[ddh-sys] apt-listchanges: changelogs for less

root root op ddh.nl
Za Okt 24 11:32:19 CEST 2009

apache2 (2.2.9-10+lenny4) stable-security; urgency=high

  * Security fixes:
    - CVE-2009-1890: denial of service in mod_proxy (closes: #536718)
    - CVE-2009-1891: denial of service in mod_deflate (closes: #534712)
      Also prevent compressing the content for HEAD requests.

 -- Stefan Fritsch <sf op debian.org>  Tue, 14 Jul 2009 21:53:01 +0200

apache2 (2.2.9-10+lenny3) stable-security; urgency=high

  * Security: CVE-2009-1195: In configurations using the AllowOverride
    directive with certain Options= arguments, local users were not restricted
    from executing commands from a Server-Side-Include script as intended
    (closes: #530834).

 -- Stefan Fritsch <sf op debian.org>  Sat, 30 May 2009 14:54:22 +0200

apr (1.2.12-5+lenny1) stable-security; urgency=high

  * Fix CVE-2009-2412: overflow in pool allocations, where size alignment
    was taking place.

 -- Peter Samuelson <peter op p12n.org>  Thu, 06 Aug 2009 09:22:28 -0500

apr-util (1.2.12+dfsg-8+lenny4) stable-security; urgency=high

  * CVE-2009-2412: Fix overflow in RMM allocations due to alignment.

 -- Peter Samuelson <peter op p12n.org>  Thu, 06 Aug 2009 09:27:58 -0500

apr-util (1.2.12+dfsg-8+lenny3) stable; urgency=low

  * CVE-2009-1956: Fix potential information disclosure bug on big-endian
    architectures. On little-endian systems, this is not security relevant
    but may still cause data corruption.
  * Add CVE reference to previous changelog entry.

 -- Stefan Fritsch <sf op debian.org>  Tue, 09 Jun 2009 21:51:09 +0200

apr-util (1.2.12+dfsg-8+lenny2) stable-security; urgency=high

  * CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
    remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
  * CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling
    of internal xml entities.

 -- Stefan Fritsch <sf op debian.org>  Wed, 03 Jun 2009 22:53:01 +0200

cups (1.3.8-1+lenny6) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix null pointer dereference on handling IPP_TAG_UNSUPPORTED
    leading to denial of service attacks (CVE-2009-0949).

 -- Nico Golde <nion op debian.org>  Mon, 25 May 2009 11:18:46 +0000

cyrus-sasl2 (2.1.22.dfsg1-23+lenny1) stable-security; urgency=high

  * debian/patches/0021_CVE-2009-0688-fix.dpatch, debian/patches/00list:
    Backport security fix for CVE-2009-0688 from upstream version 2.1.23.

 -- Fabian Fagerholm <fabbe op debian.org>  Sun, 24 May 2009 12:16:35 +0300

dhcp3 (3.1.1-6+lenny3) stable-security; urgency=high

  * Reorder patches to actually apply them

 -- Florian Weimer <fw op deneb.enyo.de>  Wed, 19 Aug 2009 07:00:03 +0200

dhcp3 (3.1.1-6+lenny2) stable-security; urgency=high

  * Add patch from Sebastian Kramer to fix client overflow in netmask
  * Add patch from Christoph Biedl to fix server assert involving client
    IDs and hardware addresses (CVE-2009-1892).

 -- Florian Weimer <fw op deneb.enyo.de>  Sun, 12 Jul 2009 22:04:01 +0200

dhcp3 (3.1.1-6+lenny1) stable-security; urgency=high

  (not released)

 -- Florian Weimer <fw op deneb.enyo.de>  Wed, 08 Jul 2009 21:03:52 +0200

libcompress-raw-zlib-perl (2.012-1lenny1) stable; urgency=high

  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
    (Closes: #532738)

 -- Niko Tyni <ntyni op debian.org>  Sat, 13 Jun 2009 22:19:41 +0300

libxml2 (2.6.32.dfsg-5+lenny1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix multiple use-after-free flaws when parsing notation and
    enumeration attribute types (CVE-2009-2416).
  * Fix stack overflow when parsing root XML document element DTD
    definition (CVE-2009-2414).

 -- Nico Golde <nion op debian.org>  Thu, 06 Aug 2009 13:04:00 +0000

linux-2.6 (2.6.26-19lenny1) stable-security; urgency=high

  * appletalk: Fix skb leak when ipddp interface is not loaded
  * KVM: x86: Disallow hypercalls for guest callers in rings > 0
  * selinux: prevent local users from bypassing mmap_min_addr
    in unconfined domains (CVE-2009-2695)
  * fix information leak in llc_ui_getname (CVE-2009-3001)
  * net: fix information leak due to uninitialized structures in
    getname functions (CVE-2009-3002)
  * eCryptfs: Prevent lower dentry from going negative during unlink
  * net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
  * x86: Don't leak 64-bit kernel register values to 32-bit processes
  * NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
    union (CVE-2009-3286)
  * r8169: use hardware auto padding (CVE-2009-3613)

 -- dann frazier <dannf op debian.org>  Sat, 17 Oct 2009 10:52:13 -0600

linux-2.6 (2.6.26-19) stable; urgency=high

  [ Moritz Muehlenhoff ]
  * Input: ALPS - add signature for Toshiba Satellite Pro M10
    (Closes: #434722)

  [ dann frazier ]
  * aacraid: Fix regression w/ bigmem kernel (Closes: #537771)
  * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
  * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
  * execve: must clear current->clear_child_tid (CVE-2009-2848)
  * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
    attributes (CVE-2009-2849)

 -- dann frazier <dannf op debian.org>  Tue, 18 Aug 2009 22:45:27 -0600

linux-2.6 (2.6.26-18) stable; urgency=high

  [ maximilian attems ]
  * [openvz] 19f7f85 net: bridge - process skbs has been already substituted
    due to via_phys_dev (closes: #532811)
  * [openvz] b1f08ed net: avoid double free on net->gen pointer on error
    (closes: #532813)
  * [openvz] bbbad0a pidns: pi-futex pid check fixup

  [ Martin Michlmayr ]
  * MIPS: DS1286: New RTC driver
  * MIPS: IP22/28: Switch over to RTC class driver
  * [mips/r4k-ip22] Build in RTC_DRV_DS1286. (Closes: #533895)

  [ dann frazier ]
  * e1000e: add support for 82574L controllers (closes: #534519)
  * Use -fno-strict-overflow instead of -fwrapv and workaround a
    regression in fbcon this may introduce if users build custom kernels
    w/ gcc-4.2 (prebuilt kernels use 4.1) (closes: #536354)
  * sata_nv: avoid link reset on controllers where it's broken
    (Closes: #498271, Closes: #501023)
  * libata: make sure port is thawed when skipping resets. This change
    avoid regressing #533657 with the fix for #498271.
  * Add -fno-delete-null-pointer-checks to CFLAGS (Closes: #537617)
  * Add a backport of bnx2x from 2.6.30 with request_firmware changes

  [ Moritz Muehlenhoff ]
  * fbdev/atyfb: Fix display corruption on some PowerMacs & PowerBooks
    (Closes: #420582)
  * ALSA: hda_intel: enable snoop for NVidia HDA controller (Closes: #521192)
  * eeepc: Fix oops when changing backlight brightness during init
    (Closes: #513406)
  * Emit HPET warning only once to avoid syslog floods, which occur on
    some systems like HP DC7900 (Closes: #512617)
  * Fix support for AverMedia AverTV Cardbus Hybrid E506R (Closes: #511385)
  * ALSA: HDA patch_via.c: Fix inversion of surround and side channels
    (Closes: #538391)
  * NTP Adjust SHIFT_PLL to improve NTP convergence (Closes: #527968)

 -- dann frazier <dannf op debian.org>  Fri, 31 Jul 2009 00:12:58 -0600

linux-2.6 (2.6.26-17lenny2) stable-security; urgency=high

  * Make sock_sendpage() use kernel_sendpage() (CVE-2009-2692)

 -- dann frazier <dannf op debian.org>  Thu, 13 Aug 2009 15:41:34 -0600

linux-2.6 (2.6.26-17lenny1) stable-security; urgency=high

  * [KVM] x86: check for cr3 validity in ioctl_set_sregs
  * personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895)
  * ecryptfs: Check Tag 11 literal data buffer size (CVE-2009-2406)
  * ecryptfs: check tag 3 package encrypted size (CVE-2009-2407)

 -- dann frazier <dannf op debian.org>  Sat, 25 Jul 2009 15:10:10 -0600

linux-2.6 (2.6.26-17) stable; urgency=high

  * Revert "sata_nv: avoid link reset on controllers where it's broken"
    due to regression. (closes: #533657)

 -- dann frazier <dannf op debian.org>  Fri, 19 Jun 2009 23:03:53 -0600

linux-2.6 (2.6.26-16) stable; urgency=high

  [ maximilian attems ]
  * [openvz] 5dcfcf5 NETLINK: disable netns broadcast filtering.
    (closes: #520551)
  * Fix SQLite performance regression. (closes: #521420)
  * [openvz] 0c295ff cfq link cfq_bc_data without bc io sched.
    (closes: #523364)
  * [openvz] 7e0f90d cfq: revalidate cached async queue.
    (closes: #523359)
  * [openvz] e4cea21 VE: fix idle time accounting.
  * [openvz] 19b8e13 ptrace: ban ptracing of a container init from inside the
    container. (closes: #523360)
  * [openvz] 5b58141 ubc: uncharging too much for TCPSNDBUF.
  * [openvz] 0ff728e ve: show task's vpid and veid even inside a container.

  [ dann frazier ]
  * [s390] Fix __div64_31 for CONFIG_MARCH_G5 (Closes: #511334)
  * SUNRPC: Fix a performance regression in the RPC authentication code
    (Closes: #524199)
  * [x86] fix IBM Summit based systems' phys_cpu_present_map on 32-bit
    kernels (closes: #529312)
  * Fix soft lockups caused by one md resync blocking on another due
    to sharing the same device (closes: #514627)
  * [sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
  * splice: fix deadlock in ocfs2 (CVE-2009-1961)
  * e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
  * r8169: fix crash when large packets are received (CVE-2009-1389)

  [ Martin Michlmayr ]
  * cdc-acm: Add quirk for MTK II GPS, such as Qstarz BT-Q1000X (closes:
  * USB: ftdi_sio: add vendor/product id for the Marvell SheevaPlug.
  * [mipsel/r5k-cobalt] Enable SCSI_SYM53C8XX_2 (closes: #526836).
  * [mips/r4k-ip22] Enable NET_ISA and various ISA network modules on
    the request of Damian Dimmich since they might be useful on the
    SGI Indigo2.

  [ John Wright ]
  * [x86] gettimeofday() vDSO: fix segfault when tv == NULL (Closes: #466491)

  [ Ian Campbell ]
  * [x86/xen] Apply missing syscall detection patch to -xen-amd64 image
    (Closes: #527101)
  * [xen] Add support for CDROM_GET_CAPABILITY to blkfront driver
    (Closes: #529864)

  [ Ben Hutchings ]
  * sata_nv: avoid link reset on controllers where it's broken
    (Closes: #498271)
  * r8169: fix multicast filtering for RTL8101 and RTL8168 (Closes: #514268)
  * asus_acpi: don't load asus-acpi if model is not supported
    (Closes: #524300)
  * iwl4965: avoid sleep in softirq context (Closes: #530884)

 -- dann frazier <dannf op debian.org>  Tue, 09 Jun 2009 09:09:27 -0600

linux-2.6 (2.6.26-15lenny3) stable-security; urgency=high

  [ dann frazier ]
  * Fix selinux panic introduced by the fix for CVE-2009-1184
    (Closes: #528860)
  * nfs4: fix MAY_EXEC handling (CVE-2009-1630)
  * cifs: fix several string conversion issues (CVE-2009-1633)

  [ Ian Campbell ]
  * xen: Fix missing check of interrupted code's code selector

 -- dann frazier <dannf op debian.org>  Thu, 28 May 2009 08:34:15 -0600

mysql-dfsg-5.0 (5.0.51a-24+lenny2) stable-security; urgency=high

    Fix for CVE-2009-2446: Multiple format string vulnerabilities in the
    dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 
    4.0.0 through 5.0.83 allow remote authenticated users to cause a denial
    of service (daemon crash) and possibly have unspecified other impact via
    format string specifiers in a database name in a (1) COM_CREATE_DB or 
    (2) COM_DROP_DB request. Closes: #536726.
    Complete debdiff for 5.0.51a-24+lenny2 generously contributed by
    Christian Hammers <ch op debian.org>.

 -- Sebastien Delafond <seb op debian.org>  Thu, 27 Aug 2009 10:31:25 +0200

newt (0.52.2-11.3+lenny1) stable-security; urgency=high

  * Non-maintainer upload by the security team
  * Include patch to fix buffer overflow in content processing code
    Fixes: CVE-2009-2905

 -- Steffen Joeris <white op debian.org>  Tue, 22 Sep 2009 06:50:23 +0000

perl (5.10.0-19lenny2) stable; urgency=low

  * Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
    should have been libcpanplus-perl. (Closes: #516289)
  * Fix a memory leak with the map operator. (Closes: #528332)

 -- Niko Tyni <ntyni op debian.org>  Thu, 27 Aug 2009 23:12:30 +0300

perl (5.10.0-19lenny1) stable-security; urgency=high

  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
    (Closes: #532736)

 -- Niko Tyni <ntyni op debian.org>  Fri, 12 Jun 2009 23:22:04 +0300

postgresql-8.3 (8.3.8-0lenny1) stable-security; urgency=high

  * New upstream security/bug fix release:
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during

 -- Martin Pitt <mpitt op debian.org>  Fri, 18 Sep 2009 14:52:26 +0200

ruby1.8 ( stable-security; urgency=high

  * added patch: 932_CVE-2009-1904 (closes: #532689)
    It fixes BigDecimal DoS vulnerability (CVE-2009-1904).  (backported from
    1.8.7-p172 and 1.8.7-p174)
  * Add upstream patch to properly check return values of the
    OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)

 -- akira yamada <akira op debian.org>  Fri, 10 Jul 2009 17:17:38 +0900

subversion (1.5.1dfsg1-4) stable-security; urgency=high

  * Fix CVE-2009-2411, heap overflows in svndiff stream parsing.

 -- Peter Samuelson <peter op p12n.org>  Wed, 05 Aug 2009 19:54:23 -0500

subversion (1.5.1dfsg1-3) stable; urgency=low

  * patches/commit-email2: New patch to fix mail header formatting in
    commit-email.pl hook.  (Closes: #508301, #532903)

 -- Peter Samuelson <peter op p12n.org>  Sat, 04 Jul 2009 12:39:13 -0500

tiff (3.8.2-11.2) stable-security; urgency=high

  * Revised patch for CVE-2009-2347, new patch for CVE-2009-2285

 -- Moritz Muehlenhoff <jmm op debian.org>  Mon, 13 Jul 2009 17:12:10 +0000

tiff (3.8.2-11.1) stable-security; urgency=high

  * CVE-2009-2347

 -- Moritz Muehlenhoff <jmm op debian.org>  Sun, 12 Jul 2009 15:58:58 +0000

udev (0.125-7+lenny3) stable; urgency=high

  * Stable update: backported many fixes and rules updates from unstable.
  * Run modprobe scsi_wait_scan in the initramfs before udevadm settle.
  * Support kernel-specific firmware directories. (Closes: #504928)
  * /etc/modprobe.d/blacklist: added hpwdt, it8712f_wdt, iTCO_wdt,
    pc87413_wdt, sbc7240_wdt, sbc_epx_c3, smsc37b787_wdt, w83697hf_wdt.
    (Closes: #504107)
  * Set all devices created in d-i to mode 666. (Closes: #517389)
  * postinst: do not try to start the daemon when run by debootstrap
    --second-stage because start-stop-daemon is not functional.
    (Closes: 520742)
  * postinst: do not use /proc/sys/kernel/hotplug to allow installation
    (disabled) in OpenVZ VEs.
  * postinst: restart rsyslogd too on the first install.
  * Added patch fix-path_id-bashism. (Closes: #530213)
  * Added patch cdrom_id_fix: improve support for some broken fake drives.
  * Added patch bp_rules_generators: backported some fixes related to
    persistent rules.
  * udev.rules: added block/MAJ:MIN and char/MAJ:MIN links.
  * udev.rules: create the rtc link only for rtc_cmos devices.
  * udev.rules, permissions.rules: added uat and ucma group rdma.
  * udev.rules: make sr* the device names and scd* the compatibility links.
  * permissions.rules: added mISDNtimer group dialout. (Closes: #521845)
  * permissions.rules: correctly ignore the removable flag for aacraid
    devices. (Closes: #462655)
  * permissions.rules: added pmu group video.
  * permissions.rules: added mwave, hvc* and hvsi* group dialout.
  * permissions.rules: added cpu[0-9]* mode 444.
  * permissions.rules: added rfkill mode 644.
  * persistent-input.rules: exclude digitizers from the joystick class.
  * persistent-storage.rules: fixed matching of cciss non-partition devices.
    (Closes: #523019)
  * persistent-storage.rules: ignore mtd[0-9]* and mtdblock[0-9]* devices.
  * persistent-storage.rules: ignore btibm* devices.
  * persistent-storage.rules: do not probe optical drivers which do not
    have a media inserted. (Closes: #512442)
  * persistent-storage.rules: run edd_id on cciss devices. (Closes: #524906)
  * persistent-storage-tape.rules: do not add a second -nst suffix.
  * persistent-net-generator.rules: whitelist some MAC addresses which
    violate the local/global scheme.
  * drivers.rules: always use modprobe -b.
  * drivers.rules: added workaround to load the drivers for Sparc VIO
    devices. (Closes: #526621)

 -- Marco d'Itri <md op linux.it>  Tue, 25 Aug 2009 22:04:43 +0200

wget (1.11.4-2+lenny1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2009-3490: Fixed incorrect verification of SSL certificate with NUL in
    name (Closes: #549293)

 -- Giuseppe Iuculano <iuculano op debian.org>  Thu, 08 Oct 2009 14:33:55 +0200

bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low

  [Internet Software Consortium, Inc]

  * A specially crafted update packet will cause named to exit. 
    CVE-2009-0696, CERT VU#725188.  Closes: #538975

 -- LaMont Jones <lamont op debian.org>  Tue, 28 Jul 2009 22:48:28 -0600

bind9 (1:9.5.1.dfsg.P2-1+lenny1) stable; urgency=medium

  * Non-maintainer upload with permission from maintainer
  * Upload "DNSSEC lookaside validation failed to handle unknown
    algorithms. [RT #19479]" fix to stable

 -- Florian Weimer <fw op deneb.enyo.de>  Wed, 29 Apr 2009 13:33:34 +0200

bind9 (1:9.5.1.dfsg.P2-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.5.1-P2
    - DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479]

  [LaMont Jones]

  * meta: fix override disparity

  [Sven Joachim]

  * meta: pass host and build into configure for hybrid build machines. 
    Closes: #515110

 -- LaMont Jones <lamont op debian.org>  Fri, 20 Mar 2009 19:08:03 -0600

bind9 (1:9.5.1.dfsg.P1-3) unstable; urgency=low

  * package -2 for unstable

 -- LaMont Jones <lamont op debian.org>  Wed, 18 Mar 2009 09:40:18 -0600

base-files (5lenny4) stable; urgency=low

  * Bump version in /etc/debian_version to "5.0.3".

 -- Santiago Vila <sanvila op debian.org>  Sun, 30 Aug 2009 22:00:54 +0200

base-files (5lenny3) stable; urgency=low

  * Bump the version in debian_version to "5.0.2".

 -- Santiago Vila <sanvila op debian.org>  Fri, 12 Jun 2009 11:31:32 +0200

glib2.0 (2.16.6-2) stable; urgency=low

  * 10_gfile_set_error.patch: new patch. Fix crashes in gvfs caused by 
    wrong passing of a GError. Closes: #517752.

 -- Josselin Mouette <joss op debian.org>  Sun, 10 May 2009 08:54:35 +0200

gnupg (1.4.9-3+lenny1) stable; urgency=low

  * debian/patches/101_172115_fix_keyring_memory_leak.dpatch: Added.
    - g10/keyring.c (keyring_get_keyblock): Fix a memory leak due to
      ring_trust packets, which slowed down import of large keyrings
      leading to potential DoS (#172115, #345911).
  * debian/patches/101_321871_unset_noecho_on_sigint.dpatch: Added.
    - g10/signal.c (got_fatal_signal), util/ttyio.c (tty_cleanup_after_signal),
      include/ttyio.h: Cleanup terminal attributes on interrupt (#321871).

 -- Daniel Leidert (dale) <daniel.leidert op wgdd.de>  Fri, 29 May 2009 20:55:08 +0200

libxcb (1.1-1.2) stable; urgency=low

  * Non-maintainer upload to fix important performance issues
    (closes: #487635).
  * Fix some fd leaks in _xcb_open_*()
  * Increase libxcb buffer size to 16k from 4k
  * Disable Nagle on TCP socket

 -- Julien Cristau <jcristau op debian.org>  Wed, 27 May 2009 20:06:47 +0200

mdadm ( stable-proposed-updates; urgency=low

  * Change my previous recommendation for postfix over to Debian's default
    MTA, exim4 (see #522300 and #508644).
  * Cherry-pick bug script enhancements from sid version:
    - Enhance bugscript, which now asks to run as root (sudo/su) if invoked by
      a normal user.
    - Include MD5 sums of md-related files in initrd in bug reports.
    - Add grub2 information retrieval to bugscript.
    - Trap SIGINT and thus prevent ctrl-c from terminating the bugscript
    - Add information about udev and device links in /dev to bugscript output.

 -- martin f. krafft <madduck op debian.org>  Tue, 05 May 2009 08:45:22 +0200

mdadm ( stable-proposed-updates; urgency=low

  * Fix start/stop runlevels in header of mdadm monitor init.d script
    (closes: #514923)
  * Do not set -eu in the bugscript to maximise information output in the case
    of errors.
  * Make initramfs script depend on multipath to ensure its script is run
    before ours (closes: #516605).
  * Provide an alternative (postfix) for mail-transport-agent (closes:
    #522300). I chose postfix because that's the only one I could recommend,
    and since the alternative does not affect people who already have an MTA
    installed, or have a preference, it won't affect them.
  * Honour debconf pre-selection of mdadm/initrdstart (closes: #516802).
  * Make checkarray skip over arrays still marked auto-read-only
    (closes: #510641).
  * No longer pass -k to modprobe, which has been deprecated for a long time;
    thanks to Jan Hudec (closes: #519999).
  * Remove Mario Joußen from the uploaders list, since his email started

 -- martin f. krafft <madduck op debian.org>  Sun, 03 May 2009 19:35:03 +0200

openssl (0.9.8g-15+lenny5) stable-security; urgency=low

  * Don't check self signed certificate signatures in X509_verify_cert()
    (Closes: #541735)

 -- Kurt Roeckx <kurt op roeckx.be>  Fri, 11 Sep 2009 17:00:05 +0200

openssl (0.9.8g-15+lenny4) stable-security; urgency=low

  * Remove MD2 from digest algorithm table.  (CVE-2009-2409) (Closes: #539899)

 -- Kurt Roeckx <kurt op roeckx.be>  Tue, 11 Aug 2009 22:48:02 +0200

openssl (0.9.8g-15+lenny3) stable-security; urgency=low

  * Fix DoS via a DTLS ChangeCipherSpec packet that occurs before ClientHello
  * Fix DoS via an out-of-sequence DTLS handshake message (CVE-2009-1387)

 -- Kurt Roeckx <kurt op roeckx.be>  Mon, 08 Jun 2009 19:40:22 +0200

openssl (0.9.8g-15+lenny2) stable-security; urgency=low

  * Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
  * Fix "DTLS fragment handling" (CVE-2009-1378)
  * Fix "DTLS use after free" (CVE-2009-1379)

 -- Kurt Roeckx <kurt op roeckx.be>  Mon, 01 Jun 2009 14:56:56 +0200

pango1.0 (1.20.5-5) stable; urgency=low

  * Merge changes from the 1.20.5-3+lenny1 security upload by Steffen 
    + 22_CVE-2009-1194.patch: Fix integer overflow via long glyphstrings 
      (Closes: #527474)
      Fixes: CVE-2009-1194

 -- Josselin Mouette <joss op debian.org>  Thu, 14 May 2009 09:33:18 +0200

pango1.0 (1.20.5-4) stable; urgency=low

  * 21_harfbuzz_gpos.patch: backport patch from upstream to fix GPOS 
    errors with some fonts. Closes: #484995.

 -- Josselin Mouette <joss op debian.org>  Fri, 10 Apr 2009 09:43:37 +0200

python-support (0.8.4lenny1) stable; urgency=low

  * update-python-modules (create_dotpath):
    + Completely ignore lines starting with "import", as they would be 
      executed by python upon startup.

 -- Josselin Mouette <joss op debian.org>  Wed, 26 Aug 2009 15:23:24 +0200

spamassassin (3.2.5-2+lenny1) stable; urgency=low

  * Remove open-whois.org as it is cybersquatted (Closes: #537477)
  * Fix numerous perl pod errors that caused warnings to be embedded
    in several manpages.
  * Fix man page formatting so as not to break whatis.
  * Update debian/control to list the right Maintainer value.

 -- Noah Meyerhans <noahm op debian.org>  Wed, 26 Aug 2009 15:45:35 -0400

tzdata (2009l-0lenny1) stable; urgency=low

  * New upstream release.
    - Updates Cairo DST for Ramadan.  closes: #543139.
  * Remove Katmandu from all debconf templates.

 -- Clint Adams <schizo op debian.org>  Sat, 22 Aug 2009 17:59:50 -0400

tzdata (2009g-0lenny1) stable; urgency=low

  * New upstream release:
    - Remove argentina-no-dst.diff (merged upstream).
    - Backport translations of "Kathmandu" and "Argentina/Salta" from

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 21 May 2009 18:41:45 +0200

xorg (1:7.3+20) stable; urgency=low

  * Non-maintainer upload, supervised by Julien Cristau.
  * xserver-xorg.postinst: fix for the previous patch. Closes: #535624

 -- Maximiliano Curia <maxy op debian.org>  Wed, 22 Jul 2009 16:26:29 -0300

xorg (1:7.3+19) stable; urgency=low

  * xserver-xorg.postinst: default to the fbdev driver on sparc, even when we
    find PCI devices, to work around #488669.

 -- Julien Cristau <jcristau op debian.org>  Mon, 08 Jun 2009 11:53:46 +0200

More information about the ddh-sys mailing list