Debian Package Tracker

From: Thijs Kinkhorst <thijs@debian.org>
To: <debian-lts-changes@lists.debian.org>
Subject: Accepted ia32-libs 20150804 (source amd64) into squeeze-lts
Date: Tue, 04 Aug 2015 09:50:21 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 04 Aug 2015 10:36:11 +0200
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev
Architecture: source amd64
Version: 20150804
Distribution: squeeze-lts
Urgency: low
Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 ia32-libs  - ia32 shared libraries for use on amd64 and ia64 systems
 ia32-libs-dev - ia32 development files for use on amd64 and ia64 systems
Changes: 
 ia32-libs (20150804) squeeze-lts; urgency=low
 .
   * Packages updated
 .
   [ cups (1.4.4-7+squeeze9) squeeze-lts; urgency=medium ]
 .
   * Add the previous patch name into debian/patches/00list, it wasn't applied
 .
   [ cups (1.4.4-7+squeeze8) squeeze-lts; urgency=medium ]
 .
   * Import 1.4 upstream fix for CERT VU#810572: Privilege escalation through
     dynamic linker and isolated vulnerabilities: STR: #4609, VU#810572
     - CVE-2015-1158 - Improper Update of Reference Count
     - CVE-2015-1159 - Cross-Site Scripting
 .
   [ curl (7.21.0-2.1+squeeze12) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Fix re-using authenticated connection when unauthenticated
     as per CVE-2015-3143
     http://curl.haxx.se/docs/adv_20150422A.html
   * Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
     http://curl.haxx.se/docs/adv_20150422B.html
 .
   [ expat (2.0.1-7+squeeze2) squeeze-lts; urgency=low ]
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * debian/rules: deactivate unpatch, does not even work
                   in +squeeze1 anymore
   * CVE-2015-1283
     Multiple integer overflows in the XML_GetBuffer function in Expat
     through 2.1.0, as used in Google Chrome before 44.0.2403.89 and
     other products, allow remote attackers to cause a denial of service
     (heap-based buffer overflow) or possibly have unspecified other
     impact via crafted XML data, a related issue to CVE-2015-2716.
 .
   [ libidn (1.15-2+deb6u1) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS team
   * Change source format to 3.0 (quilt)
   * stringprep_utf8_to_ucs4 now rejects invalid UTF-8 (CVE-2015-2059)
   * Run gnulib and autoreconf to update generated files
 .
   [ libsdl1.2 (1.2.14-6.1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libx11 (2:1.3.3-4+squeeze2) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload from the Debian LTS team.
   * CVE-2013-7439: buffer overflow in the MakeBigReq macro
 .
   [ libxext (2:1.1.2-1+squeeze1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libxfixes (1:4.0.5-1+squeeze1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libxi (2:1.3-8+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libxml2 (2.7.8.dfsg-2+squeeze12) squeeze-lts; urgency=medium ]
 .
   * Non-maintainer upload by the Debian LTS team.
   * debian/patches:
     + Fix CVE-2015-1819:  Enforce the reader to run in constant memory.
       (#782782).
     + Fix out-of-bounds memory access when parsing an unclosed HTML comment.
       (#782985).
     + Fix out-of-bound memory access during read operations. (#783010).
   * debian/rules:
     + Disable updating of config.sub and config.guess during
       override_dh_auto_clean to avoid .debdiff pollution.
 .
   [ libxp (1:1.0.0.xsf1-2+squeeze1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libxrandr (2:1.3.0-3+squeeze1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libxrender (1:0.9.6-1+squeeze1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ libxv (2:1.0.5-1+squeeze1+build1) squeeze-lts; urgency=medium ]
 .
   * Rebuild against libx11-dev fixed for CVE-2013-7439.
 .
   [ openldap (2.4.23-7.3+deb6u1) squeeze-lts; urgency=high ]
 .
   * debian/slapd.init.ldif: Disallow modifying one's own entry by default,
     except specific attributes. (CVE-2014-9713) (#761406)
   * debian/slapd.{config,templates}: On upgrade, if an access rule begins with
     "to * by self write", show a debconf note warning that it should be
     changed.
   * debian/slapd.README.debian: Add information about how to remove "to * by
     self write" from existing ACLs.
   * debian/po/*: Add translations of debconf warning.
   * debian/patches/ITS7723-fix-reference-counting.patch: Import upstream patch
     to fix a crash in the rwm overlay when a search is immediately followed by
     an unbind. (ITS#7723) (CVE-2013-4449) (#729367)
   * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
     patch to fix a crash when a search includes the Deref control with an
     empty attribute list. (ITS#8027) (CVE-2015-1545) (#776988)
   * debian/patches/ITS7143-fix-attr_dup2-when-attrsOnly.patch: Import upstream
     patch to fix a crash when doing an attrsOnly search of a database
     configured with both the rwm and translucent overlays. (ITS#7143)
     (CVE-2012-1164) (#663644)
 .
   [ openssl (0.9.8o-4squeeze21) squeeze-lts; urgency=medium ]
 .
   * Fix CVE-2015-1791
   * Fix CVE-2015-1792
   * Fix CVE-2015-1790
   * Fix CVE-2015-1789
   * Fix CVE-2014-8176
   * CVE-2015-4000: Have minimum of 768 bit for DH
 .
   [ tiff (3.9.4-5+squeeze12) squeeze-lts; urgency=high ]
 .
   * Non-maintainer upload by the Squeeze LTS team
   * Fixes for most of CVE-2014-8127 (out-of-bounds reads; bugs #2484, #2485,
     #2486)
   * Fixes for CVE-2014-8128 (out-of-bounds writes; bugs #2489, #2492, #2493,
     #2495, #2499, #2501)
   * Fix for CVE-2014-8129 (out-of-bounds read and write in NeXT 2-bit Grey
     Scale Compression Algorithm decoder; bugs #2487, #2488)
   * Fix for CVE-2014-9330 (out-of-bounds read in bmp2tiff; bug #2494)
     (#773987)
   * Fix for CVE-2014-9655 (out-of-bounds reads in NeXT 2-bit Grey
     Scale Compression Algorithm decoder and YCbCr-RGB converters)
Checksums-Sha1: 
 8f036cb1baadd378af3e7b4ffc47924fd946bedc 1548 ia32-libs_20150804.dsc
 fbc3090180861e34c2ad31353f9dadcc0be50e3c 528919851 ia32-libs_20150804.tar.gz
 ab6177918371ca3a047eb570c679c8f81be216fe 34272714 ia32-libs_20150804_amd64.deb
 08d39a42dab52ff6e216e4a5b2417c23655d02d1 13096956 ia32-libs-dev_20150804_amd64.deb
Checksums-Sha256: 
 55dcaf6499ad68f38a3fe8210a94a68c3433e0e96f2d6c8445d23a3cfd43eeda 1548 ia32-libs_20150804.dsc
 bed02086fda441535ba568787b23f2cbc3330cfdd74157b1cf2f249796392ba1 528919851 ia32-libs_20150804.tar.gz
 5772ae159ccdd69a21952e9919f6173f0c11c9cfaa72f806383fa5faa3a20ca6 34272714 ia32-libs_20150804_amd64.deb
 ed79e272786d832513f20f252d73b92f29a5d06f1a724cf19c49e187e7d21e0c 13096956 ia32-libs-dev_20150804_amd64.deb
Files: 
 9c89c4b90d2a80a5a2848a81ed8218bd 1548 libs optional ia32-libs_20150804.dsc
 e94d2fa7e5c31cd7bf0ffacf0e5f0fee 528919851 libs optional ia32-libs_20150804.tar.gz
 d72964842217ae0182de3dc00eb298d7 34272714 libs optional ia32-libs_20150804_amd64.deb
 cc900adfd237166292f9fa1b1107d94d 13096956 libdevel extra ia32-libs-dev_20150804_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVwIftAAoJEFb2GnlAHawEFIQH/2Qpo09KQu2Ozj+SCHm62jQH
UfU872P2rTKZMgZbmRbFLLjZA9IbDNx+trdRSohrFcKWcrov1SMSKUwUI57ubcG0
AMppwBIljW6nIRQYxgN8Qzy9lBgTVc8EZMn7tag15d7FkCquFRoWtMtYW7njpPsE
R9icVqCvKaJDGBjrn44gQOoLfv2rE7xnpd49GT7gdzkxBT4sAfD9o3OlZxUmHK9N
btOdW1asa+qqAUDVdXZovZhJFU5Kg2c1WGartHEag/pJ28Xjt9Dh82M01gMIflCG
7FWpVjMObXuOxSr74n4ph8gwblUH+KHcdU4gV3MU4PV70Oj3UCKh7EOJWuQjVsw=
=2eU7
-----END PGP SIGNATURE-----
News for package ia32-libs
