Debian Package Tracker

From: Thijs Kinkhorst <thijs@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted ia32-libs 20130924 (source amd64)
Date: Tue, 24 Sep 2013 21:48:18 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 24 Sep 2013 08:15:54 +0200
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev
Architecture: source amd64
Version: 20130924
Distribution: squeeze-proposed-updates
Urgency: low
Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 ia32-libs  - ia32 shared libraries for use on amd64 and ia64 systems
 ia32-libs-dev - ia32 development files for use on amd64 and ia64 systems
Changes: 
 ia32-libs (20130924) squeeze-proposed-updates; urgency=low
 .
   * Packages updated
 .
   [ cups (1.4.4-7+squeeze3) stable; urgency=low ]
 .
   [ Didier Raboud ]
   * Ship cups-files.conf's manpage in cups (#697543)
     - Update the configuration files split patch to also build the
       manpage;
     - Install the english manpage.
   * Generate translated cups-files.conf's manpage in the po4a
     infrastructure.
   * Minimally update French manpage translation
 .
   [ Helge Kreutzmann ]
   * Update German manpage translation. (#697860)
 .
   [ curl (7.21.0-2.1+squeeze4) oldstable-security; urgency=high ]
 .
   * Fix URL decode buffer boundary flaw as per CVE-2013-2174
     http://curl.haxx.se/docs/adv_20130622.html
   * Set urgency=high accordingly
 .
   [ curl (7.21.0-2.1+squeeze3) squeeze-security; urgency=high ]
 .
   * Non-maintainer upload
 .
   [ Alessandro Ghedini ]
   * Fix cookie domain tailmatch as per CVE-2013-1944
     http://curl.haxx.se/docs/adv_20130412.html
   * Set urgency=high accordingly
 .
   [ Salvatore Bonaccorso ]
   * Add testcase for CVE-2013-1944
 .
   [ dbus (1.2.24-4+squeeze2) stable; urgency=low ]
 .
   * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary
     code execution in setuid/setgid binaries that incorrectly use libdbus
     without first sanitizing the environment variables inherited from
     their less-privileged caller (#689070).
     - As per upstream 1.6.8, do not check filesystem capabilities for now,
       only setuid/setgid, fixing regressions in certain configurations of
       gnome-keyring
 .
   [ krb5 (1.8.3+dfsg-4squeeze7) oldstable-security; urgency=medium ]
 .
   * Fix "cve-2002-2443: kpasswd udp ping-pong"  (#708267)
 .
   [ libgcrypt11 (1.4.5-2+squeeze1) squeeze-security; urgency=high ]
 .
   * Pull and unfuzzz code changes from 1.5.3 security fix release from
     upstream GIT:
     + [35_bug-in-mpi_powm-for-e-0.patch] mpi/mpi-pow.c (gcry_mpi_powm) - For
       a zero exponent, make sure that the result has been allocated.
     + [36_Mitigate-flush-reload-cache-attack-on-RSA.patch] Mitigate a
       flush+reload cache attack on RSA secret exponents.
       <http://eprint.iacr.org/2013/448>
     This fixes CVE-2013-4242.
 .
   [ libx11 (2:1.3.3-4+squeeze1) squeeze-security; urgency=high ]
 .
   * CVE-2013-1981: integer overflows calculating memory needs for replies
   * CVE-2013-1997: buffer overflows due to not validating length or offset
     values in replies
   * CVE-2013-2004: unbounded recursion parsing user-specified files
     (#145048)
 .
   [ libxcb (1.6-1+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-2064
 .
   [ libxcursor (1:1.1.10-2+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-2003
 .
   [ libxext (2:1.1.2-1+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-1982
 .
   [ libxfixes (1:4.0.5-1+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-1983
 .
   [ libxi (2:1.3-8) oldstable-security; urgency=low ]
 .
   * CVE-2013-1984 CVE-2013-1995 CVE-2013-1998
 .
   [ libxinerama (2:1.1-3+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-1985
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze7) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when
     performing string substition during entity expansion (#702260).
 .
   [ libxp (1:1.0.0.xsf1-2+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-2062
 .
   [ libxrandr (2:1.3.0-3+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-1986
 .
   [ libxrender (1:0.9.6-1+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-1987
 .
   [ libxslt (1.1.26-6+squeeze3) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Add patches to fix denial of service vulnerability (CVE-2012-6139)
     (#703933)
 .
   [ libxt (1:1.0.7-1+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-2002 CVE-2013-2005
 .
   [ libxtst (2:1.1.0-3+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-2063
 .
   [ libxv (2:1.0.5-1+squeeze1) oldstable-security; urgency=low ]
 .
   * CVE-2013-1989 CVE-2013-2066
 .
   [ libxxf86vm (1:1.1.0-2+squeeze1) squeeze-security; urgency=high ]
 .
   * When Xcalloc() returns NULL, you don't need to Xfree() it
   * Improve error handling in XF86VidModeGetMonitor()
   * Unlock display before returning alloc error in XF86VidModeGetModeLine(),
     XF86VidModeGetAllModeLines(), XF86VidModeGetDotClocks()
   * memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001]
   * avoid integer overflow in XF86VidModeGetModeLine
 .
   [ mesa (7.7.1-6) oldstable-security; urgency=low ]
 .
   * CVE-2013-1993
 .
   [ openldap (2.4.23-7.3) stable; urgency=low ]
 .
   * Non-maintainer upload targeted at stable
   * Dump the database in prerm if we're upgrading. #665199
 .
   [ tiff (3.9.4-5+squeeze10) oldstable-security; urgency=high ]
 .
   * Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
     (#719303)
   * Incorporated fix to CVE-2013-4244.
 .
   [ tiff (3.9.4-5+squeeze9) oldstable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
     (#706675).
   * Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
     (#706674).
Checksums-Sha1: 
 886d0bd0720af72ad12a63466c4d70673cc07e31 1641 ia32-libs_20130924.dsc
 4b5bd055234d68994483493ba93df7daf97a4eb6 334660727 ia32-libs_20130924.tar.gz
 913dc32bedbf69bd70b32977b1990a4cc53878a2 34265574 ia32-libs_20130924_amd64.deb
 ff372c6f64cf1beb19bdc982beeffdd0808c8658 13081516 ia32-libs-dev_20130924_amd64.deb
Checksums-Sha256: 
 724b404294b205f1650f70e9dfe389e3ad7dfc7d6070de304114e31f1ca95955 1641 ia32-libs_20130924.dsc
 9c5db3c9f7be55c1c347cc1770ae6ce4847ad0a25de95d7d12f159f0eb9746b0 334660727 ia32-libs_20130924.tar.gz
 cdd12c66cfdee91a960eeba7a448b78a76fb396f8469c362cd59ce9e51fdda14 34265574 ia32-libs_20130924_amd64.deb
 56fedcea17f9b1611415caf92d24e37c70ff4ff03ad1e76d7fa130aba6eef53c 13081516 ia32-libs-dev_20130924_amd64.deb
Files: 
 70b17a21b59f368cb2f0b59dfddbe4fd 1641 libs optional ia32-libs_20130924.dsc
 0e4fc51f818b641fc16a663a4f67712d 334660727 libs optional ia32-libs_20130924.tar.gz
 7595b9a67c61f587e4112c8abc05ee1f 34265574 libs optional ia32-libs_20130924_amd64.deb
 2de7e5ce6323e91155575979ffb27235 13081516 libdevel extra ia32-libs-dev_20130924_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJSQTRIAAoJEFb2GnlAHawEvnUIAJY2aQ3QgO4bfoXsz96rLBmE
VZVeEntMzOYYFAfNGzB+xcnUgimI6NeGsu3vZ0HCOoFJpaSHrkcpcxvW6WN3omWh
McQkAMf5pFiUEhHyDNmu3mTZ68m86xWakMMtEqgPrJzbzkSKJNa+1/awKjbRW90e
/aAeih9DgSxqXsrLd5Cu4g0ZOu6++fXCBMdZTjD5Mx5Z79G+VAOT/523cf3sdyBm
lRPu9NN7+hiv3Dozi3YBm+Kkr4tuLHahAvnH6zF2GcV+StpFXRLPOxW4GzTQ+nt7
n9aGCh/rjSYEyPDNf9q+sC6OCU4HAiSzBjPcejOjSYqEmWhEwWbZrL77ujBi6UE=
=/qhp
-----END PGP SIGNATURE-----
News for package ia32-libs
