-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 01 Oct 2011 16:33:04 +0200 Source: ia32-libs Binary: ia32-libs ia32-libs-dev Architecture: source amd64 Version: 20111001 Distribution: stable Urgency: low Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: ia32-libs - ia32 shared libraries for use on amd64 and ia64 systems ia32-libs-dev - ia32 development files for use on amd64 and ia64 systems Changes: ia32-libs (20111001) stable; urgency=low . * Packages updated . [ curl (7.21.0-2) stable-security; urgency=high ] . * debian/patches/curl-gssapi-delegation: Fix for GSSAPI delegation vulnerability as detailed in CVE-2011-2192. More information and the patch at <http://curl.haxx.se/docs/adv_20110623.html>. (#631615) . [ dbus (1.2.24-4+squeeze1) stable; urgency=low ] . * Update Vcs-* control fields to reflect the move to git * Apply patch to fix CVE-2011-2200 (fd.o #38120), which is a local DoS for system services (#629938) . [ e2fsprogs (1.41.12-4stable1) stable; urgency=high ] . * Upload to proposed-updates * Fix "mke2fs -n" so it won't issue a discard and thus trash all the data on an SSD (oops!!!) . [ e2fsprogs (1.41.12-4) unstable; urgency=high ] . * Clear ext4 error fields in the superblock. Otherwise users will see scary messages every 24 hours after a file system error is detected, even after e2fsck has fixed it, if they are using Linux 2.6.35 or later. * Fix usage message for logsave (#619788) . [ e2fsprogs (1.41.12-3) unstable; urgency=high ] . * Fix signed vs. unsigned char bug in getopt in e2fsprogs which afflicts systems with default unsigned char * Fix bug in e2fsck where it would fail to fix file systems where both the primary and backup block group descriptors are corrupted. (Addresses Ubuntu Launchpad bug: #711799) * Fix package description: fsck has been moved to util-linux (#588726) * Fix badblocks so it the progress message correctly handles UTF-8 characters for I18N systems (#583782, #587834) * Prevent e2fsck from accidentally scrambling a file system when checking a snapshot which has an external journal device (which has not been snapshotted). (#587531) * Fix inode nlink accounting that would lead to very scary PROGRAMMING BUG errors. (#555456) * Fix typos, spelling mistakes, spelling-out-the-obvious-to-clueless- sysadmins, etc. in man pages. (#589345, #594004, #580236, #591083, #505719, #599786) . [ freetype (2.4.2-2.1+squeeze1) stable-security; urgency=high ] . * Non-maintainer upload by the Security Team. * CVE-2011-0226: Vulnerability in parsing Type 1 fonts . [ krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low ] . * Fix double free with pkinit on KDC, CVE-2011-0284, #618517 * Updated Danish debconf translations, thanks Joe Dalton, #584282 * KDC/LDAP DOS (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282, #613487 * Fix delegation of credentials against Windows servers; significant interoperability issue, #611906 * Set nt-srv-inst on TGS names to work against W2K8R2 KDCs, #616429 * Don't fail authentication when PAC verification fails; support hmac- md5 checksums even for non-RC4 keys, #616728 * Port fix to upstream ticket 6899: fix invalid free in kadmind change password case, #622681 . [ libpng (1.2.44-1+squeeze1) stable-security; urgency=high ] . * Apply upstream patch to 1-byte uninitialized memory reference in png_format_buffer(). (#632786, CVE-2011-2501) * Apply upstream patch to buffer overwrite in png_rgb_to_gray. (#633871, CVE-2011-2690) * Apply upstream patch to crash in png_default_error due to use of NULL Pointer. (#633871, CVE-2011-2691) * Apply upstream patch to memory corruption when handling empty sCAL chunks. (#633871, CVE-2011-2692) . [ libsndfile (1.0.21-3+squeeze1) stable-security; urgency=low ] . * CVE-2011-2696 . [ nss (3.12.8-1+squeeze3) stable-security; urgency=low ] . * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Explicitely distrust various DigiNotar CAs: - DigiNotar Root CA - DigiNotar Services 1024 CA - DigiNotar Cyber CA - DigiNotar Cyber CA 2nd - DigiNotar PKIoverheid - DigiNotar PKIoverheid G2 . [ nss (3.12.8-1+squeeze2) stable-security; urgency=low ] . * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Remove DigiNotar Root CA. . [ openldap (2.4.23-7.2) stable; urgency=low ] . * Non-maintainer upload targeted at stable. * Fix "dpkg-reconfigure slapd". #596343 . [ openldap (2.4.23-7.1) stable; urgency=low ] . * Non-maintainer upload targeted at stable. * Picked the following patches from various sources: . [ Matthijs Möhlmann ] * Update patch service-operational-before-detach (#616164, #598361) . [ Ubuntu Security Team / Jamie Strandboge ] * SECURITY UPDATE: fix successful anonymous bind via chain overlay when using forwarded authentication failures - debian/patches/CVE-2011-1024 - CVE-2011-1024 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb backend. Note: Debian is not compiled with --enable-ndb by default - debian/patches/CVE-2011-1025 - CVE-2011-1025 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests and requestDN is empty - debian/patches/CVE-2011-1081 - CVE-2011-1081 - LP: #742104, 617606 . [ openssl (0.9.8o-4squeeze2) squeeze-security; urgency=high ] . * Non-maintainer upload by the Security Team. * Block DigiNotar certificates * Fix CVE-2011-1945: timing attacks against ECDHE_ECDSA makes it easier to determine private keys. . [ tiff (3.9.4-5+squeeze3) stable-security; urgency=high ] . * Redo CVE-2011-0192 to fix regression. (#630042) Checksums-Sha1: 26840e8ad254e8e7b89ad8401055497a0994f80f 1563 ia32-libs_20111001.dsc c735daf1412a61c59110bd2c291bef8e34f36b6e 334258246 ia32-libs_20111001.tar.gz 272e8a49724c31b8643436edbe928bfd1d29653c 34233592 ia32-libs_20111001_amd64.deb 5e2e9fcd3134082d56fbc2c3599b03b873b8a974 13066606 ia32-libs-dev_20111001_amd64.deb Checksums-Sha256: 6a67583057125e7d9b4f07051830f85d25f9c56d5a20f6bd47c0b474550cfd94 1563 ia32-libs_20111001.dsc 51f82055ca73871698dffdd3fd9a6b92024f6974a52c5e74bfe36f62fe12d5f0 334258246 ia32-libs_20111001.tar.gz 1def61bc506f580b91ddf7bd2869f24b97f90866d5722455b483da55afde46bf 34233592 ia32-libs_20111001_amd64.deb b25926ad24de77f95d7d1f301dec617d649bdf3c561551e833f163e9191dcdd4 13066606 ia32-libs-dev_20111001_amd64.deb Files: 12a6e4a2b57b453e39e5b8134ca4290e 1563 libs optional ia32-libs_20111001.dsc 2bf7ff89db15b3eb1d9fbaa2e4a418df 334258246 libs optional ia32-libs_20111001.tar.gz deadb384514fde67ded36730d27591a7 34233592 libs optional ia32-libs_20111001_amd64.deb 256c9e7c96aebe453bf1d2bff5fe11b7 13066606 libdevel extra ia32-libs-dev_20111001_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOhyc3AAoJEOxfUAG2iX57ZUYH/20SDCN78mcWyXaeUKkles6T YJ6WFLR5F17mUwpBHmbg6MKc/CjKh08Afjrd+5LK2DF/HGD0f+TTj0i0LXRuV/bt XwM3CasrtuTGVS7iKJa/Gs+cYeZN1HVby9nEEZJIxpaE3wOzKHVRQP1N2kpqI1p6 BieGLSLx67xqq6hxx7SGtyQONZePngxoTPdWoDKJDULGUN+xoZp+giqE5fNnTslJ JLGXHk4nwvlP0jLAA5KaitPbRtot5aVQw4rU6an7Xmj0bkasVp2+4ue1ogEawZbT kvB73e8sZrEksPqwoA5RPjNmC3rpRL4Nj5fTeUsbxfNzGfg67s1opB3U58P0LPg= =ROXT -----END PGP SIGNATURE----- Accepted: ia32-libs-dev_20111001_amd64.deb to main/i/ia32-libs/ia32-libs-dev_20111001_amd64.deb ia32-libs_20111001.dsc to main/i/ia32-libs/ia32-libs_20111001.dsc ia32-libs_20111001.tar.gz to main/i/ia32-libs/ia32-libs_20111001.tar.gz ia32-libs_20111001_amd64.deb to main/i/ia32-libs/ia32-libs_20111001_amd64.deb