[ddh-sys] apt-listchanges: changelogs for less
root
root op ddh.nl
Za Okt 24 11:32:19 CEST 2009
apache2 (2.2.9-10+lenny4) stable-security; urgency=high
* Security fixes:
- CVE-2009-1890: denial of service in mod_proxy (closes: #536718)
- CVE-2009-1891: denial of service in mod_deflate (closes: #534712)
Also prevent compressing the content for HEAD requests.
-- Stefan Fritsch <sf op debian.org> Tue, 14 Jul 2009 21:53:01 +0200
apache2 (2.2.9-10+lenny3) stable-security; urgency=high
* Security: CVE-2009-1195: In configurations using the AllowOverride
directive with certain Options= arguments, local users were not restricted
from executing commands from a Server-Side-Include script as intended
(closes: #530834).
-- Stefan Fritsch <sf op debian.org> Sat, 30 May 2009 14:54:22 +0200
apr (1.2.12-5+lenny1) stable-security; urgency=high
* Fix CVE-2009-2412: overflow in pool allocations, where size alignment
was taking place.
-- Peter Samuelson <peter op p12n.org> Thu, 06 Aug 2009 09:22:28 -0500
apr-util (1.2.12+dfsg-8+lenny4) stable-security; urgency=high
* CVE-2009-2412: Fix overflow in RMM allocations due to alignment.
-- Peter Samuelson <peter op p12n.org> Thu, 06 Aug 2009 09:27:58 -0500
apr-util (1.2.12+dfsg-8+lenny3) stable; urgency=low
* CVE-2009-1956: Fix potential information disclosure bug on big-endian
architectures. On little-endian systems, this is not security relevant
but may still cause data corruption.
* Add CVE reference to previous changelog entry.
-- Stefan Fritsch <sf op debian.org> Tue, 09 Jun 2009 21:51:09 +0200
apr-util (1.2.12+dfsg-8+lenny2) stable-security; urgency=high
* CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
* CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling
of internal xml entities.
-- Stefan Fritsch <sf op debian.org> Wed, 03 Jun 2009 22:53:01 +0200
cups (1.3.8-1+lenny6) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix null pointer dereference on handling IPP_TAG_UNSUPPORTED
leading to denial of service attacks (CVE-2009-0949).
-- Nico Golde <nion op debian.org> Mon, 25 May 2009 11:18:46 +0000
cyrus-sasl2 (2.1.22.dfsg1-23+lenny1) stable-security; urgency=high
* debian/patches/0021_CVE-2009-0688-fix.dpatch, debian/patches/00list:
Backport security fix for CVE-2009-0688 from upstream version 2.1.23.
-- Fabian Fagerholm <fabbe op debian.org> Sun, 24 May 2009 12:16:35 +0300
dhcp3 (3.1.1-6+lenny3) stable-security; urgency=high
* Reorder patches to actually apply them
-- Florian Weimer <fw op deneb.enyo.de> Wed, 19 Aug 2009 07:00:03 +0200
dhcp3 (3.1.1-6+lenny2) stable-security; urgency=high
* Add patch from Sebastian Kramer to fix client overflow in netmask
handling.
* Add patch from Christoph Biedl to fix server assert involving client
IDs and hardware addresses (CVE-2009-1892).
-- Florian Weimer <fw op deneb.enyo.de> Sun, 12 Jul 2009 22:04:01 +0200
dhcp3 (3.1.1-6+lenny1) stable-security; urgency=high
(not released)
-- Florian Weimer <fw op deneb.enyo.de> Wed, 08 Jul 2009 21:03:52 +0200
libcompress-raw-zlib-perl (2.012-1lenny1) stable; urgency=high
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
(Closes: #532738)
-- Niko Tyni <ntyni op debian.org> Sat, 13 Jun 2009 22:19:41 +0300
libxml2 (2.6.32.dfsg-5+lenny1) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix multiple use-after-free flaws when parsing notation and
enumeration attribute types (CVE-2009-2416).
* Fix stack overflow when parsing root XML document element DTD
definition (CVE-2009-2414).
-- Nico Golde <nion op debian.org> Thu, 06 Aug 2009 13:04:00 +0000
linux-2.6 (2.6.26-19lenny1) stable-security; urgency=high
* appletalk: Fix skb leak when ipddp interface is not loaded
(CVE-2009-2903)
* KVM: x86: Disallow hypercalls for guest callers in rings > 0
(CVE-2009-3290)
* selinux: prevent local users from bypassing mmap_min_addr
in unconfined domains (CVE-2009-2695)
* fix information leak in llc_ui_getname (CVE-2009-3001)
* net: fix information leak due to uninitialized structures in
getname functions (CVE-2009-3002)
* eCryptfs: Prevent lower dentry from going negative during unlink
(CVE-2009-2908)
* net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
* x86: Don't leak 64-bit kernel register values to 32-bit processes
(CVE-2009-2910)
* NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
union (CVE-2009-3286)
* r8169: use hardware auto padding (CVE-2009-3613)
-- dann frazier <dannf op debian.org> Sat, 17 Oct 2009 10:52:13 -0600
linux-2.6 (2.6.26-19) stable; urgency=high
[ Moritz Muehlenhoff ]
* Input: ALPS - add signature for Toshiba Satellite Pro M10
(Closes: #434722)
[ dann frazier ]
* aacraid: Fix regression w/ bigmem kernel (Closes: #537771)
* [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
* do_sigaltstack: avoid copying 'stack_t' as a structure to user space
(CVE-2009-2847)
* execve: must clear current->clear_child_tid (CVE-2009-2848)
* md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
attributes (CVE-2009-2849)
-- dann frazier <dannf op debian.org> Tue, 18 Aug 2009 22:45:27 -0600
linux-2.6 (2.6.26-18) stable; urgency=high
[ maximilian attems ]
* [openvz] 19f7f85 net: bridge - process skbs has been already substituted
due to via_phys_dev (closes: #532811)
* [openvz] b1f08ed net: avoid double free on net->gen pointer on error
(closes: #532813)
* [openvz] bbbad0a pidns: pi-futex pid check fixup
[ Martin Michlmayr ]
* MIPS: DS1286: New RTC driver
* MIPS: IP22/28: Switch over to RTC class driver
* [mips/r4k-ip22] Build in RTC_DRV_DS1286. (Closes: #533895)
[ dann frazier ]
* e1000e: add support for 82574L controllers (closes: #534519)
* Use -fno-strict-overflow instead of -fwrapv and workaround a
regression in fbcon this may introduce if users build custom kernels
w/ gcc-4.2 (prebuilt kernels use 4.1) (closes: #536354)
* sata_nv: avoid link reset on controllers where it's broken
(Closes: #498271, Closes: #501023)
* libata: make sure port is thawed when skipping resets. This change
avoid regressing #533657 with the fix for #498271.
* Add -fno-delete-null-pointer-checks to CFLAGS (Closes: #537617)
* Add a backport of bnx2x from 2.6.30 with request_firmware changes
[ Moritz Muehlenhoff ]
* fbdev/atyfb: Fix display corruption on some PowerMacs & PowerBooks
(Closes: #420582)
* ALSA: hda_intel: enable snoop for NVidia HDA controller (Closes: #521192)
* eeepc: Fix oops when changing backlight brightness during init
(Closes: #513406)
* Emit HPET warning only once to avoid syslog floods, which occur on
some systems like HP DC7900 (Closes: #512617)
* Fix support for AverMedia AverTV Cardbus Hybrid E506R (Closes: #511385)
* ALSA: HDA patch_via.c: Fix inversion of surround and side channels
(Closes: #538391)
* NTP Adjust SHIFT_PLL to improve NTP convergence (Closes: #527968)
-- dann frazier <dannf op debian.org> Fri, 31 Jul 2009 00:12:58 -0600
linux-2.6 (2.6.26-17lenny2) stable-security; urgency=high
* Make sock_sendpage() use kernel_sendpage() (CVE-2009-2692)
-- dann frazier <dannf op debian.org> Thu, 13 Aug 2009 15:41:34 -0600
linux-2.6 (2.6.26-17lenny1) stable-security; urgency=high
* [KVM] x86: check for cr3 validity in ioctl_set_sregs
(CVE-2009-2287)
* personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895)
* ecryptfs: Check Tag 11 literal data buffer size (CVE-2009-2406)
* ecryptfs: check tag 3 package encrypted size (CVE-2009-2407)
-- dann frazier <dannf op debian.org> Sat, 25 Jul 2009 15:10:10 -0600
linux-2.6 (2.6.26-17) stable; urgency=high
* Revert "sata_nv: avoid link reset on controllers where it's broken"
due to regression. (closes: #533657)
-- dann frazier <dannf op debian.org> Fri, 19 Jun 2009 23:03:53 -0600
linux-2.6 (2.6.26-16) stable; urgency=high
[ maximilian attems ]
* [openvz] 5dcfcf5 NETLINK: disable netns broadcast filtering.
(closes: #520551)
* Fix SQLite performance regression. (closes: #521420)
* [openvz] 0c295ff cfq link cfq_bc_data without bc io sched.
(closes: #523364)
* [openvz] 7e0f90d cfq: revalidate cached async queue.
(closes: #523359)
* [openvz] e4cea21 VE: fix idle time accounting.
* [openvz] 19b8e13 ptrace: ban ptracing of a container init from inside the
container. (closes: #523360)
* [openvz] 5b58141 ubc: uncharging too much for TCPSNDBUF.
* [openvz] 0ff728e ve: show task's vpid and veid even inside a container.
[ dann frazier ]
* [s390] Fix __div64_31 for CONFIG_MARCH_G5 (Closes: #511334)
* SUNRPC: Fix a performance regression in the RPC authentication code
(Closes: #524199)
* [x86] fix IBM Summit based systems' phys_cpu_present_map on 32-bit
kernels (closes: #529312)
* Fix soft lockups caused by one md resync blocking on another due
to sharing the same device (closes: #514627)
* [sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
(CVE-2009-1914)
* splice: fix deadlock in ocfs2 (CVE-2009-1961)
* e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
* r8169: fix crash when large packets are received (CVE-2009-1389)
[ Martin Michlmayr ]
* cdc-acm: Add quirk for MTK II GPS, such as Qstarz BT-Q1000X (closes:
#525060)
* USB: ftdi_sio: add vendor/product id for the Marvell SheevaPlug.
* [mipsel/r5k-cobalt] Enable SCSI_SYM53C8XX_2 (closes: #526836).
* [mips/r4k-ip22] Enable NET_ISA and various ISA network modules on
the request of Damian Dimmich since they might be useful on the
SGI Indigo2.
[ John Wright ]
* [x86] gettimeofday() vDSO: fix segfault when tv == NULL (Closes: #466491)
[ Ian Campbell ]
* [x86/xen] Apply missing syscall detection patch to -xen-amd64 image
(Closes: #527101)
* [xen] Add support for CDROM_GET_CAPABILITY to blkfront driver
(Closes: #529864)
[ Ben Hutchings ]
* sata_nv: avoid link reset on controllers where it's broken
(Closes: #498271)
* r8169: fix multicast filtering for RTL8101 and RTL8168 (Closes: #514268)
* asus_acpi: don't load asus-acpi if model is not supported
(Closes: #524300)
* iwl4965: avoid sleep in softirq context (Closes: #530884)
-- dann frazier <dannf op debian.org> Tue, 09 Jun 2009 09:09:27 -0600
linux-2.6 (2.6.26-15lenny3) stable-security; urgency=high
[ dann frazier ]
* Fix selinux panic introduced by the fix for CVE-2009-1184
(Closes: #528860)
* nfs4: fix MAY_EXEC handling (CVE-2009-1630)
* cifs: fix several string conversion issues (CVE-2009-1633)
[ Ian Campbell ]
* xen: Fix missing check of interrupted code's code selector
(CVE-2009-1758)
-- dann frazier <dannf op debian.org> Thu, 28 May 2009 08:34:15 -0600
mysql-dfsg-5.0 (5.0.51a-24+lenny2) stable-security; urgency=high
* SECURITY:
Fix for CVE-2009-2446: Multiple format string vulnerabilities in the
dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL
4.0.0 through 5.0.83 allow remote authenticated users to cause a denial
of service (daemon crash) and possibly have unspecified other impact via
format string specifiers in a database name in a (1) COM_CREATE_DB or
(2) COM_DROP_DB request. Closes: #536726.
Complete debdiff for 5.0.51a-24+lenny2 generously contributed by
Christian Hammers <ch op debian.org>.
-- Sebastien Delafond <seb op debian.org> Thu, 27 Aug 2009 10:31:25 +0200
newt (0.52.2-11.3+lenny1) stable-security; urgency=high
* Non-maintainer upload by the security team
* Include patch to fix buffer overflow in content processing code
Fixes: CVE-2009-2905
-- Steffen Joeris <white op debian.org> Tue, 22 Sep 2009 06:50:23 +0000
perl (5.10.0-19lenny2) stable; urgency=low
* Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
should have been libcpanplus-perl. (Closes: #516289)
* Fix a memory leak with the map operator. (Closes: #528332)
-- Niko Tyni <ntyni op debian.org> Thu, 27 Aug 2009 23:12:30 +0300
perl (5.10.0-19lenny1) stable-security; urgency=high
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
(Closes: #532736)
-- Niko Tyni <ntyni op debian.org> Fri, 12 Jun 2009 23:22:04 +0300
postgresql-8.3 (8.3.8-0lenny1) stable-security; urgency=high
* New upstream security/bug fix release:
- Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
security-definer functions. This covers a case that was missed in the
previous patch that disallowed "SET ROLE" and "SET SESSION
AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
- Force WAL segment switch during pg_start_backup(). This avoids corner
cases that could render a base backup unusable.
- Make "LOAD" of an already-loaded loadable module into a no-op.
Formerly, "LOAD" would attempt to unload and re-load the module,
but this is unsafe and not all that useful.
- Disallow empty passwords during LDAP authentication.
- Fix handling of sub-SELECTs appearing in the arguments of an
outer-level aggregate function.
- Fix bugs associated with fetching a whole-row value from the output
of a Sort or Materialize plan node.
- Prevent synchronize_seqscans from changing the results of
scrollable and WITH HOLD cursors.
- Revert planner change that disabled partial-index and constraint
exclusion optimizations when there were more than 100 clauses in an
AND or OR list.
- Fix hash calculation for data type interval. This corrects wrong results
for hash joins on interval values. It also changes the contents of hash
indexes on interval columns. If you have any such indexes, you must
"REINDEX" them after updating.
- Treat to_char(..., 'TH') as an uppercase ordinal suffix with
'HH'/'HH12'. It was previously handled as 'th' (lowercase).
- Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
and integer datetimes are in use.
- Fix calculation of distance between a point and a line segment.
This led to incorrect results from a number of geometric operators.
- Fix money data type to work in locales where currency amounts have
no fractional digits, e.g. Japan.
- Fix LIKE for case where pattern contains %_.
- Properly round datetime input like 00:12:57.9999999999999999999999999999.
- Fix memory leaks in XML operations.
- Fix poor choice of page split point in GiST R-tree operator classes.
- Ensure that a "fast shutdown" request will forcibly terminate open
sessions, even if a "smart shutdown" was already in progress.
- Avoid performance degradation in bulk inserts into GIN indexes when
the input values are (nearly) in sorted order.
- Correctly enforce NOT NULL domain constraints in some contexts in
PL/pgSQL.
- Fix portability issues in plperl initialization.
- Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
empty.
- Improve pg_dump's efficiency when there are many large objects.
- Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
- Make pg_standby's maxretries option behave as documented.
- Make "contrib/hstore" throw an error when a key or value is too
long to fit in its data structure, rather than silently truncating
it.
- Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
number of parameters (twenty).
- Improve robustness of libpq's code to recover from errors during
"COPY FROM STDIN".
-- Martin Pitt <mpitt op debian.org> Fri, 18 Sep 2009 14:52:26 +0200
ruby1.8 (1.8.7.72-3lenny1) stable-security; urgency=high
* added patch: 932_CVE-2009-1904 (closes: #532689)
It fixes BigDecimal DoS vulnerability (CVE-2009-1904). (backported from
1.8.7-p172 and 1.8.7-p174)
* Add upstream patch to properly check return values of the
OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)
-- akira yamada <akira op debian.org> Fri, 10 Jul 2009 17:17:38 +0900
subversion (1.5.1dfsg1-4) stable-security; urgency=high
* Fix CVE-2009-2411, heap overflows in svndiff stream parsing.
-- Peter Samuelson <peter op p12n.org> Wed, 05 Aug 2009 19:54:23 -0500
subversion (1.5.1dfsg1-3) stable; urgency=low
* patches/commit-email2: New patch to fix mail header formatting in
commit-email.pl hook. (Closes: #508301, #532903)
-- Peter Samuelson <peter op p12n.org> Sat, 04 Jul 2009 12:39:13 -0500
tiff (3.8.2-11.2) stable-security; urgency=high
* Revised patch for CVE-2009-2347, new patch for CVE-2009-2285
-- Moritz Muehlenhoff <jmm op debian.org> Mon, 13 Jul 2009 17:12:10 +0000
tiff (3.8.2-11.1) stable-security; urgency=high
* CVE-2009-2347
-- Moritz Muehlenhoff <jmm op debian.org> Sun, 12 Jul 2009 15:58:58 +0000
udev (0.125-7+lenny3) stable; urgency=high
* Stable update: backported many fixes and rules updates from unstable.
* Run modprobe scsi_wait_scan in the initramfs before udevadm settle.
* Support kernel-specific firmware directories. (Closes: #504928)
* /etc/modprobe.d/blacklist: added hpwdt, it8712f_wdt, iTCO_wdt,
pc87413_wdt, sbc7240_wdt, sbc_epx_c3, smsc37b787_wdt, w83697hf_wdt.
(Closes: #504107)
* Set all devices created in d-i to mode 666. (Closes: #517389)
* postinst: do not try to start the daemon when run by debootstrap
--second-stage because start-stop-daemon is not functional.
(Closes: 520742)
* postinst: do not use /proc/sys/kernel/hotplug to allow installation
(disabled) in OpenVZ VEs.
* postinst: restart rsyslogd too on the first install.
* Added patch fix-path_id-bashism. (Closes: #530213)
* Added patch cdrom_id_fix: improve support for some broken fake drives.
* Added patch bp_rules_generators: backported some fixes related to
persistent rules.
* udev.rules: added block/MAJ:MIN and char/MAJ:MIN links.
* udev.rules: create the rtc link only for rtc_cmos devices.
* udev.rules, permissions.rules: added uat and ucma group rdma.
* udev.rules: make sr* the device names and scd* the compatibility links.
* permissions.rules: added mISDNtimer group dialout. (Closes: #521845)
* permissions.rules: correctly ignore the removable flag for aacraid
devices. (Closes: #462655)
* permissions.rules: added pmu group video.
* permissions.rules: added mwave, hvc* and hvsi* group dialout.
* permissions.rules: added cpu[0-9]* mode 444.
* permissions.rules: added rfkill mode 644.
* persistent-input.rules: exclude digitizers from the joystick class.
* persistent-storage.rules: fixed matching of cciss non-partition devices.
(Closes: #523019)
* persistent-storage.rules: ignore mtd[0-9]* and mtdblock[0-9]* devices.
* persistent-storage.rules: ignore btibm* devices.
* persistent-storage.rules: do not probe optical drivers which do not
have a media inserted. (Closes: #512442)
* persistent-storage.rules: run edd_id on cciss devices. (Closes: #524906)
* persistent-storage-tape.rules: do not add a second -nst suffix.
* persistent-net-generator.rules: whitelist some MAC addresses which
violate the local/global scheme.
* drivers.rules: always use modprobe -b.
* drivers.rules: added workaround to load the drivers for Sparc VIO
devices. (Closes: #526621)
-- Marco d'Itri <md op linux.it> Tue, 25 Aug 2009 22:04:43 +0200
wget (1.11.4-2+lenny1) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2009-3490: Fixed incorrect verification of SSL certificate with NUL in
name (Closes: #549293)
-- Giuseppe Iuculano <iuculano op debian.org> Thu, 08 Oct 2009 14:33:55 +0200
bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low
[Internet Software Consortium, Inc]
* A specially crafted update packet will cause named to exit.
CVE-2009-0696, CERT VU#725188. Closes: #538975
-- LaMont Jones <lamont op debian.org> Tue, 28 Jul 2009 22:48:28 -0600
bind9 (1:9.5.1.dfsg.P2-1+lenny1) stable; urgency=medium
* Non-maintainer upload with permission from maintainer
* Upload "DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]" fix to stable
-- Florian Weimer <fw op deneb.enyo.de> Wed, 29 Apr 2009 13:33:34 +0200
bind9 (1:9.5.1.dfsg.P2-1) unstable; urgency=low
[Internet Software Consortium, Inc]
* 9.5.1-P2
- DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479]
[LaMont Jones]
* meta: fix override disparity
[Sven Joachim]
* meta: pass host and build into configure for hybrid build machines.
Closes: #515110
-- LaMont Jones <lamont op debian.org> Fri, 20 Mar 2009 19:08:03 -0600
bind9 (1:9.5.1.dfsg.P1-3) unstable; urgency=low
* package -2 for unstable
-- LaMont Jones <lamont op debian.org> Wed, 18 Mar 2009 09:40:18 -0600
base-files (5lenny4) stable; urgency=low
* Bump version in /etc/debian_version to "5.0.3".
-- Santiago Vila <sanvila op debian.org> Sun, 30 Aug 2009 22:00:54 +0200
base-files (5lenny3) stable; urgency=low
* Bump the version in debian_version to "5.0.2".
-- Santiago Vila <sanvila op debian.org> Fri, 12 Jun 2009 11:31:32 +0200
glib2.0 (2.16.6-2) stable; urgency=low
* 10_gfile_set_error.patch: new patch. Fix crashes in gvfs caused by
wrong passing of a GError. Closes: #517752.
-- Josselin Mouette <joss op debian.org> Sun, 10 May 2009 08:54:35 +0200
gnupg (1.4.9-3+lenny1) stable; urgency=low
* debian/patches/101_172115_fix_keyring_memory_leak.dpatch: Added.
- g10/keyring.c (keyring_get_keyblock): Fix a memory leak due to
ring_trust packets, which slowed down import of large keyrings
leading to potential DoS (#172115, #345911).
* debian/patches/101_321871_unset_noecho_on_sigint.dpatch: Added.
- g10/signal.c (got_fatal_signal), util/ttyio.c (tty_cleanup_after_signal),
include/ttyio.h: Cleanup terminal attributes on interrupt (#321871).
-- Daniel Leidert (dale) <daniel.leidert op wgdd.de> Fri, 29 May 2009 20:55:08 +0200
libxcb (1.1-1.2) stable; urgency=low
* Non-maintainer upload to fix important performance issues
(closes: #487635).
* Fix some fd leaks in _xcb_open_*()
* Increase libxcb buffer size to 16k from 4k
* Disable Nagle on TCP socket
-- Julien Cristau <jcristau op debian.org> Wed, 27 May 2009 20:06:47 +0200
mdadm (2.6.7.2-3) stable-proposed-updates; urgency=low
* Change my previous recommendation for postfix over to Debian's default
MTA, exim4 (see #522300 and #508644).
* Cherry-pick bug script enhancements from sid version:
- Enhance bugscript, which now asks to run as root (sudo/su) if invoked by
a normal user.
- Include MD5 sums of md-related files in initrd in bug reports.
- Add grub2 information retrieval to bugscript.
- Trap SIGINT and thus prevent ctrl-c from terminating the bugscript
prematurely.
- Add information about udev and device links in /dev to bugscript output.
-- martin f. krafft <madduck op debian.org> Tue, 05 May 2009 08:45:22 +0200
mdadm (2.6.7.2-2) stable-proposed-updates; urgency=low
* Fix start/stop runlevels in header of mdadm monitor init.d script
(closes: #514923)
* Do not set -eu in the bugscript to maximise information output in the case
of errors.
* Make initramfs script depend on multipath to ensure its script is run
before ours (closes: #516605).
* Provide an alternative (postfix) for mail-transport-agent (closes:
#522300). I chose postfix because that's the only one I could recommend,
and since the alternative does not affect people who already have an MTA
installed, or have a preference, it won't affect them.
* Honour debconf pre-selection of mdadm/initrdstart (closes: #516802).
* Make checkarray skip over arrays still marked auto-read-only
(closes: #510641).
* No longer pass -k to modprobe, which has been deprecated for a long time;
thanks to Jan Hudec (closes: #519999).
* Remove Mario Joußen from the uploaders list, since his email started
bouncing.
-- martin f. krafft <madduck op debian.org> Sun, 03 May 2009 19:35:03 +0200
openssl (0.9.8g-15+lenny5) stable-security; urgency=low
* Don't check self signed certificate signatures in X509_verify_cert()
(Closes: #541735)
-- Kurt Roeckx <kurt op roeckx.be> Fri, 11 Sep 2009 17:00:05 +0200
openssl (0.9.8g-15+lenny4) stable-security; urgency=low
* Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
-- Kurt Roeckx <kurt op roeckx.be> Tue, 11 Aug 2009 22:48:02 +0200
openssl (0.9.8g-15+lenny3) stable-security; urgency=low
* Fix DoS via a DTLS ChangeCipherSpec packet that occurs before ClientHello
(CVE-2009-1386)
* Fix DoS via an out-of-sequence DTLS handshake message (CVE-2009-1387)
-- Kurt Roeckx <kurt op roeckx.be> Mon, 08 Jun 2009 19:40:22 +0200
openssl (0.9.8g-15+lenny2) stable-security; urgency=low
* Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
* Fix "DTLS fragment handling" (CVE-2009-1378)
* Fix "DTLS use after free" (CVE-2009-1379)
-- Kurt Roeckx <kurt op roeckx.be> Mon, 01 Jun 2009 14:56:56 +0200
pango1.0 (1.20.5-5) stable; urgency=low
* Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
Joeris:
+ 22_CVE-2009-1194.patch: Fix integer overflow via long glyphstrings
(Closes: #527474)
Fixes: CVE-2009-1194
-- Josselin Mouette <joss op debian.org> Thu, 14 May 2009 09:33:18 +0200
pango1.0 (1.20.5-4) stable; urgency=low
* 21_harfbuzz_gpos.patch: backport patch from upstream to fix GPOS
errors with some fonts. Closes: #484995.
-- Josselin Mouette <joss op debian.org> Fri, 10 Apr 2009 09:43:37 +0200
python-support (0.8.4lenny1) stable; urgency=low
* update-python-modules (create_dotpath):
+ Completely ignore lines starting with "import", as they would be
executed by python upon startup.
-- Josselin Mouette <joss op debian.org> Wed, 26 Aug 2009 15:23:24 +0200
spamassassin (3.2.5-2+lenny1) stable; urgency=low
* Remove open-whois.org as it is cybersquatted (Closes: #537477)
* Fix numerous perl pod errors that caused warnings to be embedded
in several manpages.
* Fix man page formatting so as not to break whatis.
* Update debian/control to list the right Maintainer value.
-- Noah Meyerhans <noahm op debian.org> Wed, 26 Aug 2009 15:45:35 -0400
tzdata (2009l-0lenny1) stable; urgency=low
* New upstream release.
- Updates Cairo DST for Ramadan. closes: #543139.
* Remove Katmandu from all debconf templates.
-- Clint Adams <schizo op debian.org> Sat, 22 Aug 2009 17:59:50 -0400
tzdata (2009g-0lenny1) stable; urgency=low
* New upstream release:
- Remove argentina-no-dst.diff (merged upstream).
- Backport translations of "Kathmandu" and "Argentina/Salta" from
unstable.
-- Aurelien Jarno <aurel32 op debian.org> Thu, 21 May 2009 18:41:45 +0200
xorg (1:7.3+20) stable; urgency=low
* Non-maintainer upload, supervised by Julien Cristau.
* xserver-xorg.postinst: fix for the previous patch. Closes: #535624
-- Maximiliano Curia <maxy op debian.org> Wed, 22 Jul 2009 16:26:29 -0300
xorg (1:7.3+19) stable; urgency=low
* xserver-xorg.postinst: default to the fbdev driver on sparc, even when we
find PCI devices, to work around #488669.
-- Julien Cristau <jcristau op debian.org> Mon, 08 Jun 2009 11:53:46 +0200
More information about the ddh-sys
mailing list