Branches for Squeeze

Name Status Last Modified Last Commit
lp://staging/debian/squeeze/debian-installer-netboot-images Development 2014-07-16 06:16:57 UTC
10. Rebuild against squeeze-proposed-updates

Author: Adam D. Barratt
Revision Date: 2014-07-16 06:16:57 UTC

Rebuild against squeeze-proposed-updates

lp://staging/debian/squeeze/ia32-libs Development 2014-06-30 13:45:39 UTC
23. * Packages updated [ cups (1.4.4-7+s...

Author: Thijs Kinkhorst
Revision Date: 2014-06-30 13:45:39 UTC

* Packages updated

[ cups (1.4.4-7+squeeze4) oldstable-security; urgency=high ]

* Backport security fix from cups-filters 1.0.47:
  pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
  CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
  arbitrary code execution with the privileges of the "lp" user via
  malicious PDF files. Also restrict the directory from where OPVP drivers
  can get loaded (#741333)

[ curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium ]

* Fix multiple security issues (#742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]

* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
  certificate validation issue. CVE-2014-0092

lp://staging/debian/squeeze/tzdata Development 2014-06-15 22:24:07 UTC
77. * New upstream version. - New DST f...

Author: Aurelien Jarno
Revision Date: 2014-06-15 22:24:07 UTC

* New upstream version.
  - New DST for Egypt.
  - New DST for Morroco.

lp://staging/debian/squeeze/base-files Development 2014-06-11 23:03:46 UTC
29. Changed /etc/debian_version to 6.0.10...

Author: Santiago Vila
Revision Date: 2014-06-11 23:03:46 UTC

Changed /etc/debian_version to 6.0.10, for Debian 6.0.10 point release.

lp://staging/debian/squeeze/mobile-broadband-provider-info Development 2014-06-06 15:41:36 UTC
20. Bring mobile providers list up to dat...

Author: Raphael Geissert
Revision Date: 2014-06-06 15:41:36 UTC

Bring mobile providers list up to date in oldstable. (Closes: #641469)

lp://staging/debian/squeeze/mod-wsgi Development 2014-05-21 22:44:27 UTC
16. * Fix possibility of local privilege ...

Author: Felix Geyer
Revision Date: 2014-05-21 22:44:27 UTC

* Fix possibility of local privilege escalation when using daemon mode.
  (Closes: #748910)
  - CVE-2014-0240
  - Backport upstream commit d9d5fea.
* Fix possibility of disclosure via Content-Type response header.
  - CVE-2014-0242
  - Backport upstream commit b0a149c.

lp://staging/debian/squeeze/torque Development 2014-05-21 17:48:07 UTC
11. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-05-21 17:48:07 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2014-0749.patch patch.
  CVE-2014-0749: Fix stack-based buffer overflow vulnerability which can
  be exploited in order to remotely execute code from an unauthenticated
  perspective. (Closes: #748827)

lp://staging/debian/squeeze/python-django Development 2014-05-18 11:23:21 UTC
25. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-05-18 11:23:21 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2014-1418.patch patch.
  CVE-2014-1418: Caches may be allowed to store and serve private data.
* Add CVE-2014-3730.patch patch.
  CVE-2014-3730: Malformed URLs from user input incorrectly validated.

lp://staging/debian/squeeze/user-mode-linux Development 2014-05-14 11:54:02 UTC
15. * Rebuild against linux-source-2.6.32...

Author: dann frazier
Revision Date: 2014-05-14 11:54:02 UTC

* Rebuild against linux-source-2.6.32 (2.6.32-48squeeze5):
  * CVE-2014-0196: Jiri Slaby discovered a race condition in the pty
    layer, which could lead to denial of service or privilege escalation.
  * CVE-2014-1737 / CVE-2014-1738: Matthew Daley discovered that
    missing input sanitising in the FDRAWCMD ioctl and an information
    leak could result in privilege escalation.

lp://staging/debian/squeeze/linux-2.6 Development 2014-05-12 19:38:43 UTC
52. [ Moritz Muehlenhoff ] * CVE-2014-019...

Author: Moritz Muehlenhoff
Revision Date: 2014-05-12 19:38:43 UTC

[ Moritz Muehlenhoff ]
* CVE-2014-0196: Jiri Slaby discovered a race condition in the pty
  layer, which could lead to denial of service or privilege escalation.
* CVE-2014-1737 / CVE-2014-1738: Matthew Daley discovered that
  missing input sanitising in the FDRAWCMD ioctl and an information
  leak could result in privilege escalation.

lp://staging/debian/squeeze/libxfont Development 2014-05-09 11:40:11 UTC
19. * CVE-2014-0209: integer overflow of ...

Author: Julien Cristau
Revision Date: 2014-05-09 11:40:11 UTC

* CVE-2014-0209: integer overflow of allocations in font metadata
* CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
* CVE-2014-0211: integer overflows calculating memory needs for xfs replies

lp://staging/debian/squeeze/rxvt-unicode Development 2014-05-07 09:29:17 UTC
9. Fix user-assisted security vulnerabil...

Author: Ryan Kavanagh
Revision Date: 2014-05-07 09:29:17 UTC

Fix user-assisted security vulnerability:
This fixes a user-assisted arbitrary commands execution vulnerability that
could be exploited using certain escape sequences in a crafted text file
or program output (CVE-2014-3121) (Closes: #746593)

lp://staging/debian/squeeze/xbuffy Development 2014-05-03 20:58:02 UTC
8. * Security-Upload * replace subject i...

Author: Bernhard R. Link
Revision Date: 2014-05-03 20:58:02 UTC

* Security-Upload
* replace subject indent patch to fix
  CVE-2014-0469 xbuffy stack-based buffer overflow in subject processing
* refresh following patches where necessary

lp://staging/debian/squeeze/libmms Development 2014-04-25 16:14:59 UTC
7. * Team upload. * debian/patches/0002-...

Author: Sebastian Ramacher
Revision Date: 2014-04-25 16:14:59 UTC

* Team upload.
* debian/patches/0002-CVE-2014-2892.patch: Apply upstream patch for
  CVE-2014-2892. (Closes: #745301)

lp://staging/debian/squeeze/drupal6 Development 2014-04-24 07:32:40 UTC
20. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-04-24 07:32:40 UTC

* Non-maintainer upload by the Security Team.
* Imported Upstream version 6.31
  - See advisory in https://drupal.org/SA-CORE-2014-002
  - Information disclosure (CVE-2014-2983)

lp://staging/debian/squeeze/super Development 2014-04-23 00:30:28 UTC
8. Add 14-Fix-unchecked-setuid-call.patc...

Author: Robert Luberda
Revision Date: 2014-04-23 00:30:28 UTC

Add 14-Fix-unchecked-setuid-call.patch to fix a flaw in `super -F'
command which might open super for RLIMIT_NPROC style exploits on
older 2.6 kernels (CVE-2014-0470).

lp://staging/debian/squeeze/openjpeg Development 2014-04-22 23:14:30 UTC
7. * Non-maintainer upload by the Securi...

Author: Raphael Geissert
Revision Date: 2014-04-22 23:14:30 UTC

* Non-maintainer upload by the Security Team.
* Fix a regression in the decoding of chroma-subsampled images,
  introduced by one of the patches for CVE-2013-6045 (Closes: #734238).

lp://staging/debian/squeeze/wordpress Development 2014-04-21 09:47:09 UTC
38. * Non-maintainer upload by the Securi...

Author: Craig Small
Revision Date: 2014-04-21 09:47:09 UTC

* Non-maintainer upload by the Security Team.
* fixed dependency for libjs-cropper Closes: #745189

lp://staging/debian/squeeze/virtualbox-ose bug Development 2014-04-14 11:33:29 UTC
26. * Fix memory corruption vulnerabiliti...

Author: Felix Geyer
Revision Date: 2014-04-14 11:33:29 UTC

* Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602)
  - CVE-2014-0981, CVE-2014-0983
  - Backport fixes from version 3.2.22 in debian/patches/CVE-2014-0981.patch
    and debian/patches/CVE-2014-0983.patch

lp://staging/debian/squeeze/curl Development 2014-04-09 19:47:38 UTC
18. * Fix multiple security issues (Close...

Author: Alessandro Ghedini
Revision Date: 2014-04-09 19:47:38 UTC

* Fix multiple security issues (Closes: #742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

lp://staging/debian/squeeze/postgresql-8.4 bug Development 2014-03-31 13:23:36 UTC
19. New upstream bug fix release. No secu...

Author: Martin Pitt
Revision Date: 2014-03-31 13:23:36 UTC

New upstream bug fix release. No security issues or major data loss fixes
this time, see release.html for details.

lp://staging/debian/squeeze/a2ps Development 2014-03-30 18:14:06 UTC
9. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-03-30 18:14:06 UTC

* Non-maintainer upload by the Security Team.
* Add 09_CVE-2001-1593.dpatch patch.
  CVE-2011-1593: Fix insecure use of /tmp
  Thanks to Jakub Wilk <jwilk@debian.org> (Closes: #737385)
* Add 10_CVE-2014-0466.dpatch patch.
  CVE-2014-0466: fixps does not invoke gs with -dSAFER. A malicious
  PostScript file could delete files with the privileges of the invoking
  user.
  Thanks to brian m. carlson <sandals@crustytoothpaste.net> (Closes: #742902)

lp://staging/debian/squeeze/libxalan2-java Development 2014-03-25 15:48:50 UTC
7. * Team upload. * Fix CVE-2014-0107: S...

Author: Emmanuel Bourg
Revision Date: 2014-03-25 15:48:50 UTC

* Team upload.
* Fix CVE-2014-0107: Strengthen the secure processing mode by disabling
  external general entities, foreign attributes and access to the system
  properties. This could be exploited to execute arbitrary code remotely.
  (Closes: #742577)

lp://staging/debian/squeeze/libyaml-libyaml-perl Development 2014-03-23 08:38:33 UTC
5. * Team upload. * Add CVE-2014-2525.pa...

Author: Salvatore Bonaccorso
Revision Date: 2014-03-23 08:38:33 UTC

* Team upload.
* Add CVE-2014-2525.patch patch.
  CVE-2014-2525: Heap overflow when parsing YAML tags.
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c.

lp://staging/debian/squeeze/libyaml Development 2014-03-20 00:04:03 UTC
5. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-03-20 00:04:03 UTC

* Non-maintainer upload by the Security Team.
* CVE-2014-2525: Heap overflow when parsing YAML tags.
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c.

lp://staging/debian/squeeze/clamav Mature 2014-03-19 10:46:01 UTC
20. [ Sebastian Andrzej Siewior ] * Posti...

Author: Scott Kitterman
Revision Date: 2014-03-19 10:46:01 UTC

[ Sebastian Andrzej Siewior ]
* Postinst scripts: fix empty access and broken freshclam.conf in
  clamav-base.postinst.in and clamav-freshclam.postinst.in (Closes: #741675)
* Postinst scripts: fix quoting

[ Andreas Cadhalpun ]
* Add templates and adapt postinst and config scripts for the new options
  in 0.98 to fix the creation of the configuration files (Closes: #741675)
* Reset new options to default to fix breakage in previous upload
* Automatically updated translation files

lp://staging/debian/squeeze/imagemagick Development 2014-03-18 20:54:04 UTC
19. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-03-18 20:54:04 UTC

* Non-maintainer upload by the Security Team.
* Add 0006-CVE-2014-1947-Fix-buffer-overflow-when-handling-PSD-images.patch patch.
  CVE-2014-1947: Fix buffer overflow when handling PSD images.
  (Closes: #740250)
* Add 0007-Prevent-buffer-overflow-in-messaging-system.patch patch.
  Add upstream patch to prevent buffer overflow in messaging system.

lp://staging/debian/squeeze/lighttpd Development 2014-03-13 02:10:46 UTC
23. * Non-maintainer upload by the Securi...

Author: Michael Gilbert
Revision Date: 2014-03-13 02:10:46 UTC

* Non-maintainer upload by the Security Team.
* Fix cve-2014-2323: mod_mysql_vhost SQL injection.
* Fix cve-2014-2324: traversal through paths involving "[...]".

lp://staging/debian/squeeze/mutt Development 2014-03-11 18:21:25 UTC
15. * Non-maintainer upload. * Fix buffer...

Author: Evgeni Golov
Revision Date: 2014-03-11 18:21:25 UTC

* Non-maintainer upload.
* Fix buffer overrun caused by not updating a string length after
  address expansion.
  Fixes: CVE-2014-0467
  Closes: #708731

lp://staging/debian/squeeze/udisks Development 2014-03-10 11:22:38 UTC
18. SECURITY UPDATE: Add 00git_mount_path...

Author: Martin Pitt
Revision Date: 2014-03-10 11:22:38 UTC

SECURITY UPDATE: Add 00git_mount_path_overflow.patch to fix buffer
overflow in mount path parsing. A malicious, local user could use this
flaw to create a specially-crafted mount point directory structure that
could lead to arbitrary code execution with the privileges of the udisks
daemon (root). [CVE-2014-0004]

lp://staging/debian/squeeze/libssh Development 2014-03-07 16:58:56 UTC
16. Old-stable security update: Reset the...

Author: Laurent Bigonville
Revision Date: 2014-03-07 16:58:56 UTC

Old-stable security update: Reset the PRNG state after accepting a new
connection (CVE-2014-0017)

lp://staging/debian/squeeze/libfinance-quote-perl Development 2014-03-03 20:04:16 UTC
13. yahoo-new-URLs.patch: new patch, upda...

Author: Sébastien Villemot
Revision Date: 2014-03-03 20:04:16 UTC

yahoo-new-URLs.patch: new patch, updates URLs of Yahoo! Finance services.
(Closes: #739142)

lp://staging/debian/squeeze/gnutls26 Development 2014-03-01 08:02:14 UTC
24. 22_gnutls-2.8.5-cve-2014-0092.patch b...

Author: Andreas Metzler
Revision Date: 2014-03-01 08:02:14 UTC

22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
certificate validation issue. CVE-2014-0092

lp://staging/debian/squeeze/debian-edu-archive-keyring Development 2014-02-27 12:13:43 UTC
4. * debian/control: + Update Uploader...

Author: Mike Gabriel
Revision Date: 2014-02-27 12:13:43 UTC

* debian/control:
  + Update Uploaders: field. Use same uploaders as specified
    in latest version in Debian unstable (2014.02.27).
* Keyrings:
  + Update debian-edu-archive-keyring.gpg keyring file as found in
    latest package version in Debian unstable (2014.02.27).
    (Closes: #740147).

lp://staging/debian/squeeze/otrs2 Mature 2014-02-20 13:33:07 UTC
42. * Add patch 23-security-osa-2014-01 w...

Author: Patrick Matthäi
Revision Date: 2014-02-20 13:33:07 UTC

* Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as
  OSA-2014-01:
  An attacker that managed to take over the session of a logged in customer
  could create tickets and/or send follow-ups to existing tickets due to
  missing challenge token checks.
* Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
  OSA-2014-02:
  An attacker with a valid customer or agent login could inject SQL in
  the ticket search URL.

lp://staging/debian/squeeze/libtar Development 2014-02-16 19:44:16 UTC
8. * [SECURITY] CVE-2013-4420: Strip out...

Author: Magnus Holmgren
Revision Date: 2014-02-16 19:44:16 UTC

* [SECURITY] CVE-2013-4420: Strip out leading slashes and any
  pathname prefix containing ".." components (Closes: #731860). This is
  done in th_get_pathname() (as well as to symlink targets when
  extracting symlinks), not merely when extracting files, which means
  applications calling that function will not see the stored
  filename. There is no way to disable this behaviour, but it can be
  expected that one will be provided when the issue is solved upstream.
* Make the th_get_size() macro cast the result from oct_to_int() to
  unsigned int. This is the right fix for bug #725938 on 64-bit systems,
  where a specially crafted tar file would not cause an integer
  overflow, but a memory allocation of almost 16 exbibytes, which would
  certainly fail outright without harm.

lp://staging/debian/squeeze/libcommons-fileupload-java Development 2014-02-07 17:12:35 UTC
11. * Team upload. * Fix CVE-2014-0050: S...

Author: Emmanuel Bourg
Revision Date: 2014-02-07 17:12:35 UTC

* Team upload.
* Fix CVE-2014-0050: Specially crafted input can trigger an infinite loop
  if the buffer used by the MultipartStream is not big enough. When
  constructing MultipartStream enforce the requirements for buffer size
  by throwing an IllegalArgumentException if the requested buffer size is
  too small. This prevents the DoS.
* Enable the unit tests

lp://staging/debian/squeeze/libgadu Development 2014-02-03 22:27:37 UTC
10. Apply patch from Tomasz Wasilczyk to ...

Author: Florian Weimer
Revision Date: 2014-02-03 22:27:37 UTC

Apply patch from Tomasz Wasilczyk to fix CVE-2013-6487.

lp://staging/debian/squeeze/localepurge Development 2014-01-31 18:44:30 UTC
8. * [CVE-2014-1638] Create tempfiles i...

Author: Niels Thykier
Revision Date: 2014-01-31 18:44:30 UTC

 * [CVE-2014-1638] Create tempfiles in a safe manner using
   mktemp. Thanks to Helmut Grohne for reporting the
   issue and helping with the patch. (Closes: #736359)
 * Remove the creation of /var/tmp/reinstall_debs.sh during
   postrm.

lp://staging/debian/squeeze/ia32-libs-gtk bug Development 2014-01-31 11:18:31 UTC
9. * Packages updated [ pixman (0.16.4-...

Author: Thijs Kinkhorst
Revision Date: 2014-01-31 11:18:31 UTC

* Packages updated

[ pixman (0.16.4-1+deb6u1) squeeze-security; urgency=high ]

* pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT
  Addresses CVE-2013-6425

lp://staging/debian/squeeze/horde3 Development 2014-01-30 11:43:09 UTC
22. Fix for CVE-2014-1691 (Closes: #737149)

Author: Micah Anderson
Revision Date: 2014-01-30 11:43:09 UTC

Fix for CVE-2014-1691 (Closes: #737149)

lp://staging/debian/squeeze/librsvg bug Development 2014-01-24 14:55:48 UTC
27. CVE-2013-1881.policy.patch: updated f...

Author: Josselin Mouette
Revision Date: 2014-01-24 14:55:48 UTC

CVE-2013-1881.policy.patch: updated from Raphaël Geissert. Fix
policy check for non-URIs. Closes: #732144.

lp://staging/debian/squeeze/denyhosts Development 2014-01-23 22:32:10 UTC
11. [ Helmut Grohne ] * Non-maintainer up...

Author: Yves-Alexis Perez
Revision Date: 2014-01-23 22:32:10 UTC

[ Helmut Grohne ]
* Non-maintainer upload by the Security Team.
* Fix regression another regression. Closes: 734329.

lp://staging/debian/squeeze/spip Development 2014-01-20 14:42:46 UTC
20. * Document fixed #729172 * Document C...

Author: David Prévot
Revision Date: 2014-01-20 14:42:46 UTC

* Document fixed #729172
* Document CVE in previous changelog entries
* Fix XSS on signature from author [CVE-2013-7303] (Closes: #736170)

lp://staging/debian/squeeze/micropolis-activity bug Development 2014-01-15 15:09:08 UTC
6. Update zerfleddert patch fixing the s...

Author: Christoph Egger
Revision Date: 2010-01-09 19:09:30 UTC

Update zerfleddert patch fixing the sparc issue (Closes: #564319)
(LP: #505080), thanks to Kamal Mostafa for the report and the patch

lp://staging/debian/squeeze/mysql-5.1 Development 2014-01-14 10:40:30 UTC
11. * New upstream release http://dev.m...

Author: =?iso-8859-15?q?Moritz_M=C3=BChlenhoff?=
Revision Date: 2014-01-14 10:40:30 UTC

* New upstream release
  http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html
* Update patches
* Disable flaky test rpl.rpl_innodb_bug28430 breaking the build. It's marked
  as experimental by upstream and the internet is full of reports about it's
  unrelialibity

lp://staging/debian/squeeze/djvulibre Development 2014-01-13 17:20:00 UTC
22. * Non-maintainer upload by the Securi...

Author: Raphael Geissert
Revision Date: 2014-01-13 17:20:00 UTC

* Non-maintainer upload by the Security Team.
* Fix CVE-2012-6535: denial of service or possible arbitrary code
  execution via a heap memory overflow.

lp://staging/debian/squeeze/graphviz Development 2014-01-11 15:19:46 UTC
16. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-01-11 15:19:46 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2014-0978.patch patch.
  CVE-2014-0978: Fix stack-based buffer overflow due to a boundary error
  in the "yyerror()" function. (Closes: #734745)
* Add CVE-2014-1236.patch patch.
  CVE-2014-1236: buffer overflow from user input (the regexp in chkNum
  would accept arbitrary long digit list) (Closes: #734745)

lp://staging/debian/squeeze/mapserver Development 2014-01-10 04:21:27 UTC
21. * Add patch to fix CVE-2013-7262, an ...

Author: Bas Couwenberg
Revision Date: 2014-01-10 04:21:27 UTC

* Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
  msPostGISLayerSetTimeFilter function in mappostgis.c.
  (closes: #734565)
* Remove debhelper log files to allow clean builds.

lp://staging/debian/squeeze/movabletype-opensource Development 2014-01-09 19:32:26 UTC
23. Include patch from 4.381 fixing XSS v...

Author: Dominic Hargreaves
Revision Date: 2014-01-09 19:32:26 UTC

Include patch from 4.381 fixing XSS vulnerability (CVE-2014-0977)
(Closes: #734304)

lp://staging/debian/squeeze/srtp Development 2014-01-02 16:22:57 UTC
7. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2014-01-02 16:22:57 UTC

* Non-maintainer upload by the Security Team.
* Add 1009_CVE-2013-2139.patch patch.
  CVE-2013-2139: buffer overflow in application of crypto profiles.
  (Closes: #711163)

lp://staging/debian/squeeze/puppet bug Development 2013-12-30 19:00:01 UTC
27. Import patch for tempfile security vu...

Author: Stig Sandbeck Mathisen
Revision Date: 2013-12-30 19:00:01 UTC

Import patch for tempfile security vulnerability (CVE-2013-4969)
Thanks to Luciano Bello <luciano@debian.org>

lp://staging/debian/squeeze/asterisk Development 2013-12-20 21:00:49 UTC
27. * Backport of fixes in Asterisk 1.8.2...

Author: Tzafrir Cohen
Revision Date: 2013-12-20 21:00:49 UTC

* Backport of fixes in Asterisk 1.8.24.1 (Closes: #732355):
  - Patch AST-2013-006: fixes a buffer overflow in app_sms.
  - Patch AST-2013-007: guards access to code execution from remote interfaces
    - but patch out the change in asterisk.conf.
    - Patch ASTERISK-20658: fixes potential crash with asterisk-realtime

lp://staging/debian/squeeze/pixman Development 2013-12-16 18:44:45 UTC
7. pixman_trapezoid_valid(): Fix underfl...

Author: Julien Cristau
Revision Date: 2013-12-16 18:44:45 UTC

pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT
Addresses CVE-2013-6425

lp://staging/debian/squeeze/nspr Development 2013-12-16 09:38:13 UTC
10. * Non-maintainer upload by the Securi...

Author: Raphael Geissert
Revision Date: 2013-12-16 09:38:13 UTC

* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems

lp://staging/debian/squeeze/varnish Development 2013-12-15 10:47:47 UTC
25. Changeless upload to use the .orig ta...

Author: Raphael Geissert
Revision Date: 2013-12-15 10:47:47 UTC

Changeless upload to use the .orig tarball as found in ftp-master.

lp://staging/debian/squeeze/gnupg Development 2013-12-14 08:28:15 UTC
17. Fixed the RSA Key Extraction via Low-...

Author: Thijs Kinkhorst
Revision Date: 2013-12-14 08:28:15 UTC

Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576]

lp://staging/debian/squeeze/hplip bug Development 2013-12-10 16:02:40 UTC
23. CVE-2013-0200 CVE-2013-4325 CVE-2013-...

Author: Moritz Muehlenhoff
Revision Date: 2013-12-10 16:02:40 UTC

CVE-2013-0200 CVE-2013-4325 CVE-2013-6402

lp://staging/debian/squeeze/gimp Development 2013-12-05 19:51:27 UTC
13. * CVE-2012-3403 CVE-2012-3481 CVE-201...

Author: Moritz Muehlenhoff
Revision Date: 2013-12-05 19:51:27 UTC

* CVE-2012-3403 CVE-2012-3481 CVE-2012-5576
* CVE-2013-1913 CVE-2013-1978

lp://staging/debian/squeeze/ruby1.9.1 Development 2013-12-01 19:47:31 UTC
13. [ Raphaël Hertzog ] debian/patches/CV...

Author: Antonio Terceiro
Revision Date: 2013-12-01 19:47:31 UTC

[ Raphaël Hertzog ]
debian/patches/CVE-2013-4164.patch: add upstream patch to fix heap
overflow in floating point parsing. Closes: #730178

lp://staging/debian/squeeze/openttd Development 2013-11-29 12:11:14 UTC
25. [d2a7867] Fix CVE-2013-6411 (Denial o...

Author: Matthijs Kooijman
Revision Date: 2013-11-29 12:11:14 UTC

[d2a7867] Fix CVE-2013-6411 (Denial of service using forcefully
crashed aircrafts). See http://security.openttd.org/en/CVE-2013-6411
for details.

lp://staging/debian/squeeze/links2 Development 2013-11-28 16:42:44 UTC
8. Add patch against integer overflow in...

Author: Axel Beckert
Revision Date: 2013-11-28 16:42:44 UTC

Add patch against integer overflow in graphics mode (CVE-2013-6050)

lp://staging/debian/squeeze/nbd Development 2013-11-26 22:27:36 UTC
40. Cherry-pick df890c99337a255979e608d71...

Author: Wouter Verhelst
Revision Date: 2013-11-26 22:27:36 UTC

Cherry-pick df890c99337a255979e608d71f42401c0cddd5e0 from git HEAD
to fix parsing of authfile files.

lp://staging/debian/squeeze/sup-mail Development 2013-11-24 23:51:54 UTC
10. * Non-maintainer upload * Fix remote ...

Author: Per Andersson
Revision Date: 2013-11-24 23:51:54 UTC

* Non-maintainer upload
* Fix remote code injection when viewing attachments, CVE-2013-4478 and
  CVE-2013-4479 (Closes: #728232)

lp://staging/debian/squeeze/nss Development 2013-11-23 07:33:29 UTC
19. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2013-11-23 07:33:29 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
  CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
  remote attackers to cause a denial of service or possibly have
  unspecified other impact via invalid handshake packets.

lp://staging/debian/squeeze/tryton-client Development 2013-11-01 13:54:52 UTC
12. Adding patch to sanitize correctly th...

Author: yangoon
Revision Date: 2013-11-01 13:54:52 UTC

Adding patch to sanitize correctly the file extension of temporary
files received by the server (s. https://bugs.tryton.org/issue3446).

lp://staging/~ubuntu-branches/debian/squeeze/bzr/squeeze-201310300333 Development 2013-10-30 03:33:12 UTC
16. New upstream release.

Author: Jelmer Vernooij
Revision Date: 2010-05-27 21:58:49 UTC

New upstream release.

lp://staging/debian/squeeze/librack-ruby Development 2013-10-23 19:08:55 UTC
10. * Team upload. * Fix wrong patch for ...

Author: Antonio Terceiro
Revision Date: 2013-10-23 19:08:55 UTC

* Team upload.
* Fix wrong patch for CVE-2011-5036 (Closes: #727187)

lp://staging/debian/squeeze/cfingerd bug Development 2013-10-22 14:51:13 UTC
6. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2013-02-27 21:30:04 UTC

* Non-maintainer upload by the Security Team.
* [SECURITY] CVE-2013-1049: fix buffer overflow in rfc1413 (ident) client.
  Thanks to Malcolm Scott <debianpkg@malc.org.uk> and Marc Deslauriers
  <marc.deslauriers@ubuntu.com> (Closes: #700098) (LP: #1104425)

lp://staging/debian/squeeze/usemod-wiki Development 2013-10-19 14:55:00 UTC
6. Update hardcoded cookie expiration da...

Author: Christoph Berg
Revision Date: 2013-10-19 14:55:00 UTC

Update hardcoded cookie expiration date from 2013 to 2025. Thanks to
Andrew Bezella for the patch. (Closes: #726762)

lp://staging/debian/squeeze/polarssl Development 2013-10-16 20:04:47 UTC
5. * New upstream release - Fixes CVE-...

Author: Roland Stigge
Revision Date: 2013-10-16 20:04:47 UTC

* New upstream release
  - Fixes CVE-2013-5914 CVE-2013-5915 (Closes: #725359)

lp://staging/debian/squeeze/python-crypto Development 2013-10-15 18:45:52 UTC
12. * Non-maintainer upload. * debian/pat...

Author: Sebastian Ramacher
Revision Date: 2013-10-15 18:45:52 UTC

* Non-maintainer upload.
* debian/patches/CVE-2013-1445.patch: Apply upstream patch to fix
  CVE-2013-1445: PRNG not correctly reseeded in some situations.

lp://staging/debian/squeeze/libxml2 Development 2013-10-13 05:33:28 UTC
46. * Non-maintainer upload by the Securi...

Author: Michael Gilbert
Revision Date: 2013-10-13 05:33:28 UTC

* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
  abruptly.

lp://staging/debian/squeeze/libapache2-mod-fcgid Development 2013-10-10 21:21:29 UTC
11. * Fix CVE-2013-4365: heap buffer over...

Author: Felix Geyer
Revision Date: 2013-10-10 21:21:29 UTC

* Fix CVE-2013-4365: heap buffer overwrite. (Closes: #725942)
  - Add debian/patches/30_CVE-2013-4365.dpatch

lp://staging/debian/squeeze/sympa Development 2013-10-10 06:27:01 UTC
13. Fix endless loop in wwsympa while loa...

Author: Emmanuel Bouthenot
Revision Date: 2013-10-10 06:27:01 UTC

Fix endless loop in wwsympa while loading session data including
metacharacters like regexp symbols (Closes: #654622)

lp://staging/debian/squeeze/extplorer Development 2013-10-09 16:40:43 UTC
7. Upstream fix for XSS, path traversal ...

Author: Thomas Goirand
Revision Date: 2013-10-09 16:40:43 UTC

Upstream fix for XSS, path traversal and auth vulnerabilities.

lp://staging/debian/squeeze/gnupg2 Development 2013-10-08 18:27:16 UTC
14. * debian/patches/{05-cve-2013-4402_p1...

Author: Eric Dorland
Revision Date: 2013-10-08 18:27:16 UTC

* debian/patches/{05-cve-2013-4402_p1.diff,06-cve-2013-4402_p2.diff}:
  Fix for CVE-2013-4402, "infinite recursion in the compressed packet
  parser". (Closes: #725433)
* debian/patches/07-cve-2013-4351.diff: Fix for CVE-2013-4351, "treats
  no-usage-permitted keys as all-usages-permitted". (Closes: #722724)

lp://staging/debian/squeeze/zabbix Development 2013-10-08 12:49:19 UTC
37. * CVE-2013-5743: fixed SQL injection ...

Author: Dmitry Smirnov
Revision Date: 2013-10-08 12:49:19 UTC

* CVE-2013-5743: fixed SQL injection vulnerability.
* CVE-2011-3263: prevent zabbix_agentd DoS attack with vfs.file.cksum.
* CVE-2011-3265/CVE-2011-3264: fixed possible path disclosure.
* CVE-2011-3265: added pop up field name parameter validation.
* CVE-2013-1364: fixed the ability to override LDAP configuration when
  calling user.login via API (Closes: #698541).
* Refreshed "no-swf-clock" patch.

lp://staging/debian/squeeze/pyopencl Development 2013-10-04 17:54:19 UTC
4. Remove non-free file from examples (#...

Author: Tomasz Rybak
Revision Date: 2013-10-04 17:54:19 UTC

Remove non-free file from examples (#722014, #723793).

lp://staging/debian/squeeze/lm-sensors-3 Development 2013-10-02 13:53:24 UTC
9. Backport patches from upstream to ski...

Author: Aurelien Jarno
Revision Date: 2013-10-02 13:53:24 UTC

Backport patches from upstream to skip probing for EDID or graphics
cards, as it might causes hardware breakage (closes: #724736).

lp://staging/debian/squeeze/ejabberd Development 2013-09-30 17:10:02 UTC
21. Disable SSLv2 and weak/export cyphers...

Author: Konstantin Khomoutov
Revision Date: 2013-09-30 17:10:02 UTC

Disable SSLv2 and weak/export cyphers in TLS driver (closes: #724993).

lp://staging/debian/squeeze/tntnet Development 2013-09-29 20:36:39 UTC
5. Fix insecure default tntnet.conf. (C...

Author: Kari Pahula
Revision Date: 2013-09-29 20:36:39 UTC

Fix insecure default tntnet.conf. (Closes: #724746)

lp://staging/debian/squeeze/proftpd-dfsg Development 2013-09-28 16:49:44 UTC
32. * Non-maintainer upload by the Securi...

Author: Nico Golde
Revision Date: 2013-09-28 16:49:44 UTC

* Non-maintainer upload by the Security Team.
* Fix invalid pool authentication in mod_sftp/mod_sftp_pam during kbdint
  authentication leading to DoS conditions (CVE-2013-4359; Closes: #723179).

lp://staging/debian/squeeze/pyopenssl Development 2013-09-21 17:58:58 UTC
9. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2013-09-21 17:58:58 UTC

* Non-maintainer upload by the Security Team.
* Add 30_CVE-2013-4314.dpatch.
  CVE-2013-4314: Fix hostname check bypassing vulnerability with server
  certificates that have a null byte in the subjectAltName. (Closes: #722055)

lp://staging/debian/squeeze/chrony Development 2013-09-21 12:15:18 UTC
12. CVE-2013-4502, CVE-2013-4503

Author: Moritz Muehlenhoff
Revision Date: 2013-09-21 12:15:18 UTC

CVE-2013-4502, CVE-2013-4503

lp://staging/debian/squeeze/moin Development 2013-09-18 06:43:51 UTC
18. Backport fix from upstream: Do not cr...

Author: Steve McIntyre
Revision Date: 2013-09-18 06:43:51 UTC

Backport fix from upstream: Do not create empty pagedir (with
empty edit-log). Closes: #721557

lp://staging/debian/squeeze/nas Development 2013-09-14 23:45:44 UTC
9. * Fixes for various long-standing sec...

Author: Steve McIntyre
Revision Date: 2013-09-14 23:45:44 UTC

* Fixes for various long-standing security issues found by Hamid
  Zamani <me@hamidx9.ir>. Closes: #720287
  + Validate the port offset of nasd to fix a potential buffer overflow
    (CVE-2013-4256)
  + Use better string functions to guard against heap overflows
    (CVE-2013-4257)
  + Sanity-check the TCP_DEVICE environment variable for safety.
* Fix string handling in aulog.c:osLogMsg() to fix missing format string
  in call to syslog() (CVE-2013-4258).

lp://staging/debian/squeeze/mediawiki Development 2013-09-08 19:53:58 UTC
30. CVE-2013-4302: apply patch from upstr...

Author: Jonathan Wiltshire
Revision Date: 2013-09-08 19:53:58 UTC

CVE-2013-4302: apply patch from upstream to prevent
access to anti-CSRF tokens via JSONP

lp://staging/debian/squeeze/exactimage Development 2013-09-04 21:27:57 UTC
11. Add debian/patches/CVE-2013-1441.patc...

Author: Sven Eckelmann
Revision Date: 2013-09-04 21:27:57 UTC

Add debian/patches/CVE-2013-1441.patch,
Fix CVE-2013-1441: exactimage: DoS, econvert crashes

lp://staging/debian/squeeze/libmodplug Development 2013-09-02 22:22:22 UTC
12. * Merge all changes from latest upstr...

Author: Zed Pobre
Revision Date: 2013-09-02 22:22:22 UTC

* Merge all changes from latest upstream Git repository (0.8.8.4 with
  additional patches), including the following security changes:
  * CVE-2013-4233: fix integer overflow in load_abc.cpp
  * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord
* Closes: #719642

lp://staging/debian/squeeze/python-qt4 Development 2013-08-31 16:07:06 UTC
54. * Add debian/patches/loadUI.diff (Clo...

Author: Scott Kitterman
Revision Date: 2013-08-31 16:07:06 UTC

* Add debian/patches/loadUI.diff (Closes: #697348)
  - Code backported from stable (4.9.3) version
  - Thanks to Jerome Kieffer for pointing out the fix and testing it

lp://staging/debian/squeeze/cacti Development 2013-08-28 20:52:20 UTC
30. * Security upload * Fix Cross site sc...

Author: Paul Gevers
Revision Date: 2013-08-28 20:52:20 UTC

* Security upload
* Fix Cross site scripting in host.php and install/index.php (upstream
  bug 2383) CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
  CVE-2013-5589

lp://staging/debian/squeeze/tiff Development 2013-08-24 11:23:03 UTC
19. * Incorporated fixes to security issu...

Author: Jay Berkenbilt
Revision Date: 2013-08-24 11:23:03 UTC

* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
  (Closes: #719303)
* Incorporated fix to CVE-2013-4244.

lp://staging/debian/squeeze/libspf2 bug Development 2013-08-15 09:37:47 UTC
9. ipv6_buffer_miscalculation.dpatch: In...

Author: Magnus Holmgren
Revision Date: 2013-08-15 09:37:47 UTC

ipv6_buffer_miscalculation.dpatch: Include further fixes from wheezy
(Closes: #718581).

lp://staging/debian/squeeze/putty bug Development 2013-08-08 23:37:19 UTC
13. * CVE-2011-4607: Passwords were left ...

Author: Colin Watson
Revision Date: 2013-08-08 23:37:19 UTC

* CVE-2011-4607: Passwords were left in memory using SSH
  keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

lp://staging/debian/squeeze/pcp Development 2013-08-08 09:15:39 UTC
18. * Provides resolution for no-dsa secu...

Author: Nathan Scott
Revision Date: 2013-08-08 09:15:39 UTC

* Provides resolution for no-dsa security advisory CVE-2012-5530
* Backport SuSE insecure tmpfile handling fixes (closes: #698735)

lp://staging/~ubuntu-branches/debian/squeeze/bzr/squeeze-201308041037 Development 2013-08-04 10:38:01 UTC
16. New upstream release.

Author: Jelmer Vernooij
Revision Date: 2010-05-27 21:58:49 UTC

New upstream release.

lp://staging/debian/squeeze/libgcrypt11 Development 2013-07-27 13:42:31 UTC
12. * Pull and unfuzzz code changes from ...

Author: Andreas Metzler
Revision Date: 2013-07-27 13:42:31 UTC

* Pull and unfuzzz code changes from 1.5.3 security fix release from
  upstream GIT:
  + [35_bug-in-mpi_powm-for-e-0.patch] mpi/mpi-pow.c (gcry_mpi_powm) - For
    a zero exponent, make sure that the result has been allocated.
  + [36_Mitigate-flush-reload-cache-attack-on-RSA.patch] Mitigate a
    flush+reload cache attack on RSA secret exponents.
    <http://eprint.iacr.org/2013/448>
  This fixes CVE-2013-4242.

lp://staging/debian/squeeze/bind9 Development 2013-07-27 11:09:40 UTC
35. * Non-maintainer upload by the Securi...

Author: Salvatore Bonaccorso
Revision Date: 2013-07-27 11:09:40 UTC

* Non-maintainer upload by the Security Team.
* CVE-2013-4854: A specially crafted query that includes malformed rdata can
  cause named to terminate with an assertion failure while rejecting the
  malformed query. (Closes: #717936).

lp://staging/debian/squeeze/php-radius Development 2013-07-25 14:28:53 UTC
5. * Non-maintainer upload. * Fix securi...

Author: Thijs Kinkhorst
Revision Date: 2013-07-25 14:28:53 UTC

* Non-maintainer upload.
* Fix security issue in radius_get_vendor_attr()
  (CVE-2013-2220, closes: #714362)

1100 of 16797 results