Debian Package Tracker

From: Thijs Kinkhorst <thijs@debian.org>
To: <debian-lts-changes@lists.debian.org>
Subject: Accepted ia32-libs 20150413 (source amd64) into squeeze-lts
Date: Mon, 13 Apr 2015 17:07:39 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 13 Apr 2015 11:39:57 +0200
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev
Architecture: source amd64
Version: 20150413
Distribution: squeeze-lts
Urgency: low
Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 ia32-libs  - ia32 shared libraries for use on amd64 and ia64 systems
 ia32-libs-dev - ia32 development files for use on amd64 and ia64 systems
Changes: 
 ia32-libs (20150413) squeeze-lts; urgency=low
 .
   * Packages updated
 .
   [ cups (1.4.4-7+squeeze7) squeeze-lts; urgency=medium ]
 .
   * Backport upstream patches to fix:
     - Buffer overflow in cupsRasterReadPixels (STR #4551), fixes CVE-2014-2679
 .
   [ e2fsprogs (1.41.12-4+deb6u2) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Debian LTS team.
   * Fix CVE-2015-1572: incomplete fix for CVE-2015-0247.
     (#778948)
 .
   [ e2fsprogs (1.41.12-4+deb6u1) squeeze-lts; urgency=low ]
 .
   * Non-maintainer upload by the Debian LTS team.
   * libext2fs: Fix buffer overflow if s_first_meta_bg is too big
     as reported in CVE-2015-0247.
     Refer to upstream commit:
     https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
 .
   [ freetype (2.4.2-2.1+squeeze5) squeeze-lts; urgency=medium ]
 .
   * Non-maintainer upload by the Squeeze LTS team
   * Fix recent applicable CVEs (#777656):
     - [sfnt] Fix Savannah bug #43680. CVE-2014-9656
     - [truetype] Fix Savannah bug #43679. CVE-2014-9657
     - [sfnt] Fix Savannah bug #43672. CVE-2014-9658
     - [bdf] Fix Savannah bug #43660. CVE-2014-9660
     - [type42] Allow only embedded TrueType fonts. CVE-2014-9661
     - [sfnt] Fix Savannah bug #43656. CVE-2014-9663
     - [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
     - Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
     - Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
       CVE-2014-9665-fixup
     - Fix uninitialized variable warning. CVE-2014-9665-fixup-2
     - [sfnt] Fix Savannah bug #43591. CVE-2014-9666
     - [sfnt] Fix Savannah bug #43590. CVE-2014-9667
     - [sfnt] Fix Savannah bug #43588. CVE-2014-9669
     - Fix Savannah bug #43548. CVE-2014-9670
     - Fix Savannah bug #43547. CVE-2014-9671
     - Fix Savannah bug #43540. CVE-2014-9672
     - Fix Savannah bug #43539. CVE-2014-9673
     - src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
       a broken POST table in resource-fork. CVE-2014-9673-fixup
     - Fix Savannah bug #43538. CVE-2014-9674-part-1
     - src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
       in the summation of POST fragment lengths. CVE-2014-9674-part-2
     - src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables
       to read the lengths in POST fragments. CVE-2014-9674-fixup-1
     - src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
       too long tracing messages. CVS-2014-9674-fixup-2
     - Fix Savannah bug #43535. CVE-2014-9675
     - [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
 .
   [ gnutls26 (2.8.6-1+squeeze5) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Debian LTS Team.
   * Includes multiple security fixes:
     - CVE-2014-8155: missing date/time checks on CA certificates
     - CVE-2015-0282: GnuTLS does not verify the RSA PKCS #1 signature
       algorithm to match the signature algorithm in the certificate, leading to
       a potential downgrade to a disallowed algorithm without detecting it.
       (Backported patch prepared by the Red Hat security team.)
     - CVE-2015-0294: GnuTLS does not check whether the two signature
       algorithms match on certificate import.
 .
   [ krb5 (1.8.3+dfsg-4squeeze9) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * MITKRB5-SA-2015-001
     - CVE-2014-5352: gss_process_context_token() incorrectly frees context
     - CVE-2014-9421: kadmind doubly frees partial deserialization results
     - CVE-2014-9422: kadmind incorrectly validates server principal name
     - CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
 .
   [ libgcrypt11 (1.4.5-2+squeeze3) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Use ciphertext blinding for Elgamal decryption to counteract a
     side-channel attack as per CVE-2014-3591
   * Fix data-dependent timing variations in the modular exponentiation
     function that could be used to mount a side-channel attack as per
     CVE-2015-0837
 .
   [ libssh2 (1.2.6-1+deb6u1) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Add CVE-2015-1782.patch.
     CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded.
 .
   [ libtasn1-3 (2.7-1+squeeze+3) squeeze-lts; urgency=low ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Add CVE-2015-2806.patch patch.
     CVE-2015-2806: stack overflow in asn1_der_decoding.
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze11) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Do not fetch external parsed entities unless asked to do so. This
     supplements the patch for CVE-2014-0191
   * Fix regression introducedd by the patch fixing CVE-2014-3660
     (#768089)
 .
   [ nss (3.12.8-1+squeeze11) squeeze-lts; urgency=medium ]
 .
   * Non-maintainer upload by the Debian LTS team.
   * Fix CVE-2011-3389 by backporting the upstream patch:
     https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
   * Fix CVE-2014-1569 by backporting the upstream patch:
     https://hg.mozilla.org/projects/nss/rev/a163e09dc4d5
     #773625
 .
   [ openssl (0.9.8o-4squeeze20) squeeze-lts; urgency=medium ]
 .
   * Fix CVE-2015-0286
   * Fix CVE-2015-0287
   * Fix CVE-2015-0289
   * Fix CVE-2015-0292
   * Fix CVE-2015-0293
   * Fix CVE-2015-0209
   * Fix CVE-2015-0288
   * Remove export ciphers from DEFAULT.
Checksums-Sha1: 
 234eac96a263d006320aed3ea7dc5ee0f4adb303 1548 ia32-libs_20150413.dsc
 80e1652cbd99f0fbdb27e7bfdc6b22b08a0b1bcb 334822997 ia32-libs_20150413.tar.gz
 d37437d49a04052138d649c133294dd7389fc441 34262700 ia32-libs_20150413_amd64.deb
 a65c417d6771969033163f1d1178ba48973d969c 13098308 ia32-libs-dev_20150413_amd64.deb
Checksums-Sha256: 
 370f02b51bdf21d5ed7011bd86addd29f10b27f997ba2ff1bf7d0698055f5033 1548 ia32-libs_20150413.dsc
 89b677cb6cd58d61dceb2247f3627be602cb1e059c77bd7a4cab9994bc682d44 334822997 ia32-libs_20150413.tar.gz
 4bce46ec7e370368bbd27956406abfb1d04a1ce1419231db2d7c563a79184a9e 34262700 ia32-libs_20150413_amd64.deb
 a9a7fb60ddaf8704e8ddd1b9c1bdcdab33e9764702bf06ecf537560b70efd7bf 13098308 ia32-libs-dev_20150413_amd64.deb
Files: 
 be37e03570fbc2a8d23e25bd7e4852dc 1548 libs optional ia32-libs_20150413.dsc
 c46bdc47dc469164effab1a64395ed51 334822997 libs optional ia32-libs_20150413.tar.gz
 349911af5b26fcb93a57ed476929eca6 34262700 libs optional ia32-libs_20150413_amd64.deb
 7f6a832479816a47808618be8d2cbe71 13098308 libdevel extra ia32-libs-dev_20150413_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVK++7AAoJEFb2GnlAHawEyIMIAK3cpx/2c2DHhCTbOK4CnI47
Jw5Yqzmjp0Gu/rtrxhPDDjHnfA91tZZA2lFBwdHc3Okv73nVKoFU6Z0/8v3OaJ1z
7K8ChVzX3phGoG0Y2FcPgIx+rCsBtsezwgmyK2QkZdajZhQldMlH7KEtXrJI0xy7
+0iteFgumzTCoT/hMEXzlTJK7UcS5fRhtzhmEukEJ5LDXzxPYOmGcupckR4c1+vK
lXN/w05scr16Rj6iTAsRqOVfD8hI51hV/fTdK03CkoJGmLXYZ/oOY8jYtwFz819h
syHcxPV7EIFr7oUL4zeSU3+fL849CQaIQqHagO0GaeaZZ09ZF7h8ytcOzoixe08=
=i9VZ
-----END PGP SIGNATURE-----
News for package ia32-libs
