-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 8 Oct 2004 11:15:39 -0300 Source: cyrus-sasl2 Binary: libsasl2 libsasl2-modules-sql sasl2-bin libsasl2-modules libsasl2-dev libsasl2-modules-gssapi-heimdal libsasl2-modules-kerberos-heimdal Architecture: source i386 Version: 2.1.19-1.2 Distribution: unstable Urgency: high Maintainer: Dima Barsky <dima@debian.org> Changed-By: Henrique de Moraes Holschuh <hmh@debian.org> Description: libsasl2 - Authentication abstraction library libsasl2-dev - Development files for authentication abstraction library libsasl2-modules - Pluggable Authentication Modules for SASL libsasl2-modules-gssapi-heimdal - Pluggable Authentication Modules for SASL libsasl2-modules-kerberos-heimdal - Pluggable Authentication Modules for SASL libsasl2-modules-sql - Pluggable Authentication Modules for SASL sasl2-bin - Programs for manipulating the SASL users database Closes: 274087 275431 Changes: cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high . * NMU, since I am not sure Dima is back yet * SECURITY FIX: SASL_PATH environment variable must not be honoured on setuid environments, otherwise we have a local privilege escalation exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02; GLSA 200410-05 * upstream CVS: lib/common.c: don't honor SASL_PATH in setuid environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431) * upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES * upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c, plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability warnings * Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid problems with the braindead idea of globals SASL has, and with libraries that think they can get around mucking with them (hello openldap!) (closes: #274087) Files: 3babd0a1794f1ad1e049315db5abc325 1062 devel important cyrus-sasl2_2.1.19-1.2.dsc e489181f0ca74cace906efa79a2cbb8c 30654 devel important cyrus-sasl2_2.1.19-1.2.diff.gz c3509401264b0939e7989fbb6ff67da5 112786 utils important sasl2-bin_2.1.19-1.2_i386.deb b69a98c3039f0704f859ec28c9b75862 155828 libs important libsasl2-modules_2.1.19-1.2_i386.deb 0eeddbff8fee4a4b283b8c33710e8bc1 50992 libs optional libsasl2-modules-sql_2.1.19-1.2_i386.deb 82fd1fc5f09fb53a7d6a4af85dcb937f 53016 libs optional libsasl2-modules-gssapi-heimdal_2.1.19-1.2_i386.deb 4bbce17451309ff60819a4ea20fda7e9 52696 libs optional libsasl2-modules-kerberos-heimdal_2.1.19-1.2_i386.deb 8125b12a6cabff4e72b38bb04476d3e4 258138 libs important libsasl2_2.1.19-1.2_i386.deb e825bd4e73049bd70dba004661880a8d 245878 libdevel optional libsasl2-dev_2.1.19-1.2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBZqX97iXePxzbD+MRAiJTAJ0TZ3h9xRTrDdjoY1ji840VpyQoOACfYFKZ 9R0pq3Zge7GGyTLtboFsKF8= =P67P -----END PGP SIGNATURE----- Accepted: cyrus-sasl2_2.1.19-1.2.diff.gz to pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.2.diff.gz cyrus-sasl2_2.1.19-1.2.dsc to pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.2.dsc libsasl2-dev_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.2_i386.deb libsasl2-modules-gssapi-heimdal_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.2_i386.deb libsasl2-modules-kerberos-heimdal_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.2_i386.deb libsasl2-modules-sql_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.2_i386.deb libsasl2-modules_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.2_i386.deb libsasl2_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.2_i386.deb sasl2-bin_2.1.19-1.2_i386.deb to pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.2_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
