[ddh-sys] apt-listchanges: changelogs for less

root root op ddh.nl
Wo Apr 14 12:23:02 CEST 2010 

krb5 (1.6.dfsg.4~beta1-5lenny3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-0629: unauthenticated remote KDC service crash.
    (Closes: #567052)

 -- Giuseppe Iuculano <iuculano op debian.org>  Fri, 09 Apr 2010 18:48:35 +0200

libpng (1.2.27-2+lenny3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
    width values that are not divisible by 8, which causes libpng to include
    uninitialized bits in certain rows of a PNG file and might allow remote
    attackers to read portions of sensitive memory via "out-of-bounds pixels"
    in the file (Closes: 533676)
  * Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
    data that has a disproportionately large uncompressed representation, which
    allows remote attackers to cause a denial of service (memory and CPU
    consumption, and  application hang) via a crafted PNG file (Closes: #572308)

 -- Giuseppe Iuculano <iuculano op debian.org>  Sun, 11 Apr 2010 11:40:33 +0200

linux-2.6 (2.6.26-21lenny4) stable-security; urgency=high

  [ dann frazier ]
  * futex: Handle user space corruption gracefully (CVE-2010-0622)
  * mmap: cleanup compiler warnings from CVE-2010-0291 fixes
  * x86: set_personality_ia32() misses force_personality32, an additional
    fix for CVE-2010-0307
  * Replace fix for CVE-2009-2691 w/ upstreamed version (Closes: #570554)
  * uvesafb/connector: prevent unprivileged users from sending netlink packets
    (CVE-2009-3725)
  
  [ Ben Hutchings ]
  * [xen][i386] Fix kernel logging via userspace (Closes: #568561)
    (regression due to fix for #510478)

 -- dann frazier <dannf op debian.org>  Tue, 09 Mar 2010 09:34:37 -0700

pango1.0 (1.20.5-5+lenny1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-0421: improper input sanitization, leading to array indexing
    error, in the way Pango font rendering library synthesized Glyph Definition
    Table (GDEF) from the font's character map and the Unicode property
    database. (Closes: #574021)

 -- Giuseppe Iuculano <iuculano op debian.org>  Thu, 18 Mar 2010 15:18:06 +0100

php5 (5.2.6.dfsg.1-1+lenny8) stable-security; urgency=high

  * Fix CVE-2010-0397: null pointer dereference when processing invalid
    XML-RPC requests (Closes: #573573)

 -- Raphael Geissert <geissert op debian.org>  Sun, 14 Mar 2010 01:05:03 -0600

More information about the ddh-sys mailing list