debian-changes-digest Digest V2007 #97

From: <debian-changes-digest-request(at)lists.debian.org>
Date: Thu Aug 23 2007 - 04:06:16 EDT

Content-Type: text/plain

debian-changes-digest Digest Volume 2007 : Issue 97

Today's Topics:

  Accepted krb5 1.3.6-2sarge5 (source   [ Russ Allbery  ]
  Accepted evolution 2.0.4-2sarge2 (so  [ Loic Minier  ]
  Accepted clamav 0.90.1-3etch3 (sourc  [ Moritz Muehlenhoff  ]
  Accepted libapache-mod-jk 1:1.2.5-2s  [ Michael Koch  ]
  Accepted clamav 0.84-2.sarge.17 (sou  [ Stephen Gran  ]
  Accepted php4 4:4.3.10-20 (source i3  [ sean finney  ]
  Accepted fireflier 1.1.5-1sarge1 (so  [ Steve Kemp  ]
  Accepted evolution 2.6.3-6etch1 (sou  [ Moritz Muehlenhoff  ]

Date: Wed, 22 Aug 2007 07:56:33 +0000
From: Russ Allbery <rra@debian.org>
To: debian-changes@lists.debian.org
Subject: Accepted krb5 1.3.6-2sarge5 (source i386 all) Message-Id: <E1INl4r-0001x3-OR@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Tue, 26 Jun 2007 09:05:45 -0700
Source: krb5
Binary: krb5-doc libkrb5-dev krb5-rsh-server krb5-user krb5-ftpd libkadm55 libkrb53 krb5-clients krb5-telnetd krb5-kdc krb5-admin-server Architecture: source i386 all
Version: 1.3.6-2sarge5
Distribution: oldstable-security
Urgency: emergency
Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description:

 krb5-admin-server - Mit Kerberos master server (kadmind)
 krb5-clients - Secure replacements for ftp, telnet and rsh using MIT Kerberos
 krb5-doc   - Documentation for krb5
 krb5-ftpd  - Secure FTP server supporting MIT Kerberos
 krb5-kdc   - Mit Kerberos key server (KDC)
 krb5-rsh-server - Secure replacements for rshd and rlogind  using MIT Kerberos
 krb5-telnetd - Secure telnet server supporting MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos

 libkadm55 - MIT Kerberos administration runtime libraries  libkrb5-dev - Headers and development libraries for MIT Kerberos  libkrb53 - MIT Kerberos runtime libraries Changes:
 krb5 (1.3.6-2sarge5) oldstable-security; urgency=emergency  .

• MIT-SA-2007-4: The kadmin RPC library can free an uninitialized pointer or write past the end of a stack buffer. This may lead to execution of arbitrary code. (CVE-2007-2442, CVE-2007-2443)
• MIT-SA-2007-5: kadmind is vulnerable to a stack buffer overflow that may lead to execution of arbitrary code. (CVE-2007-2798) Files: b600466763baa4f89a8fed5a832eb9d3 782 net standard krb5_1.3.6-2sarge5.dsc 0e9dfa39e8db2e0ce871ba40c46c925e 669293 net standard krb5_1.3.6-2sarge5.diff.gz 58c01536ff87db5d3492264349fe844c 718836 doc optional krb5-doc_1.3.6-2sarge5_all.deb 1c0b1e4889d92cc0c97daadc189aa743 165626 libs optional libkadm55_1.3.6-2sarge5_i386.deb 28cb1b7e93d7e9b242c26e3fadb14bb5 349298 libs standard libkrb53_1.3.6-2sarge5_i386.deb acb7e4b04bf386e8594e449fd9a95dc8 127798 net optional krb5-user_1.3.6-2sarge5_i386.deb 964c7c623b644452dfe58f2ee2b86dc0 191416 net optional krb5-clients_1.3.6-2sarge5_i386.deb 5a79c1c8d595581fdcc27ccdcda612a2 75788 net optional krb5-rsh-server_1.3.6-2sarge5_i386.deb 7a361e5a8227cf636453ca3aefc54c9b 52786 net extra krb5-ftpd_1.3.6-2sarge5_i386.deb 037209dc7761a16fc5282e6b373a8fca 57662 net extra krb5-telnetd_1.3.6-2sarge5_i386.deb a4af925389a4d55abc9704f05ac052b1 116206 net optional krb5-kdc_1.3.6-2sarge5_i386.deb 44f32bde8d022a5470a42140d1bcb954 95562 net optional krb5-admin-server_1.3.6-2sarge5_i386.deb 8aac1db731617b5015c45e51e6b30f20 574668 libdevel extra libkrb5-dev_1.3.6-2sarge5_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqgFMhuANDBmkLRkRAkBfAKCXS8PgafcFmImORggxx8Crwmf/fgCeM+NB Be8DFLKpRa540FgyXgcqI/o=
=VzJ7
-----END PGP SIGNATURE-----
Accepted:
krb5-admin-server_1.3.6-2sarge5_i386.deb   to pool/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_i386.deb krb5-clients_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/krb5-clients_1.3.6-2sarge5_i386.deb krb5-doc_1.3.6-2sarge5_all.deb
  to pool/main/k/krb5/krb5-doc_1.3.6-2sarge5_all.deb krb5-ftpd_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_i386.deb krb5-kdc_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/krb5-kdc_1.3.6-2sarge5_i386.deb krb5-rsh-server_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_i386.deb krb5-telnetd_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_i386.deb krb5-user_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/krb5-user_1.3.6-2sarge5_i386.deb krb5_1.3.6-2sarge5.diff.gz
  to pool/main/k/krb5/krb5_1.3.6-2sarge5.diff.gz krb5_1.3.6-2sarge5.dsc
  to pool/main/k/krb5/krb5_1.3.6-2sarge5.dsc libkadm55_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/libkadm55_1.3.6-2sarge5_i386.deb libkrb5-dev_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_i386.deb libkrb53_1.3.6-2sarge5_i386.deb
  to pool/main/k/krb5/libkrb53_1.3.6-2sarge5_i386.deb

Date: Wed, 22 Aug 2007 07:57:05 +0000
From: Loic Minier <lool@dooz.org>
To: debian-changes@lists.debian.org
Subject: Accepted evolution 2.0.4-2sarge2 (source i386) Message-Id: <E1INl5N-0001zl-DY@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Thu, 21 Jun 2007 18:17:08 +0200
Source: evolution
Binary: evolution-dev evolution
Architecture: source i386
Version: 2.0.4-2sarge2
Distribution: oldstable-security
Urgency: high
Maintainer: Takuo KITAME <kitame@debian.org> Changed-By: Loic Minier <lool@dooz.org>
Description:
 evolution - The groupware suite
 evolution-dev - Development library files for Evolution Closes: 429876
Changes:
 evolution (2.0.4-2sarge2) oldstable-security; urgency=high  .

• SECURITY: New patch, z_10_imap-negative-array-index, fixes potential negative array index usage in IMAP code (remote); FEDORA-2007-0464; GNOME #447414; closes: #429876. Files: 099060ef401e9bd005ecce322b2b1905 1167 gnome optional evolution_2.0.4-2sarge2.dsc a0eecfdbfba9f098d200c6add4a27707 293848 gnome optional evolution_2.0.4-2sarge2.diff.gz a4afa05be3fd2916e18e8633e1a409c7 10232410 gnome optional evolution_2.0.4-2sarge2_i386.deb 2abbd56ddb2e6fbea4db658bbec5f7f0 160362 devel optional evolution-dev_2.0.4-2sarge2_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGgWoWXm3vHE4uyloRAqflAKDS4xjrIR2pGZwib09AKDVpqORh6gCg4nvn AWxcza34RbTqeDa7ZmT+PRE=
=46A3
-----END PGP SIGNATURE-----
Accepted:
evolution-dev_2.0.4-2sarge2_i386.deb
  to pool/main/e/evolution/evolution-dev_2.0.4-2sarge2_i386.deb evolution_2.0.4-2sarge2.diff.gz
  to pool/main/e/evolution/evolution_2.0.4-2sarge2.diff.gz evolution_2.0.4-2sarge2.dsc
  to pool/main/e/evolution/evolution_2.0.4-2sarge2.dsc evolution_2.0.4-2sarge2_i386.deb
  to pool/main/e/evolution/evolution_2.0.4-2sarge2_i386.deb

Date: Wed, 22 Aug 2007 07:56:16 +0000
From: Moritz Muehlenhoff <jmm@debian.org> To: debian-changes@lists.debian.org
Subject: Accepted clamav 0.90.1-3etch3 (source i386 all) Message-Id: <E1INl4a-0001vl-Mg@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Thu, 21 Jun 2007 11:26:42 +0000
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs Architecture: source i386 all
Version: 0.90.1-3etch3
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sgran@debian.org> Changed-By: Moritz Muehlenhoff <jmm@debian.org> Description:
 clamav - antivirus scanner for Unix

 clamav-base - base package for clamav, an anti-virus utility for Unix
 clamav-daemon - antivirus scanner daemon
 clamav-dbg - debug symbols for clamav
 clamav-docs - documentation package for clamav, an anti-virus utility for Unix
 clamav-freshclam - downloads clamav virus databases from the Internet
 clamav-milter - antivirus scanner for sendmail
 clamav-testfiles - use these files to test that your Antivirus program works

 libclamav-dev - clam Antivirus library development files  libclamav2 - virus scanner library
Changes:
 clamav (0.90.1-3etch3) stable-security; urgency=high  .

• NMU by the Security Team, based on updated prepared by sgran [CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123] Files: 8e571f6c59475a847ef33e94c6232422 886 utils optional clamav_0.90.1-3etch3.dsc ed89ccfaeb47bb721d8889e12fc51882 207415 utils optional clamav_0.90.1-3etch3.diff.gz 791eaeb6e6ae6ec69c3f664142ace269 201368 utils optional clamav-base_0.90.1-3etch3_all.deb 150e351f3529ed1361bb0acfc1256dc1 157548 utils optional clamav-testfiles_0.90.1-3etch3_all.deb 468fb6594650d58e6d11a41640a96e68 1003156 utils optional clamav-docs_0.90.1-3etch3_all.deb 90b1015e539f1b1d55c3bff1c9524746 365550 libs optional libclamav2_0.90.1-3etch3_i386.deb 10a784491395c8e30de5dc7c2de57527 853644 utils optional clamav_0.90.1-3etch3_i386.deb 6ec0da9e34c65305427fa3a43938de19 174536 utils optional clamav-daemon_0.90.1-3etch3_i386.deb 3d40e51e51b6acd0691084fa75405259 9299980 utils optional clamav-freshclam_0.90.1-3etch3_i386.deb dcbab610ecb55f61984b6337c50ca290 174658 utils extra clamav-milter_0.90.1-3etch3_i386.deb 6760dae2c6f2294ae4d3bb99b465eb42 367576 libdevel optional libclamav-dev_0.90.1-3etch3_i386.deb c46b103d7c83a78d2777d2c736e32399 603678 utils extra clamav-dbg_0.90.1-3etch3_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGemKxXm3vHE4uyloRAhjuAKCmbeLKqy+lHEQ40ER5GxRQ6l1S8ACfZQej /c2R16orF0M5kb9LNg/fZt0=
=/wka
-----END PGP SIGNATURE-----
Accepted:
clamav-base_0.90.1-3etch3_all.deb
  to pool/main/c/clamav/clamav-base_0.90.1-3etch3_all.deb clamav-daemon_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/clamav-daemon_0.90.1-3etch3_i386.deb clamav-dbg_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/clamav-dbg_0.90.1-3etch3_i386.deb clamav-docs_0.90.1-3etch3_all.deb
  to pool/main/c/clamav/clamav-docs_0.90.1-3etch3_all.deb clamav-freshclam_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/clamav-freshclam_0.90.1-3etch3_i386.deb clamav-milter_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/clamav-milter_0.90.1-3etch3_i386.deb clamav-testfiles_0.90.1-3etch3_all.deb
  to pool/main/c/clamav/clamav-testfiles_0.90.1-3etch3_all.deb clamav_0.90.1-3etch3.diff.gz
  to pool/main/c/clamav/clamav_0.90.1-3etch3.diff.gz clamav_0.90.1-3etch3.dsc
  to pool/main/c/clamav/clamav_0.90.1-3etch3.dsc clamav_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/clamav_0.90.1-3etch3_i386.deb libclamav-dev_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/libclamav-dev_0.90.1-3etch3_i386.deb libclamav2_0.90.1-3etch3_i386.deb
  to pool/main/c/clamav/libclamav2_0.90.1-3etch3_i386.deb

Date: Wed, 22 Aug 2007 07:57:12 +0000
From: Michael Koch <konqueror@gmx.de>
To: debian-changes@lists.debian.org
Subject: Accepted libapache-mod-jk 1:1.2.5-2sarge1 (source i386) Message-Id: <E1INl5U-00020Z-5N@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Thu, 7 Jun 2007 00:03:29 +0200
Source: libapache-mod-jk
Binary: libapache-mod-jk
Architecture: source i386
Version: 1:1.2.5-2sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Michael Koch <konqueror@gmx.de> Description:
 libapache-mod-jk - Apache 1.3 connector for the Tomcat Java servlet engine Closes: 425836
Changes:
 libapache-mod-jk (1:1.2.5-2sarge1) oldstable-security; urgency=high  .

• Forward unparsed URI to tomcat. Closes: #425836. CVE-2007-1860 Files: 2d534b789de9c9deae580cc363d3ba63 746 web optional libapache-mod-jk_1.2.5-2sarge1.dsc ea70064664cba04079f64804314cfed1 3940 web optional libapache-mod-jk_1.2.5-2sarge1.diff.gz bfa43eb7a19f0ee9e90ce288784639c9 179762 web optional libapache-mod-jk_1.2.5-2sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqgFShuANDBmkLRkRApPiAKCO5xQcRqMDAJjHPGWsKzMCKby+RgCaAygv SQTEeMVR1RfeYMH9SZuzKiA=
=Psu9
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-jk_1.2.5-2sarge1.diff.gz
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1.diff.gz libapache-mod-jk_1.2.5-2sarge1.dsc
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1.dsc libapache-mod-jk_1.2.5-2sarge1_i386.deb
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_i386.deb

Date: Wed, 22 Aug 2007 07:57:01 +0000
From: Stephen Gran <sgran@debian.org>
To: debian-changes@lists.debian.org
Subject: Accepted clamav 0.84-2.sarge.17 (source all i386) Message-Id: <E1INl5J-0001zN-Oa@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Fri, 01 Jun 2007 00:57:38 +0100
Source: clamav
Binary: clamav libclamav-dev clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav1 clamav-docs Architecture: source all i386
Version: 0.84-2.sarge.17
Distribution: oldstable-security
Urgency: low
Maintainer: Stephen Gran <sgran@debian.org> Changed-By: Stephen Gran <sgran@debian.org> Description:
 clamav - antivirus scanner for Unix

 clamav-base - base package for clamav, an anti-virus utility for Unix
 clamav-daemon - antivirus scanner daemon
 clamav-docs - documentation package for clamav, an anti-virus utility for Unix
 clamav-freshclam - downloads clamav virus databases from the Internet
Can't find what you're looking for?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek
 clamav-milter - antivirus scanner for sendmail
 clamav-testfiles - use these files to test that your Antivirus program works

 libclamav-dev - clam Antivirus library development files  libclamav1 - virus scanner library
Changes:
 clamav (0.84-2.sarge.17) oldstable-security; urgency=low  .

• [CVE-2007-2650]: libclamav/ole2_extract.c: detect block list loop Files: 334efba90e36f3b1cc1e7d88ca0990bb 874 utils optional clamav_0.84-2.sarge.17.dsc ce287c93cc5080aefcf5d37d1ee4b261 181825 utils optional clamav_0.84-2.sarge.17.diff.gz 915b8f9d1fa7eb390dd0b11fa894eb26 155334 utils optional clamav-base_0.84-2.sarge.17_all.deb 6e75aa8d619f42642f74effb1c8f5bbc 124326 utils optional clamav-testfiles_0.84-2.sarge.17_all.deb a6411bca9fcc48905421f54bdc71c565 690966 utils optional clamav-docs_0.84-2.sarge.17_all.deb 8d0d54d680baba417375f3c08f472a3a 255306 libs optional libclamav1_0.84-2.sarge.17_i386.deb d3ebc3d3dab74b2eede76fa7f0b5ab6b 65324 utils optional clamav_0.84-2.sarge.17_i386.deb 9fa94bc0c1850f2e4020d8ca551cfedc 40374 utils optional clamav-daemon_0.84-2.sarge.17_i386.deb 0b0a588584fd8e52167ead896aef0792 2171598 utils optional clamav-freshclam_0.84-2.sarge.17_i386.deb 86f0149b4507cfabfca2d0c0a841bc52 38060 utils extra clamav-milter_0.84-2.sarge.17_i386.deb 9f99c158a814786c0634b5a64c5b40f3 160054 libdevel optional libclamav-dev_0.84-2.sarge.17_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGfA2ZXm3vHE4uyloRAuMuAJwNNWFWFMeVGHNZYPHcoUv8Z7W7PACfYVop KkYIg0y161MOETluhHgmcDI=
=FjdI
-----END PGP SIGNATURE-----
Accepted:
clamav-base_0.84-2.sarge.17_all.deb
  to pool/main/c/clamav/clamav-base_0.84-2.sarge.17_all.deb clamav-daemon_0.84-2.sarge.17_i386.deb
  to pool/main/c/clamav/clamav-daemon_0.84-2.sarge.17_i386.deb clamav-docs_0.84-2.sarge.17_all.deb
  to pool/main/c/clamav/clamav-docs_0.84-2.sarge.17_all.deb clamav-freshclam_0.84-2.sarge.17_i386.deb   to pool/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_i386.deb clamav-milter_0.84-2.sarge.17_i386.deb
  to pool/main/c/clamav/clamav-milter_0.84-2.sarge.17_i386.deb clamav-testfiles_0.84-2.sarge.17_all.deb   to pool/main/c/clamav/clamav-testfiles_0.84-2.sarge.17_all.deb clamav_0.84-2.sarge.17.diff.gz
  to pool/main/c/clamav/clamav_0.84-2.sarge.17.diff.gz clamav_0.84-2.sarge.17.dsc
  to pool/main/c/clamav/clamav_0.84-2.sarge.17.dsc clamav_0.84-2.sarge.17_i386.deb
  to pool/main/c/clamav/clamav_0.84-2.sarge.17_i386.deb libclamav-dev_0.84-2.sarge.17_i386.deb
  to pool/main/c/clamav/libclamav-dev_0.84-2.sarge.17_i386.deb libclamav1_0.84-2.sarge.17_i386.deb
  to pool/main/c/clamav/libclamav1_0.84-2.sarge.17_i386.deb

Date: Wed, 22 Aug 2007 07:56:39 +0000
From: sean finney <seanius@debian.org>
To: debian-changes@lists.debian.org
Subject: Accepted php4 4:4.3.10-20 (source i386 all) Message-Id: <E1INl4x-0001xp-RX@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Mon, 23 Apr 2007 18:19:17 +0200
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal php4-mhash Architecture: source i386 all
Version: 4:4.3.10-20
Distribution: oldstable-security
Urgency: high
Maintainer: Adam Conrad <adconrad@0c3.net> Changed-By: sean finney <seanius@debian.org> Description:
 libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)  libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)

 php4       - server-side, HTML-embedded scripting language (meta-package)
 php4-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php4-cli   - command-line interpreter for the php4 scripting language
 php4-common - Common files for packages built from the php4 source
 php4-curl  - CURL module for php4
 php4-dev   - Files for PHP4 module development
 php4-domxml - XMLv2 module for php4
 php4-gd    - GD module for php4
 php4-imap  - IMAP module for php4
 php4-ldap  - LDAP module for php4
 php4-mcal  - MCAL calendar module for php4
 php4-mhash - MHASH module for php4
 php4-mysql - MySQL module for php4
 php4-odbc  - ODBC module for php4
 php4-pear  - PEAR - PHP Extension and Application Repository
 php4-recode - Character recoding module for php4
 php4-snmp  - SNMP module for php4

 php4-sybase - Sybase / MS SQL Server module for php4  php4-xslt - XSLT module for php4
Changes:
 php4 (4:4.3.10-20) oldstable-security; urgency=high  .

• NMU prepared for the security team by the package maintainer.
• The following security issues are addressed with this update:
  • CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
    • note that this is an update to the previous version of the upstream fix for CVE-2007-0910, which introduced a seperate exploit path.
  • CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
  • CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
  • CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
  • CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
  • CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
• The other security issues resulting from the "Month of PHP bugs" either did not affect the version of php4 shipped in sarge, or did not merit a security update according to the established security policy for php in debian. You are encouraged to verify that your configuration is not affected by any of the other vulnerabilities by visiting: http://www.php-security.org/ Files: 01afd17e8897a2ef890c00ab7946f4a6 1686 web optional php4_4.3.10-20.dsc 73f5d1f42e34efa534a09c6091b5a21e 4892209 web optional php4_4.3.10.orig.tar.gz 0cd90e33b3c9b935e2a70ccb52c00b31 530810 web optional php4_4.3.10-20.diff.gz a70cf71baca4b197ba846b20926ec90a 168646 web optional php4-common_4.3.10-20_i386.deb 0788c4bf41dee1f9cac03ef7536d7468 1614290 web optional libapache-mod-php4_4.3.10-20_i386.deb 64c56e2e2bcb4ba34652ab4638c64ece 17896 web optional php4-curl_4.3.10-20_i386.deb 33ba55c445cbb037d599c4409840494a 37234 web optional php4-domxml_4.3.10-20_i386.deb 2b24494070d5041e13095442cb3dd2f9 32390 web optional php4-gd_4.3.10-20_i386.deb d312b15f47de9f7521439203085af0aa 37404 web optional php4-imap_4.3.10-20_i386.deb b113e121c9bf8984f6217e3d88991fb4 19956 web optional php4-ldap_4.3.10-20_i386.deb ca34f5559bf2aad0eab530168eefdc86 17680 web optional php4-mcal_4.3.10-20_i386.deb e91216b621640a5df9ad47757b54f0ed 8034 web optional php4-mhash_4.3.10-20_i386.deb 3cac7bcfe64475759d6b50cb6dddbc05 21212 web optional php4-mysql_4.3.10-20_i386.deb 74e421f406597033ad808a2e9553436b 27142 web optional php4-odbc_4.3.10-20_i386.deb 867b4b6e92180463b56c066b97b9d21f 7700 web optional php4-recode_4.3.10-20_i386.deb 18212307871b1b99ad053037c90d45c1 16396 web optional php4-xslt_4.3.10-20_i386.deb e6bcc87e86606fbcab7c2a661752808e 13150 web optional php4-snmp_4.3.10-20_i386.deb e6eb33691768a6f9511d44e6f0095a76 21376 web optional php4-sybase_4.3.10-20_i386.deb 2e4481e12f311f835a8f77161922e087 3209678 web optional php4-cgi_4.3.10-20_i386.deb 5321cb8b52491099bbe3d7602df8500e 1609694 web optional php4-cli_4.3.10-20_i386.deb 2c32c61bb1c731518b39d645c09ffc72 325172 devel optional php4-dev_4.3.10-20_i386.deb 519f180dddbb4e625c31541e7d043aaa 1612106 web optional libapache2-mod-php4_4.3.10-20_i386.deb a6884d893fc7798b47cd32601d71351c 1140 web optional php4_4.3.10-20_all.deb 044f2497171ee49cb5e8ad9e72c9ebcf 249996 web optional php4-pear_4.3.10-20_all.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGLPGmXm3vHE4uyloRAgK+AJ9vOUn3XNcyC9EJMrOMrYIplmfCiACfcsOi /h+TPD+oJaimxoXjFVgmJ6s=
=K1Fj
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-php4_4.3.10-20_i386.deb
  to pool/main/p/php4/libapache-mod-php4_4.3.10-20_i386.deb libapache2-mod-php4_4.3.10-20_i386.deb
  to pool/main/p/php4/libapache2-mod-php4_4.3.10-20_i386.deb php4-cgi_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-cgi_4.3.10-20_i386.deb php4-cli_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-cli_4.3.10-20_i386.deb php4-common_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-common_4.3.10-20_i386.deb php4-curl_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-curl_4.3.10-20_i386.deb php4-dev_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-dev_4.3.10-20_i386.deb php4-domxml_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-domxml_4.3.10-20_i386.deb php4-gd_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-gd_4.3.10-20_i386.deb php4-imap_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-imap_4.3.10-20_i386.deb php4-ldap_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-ldap_4.3.10-20_i386.deb php4-mcal_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-mcal_4.3.10-20_i386.deb php4-mhash_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-mhash_4.3.10-20_i386.deb php4-mysql_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-mysql_4.3.10-20_i386.deb php4-odbc_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-odbc_4.3.10-20_i386.deb php4-pear_4.3.10-20_all.deb
  to pool/main/p/php4/php4-pear_4.3.10-20_all.deb php4-recode_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-recode_4.3.10-20_i386.deb php4-snmp_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-snmp_4.3.10-20_i386.deb php4-sybase_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-sybase_4.3.10-20_i386.deb php4-xslt_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-xslt_4.3.10-20_i386.deb php4_4.3.10-20.diff.gz
  to pool/main/p/php4/php4_4.3.10-20.diff.gz php4_4.3.10-20.dsc
  to pool/main/p/php4/php4_4.3.10-20.dsc php4_4.3.10-20_all.deb
  to pool/main/p/php4/php4_4.3.10-20_all.deb

Date: Wed, 22 Aug 2007 07:57:09 +0000
From: Steve Kemp <skx@debian.org>
To: debian-changes@lists.debian.org
Subject: Accepted fireflier 1.1.5-1sarge1 (source i386) Message-Id: <E1INl5R-00020B-Vu@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Wed, 27 Jun 2007 18:32:10 +0000
Source: fireflier
Binary: fireflier-client-gtk fireflier-client-kde fireflier-client-qt fireflier-server Architecture: source i386
Version: 1.1.5-1sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Martin Maurer <fireflier@gibraltar.at> Changed-By: Steve Kemp <skx@debian.org>
Description:

 fireflier-client-gtk - Interactive firewall rule creation tool - GTK client
 fireflier-client-kde - Interactive firewall rule creation tool - QT client
 fireflier-client-qt - Interactive firewall rule creation tool - QT client
 fireflier-server - Interactive firewall rule creation tool - server

Changes:
 fireflier (1.1.5-1sarge1) oldstable-security; urgency=high  .

• Non-maintainer upload by The Security Team.
• Fix the unsafe usage of temporary files, allowing arbitary file deletion. [CVE-2007-2837] Files: fd653a7d7e2c4475d1a2c2640b3e142a 754 net optional fireflier_1.1.5-1sarge1.dsc 4ae52e40866c6ca977ddcbf8a8b5fd65 499949 net optional fireflier_1.1.5-1sarge1.tar.gz d43fa251a29fde160e5be343ac18a5e8 45686 net optional fireflier-server_1.1.5-1sarge1_i386.deb 8935c1620e21f806b72ac23567cfde7b 63804 net optional fireflier-client-qt_1.1.5-1sarge1_i386.deb f65bbd16b3b9349271dd643b67fe5fe6 66070 net optional fireflier-client-kde_1.1.5-1sarge1_i386.deb 803aa15f76f167ec61751ab4d4726011 145080 net optional fireflier-client-gtk_1.1.5-1sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGgqR5wM/Gs81MDZ0RAl6jAJ97rCtJsAVX9mJlX+BNMNM6vpcJWQCgutXL VGddlyT4z5dYz25ZdkfuM4o=
=uSCA
-----END PGP SIGNATURE-----
Accepted:
fireflier-client-gtk_1.1.5-1sarge1_i386.deb   to pool/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_i386.deb fireflier-client-kde_1.1.5-1sarge1_i386.deb   to pool/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_i386.deb fireflier-client-qt_1.1.5-1sarge1_i386.deb   to pool/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_i386.deb fireflier-server_1.1.5-1sarge1_i386.deb
  to pool/main/f/fireflier/fireflier-server_1.1.5-1sarge1_i386.deb fireflier_1.1.5-1sarge1.dsc
  to pool/main/f/fireflier/fireflier_1.1.5-1sarge1.dsc fireflier_1.1.5-1sarge1.tar.gz
  to pool/main/f/fireflier/fireflier_1.1.5-1sarge1.tar.gz

Date: Thu, 23 Aug 2007 07:56:22 +0000
From: Moritz Muehlenhoff <jmm@debian.org> To: debian-changes@lists.debian.org
Subject: Accepted evolution 2.6.3-6etch1 (source i386 all) Message-Id: <E1IO7YE-00009m-GV@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Sat, 23 Jun 2007 18:36:02 +0000
Source: evolution
Binary: evolution-plugins-experimental evolution-plugins evolution-dev evolution-common evolution-dbg evolution Architecture: source i386 all
Version: 2.6.3-6etch1
Distribution: stable-security
Urgency: high
Maintainer: Debian Evolution Maintainers <pkg-evolution-maintainers@lists.alioth.debian.org> Changed-By: Moritz Muehlenhoff <jmm@debian.org> Description:
 evolution - groupware suite with mail client and organizer

 evolution-common - architecture independent files for Evolution
 evolution-dbg - debugging symbols for Evolution
 evolution-dev - development library files for Evolution
 evolution-plugins - standard plugins for Evolution
 evolution-plugins-experimental - experimental plugins for Evolution

Changes:
 evolution (2.6.3-6etch1) stable-security; urgency=high  .

• Fix format string vulnerability in shared memo handling [91_CVE-2007-1002.patch] Files: 578b24366558cbb610a52fde5df44b3b 1977 gnome optional evolution_2.6.3-6etch1.dsc 7af880364d53b18ba72b1f85f3813c81 17176288 gnome optional evolution_2.6.3.orig.tar.gz 12965737c082f0532cf2d27cd7627a47 54055 gnome optional evolution_2.6.3-6etch1.diff.gz 5b0a1644494c4200d85c8ec4dcf578bd 10103432 gnome optional evolution-common_2.6.3-6etch1_all.deb e0fe291efb927324afc9fec7a2dc53f6 2403898 gnome optional evolution_2.6.3-6etch1_i386.deb 94560dc3d0349489e04571f1ddb5a099 213648 devel optional evolution-dev_2.6.3-6etch1_i386.deb 0c5d0d9151dfb363cb9291181eb4a82b 6137476 gnome extra evolution-dbg_2.6.3-6etch1_i386.deb 747f1de321552792da380c4048037216 113164 gnome optional evolution-plugins_2.6.3-6etch1_i386.deb cad5b0c3acfcd59001fc76587869ee10 92396 gnome optional evolution-plugins-experimental_2.6.3-6etch1_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGfXXSXm3vHE4uyloRAl8SAKDHMpGaQvCJrcbYAFfh7wYClOhWgwCg3pkR w/TzUAQxQHGhBeV4nWCEs7Y=
=n3nR
-----END PGP SIGNATURE-----
Accepted:
evolution-common_2.6.3-6etch1_all.deb
  to pool/main/e/evolution/evolution-common_2.6.3-6etch1_all.deb evolution-dbg_2.6.3-6etch1_i386.deb
  to pool/main/e/evolution/evolution-dbg_2.6.3-6etch1_i386.deb evolution-dev_2.6.3-6etch1_i386.deb

  to pool/main/e/evolution/evolution-dev_2.6.3-6etch1_i386.deb
evolution-plugins-experimental_2.6.3-6etch1_i386.deb
  to pool/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_i386.deb

evolution-plugins_2.6.3-6etch1_i386.deb
  to pool/main/e/evolution/evolution-plugins_2.6.3-6etch1_i386.deb evolution_2.6.3-6etch1.diff.gz
  to pool/main/e/evolution/evolution_2.6.3-6etch1.diff.gz evolution_2.6.3-6etch1.dsc
  to pool/main/e/evolution/evolution_2.6.3-6etch1.dsc evolution_2.6.3-6etch1_i386.deb
  to pool/main/e/evolution/evolution_2.6.3-6etch1_i386.deb

End of debian-changes-digest Digest V2007 Issue #97

---

Received on Thu Aug 23 04:02:24 2007