Accepted mt-daapd 0.2.4+r1376-1.1+etch1 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 9 Jun 2008 06:36:18 +0000
Source: mt-daapd
Binary: mt-daapd
Architecture: source amd64
Version: 0.2.4+r1376-1.1+etch1
Distribution: stable-security
Urgency: high
Maintainer: Joshua Kwan <joshk@triplehelix.org>
Changed-By: Devin Carraway <devin@debian.org>
Description:
mt-daapd - iTunes-compatible DAAP server
Closes: 459961 476241
Changes:
mt-daapd (0.2.4+r1376-1.1+etch1) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Apply backport of upstream fixes for two related
vulnerabilities (Closes: #459961):
+ CVE-2007-5824: Remote denial-of-service through a null pointer
dereference in src/webserver.c's authorization header handling
+ CVE-2007-5825: Remote arbitrary code execution through a format
string vulnerability in authorization header of an /xml-rpc request
* Apply fix from Nico Golde <nion@debian.org> for CVE-2008-1771, an
integer overflow vulnerability also in src/webserver.c, potentilly
enabling execution of arbitrary code (Closes: #476241)
Files:
a303c40811df75fd395c28485d038ceb 765 sound optional mt-daapd_0.2.4+r1376-1.1+etch1.dsc
c427c26e93914290b7cd615835ea333a 995301 sound optional mt-daapd_0.2.4+r1376.orig.tar.gz
a565dacb5773182a44b367b6c78a0da8 8929 sound optional mt-daapd_0.2.4+r1376-1.1+etch1.diff.gz
9297976354240c5a75b2c3636fe0746d 610844 sound optional mt-daapd_0.2.4+r1376-1.1+etch1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFITOyZU5XKDemr/NIRAjnwAKDPSxgW//tr2N7GewWAvyUIHWYS3QCeNlN2
A3JUS/iPA+M/yIpWDPGPlBc=
=bwia
-----END PGP SIGNATURE-----
Accepted:
mt-daapd_0.2.4+r1376-1.1+etch1.diff.gz
to pool/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1.diff.gz
mt-daapd_0.2.4+r1376-1.1+etch1.dsc
to pool/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1.dsc
mt-daapd_0.2.4+r1376-1.1+etch1_amd64.deb
to pool/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_amd64.deb