-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 23 Aug 2013 00:35:04 +0100 Source: nas Binary: libaudio2 nas libaudio-dev nas-bin nas-doc Architecture: source all amd64 Version: 1.9.3-6 Distribution: unstable Urgency: high Maintainer: Steve McIntyre <93sam@debian.org> Changed-By: Steve McIntyre <93sam@debian.org> Description: libaudio-dev - Network Audio System - development files libaudio2 - Network Audio System - shared libraries nas - Network Audio System - local server nas-bin - Network Audio System - client binaries nas-doc - Network Audio System - extra documentation Closes: 720287 Changes: nas (1.9.3-6) unstable; urgency=high . * Fixes for various long-standing security issues found by Hamid Zamani <me@hamidx9.ir>. Closes: #720287 + Validate the port offset of nasd to fix a potential buffer overflow (CVE-2013-4256) + Use better string functions to guard against heap overflows (CVE-2013-4257) + Sanity-check the TCP_DEVICE environment variable to remove a format string bug (CVE-2013-4258) Checksums-Sha1: 44fed3d9055d9890c925baf42e701e375a37a1ca 1890 nas_1.9.3-6.dsc f2b3baddd2f637146ae6b1be45c1c3ad6d0eb581 44723 nas_1.9.3-6.diff.gz fd55da4f34ed0c1581e27d1dc57307c536ed12f9 158284 nas-doc_1.9.3-6_all.deb 46979d70fb345ff65f86c7690674991d23dcf543 110812 nas_1.9.3-6_amd64.deb e9e925bd8da069af56244fef8c9a675d3b1a9449 148378 nas-bin_1.9.3-6_amd64.deb 9d90b03bf5f02ebee04e9842162612e6f9ba738e 78326 libaudio2_1.9.3-6_amd64.deb fb883a9fef0b98f2db941ae693ba613c9e52317c 420278 libaudio-dev_1.9.3-6_amd64.deb Checksums-Sha256: d813d63a5c043d5e0362cc2069405d46482d6050ce6ef240b20f64787a38cc03 1890 nas_1.9.3-6.dsc 0df3509d5350efa15f79aa769b287067475af128fe8a443cf6e729d2941b238e 44723 nas_1.9.3-6.diff.gz 35fe49c8e681078a021c3420d5911ba530ffced2a5972bea7b3d0cc88f0acfc5 158284 nas-doc_1.9.3-6_all.deb 26ad5071526af4f7083fa78b86546747adb3ef21d9cf5bb09d73fe83161e29b3 110812 nas_1.9.3-6_amd64.deb 646f23fc2bafa4631d99097291e0e7821e23fef4457e05ec98f2fc17c1543600 148378 nas-bin_1.9.3-6_amd64.deb f475c4f9638f845f028dceb7e9315e20fdb30fe7325491b47c44fe08f7c9dadb 78326 libaudio2_1.9.3-6_amd64.deb d29222f02204ab48c8873f01aef0900fad0092d65553447d6c655066a01f4573 420278 libaudio-dev_1.9.3-6_amd64.deb Files: 6b241e2bf715c454ba8c582d11321e65 1890 sound optional nas_1.9.3-6.dsc b2eaf2745167196c247ec5a842fd9ef5 44723 sound optional nas_1.9.3-6.diff.gz 9f4cfc202ee495113193a3c81c3d4cf4 158284 doc extra nas-doc_1.9.3-6_all.deb ad3545ad3713b24086db31fea0002f00 110812 sound optional nas_1.9.3-6_amd64.deb f2c87702652bd8bb38a4cc5b8cae39ea 148378 sound extra nas-bin_1.9.3-6_amd64.deb ca71ec5b837ce6b4856b513050c94792 78326 libs optional libaudio2_1.9.3-6_amd64.deb 047e0688dc404e3857059e157b06e5d0 420278 libdevel optional libaudio-dev_1.9.3-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSHTbeAAoJEFh5eVc0QmhONS4P/1Y87G7xHXILGgNPjL5IuiOo FbdunRSlXTTz38fwBk2YBO5onhn0PK+7k6x4d7UhoXU+QFQZrdACADvvhYUz+ztN QyTBCYzAN5k1E3FNSrD9JbzS3Zw4b5EpbbQ3Nuyvwyjv7mi0EwcDe5+BGZs1aKGN JcvSjlN/ugqDgVZk1SCQqr0zHYIoyKCxiPXzhlbpEwPEg6km/NgZb0Xl1QOOj7ju LHz6jctDmPeY8VXcbSCzjCvuh2fkI5EVys4VjK7DG20VKalYYivUQECdzaXawARb 5BJlNLxwa1i+jTzWVi5hw26SsWzy0Slv1v7tCzWvFl+09LEFACGg+0aPgJhWFpVW PmmLogBQ8/ygTEcYc+Brn0lnLgtRC+V1ZQDPAt2SPmM++UH2ALATv2qjmnC5Wrgm kM13NwG6O0uUXqKAaGOHoAz8H1IFDTxDWGDn8GGiAx6y7VWHS8uAf4knt5k53orj psjkby6O1vnV8v/9jBVAGp/Miipaavu4OpN8y6jgZytkQb5JUQyWJn0jZ47esQWP 8qGI1itBbC2LCx3rMOJ9bx3SIEiHPQrR3/8LGhhubPiR6Zl4RuBeM5PTTd3sJl9P PD1dLLmVASes2gn1+s4JOgWX2ynQZ/GwKWRDFHelGmkc0j0ADXt6o4IhFYrbFT6t JNCBEsqSEBEutpzhSQjW =Rd8B -----END PGP SIGNATURE-----
