-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 08 Sep 2009 15:30:20 -0700 Source: webauth Binary: libapache2-webauth libapache2-webkdc libwebauth-perl libwebauth1 libwebauth1-dev libwebkdc-perl webauth-tests webauth-utils webauth-weblogin Architecture: source i386 all Version: 3.6.2-1 Distribution: unstable Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libapache2-webauth - Apache 2 modules for WebAuth authentication libapache2-webkdc - Apache 2 modules for a WebAuth authentication KDC libwebauth-perl - Perl library for WebAuth authentication libwebauth1 - Shared libraries for WebAuth authentication libwebauth1-dev - Development files for WebAuth authentication libwebkdc-perl - Perl libraries for WebAuth central login server webauth-tests - Tests for the WebAuth authentication modules webauth-utils - Command-line utilities for WebAuth authentication webauth-weblogin - Central login server for WebAuth authentication Changes: webauth (3.6.2-1) unstable; urgency=high . * New upstream release. - CVE-2009-2945: When generating a redirect to test for cookie support, be sure not to include a password in the URL. Reject username/password logins via methods other than POST. - If the user submits the login form via POST without the test cookie, assume the browser supports cookies and don't probe. - New script (in /usr/share/doc/webauth-weblogin/weblogin-passcheck) to find passwords exposed by CVE-2009-2945. Checksums-Sha1: e9d6911b0db0d9099051612c711d3368696f0a71 1326 webauth_3.6.2-1.dsc ef312614f65fd5d11fd62d776390afcf6be90449 670896 webauth_3.6.2.orig.tar.gz c7b7b934a3bb8e502fe592b1e381979ddc636af8 17458 webauth_3.6.2-1.diff.gz 55a914583321fda511522af14560c77b49b1507c 195872 libapache2-webauth_3.6.2-1_i386.deb d8b6c7f97d5a8006977af881daf6d53bd3f631a4 73268 libapache2-webkdc_3.6.2-1_i386.deb 905e8172b09104163c274ffcc47f42a78e05014a 54294 libwebauth-perl_3.6.2-1_i386.deb 1604434f2cb047b81375260d2c8cfccc6f89431a 40784 libwebauth1_3.6.2-1_i386.deb a48b09adac9b995d0fe638182322cecbdc2412a2 48992 libwebauth1-dev_3.6.2-1_i386.deb 48f2135f2d93379ec51a3142645abb3a31f04b3f 28962 webauth-utils_3.6.2-1_i386.deb 0b76c62a3f4b2020484521183613cf40bff72a0d 43724 libwebkdc-perl_3.6.2-1_all.deb fd1f91f1711bdcf3252bc843af37c36109872edd 30452 webauth-tests_3.6.2-1_all.deb ba90bddce57e287ffe1f2b1ce8b915d2389fb9cb 84098 webauth-weblogin_3.6.2-1_all.deb Checksums-Sha256: cb0972584b529db94f469f8f6e0107271ba8e53ca69ed6c5d96deb71f6c93364 1326 webauth_3.6.2-1.dsc e5a448abbe091e4e77113cfafa02257cfc05ead1767d17540e3628a272239b6c 670896 webauth_3.6.2.orig.tar.gz 8a35fa549a12c64c83d89834af1163da910ee71ae9b5f35b171c859ed35d3084 17458 webauth_3.6.2-1.diff.gz e0d510bf62b7d469a4da7bf12a5905f29ab28c7c17d0b1624269ce9182d100f4 195872 libapache2-webauth_3.6.2-1_i386.deb b18aae2de5cb550964daa0d138aade289fc4a9e7959a4532d7d40543091bfe25 73268 libapache2-webkdc_3.6.2-1_i386.deb a3e0f4f078509976a2078e99c3ac31b852ffa46ca6ff1c61a58579c7f4955396 54294 libwebauth-perl_3.6.2-1_i386.deb 1c56249da04c5578ff346e0cf9f40f562f8ec5a30faf5b5a3d809f92afb29a22 40784 libwebauth1_3.6.2-1_i386.deb c30a2ed25bb8067a7926d59efb608c1e5aa40153b655b9618a21d4a31b61e027 48992 libwebauth1-dev_3.6.2-1_i386.deb c0b457549460233bf35e5cf757fcde877631090a5ea5af22a6b8d327fdbf5323 28962 webauth-utils_3.6.2-1_i386.deb 47bb92e0ef50f54d8f38a86270253b645199a55d5fc59c216a16431923568606 43724 libwebkdc-perl_3.6.2-1_all.deb 37d4a00b313f2e800c3e5a3b900f662aff626e6d8009248b1ef93f88ad4a2ed4 30452 webauth-tests_3.6.2-1_all.deb 62335c4a92029b804a1445d9378859193fe9c201d5b964b240725216abce60c3 84098 webauth-weblogin_3.6.2-1_all.deb Files: 7127f0a6db3467295e1233ca86c0bd62 1326 web optional webauth_3.6.2-1.dsc d2bdddb6e48c710c95c713dc1dade414 670896 web optional webauth_3.6.2.orig.tar.gz 50d8cc2dc3eb82542dd570b2e20d260a 17458 web optional webauth_3.6.2-1.diff.gz 7d7dc1afbc496f16571652feb0d0ec4f 195872 httpd optional libapache2-webauth_3.6.2-1_i386.deb 0bdc5ab70f4935a08888b809230c630e 73268 httpd optional libapache2-webkdc_3.6.2-1_i386.deb 6f1518565fbf41f625f989848fb0b064 54294 perl optional libwebauth-perl_3.6.2-1_i386.deb a9172d0b1237225efb0e814e28e46947 40784 libs optional libwebauth1_3.6.2-1_i386.deb 9be15319e9ee239ab219844e28bed840 48992 libdevel extra libwebauth1-dev_3.6.2-1_i386.deb f3cba4ea3169270563a7e75bd587a9f3 28962 web optional webauth-utils_3.6.2-1_i386.deb 07a3ffaafdc5a7a556c047a24fe7d6c7 43724 perl optional libwebkdc-perl_3.6.2-1_all.deb 258102aebda89224f2d22426c477d5fc 30452 web optional webauth-tests_3.6.2-1_all.deb e0e5548030c6cd67dd9a496ca2be3d88 84098 web optional webauth-weblogin_3.6.2-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqpVTkACgkQ+YXjQAr8dHYpgQCePOeAH+WrpPxdaSyhHpKxGpkm S1oAoIaN3VFbUl4eW2ZyPsZjt0QXVfbc =sOa3 -----END PGP SIGNATURE----- Accepted: libapache2-webauth_3.6.2-1_i386.deb to pool/main/w/webauth/libapache2-webauth_3.6.2-1_i386.deb libapache2-webkdc_3.6.2-1_i386.deb to pool/main/w/webauth/libapache2-webkdc_3.6.2-1_i386.deb libwebauth-perl_3.6.2-1_i386.deb to pool/main/w/webauth/libwebauth-perl_3.6.2-1_i386.deb libwebauth1-dev_3.6.2-1_i386.deb to pool/main/w/webauth/libwebauth1-dev_3.6.2-1_i386.deb libwebauth1_3.6.2-1_i386.deb to pool/main/w/webauth/libwebauth1_3.6.2-1_i386.deb libwebkdc-perl_3.6.2-1_all.deb to pool/main/w/webauth/libwebkdc-perl_3.6.2-1_all.deb webauth-tests_3.6.2-1_all.deb to pool/main/w/webauth/webauth-tests_3.6.2-1_all.deb webauth-utils_3.6.2-1_i386.deb to pool/main/w/webauth/webauth-utils_3.6.2-1_i386.deb webauth-weblogin_3.6.2-1_all.deb to pool/main/w/webauth/webauth-weblogin_3.6.2-1_all.deb webauth_3.6.2-1.diff.gz to pool/main/w/webauth/webauth_3.6.2-1.diff.gz webauth_3.6.2-1.dsc to pool/main/w/webauth/webauth_3.6.2-1.dsc webauth_3.6.2.orig.tar.gz to pool/main/w/webauth/webauth_3.6.2.orig.tar.gz