lp:debian/squeeze/nas
- Get this branch:
- bzr branch lp:debian/squeeze/nas
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 9. By Steve McIntyre
-
* Fixes for various long-standing security issues found by Hamid
Zamani <email address hidden>. Closes: #720287
+ Validate the port offset of nasd to fix a potential buffer overflow
(CVE-2013-4256)
+ Use better string functions to guard against heap overflows
(CVE-2013-4257)
+ Sanity-check the TCP_DEVICE environment variable for safety.
* Fix string handling in aulog.c:osLogMsg() to fix missing format string
in call to syslog() (CVE-2013-4258). - 6. By Steve McIntyre
-
* New upstream version.
* All the Debian-specific source patches are now upstream!
* Updayed Standards-Version (no changes). - 5. By Steve McIntyre
-
* Fix pending l10n issues. Debconf translations:
* Swedish. Closes: #491766 (thanks to <email address hidden>)
* Arabic. Closes: #500437 (thanks to Ossama Khayat)
* Basque. Closes: #500533 (thanks to Piarres Beobide)
* Brazilian Portuguese. Closes: #500973 (thanks to Felipe
Augusto van de Wiel)
* Many thanks again to Christian Perrier for his i18n efforts,
co-ordinating the above. - 4. By Steve McIntyre
-
* High-urgency upload to fix multiple security holes (CVE-2007-1543,
CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547):
+ accept_att_local buffer overflow through USL connection
+ server termination through unexistent ID in AddResource
+ bcopy crash caused by integer overflow in ProcAuWriteElement
+ invalid memory pointer caused by big num_actions in
ProcAuSetElements
+ another invalid memory pointer caused by big num_actions in
ProcAuSetElements
+ invalid memory pointer in compileInputs
+ exploits bug 3 in read mode (requires something playing on
the server)
+ NULL pointer caused by too much connections
+ Closes: #416038 - 2. By Steve McIntyre
-
* New upstream release; just about all of the Debian patches now
folded in upstream.
* Fixed lintian warning.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)