Branches for Squeeze

Author: Santiago Ruano Rincon
Revision Date: 2013-07-25 10:13:24 UTC

Fixes CVE-2012-5667. Patch by Jaroslav Škarvada
https://bugzilla.redhat.com/show_bug.cgi?id=889935
Closes: #701897

Author: Moritz Muehlenhoff
Revision Date: 2013-07-19 17:29:35 UTC

Correct target distribution

Author: Olly Betts
Revision Date: 2013-07-12 11:56:48 UTC

Repack to remove src/generator/generator_wword{6,8}.htm, which are
based on documents from Microsoft. These two files were documented as
removed in README.Debian, but actually still present. (Closes: #710470)

Author: Emilio Pozuelo Monfort
Revision Date: 2010-07-19 21:45:37 UTC

* New upstream bugfix release.
  - Fixes Google Reader authentication. Closes: #586926.
  - Launches links with commas in the external browser. Closes: #588959.
* debian/source/format,
  debian/rules:
  - Switch to source format 3.0 (quilt).
* debian/patches/debian-example-feeds:
  - Drop debaday.debian.net and times.debian.net since they are down.
    Closes: #588173.
* debian/control:
  - Standards-Version is 3.9.0, no changes needed.
  - Only build depend on libnm-glib-dev on linux-any.

Author: Cédric Boutillier
Revision Date: 2013-06-30 21:58:30 UTC

* Team upload
* Urgency set to high as a security bug is fixed.
* debian/patches: add fix_CVE-2013-1812 from upstream to limit fetching file
  size and disable XML entity expansion, preventing possible XML denial of
  service attacks [CVE-2013-1812] (Closes: #702217).

Author: Salvatore Bonaccorso
Revision Date: 2013-06-18 23:25:09 UTC

* Team upload.
* Add CVE-2013-2145.patch.
  CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE.
  (Closes: #711239)

Author: Vincent Bernat
Revision Date: 2013-06-15 11:27:32 UTC

* CVE-2013-1912: buffer overflow when HTTP keep-alive is enabled, using
  HTTP keywords in TCP inspection rules and running with rewrite rules
  that appends to requests. Closes: #704611.
* CVE-2012-2942: buffer overflow in the trash buffer in the header
  capture functionality when global.tune.bufsize is set to a value
  greater than the default and header rewriting is enabled.
  Closes: #674447.
* CVE-2013-2175: fix a possible crash when using negative header
  occurrences.

Author: Yaroslav Halchenko
Revision Date: 2013-06-12 14:27:07 UTC

Anchor apache- filters failregexes to avoid possible DoS on servers
which enabled corresponding jails. Fix cherry-picked from upstream
0.8.9-29-g6ccd578 . See http://seclists.org/fulldisclosure/2013/Jun/66

Author: Salvatore Bonaccorso
Revision Date: 2013-06-06 09:06:48 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2013-1968.patch patch.
  CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
  characters in filenames. (Closes: #711033)
* Add CVE-2013-2112.patch patch.
  CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033)

Author: Thijs Kinkhorst
Revision Date: 2013-06-05 18:11:23 UTC

* Non-maintainer upload.
* Apply maintainer patch to close files once they're parsed,
  preventing trouble on dist-upgrades to wheezy (Closes: #585448).

Author: Alberto Gonzalez Iniesta
Revision Date: 2013-06-04 10:14:45 UTC

Applied upstream patch to fix NULL pointer dereference.
CVE-2013-2765. (Closes: #710217)

Author: Julien Cristau
Revision Date: 2013-05-29 11:15:36 UTC

* When Xcalloc() returns NULL, you don't need to Xfree() it
* Improve error handling in XF86VidModeGetMonitor()
* Unlock display before returning alloc error in XF86VidModeGetModeLine(),
  XF86VidModeGetAllModeLines(), XF86VidModeGetDotClocks()
* memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001]
* avoid integer overflow in XF86VidModeGetModeLine

Author: Dominic Hargreaves
Revision Date: 2013-05-24 22:55:39 UTC

* Change localstatedir from /var/cache/request-tracker3.8 to
  /var/lib/request-tracker3.8 as it contains things which aren't caches
* Update other references to /var/cache/request-tracker3.8 where
  appropriate
* Move /var/cache/request-tracker3.8/data/gpg to
  /var/lib/request-tracker3.8/data/gpg in postinst
* Add NEWS item about moves from /var/cache/request-tracker3.8
* Closes: #704109

Author: Julien Cristau
Revision Date: 2013-05-24 08:08:45 UTC

Fix regression in CVE-2013-1999 fix. Thanks to Al Viro and Dave Airlie.

Author: Josselin Mouette
Revision Date: 2013-05-23 21:26:20 UTC

* Handle partial upgrades to wheezy, where a glib version that relies
  on x-scheme-* for URL handlers gets installed. In this case, using
  the defaults in /usr/share/applications leads to a security
  vulnerability where anyone can launch an URI handler from the
  greeter session.
  + 38_greeter_datadir.patch: modified patch from version 3.0. Add
    XDG_DATA_DIRS to the greeter session.
  + debian/applications/{mime-dummy-handler.desktop,mimeapps.list}:
    copied from version 3.4. The former is a dummy handler for URIs,
    the latter associates it with every known URI scheme.
  + gdm3.install: install these in /usr/share/gdm/greeter/applications

Author: Sam Hartman
Revision Date: 2013-05-22 07:33:24 UTC

Fix "cve-2002-2443: kpasswd udp ping-pong" (Closes: #708267)

Author: Julien Cristau
Revision Date: 2013-05-21 22:26:20 UTC

* CVE-2013-1981: integer overflows calculating memory needs for replies
* CVE-2013-1997: buffer overflows due to not validating length or offset
  values in replies
* CVE-2013-2004: unbounded recursion parsing user-specified files
  (closes: #145048)

Author: Moritz Muehlenhoff
Revision Date: 2013-05-18 21:19:09 UTC

CVE-2013-2062

Author: Moritz Muehlenhoff
Revision Date: 2013-05-18 20:23:57 UTC

CVE-2013-1984 CVE-2013-1995 CVE-2013-1998

Author: Moritz Muehlenhoff
Revision Date: 2013-05-18 10:25:39 UTC

CVE-2013-1986

Author: Alberto Gonzalez Iniesta
Revision Date: 2013-05-17 11:16:48 UTC

Applied upstream patch to fix use of non-constant-time memcmp
in HMAC comparison. CVE-2013-2061. (Closes: #707329)

Author: Moritz Muehlenhoff
Revision Date: 2013-05-17 01:07:04 UTC

CVE-2013-1993

Author: Moritz Muehlenhoff
Revision Date: 2013-05-16 20:17:41 UTC

CVE-2013-2000 CVE-2013-1991

Author: Moritz Muehlenhoff
Revision Date: 2013-05-16 19:43:25 UTC

CVE-2013-1985

Author: Moritz Muehlenhoff
Revision Date: 2013-05-16 00:14:11 UTC

CVE-2013-1987

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 20:48:34 UTC

CVE-2013-1983

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 20:42:01 UTC

CVE-2013-1988

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 19:43:51 UTC

CVE-2013-1982

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 19:41:49 UTC

CVE-2013-2002 CVE-2013-2005

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 19:36:22 UTC

CVE-2013-2003

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 19:25:14 UTC

CVE-2013-1996

Author: Moritz Muehlenhoff
Revision Date: 2013-05-14 19:09:41 UTC

CVE-2013-2063

Author: Moritz Muehlenhoff
Revision Date: 2013-05-13 21:50:32 UTC

CVE-2013-1994

Author: Moritz Muehlenhoff
Revision Date: 2013-05-13 21:18:21 UTC

CVE-2013-1989 CVE-2013-2066

Author: Arthur de Jong
Revision Date: 2013-05-12 12:00:00 UTC

* fix FTBFS on kFreeBSD (see #690319)
* debian/nslcd.config: handle options that are specified multiple times
  in nslcd.conf consistently (closes: #700971)

Author: Andreas Beckmann
Revision Date: 2013-05-11 22:58:43 UTC

* Non-maintainer upload.
* ol[v]wm: Fix alternatives handling. We are no longer installed in
  /usr/bin/X11/ and /usr/X11R6/. Backported from 3.2p1.4-26 (#411131,
  #617211) and 3.2p1.4-28.1 (#656450, #668448). Cleanup more old
  alternatives. (Closes: #706747)

Author: Andreas Beckmann
Revision Date: 2013-05-11 20:25:40 UTC

[ Andreas Beckmann ]
* QA upload.
* Set Maintainer to Debian QA Group.
* Backport fix for #620866 from sid (6.31.1+dfsg-1.1).

[ Michael Gilbert ]
* Remove calls to update-alternatives (closes: #620866).

Author: Yves-Alexis Perez
Revision Date: 2013-04-29 11:25:24 UTC

* Non-maintainer upload by the Security Team.
* debian/patches:
 - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
   signature verification when using openssl plugin (CVE-2013-2944).

Author: Andreas Beckmann
Revision Date: 2013-04-29 02:21:47 UTC

[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport Luk's postinst fix from wheezy (0.3.1-3.1) to squeeze.

[ Luk Claes ]
* Do not include /usr/share/debconf/confmodule in postinst
  (Closes: #333448).

Author: Salvatore Bonaccorso
Revision Date: 2013-04-27 17:00:30 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2013-1762.patch patch.
  CVE-2013-1762: Fix buffer overflow vulnerability due to incorrect
  integer conversion in the NTLM authentication of the CONNECT protocol
  negotiation. (Closes: #702267)

Author: Guus Sliepen
Revision Date: 2013-04-12 20:40:15 UTC

Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

Author: Hideki Yamane
Revision Date: 2013-04-06 15:06:20 UTC

* Non-Maintainer upload.
* debian/patches
  - apply CVE-2012-2141.patch

Author: Salvatore Bonaccorso
Revision Date: 2013-03-26 21:48:42 UTC

* Non-maintainer upload by the Security Team.
* Add patches to fix denial of service vulnerability (CVE-2012-6139)
  (Closes: #703933)

Author: Jean-Christophe Dubacq
Revision Date: 2010-04-20 12:39:51 UTC

* Remove nonsensical recommends (thanks Piotr Engelking)(closes: #578484)
* Add description to "hyphens" patch
* Add VCS-* headers

Author: Scott Kitterman
Revision Date: 2010-07-13 15:10:15 UTC

Initial release (Closes: #588926)

Author: Ondřej Surý
Revision Date: 2013-03-21 09:29:40 UTC

* [CVE-2011-2932]: Fix XSS vulnerability in escaping function
* [CVE-2012-3464]: Pull upstream backport of html_safe, which fix potential XSS Vulnerability
* [CVE-2012-3465]: Fix XSS Vulnerability in strip_tags
* [CVE-2013-1854]: Fix symbol DoS vulnerability in Active Record
* [CVE-2013-1855]: Fix XSS vulnerability in sanitize_css in Action Pack
* [CVE-2013-1857]: Fix XSS Vulnerability in the sanitize helper of Ruby on Rails

Author: Alexander Wirt
Revision Date: 2013-03-16 18:50:59 UTC

Add patch for CVE-2012-6096, several bufferoverflows
in history.c and getcgi.c. (Closes: #697931)

Author: Dominic Hargreaves
Revision Date: 2013-03-16 15:17:51 UTC

Fix FTBFS with versions of perl including the CVE-2013-1667
fix (Closes: #702821)

Author: Salvatore Bonaccorso
Revision Date: 2013-03-15 22:46:57 UTC

* Non-maintainer upload by the Security Team.
* CVE-2012-0790: Fix cross-site scripting vulnerability allowing a
  remote attacker to inject arbitrary web script or html via the
  displaymode parameter. Initial patch prepared by Antoine Beaupré.
  Add an adjustment to the patterns to exclude more special
  characters. (Closes: #659899)

Author: Guillem Jover
Revision Date: 2013-03-14 02:05:38 UTC

Fix DoS against inetutils-ping via a crafted echo response.
Patch cherry-picked from upstream. CVE-2010-2529

Author: Werner Detter
Revision Date: 2013-03-13 00:23:14 UTC

Add 05_del_dnsbl.njabl.org.dpatch which removes dnsbl.njabl.org list due
to service shutdown on 2013-03-01

Author: Damyan Ivanov
Revision Date: 2013-03-12 10:30:31 UTC

Apply patch from upstream revision r57728 (unfuzzied) fixing a remote
unauthenticated stack overflow in the Firebird server (CVE-2013-2492)
Closes: #702735

Author: Damyan Ivanov
Revision Date: 2013-03-12 10:21:04 UTC

* Apply patch from upstream revision r57728 (unfuzzied) fixing a remote
  unauthenticated stack overflow in the Firebird server (CVE-2013-2492)
  Closes: #702736
* Apply patch from upstream revision r54702 fixing a crash (NULL pointer
  dereference) when peraring an empty SQL statement with trace services
  enabled (CVE-2012-5529)
  Closes: #693210

Author: Noah Meyerhans
Revision Date: 2013-03-12 08:06:07 UTC

* Fix the RCVD_ILLEGAL_IP rule to no longer consider addresses
  in the 5.0.0.0/8 range as invalid. (Closes: #696144)
* Remove tests referencing the NJABL blacklist, which shut
  down as of 1 March, 2013. (Closes: #702839)

Author: Hideki Yamane
Revision Date: 2013-03-11 01:18:46 UTC

* QA upload.
* add debian/patches/avoid_possible_script_execution_from_2.6.27.patch
  - CVE-2012-4437: cherry picked from upstream, prevent XSS (Closes: #702710)
    Thanks to Yoshinari Takaoka <mumumu@mumumu.org> for the report.

Author: Michael Gilbert
Revision Date: 2013-03-06 18:41:15 UTC

* Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
  epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
* Fix cve-2013-1776: session id hijacking from another authorized tty
  (closes: #701839).

Author: Vagrant Cascadian
Revision Date: 2013-03-05 11:29:20 UTC

* Add CVE-2013-0232 patch
  [SECURITY] CVE-2013-0232: Shell escape commands with untrusted content.
  Thanks to James McCoy <jamessan@debian.org> (Closes: #698910)
  Thanks also to Salvatore Bonaccorso <carnil@debian.org>
* Add CVE-2013-0332 patch
  [SECURITY] CVE-2013-0332: local file inclusion (Closes: #700912).
  Thanks to Salvatore Bonaccorso <carnil@debian.org> for the patch.

Author: Roland Mas
Revision Date: 2013-02-25 10:49:38 UTC

* ACK recent NMU by Andreas Beckmann. Thanks!
* SECURITY: Avoid attacks with symbolic or hard links that could lead to
  privilege escalation (CVE-2013-1423). Thanks to Helmut Grohne for the
  initial report and help in preparing the fix.

Author: Eduard Bloch
Revision Date: 2013-02-23 21:46:31 UTC

Use 600 permissions for unfinished output files (CVE-2013-0296,
closes: #700608)

Author: Salvatore Bonaccorso
Revision Date: 2013-02-23 14:08:15 UTC

* Non-maintainer upload by the Security Team.
* Add CVE-2012-5643-CVE-2013-0189.dpatch patch.
  Fix squid-cgi (cachemgr) memory leaks and denial of service
  vulnerability: remote attackers could cause a denial of service (memory
  consumption) via (1) invalid Content-Length headers, (2) long POST
  requests, or (3) crafted authentication credentials. CVE-2012-5643 and
  CVE-2013-0189. (Closes: #696187)

Author: Jeremy Lainé
Revision Date: 2013-02-19 08:43:13 UTC

Use a better random number generator to prevent predictable password
hashing and packet IDs (CVE-2013-0294, Closes: #700669).

Author: dann frazier
Revision Date: 2013-02-17 20:53:00 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:52:25 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:50:14 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:47:15 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:44:02 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:37:52 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:35:05 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:29:25 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: dann frazier
Revision Date: 2013-02-17 20:22:13 UTC

Built against version 2.6.32-48 of linux-2.6.

Author: jtniehof
Revision Date: 2013-02-17 11:01:53 UTC

Upload to stable; no other changes.

Author: Andreas Beckmann
Revision Date: 2013-02-16 18:42:28 UTC

* Non-maintainer upload.
* ttf-ipafont.prerm: Move removal of the current alternatives to
  ttf-ipafont-{gothic,mincho}.prerm as their postinst creates them.
  (Closes: #700722)

Author: Andreas Beckmann
Revision Date: 2013-02-16 13:59:08 UTC

* Non-maintainer upload.
* libzorpll-dev: Add (unversioned) Breaks/Replaces: libzorp2-dev due to a
  file conflict. libzorp2-dev was removed after lenny and now libzorpll-dev
  ships /usr/include/zorp/streamblob.h. (Closes: #693984)

Author: Reinhard Tartler
Revision Date: 2013-02-16 10:16:46 UTC

* New upstream release. New release fixes: (Closes: #688849)
  - mpeg12: do not decode extradata more than once (CVE-2012-2803)
  - vp6: properly fail on unsupported feature (CVE-2012-2783)
  - vp56: release frames on error (CVE-2012-2783)
  - shorten: Use separate pointers for the allocated memory for decoded samples (CVE-2012-0858)
  - cavsdec: check for changing w/h (CVE-2012-2777 and CVE-2012-2784)
  - avidec: use actually read size instead of requested size CVE-2012-2788
  - avsdec: Set dimensions instead of relying on the demuxer (CVE-2012-2801)

Author: Andreas Beckmann
Revision Date: 2013-02-16 02:18:23 UTC

* Non-maintainer upload.
* libnautilus-extension1: Add Breaks: samba-common (<< 2:3.5) to fix an
  upgrade path from lenny involving nautilus-share where lenny's apt would
  fail with "Error, pkgProblemResolver::Resolve generated breaks, this may
  be caused by held packages.". (Closes: #698775)

Author: Simon McVittie
Revision Date: 2013-02-15 17:58:34 UTC

Apply patch from upstream 0.100.1 to fix insufficient checking
leading to authentication bypass in pam_fprintd (CVE-2013-0292)
(Closes: #700638)

Author: Balint Reczey
Revision Date: 2013-02-14 15:28:57 UTC

* security fixes from Wireshark 1.8.5:
  - The CLNP dissector could crash. Discovered independently by
    Laurent Butti and the Wireshark development team (CVE-2013-1582)
  - The DTLS dissector could crash. Discovered by Laurent Butti.
    (CVE-2013-1586)
  - The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti.
    (CVE-2013-1588)
  - The Wireshark dissection engine could crash. Discovered by Laurent Butti.
  - The NTLMSSP dissector could overflow a buffer. Discovered by
    Ulf Härnhammar. (CVE-2013-1590)

Author: Pino Toscano
Revision Date: 2013-02-14 13:05:25 UTC

* Add myself as uploader.
* Fix CVE-2010-0206.
* Fix CVE-2010-0207; patch adapted to be API-/ABI-compatible.
* Fix CVE-2010-4653; patch adapted to include object.h instead
  of goo/GooLikely.h (non-existent in poppler 0.12.x).
* Backport upstream commits 7ba15d11e56175601104d125d5e4a47619c224bf and
  55940e989701eb9118015e30f4f48eb654fa34c4 to fix GooString::insert;
  patch upstream_fix-GooString-insert.diff. (Closes: #693817)
* Correctly initialize PSOutputDev::fontFileNameLen and
  PSOutputDev::psFileNames; patch psoutputdev-initialize-vars.diff.
  (Closes: #699421)

Author: Andreas Beckmann
Revision Date: 2013-02-14 12:05:40 UTC

* Non-maintainer upload.
* bugzilla3: Add Depends: liburi-perl. URI.pm is used during package
  configuration. (Closes: #646837)

Author: Andreas Beckmann
Revision Date: 2013-02-13 21:10:02 UTC

* Non-maintainer upload.
* libgmime-2.0-2a: Add Conflicts: libgmime2.2-cil to ensure the obsolete
  package from lenny that is incompatible with mono-gac/squeeze gets removed
  on upgrades. (Closes: #696375)

Author: Mike Miller
Revision Date: 2013-02-13 19:55:03 UTC

debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix
buffer overflow (CVE-2012-6128).

Author: Cyril Lavier
Revision Date: 2013-02-13 14:32:44 UTC

* debian/patches/CVE-2012-4929.diff:
  + Fixes the vulnerability to CRIME SSL attack. See: CVE-2012-4929 for more
    details.(Closes: #700426).

Author: Andreas Beckmann
Revision Date: 2013-02-12 11:20:00 UTC

* Non-maintainer upload.
* sdic-gene95: Move bzip2 suggestion to Depends. (closes: #675321)

Author: Kurt Roeckx
Revision Date: 2013-02-11 20:41:07 UTC

Fix CVE-2013-0166 and CVE-2013-0169

Author: Thijs Kinkhorst
Revision Date: 2013-02-11 09:23:49 UTC

* Packages updated

[ bzip2 (1.0.5-6+squeeze1) stable; urgency=low ]

* Non-maintainer upload by the Security Team
* Fix CVE-2011-4089, thanks to vladz (#632862)

[ eglibc (2.11.3-4) stable; urgency=low ]

* Enable patches/any/cvs-dlopen-tls.diff, not enabled by mistake.
  #637239.
* patches/any/cvs-FORTIFY_SOURCE-format-strings.diff: new patch from
  upstream to fix FORTIFY_SOURCE format string protection bypass.
  #660611.
* patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
  (CVE-2011-4609). #671478.

[ eglibc (2.11.3-3) stable; urgency=low ]

* patches/any/cvs-tzfile.diff: fix integer overflow in timezone code.
  (CVE-2009-5029). #650790.
* patches/any/submitted-resolv-first-query-failure.diff: new patch to fix
  resolving issues with broken servers returning NOTIMP or FORMERR to AAAA
  queries. #658171.
* local/manpages/gai.conf.5: update from latest RedHat version.
  #659504.

[ eglibc (2.11.3-2) stable; urgency=low ]

* Add patches/arm/cvs-tls-unallocated.diff and
  patches/mips/cvs-tls-unallocated.diff to fix FTBFS on armel, mips
  and mipsel.

[ eglibc (2.11.3-1) stable; urgency=low ]

* Update from stable upstream version, and update from the upstream
  stable branch:
  - fix wrong memmove/bcopy optimization with gcc-4.6. #619963.
  - fix an integer overflow in fnmatch() (CVE-2011-1659). #626370.
  - fix spurious warning in bswap_16() with -Wconversion. #561249.
  - fix auxiliary cache file creation. #588218.
  - fix memory corruption in fnmatch() that can lead to code execution
    (CVE-2011-1071). #615120
  - fix strchr() on x86-64 CPU with SSE4.2. #635885
* Update patches:
  - patches/locale/locale-print-LANGUAGE.diff
  - patches/hppa/local-stack-grows-up.diff
  - patches/m68k/cvs-tls-support.patch
  - patches/any/local-disable-test-tgmath2.diff
  - patches/any/submitted-longdouble.diff
  - patches/any/submitted-bits-fcntl_h-at.diff
  - patches/kfreebsd/local-readdir_r.diff
* Drop obsolete patches:
  - patches/any/cvs-redirect-throw.diff
  - patches/any/cvs-flush-cache-textrels.diff
  - patches/hurd-i386/cvs-linkat.diff
  - patches/hurd-i386/cvs-select.diff
  - patches/sparc/submitted-epoll.diff
  - patches/any/cvs-dont-expand-dst-twice.diff
  - patches/amd64/cvs-avx-tcb-alignment.diff
  - patches/any/submitted-etc-resolv.conf.diff
  - patches/any/cvs-audit-suid.diff
* kfreebsd/local-sysdeps.diff, update to r3763 (from squeeze glibc-bsd).
  - fixes LD_PRELOAD with a kfreebsd-9 kernel. #630695.
  - uses upstream RFTSIGZMB for exit signal selection when available.
  - fixes a crash in if_nameindex() with more than 3 interfaces.
  - alter faccessat() X_OK tests similarly as access(). See #640334.
  - fix __libc_sa_len() for AF_LOCAL. See #645527.
* Fix preinst script wrt 3.0 kernel. Patch by Colin Watson.
  #630077.
* Update submitted-resolv.conf-thread.diff from upstream to fix a
  deadlock in some rare cases.
* Add patches/any/cvs-resolv-different-nameserver.diff and
  patches/any/submitted-resolv-assert.diff to try a different
  nameserver if the first one returns REFUSED. #535504.
* Add patches/any/cvs-getaddrinfo-single-lookup.diff to fix fallback to
  single lookup dns requests. #541167.
* Add patches/any/cvs-pthread-setgroups.diff to fix setgroups() with
  multiple threads.
* Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
  fix issues with dl_close() when resolving locally-defined symbols.
  #625250.
* patches/i386/local-cpuid-level2.diff: fix a typo. #609389.
* patches/any/cvs-nptl-pthread-race.diff: fix a race in NPTL code that
  sometimes causes a deadlock when calling fork() from a thread.
* patches/amd64/cvs-avx-detection.diff: do not use AVX if hardware support
  is present, but not enabled in the kernel. #646549.
* patches/any/cvs-statvfs-mount-flags.diff: get the mount flags directly
  from the kernel when possible instead of parsing /proc/mounts.
  #639897.
* patches/any/cvs-dlopen-tls.diff: fix handling of static TLS in
  dlopen'ed objects. #637239.

[ icu (4.4.1-8) stable-security; urgency=high ]

* Add patch to address CVE-2011-4599, a potential buffer overflow.

Author: GNU/kFreeBSD Maintainers
Revision Date: 2013-02-10 19:30:43 UTC

[ Steven Chamberlain ]
Apply patch for SA-12:08 / CVE-2012-4576:
memory access without proper validation in linux compat system
(Closes: #694096)

Author: Salvatore Bonaccorso
Revision Date: 2013-02-10 16:16:41 UTC

* Team upload.
* [SECURITY] CVE-2011-4363: Fix unsafe temporary file usage (Closes: #650500)

Author: Stefan Voelkel
Revision Date: 2013-02-07 17:04:48 UTC

Fix CVE-2012-3368: properly handle close request (Closes: #625302).

Author: Guido Trotter
Revision Date: 2013-02-06 16:48:17 UTC

* Security upload
* Fix for Xen Security Advisory 41 (CVE-2012-6075)

Author: Dominic Hargreaves
Revision Date: 2013-02-03 22:51:37 UTC

[CVE-2013-0238] fix DoS in hostmask.c:try_parse_v4_netmask()
(Closes: #699267)

Author: Yves-Alexis Perez
Revision Date: 2013-02-01 21:55:51 UTC

* Non-maintainer upload by the Security Team.
* debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
  various stack-based buffer overflows in service_unique_name() function.
  This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
  CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699459

Author: Yves-Alexis Perez
Revision Date: 2013-02-01 21:55:32 UTC

* Non-maintainer upload by the Security Team.
* debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
  various stack-based buffer overflows in service_unique_name() function.
  This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
  CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316

Author: Jonathan Wiltshire
Revision Date: 2013-02-01 18:35:55 UTC

* Non-maintainer upload.
* Backport 99_security_cve_2012_6096.dpatch for Squeeze, fixes
  a buffer overflow crasher (Closes: #697930) CVE-2012-6096

Author: Jonathan Wiltshire
Revision Date: 2013-02-01 16:31:00 UTC

* Non-maintainer upload.
* Backport fix from upstream for CVE-2012-1570 (deleted domain record
  cache persistence flaw). Closes: #665012

Author: Marc Dequènes (Duck)
Revision Date: 2013-01-23 19:05:31 UTC

Applied security fix for CVE-2012-6084 using r27411 in upstream SVN
(Closes: #697093).

Author: Theppitak Karoonboonyanan
Revision Date: 2013-01-21 15:03:30 UTC

debian/patches/01_buffer-overflow.patch: backport patch from upstream
to fix potential buffer overflow in Mule mode.
Thanks Dominik Maier for the report. (Closes: #698189)

Author: Jan Dittberner
Revision Date: 2013-01-19 19:48:50 UTC

Fix "CVE-2013-0191: NULL password query result permits login with
any password" by adding patch
debian/patches/fix-698241-null-passwort-result-permits-login.patch from
upstream bug tracker (Closes: #698241)

Author: Salvatore Bonaccorso
Revision Date: 2013-01-19 10:04:17 UTC

* Non-maintainer upload.
* Fix for path traversal issue when supplying name of a graph
  web/graph.php: Check for path traversal issues by making sure real path
  is actually in graphdir. Fixes CVE-2012-3448.
  Fix backported from ganglia 3.1.8. (Closes: #683584)

Author: Ricardo Mones
Revision Date: 2013-01-18 19:03:36 UTC

* patches/99_fix_CVE-2012-4507.patch
 - Added fix for CVE-2012-4507 from 3.8.1-2 (Closes: #690151)

Author: Gerrit Pape
Revision Date: 2013-01-18 03:21:49 UTC

debian/diff/0008-bcron-exec-Mark-all-temporary-files-close-...diff:
new; from upstream git; bcron-exec: Mark all temporary files
close-on-exec and close selfpipe; this fixes a security bug in
bcron where cron jobs get access to the temporary output files from
all other jobs that are still running (CVE-2012-6110, closes:
#686650).