========================================= Thu, 23 Oct 2008 - Debian 4.0r5 released ========================================= stable/main/binary-sparc/yaird_0.0.12-18etch1_sparc.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-s390/yaird_0.0.12-18etch1_s390.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-powerpc/yaird_0.0.12-18etch1_powerpc.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-mipsel/yaird_0.0.12-18etch1_mipsel.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-mips/yaird_0.0.12-18etch1_mips.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-ia64/yaird_0.0.12-18etch1_ia64.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-i386/yaird_0.0.12-18etch1_i386.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-hppa/yaird_0.0.12-18etch1_hppa.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-arm/yaird_0.0.12-18etch1_arm.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-alpha/yaird_0.0.12-18etch1_alpha.deb yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-amd64/yaird_0.0.12-18etch1_amd64.deb stable/main/source/yaird_0.0.12-18etch1.dsc stable/main/source/yaird_0.0.12-18etch1.diff.gz yaird (0.0.12-18etch1) stable-proposed-updates; urgency=low * Add patch 1018 to ignore "uniq" hint in input devices, added in Linux 2.6.22. Closes: bug#426728, #431534, #434597, #435227, #435268, #435560, thanks to Bin Zhang and lots of others. * Add patch 1022 to fix passing dashed options to run_init. Closes: bug#416927, thanks to Michael Biebl and Roderick Schupp. This may have been the cause of various other problems passing dashed boot options to userspace tools. * Add patch 1024 to load all available thermal modules. Closes: Bug#457459, thanks to maximilian attems. * Add patch 1025 to fix resolving sysfs eventX symlinks for devices introduced in 2.6.23. Closes: bug#443821, thanks to Jan Echternach and others helping to resolve this issue. * Disable local cdbs snippet copyright-check.mk (broken). stable/main/binary-sparc/python-xpcom_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/xulrunner_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libmozjs0d_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libnspr4-0d_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libxul0d_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libnss3-0d_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/libnss3-tools_1.8.0.15~pre080614d-0etch1_sparc.deb stable/main/binary-sparc/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_sparc.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-s390/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libxul0d_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libmozjs0d_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libnss3-0d_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/xulrunner_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libnss3-tools_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/python-xpcom_1.8.0.15~pre080614d-0etch1_s390.deb stable/main/binary-s390/libnspr4-0d_1.8.0.15~pre080614d-0etch1_s390.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-powerpc/libnss3-tools_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libnspr4-0d_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libmozjs0d_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libnss3-0d_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libxul0d_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/python-xpcom_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_powerpc.deb stable/main/binary-powerpc/xulrunner_1.8.0.15~pre080614d-0etch1_powerpc.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-mipsel/libnss3-0d_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libnspr4-0d_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/python-xpcom_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/xulrunner_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libxul0d_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libnss3-tools_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libmozjs0d_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_mipsel.deb stable/main/binary-mipsel/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-mips/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libnss3-0d_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libnspr4-0d_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/xulrunner_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/python-xpcom_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libmozjs0d_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libnss3-tools_1.8.0.15~pre080614d-0etch1_mips.deb stable/main/binary-mips/libxul0d_1.8.0.15~pre080614d-0etch1_mips.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-ia64/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libnss3-0d_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libmozjs0d_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libnss3-tools_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libxul0d_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/libnspr4-0d_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/python-xpcom_1.8.0.15~pre080614d-0etch1_ia64.deb stable/main/binary-ia64/xulrunner_1.8.0.15~pre080614d-0etch1_ia64.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-hppa/libnspr4-0d_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libnss3-tools_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libnss3-0d_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/xulrunner_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libmozjs0d_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/python-xpcom_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libxul0d_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb stable/main/binary-hppa/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-arm/xulrunner_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libnspr4-0d_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/python-xpcom_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libmozjs0d_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libnss3-tools_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libxul0d_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libnss3-0d_1.8.0.15~pre080614d-0etch1_arm.deb stable/main/binary-arm/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-amd64/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libnss3-0d_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libmozjs0d_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libnspr4-0d_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/python-xpcom_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libnss3-tools_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/xulrunner_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libxul0d_1.8.0.15~pre080614d-0etch1_amd64.deb stable/main/binary-amd64/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-alpha/libxul0d_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/xulrunner_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libmozjs0d_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libnss3-0d_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libnss3-tools_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/python-xpcom_1.8.0.15~pre080614d-0etch1_alpha.deb stable/main/binary-alpha/libnspr4-0d_1.8.0.15~pre080614d-0etch1_alpha.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-all/libxul-dev_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-all/libnss3-dev_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-all/libsmjs-dev_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-all/libxul-common_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-all/libmozillainterfaces-java_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-i386/libmozjs0d_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/xulrunner_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/libnspr4-0d_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/libnss3-0d_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/python-xpcom_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/source/xulrunner_1.8.0.15~pre080614d.orig.tar.gz stable/main/source/xulrunner_1.8.0.15~pre080614d-0etch1.dsc stable/main/source/xulrunner_1.8.0.15~pre080614d-0etch1.diff.gz stable/main/binary-all/libmozjs-dev_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-i386/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-all/libnspr4-dev_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-i386/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/libxul0d_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-i386/libnss3-tools_1.8.0.15~pre080614d-0etch1_i386.deb stable/main/binary-all/libsmjs1_1.8.0.15~pre080614d-0etch1_all.deb stable/main/binary-i386/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb xulrunner (1.8.0.15~pre080614d-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.15 + 2.0.0.16) * Upstream advisories (v2.0.0.15): MFSA 2008-21 aka CVE-2008-2798 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-21 aka CVE-2008-2799 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin violation MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget and DOM Range MFSA 2008-28 aka CVE-2008-2806 - Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings not escaped properly MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows URL shortcut MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * Upstream advisories (v2.0.0.16): MFSA 2008-35 aka CVE-2008-2785 - Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 aka CVE-2008-2933 - Remote code execution by overflowing CSS reference counter MFSA 2008-36 aka CVE-2008-2934 - Crash with malformed GIF file on Mac OS X * debian/patches/90_bz421622.dpatch,90_bz425576.dpatch: drop prepatched prepatches which are now shipped in upstream source. * debian/patches/00list: Updated accordingly. * debian/patches/00list: disable 20_visibility patch now shipped upstream * debian/patches/99_configure.dpatch: updated accordingly. stable/main/binary-sparc/wordnet-dev_2.1-4+etch2_sparc.deb stable/main/binary-sparc/wordnet_2.1-4+etch2_sparc.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-s390/wordnet_2.1-4+etch2_s390.deb stable/main/binary-s390/wordnet-dev_2.1-4+etch2_s390.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-powerpc/wordnet-dev_2.1-4+etch2_powerpc.deb stable/main/binary-powerpc/wordnet_2.1-4+etch2_powerpc.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-mipsel/wordnet_2.1-4+etch2_mipsel.deb stable/main/binary-mipsel/wordnet-dev_2.1-4+etch2_mipsel.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-mips/wordnet_2.1-4+etch2_mips.deb stable/main/binary-mips/wordnet-dev_2.1-4+etch2_mips.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-ia64/wordnet_2.1-4+etch2_ia64.deb stable/main/binary-ia64/wordnet-dev_2.1-4+etch2_ia64.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-hppa/wordnet-dev_2.1-4+etch2_hppa.deb stable/main/binary-hppa/wordnet_2.1-4+etch2_hppa.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-arm/wordnet_2.1-4+etch2_arm.deb stable/main/binary-arm/wordnet-dev_2.1-4+etch2_arm.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-amd64/wordnet-dev_2.1-4+etch2_amd64.deb stable/main/binary-amd64/wordnet_2.1-4+etch2_amd64.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-alpha/wordnet_2.1-4+etch2_alpha.deb stable/main/binary-alpha/wordnet-dev_2.1-4+etch2_alpha.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-all/wordnet-sense-index_2.1-4+etch2_all.deb stable/main/binary-i386/wordnet_2.1-4+etch2_i386.deb stable/main/binary-i386/wordnet-dev_2.1-4+etch2_i386.deb stable/main/source/wordnet_2.1-4+etch2.dsc stable/main/source/wordnet_2.1-4+etch2.diff.gz stable/main/binary-all/wordnet-base_2.1-4+etch2_all.deb wordnet (1:2.1-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch to fix regression bug that broke wordnet checks for synonyms, which was introduced by the security fix stable/main/binary-sparc/wdiff_0.5-16etch1_sparc.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-s390/wdiff_0.5-16etch1_s390.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-powerpc/wdiff_0.5-16etch1_powerpc.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-mipsel/wdiff_0.5-16etch1_mipsel.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-mips/wdiff_0.5-16etch1_mips.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-ia64/wdiff_0.5-16etch1_ia64.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-i386/wdiff_0.5-16etch1_i386.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-hppa/wdiff_0.5-16etch1_hppa.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-arm/wdiff_0.5-16etch1_arm.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-alpha/wdiff_0.5-16etch1_alpha.deb wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-all/wdiff-doc_0.5-16etch1_all.deb stable/main/source/wdiff_0.5-16etch1.diff.gz stable/main/binary-amd64/wdiff_0.5-16etch1_amd64.deb stable/main/source/wdiff_0.5-16etch1.dsc wdiff (0.5-16etch1) stable-proposed-updates; urgency=low * Changed wdiff.c to use mkstemp and fdopen instead of tmpnam to avoid a race condition (Bug #425254). Backported from 0.5-18. stable/main/binary-i386/user-mode-linux_2.6.18-1um-2etch.23_i386.deb stable/main/source/user-mode-linux_2.6.18-1um-2etch.23.dsc stable/main/source/user-mode-linux_2.6.18-1um-2etch.23.diff.gz user-mode-linux (2.6.18-1um-2etch.23) stable; urgency=high * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-23: [ Ian Campbell ] * Fix DMA crash under Xen when no IOMMU is present (closes: #445987) [ dann frazier ] * [xfs] Fix attr2 corruption with btree data extents (closes: #498309) stable/main/source/tzdata_2008e-1etch3.diff.gz stable/main/binary-all/tzdata_2008e-1etch3_all.deb stable/main/source/tzdata_2008e-1etch3.dsc tzdata (2008e-1etch3) stable; urgency=low * Non-maintainer upload as requested by the maintainers. * Fix Argentina again, setting up the DST and adding exceptions for the provinces that don't change. Closes: #502430 stable/main/source/twiki_4.0.5-9.1etch1.dsc stable/main/source/twiki_4.0.5-9.1etch1.diff.gz stable/main/binary-all/twiki_4.0.5-9.1etch1_all.deb twiki (1:4.0.5-9.1etch1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Fix file disclosure, and execution of arbitrary commands via bin/configure. [CVE-2008-3195] stable/main/source/trac_0.10.3-1etch4.diff.gz stable/main/binary-all/trac_0.10.3-1etch4_all.deb stable/main/source/trac_0.10.3-1etch4.dsc trac (0.10.3-1etch4) stable; urgency=low [ Luis Matos ] * Wiki link formatter: missing escape for links look-alike. CVE-2008- 3328 * Fixing a cross-site redirection vulnerability in the quickjump functionality. CVE-2008-2951. stable/main/binary-sparc/libtiff4-dev_3.8.2-7+etch1_sparc.deb stable/main/binary-sparc/libtiff4_3.8.2-7+etch1_sparc.deb stable/main/binary-sparc/libtiffxx0c2_3.8.2-7+etch1_sparc.deb stable/main/binary-sparc/libtiff-tools_3.8.2-7+etch1_sparc.deb stable/main/binary-sparc/libtiff-opengl_3.8.2-7+etch1_sparc.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-s390/libtiff-opengl_3.8.2-7+etch1_s390.deb stable/main/binary-s390/libtiff4_3.8.2-7+etch1_s390.deb stable/main/binary-s390/libtiffxx0c2_3.8.2-7+etch1_s390.deb stable/main/binary-s390/libtiff4-dev_3.8.2-7+etch1_s390.deb stable/main/binary-s390/libtiff-tools_3.8.2-7+etch1_s390.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-powerpc/libtiff4-dev_3.8.2-7+etch1_powerpc.deb stable/main/binary-powerpc/libtiff4_3.8.2-7+etch1_powerpc.deb stable/main/binary-powerpc/libtiff-opengl_3.8.2-7+etch1_powerpc.deb stable/main/binary-powerpc/libtiffxx0c2_3.8.2-7+etch1_powerpc.deb stable/main/binary-powerpc/libtiff-tools_3.8.2-7+etch1_powerpc.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-mipsel/libtiffxx0c2_3.8.2-7+etch1_mipsel.deb stable/main/binary-mipsel/libtiff-tools_3.8.2-7+etch1_mipsel.deb stable/main/binary-mipsel/libtiff4-dev_3.8.2-7+etch1_mipsel.deb stable/main/binary-mipsel/libtiff4_3.8.2-7+etch1_mipsel.deb stable/main/binary-mipsel/libtiff-opengl_3.8.2-7+etch1_mipsel.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-mips/libtiff-tools_3.8.2-7+etch1_mips.deb stable/main/binary-mips/libtiff-opengl_3.8.2-7+etch1_mips.deb stable/main/binary-mips/libtiff4_3.8.2-7+etch1_mips.deb stable/main/binary-mips/libtiff4-dev_3.8.2-7+etch1_mips.deb stable/main/binary-mips/libtiffxx0c2_3.8.2-7+etch1_mips.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-ia64/libtiff4-dev_3.8.2-7+etch1_ia64.deb stable/main/binary-ia64/libtiff4_3.8.2-7+etch1_ia64.deb stable/main/binary-ia64/libtiffxx0c2_3.8.2-7+etch1_ia64.deb stable/main/binary-ia64/libtiff-tools_3.8.2-7+etch1_ia64.deb stable/main/binary-ia64/libtiff-opengl_3.8.2-7+etch1_ia64.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-hppa/libtiffxx0c2_3.8.2-7+etch1_hppa.deb stable/main/binary-hppa/libtiff-opengl_3.8.2-7+etch1_hppa.deb stable/main/binary-hppa/libtiff4_3.8.2-7+etch1_hppa.deb stable/main/binary-hppa/libtiff-tools_3.8.2-7+etch1_hppa.deb stable/main/binary-hppa/libtiff4-dev_3.8.2-7+etch1_hppa.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-arm/libtiff-opengl_3.8.2-7+etch1_arm.deb stable/main/binary-arm/libtiff-tools_3.8.2-7+etch1_arm.deb stable/main/binary-arm/libtiff4_3.8.2-7+etch1_arm.deb stable/main/binary-arm/libtiff4-dev_3.8.2-7+etch1_arm.deb stable/main/binary-arm/libtiffxx0c2_3.8.2-7+etch1_arm.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-amd64/libtiff4_3.8.2-7+etch1_amd64.deb stable/main/binary-amd64/libtiff-opengl_3.8.2-7+etch1_amd64.deb stable/main/binary-amd64/libtiff-tools_3.8.2-7+etch1_amd64.deb stable/main/binary-amd64/libtiff4-dev_3.8.2-7+etch1_amd64.deb stable/main/binary-amd64/libtiffxx0c2_3.8.2-7+etch1_amd64.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-alpha/libtiff4_3.8.2-7+etch1_alpha.deb stable/main/binary-alpha/libtiff4-dev_3.8.2-7+etch1_alpha.deb stable/main/binary-alpha/libtiffxx0c2_3.8.2-7+etch1_alpha.deb stable/main/binary-alpha/libtiff-opengl_3.8.2-7+etch1_alpha.deb stable/main/binary-alpha/libtiff-tools_3.8.2-7+etch1_alpha.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-i386/libtiff4_3.8.2-7+etch1_i386.deb stable/main/binary-i386/libtiff-opengl_3.8.2-7+etch1_i386.deb stable/main/binary-i386/libtiff-tools_3.8.2-7+etch1_i386.deb stable/main/source/tiff_3.8.2-7+etch1.dsc stable/main/binary-i386/libtiffxx0c2_3.8.2-7+etch1_i386.deb stable/main/source/tiff_3.8.2-7+etch1.diff.gz stable/main/binary-i386/libtiff4-dev_3.8.2-7+etch1_i386.deb tiff (3.8.2-7+etch1) stable-security; urgency=high * Apply patches from Drew Yao of Apple Product Security to fix CVE-2008-2327, a potential buffer underflow in the LZW decoder (tif_lzw.c). stable/main/binary-sparc/squid_2.6.5-6etch4_sparc.deb stable/main/binary-sparc/squid-cgi_2.6.5-6etch4_sparc.deb stable/main/binary-sparc/squidclient_2.6.5-6etch4_sparc.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-s390/squid-cgi_2.6.5-6etch4_s390.deb stable/main/binary-s390/squidclient_2.6.5-6etch4_s390.deb stable/main/binary-s390/squid_2.6.5-6etch4_s390.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-powerpc/squidclient_2.6.5-6etch4_powerpc.deb stable/main/binary-powerpc/squid_2.6.5-6etch4_powerpc.deb stable/main/binary-powerpc/squid-cgi_2.6.5-6etch4_powerpc.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-mipsel/squidclient_2.6.5-6etch4_mipsel.deb stable/main/binary-mipsel/squid_2.6.5-6etch4_mipsel.deb stable/main/binary-mipsel/squid-cgi_2.6.5-6etch4_mipsel.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-mips/squidclient_2.6.5-6etch4_mips.deb stable/main/binary-mips/squid_2.6.5-6etch4_mips.deb stable/main/binary-mips/squid-cgi_2.6.5-6etch4_mips.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-ia64/squid_2.6.5-6etch4_ia64.deb stable/main/binary-ia64/squidclient_2.6.5-6etch4_ia64.deb stable/main/binary-ia64/squid-cgi_2.6.5-6etch4_ia64.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-i386/squid-cgi_2.6.5-6etch4_i386.deb stable/main/binary-i386/squid_2.6.5-6etch4_i386.deb stable/main/binary-i386/squidclient_2.6.5-6etch4_i386.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-hppa/squid_2.6.5-6etch4_hppa.deb stable/main/binary-hppa/squidclient_2.6.5-6etch4_hppa.deb stable/main/binary-hppa/squid-cgi_2.6.5-6etch4_hppa.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-arm/squid-cgi_2.6.5-6etch4_arm.deb stable/main/binary-arm/squidclient_2.6.5-6etch4_arm.deb stable/main/binary-arm/squid_2.6.5-6etch4_arm.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-alpha/squid-cgi_2.6.5-6etch4_alpha.deb stable/main/binary-alpha/squidclient_2.6.5-6etch4_alpha.deb stable/main/binary-alpha/squid_2.6.5-6etch4_alpha.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-amd64/squid-cgi_2.6.5-6etch4_amd64.deb stable/main/source/squid_2.6.5-6etch4.diff.gz stable/main/binary-all/squid-common_2.6.5-6etch4_all.deb stable/main/binary-amd64/squidclient_2.6.5-6etch4_amd64.deb stable/main/source/squid_2.6.5-6etch4.dsc stable/main/binary-amd64/squid_2.6.5-6etch4_amd64.deb squid (2.6.5-6etch4) stable-security; urgency=high * Non-maintainer upload by the security team. * Actually apply debian/patches/59-dos-cache-update-2.dpatch in the build. Thanks to Christoph Biedl for the catch. stable/main/binary-sparc/sobby_0.4.1-1+b2_sparc.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for sparc; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-s390/sobby_0.4.1-1+b2_s390.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for s390; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-powerpc/sobby_0.4.1-1+b2_powerpc.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for powerpc; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-mipsel/sobby_0.4.1-1+b2_mipsel.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for mipsel; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-mips/sobby_0.4.1-1+b2_mips.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for mips; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-ia64/sobby_0.4.1-1+b2_ia64.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for ia64; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-i386/sobby_0.4.1-1+b2_i386.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for i386; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-hppa/sobby_0.4.1-1+b2_hppa.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for hppa; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-arm/sobby_0.4.1-1+b2_arm.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for arm; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-amd64/sobby_0.4.1-1+b2_amd64.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for amd64; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-alpha/sobby_0.4.1-1+b2_alpha.deb sobby (0.4.1-1+b2) stable; urgency=low * Binary-only non-maintainer upload for alpha; no source changes. * rebuild against net6 1.3.1-4 stable/main/binary-sparc/slash_2.2.6-8etch1_sparc.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-s390/slash_2.2.6-8etch1_s390.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-powerpc/slash_2.2.6-8etch1_powerpc.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-mipsel/slash_2.2.6-8etch1_mipsel.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-mips/slash_2.2.6-8etch1_mips.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-ia64/slash_2.2.6-8etch1_ia64.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-i386/slash_2.2.6-8etch1_i386.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-hppa/slash_2.2.6-8etch1_hppa.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-arm/slash_2.2.6-8etch1_arm.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-alpha/slash_2.2.6-8etch1_alpha.deb slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/source/slash_2.2.6-8etch1.dsc stable/main/binary-amd64/slash_2.2.6-8etch1_amd64.deb stable/main/source/slash_2.2.6-8etch1.diff.gz slash (2.2.6-8etch1) stable-security; urgency=high * Security fixes for CVE-2008-2231 and CVE-2008-2553 (Closes: #484499) stable/main/binary-sparc/ruby1.9-dev_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libgdbm-ruby1.9_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libruby1.9-dbg_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libtcltk-ruby1.9_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libdbm-ruby1.9_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libruby1.9_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libopenssl-ruby1.9_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/libreadline-ruby1.9_1.9.0+20060609-1etch3_sparc.deb stable/main/binary-sparc/ruby1.9_1.9.0+20060609-1etch3_sparc.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-s390/libopenssl-ruby1.9_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/libgdbm-ruby1.9_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/libtcltk-ruby1.9_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/libruby1.9-dbg_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/libruby1.9_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/ruby1.9_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/ruby1.9-dev_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/libreadline-ruby1.9_1.9.0+20060609-1etch3_s390.deb stable/main/binary-s390/libdbm-ruby1.9_1.9.0+20060609-1etch3_s390.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-powerpc/libdbm-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/libgdbm-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/libopenssl-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/libruby1.9_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/libreadline-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/ruby1.9_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/ruby1.9-dev_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/libruby1.9-dbg_1.9.0+20060609-1etch3_powerpc.deb stable/main/binary-powerpc/libtcltk-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-mipsel/libtcltk-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/libgdbm-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/libreadline-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/libruby1.9-dbg_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/libruby1.9_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/libopenssl-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/libdbm-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/ruby1.9-dev_1.9.0+20060609-1etch3_mipsel.deb stable/main/binary-mipsel/ruby1.9_1.9.0+20060609-1etch3_mipsel.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-mips/ruby1.9_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libdbm-ruby1.9_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libgdbm-ruby1.9_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libtcltk-ruby1.9_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libruby1.9-dbg_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libreadline-ruby1.9_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libruby1.9_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/ruby1.9-dev_1.9.0+20060609-1etch3_mips.deb stable/main/binary-mips/libopenssl-ruby1.9_1.9.0+20060609-1etch3_mips.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-ia64/libruby1.9_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/libgdbm-ruby1.9_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/ruby1.9-dev_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/ruby1.9_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/libreadline-ruby1.9_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/libdbm-ruby1.9_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/libruby1.9-dbg_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/libopenssl-ruby1.9_1.9.0+20060609-1etch3_ia64.deb stable/main/binary-ia64/libtcltk-ruby1.9_1.9.0+20060609-1etch3_ia64.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-hppa/ruby1.9-dev_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libdbm-ruby1.9_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libruby1.9_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libgdbm-ruby1.9_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/ruby1.9_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libtcltk-ruby1.9_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libruby1.9-dbg_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libopenssl-ruby1.9_1.9.0+20060609-1etch3_hppa.deb stable/main/binary-hppa/libreadline-ruby1.9_1.9.0+20060609-1etch3_hppa.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-arm/ruby1.9_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libdbm-ruby1.9_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libgdbm-ruby1.9_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libtcltk-ruby1.9_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/ruby1.9-dev_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libruby1.9-dbg_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libruby1.9_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libopenssl-ruby1.9_1.9.0+20060609-1etch3_arm.deb stable/main/binary-arm/libreadline-ruby1.9_1.9.0+20060609-1etch3_arm.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-amd64/libreadline-ruby1.9_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/libruby1.9-dbg_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/libtcltk-ruby1.9_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/ruby1.9_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/libruby1.9_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/libdbm-ruby1.9_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/libgdbm-ruby1.9_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/ruby1.9-dev_1.9.0+20060609-1etch3_amd64.deb stable/main/binary-amd64/libopenssl-ruby1.9_1.9.0+20060609-1etch3_amd64.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-alpha/libdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/ruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/libopenssl-ruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/libruby1.9-dbg_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/libruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/libgdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/libtcltk-ruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/libreadline-ruby1.9_1.9.0+20060609-1etch3_alpha.deb stable/main/binary-alpha/ruby1.9-dev_1.9.0+20060609-1etch3_alpha.deb ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-all/ruby1.9-examples_1.9.0+20060609-1etch3_all.deb stable/main/binary-all/ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb stable/main/binary-i386/ruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/binary-all/irb1.9_1.9.0+20060609-1etch3_all.deb stable/main/source/ruby1.9_1.9.0+20060609-1etch3.diff.gz stable/main/binary-i386/ruby1.9-dev_1.9.0+20060609-1etch3_i386.deb stable/main/binary-i386/libopenssl-ruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/binary-i386/libdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/binary-i386/libreadline-ruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/binary-all/ri1.9_1.9.0+20060609-1etch3_all.deb stable/main/binary-i386/libruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/binary-i386/libtcltk-ruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/binary-i386/libruby1.9-dbg_1.9.0+20060609-1etch3_i386.deb stable/main/binary-all/rdoc1.9_1.9.0+20060609-1etch3_all.deb stable/main/binary-i386/libgdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb stable/main/source/ruby1.9_1.9.0+20060609-1etch3.dsc ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high * applied debian/patches/103_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . * applied debian/patches/105_cgi_empty_content: invalid multipart data can make cgi.rb infinite loop and CPU consumption. (CVE-2006-5467) stable/main/binary-sparc/libruby1.8-dbg_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/libtcltk-ruby1.8_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/libgdbm-ruby1.8_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/libdbm-ruby1.8_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/libruby1.8_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/libreadline-ruby1.8_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/ruby1.8-dev_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/libopenssl-ruby1.8_1.8.5-4etch3_sparc.deb stable/main/binary-sparc/ruby1.8_1.8.5-4etch3_sparc.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-s390/libopenssl-ruby1.8_1.8.5-4etch3_s390.deb stable/main/binary-s390/ruby1.8-dev_1.8.5-4etch3_s390.deb stable/main/binary-s390/libruby1.8_1.8.5-4etch3_s390.deb stable/main/binary-s390/libgdbm-ruby1.8_1.8.5-4etch3_s390.deb stable/main/binary-s390/libdbm-ruby1.8_1.8.5-4etch3_s390.deb stable/main/binary-s390/libruby1.8-dbg_1.8.5-4etch3_s390.deb stable/main/binary-s390/ruby1.8_1.8.5-4etch3_s390.deb stable/main/binary-s390/libtcltk-ruby1.8_1.8.5-4etch3_s390.deb stable/main/binary-s390/libreadline-ruby1.8_1.8.5-4etch3_s390.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-powerpc/ruby1.8_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libopenssl-ruby1.8_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libgdbm-ruby1.8_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libreadline-ruby1.8_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/ruby1.8-dev_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libdbm-ruby1.8_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libtcltk-ruby1.8_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libruby1.8-dbg_1.8.5-4etch3_powerpc.deb stable/main/binary-powerpc/libruby1.8_1.8.5-4etch3_powerpc.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-mipsel/libgdbm-ruby1.8_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/libruby1.8-dbg_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/libopenssl-ruby1.8_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/libreadline-ruby1.8_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/libruby1.8_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/ruby1.8_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/ruby1.8-dev_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/libtcltk-ruby1.8_1.8.5-4etch3_mipsel.deb stable/main/binary-mipsel/libdbm-ruby1.8_1.8.5-4etch3_mipsel.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-mips/libdbm-ruby1.8_1.8.5-4etch3_mips.deb stable/main/binary-mips/ruby1.8-dev_1.8.5-4etch3_mips.deb stable/main/binary-mips/ruby1.8_1.8.5-4etch3_mips.deb stable/main/binary-mips/libreadline-ruby1.8_1.8.5-4etch3_mips.deb stable/main/binary-mips/libopenssl-ruby1.8_1.8.5-4etch3_mips.deb stable/main/binary-mips/libruby1.8-dbg_1.8.5-4etch3_mips.deb stable/main/binary-mips/libtcltk-ruby1.8_1.8.5-4etch3_mips.deb stable/main/binary-mips/libruby1.8_1.8.5-4etch3_mips.deb stable/main/binary-mips/libgdbm-ruby1.8_1.8.5-4etch3_mips.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-ia64/libreadline-ruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/libopenssl-ruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/libruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/ruby1.8-dev_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/libdbm-ruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/ruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/libtcltk-ruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/libgdbm-ruby1.8_1.8.5-4etch3_ia64.deb stable/main/binary-ia64/libruby1.8-dbg_1.8.5-4etch3_ia64.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-hppa/libgdbm-ruby1.8_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/libreadline-ruby1.8_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/libruby1.8_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/libtcltk-ruby1.8_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/ruby1.8-dev_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/libruby1.8-dbg_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/libopenssl-ruby1.8_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/libdbm-ruby1.8_1.8.5-4etch3_hppa.deb stable/main/binary-hppa/ruby1.8_1.8.5-4etch3_hppa.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-arm/ruby1.8-dev_1.8.5-4etch3_arm.deb stable/main/binary-arm/libopenssl-ruby1.8_1.8.5-4etch3_arm.deb stable/main/binary-arm/libgdbm-ruby1.8_1.8.5-4etch3_arm.deb stable/main/binary-arm/libreadline-ruby1.8_1.8.5-4etch3_arm.deb stable/main/binary-arm/libruby1.8_1.8.5-4etch3_arm.deb stable/main/binary-arm/libdbm-ruby1.8_1.8.5-4etch3_arm.deb stable/main/binary-arm/libtcltk-ruby1.8_1.8.5-4etch3_arm.deb stable/main/binary-arm/libruby1.8-dbg_1.8.5-4etch3_arm.deb stable/main/binary-arm/ruby1.8_1.8.5-4etch3_arm.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-amd64/libruby1.8-dbg_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/ruby1.8_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/libreadline-ruby1.8_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/libopenssl-ruby1.8_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/libruby1.8_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/ruby1.8-dev_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/libtcltk-ruby1.8_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/libdbm-ruby1.8_1.8.5-4etch3_amd64.deb stable/main/binary-amd64/libgdbm-ruby1.8_1.8.5-4etch3_amd64.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-alpha/ruby1.8-dev_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libtcltk-ruby1.8_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libruby1.8_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libgdbm-ruby1.8_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libdbm-ruby1.8_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libruby1.8-dbg_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/ruby1.8_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libreadline-ruby1.8_1.8.5-4etch3_alpha.deb stable/main/binary-alpha/libopenssl-ruby1.8_1.8.5-4etch3_alpha.deb ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-i386/libruby1.8-dbg_1.8.5-4etch3_i386.deb stable/main/binary-i386/libdbm-ruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-all/ri1.8_1.8.5-4etch3_all.deb stable/main/binary-all/ruby1.8-elisp_1.8.5-4etch3_all.deb stable/main/binary-i386/libreadline-ruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-all/rdoc1.8_1.8.5-4etch3_all.deb stable/main/source/ruby1.8_1.8.5-4etch3.dsc stable/main/binary-i386/libruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-i386/ruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-all/irb1.8_1.8.5-4etch3_all.deb stable/main/binary-i386/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-i386/ruby1.8-dev_1.8.5-4etch3_i386.deb stable/main/binary-i386/libtcltk-ruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-i386/libgdbm-ruby1.8_1.8.5-4etch3_i386.deb stable/main/binary-all/ruby1.8-examples_1.8.5-4etch3_all.deb stable/main/source/ruby1.8_1.8.5-4etch3.diff.gz ruby1.8 (1.8.5-4etch3) stable-security; urgency=high * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at and . - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) . stable/main/binary-sparc/python2.5-minimal_2.5-5+etch1_sparc.deb stable/main/binary-sparc/python2.5_2.5-5+etch1_sparc.deb stable/main/binary-sparc/python2.5-dbg_2.5-5+etch1_sparc.deb stable/main/binary-sparc/python2.5-dev_2.5-5+etch1_sparc.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-s390/python2.5-minimal_2.5-5+etch1_s390.deb stable/main/binary-s390/python2.5-dev_2.5-5+etch1_s390.deb stable/main/binary-s390/python2.5-dbg_2.5-5+etch1_s390.deb stable/main/binary-s390/python2.5_2.5-5+etch1_s390.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-powerpc/python2.5_2.5-5+etch1_powerpc.deb stable/main/binary-powerpc/python2.5-minimal_2.5-5+etch1_powerpc.deb stable/main/binary-powerpc/python2.5-dbg_2.5-5+etch1_powerpc.deb stable/main/binary-powerpc/python2.5-dev_2.5-5+etch1_powerpc.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-mipsel/python2.5-minimal_2.5-5+etch1_mipsel.deb stable/main/binary-mipsel/python2.5_2.5-5+etch1_mipsel.deb stable/main/binary-mipsel/python2.5-dev_2.5-5+etch1_mipsel.deb stable/main/binary-mipsel/python2.5-dbg_2.5-5+etch1_mipsel.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-mips/python2.5-minimal_2.5-5+etch1_mips.deb stable/main/binary-mips/python2.5-dev_2.5-5+etch1_mips.deb stable/main/binary-mips/python2.5_2.5-5+etch1_mips.deb stable/main/binary-mips/python2.5-dbg_2.5-5+etch1_mips.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-ia64/python2.5-minimal_2.5-5+etch1_ia64.deb stable/main/binary-ia64/python2.5_2.5-5+etch1_ia64.deb stable/main/binary-ia64/python2.5-dev_2.5-5+etch1_ia64.deb stable/main/binary-ia64/python2.5-dbg_2.5-5+etch1_ia64.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-hppa/python2.5-minimal_2.5-5+etch1_hppa.deb stable/main/binary-hppa/python2.5_2.5-5+etch1_hppa.deb stable/main/binary-hppa/python2.5-dev_2.5-5+etch1_hppa.deb stable/main/binary-hppa/python2.5-dbg_2.5-5+etch1_hppa.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-arm/python2.5-minimal_2.5-5+etch1_arm.deb stable/main/binary-arm/python2.5-dev_2.5-5+etch1_arm.deb stable/main/binary-arm/python2.5_2.5-5+etch1_arm.deb stable/main/binary-arm/python2.5-dbg_2.5-5+etch1_arm.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-amd64/python2.5-dev_2.5-5+etch1_amd64.deb stable/main/binary-amd64/python2.5_2.5-5+etch1_amd64.deb stable/main/binary-amd64/python2.5-dbg_2.5-5+etch1_amd64.deb stable/main/binary-amd64/python2.5-minimal_2.5-5+etch1_amd64.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-alpha/python2.5-minimal_2.5-5+etch1_alpha.deb stable/main/binary-alpha/python2.5-dev_2.5-5+etch1_alpha.deb stable/main/binary-alpha/python2.5_2.5-5+etch1_alpha.deb stable/main/binary-alpha/python2.5-dbg_2.5-5+etch1_alpha.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/binary-all/python2.5-examples_2.5-5+etch1_all.deb stable/main/binary-i386/python2.5-minimal_2.5-5+etch1_i386.deb stable/main/binary-i386/python2.5_2.5-5+etch1_i386.deb stable/main/binary-all/idle-python2.5_2.5-5+etch1_all.deb stable/main/source/python2.5_2.5-5+etch1.diff.gz stable/main/source/python2.5_2.5-5+etch1.dsc stable/main/binary-i386/python2.5-dev_2.5-5+etch1_i386.deb stable/main/binary-i386/python2.5-dbg_2.5-5+etch1_i386.deb python2.5 (2.5-5+etch1) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2007-4965 * CVE-2008-1721 * http://bugs.python.org/issue2587 stable/main/source/python-dns_2.3.0-5.2+etch2.diff.gz stable/main/binary-all/python-dns_2.3.0-5.2+etch2_all.deb stable/main/source/python-dns_2.3.0-5.2+etch2.dsc python-dns (2.3.0-5.2+etch2) stable-security; urgency=high * Non-maintainer upload by the security team; thanks (again) to Scott Kitterman for preparing the fix * Modify DNS/Lib.py so unicode DNS names don't cause a crash (Closes: #499277) * Update DNS/Base.py changes for #490217 to more robust upstream fix stable/main/source/python-django_0.95.1-1etch2.dsc stable/main/binary-all/python-django_0.95.1-1etch2_all.deb stable/main/source/python-django_0.95.1-1etch2.diff.gz python-django (0.95.1-1etch2) stable-security; urgency=low * debian/patches/04_csrf_fix.diff - Fixes cross-site request forgery vulnerability. http://www.djangoproject.com/weblog/2008/sep/02/security/ Closes: 497765 * debian/patches/05_i18n_dos_fix.diff. - Fixes denial of service vulnerability (CVE-2007-5712). Closes: 448838 stable/main/binary-sparc/libecpg-dev_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/libpq-dev_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/libpq4_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/libecpg-compat2_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-plperl-8.1_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/libecpg5_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-contrib-8.1_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-client-8.1_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/libpgtypes2_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-8.1_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-plpython-8.1_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-pltcl-8.1_8.1.13-0etch1_sparc.deb stable/main/binary-sparc/postgresql-server-dev-8.1_8.1.13-0etch1_sparc.deb postgresql-8.1 (8.1.13-0etch1) stable; urgency=low * New upstream bugfix release (please note that 8.1.12 was never released, due to the discovery of another major bug): - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend. This oversight could lead to problems if the aggregate was later involved in a "DROP OWNED" or "REASSIGN OWNED" operation. - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column is correctly checked to see if it's been initialized to all non-nulls. Previous versions neglected to check this requirement at all. - Fix possible "CREATE TABLE" failure when inheriting the "same" constraint from multiple parent relations that inherited that constraint from a common ancestor. - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching. - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix core dump in "contrib/xml2"'s xpath_table() function when the input query returns a NULL value. - Fix longstanding "LISTEN"/"NOTIFY" race condition. In rare cases a session that had just executed a "LISTEN" might not get a notification, even though one would be expected because the concurrent transaction executing "NOTIFY" was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed "LISTEN" command will not see any row in pg_listener for the "LISTEN", should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction. This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted. - Fix rare crash when an error occurs during a query using a hash index. - Fix input of datetime values for February 29 in years BC. The former coding was mistaken about which years were leap years. - Fix "unrecognized node type" error in some variants of "ALTER OWNER". - Fix pg_ctl to correctly extract the postmaster's port number from command-line options. Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. - Fix display of constant expressions in ORDER BY and GROUP BY. An explictly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. - Fix libpq to handle NOTICE messages correctly during COPY OUT. This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. stable/main/binary-s390/postgresql-pltcl-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/libpgtypes2_8.1.13-0etch1_s390.deb stable/main/binary-s390/postgresql-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/libecpg5_8.1.13-0etch1_s390.deb stable/main/binary-s390/libecpg-dev_8.1.13-0etch1_s390.deb stable/main/binary-s390/postgresql-plpython-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/postgresql-server-dev-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/libecpg-compat2_8.1.13-0etch1_s390.deb stable/main/binary-s390/postgresql-client-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/postgresql-plperl-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/postgresql-contrib-8.1_8.1.13-0etch1_s390.deb stable/main/binary-s390/libpq-dev_8.1.13-0etch1_s390.deb stable/main/binary-s390/libpq4_8.1.13-0etch1_s390.deb postgresql-8.1 (8.1.13-0etch1) stable; urgency=low * New upstream bugfix release (please note that 8.1.12 was never released, due to the discovery of another major bug): - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend. This oversight could lead to problems if the aggregate was later involved in a "DROP OWNED" or "REASSIGN OWNED" operation. - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column is correctly checked to see if it's been initialized to all non-nulls. Previous versions neglected to check this requirement at all. - Fix possible "CREATE TABLE" failure when inheriting the "same" constraint from multiple parent relations that inherited that constraint from a common ancestor. - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching. - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix core dump in "contrib/xml2"'s xpath_table() function when the input query returns a NULL value. - Fix longstanding "LISTEN"/"NOTIFY" race condition. In rare cases a session that had just executed a "LISTEN" might not get a notification, even though one would be expected because the concurrent transaction executing "NOTIFY" was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed "LISTEN" command will not see any row in pg_listener for the "LISTEN", should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction. This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted. - Fix rare crash when an error occurs during a query using a hash index. - Fix input of datetime values for February 29 in years BC. The former coding was mistaken about which years were leap years. - Fix "unrecognized node type" error in some variants of "ALTER OWNER". - Fix pg_ctl to correctly extract the postmaster's port number from command-line options. Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. - Fix display of constant expressions in ORDER BY and GROUP BY. An explictly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. - Fix libpq to handle NOTICE messages correctly during COPY OUT. This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. stable/main/binary-powerpc/postgresql-contrib-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/libpgtypes2_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/libecpg-dev_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-server-dev-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/libpq4_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-client-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-pltcl-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-plperl-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/libecpg5_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-plpython-8.1_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/libecpg-compat2_8.1.13-0etch1_powerpc.deb stable/main/binary-powerpc/libpq-dev_8.1.13-0etch1_powerpc.deb postgresql-8.1 (8.1.13-0etch1) stable; urgency=low * New upstream bugfix release (please note that 8.1.12 was never released, due to the discovery of another major bug): - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend. This oversight could lead to problems if the aggregate was later involved in a "DROP OWNED" or "REASSIGN OWNED" operation. - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column is correctly checked to see if it's been initialized to all non-nulls. Previous versions neglected to check this requirement at all. - Fix possible "CREATE TABLE" failure when inheriting the "same" constraint from multiple parent relations that inherited that constraint from a common ancestor. - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching. - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix core dump in "contrib/xml2"'s xpath_table() function when the input query returns a NULL value. - Fix longstanding "LISTEN"/"NOTIFY" race condition. In rare cases a session that had just executed a "LISTEN" might not get a notification, even though one would be expected because the concurrent transaction executing "NOTIFY" was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed "LISTEN" command will not see any row in pg_listener for the "LISTEN", should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction. This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted. - Fix rare crash when an error occurs during a query using a hash index. - Fix input of datetime values for February 29 in years BC. The former coding was mistaken about which years were leap years. - Fix "unrecognized node type" error in some variants of "ALTER OWNER". - Fix pg_ctl to correctly extract the postmaster's port number from command-line options. Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. - Fix display of constant expressions in ORDER BY and GROUP BY. An explictly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. - Fix libpq to handle NOTICE messages correctly during COPY OUT. This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. stable/main/binary-mipsel/postgresql-pltcl-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-client-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/libecpg-dev_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/libecpg5_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-plperl-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-plpython-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/libpq-dev_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-contrib-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/libpgtypes2_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-server-dev-8.1_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/libpq4_8.1.13-0etch1_mipsel.deb stable/main/binary-mipsel/libecpg-compat2_8.1.13-0etch1_mipsel.deb postgresql-8.1 (8.1.13-0etch1) stable; urgency=low * New upstream bugfix release (please note that 8.1.12 was never released, due to the discovery of another major bug): - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend. This oversight could lead to problems if the aggregate was later involved in a "DROP OWNED" or "REASSIGN OWNED" operation. - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column is correctly checked to see if it's been initialized to all non-nulls. Previous versions neglected to check this requirement at all. - Fix possible "CREATE TABLE" failure when inheriting the "same" constraint from multiple parent relations that inherited that constraint from a common ancestor. - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching. - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix core dump in "contrib/xml2"'s xpath_table() function when the input query returns a NULL value. - Fix longstanding "LISTEN"/"NOTIFY" race condition. In rare cases a session that had just executed a "LISTEN" might not get a notification, even though one would be expected because the concurrent transaction executing "NOTIFY" was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed "LISTEN" command will not see any row in pg_listener for the "LISTEN", should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction. This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted. - Fix rare crash when an error occurs during a query using a hash index. - Fix input of datetime values for February 29 in years BC. The former coding was mistaken about which years were leap years. - Fix "unrecognized node type" error in some variants of "ALTER OWNER". - Fix pg_ctl to correctly extract the postmaster's port number from command-line options. Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. - Fix display of constant expressions in ORDER BY and GROUP BY. An explictly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. - Fix libpq to handle NOTICE messages correctly during COPY OUT. This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. stable/main/binary-mips/postgresql-pltcl-8.1_8.1.13-0etch1_mips.deb stable/m