-07-16 06:16:57 UTC

Rebuild against squeeze-proposed-updates

Author: Thijs Kinkhorst
Revision Date: 2014-06-30 13:45:39 UTC

* Packages updated

[ cups (1.4.4-7+squeeze4) oldstable-security; urgency=high ]

* Backport security fix from cups-filters 1.0.47:
  pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
  CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
  arbitrary code execution with the privileges of the "lp" user via
  malicious PDF files. Also restrict the directory from where OPVP drivers
  can get loaded (#741333)

[ curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium ]

* Fix multiple security issues (#742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]

* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
  certificate validation issue. CVE-2014-0092

Author: Aurelien Jarno
Revision Date: 2014-06-15 22:24:07 UTC

* New upstream version.
  - New DST for Egypt.
  - New DST for Morroco.

Author: Santiago Vila
Revision Date: 2014-06-11 23:03:46 UTC

Changed /etc/debian_version to 6.0.10, for Debian 6.0.10 point release.

Author: Raphael Geissert
Revision Date: 2014-06-06 15:41:36 UTC

Bring mobile providers list up to date in oldstable. (Closes: #641469)

Author: Felix Geyer
Revision Date: 2014-05-21 22:44:27 UTC

* Fix possibility of local privilege escalation when using daemon mode.
  (Closes: #748910)
  - CVE-2014-0240
  - Backport upstream commit d9d5fea.
* Fix possibility of disclosure via Content-Type response header.
  - CVE-2014-0242
  - Backport upstream commit b0a149c.

Author: Salvatore Bonaccorso
Revision Date: 2014-05-21 17:48:07 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2014-0749.patch patch.
  CVE-2014-0749: Fix stack-based buffer overflow vulnerability which can
  be exploited in order to remotely execute code from an unauthenticated
  perspective. (Closes: #748827)

Author: Salvatore Bonaccorso
Revision Date: 2014-05-18 11:23:21 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2014-1418.patch patch.
  CVE-2014-1418: Caches may be allowed to store and serve private data.
* Add CVE-2014-3730.patch patch.
  CVE-2014-3730: Malformed URLs from user input incorrectly validated.

Author: dann frazier
Revision Date: 2014-05-14 11:54:02 UTC

* Rebuild against linux-source-2.6.32 (2.6.32-48squeeze5):
  * CVE-2014-0196: Jiri Slaby discovered a race condition in the pty
    layer, which could lead to denial of service or privilege escalation.
  * CVE-2014-1737 / CVE-2014-1738: Matthew Daley discovered that
    missing input sanitising in the FDRAWCMD ioctl and an information
    leak could result in privilege escalation.

Author: Moritz Muehlenhoff
Revision Date: 2014-05-12 19:38:43 UTC

[ Moritz Muehlenhoff ]
* CVE-2014-0196: Jiri Slaby discovered a race condition in the pty
  layer, which could lead to denial of service or privilege escalation.
* CVE-2014-1737 / CVE-2014-1738: Matthew Daley discovered that
  missing input sanitising in the FDRAWCMD ioctl and an information
  leak could result in privilege escalation.

Author: Julien Cristau
Revision Date: 2014-05-09 11:40:11 UTC

* CVE-2014-0209: integer overflow of allocations in font metadata
* CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
* CVE-2014-0211: integer overflows calculating memory needs for xfs replies

Author: Ryan Kavanagh
Revision Date: 2014-05-07 09:29:17 UTC

Fix user-assisted security vulnerability:
This fixes a user-assisted arbitrary commands execution vulnerability that
could be exploited using certain escape sequences in a crafted text file
or program output (CVE-2014-3121) (Closes: #746593)

Author: Bernhard R. Link
Revision Date: 2014-05-03 20:58:02 UTC

* Security-Upload
* replace subject indent patch to fix
  CVE-2014-0469 xbuffy stack-based buffer overflow in subject processing
* refresh following patches where necessary

Author: Sebastian Ramacher
Revision Date: 2014-04-25 16:14:59 UTC

* Team upload.
* debian/patches/0002-CVE-2014-2892.patch: Apply upstream patch for
  CVE-2014-2892. (Closes: #745301)

Author: Salvatore Bonaccorso
Revision Date: 2014-04-24 07:32:40 UTC

* Non-maintainer upload by the Security Team.
* Imported Upstream version 6.31
  - See advisory in https://drupal.org/SA-CORE-2014-002
  - Information disclosure (CVE-2014-2983)

Author: Robert Luberda
Revision Date: 2014-04-23 00:30:28 UTC

Add 14-Fix-unchecked-setuid-call.patch to fix a flaw in `super -F'
command which might open super for RLIMIT_NPROC style exploits on
older 2.6 kernels (CVE-2014-0470).

Author: Raphael Geissert
Revision Date: 2014-04-22 23:14:30 UTC

* Non-maintainer upload by the Security Team.
* Fix a regression in the decoding of chroma-subsampled images,
  introduced by one of the patches for CVE-2013-6045 (Closes: #734238).

Author: Craig Small
Revision Date: 2014-04-21 09:47:09 UTC

* Non-maintainer upload by the Security Team.
* fixed dependency for libjs-cropper Closes: #745189

Author: Felix Geyer
Revision Date: 2014-04-14 11:33:29 UTC

* Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602)
  - CVE-2014-0981, CVE-2014-0983
  - Backport fixes from version 3.2.22 in debian/patches/CVE-2014-0981.patch
    and debian/patches/CVE-2014-0983.patch

Author: Alessandro Ghedini
Revision Date: 2014-04-09 19:47:38 UTC

* Fix multiple security issues (Closes: #742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

Author: Martin Pitt
Revision Date: 2014-03-31 13:23:36 UTC

New upstream bug fix release. No security issues or major data loss fixes
this time, see release.html for details.

Author: Salvatore Bonaccorso
Revision Date: 2014-03-30 18:14:06 UTC

* Non-maintainer upload by the Security Team.
* Add 09_CVE-2001-1593.dpatch patch.
  CVE-2011-1593: Fix insecure use of /tmp
  Thanks to Jakub Wilk <jwilk@debian.org> (Closes: #737385)
* Add 10_CVE-2014-0466.dpatch patch.
  CVE-2014-0466: fixps does not invoke gs with -dSAFER. A malicious
  PostScript file could delete files with the privileges of the invoking
  user.
  Thanks to brian m. carlson <sandals@crustytoothpaste.net> (Closes: #742902)

Author: Emmanuel Bourg
Revision Date: 2014-03-25 15:48:50 UTC

* Team upload.
* Fix CVE-2014-0107: Strengthen the secure processing mode by disabling
  external general entities, foreign attributes and access to the system
  properties. This could be exploited to execute arbitrary code remotely.
  (Closes: #742577)

Author: Salvatore Bonaccorso
Revision Date: 2014-03-23 08:38:33 UTC

* Team upload.
* Add CVE-2014-2525.patch patch.
  CVE-2014-2525: Heap overflow when parsing YAML tags.
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c.

Author: Salvatore Bonaccorso
Revision Date: 2014-03-20 00:04:03 UTC

* Non-maintainer upload by the Security Team.
* CVE-2014-2525: Heap overflow when parsing YAML tags.
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c.

Author: Scott Kitterman
Revision Date: 2014-03-19 10:46:01 UTC

[ Sebastian Andrzej Siewior ]
* Postinst scripts: fix empty access and broken freshclam.conf in
  clamav-base.postinst.in and clamav-freshclam.postinst.in (Closes: #741675)
* Postinst scripts: fix quoting

[ Andreas Cadhalpun ]
* Add templates and adapt postinst and config scripts for the new options
  in 0.98 to fix the creation of the configuration files (Closes: #741675)
* Reset new options to default to fix breakage in previous upload
* Automatically updated translation files

Author: Salvatore Bonaccorso
Revision Date: 2014-03-18 20:54:04 UTC

* Non-maintainer upload by the Security Team.
* Add 0006-CVE-2014-1947-Fix-buffer-overflow-when-handling-PSD-images.patch patch.
  CVE-2014-1947: Fix buffer overflow when handling PSD images.
  (Closes: #740250)
* Add 0007-Prevent-buffer-overflow-in-messaging-system.patch patch.
  Add upstream patch to prevent buffer overflow in messaging system.

Author: Michael Gilbert
Revision Date: 2014-03-13 02:10:46 UTC

* Non-maintainer upload by the Security Team.
* Fix cve-2014-2323: mod_mysql_vhost SQL injection.
* Fix cve-2014-2324: traversal through paths involving "[...]".

Author: Evgeni Golov
Revision Date: 2014-03-11 18:21:25 UTC

* Non-maintainer upload.
* Fix buffer overrun caused by not updating a string length after
  address expansion.
  Fixes: CVE-2014-0467
  Closes: #708731

Author: Martin Pitt
Revision Date: 2014-03-10 11:22:38 UTC

SECURITY UPDATE: Add 00git_mount_path_overflow.patch to fix buffer
overflow in mount path parsing. A malicious, local user could use this
flaw to create a specially-crafted mount point directory structure that
could lead to arbitrary code execution with the privileges of the udisks
daemon (root). [CVE-2014-0004]

Author: Laurent Bigonville
Revision Date: 2014-03-07 16:58:56 UTC

Old-stable security update: Reset the PRNG state after accepting a new
connection (CVE-2014-0017)

Author: Sébastien Villemot
Revision Date: 2014-03-03 20:04:16 UTC

yahoo-new-URLs.patch: new patch, updates URLs of Yahoo! Finance services.
(Closes: #739142)

Author: Andreas Metzler
Revision Date: 2014-03-01 08:02:14 UTC

22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
certificate validation issue. CVE-2014-0092

Author: Mike Gabriel
Revision Date: 2014-02-27 12:13:43 UTC

* debian/control:
  + Update Uploaders: field. Use same uploaders as specified
    in latest version in Debian unstable (2014.02.27).
* Keyrings:
  + Update debian-edu-archive-keyring.gpg keyring file as found in
    latest package version in Debian unstable (2014.02.27).
    (Closes: #740147).

Author: Patrick Matthäi
Revision Date: 2014-02-20 13:33:07 UTC

* Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as
  OSA-2014-01:
  An attacker that managed to take over the session of a logged in customer
  could create tickets and/or send follow-ups to existing tickets due to
  missing challenge token checks.
* Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
  OSA-2014-02:
  An attacker with a valid customer or agent login could inject SQL in
  the ticket search URL.

Author: Magnus Holmgren
Revision Date: 2014-02-16 19:44:16 UTC

* [SECURITY] CVE-2013-4420: Strip out leading slashes and any
  pathname prefix containing ".." components (Closes: #731860). This is
  done in th_get_pathname() (as well as to symlink targets when
  extracting symlinks), not merely when extracting files, which means
  applications calling that function will not see the stored
  filename. There is no way to disable this behaviour, but it can be
  expected that one will be provided when the issue is solved upstream.
* Make the th_get_size() macro cast the result from oct_to_int() to
  unsigned int. This is the right fix for bug #725938 on 64-bit systems,
  where a specially crafted tar file would not cause an integer
  overflow, but a memory allocation of almost 16 exbibytes, which would
  certainly fail outright without harm.

Author: Emmanuel Bourg
Revision Date: 2014-02-07 17:12:35 UTC

* Team upload.
* Fix CVE-2014-0050: Specially crafted input can trigger an infinite loop
  if the buffer used by the MultipartStream is not big enough. When
  constructing MultipartStream enforce the requirements for buffer size
  by throwing an IllegalArgumentException if the requested buffer size is
  too small. This prevents the DoS.
* Enable the unit tests

Author: Florian Weimer
Revision Date: 2014-02-03 22:27:37 UTC

Apply patch from Tomasz Wasilczyk to fix CVE-2013-6487.

Author: Niels Thykier
Revision Date: 2014-01-31 18:44:30 UTC

 * [CVE-2014-1638] Create tempfiles in a safe manner using
   mktemp. Thanks to Helmut Grohne for reporting the
   issue and helping with the patch. (Closes: #736359)
 * Remove the creation of /var/tmp/reinstall_debs.sh during
   postrm.

Author: Thijs Kinkhorst
Revision Date: 2014-01-31 11:18:31 UTC

* Packages updated

[ pixman (0.16.4-1+deb6u1) squeeze-security; urgency=high ]

* pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT
  Addresses CVE-2013-6425

Author: Micah Anderson
Revision Date: 2014-01-30 11:43:09 UTC

Fix for CVE-2014-1691 (Closes: #737149)

Author: Josselin Mouette
Revision Date: 2014-01-24 14:55:48 UTC

CVE-2013-1881.policy.patch: updated from Raphaël Geissert. Fix
policy check for non-URIs. Closes: #732144.

Author: Yves-Alexis Perez
Revision Date: 2014-01-23 22:32:10 UTC

[ Helmut Grohne ]
* Non-maintainer upload by the Security Team.
* Fix regression another regression. Closes: 734329.

Author: David Prévot
Revision Date: 2014-01-20 14:42:46 UTC

* Document fixed #729172
* Document CVE in previous changelog entries
* Fix XSS on signature from author [CVE-2013-7303] (Closes: #736170)

Author: Christoph Egger
Revision Date: 2010-01-09 19:09:30 UTC

Update zerfleddert patch fixing the sparc issue (Closes: #564319)
(LP: #505080), thanks to Kamal Mostafa for the report and the patch

Author: =?iso-8859-15?q?Moritz_M=C3=BChlenhoff?=
Revision Date: 2014-01-14 10:40:30 UTC

* New upstream release
  http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html
* Update patches
* Disable flaky test rpl.rpl_innodb_bug28430 breaking the build. It's marked
  as experimental by upstream and the internet is full of reports about it's
  unrelialibity

Author: Raphael Geissert
Revision Date: 2014-01-13 17:20:00 UTC

* Non-maintainer upload by the Security Team.
* Fix CVE-2012-6535: denial of service or possible arbitrary code
  execution via a heap memory overflow.

Author: Salvatore Bonaccorso
Revision Date: 2014-01-11 15:19:46 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2014-0978.patch patch.
  CVE-2014-0978: Fix stack-based buffer overflow due to a boundary error
  in the "yyerror()" function. (Closes: #734745)
* Add CVE-2014-1236.patch patch.
  CVE-2014-1236: buffer overflow from user input (the regexp in chkNum
  would accept arbitrary long digit list) (Closes: #734745)

Author: Bas Couwenberg
Revision Date: 2014-01-10 04:21:27 UTC

* Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
  msPostGISLayerSetTimeFilter function in mappostgis.c.
  (closes: #734565)
* Remove debhelper log files to allow clean builds.

Author: Dominic Hargreaves
Revision Date: 2014-01-09 19:32:26 UTC

Include patch from 4.381 fixing XSS vulnerability (CVE-2014-0977)
(Closes: #734304)

Author: Salvatore Bonaccorso
Revision Date: 2014-01-02 16:22:57 UTC

* Non-maintainer upload by the Security Team.
* Add 1009_CVE-2013-2139.patch patch.
  CVE-2013-2139: buffer overflow in application of crypto profiles.
  (Closes: #711163)

Author: Stig Sandbeck Mathisen
Revision Date: 2013-12-30 19:00:01 UTC

Import patch for tempfile security vulnerability (CVE-2013-4969)
Thanks to Luciano Bello <luciano@debian.org>

Author: Tzafrir Cohen
Revision Date: 2013-12-20 21:00:49 UTC

* Backport of fixes in Asterisk 1.8.24.1 (Closes: #732355):
  - Patch AST-2013-006: fixes a buffer overflow in app_sms.
  - Patch AST-2013-007: guards access to code execution from remote interfaces
    - but patch out the change in asterisk.conf.
    - Patch ASTERISK-20658: fixes potential crash with asterisk-realtime

Author: Julien Cristau
Revision Date: 2013-12-16 18:44:45 UTC

pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT
Addresses CVE-2013-6425

Author: Raphael Geissert
Revision Date: 2013-12-16 09:38:13 UTC

* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems

Author: Raphael Geissert
Revision Date: 2013-12-15 10:47:47 UTC

Changeless upload to use the .orig tarball as found in ftp-master.

Author: Thijs Kinkhorst
Revision Date: 2013-12-14 08:28:15 UTC

Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576]

Author: Moritz Muehlenhoff
Revision Date: 2013-12-10 16:02:40 UTC

CVE-2013-0200 CVE-2013-4325 CVE-2013-6402

Author: Moritz Muehlenhoff
Revision Date: 2013-12-05 19:51:27 UTC

* CVE-2012-3403 CVE-2012-3481 CVE-2012-5576
* CVE-2013-1913 CVE-2013-1978

Author: Antonio Terceiro
Revision Date: 2013-12-01 19:47:31 UTC

[ Raphaël Hertzog ]
debian/patches/CVE-2013-4164.patch: add upstream patch to fix heap
overflow in floating point parsing. Closes: #730178

Author: Matthijs Kooijman
Revision Date: 2013-11-29 12:11:14 UTC

[d2a7867] Fix CVE-2013-6411 (Denial of service using forcefully
crashed aircrafts). See http://security.openttd.org/en/CVE-2013-6411
for details.

Author: Axel Beckert
Revision Date: 2013-11-28 16:42:44 UTC

Add patch against integer overflow in graphics mode (CVE-2013-6050)

Author: Wouter Verhelst
Revision Date: 2013-11-26 22:27:36 UTC

Cherry-pick df890c99337a255979e608d71f42401c0cddd5e0 from git HEAD
to fix parsing of authfile files.

Author: Per Andersson
Revision Date: 2013-11-24 23:51:54 UTC

* Non-maintainer upload
* Fix remote code injection when viewing attachments, CVE-2013-4478 and
  CVE-2013-4479 (Closes: #728232)

Author: Salvatore Bonaccorso
Revision Date: 2013-11-23 07:33:29 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
  CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
  remote attackers to cause a denial of service or possibly have
  unspecified other impact via invalid handshake packets.

Author: yangoon
Revision Date: 2013-11-01 13:54:52 UTC

Adding patch to sanitize correctly the file extension of temporary
files received by the server (s. https://bugs.tryton.org/issue3446).

Author: Jelmer Vernooij
Revision Date: 2010-05-27 21:58:49 UTC

New upstream release.

Author: Antonio Terceiro
Revision Date: 2013-10-23 19:08:55 UTC

* Team upload.
* Fix wrong patch for CVE-2011-5036 (Closes: #727187)

Author: Salvatore Bonaccorso
Revision Date: 2013-02-27 21:30:04 UTC

* Non-maintainer upload by the Security Team.
* [SECURITY] CVE-2013-1049: fix buffer overflow in rfc1413 (ident) client.
  Thanks to Malcolm Scott <debianpkg@malc.org.uk> and Marc Deslauriers
  <marc.deslauriers@ubuntu.com> (Closes: #700098) (LP: #1104425)

Author: Christoph Berg
Revision Date: 2013-10-19 14:55:00 UTC

Update hardcoded cookie expiration date from 2013 to 2025. Thanks to
Andrew Bezella for the patch. (Closes: #726762)

Author: Roland Stigge
Revision Date: 2013-10-16 20:04:47 UTC

* New upstream release
  - Fixes CVE-2013-5914 CVE-2013-5915 (Closes: #725359)

Author: Sebastian Ramacher
Revision Date: 2013-10-15 18:45:52 UTC

* Non-maintainer upload.
* debian/patches/CVE-2013-1445.patch: Apply upstream patch to fix
  CVE-2013-1445: PRNG not correctly reseeded in some situations.

Author: Michael Gilbert
Revision Date: 2013-10-13 05:33:28 UTC

* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
  abruptly.

Author: Felix Geyer
Revision Date: 2013-10-10 21:21:29 UTC

* Fix CVE-2013-4365: heap buffer overwrite. (Closes: #725942)
  - Add debian/patches/30_CVE-2013-4365.dpatch

Author: Emmanuel Bouthenot
Revision Date: 2013-10-10 06:27:01 UTC

Fix endless loop in wwsympa while loading session data including
metacharacters like regexp symbols (Closes: #654622)

Author: Thomas Goirand
Revision Date: 2013-10-09 16:40:43 UTC

Upstream fix for XSS, path traversal and auth vulnerabilities.

Author: Eric Dorland
Revision Date: 2013-10-08 18:27:16 UTC

* debian/patches/{05-cve-2013-4402_p1.diff,06-cve-2013-4402_p2.diff}:
  Fix for CVE-2013-4402, "infinite recursion in the compressed packet
  parser". (Closes: #725433)
* debian/patches/07-cve-2013-4351.diff: Fix for CVE-2013-4351, "treats
  no-usage-permitted keys as all-usages-permitted". (Closes: #722724)

Author: Dmitry Smirnov
Revision Date: 2013-10-08 12:49:19 UTC

* CVE-2013-5743: fixed SQL injection vulnerability.
* CVE-2011-3263: prevent zabbix_agentd DoS attack with vfs.file.cksum.
* CVE-2011-3265/CVE-2011-3264: fixed possible path disclosure.
* CVE-2011-3265: added pop up field name parameter validation.
* CVE-2013-1364: fixed the ability to override LDAP configuration when
  calling user.login via API (Closes: #698541).
* Refreshed "no-swf-clock" patch.

Author: Tomasz Rybak
Revision Date: 2013-10-04 17:54:19 UTC

Remove non-free file from examples (#722014, #723793).

Author: Aurelien Jarno
Revision Date: 2013-10-02 13:53:24 UTC

Backport patches from upstream to skip probing for EDID or graphics
cards, as it might causes hardware breakage (closes: #724736).

Author: Konstantin Khomoutov
Revision Date: 2013-09-30 17:10:02 UTC

Disable SSLv2 and weak/export cyphers in TLS driver (closes: #724993).

Author: Kari Pahula
Revision Date: 2013-09-29 20:36:39 UTC

Fix insecure default tntnet.conf. (Closes: #724746)

Author: Nico Golde
Revision Date: 2013-09-28 16:49:44 UTC

* Non-maintainer upload by the Security Team.
* Fix invalid pool authentication in mod_sftp/mod_sftp_pam during kbdint
  authentication leading to DoS conditions (CVE-2013-4359; Closes: #723179).

Author: Salvatore Bonaccorso
Revision Date: 2013-09-21 17:58:58 UTC

* Non-maintainer upload by the Security Team.
* Add 30_CVE-2013-4314.dpatch.
  CVE-2013-4314: Fix hostname check bypassing vulnerability with server
  certificates that have a null byte in the subjectAltName. (Closes: #722055)

Author: Moritz Muehlenhoff
Revision Date: 2013-09-21 12:15:18 UTC

CVE-2013-4502, CVE-2013-4503

Author: Steve McIntyre
Revision Date: 2013-09-18 06:43:51 UTC

Backport fix from upstream: Do not create empty pagedir (with
empty edit-log). Closes: #721557

Author: Steve McIntyre
Revision Date: 2013-09-14 23:45:44 UTC

* Fixes for various long-standing security issues found by Hamid
  Zamani <me@hamidx9.ir>. Closes: #720287
  + Validate the port offset of nasd to fix a potential buffer overflow
    (CVE-2013-4256)
  + Use better string functions to guard against heap overflows
    (CVE-2013-4257)
  + Sanity-check the TCP_DEVICE environment variable for safety.
* Fix string handling in aulog.c:osLogMsg() to fix missing format string
  in call to syslog() (CVE-2013-4258).

Author: Jonathan Wiltshire
Revision Date: 2013-09-08 19:53:58 UTC

CVE-2013-4302: apply patch from upstream to prevent
access to anti-CSRF tokens via JSONP

Author: Sven Eckelmann
Revision Date: 2013-09-04 21:27:57 UTC

Add debian/patches/CVE-2013-1441.patch,
Fix CVE-2013-1441: exactimage: DoS, econvert crashes

Author: Zed Pobre
Revision Date: 2013-09-02 22:22:22 UTC

* Merge all changes from latest upstream Git repository (0.8.8.4 with
  additional patches), including the following security changes:
  * CVE-2013-4233: fix integer overflow in load_abc.cpp
  * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord
* Closes: #719642

Author: Scott Kitterman
Revision Date: 2013-08-31 16:07:06 UTC

* Add debian/patches/loadUI.diff (Closes: #697348)
  - Code backported from stable (4.9.3) version
  - Thanks to Jerome Kieffer for pointing out the fix and testing it

Author: Paul Gevers
Revision Date: 2013-08-28 20:52:20 UTC

* Security upload
* Fix Cross site scripting in host.php and install/index.php (upstream
  bug 2383) CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
  CVE-2013-5589

Author: Jay Berkenbilt
Revision Date: 2013-08-24 11:23:03 UTC

* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
  (Closes: #719303)
* Incorporated fix to CVE-2013-4244.

Author: Magnus Holmgren
Revision Date: 2013-08-15 09:37:47 UTC

ipv6_buffer_miscalculation.dpatch: Include further fixes from wheezy
(Closes: #718581).

Author: Colin Watson
Revision Date: 2013-08-08 23:37:19 UTC

* CVE-2011-4607: Passwords were left in memory using SSH
  keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Nathan Scott
Revision Date: 2013-08-08 09:15:39 UTC

* Provides resolution for no-dsa security advisory CVE-2012-5530
* Backport SuSE insecure tmpfile handling fixes (closes: #698735)

Author: Jelmer Vernooij
Revision Date: 2010-05-27 21:58:49 UTC

New upstream release.

Author: Andreas Metzler
Revision Date: 2013-07-27 13:42:31 UTC

* Pull and unfuzzz code changes from 1.5.3 security fix release from
  upstream GIT:
  + [35_bug-in-mpi_powm-for-e-0.patch] mpi/mpi-pow.c (gcry_mpi_powm) - For
    a zero exponent, make sure that the result has been allocated.
  + [36_Mitigate-flush-reload-cache-attack-on-RSA.patch] Mitigate a
    flush+reload cache attack on RSA secret exponents.
    <http://eprint.iacr.org/2013/448>
  This fixes CVE-2013-4242.

Author: Salvatore Bonaccorso
Revision Date: 2013-07-27 11:09:40 UTC

* Non-maintainer upload by the Security Team.
* CVE-2013-4854: A specially crafted query that includes malformed rdata can
  cause named to terminate with an assertion failure while rejecting the
  malformed query. (Closes: #717936).

Author: Thijs Kinkhorst
Revision Date: 2013-07-25 14:28:53 UTC

* Non-maintainer upload.
* Fix security issue in radius_get_vendor_attr()
  (CVE-2013-2220, closes: #714362)