Debian Package Tracker

From: Henrique de Moraes Holschuh <hmh@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted cyrus-sasl2-mit 2.1.19-1.1 (i386 source)
Date: Sun, 17 Oct 2004 00:47:04 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 17 Oct 2004 00:43:17 -0300
Source: cyrus-sasl2-mit
Binary: libsasl2-gssapi-mit libsasl2-krb4-mit
Architecture: source i386
Version: 2.1.19-1.1
Distribution: unstable
Urgency: emergency
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Description: 
 libsasl2-gssapi-mit - GSSAPI  module for SASL using MIT Kerberos
 libsasl2-krb4-mit - Kerberos4  module for SASL using MIT Kerberos
Closes: 276865
Changes: 
 cyrus-sasl2-mit (2.1.19-1.1) unstable; urgency=emergency
 .
   * NMU
   * resync to cyrus-sasl2 2.1.19-1.5):
     * SECURITY FIX: SASL_PATH environment variable must not be honoured on
       setuid environments, otherwise we have a local privilege escalation
       exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
       GLSA 200410-05 (closes: #276865)
       * upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
         environment. from Gentoo (CVE CAN-2004-0884);
       * Fix to upstream CVS security fix: initialize *path = NULL
     * upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES
     * upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c,
       plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability
       warnings
     * Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
       problems with the braindead idea of globals SASL has, and with libraries
       that think they can get around mucking with them (hello openldap!)
     * Add Build-Conflicts: autoconf2.13, automake1.4
Files: 
 3be5030888271063230b418652612554 963 devel optional cyrus-sasl2-mit_2.1.19-1.1.dsc
 0e92a745b32df885f946fc614e5b97a1 28997 devel optional cyrus-sasl2-mit_2.1.19-1.1.diff.gz
 ab5ebb48be1118d5a356aab298e58a53 55522 devel optional libsasl2-gssapi-mit_2.1.19-1.1_i386.deb
 af5045897fac080499ea084f5610b54e 52882 devel optional libsasl2-krb4-mit_2.1.19-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBcfbi7iXePxzbD+MRAjp1AJ9eQqpQffba7eBez3lMmtTlLk3f7wCeJx6e
d/j4nWTTteQsdsIdISqaaZA=
=ZdU6
-----END PGP SIGNATURE-----


Accepted:
cyrus-sasl2-mit_2.1.19-1.1.diff.gz
  to pool/main/c/cyrus-sasl2-mit/cyrus-sasl2-mit_2.1.19-1.1.diff.gz
cyrus-sasl2-mit_2.1.19-1.1.dsc
  to pool/main/c/cyrus-sasl2-mit/cyrus-sasl2-mit_2.1.19-1.1.dsc
libsasl2-gssapi-mit_2.1.19-1.1_i386.deb
  to pool/main/c/cyrus-sasl2-mit/libsasl2-gssapi-mit_2.1.19-1.1_i386.deb
libsasl2-krb4-mit_2.1.19-1.1_i386.deb
  to pool/main/c/cyrus-sasl2-mit/libsasl2-krb4-mit_2.1.19-1.1_i386.deb


-- 
To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
News for package cyrus-sasl2-mit
