Back to ia32-libs PTS page

Accepted ia32-libs 20120926 (source amd64)

To: debian-changes@lists.debian.org
Subject: Accepted ia32-libs 20120926 (source amd64)
From: Thijs Kinkhorst <thijs@debian.org>
Date: Wed, 26 Sep 2012 12:17:06 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1TGqY6-0008NL-7a@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 26 Sep 2012 11:30:57 +0200
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev
Architecture: source amd64
Version: 20120926
Distribution: stable
Urgency: low
Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 ia32-libs  - ia32 shared libraries for use on amd64 and ia64 systems
 ia32-libs-dev - ia32 development files for use on amd64 and ia64 systems
Changes: 
 ia32-libs (20120926) stable; urgency=low
 .
   * Packages updated
 .
   [ curl (7.21.0-2.1+squeeze2) stable-security; urgency=low ]
 .
   * Non-maintainer upload
   * Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (#658276)
 .
   [ curl (7.21.0-2.1+squeeze1) stable-security; urgency=high ]
 .
   * Non-maintainer upload
   * Fix URL sanitization vulnerability as per CVE-2012-0036
     http://curl.haxx.se/docs/adv_20120124.html
   * Fix SSL CBC IV vulnerability as per CVE-2011-3389
     http://curl.haxx.se/docs/adv_20120124B.html
   * Set urgency=high accordingly
 .
   [ expat (2.0.1-7+squeeze1) stable-security; urgency=low ]
 .
   * CVE-2012-0876 CVE-2012-1148
 .
   [ freetype (2.4.2-2.1+squeeze4) stable-security; urgency=low ]
 .
   * CVE-2012-11[33|34|36|42|44]
 .
   [ gnutls26 (2.8.6-1+squeeze2) stable-security; urgency=high ]
 .
   * Apply patch to fix crashes in record parsing (CVE-2012-1573)
 .
   [ gnutls26 (2.8.6-1+squeeze1) stable; urgency=low ]
 .
   * Pull fixes for buffer overflow in gnutls_session_get_data() from upstream
     git. (CVE-2011-4128: GNUTLS-SA-2011-2) #648441
     20_CVE-2011-4128.part1.diff 20_CVE-2011-4128.part2.diff
 .
   [ krb5 (1.8.3+dfsg-4squeeze6) stable-security; urgency=high ]
 .
   * MITKRB5-SA-2012-001 CVE-2012-1015: KDC frees uninitialized pointer
 .
   [ krb5 (1.8.3+dfsg-4squeeze5) squeeze-security; urgency=high ]
 .
   *     CVE-2011-1529: null pointer dereference in KDC LDAP back end,
     #629558
   *     CVE-2011-1528: assertion failure in multiple KDC back ends
     regarding account lockout
 .
   [ libpng (1.2.44-1+squeeze4) stable-security; urgency=low ]
 .
   * CVE-2011-3048
 .
   [ libpng (1.2.44-1+squeeze3) stable-security; urgency=high ]
 .
   * CVE-2011-3045
 .
   [ libpng (1.2.44-1+squeeze2) stable-security; urgency=high ]
 .
   * Fix integer overflow (chromium #112822)
 .
   [ libtasn1-3 (2.7-1+squeeze+1) stable-security; urgency=low ]
 .
   * ASN.1 length decoding vulnerability. CVE-2012-1569.
 .
   [ libvorbis (1.3.1-1+squeeze1) stable-security; urgency=low ]
 .
   * CVE-2012-0444
 .
   [ libxi (2:1.3-7) squeeze; urgency=low ]
 .
   * Cherry-pick patches from upstream:
     - Fix passive grabs
     - Fill in mods/group->effective in XIQueryPointer
     - Handle unknown device classes (#661021, #660411)
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze5) stable-security; urgency=low ]
 .
   [ Daniel Veillard ]
   * Fix parser local buffers size problems
   * Fix entities local buffers size problems
   CVE-2012-2807, #679280.
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze4) stable-security; urgency=high ]
 .
   * CVE-2011-3102
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze3) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to add randomization to hashing with large
     dictionaries to mitigate hash DoS (CVE-2012-0841; #660846).
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze2) stable-security; urgency=high ]
 .
   * Security update.
   * parser.c: Fix an allocation error when copying entities.
     CVE-2011-3919. #656377.
   * parser.c: Make sure parser returns when getting a Stop order.
     CVE-2011-3905.
   * encoding.c: Fix off by one error. CVE-2011-0216. 652352.
   * xpath.c: Fix for undefined namespaces. CVE-2011-2834.
   * xpath.c, xpointer.c, include/libxml/xpath.h:
     Hardening of XPath evaluation. CVE-2011-2821. 643648.
 .
   [ nss (3.12.8-1+squeeze5) stable-security; urgency=low ]
 .
   * Address CVE-2012-0441 (Insufficient length checking in QuickDER decoder)
   * debian/rules: Work around NSS not building on Linux 3.x kernels.
 .
   [ openssl (0.9.8o-4squeeze13) squeeze-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2012-2333: DoS via explicit IV in DTLS
 .
   [ openssl (0.9.8o-4squeeze12) squeeze-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2012-2131: incomplete fix of CVE-2012-2110
 .
   [ openssl (0.9.8o-4squeeze11) squeeze-security; urgency=low ]
 .
   * Really apply CVE-2012-2110
 .
   [ openssl (0.9.8o-4squeeze10) squeeze-security; urgency=low ]
 .
   * Fix CVE-2012-2110
   * update CVE-2012-0884 patch to include detecting symmetric crypto errors
     in PKCS7_decrypt
 .
   [ openssl (0.9.8o-4squeeze9) squeeze-security; urgency=low ]
 .
   * Fix CVE-2012-1165
 .
   [ openssl (0.9.8o-4squeeze8) squeeze-security; urgency=low ]
 .
   * Fix CVE-2012-0884
   * Updated patch for CVE-2011-4619
 .
   [ openssl (0.9.8o-4squeeze7) squeeze-security; urgency=low ]
 .
   * Re-upload with new version number.
 .
   [ openssl (0.9.8o-4squeeze6) squeeze-security; urgency=low ]
 .
   * Fix CVE-2012-0050
 .
   [ openssl (0.9.8o-4squeeze5) squeeze-security; urgency=low ]
 .
   * Fix CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
     and CVE-2011-4577
   * Send alert instead of assertion failure for incorrectly formatted DTLS
     fragments.  (#645805)
 .
   [ tiff (3.9.4-5+squeeze4) stable-security; urgency=high ]
 .
   * CVE-2012-1173
Checksums-Sha1: 
 491d2c4d689579d5f105407b0943704693829b70 1641 ia32-libs_20120926.dsc
 41cf3db4bf0da4ef2a1265307d0c25366c355617 334397283 ia32-libs_20120926.tar.gz
 b2ec2f3253aca44a8bc85e4cc78f1d37d480b11f 34239516 ia32-libs_20120926_amd64.deb
 8cfd5d4ce03711767693cd9c22c4352d40068b68 13069516 ia32-libs-dev_20120926_amd64.deb
Checksums-Sha256: 
 cb77a8a02c88a8cc408693e6fee1d192759b5d2579f117ce31df4d4afe7be0c7 1641 ia32-libs_20120926.dsc
 a9c4a4bb6867ec46bdc96e374f0cac1308e412ba421de64b85a8cfa9f839ddb5 334397283 ia32-libs_20120926.tar.gz
 4d3c2fe133d1c28adf01cabacb9ffea5cf0c336eea3da12c57f1261177357808 34239516 ia32-libs_20120926_amd64.deb
 aff80164b667632f13255298f6f55f343a554d16fa82d6020fc2b8dfb7702000 13069516 ia32-libs-dev_20120926_amd64.deb
Files: 
 97575864a9084cc6438421fcb62f7245 1641 libs optional ia32-libs_20120926.dsc
 a1509adca438859edb4f0a452a09bc86 334397283 libs optional ia32-libs_20120926.tar.gz
 1296987bdc23977402f41f5b8372c7fb 34239516 libs optional ia32-libs_20120926_amd64.deb
 6c6b72cd113523d08ff3f4d78abcc12f 13069516 libdevel extra ia32-libs-dev_20120926_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQYtSeAAoJEFb2GnlAHawE3rcH/iYG83MxcWuARhSgsDAExktR
4OeAUDetq67VFf+lZQPQZL79QEkkfadljoSRdzcDmwALuxVPWZvqn3eDLhCfaqFe
ftltw+Op4F3YAQVuWJRVjwArvxnv7UFHfmMVcC8isjDPIvzSqGQd36yTccJe5AIY
5jw70qQcVy8gATtNYVAUVoDiiTxHZfUWtbe7QMrV7WJaEgex6vKTsnhqK1S8+Vhi
QXkjLl3z/7tKC/AnMWL81+o0w6LPUihdw3teA/fOQc9N6DDZ4yQwNm9YfzbpTmYZ
mASx5aIH3p3tdz7ZD9ceJ30ZddmC5LddQ7ym/YmjtV+ahaH1J/2mox4FB3/sXfw=
=kQfc
-----END PGP SIGNATURE-----