[ddh-sys] apt-listchanges: changelogs for less

root root op ddh.nl
Zo Sep 11 03:25:59 CEST 2011

apache2 (2.2.9-10+lenny11) lenny-security; urgency=high

  * Fix regressions related to range requests introduced by 2.2.9-10+lenny10.
    Closes: #639825

 -- Stefan Fritsch <sf op debian.org>  Sun, 04 Sep 2011 22:09:38 +0200

apache2 (2.2.9-10+lenny10) lenny-security; urgency=high

  * Fix CVE-2011-3192: DoS by high memory usage for a large number of
    overlapping ranges.
  * Fix CVE-2010-1452: Crash in mod_dav.

 -- Stefan Fritsch <sf op debian.org>  Mon, 29 Aug 2011 21:18:06 +0200

apr (1.2.12-5+lenny4) oldstable-security; urgency=low

  * Fix regression introduced by fix for CVE-2011-0419:
    apr_fnmatch may consume 100% CPU. CVE-2011-1928
    Closes: #627182

 -- Stefan Fritsch <sf op debian.org>  Thu, 19 May 2011 07:51:18 +0200

apr (1.2.12-5+lenny3) oldstable-security; urgency=high

  * Fix DoS in apr_fnmatch (CVE-2011-0419) which can be exploited via
    Apache HTTPD's mod_autoindex.

 -- Stefan Fritsch <sf op debian.org>  Fri, 14 May 2011 09:46:15 +0200

bind9 (1:9.6.ESV.R4+dfsg-0+lenny3) lenny-security; urgency=high

  * Apply patch from ISC BIND 9.6-ESV-R4-P3 to address CVE-2011-2464.

 -- Florian Weimer <fw op deneb.enyo.de>  Tue, 05 Jul 2011 18:22:53 +0200

bind9 (1:9.6.ESV.R4+dfsg-0+lenny2) lenny-security; urgency=high

  * Apply patches from 9.6-ESV-R4-P1 to address crasher in negative
    caching (CVE-2011-1910) and resolution failures in DLV mode.

 -- Florian Weimer <fw op deneb.enyo.de>  Fri, 27 May 2011 19:08:44 +0200

bind9 (1:9.6.ESV.R4+dfsg-0+lenny1) oldstable-security; urgency=low

  * New upstream version.  Prepare for a signed COM TLD, as per:

 -- Florian Weimer <fw op deneb.enyo.de>  Tue, 29 Mar 2011 21:59:05 +0200

cups (1.3.8-1+lenny9) oldstable-security; urgency=high

  * Non-maintainer upload by Security Team
  * Fix plenty of security issues

 -- Moritz Muehlenhoff <jmm op debian.org>  Sun, 21 Jan 2011 20:40:59 +0200

dhcp3 (3.1.1-6+lenny6) lenny-security; urgency=high

  * Apply patch from ISC to fix CVE-2011-2748 and CVE-2011-2749.

 -- Florian Weimer <fw op deneb.enyo.de>  Tue, 09 Aug 2011 20:12:37 +0200

dhcp3 (3.1.1-6+lenny5) oldstable-security; urgency=high

  * Fix cve-2011-0997: remote code execution vulnerability in dhclient.

 -- Michael Gilbert <michael.s.gilbert op gmail.com>  Sat, 09 Apr 2011 20:14:25 +0000

freetype (2.3.7-2+lenny6) oldstable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2011-0226: Vulnerability in parsing Type 1 fonts

 -- Kan-Ru Chen <koster op debian.org>  Thu, 04 Aug 2011 00:00:24 +0800

libxfont (1:1.3.3-2) lenny-security; urgency=high

  * Fix LZW decompression heap corruption (CVE-2011-2895).

 -- Julien Cristau <jcristau op debian.org>  Thu, 11 Aug 2011 15:46:54 +0200

linux-2.6 (2.6.26-26lenny3) oldstable-security; urgency=high

  [ dann frazier ]
  * net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
  * [s390] remove task_show_regs (CVE-2011-0710)
  * fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
  * ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
  * Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
  * Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
  * bridge: netfilter: fix information leak (CVE-2011-1080)
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
  * dccp: fix oops on Reset after close (CVE-2011-1093)
  * Fix corrupted OSF partition table parsing (CVE-2011-1163)
  * netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
  * netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
  * econet: 4 byte infoleak to the network (CVE-2011-1173)
  * irda: validate peer name and attribute lengths (CVE-2011-1180)
  * RDMA/cma: Fix crash in request handlers (CVE-2011-0695)
  * IB/cm: Bump reference count on cm_id before invoking callback
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo (CVE-2011-1182)
  * proc: protect mm start_code/end_code in /proc/pid/stat (CVE-2011-0726)
  * cifs: Fix cache stuffing issue in the dns_resolver keyring (CVE-2010-2524)
  * serial: Fix information leak in TIOCGICOUNT ioctl (CVE-2010-4075)
  * net: ax25: improve information leak to userland fix, a further fix
    for CVE-2010-3875
  * char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
  * ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
  * next_pidmap: fix overflow condition (CVE-2011-1593)
  * can: Add missing socket check in can/bcm release (CVE-2011-1598)
  * agp: fix arbitrary kernel memory writes (CVE-2011-1745, CVE-2011-2022)
  * agp: fix OOM and buffer overflow (CVE-2011-1746)
  * can: Add missing socket check in can/raw release (CVE-2011-1748)
  * [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
  * gre: fix netns vs proto registration ordering (CVE-2011-1767)
  * Validate size of EFI GUID partition entries (CVE-2011-1776)
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table
  * Improve fix for buffer overflow in ldm_frag_add (CVE-2011-2182)
  * efi: corrupted GUID partition tables can cause kernel oops (CVE-2011-1577)
  * tunnels: fix netns vs proto registration ordering

  [ Ben Hutchings ]
  * [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)

 -- dann frazier <dannf op debian.org>  Sat, 11 Jun 2011 08:25:25 -0600

php5 (5.2.6.dfsg.1-1+lenny13) oldstable-security; urgency=low

  * Remove stray php_printf from CVE-2010-2531 (Closes: #632194)

 -- Ondřej Surý <ondrej op debian.org>  Fri, 01 Jul 2011 09:49:45 +0200

php5 (5.2.6.dfsg.1-1+lenny12) oldstable-security; urgency=low

  * Fix CVE-2011-2202: file path injection vulnerability in RFC1867 file
    upload filename

 -- Ondřej Surý <ondrej op debian.org>  Wed, 15 Jun 2011 11:18:49 +0200

php5 (5.2.6.dfsg.1-1+lenny11) oldstable-security; urgency=low

  * Fix CVE-2011-0421: _zip_name_locate function in zip_name_locate.c
  * Fix CVE-2011-1466: integer overflow in the SdnToJulian
  * Fix CVE-2011-0708: incorrect cast on 64-bit platforms in exif.c
  * Fix CVE-2011-1471: integer signedness error in zip_stream.c
  * Fix CVE-2010-2531: var_export() causes a fatal error that could
    inadvertently display data due to flushing of the output buffer.

 -- Ondřej Surý <ondrej op debian.org>  Wed, 15 Jun 2011 11:18:49 +0200

php5 (5.2.6.dfsg.1-1+lenny10) lenny-security; urgency=high

  [ Ondřej Surý ]
  * Include upstream's fix for CVE-2010-1128: Weak seed for the
    Linear Congruential Generator (LCG)
  * Fix CVE-2010-3709: NULL pointer dereference in
  * Fix CVE-2010-3710: stack consumption when using the
  * Fix CVE-2010-3870: incorrect handling of ill-formed subsequences in
    UTF-8 data
  * Fix CVE-2010-4150: Double free in imap_do_open
  * Fix a NULL pointer dereference in the zip extract method

  [ Raphael Geissert ]
  * Include a test for CVE-2010-4645
  * Fix CVE-2011-0441: arbitrary files removal via cronjob (Closes #618489)

 -- Raphael Geissert <geissert op debian.org>  Fri, 18 Mar 2011 18:34:11 -0600

phpmyadmin (4: oldstable-security; urgency=high

  * Upload to oldstable to fix security issues.
  * CVE-2011-2642: XSS in table Print view.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 26 Jul 2011 20:35:42 +0200

proftpd-dfsg (1.3.1-17lenny6) oldstable-security; urgency=high

  * Rebuild for Lenny being oldstable 

 -- Moritz <jmm op pisco>  Sun, 13 Mar 2011 21:00:49 +0000

proftpd-dfsg (1.3.1-17lenny5) stable-security; urgency=low

  * Security fixes: 
        - added 3519.dpatch to fix CVE-2010-3867, backported from 1.3.3+.
        - added 3131+3521.dpatch to fix CVE-2008-7265, backported from 1.3.2,
          with an additional fix to solve CVE-2010-4221 which was a side
          effect of the previous fix.
        - added 3536.dpatch to fix a mod_sql's sql_prepare_where() function
          which has an unbounded copy operation. This is also connected to

 -- Francesco Paolo Lovergine <frankie op debian.org>  Thu, 13 Jan 2011 11:10:42 +0100

subversion (1.5.1dfsg1-7) oldstable-security; urgency=high

  [ Michael Diers ]
  * patches/cve-2011-1752: New patch for CVE-2011-1752, fixing a remotely
    triggered crash in mod_dav_svn, delivering baselined WebDAV resources.
  * patches/cve-2011-1783: New patch for CVE-2011-1783 and CVE-2011-1921,
    fixing remotely triggered memory exhaustion and a content leak of
    files that are meant to be unreadable.

 -- Peter Samuelson <peter op p12n.org>  Tue, 31 May 2011 11:00:32 -0500

subversion (1.5.1dfsg1-6) oldstable-security; urgency=high

  * patches/cve-2011-0715: New patch for CVE-2011-0715, fixing a remotely
    triggered crash in mod_dav_svn involving lock tokens.

 -- Peter Samuelson <peter op p12n.org>  Tue, 01 Mar 2011 10:26:16 -0600

tiff (3.8.2-11.5) oldstable-security; urgency=high

  * Redo CVE-2011-0192 to fix a regression.

 -- Jay Berkenbilt <qjb op debian.org>  Fri, 24 Jun 2011 08:10:22 -0400

tiff (3.8.2-11.4) oldstable-security; urgency=high

  * CVE-2011-0191
  * CVE-2011-0192: Buffer overflow in Fax4Decode
  * CVE-2011-1167: Buffer overflow with thunder encoded files

 -- Jay Berkenbilt <qjb op debian.org>  Sat, 02 Apr 2011 12:13:25 -0400

libpng (1.2.27-2+lenny5) oldstable-security; urgency=low

  * Apply upstream patch to 1-byte uninitialized memory reference in
    png_format_buffer(). (Closes: #632786, CVE-2011-2501)
  * Apply upstream patch to buffer overwrite in png_rgb_to_gray.
    (Closes: #633871, CVE-2011-2690)
  * Apply upstream patch to crash in png_default_error due to use of
    NULL Pointer. (Closes: #633871, CVE-2011-2691)
  * Apply upstream patch to memory corruption when handling empty sCAL chunks.
    (Closes: #633871, CVE-2011-2692)

 -- Nobuhiro Iwamatsu <iwamatsu op debian.org>  Sat, 16 Jul 2011 05:13:23 +0900

libxml2 (2.6.32.dfsg-5+lenny4) oldstable-security; urgency=low

  * xpath.c: Fix some potential problems on reallocation failures.
    Closes: #628537.

 -- Mike Hommey <glandium op debian.org>  Sat, 04 Jun 2011 10:41:00 +0900

perl (5.10.0-19lenny5) oldstable-security; urgency=low

  * [SECURITY] CVE-2010-1447: further Safe.pm fixes for breaking out
    of safe compartment using subroutine references (Closes: #631529)

 -- Dominic Hargreaves <dom op earth.li>  Sun, 26 Jun 2011 16:08:47 +0100

perl (5.10.0-19lenny4) oldstable-security; urgency=low

  * [SECURITY] CVE-2011-1487: taint laundering in lc, uc, et al.
    (Closes: #622817)

 -- Niko Tyni <ntyni op debian.org>  Sat, 16 Apr 2011 09:05:09 +0300

Meer informatie over de ddh-sys maillijst