-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 09 Sep 2009 12:25:30 -0700 Source: webauth Binary: libapache2-webauth libapache2-webkdc libwebauth-perl libwebauth1 libwebauth1-dev libwebkdc-perl webauth-tests webauth-utils webauth-weblogin Architecture: source i386 all Version: 3.6.0-1+lenny1 Distribution: stable-proposed-updates Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libapache2-webauth - Apache 2 modules for WebAuth authentication libapache2-webkdc - Apache 2 modules for a WebAuth authentication KDC libwebauth-perl - Perl library for WebAuth authentication libwebauth1 - Shared libraries for WebAuth authentication libwebauth1-dev - Development files for WebAuth authentication libwebkdc-perl - Perl library for WebAuth authentication webauth-tests - Tests for the WebAuth authentication modules webauth-utils - Command-line utilities for WebAuth authentication webauth-weblogin - Central login server for WebAuth authentication Changes: webauth (3.6.0-1+lenny1) stable-proposed-updates; urgency=high . * CVE-2009-2945: When generating a redirect to test for cookie support, be sure not to include a password in the URL. Reject username/password logins via methods other than POST. * If the user submits the login form via POST without the test cookie, assume the browser supports cookies and don't probe. Checksums-Sha1: 92afd329b1ed23aebefcc9e5d3471504f76d8580 1246 webauth_3.6.0-1+lenny1.dsc 71af35f562b44408ec6acae739f7badd35f463bc 16863 webauth_3.6.0-1+lenny1.diff.gz 13937c6d3057d7ab20ce0f495c3c78250921f465 201220 libapache2-webauth_3.6.0-1+lenny1_i386.deb 16fb46f77af4c01cb97a274518a43ef512b22895 81548 libapache2-webkdc_3.6.0-1+lenny1_i386.deb 170af4864b657ef2247b98f22f676e3492488559 53706 libwebauth-perl_3.6.0-1+lenny1_i386.deb 4b4958a9e45f66107a9b08e878acd90d091f37f5 40614 libwebauth1_3.6.0-1+lenny1_i386.deb 973283da74a9d427970c8eda3173514063eb653c 48242 libwebauth1-dev_3.6.0-1+lenny1_i386.deb 24be099e92412eab4aaad4a43989195dcb6804da 28522 webauth-utils_3.6.0-1+lenny1_i386.deb bdf27a67ae50f3e1b1316ff2bafe6dc6392b11ec 42978 libwebkdc-perl_3.6.0-1+lenny1_all.deb 722adc7c698a52e9aafb5c67e9c696a73f2c5554 28814 webauth-tests_3.6.0-1+lenny1_all.deb 0607abca42f316029b3e09cde41df8011f4aecee 87390 webauth-weblogin_3.6.0-1+lenny1_all.deb Checksums-Sha256: 9f6bf987229b3acae4b87344f7db10500f9d8d3241d3050c81c732c122b27be0 1246 webauth_3.6.0-1+lenny1.dsc 56cdf8a28f05c4e0d7b4956695c5a9b729a7ea8fdd224141a6e19adca0e2ae96 16863 webauth_3.6.0-1+lenny1.diff.gz a3667ef5d3b3e59d16205f2712393d149c30b77130da71e67b6f7abfbfe02cd8 201220 libapache2-webauth_3.6.0-1+lenny1_i386.deb bd8efde6e0c9102e19a516cedb50182e3c9cd45d6e8c6c1e8b543b4d9bbe9fc9 81548 libapache2-webkdc_3.6.0-1+lenny1_i386.deb 3770773af59faa625cfc38165cd31990fa0ef074e7f826e47ee4fe415e464500 53706 libwebauth-perl_3.6.0-1+lenny1_i386.deb 8b935b23090c8f5bcb389f54ea192df13d1026d6fcae2255e4149e71a0bd8765 40614 libwebauth1_3.6.0-1+lenny1_i386.deb 4b3efbd8ab950e7b3e1996c8928b0e11f80193ead7515c6b015d00628ebf16f1 48242 libwebauth1-dev_3.6.0-1+lenny1_i386.deb db44a6319bb38eaa77e4959636ff84265387697a3585869d9afbd913c2822921 28522 webauth-utils_3.6.0-1+lenny1_i386.deb 8f20dc10e8d0bc17db2c55bb6b462f7358b5408477b212f6f6b349eb735848ac 42978 libwebkdc-perl_3.6.0-1+lenny1_all.deb cb973d28b85834dd78cd428e2535fbda8a03cefc07c418a30b6eb8b27d85921a 28814 webauth-tests_3.6.0-1+lenny1_all.deb f93482ad5b34897f4dfc556defd300f634dbaa4534e2d29b4ea1fb4f3ebe119b 87390 webauth-weblogin_3.6.0-1+lenny1_all.deb Files: 632ec0f900df4c1ac87bb58f8c611979 1246 web optional webauth_3.6.0-1+lenny1.dsc 722df12326c5ef514f1b017a6004c03e 16863 web optional webauth_3.6.0-1+lenny1.diff.gz c5f138cd2197e48b3306f1ec7d32dbcf 201220 net optional libapache2-webauth_3.6.0-1+lenny1_i386.deb 209ac3f4602c8a42380f6674b6fe0f19 81548 net optional libapache2-webkdc_3.6.0-1+lenny1_i386.deb d74c31045f0f1a0f880337e7669dea3a 53706 perl optional libwebauth-perl_3.6.0-1+lenny1_i386.deb 27555ac2128e57d127fe3280a9f0aa2c 40614 libs optional libwebauth1_3.6.0-1+lenny1_i386.deb 7f2885037aa6a64b57c7b22ef9f4f7f4 48242 libdevel extra libwebauth1-dev_3.6.0-1+lenny1_i386.deb c2958126a19e75c3152bcfa6f084012c 28522 web optional webauth-utils_3.6.0-1+lenny1_i386.deb e72085f701ff7084a643de4cd94138fd 42978 perl optional libwebkdc-perl_3.6.0-1+lenny1_all.deb 3ecd53d2b2681313776cc0ef18a32cf1 28814 web optional webauth-tests_3.6.0-1+lenny1_all.deb 93d01c1f557b15a4b90850426578140b 87390 web optional webauth-weblogin_3.6.0-1+lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqqliMACgkQ+YXjQAr8dHbHJQCgl74nnKXSbkPGZ4NFgTOJY6QE KikAn3RfaAWP0PF6KglgRk3QN22uyLNU =J6r7 -----END PGP SIGNATURE----- Accepted: libapache2-webauth_3.6.0-1+lenny1_i386.deb to pool/main/w/webauth/libapache2-webauth_3.6.0-1+lenny1_i386.deb libapache2-webkdc_3.6.0-1+lenny1_i386.deb to pool/main/w/webauth/libapache2-webkdc_3.6.0-1+lenny1_i386.deb libwebauth-perl_3.6.0-1+lenny1_i386.deb to pool/main/w/webauth/libwebauth-perl_3.6.0-1+lenny1_i386.deb libwebauth1-dev_3.6.0-1+lenny1_i386.deb to pool/main/w/webauth/libwebauth1-dev_3.6.0-1+lenny1_i386.deb libwebauth1_3.6.0-1+lenny1_i386.deb to pool/main/w/webauth/libwebauth1_3.6.0-1+lenny1_i386.deb libwebkdc-perl_3.6.0-1+lenny1_all.deb to pool/main/w/webauth/libwebkdc-perl_3.6.0-1+lenny1_all.deb webauth-tests_3.6.0-1+lenny1_all.deb to pool/main/w/webauth/webauth-tests_3.6.0-1+lenny1_all.deb webauth-utils_3.6.0-1+lenny1_i386.deb to pool/main/w/webauth/webauth-utils_3.6.0-1+lenny1_i386.deb webauth-weblogin_3.6.0-1+lenny1_all.deb to pool/main/w/webauth/webauth-weblogin_3.6.0-1+lenny1_all.deb webauth_3.6.0-1+lenny1.diff.gz to pool/main/w/webauth/webauth_3.6.0-1+lenny1.diff.gz webauth_3.6.0-1+lenny1.dsc to pool/main/w/webauth/webauth_3.6.0-1+lenny1.dsc