[ddh-sys] apt-listchanges: changelogs for less
root
root op ddh.nl
Zo Sep 11 03:25:59 CEST 2011
apache2 (2.2.9-10+lenny11) lenny-security; urgency=high
* Fix regressions related to range requests introduced by 2.2.9-10+lenny10.
Closes: #639825
-- Stefan Fritsch <sf op debian.org> Sun, 04 Sep 2011 22:09:38 +0200
apache2 (2.2.9-10+lenny10) lenny-security; urgency=high
* Fix CVE-2011-3192: DoS by high memory usage for a large number of
overlapping ranges.
* Fix CVE-2010-1452: Crash in mod_dav.
-- Stefan Fritsch <sf op debian.org> Mon, 29 Aug 2011 21:18:06 +0200
apr (1.2.12-5+lenny4) oldstable-security; urgency=low
* Fix regression introduced by fix for CVE-2011-0419:
apr_fnmatch may consume 100% CPU. CVE-2011-1928
Closes: #627182
-- Stefan Fritsch <sf op debian.org> Thu, 19 May 2011 07:51:18 +0200
apr (1.2.12-5+lenny3) oldstable-security; urgency=high
* Fix DoS in apr_fnmatch (CVE-2011-0419) which can be exploited via
Apache HTTPD's mod_autoindex.
-- Stefan Fritsch <sf op debian.org> Fri, 14 May 2011 09:46:15 +0200
bind9 (1:9.6.ESV.R4+dfsg-0+lenny3) lenny-security; urgency=high
* Apply patch from ISC BIND 9.6-ESV-R4-P3 to address CVE-2011-2464.
-- Florian Weimer <fw op deneb.enyo.de> Tue, 05 Jul 2011 18:22:53 +0200
bind9 (1:9.6.ESV.R4+dfsg-0+lenny2) lenny-security; urgency=high
* Apply patches from 9.6-ESV-R4-P1 to address crasher in negative
caching (CVE-2011-1910) and resolution failures in DLV mode.
-- Florian Weimer <fw op deneb.enyo.de> Fri, 27 May 2011 19:08:44 +0200
bind9 (1:9.6.ESV.R4+dfsg-0+lenny1) oldstable-security; urgency=low
* New upstream version. Prepare for a signed COM TLD, as per:
<http://www.isc.org/announcement/operational-advisory-bind-96-esv-r3-and-previous>
-- Florian Weimer <fw op deneb.enyo.de> Tue, 29 Mar 2011 21:59:05 +0200
cups (1.3.8-1+lenny9) oldstable-security; urgency=high
* Non-maintainer upload by Security Team
* Fix plenty of security issues
-- Moritz Muehlenhoff <jmm op debian.org> Sun, 21 Jan 2011 20:40:59 +0200
dhcp3 (3.1.1-6+lenny6) lenny-security; urgency=high
* Apply patch from ISC to fix CVE-2011-2748 and CVE-2011-2749.
-- Florian Weimer <fw op deneb.enyo.de> Tue, 09 Aug 2011 20:12:37 +0200
dhcp3 (3.1.1-6+lenny5) oldstable-security; urgency=high
* Fix cve-2011-0997: remote code execution vulnerability in dhclient.
-- Michael Gilbert <michael.s.gilbert op gmail.com> Sat, 09 Apr 2011 20:14:25 +0000
freetype (2.3.7-2+lenny6) oldstable-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2011-0226: Vulnerability in parsing Type 1 fonts
-- Kan-Ru Chen <koster op debian.org> Thu, 04 Aug 2011 00:00:24 +0800
libxfont (1:1.3.3-2) lenny-security; urgency=high
* Fix LZW decompression heap corruption (CVE-2011-2895).
-- Julien Cristau <jcristau op debian.org> Thu, 11 Aug 2011 15:46:54 +0200
linux-2.6 (2.6.26-26lenny3) oldstable-security; urgency=high
[ dann frazier ]
* net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
(CVE-2011-0711)
* [s390] remove task_show_regs (CVE-2011-0710)
* fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
* ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
* Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
* Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
* bridge: netfilter: fix information leak (CVE-2011-1080)
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
(CVE-2011-1090)
* dccp: fix oops on Reset after close (CVE-2011-1093)
* Fix corrupted OSF partition table parsing (CVE-2011-1163)
* netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
* netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
* ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
* econet: 4 byte infoleak to the network (CVE-2011-1173)
* irda: validate peer name and attribute lengths (CVE-2011-1180)
* RDMA/cma: Fix crash in request handlers (CVE-2011-0695)
* IB/cm: Bump reference count on cm_id before invoking callback
(CVE-2011-0695)
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
(CVE-2011-1182)
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo (CVE-2011-1182)
* proc: protect mm start_code/end_code in /proc/pid/stat (CVE-2011-0726)
* cifs: Fix cache stuffing issue in the dns_resolver keyring (CVE-2010-2524)
* serial: Fix information leak in TIOCGICOUNT ioctl (CVE-2010-4075)
* net: ax25: improve information leak to userland fix, a further fix
for CVE-2010-3875
* char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
* ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
* next_pidmap: fix overflow condition (CVE-2011-1593)
* can: Add missing socket check in can/bcm release (CVE-2011-1598)
* agp: fix arbitrary kernel memory writes (CVE-2011-1745, CVE-2011-2022)
* agp: fix OOM and buffer overflow (CVE-2011-1746)
* can: Add missing socket check in can/raw release (CVE-2011-1748)
* [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
* gre: fix netns vs proto registration ordering (CVE-2011-1767)
* Validate size of EFI GUID partition entries (CVE-2011-1776)
* fs/partitions/ldm.c: fix oops caused by corrupted partition table
(CVE-2011-1017)
* Improve fix for buffer overflow in ldm_frag_add (CVE-2011-2182)
* efi: corrupted GUID partition tables can cause kernel oops (CVE-2011-1577)
* tunnels: fix netns vs proto registration ordering
[ Ben Hutchings ]
* [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)
-- dann frazier <dannf op debian.org> Sat, 11 Jun 2011 08:25:25 -0600
php5 (5.2.6.dfsg.1-1+lenny13) oldstable-security; urgency=low
* Remove stray php_printf from CVE-2010-2531 (Closes: #632194)
-- Ondřej Surý <ondrej op debian.org> Fri, 01 Jul 2011 09:49:45 +0200
php5 (5.2.6.dfsg.1-1+lenny12) oldstable-security; urgency=low
* Fix CVE-2011-2202: file path injection vulnerability in RFC1867 file
upload filename
-- Ondřej Surý <ondrej op debian.org> Wed, 15 Jun 2011 11:18:49 +0200
php5 (5.2.6.dfsg.1-1+lenny11) oldstable-security; urgency=low
* Fix CVE-2011-0421: _zip_name_locate function in zip_name_locate.c
* Fix CVE-2011-1466: integer overflow in the SdnToJulian
* Fix CVE-2011-0708: incorrect cast on 64-bit platforms in exif.c
* Fix CVE-2011-1471: integer signedness error in zip_stream.c
* Fix CVE-2010-2531: var_export() causes a fatal error that could
inadvertently display data due to flushing of the output buffer.
-- Ondřej Surý <ondrej op debian.org> Wed, 15 Jun 2011 11:18:49 +0200
php5 (5.2.6.dfsg.1-1+lenny10) lenny-security; urgency=high
[ Ondřej Surý ]
* Include upstream's fix for CVE-2010-1128: Weak seed for the
Linear Congruential Generator (LCG)
* Fix CVE-2010-3709: NULL pointer dereference in
ZipArchive::getArchiveComment
* Fix CVE-2010-3710: stack consumption when using the
FILTER_VALIDATE_EMAIL filter
* Fix CVE-2010-3870: incorrect handling of ill-formed subsequences in
UTF-8 data
* Fix CVE-2010-4150: Double free in imap_do_open
* Fix a NULL pointer dereference in the zip extract method
[ Raphael Geissert ]
* Include a test for CVE-2010-4645
* Fix CVE-2011-0441: arbitrary files removal via cronjob (Closes #618489)
-- Raphael Geissert <geissert op debian.org> Fri, 18 Mar 2011 18:34:11 -0600
phpmyadmin (4:2.11.8.1-5+lenny9) oldstable-security; urgency=high
* Upload to oldstable to fix security issues.
* CVE-2011-2642: XSS in table Print view.
-- Thijs Kinkhorst <thijs op debian.org> Tue, 26 Jul 2011 20:35:42 +0200
proftpd-dfsg (1.3.1-17lenny6) oldstable-security; urgency=high
* Rebuild for Lenny being oldstable
-- Moritz <jmm op pisco> Sun, 13 Mar 2011 21:00:49 +0000
proftpd-dfsg (1.3.1-17lenny5) stable-security; urgency=low
* Security fixes:
- added 3519.dpatch to fix CVE-2010-3867, backported from 1.3.3+.
- added 3131+3521.dpatch to fix CVE-2008-7265, backported from 1.3.2,
with an additional fix to solve CVE-2010-4221 which was a side
effect of the previous fix.
- added 3536.dpatch to fix a mod_sql's sql_prepare_where() function
which has an unbounded copy operation. This is also connected to
CVE-2009-0542.
-- Francesco Paolo Lovergine <frankie op debian.org> Thu, 13 Jan 2011 11:10:42 +0100
subversion (1.5.1dfsg1-7) oldstable-security; urgency=high
[ Michael Diers ]
* patches/cve-2011-1752: New patch for CVE-2011-1752, fixing a remotely
triggered crash in mod_dav_svn, delivering baselined WebDAV resources.
* patches/cve-2011-1783: New patch for CVE-2011-1783 and CVE-2011-1921,
fixing remotely triggered memory exhaustion and a content leak of
files that are meant to be unreadable.
-- Peter Samuelson <peter op p12n.org> Tue, 31 May 2011 11:00:32 -0500
subversion (1.5.1dfsg1-6) oldstable-security; urgency=high
* patches/cve-2011-0715: New patch for CVE-2011-0715, fixing a remotely
triggered crash in mod_dav_svn involving lock tokens.
-- Peter Samuelson <peter op p12n.org> Tue, 01 Mar 2011 10:26:16 -0600
tiff (3.8.2-11.5) oldstable-security; urgency=high
* Redo CVE-2011-0192 to fix a regression.
-- Jay Berkenbilt <qjb op debian.org> Fri, 24 Jun 2011 08:10:22 -0400
tiff (3.8.2-11.4) oldstable-security; urgency=high
* CVE-2011-0191
* CVE-2011-0192: Buffer overflow in Fax4Decode
* CVE-2011-1167: Buffer overflow with thunder encoded files
-- Jay Berkenbilt <qjb op debian.org> Sat, 02 Apr 2011 12:13:25 -0400
libpng (1.2.27-2+lenny5) oldstable-security; urgency=low
* Apply upstream patch to 1-byte uninitialized memory reference in
png_format_buffer(). (Closes: #632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
(Closes: #633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
NULL Pointer. (Closes: #633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
(Closes: #633871, CVE-2011-2692)
-- Nobuhiro Iwamatsu <iwamatsu op debian.org> Sat, 16 Jul 2011 05:13:23 +0900
libxml2 (2.6.32.dfsg-5+lenny4) oldstable-security; urgency=low
* xpath.c: Fix some potential problems on reallocation failures.
Closes: #628537.
-- Mike Hommey <glandium op debian.org> Sat, 04 Jun 2011 10:41:00 +0900
perl (5.10.0-19lenny5) oldstable-security; urgency=low
* [SECURITY] CVE-2010-1447: further Safe.pm fixes for breaking out
of safe compartment using subroutine references (Closes: #631529)
-- Dominic Hargreaves <dom op earth.li> Sun, 26 Jun 2011 16:08:47 +0100
perl (5.10.0-19lenny4) oldstable-security; urgency=low
* [SECURITY] CVE-2011-1487: taint laundering in lc, uc, et al.
(Closes: #622817)
-- Niko Tyni <ntyni op debian.org> Sat, 16 Apr 2011 09:05:09 +0300
Meer informatie over de ddh-sys
maillijst