Branches for Edgy

Author: sean finney
Revision Date: 2006-08-04 08:57:33 UTC

[sean finney]
* to make backporting easier, change the build dep on libpq-dev
  to libpq-dev | postgresql-dev. thanks to Jan Wagner for the
  suggestion.
* fix for check_ldaps showing up in two packages (closes: #373926).
  thanks to Jan for being persistant in pointing this out.
* that last one is rc, hence high urgency.

Author: Jamie Strandboge
Revision Date: 2007-10-17 17:07:05 UTC

* SECURITY UPDATE: denial of service via multiple HTTPS redirects
* debian/patches/24_SECURITY_LP153697.dpatch: set SSL context and SSL
  connection to NULL in np_net_ssl_cleanup()
* SECURITY UPDATE: denial of service via multiple redirects
* debian/patches/25_SECURITY_LP153703.dpatch: fix off-by-one error to
  re-allocate the proper amount of memory in redir()
* SECURITY UPDATE: denial of service and possible arbitrary code execution
  as the user in check_http.c via crafted Location Header
* debian/patches/26_SECURITY_CVE-2007-5198.dpatch: properly validate
  Location header in redir(). Thanks to Luca Falavigna for preliminary
  patches.
* References
  LP: #153697
  LP: #153703
  CVE-2007-5198
  LP: #152624

Author: Jamie Strandboge
Revision Date: 2007-10-17 17:07:05 UTC

* SECURITY UPDATE: denial of service via multiple HTTPS redirects
* debian/patches/24_SECURITY_LP153697.dpatch: set SSL context and SSL
  connection to NULL in np_net_ssl_cleanup()
* SECURITY UPDATE: denial of service via multiple redirects
* debian/patches/25_SECURITY_LP153703.dpatch: fix off-by-one error to
  re-allocate the proper amount of memory in redir()
* SECURITY UPDATE: denial of service and possible arbitrary code execution
  as the user in check_http.c via crafted Location Header
* debian/patches/26_SECURITY_CVE-2007-5198.dpatch: properly validate
  Location header in redir(). Thanks to Luca Falavigna for preliminary
  patches.
* References
  LP: #153697
  LP: #153703
  CVE-2007-5198
  LP: #152624