-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 26 Mar 2007 01:21:28 +0100 Source: nas Binary: nas-doc libaudio-dev nas libaudio2 nas-bin Architecture: source i386 all Version: 1.7-2sarge1 Distribution: stable-security Urgency: high Maintainer: Steve McIntyre <93sam@debian.org> Changed-By: Steve McIntyre <93sam@debian.org> Description: libaudio-dev - The Network Audio System (NAS). (development files) libaudio2 - The Network Audio System (NAS). (shared libraries) nas - The Network Audio System (NAS). (local server) nas-bin - The Network Audio System (NAS). (client binaries) nas-doc - The Network Audio System (NAS). (extra documentation) Changes: nas (1.7-2sarge1) stable-security; urgency=high . * High-urgency upload to fix multiple security holes (CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547): + accept_att_local buffer overflow through USL connection + server termination through unexistent ID in AddResource + bcopy crash caused by integer overflow in ProcAuWriteElement + invalid memory pointer caused by big num_actions in ProcAuSetElements + another invalid memory pointer caused by big num_actions in ProcAuSetElements + invalid memory pointer in compileInputs + exploits bug 3 in read mode (requires something playing on the server) + NULL pointer caused by too much connections Files: 2f0821d157ae249adfda1ddcf39bf9aa 693 sound optional nas_1.7-2sarge1.dsc c9918e9c9c95d587a95b455bbabe3b49 1288569 sound optional nas_1.7.orig.tar.gz b057e678fb808ef95666d766944ce498 124076 sound optional nas_1.7-2sarge1.diff.gz 744cbca330f9f8463a36251836514cc4 150478 doc extra nas-doc_1.7-2sarge1_all.deb edcc7d8210a2acac10c84547cfa3d2c2 95234 sound optional nas_1.7-2sarge1_i386.deb 2571d898d1921adeafa543a1709d0e2a 495476 sound extra nas-bin_1.7-2sarge1_i386.deb df4b413ad699008cfe5b96b46aab5d0b 71866 libs optional libaudio2_1.7-2sarge1_i386.deb 20f53c488e517d53e6aa517fd4a2076a 1189584 libdevel optional libaudio-dev_1.7-2sarge1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGB48/fDt5cIjHwfcRAuR+AJ9HhAAhU9OVcy56T17fE5cAjPYWtACdFKyx VHmnvwzg0mkrxLdEmDpPnBY= =RPqv -----END PGP SIGNATURE----- Accepted: libaudio-dev_1.7-2sarge1_i386.deb to pool/main/n/nas/libaudio-dev_1.7-2sarge1_i386.deb libaudio2_1.7-2sarge1_i386.deb to pool/main/n/nas/libaudio2_1.7-2sarge1_i386.deb nas-bin_1.7-2sarge1_i386.deb to pool/main/n/nas/nas-bin_1.7-2sarge1_i386.deb nas-doc_1.7-2sarge1_all.deb to pool/main/n/nas/nas-doc_1.7-2sarge1_all.deb nas_1.7-2sarge1.diff.gz to pool/main/n/nas/nas_1.7-2sarge1.diff.gz nas_1.7-2sarge1.dsc to pool/main/n/nas/nas_1.7-2sarge1.dsc nas_1.7-2sarge1_i386.deb to pool/main/n/nas/nas_1.7-2sarge1_i386.deb