-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 26 Nov 2003 22:03:50 +0100 Source: ample Binary: ample Architecture: source i386 Version: 0.5.7-1 Distribution: unstable Urgency: medium Maintainer: Samuele Giovanni Tonon <samu@debian.org> Changed-By: Samuele Giovanni Tonon <samu@debian.org> Description: ample - A simple MP3 server easy to use Changes: ample (0.5.7-1) unstable; urgency=medium . * New Upstream Release with *SECURITY* fixes * Fixed a buffer overflow maybe locally exploitable; David told me: "The overflow is not very serious due to two facts: 1) No data is actually written, but the buffer contents is copied until NULL is found meaning that huge amounts of memory may be allocated 2) The socket which the malicious data must enter trough is bound to the loopback interface so it should only be locally exploitable" Files: ac0d6f1fc91bd5229d26a01fceae8d85 573 sound optional ample_0.5.7-1.dsc 46eb2b3a444d370067bffe1e5bc2bcc8 87813 sound optional ample_0.5.7.orig.tar.gz 51064b4e8bebd874dd13c55d4e4c387c 22996 sound optional ample_0.5.7-1.diff.gz 0b798586de6a0c9128e07ceee8fc20bf 35668 sound optional ample_0.5.7-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xRakzvFcH/JZfgQRAoCMAJ91byDt1MD59VED3k1K0w/yPbvh5gCfZg1Z P0Ntb1IrnMjWMtKrQIthv2w= =dXj7 -----END PGP SIGNATURE----- Accepted: ample_0.5.7-1.diff.gz to pool/main/a/ample/ample_0.5.7-1.diff.gz ample_0.5.7-1.dsc to pool/main/a/ample/ample_0.5.7-1.dsc ample_0.5.7-1_i386.deb to pool/main/a/ample/ample_0.5.7-1_i386.deb ample_0.5.7.orig.tar.gz to pool/main/a/ample/ample_0.5.7.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org