-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 8 Oct 2004 12:04:47 -0300 Source: cyrus-sasl Binary: libsasl-digestmd5 libsasl-gssapi-heimdal sasl-bin libsasl-dev libsasl-modules-plain libsasl7 Architecture: source i386 Version: 1.5.28-6.2 Distribution: unstable Urgency: emergency Maintainer: Dima Barsky <dima@debian.org> Changed-By: Henrique de Moraes Holschuh <hmh@debian.org> Description: libsasl-dev - Development files for authentication abstraction library libsasl-digestmd5 - DIGEST-MD5 module for SASL libsasl-gssapi-heimdal - GSSAPI Authentication Module for SASL libsasl-modules-plain - Basic Pluggable Authentication Modules for SASL libsasl7 - Authentication abstraction library sasl-bin - Programs for manipulating the SASL users database Closes: 275432 Changes: cyrus-sasl (1.5.28-6.2) unstable; urgency=emergency . * NMU * SECURITY FIX: SASL_PATH environment variable must not be honoured on setuid environments, otherwise we have a local privilege escalation exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02; GLSA 200410-05 * upstream CVS: lib/common.c: don't honor SASL_PATH in setuid environment. from Gentoo (CVE CAN-2004-0884); (closes: #275432) Files: 435ce3d42cbcecf794244d92e53723c9 788 libs important cyrus-sasl_1.5.28-6.2.dsc 233f242f3a9d4065c43a82ddb5e9b5ea 14458 libs important cyrus-sasl_1.5.28-6.2.diff.gz 50bcdba5d2773437e827dbbae0a8cbed 68106 devel optional libsasl-dev_1.5.28-6.2_i386.deb 0a8d6c90b7cc78e4e99a4486e2efcc81 12212 utils optional sasl-bin_1.5.28-6.2_i386.deb 4361766bd6f0b134067526d8fea29fee 12960 libs optional libsasl-modules-plain_1.5.28-6.2_i386.deb 79f2f0c01752100ae2c0fa55d4c8fcf0 15218 libs optional libsasl-digestmd5_1.5.28-6.2_i386.deb 185c74ab9e3b9705caaf390ab9d65da0 7854 libs important libsasl-gssapi-heimdal_1.5.28-6.2_i386.deb 6af8d1c375a887f63785973f24bfc0cd 97920 libs important libsasl7_1.5.28-6.2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBZq8K7iXePxzbD+MRAmfaAJ9vL4af6QKXLUXZCr3CS3FhKT+hXwCfbpoF /2SjUpGMybGjaKg8vymtphM= =ub1L -----END PGP SIGNATURE----- Accepted: cyrus-sasl_1.5.28-6.2.diff.gz to pool/main/c/cyrus-sasl/cyrus-sasl_1.5.28-6.2.diff.gz cyrus-sasl_1.5.28-6.2.dsc to pool/main/c/cyrus-sasl/cyrus-sasl_1.5.28-6.2.dsc libsasl-dev_1.5.28-6.2_i386.deb to pool/main/c/cyrus-sasl/libsasl-dev_1.5.28-6.2_i386.deb libsasl-digestmd5_1.5.28-6.2_i386.deb to pool/main/c/cyrus-sasl/libsasl-digestmd5_1.5.28-6.2_i386.deb libsasl-gssapi-heimdal_1.5.28-6.2_i386.deb to pool/main/c/cyrus-sasl/libsasl-gssapi-heimdal_1.5.28-6.2_i386.deb libsasl-modules-plain_1.5.28-6.2_i386.deb to pool/main/c/cyrus-sasl/libsasl-modules-plain_1.5.28-6.2_i386.deb libsasl7_1.5.28-6.2_i386.deb to pool/main/c/cyrus-sasl/libsasl7_1.5.28-6.2_i386.deb sasl-bin_1.5.28-6.2_i386.deb to pool/main/c/cyrus-sasl/sasl-bin_1.5.28-6.2_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
