Debian
ia32-libs package

lp:debian/squeeze/ia32-libs

  1. Squeeze (6.0)
  2. squeeze
Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/squeeze/ia32-libs
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

23. By Thijs Kinkhorst

* Packages updated

[ cups (1.4.4-7+squeeze4) oldstable-security; urgency=high ]

* Backport security fix from cups-filters 1.0.47:
  pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
  CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
  arbitrary code execution with the privileges of the "lp" user via
  malicious PDF files. Also restrict the directory from where OPVP drivers
  can get loaded (#741333)

[ curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium ]

* Fix multiple security issues (#742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]

* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
  certificate validation issue. CVE-2014-0092

22. By Thijs Kinkhorst

* Packages updated

[ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]

* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
  http://curl.haxx.se/docs/adv_20140129.html
* Set urgency=high accordingly

[ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]

* Disable host verification too when using the --insecure option
  (#729965)

[ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]

* Fix OpenSSL checking of a certificate CN or SAN name field when the
  digital signature verification is turned off as per CVE-2013-4545
  http://curl.haxx.se/docs/adv_20131115.html
* Set urgency=high accordingly

[ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
  abruptly.

[ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems

[ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
  CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
  remote attackers to cause a denial of service or possibly have
  unspecified other impact via invalid handshake packets.

21. By Thijs Kinkhorst

* Packages updated

[ nas (1.9.2-4squeeze1) oldstable-security; urgency=high ]

* Fixes for various long-standing security issues found by Hamid
  Zamani <email address hidden>. #720287
  + Validate the port offset of nasd to fix a potential buffer overflow
    (CVE-2013-4256)
  + Use better string functions to guard against heap overflows
    (CVE-2013-4257)
  + Sanity-check the TCP_DEVICE environment variable for safety.
* Fix string handling in aulog.c:osLogMsg() to fix missing format string
  in call to syslog() (CVE-2013-4258).

20. By Thijs Kinkhorst

* Packages updated

[ cups (1.4.4-7+squeeze2) stable-security; urgency=high ]

* Backport upstream configuration files split:
  - Add split-configuration-files-STR4223.dpatch
  - Install the new cups-files.conf
  Fixes: CVE-2012-5519 (#692791)
* Make cupsd.conf a non-conffile, as it is managed by cups itself.
  - On new installs, set it up from cupsd.conf.default.
  - On upgrades, move it away in preinst and move it back in postinst.
  - On aborted upgrades, move the file back in place.
  - On purge, delete it too.
* Document changes in cups.NEWS.

[ libexif (0.6.19-1+squeeze1) stable-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Cherry pick changes for CVE-2012-2814, CVE-2012-2840, CVE-2012-2813,
  CVE-2012-2812, CVE-2012-2841, CVE-2012-2836, CVE-2012-2837.
  (backport patches for fix-CVE-2012-2814, fix-CVE-2012-2836,
   fix-CVE-2012-2837)

[ libxml2 (2.7.8.dfsg-2+squeeze6) stable-security; urgency=high ]

[ Daniel Veillard ]
* Fix potential out of bound access
  CVE-2012-5134, #694521.

[ libxslt (1.1.26-6+squeeze2) stable-security; urgency=high ]

* Patch to fix three CVEs (#689422):
  - CVE-2012-2870 by Daniel Veillard and Chris Evans
  - CVE-2012-2871 by Daniel Veillard
  - CVE-2012-2893 by Chris Evans

[ libxslt (1.1.26-6+squeeze1) stable; urgency=low ]

[ Daniel Veillard ]
* Fix generate-id() to not expose object addresses
  CVE-2011-1202, #617413.

[ Abhishek Arya ]
* Fix some case of pattern parsing errors
  CVE-2011-3970, #660650.

[ Chris Evans ]
* [PATCH] Fix crash with unexpected DTD nodes in XSLT.
  CVE-2012-2825, #679283.

[ nss (3.12.8-1+squeeze6) stable-security; urgency=low ]

* Explicitly distrust two intermediate CA certificates mis-issued by
  TURKTRUST.

[ openssl (0.9.8o-4squeeze14) squeeze-security; urgency=low ]

* Fix CVE-2013-0166 and CVE-2013-0169

[ tiff (3.9.4-5+squeeze8) stable-security; urgency=high ]

* Add fix for CVE-2012-5581, reimplementing DOTRANGE handling to make it
  safer. Thanks to Red Hat security team for backporting the fix.

[ tiff (3.9.4-5+squeeze7) stable-security; urgency=high ]

* Add fix for CVE-2012-4564, a heap-buffer overflow. Thanks Adrian La
  Duca for doing all the work to prepare this upload. (#692345)

[ tiff (3.9.4-5+squeeze6) stable-security; urgency=high ]

* Add fix for CVE-2012-4447, a buffer overrun. (#688944)
* CVE-2012-2088 was actually included in previous version but not listed
  in the change log.

[ tiff (3.9.4-5+squeeze5) stable-security; urgency=high ]

* Added several additional security patches taken from the Ubuntu Natty
  (11.04) tiff package. (#678140)

  CVE-2010-2482
  CVE-2010-2595
  CVE-2010-2597
  CVE-2010-2630
  CVE-2010-4665
  CVE-2012-2113
  CVE-2012-3401

19. By Thijs Kinkhorst

* Packages updated

[ curl (7.21.0-2.1+squeeze2) stable-security; urgency=low ]

* Non-maintainer upload
* Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (#658276)

[ curl (7.21.0-2.1+squeeze1) stable-security; urgency=high ]

* Non-maintainer upload
* Fix URL sanitization vulnerability as per CVE-2012-0036
  http://curl.haxx.se/docs/adv_20120124.html
* Fix SSL CBC IV vulnerability as per CVE-2011-3389
  http://curl.haxx.se/docs/adv_20120124B.html
* Set urgency=high accordingly

[ expat (2.0.1-7+squeeze1) stable-security; urgency=low ]

* CVE-2012-0876 CVE-2012-1148

[ freetype (2.4.2-2.1+squeeze4) stable-security; urgency=low ]

* CVE-2012-11[33|34|36|42|44]

[ gnutls26 (2.8.6-1+squeeze2) stable-security; urgency=high ]

* Apply patch to fix crashes in record parsing (CVE-2012-1573)

[ gnutls26 (2.8.6-1+squeeze1) stable; urgency=low ]

* Pull fixes for buffer overflow in gnutls_session_get_data() from upstream
  git. (CVE-2011-4128: GNUTLS-SA-2011-2) #648441
  20_CVE-2011-4128.part1.diff 20_CVE-2011-4128.part2.diff

[ krb5 (1.8.3+dfsg-4squeeze6) stable-security; urgency=high ]

* MITKRB5-SA-2012-001 CVE-2012-1015: KDC frees uninitialized pointer

[ krb5 (1.8.3+dfsg-4squeeze5) squeeze-security; urgency=high ]

* CVE-2011-1529: null pointer dereference in KDC LDAP back end,
  #629558
* CVE-2011-1528: assertion failure in multiple KDC back ends
  regarding account lockout

[ libpng (1.2.44-1+squeeze4) stable-security; urgency=low ]

* CVE-2011-3048

[ libpng (1.2.44-1+squeeze3) stable-security; urgency=high ]

* CVE-2011-3045

[ libpng (1.2.44-1+squeeze2) stable-security; urgency=high ]

* Fix integer overflow (chromium #112822)

[ libtasn1-3 (2.7-1+squeeze+1) stable-security; urgency=low ]

* ASN.1 length decoding vulnerability. CVE-2012-1569.

[ libvorbis (1.3.1-1+squeeze1) stable-security; urgency=low ]

* CVE-2012-0444

[ libxi (2:1.3-7) squeeze; urgency=low ]

* Cherry-pick patches from upstream:
  - Fix passive grabs
  - Fill in mods/group->effective in XIQueryPointer
  - Handle unknown device classes (#661021, #660411)

[ libxml2 (2.7.8.dfsg-2+squeeze5) stable-security; urgency=low ]

[ Daniel Veillard ]
* Fix parser local buffers size problems
* Fix entities local buffers size problems
CVE-2012-2807, #679280.

[ libxml2 (2.7.8.dfsg-2+squeeze4) stable-security; urgency=high ]

* CVE-2011-3102

[ libxml2 (2.7.8.dfsg-2+squeeze3) stable-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Apply upstream patch to add randomization to hashing with large
  dictionaries to mitigate hash DoS (CVE-2012-0841; #660846).

[ libxml2 (2.7.8.dfsg-2+squeeze2) stable-security; urgency=high ]

* Security update.
* parser.c: Fix an allocation error when copying entities.
  CVE-2011-3919. #656377.
* parser.c: Make sure parser returns when getting a Stop order.
  CVE-2011-3905.
* encoding.c: Fix off by one error. CVE-2011-0216. 652352.
* xpath.c: Fix for undefined namespaces. CVE-2011-2834.
* xpath.c, xpointer.c, include/libxml/xpath.h:
  Hardening of XPath evaluation. CVE-2011-2821. 643648.

[ nss (3.12.8-1+squeeze5) stable-security; urgency=low ]

* Address CVE-2012-0441 (Insufficient length checking in QuickDER decoder)
* debian/rules: Work around NSS not building on Linux 3.x kernels.

[ openssl (0.9.8o-4squeeze13) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Fix CVE-2012-2333: DoS via explicit IV in DTLS

[ openssl (0.9.8o-4squeeze12) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Fix CVE-2012-2131: incomplete fix of CVE-2012-2110

[ openssl (0.9.8o-4squeeze11) squeeze-security; urgency=low ]

* Really apply CVE-2012-2110

[ openssl (0.9.8o-4squeeze10) squeeze-security; urgency=low ]

* Fix CVE-2012-2110
* update CVE-2012-0884 patch to include detecting symmetric crypto errors
  in PKCS7_decrypt

[ openssl (0.9.8o-4squeeze9) squeeze-security; urgency=low ]

* Fix CVE-2012-1165

[ openssl (0.9.8o-4squeeze8) squeeze-security; urgency=low ]

* Fix CVE-2012-0884
* Updated patch for CVE-2011-4619

[ openssl (0.9.8o-4squeeze7) squeeze-security; urgency=low ]

* Re-upload with new version number.

[ openssl (0.9.8o-4squeeze6) squeeze-security; urgency=low ]

* Fix CVE-2012-0050

[ openssl (0.9.8o-4squeeze5) squeeze-security; urgency=low ]

* Fix CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
  and CVE-2011-4577
* Send alert instead of assertion failure for incorrectly formatted DTLS
  fragments. (#645805)

[ tiff (3.9.4-5+squeeze4) stable-security; urgency=high ]

* CVE-2012-1173

18. By Thijs Kinkhorst

* Packages updated

[ cups (1.4.4-7+squeeze1) stable-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* debian/patches:
  - str3867 added, fix an infinite loop / heap-based buffer overflow in the
    gif_read_lzw() function (CVE-2011-2896)
  - str3914 added, complete the fix for the previous issue (CVE-2011-3170).

[ freetype (2.4.2-2.1+squeeze3) stable-security; urgency=low ]

* Non-maintainer upload by the Security Team.
* Upload prepared by Michael Gilbert!
* Fix CVE-2011-3439: vulnerability in CID-keyed Type 1 fonts.

[ freetype (2.4.2-2.1+squeeze2) stable-security; urgency=low ]

* Non-maintainer upload by the Security Team
* CVE-2011-3256

[ krb5 (1.8.3+dfsg-4squeeze2) stable; urgency=low ]

* Upstream ticket 6852: permit gss_set_allowable_enctypes to restirct
  acceptor enctypes. Required in order to permit newer than squeeze
  clients to talk to a squeeze nfs server without degrading security
  for non-nfs applications on the box, #622146

[ mesa (7.7.1-5) squeeze; urgency=low ]

* glx: suppress BadRequest from DRI2Connect (which is expected for non-local
  clients).

[ nss (3.12.8-1+squeeze4) stable-security; urgency=low ]

* Explicitly distrust malaysian Digicert Sdn. Bhd CA certificate.
* Address CVE-2011-3640 (Untrusted search path vulnerability).
  #647614.

[ openssl (0.9.8o-4squeeze4) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
  as revoked.

[ openssl (0.9.8o-4squeeze3) squeeze; urgency=low ]

* Non-maintainer upload by the Security Team.
* Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites

[ pam (1.1.1-6.1+squeeze1) stable-security; urgency=low ]

* Non-maintainer upload by the Security Team
* Fix CVE-2011-3148 and CVE-2011-3149

17. By Thijs Kinkhorst

* Packages updated

[ curl (7.21.0-2) stable-security; urgency=high ]

* debian/patches/curl-gssapi-delegation: Fix for GSSAPI delegation
  vulnerability as detailed in CVE-2011-2192. More information and
  the patch at <http://curl.haxx.se/docs/adv_20110623.html>.
  (#631615)

[ dbus (1.2.24-4+squeeze1) stable; urgency=low ]

* Update Vcs-* control fields to reflect the move to git
* Apply patch to fix CVE-2011-2200 (fd.o #38120), which is a local DoS for
  system services (#629938)

[ e2fsprogs (1.41.12-4stable1) stable; urgency=high ]

* Upload to proposed-updates
* Fix "mke2fs -n" so it won't issue a discard and thus trash all
   the data on an SSD (oops!!!)

[ e2fsprogs (1.41.12-4) unstable; urgency=high ]

* Clear ext4 error fields in the superblock. Otherwise users will see
  scary messages every 24 hours after a file system error is detected,
  even after e2fsck has fixed it, if they are using Linux 2.6.35 or later.
* Fix usage message for logsave (#619788)

[ e2fsprogs (1.41.12-3) unstable; urgency=high ]

* Fix signed vs. unsigned char bug in getopt in e2fsprogs which
  afflicts systems with default unsigned char
* Fix bug in e2fsck where it would fail to fix file systems
  where both the primary and backup block group descriptors are
  corrupted. (Addresses Ubuntu Launchpad bug: #711799)
* Fix package description: fsck has been moved to util-linux
  (#588726)
* Fix badblocks so it the progress message correctly handles UTF-8
  characters for I18N systems (#583782, #587834)
* Prevent e2fsck from accidentally scrambling a file system when
  checking a snapshot which has an external journal device (which has
  not been snapshotted). (#587531)
* Fix inode nlink accounting that would lead to very scary PROGRAMMING
  BUG errors. (#555456)
* Fix typos, spelling mistakes, spelling-out-the-obvious-to-clueless-
  sysadmins, etc. in man pages. (#589345, #594004, #580236,
  #591083, #505719, #599786)

[ freetype (2.4.2-2.1+squeeze1) stable-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* CVE-2011-0226: Vulnerability in parsing Type 1 fonts

[ krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low ]

* Fix double free with pkinit on KDC, CVE-2011-0284, #618517
* Updated Danish debconf translations, thanks Joe Dalton,
  #584282
* KDC/LDAP DOS (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282,
  #613487
* Fix delegation of credentials against Windows servers; significant
  interoperability issue, #611906
* Set nt-srv-inst on TGS names to work against W2K8R2 KDCs,
  #616429
* Don't fail authentication when PAC verification fails; support hmac-
  md5 checksums even for non-RC4 keys, #616728
* Port fix to upstream ticket 6899: fix invalid free in kadmind change
  password case, #622681

[ libpng (1.2.44-1+squeeze1) stable-security; urgency=high ]

* Apply upstream patch to 1-byte uninitialized memory reference in
  png_format_buffer(). (#632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
  (#633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
  NULL Pointer. (#633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
  (#633871, CVE-2011-2692)

[ libsndfile (1.0.21-3+squeeze1) stable-security; urgency=low ]

* CVE-2011-2696

[ nss (3.12.8-1+squeeze3) stable-security; urgency=low ]

* mozilla/security/nss/lib/ckfw/builtins/certdata.*:
  Explicitely distrust various DigiNotar CAs:
  - DigiNotar Root CA
  - DigiNotar Services 1024 CA
  - DigiNotar Cyber CA
  - DigiNotar Cyber CA 2nd
  - DigiNotar PKIoverheid
  - DigiNotar PKIoverheid G2

[ nss (3.12.8-1+squeeze2) stable-security; urgency=low ]

* mozilla/security/nss/lib/ckfw/builtins/certdata.*:
  Remove DigiNotar Root CA.

[ openldap (2.4.23-7.2) stable; urgency=low ]

* Non-maintainer upload targeted at stable.
* Fix "dpkg-reconfigure slapd". #596343

[ openldap (2.4.23-7.1) stable; urgency=low ]

* Non-maintainer upload targeted at stable.
* Picked the following patches from various sources:

[ Matthijs Möhlmann ]
* Update patch service-operational-before-detach (#616164, #598361)

[ Ubuntu Security Team / Jamie Strandboge ]
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
  backend. Note: Debian is not compiled with --enable-ndb by default
  - debian/patches/CVE-2011-1025
  - CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081
  - LP: #742104, 617606

[ openssl (0.9.8o-4squeeze2) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Block DigiNotar certificates
* Fix CVE-2011-1945: timing attacks against ECDHE_ECDSA makes
  it easier to determine private keys.

[ tiff (3.9.4-5+squeeze3) stable-security; urgency=high ]

* Redo CVE-2011-0192 to fix regression. (#630042)

16. By Thijs Kinkhorst

* Packages updated

[ libxml2 (2.7.8.dfsg-2+squeeze1) stable-security; urgency=low ]

* xpath.c: Fix some potential problems on reallocation failures.
  #628537.

[ nss (3.12.8-1+squeeze1) stable-security; urgency=low ]

* debian/rules: Fallback to DEB_BUILD_ARCH when dpkg-architecture does't
  support DEB_BUILD_ARCH_BITS.
* debian/control: Lower build depends on dpkg-dev to (>= 1.13.19), which
  was the value before starting to use DEB_BUILD_ARCH_BITS.
* mozilla/security/nss/lib/ckfw/builtins/certdata.*: Mark fraudulent
  Comodo certificates as untrusted.

[ pulseaudio (0.9.21-3+squeeze1) stable; urgency=low ]

* Team upload.
* Fix pacmd hanging in poll() when reading from stdin very early.
  Patch extracted from upstream by Alexander Wuerstlein <email address hidden>
 (#574589)

[ tiff (3.9.4-5+squeeze2) stable-security; urgency=high ]

* CVE-2009-5022: Buffer overflow in OJPEG support. (#624287)

[ tiff (3.9.4-5+squeeze1) stable-security; urgency=high ]

* CVE-2011-0192: Buffer overflow in Fax4Decode
* CVE-2011-1167: Buffer overflow with thunder encoded files

15. By Thijs Kinkhorst

* Packages updated
* Add fix for duplicate sources due to security updates.
* Welcome Thijs Kinkhorst to the team.

[ avahi (0.6.27-2+squeeze1) stable-security; urgency=high ]

* debian/patches/03_read_null_udp_packets.patch
  - Read NULL UDP packets else we end up in an infinite loop using 100% CPU
    and DoS of Avahi. (#614785, Fixes: CVE-2011-1002)
* Urgency high for the security fix.

[ openssl (0.9.8o-4squeeze1) stable-security; urgency=low ]

* Fix OCSP stapling parse error (CVE-2011-0014)

[ util-linux (2.17.2-9) unstable; urgency=low ]

* Ack NMU from Christian Perrier <email address hidden>
  - Fix encoding for Danish and Slovak debconf translations

[Adriano Rafael Gomes]

* Brazilian Portuguese debconf templates translation. #610489

[ util-linux (2.17.2-8) unstable; urgency=low ]

* fix mangled characters in debconf translations

[ util-linux (2.17.2-7) unstable; urgency=low ]

* dh_installdebconf is needed in binary-arch, not so much in -indep.
  Based on report from Adam D. Barratt <email address hidden>.
  #566072

[ util-linux (2.17.2-6) unstable; urgency=low ]

[Bjørn Steensrud]

* nb translations. #608325

[Américo Monteiro]

* Portuguese debconf translations. #608233

[Vincenzo Campanella]

* Italian translations. #608307

[Yuri Kozlov]

* russian debconf translations. #608302

[Martin Ågren]

* Swedish debconf translations. #608483

[Joe Dalton]

* Danish translations. #608330

[Christian Perrier]

* French debconf translations. #608464

[Martin Eberhard Schauer]

* German debconf translations. #608463

[Camaleón]

* Spanish debconf translations. #608518

[Thorsten Glaser]

* hwclock: [m68k] unbreak FTBFS with recent (>= 2.4.18?) kernels.
  #578168

[Slavko]

* Slovak transtions. #608305

[Michal Simunek]

* Czech debconf translations. #608495

14. By Thijs Kinkhorst

* Do not disable secure APT when downloading packages (closes: #610089)
* Add security repository next to the regular Debian mirror.

* Packages updated:

[ cyrus-sasl2 (2.1.23.dfsg1-7) unstable; urgency=low ]

[ Luca Capello ]
* Fix for (#601977), the idea coming from Gaudenz Steinlin
  <email address hidden>:
  + debian/control:
    - cyrus-sasl2-dbg Depends: on one of the two GSSAPI dbg packages.
    - new cyrus-sasl2-mit-dbg package which Conflicts: with
      cyrus-sasl2-heimdal-dbg.
    - cyrus-sasl2-heimdal-dbg now Conflicts: with cyrus-sasl2-mit-dbg.
  + debian/cyrus-sasl2-heimdal-dbg.preinst:
    - remove, useless.
  + debian/cyrus-sasl2-heimdal-dbg.postrm:
    - remove, useless.
  + debian/cyrus-sasl2-mit-dbg.dirs:
    - create /usr/lib/debug/usr/lib/sasl2/.
  + debian/rules:
    - mv MIT libgssapiv2.so.2.0.23 into cyrus-sasl2-mit-dbg.

[ Roberto C. Sanchez ]
* Thanks to Luca Capello for providing the patch.

[ dbus (1.2.24-4) unstable; urgency=high ]

* debian/patches/12-CVE-2010-4352-reject-deeply-nested-variants.patch
  - Fixes CVE-2010-4352: sending messages with excessively-nested variants
    can crash the bus. The existing restriction to 64-levels of nesting
    previously only applied to the static type signature; now it also
    applies to dynamic nesting using variants.
    Patch cherry-picked from upstream Git.
* Urgency high for the security fix.

[ isdnutils (1:3.9.20060704+dfsg.2-4.1) testing-proposed-updates; urgency=low ]

* Non-maintainer upload.
* debian/{ipppd,isdnvboxserver,isdnvboxserver}.postinst: Call MAKEDEV in
  /dev not via search path (#604219, #604211, #597926, #604216).
  Thanks to Alexander Reichle-Schmehl for the patch.

[ krb5 (1.8.3+dfsg-4) unstable; urgency=medium ]

* Ignore PACs without a server signature generated by OS X Open
  Directory rather than failing authentication, #604925

[ krb5 (1.8.3+dfsg-3) unstable; urgency=emergency ]

* MITKRB5-SA-2010-007
      * CVE-2010-1324: An unauthenticated attacker can inject arbitrary
      content into an existing GSS connection that appears to be integrity
      protected from the legitimate peer under some circumstances
    * GSS applications may accept a PAC produced by an attacker as if it
      were signed by a KDC
    * CVE-2010-1323: attackers have a 1/256 chance of being able to
      produce krb_safe messages that appear to be from legitimate remote
      sources. Other than use in KDC database copies this may not be a
      huge issue only because no one actually uses krb_safe
      messages. Similarly, an attacker can force clients to display
      challenge/response values of the attacker's choice.
    * CVE-2010-4020: An attacker may be able to generate what is
      accepted as a ad-signedpath or ad-kdc-issued checksum with 1/256
      probability
* New Vietnamese debconf translations, Thanks Clytie Siddall,
  #601533
* Update standards version to 3.9.1 (no changes required

[ libasyncns (0.3-1.1) unstable; urgency=low ]

* Non-maintainer upload.
* libasyncns/asyncns.c: Fix data alignment issue on armel, backported from
  upstream. (#566139)

[ libx11 (2:1.3.3-4) unstable; urgency=low ]

* Cherry-pick patches from upstream, 1.3-branch:
  - man: Fix typo in Makefile
  - Bug 27465 - Rewritten fi_FI.UTF-8 Compose file
  - Fix typo in new fi_FI.UTF-8 that was reported by "make check"
  - man: Redirect users from XKeycodeToKeysym to XkbKeycodeToKeysym #25732
  - man: Fix return value specification of XkbKeyActionEntry
  - man: Return value of XkbGetState is Status and not Bool
  - man: Add missing geometry component flag
  - man: Correct the XkbAllAccessXEventsMask mask name
  - Fix manual typos.
  - Allow X11 users to compose anarchism
  - Clarify requirements in XRestackWindows man page
  - Fix typo that made configure always report "none" for man page suffix
  - Define FILE_MAN_DIR_SUFFIX so XCompose shadow page has correct path
  - Compose.man: default user compose file is .XCompose, not .Xcompose
  - Make Compose-comma map to Ogonek for A and E in UTF-8 locales.
  - Make Compose-comma map to ogonek for I and U in UTF-8 locales.
  - NLS: Add o/ Compose sequence
  - nls: Switch one of the interrobang sequences to gnaborretni
  - Bug 29773: aliases for nb_NO.utf8 and nn_NO.utf8

[ libxi (2:1.3-6) unstable; urgency=medium ]

* WireToEvent: Set display member of all events as well (cherry-pick from
  upstream).

[ libxml2 (2.7.8.dfsg-2) unstable; urgency=low ]

* xpath.c: Fix a double-freeing error in XPath processing code.
  (CVE-2010-4494). #607922.

[ openldap (2.4.23-7) unstable; urgency=low ]

* Updated vietnamese translation, thanks Clytie Siddall
  (#601537, #598575)
* Updated portuguese translation, thanks Traduz (#599760)
* Updated danish translation, thanks Joe Dalton (#599835)

[ openssl (0.9.8o-4) unstable; urgency=low ]

* Fix CVE-2010-4180 (#529221)

[ sane-backends (1.0.21-9) unstable; urgency=low ]

* debian/patches/fix_epson2_cancel.patch:
  + Added; fix handling of scanner errors by sending a cancel command
    (#597922).

[ sane-backends (1.0.21-8) unstable; urgency=low ]

* debian/patches/fix_epson2_commands.patch:
  + Added; fix list of supported commands for levels D1 and D2
    (#582066).

[ util-linux (2.17.2-5) unstable; urgency=low ]

* Merge in all those NMUs that were never pushed to me in bugs.

[ util-linux (2.17.2-4) unstable; urgency=low ]

[Miklos Szeredi]

* mount: don't canonicalize "spec" with --no-canonicalize option.
  #593336

[Karel Zak]

* fdisk: fix freespace boundaries calculation on SGI disklabel.
  #510130

[LaMont Jones]

* Deliver agetty as both agetty and getty, preferring agetty.
  #117596
* Declare source format (1.0)
* use debconf (iff installed) to warn about noauto fileysstems with non-zero
  pass numbers. #566072
* update lintian-overrides, actually install them in the deb

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers