[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ia32-libs update for lenny



Hi,

I've prepared an ia32-libs update for lenny and Frederik Schueler will
sponsor the upload soon. The upload brings ia32-libs back in sync with
the packages contained in stable, stable security and
stable-proposed-updates. The only other change to the binaries is fixing
a broken symlink so ia32-libs works on ia64 at all (#563402).

As you can see below there are quite a number of bugs and security bugs
fixed by this upload. The upload contains updates from the following
packages:

Source          2.7                     2.7+lenny1
----------------------------------------------------------------------
attr		2.4.43-1		2.4.43-2
audiofile	0.2.6-7			0.2.6-7+lenny1
cairo		1.6.4-6			1.6.4-7
cups		1.3.8-1			1.3.8-1+lenny7
cyrus-sasl2	2.1.22.dfsg1-21		2.1.22.dfsg1-23+lenny1
dbus		1.2.1-3			1.2.1-5+lenny1
directfb	1.0.1-9			1.0.1-11
e2fsprogs	1.41.0-3		1.41.3-1
expat		2.0.1-4			2.0.1-4+lenny3
fontconfig	2.6.0-1			2.6.0-3
freetype	2.3.7-2			2.3.7-2+lenny1
gcc-4.3		4.3.1-9			4.3		4.3.2-1.1
glibc		2.7-13			2.7-18lenny2
gnutls26	2.4.1-1			2.4.2-6+lenny2
hal		0.5.11-3		0.5.11-8
isdnutils	3.9.20060704-3.4 	3.9.20060704-3.6
jack-audio-connection-kit 0.109.2-3 	0.109.2-5
keyutils	1.2-7			1.2-9
krb5		1.6.dfsg.4~beta1-4 	1.6.dfsg.4~beta1-5lenny2
lcms		1.17.dfsg-1		1.17.dfsg-1+lenny2
libaio		0.3.106-8		0.3.107-3
libdrm		2.3.1-1			2.3.1-2
libnss-ldap	261-2			261-2.1
libpam-ldap	184-4.1			184-4.2
libpng		1.2.27-1		1.2.27-2+lenny2
libselinux	2.0.65-4		2.0.65-5
libtool		1.5.26-4		1.5.26-4+lenny1
libusb		0.1.12-12		0.1.12-13
libwmf		0.2.8.4-6		0.2.8.4-6+lenny1
libx11		1.1.4-2			1.1.5-2
libxcb		1.1-1.1			1.1-1.2
libxi		1.1.3-1			1.1.4-1
libxml2		2.6.32.dfsg-3		2.6.32.dfsg-5+lenny1
mesa		7.0.3-5			7.0.3-7
nas		1.9.1-4			1.9.1-5
ncurses		5.6+20080804-1		5.7+20081213-1
openldap	2.4.10-3		2.4.11-1+lenny1
openssl		0.9.8g-13		0.9.8g-15+lenny6
pam		1.0.1-4			1.0.1-5+lenny1
pulseaudio	0.9.10-2		0.9.10-3+lenny1
sane-backends	1.0.19-17		1.0.19-23
tiff		3.8.2-11		3.8.2-11.2
xorg		7.3+15			7.3+20

The other packages in ia32-libs remain unchanged.

MfG
        Goswin
--
----------------------------------------------------------------------

Format: 1.8
Date: Tue, 26 Jan 2010 12:05:22 +0100
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev lib32gcc1
Architecture: source amd64
Version: 2.7+lenny1
Distribution: stable
Urgency: low
Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org>
Changed-By: Goswin von Brederlow <goswin-v-b@web.de>
Description: 
 ia32-libs  - ia32 shared libraries for use on amd64 and ia64 systems
 ia32-libs-dev - ia32 development libraries and headers for use on ia32/ia64 syste
 lib32gcc1  - GCC support library (ia32)
Closes: 563402
Changes: 
 ia32-libs (2.7+lenny1) stable; urgency=low
 .
   [ Goswin von Brederlow ]
   * Update to match versions in lenny + security + proposed-updates.
   * Fix ld-linux.so.2 link for ia64. (Closes: #563402)
   * Add misc depends for debhelper.
   * Add lots of lintian overrides where nothing can be done about them.
   * Bump debhelper compat to 5.
   * Bump minimum libc6-i386 dependency to 2.7-18lenny1.
 .
   * Incudes security fixes for:
     CVE-2008-3529 CVE-2008-3639 CVE-2008-3640 CVE-2008-3641 CVE-2008-3834
     CVE-2008-3964 CVE-2008-4225 CVE-2008-4226 CVE-2008-4311 CVE-2008-4311
     CVE-2008-4989 CVE-2008-5077 CVE-2008-5286 CVE-2008-5824 CVE-2008-5907
     CVE-2009-0040 CVE-2009-0163 CVE-2009-0581 CVE-2009-0590 CVE-2009-0688
     CVE-2009-0723 CVE-2009-0733 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846
     CVE-2009-0847 CVE-2009-0887 CVE-2009-0946 CVE-2009-1189 CVE-2009-1364
     CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1894
     CVE-2009-2285 CVE-2009-2347 CVE-2009-2347 CVE-2009-2409 CVE-2009-2414
     CVE-2009-2625 CVE-2009-2730 CVE-2009-2820 CVE-2009-3560 CVE-2009-3560
     CVE-2009-3720 CVE-2009-3736 CVE-2009-4212 CVE-2009-4355 CVE-2010-0015
     STR #2911     STR #2974     STR #2918     STR #2919     STR #2966
     GNUTLS-SA-2008-3 GNUTLS-SA-2009-4
     MIT-KRB5-SA-2009-004 MITKRB5-SA-2009-0001 MITKRB5-SA-2009-002
 .
   * Includes bugfixes for:
     248172 295173 313697 319554 368560 394068 401092 401296 429739
     450017 458306 468793 470121 475270 479952 482186 484180 484877
     484962 486036 487211 487635 488812 489045 489268 491066 491270
     491292 491620 491766 491770 492555 492775 492778 492894 493004
     493216 493568 493745 493751 493899 494156 494168 494468 495007
     495069 495620 495815 495830 496249 496322 496466 496716 496833
     497010 497162 497314 497315 497369 497463 497515 497619 498010
     498054 498100 498101 498102 498103 498132 498410 498435 498465
     498478 498768 499086 499202 499366 499560 499662 500055 500103
     500369 500437 500533 500669 500916 500973 501004 501109 501310
     501443 501662 502140 502177 502260 502408 502620 502675 502686
     502693 502760 502782 502825 502840 502884 503179 503182 503197
     503532 503736 504126 504745 504766 504820 505279 505969 505970
     506111 506702 506713 506717 506750 507183 507563 507633 508032
     509593 510205 510371 510379 510380 510382 510389 510412 510423
     510608 510617 510639 510673 510699 510701 510707 512665 514017
     514735 514807 516256 516945 520115 524925 526434 532720 535624
     539899 541439 541735 550625 551936 553432 559797 560901 561658
     562381
 .
   [ attr (1:2.4.43-2) unstable; urgency=high ]
 .
   * Remove --enable-lib64=yes in Makefile (#514017)
 .
   [ audiofile (0.2.6-7+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2008-5824: Fix buffer overflow when decompressing MS ADPCM .wav
     files (#510205).
 .
   [ cairo (1.6.4-7) unstable; urgency=low ]
 .
   * ACK NMU, thanks Joss.
   * debian/patches/03_buggy-repeat.dpatch:
     + Patch from the Mozilla team to work around a bug in
       some buggy X video drivers that cause incorrect image
       rendering (#495620 and many duplicates).
 .
   [ cairo (1.6.4-6.1) unstable; urgency=low ]
 .
   * Non-maintainer upload.
   * Remove the rpath stuff in /usr/lib/libcairo-directdb and only keep
     it around for compatibility. #499662.
     + Remove the rpath hack in the .pc file.
     + Make the libcairo-directfb2{,dev} packages dummy, only keeping
       symbolic links from the former locations.
     + libcairo-directfb2-dev.postinst: do the symbolic link dance upon
       upgrade.
     + Update package descriptions accordingly.
     + libcairo2.symbols: add cairo_directfb_surface_create.
     + libcairo2-dev conflicts with libcairo-directfb2-dev
       (<< 1.6.4-6.1).
   * rules: completely cleanup the .la files from their dependency libs.
     #491292.
   * Add ~ to symbol versions to make backports possible.
   * Fix doc-base section.
   * Standards version is 3.8.0.
 .
   [ cups (1.3.8-1+lenny7) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the security team
   * Fix several XSS issues in the CUPS admin web interface
     Fixes: CVE-2009-2820
     Thanks to Aaron Sigel and Marc Deslauriers
 .
   [ cups (1.3.8-1+lenny6) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix null pointer dereference on handling IPP_TAG_UNSUPPORTED
     leading to denial of service attacks (CVE-2009-0949).
 .
   [ cups (1.3.8-1lenny5) stable-security; urgency=low ]
 .
   * Add CVE-2009-0163_tiff_read_overflow.dpatch: Fix integer overflow induced
     heap buffer overflow in the _cupsImageReadTIFF() function. Discovered by
     iDefense. (CVE-2009-0163)
   * debian/rules: Remove group/other read permissions from the serial backend,
     so that it can run as root and thus is actually able to access /dev/ttyS*.
     In unstable this is fixed with a patch which relaxes the permissions
     checks, but that's too intrusive for a stable update. (#516945)
 .
   [ cups (1.3.8-1lenny4.1) unstable; urgency=medium ]
 .
   * Non-maintainer upload.
   * Apply upstream patch to fix client request loop for large request over
     SSL. (#506702)
 .
   [ cups (1.3.8-1lenny4) unstable; urgency=high ]
 .
   * High urgency due to security bug fix.
   * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
     reader (#507183, STR #2974, CVE-2008-5286)
 .
   [ cups (1.3.8-1lenny3) unstable; urgency=medium ]
 .
   * Urgency medium because of RC bug fix.
   * debian/cups-bsd.postinst: Assume default printcap path (in /var/run/cups/)
     if not specified in cupsd.conf. This brings back the lost /etc/printcap
     for legacy applications. (#482186, LP: #282667)
   * hpgl-regression.dpatch: Replaced with version which got committed
     upstream.
   * Add runloop-backchannel-eof-spin.dpatch: Fix backend runloop spin on
     backchannel EOF (select() returns "ready for read" on EOF). This
     completely broke printing with e. g. HPJetDirect. Thanks to
     Samuel Thibault for tracking down the problem! (#489045)
   * debian/rules: Install the serial backend with 0744 permissions to make it
     run as root, since /dev/ttyS* are root:dialout and thus not accessible as
     user "lp". Thanks to Chanoch (Ken) Bloom. (One part of #506181)
 .
   [ cups (1.3.8-1lenny2) unstable; urgency=high ]
 .
   * Urgency high due to security fixes.
   * debian/control: Package development moved to bzr, update Vcs- tags.
   * Add CVE-2008-3641_hpgl_filter_overflow.dpatch: Fix buffer overflow
     triggered by invalid number of pens in the HPGL filter. (CVE-2008-3641,
     STR #2911)
   * Add CVE-2008-3639_sgi_filter_overflow.dpatch: Fix buffer overflow due to
     unchecked boundary in the SGI filter. (CVE-2008-3639, STR #2918)
   * Add CVE-2008-3640_texttops_overflow.dpatch: Fix buffer overflow by
     specifying invalidly large or negative page metrics. (CVE-2008-3640,
     STR #2919)
   * Add hpgl-regression.dpatch: Revert the SP_select_pen() enumeration change
     introduced in STR #2911, because it changes the color mapping (e. g. "SP1"
     would now select a white pen instead of a black one, and "SP0" would not
     be valid at all any more). Also fix a remaining off-by-one loop. (STR
     #2966)
   * Add admin-fr-translation.dpatch: Update the French admin.tmpl, to have the
     missing "Find new printer" button and the "Subscriptions" section. Thanks
     to Yves-Alexis Perez! (#475270)
 .
   [ cups (1.3.8-1lenny1) unstable; urgency=medium ]
 .
   Cherrypick bug fixes from trunk/experimental which need to go into Lenny.
   Urgency medium because of an RC bug fix.
 .
   [ Johan Kiviniemi ]
   * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c,
     which caused filters not to have /bin in their PATH.
   * debian/filters/pstopdf:
     - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via
       cupsfilter) made all other users (including cups itself) unable to run
       the filter because of no permission to open the logfile.
     - Put unquoted variables into quotes where appropriate.
     - Never create an outfile in the same directory as the given infile; the
       process might not have write access there.
     - set -e.
 .
   [ Martin Pitt ]
   * Bump shlibs version for libcups2 and libcupsimage2. (#494168)
   * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1
     changelog.
 .
   [ cyrus-sasl2 (2.1.22.dfsg1-23+lenny1) stable-security; urgency=high ]
 .
   * debian/patches/0021_CVE-2009-0688-fix.dpatch, debian/patches/00list:
     Backport security fix for CVE-2009-0688 from upstream version 2.1.23.
 .
   [ cyrus-sasl2 (2.1.22.dfsg1-23) unstable; urgency=low ]
 .
   * Add README.source to comply with Standards-Version 3.8.0
   * Fix watch file to use dversionmangle instead of uversionmangle
 .
   [ cyrus-sasl2 (2.1.22.dfsg1-22) unstable; urgency=low ]
 .
   [ Roberto C. Sanchez ]
   * Added Slovak translation, thanks to Ivan Masár (#489268)
 .
   [ Fabian Fagerholm ]
   * Added Japanese translation, thanks to Hideki Yamane. (#493004)
   * Bump standards-version.
 .
   [ dbus (1.2.1-5+lenny1) stable-security; urgency=high ]
 .
   * debian/patches/52-CVE-2009-1189.patch
     - Security: The _dbus_validate_signature_with_reason function
       (dbus-marshal-validate.c) uses incorrect logic to validate a basic type,
       which allows remote attackers to spoof a signature via a crafted key.
       NOTE: this is due to an incorrect fix for CVE-2008-3834
       #532720
       Fixes: CVE-2009-1189
   * Urgency high for the security fix.
 .
   [ dbus (1.2.1-5) unstable; urgency=high ]
 .
   [ Sjoerd Simons ]
   * debian/patches/CVE-2008-4311.patch:
     + Added, Fixes CVE-2008-4311. A mistake in the default configuration for
       the system bus (system.conf) which made the default policy for both sent
       and received messages effectively *allow*, and not deny as intended. This
       patch fixes the send side permissions (#503532, #508032)
   * Urgency high for the security fix
 .
   [ Simon McVittie ]
   * Rename CVE-*.patch to prefix them with a sequence number so it's clear
     what order they should apply in
   * Add 51-CVE-2008-4311-but-allow-signals.patch, cherry-picked from upstream
     git commit d899734475: after fixing CVE-2008-4311, re-allow emitting
     signals
   * debian/patches/3[0-4]*.patch, cherry-picked from upstream git (see patches
     for commit IDs): add logging when permission to send a message is denied
   * debian/patches/35-syslog-h.patch: #include <syslog.h> to fix compilation
     with the logging patches applied
   * Add myself to Uploaders
 .
   [ dbus (1.2.1-4) unstable; urgency=high ]
 .
   * debian/patches/CVE-2008-3834.patch
     - The dbus_signature_validate function in the D-bus library allows
       attackers to cause a denial of service (application abort) via a message
       containing a malformed signature, which triggers a failed assertion
       error. (#501443)
       Fixes: CVE-2008-3834
     - Urgency high for the security fix.
   * debian/patches/20-dbus-alpha-unaligned.patch
     - Fix misaligned memory access which causes "unaligned traps" on Alpha.
       (#502408)
   * debian/dbus.init
     - Add "status" action to init script. (#470121)
   * debian/control
     - Bump Depends on lsb-base to >= 3.2-14, which provides status_of_proc().
 .
   [ directfb (1.0.1-11) unstable; urgency=low ]
 .
   * Remove 92_reopen_console.patch: it fails in the usual case,
     but works when run through strace. (#493899)
 .
   [ directfb (1.0.1-10) unstable; urgency=low ]
 .
   * Add 93_fix_unicode_key_handling.patch: when the library asks the kernel
     for the key symbols, the result are truncated for unicode symbols if the
     keyboard is not in K_UNICODE mode. So, a temporary switch is needed,
     as well as applying the right bitmask in order to retrieve the full
     unicode symbol. Thanks to Jérémy Bobbio. (#401296)
   * Now using Standards-Version 3.8.0 (no changes needed).
 .
   [ e2fsprogs (1.41.3-1) unstable; urgency=low ]
 .
   * New upstream release
   * Fix e2fsck so it prints the correct inode number for uinit_bg
     related problems.
   * E2fsck will offer to clear the test_fs flag if the ext4 filesystem
     is available.
   * Fix a file descriptor leak in libblkid
   * Avoid a poteintial infinite loop in e2fsck when there are disk I/O
     errors while trying to close a filesystem.
   * Fix a potential infinite loop in resize2fs when a bogus new size of
     0 blocks is specified on the command line.
   * Add an early check to see if a device is read-only to avoid lots of
     confusing error messages.
   * Fix debugfs's ncheck command so it prints all of the names of
     hardlinks in the same directories.
   * Fix a bug in libblkid so it correctly detects whether the ext4 and
     ext4dev filesystems are available, so that the ext4dev->ext4
     fallback code works correctly.
 .
   [ e2fsprogs (1.41.2-1) unstable; urgency=low ]
 .
   * New upstream release
   * Fix e2fsck's automatic blocksize detection.  This fixes a regression
       added in e2fsprogs 1.40.7 where e2fsck's -b option would not
       work if a blocksize wasn't also specified via the -B option.
   * Fix a potential file descriptor leak in libcom_err if the
       application exec's another program.
   * Fixed badblocks output for "badblocks -sw"
   * debugfs: Fix ncheck to print all pathnames for all of the specified inodes
   * Use dietlibc when possible for building e2fsck.static, to reduce the
       size of the static binary.
   * debugfs: Add the ability to specify the hash seed and to specify the
       hash algorithm by name to the "hash" command.
   * Add documentation for the file I/O functions to libext2fs.texinfo.
       (#484877)
   * Fix a bug in e2fsck where if a translation file is being used and
       e2fsck needs to print problem report with a custom question (such as
       "Run journal anyway?"), the PO file's header would get spewed onto
       the terminal.
   * Update Swedish, Vietnamese, Dutch, Indonesian, German, Czech translations
   * Fixed spelling mistakes in man pages  (#498100, #498101,
       #498102, #498103)
 .
   [ e2fsprogs (1.41.1-3) unstable; urgency=low ]
 .
   * badblocks -v will now display the time and percentage complete
       (#429739)
   * Reordered debian/rules when building udebs to avoid a Lintian warning
   * Fixed dependencies fields in the udeb packages (#497619)
   * Avoid linking various programs with unneeded libraries
   * Fixed a typo'ed bold font specifier in mke2fs's man page
   * Fixed the pkg-config files so the include directory needed by the
       various libraries is included, and to use Requires.private to
       avoid unnecessary linking of dynamic libraries.
   * Add more historical information to the debian/*.symbol files
 .
   [ e2fsprogs (1.41.1-2) unstable; urgency=low ]
 .
   * Make sure ext4_swab64() is defined on all platforms (#497515)
   * Badlocks: Use O_LARGEFILE so it will run on files greater than 2GB
 .
   [ e2fsprogs (1.41.1-1) unstable; urgency=low ]
 .
   * New upstream release
   * mke2fs and tune2fs now use half-md4 as the default hash algorithm
        In addition the default hash algorithm can be via mke2fs.conf for
        mke2fs, and via a command-line option for tune2fs.
   * Add support for on-line resizing of ext4 filesystems with the
        flex_bg filesystem feature.
   * e2fsck now creates the journal in the middle of the filesystem,
        which can speed up fsync-heavy workloads.
   * Make the blkid library more efficient for devicemapper devices,
        mostly by no longer using the libdevmapper library.
   * Fix various namespace leakages by the libblkid, libe2p and libext2fs
        libraries.
   * Fix support for empty directories in 64k blocksize filesystems.
   * Add supported_features command to debugfs
   * Improve libblkid detection of JFS and HPFS filesystems
   * The test I/O manager is now compiled in by default, but to avoid its
     overhead, it is only enabled when the TEST_IO_FLAGS or TEST_IO_BLOCK
     environment variables are set.
   * Fix filefrag's ideal extent calculation (#458306)
   * Fix postinstall scripts when the user/group is in LDAP (#497010)
   * Add Indonesian and update French, Polish, Dutch, German, Sweedish,
        Czech, and Vietnamese Translations.  (#313697, #401092)
   * Update/clarified man pages
   * Add dpkg-gensymbols support to track ABI changes to the libraries
   * Add lintian overrides for uuid-runtime and libuuid1
   * Remove (no longer needed) lintian overrides for e2fsck-static
   * Add debian/watch file
 .
   [ e2fsprogs (1.41.0-4) unstable; urgency=low ]
 .
   * mke2fs will issue a warning if mke2fs.conf hasn't been updated and
     the user tries to create an ext3, ext4, or ext4dev filesystem,
     since it depends on the mke2fs.conf file in order to create the
     filesystem properly with the appropriate features.
   * Fix the maximum journal size message in mke2fs and tune2fs to be
     consistent/correct.  (#491620)
   * Add detection for hfsx filesystem and add label and uuid detection
     for hfs, hfsplus, and hfsx filesystems in libblkid.
   * Fix cosmetic issue in resize2fs when a progress bar doesn't finish
     with a newline for pass 4 (when the inode references are updated).
   * Teach resize2fs to move blocks when extents are present (when
     shrinking a filesystem and/or if resize_inode is not present).
   * Teach resize2fs to work correctly with the uninit_bg when blocks
     need to be moved or allocated.
   * Fix and optimize extent manipulation in libext2fs for resize2fs.
   * Fix "dumpe2fs -i" and "debugfs -i".  (#495830)
   * Fix resize2fs incorrectly managing directory in-use counts when
     shrinking filesystems and directory inodes need to be moved.
   * Fix spurious e2fsck complaints with i_size with extents and large
     files and preallocated blocks.
   * Make sure the creation timestamp is set by mke2fs and by new inodes
     created by the libext2fs in general.
   * Fix ind/dind/tind statistics when extents are present, and add
     extent tree depth statistics.
   * Add a fragmentation report extended option to e2fsck.
   * Fix blkid cache validation and some possible blkid crashes
     (#493216)
   * Teach debugfs's htree command to work with extent-based directories.
   * Improve the error message for "tune2fs -I".
   * Fix miscellaneous strings and usage messages pointed out by the
     translators.  (Thanks, translators!)
   * Enforce that mke2fs won't allow features for revision 0 filesystems.
   * Optimize inode table allocation in mke2fs for flex_bg filesystems.
   * Update/clarified man pages
   * Fix minor typo in uuid-runtime's debian package description
   * Wrap debian/copyright files to avoid "line too long" lintian warnings
 .
   [ expat (2.0.1-4+lenny3) stable-security; urgency=low ]
 .
   * Upload to stable to fix regressions in last security fix.
   * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
     - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
       regressions have been detected (#561658, #562381). Many thanks
       to Niko Tyni and Karl Waclawek for their help and the fix.
 .
   [ expat (2.0.1-4+lenny2) stable-security; urgency=medium ]
 .
   * Upload to stable to fix security issues.
   * debian/patches/560901_CVE_2009_3560.dpatch: Added.
     - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560
       (#560901).
   * debian/patches/00list: Adjusted.
 .
   [ expat (2.0.1-4+lenny1) stable-security; urgency=medium ]
 .
   * Upload to stable to fix security issues.
   * debian/patches/551936_CVE_2009_2625.dpatch: Added.
     - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
       and CVE-2009-3720 (#551936).
   * debian/patches/00list: Adjusted.
 .
   [ fontconfig (2.6.0-3) unstable; urgency=low ]
 .
   * Remove doc/Makefile and doc/version.sgml in the clean target.
   * Ship a minimal 70-yes-bitmaps.conf to avoid spurious warnings.
     #505969.
   * fontconfig-config.config: donâ??t force the bitmap fonts to be off,
     rather re-ask when we find no existing symbolic link, since in this
     case the intent of the user is unknown. #505970.
 .
   [ fontconfig (2.6.0-2) unstable; urgency=low ]
 .
   * Do not enable bitmap fonts by default. #496716.
     + rules: ship an empty 70-yes-bitmaps.conf and rename the original
       to 70-force-bitmaps.conf.
     + fontconfig-config.postinst: install the symbolic link to
       70-yes-bitmaps.conf if asked to do so.
     + fontconfig-config.config: always assume bitmap fonts are not
       wanted if no symbolic link is present.
 .
   [ freetype (2.3.7-2+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * This update fixes various integer overflows in cff/cffload.c,
     smooth/ftsmooth.c amd sfnt/ttcmap.c leading to arbitrary code
     execution or denial of service via a crafted font file
     (CVE-2009-0946; #524925).
 .
   [ gcc-4.3 (4.3.2-1.1) unstable; urgency=medium ]
 .
   * debian/patches/libobjc-armel.dpatch: Don't define EH_USES, apply
     r142204 for armel, taken from the gcc-4_3-branch.
   * Fix PR target/38287 (sparc, wrong code). #506713.
   * Apply selected fixes from the gcc-4_3-branch:
     - Fix PR tree-optimization/37102 (wrong code).
     - Fix PR tree-optimization/37868 (wrong code).
     - Fix PR rtl-optimization/37544 (wrong code).
     - Fix PR c++/38030 (wrong code).
     - Fix PR rtl-optimization/37489 (wrong code).
     - Fix PR rtl-optimization/37408 (wrong code).
     - Fix PR middle-end/37731 (wrong code).
     - Fix PR middle-end/37882 (wrong code).
 .
   [ gcc-4.3 (4.3.2-1) unstable; urgency=medium ]
 .
   [Matthias Klose]
   * Final gcc-4.3.2 release (regression fixes).
     - Remove the generated install docs from the tarball (GFDL licensed).
     - C++ regression fixes: PR debug/37156.
     - general regression fixes: PR debug/37156, PR target/37101.
     - Java regression fixes: PR libgcj/8995.
   * Update to SVN 20080905 from the gcc-4_3-branch.
     - C++ regression fixes: PR c++/36741 (wrong diagnostic),
     - general regression fixes: PR target/37184 (ice on valid code),
       PR target/37191 (ice on valid code), PR target/37197 (ice on valid code),
       PR middle-end/36817 (ice on valid code), PR middle-end/36548 (wrong code),
       PR middle-end/37125 (wrong code), PR c/37261 (wrong diagnostic),
       PR target/37168 (ice on valid code), PR middle-end/36449 (wrong code),
       PR middle-end/37248 (missed optimization), PR target/36332 (wrong code).
     - Fortran regression fixes: PR fortran/37193 (rejects valid code).
   * Move symlinks in gcc_lib_dir from cpp-4.3 to gcc-4.3-base. #497369.
   * Don't build-depend on autogen on architectures where it is not installable
     (needed for the fixincludes testsuite only); don't build-depend on it for
     source packages not running the fixincludes testsuite.
 .
   [Ludovic Brenta]
   * Add sdefault.ads to libgnatprj4.3-dev.  Fixes: #492866.
   * turn gnatvsn.gpr and gnatprj.gpr into proper library project files.
   * Unconditionally build-depend on gnat when building gnat-4.3.
     Fixes: #487564.
   * (debian/rules.d/binary-ada.mk): Add a symlink libgnat.so to
     /usr/lib/libgnat-4.3.so in the adalib directory.  Fixes: #493814.
   * (debian/patches/ada-sjlj.dpatch): remove dangling symlinks from all
     adalib directories.
   * debian/patches/ada-alpha.dpatch: remove, applied upstream.
 .
   [Samuel Tardieu, Ludovic Brenta]
   * debian/patches/pr16086.dpatch: new; backport from GCC 4.4.
     #248172.
   * debian/patches/pr35792.dpatch: new; backport from GCC 4.4.
   * debian/patches/pr15808.dpatch (fixes: #246392),
     debian/patches/pr30827.dpatch: new; backport from the trunk.
 .
   [ glibc (2.7-18lenny2) stable-security; urgency=low ]
 .
   * Fix NIS shadow entries leakage to non-priviledge users when nscd is
     in use.
     Fixes: CVE-2010-0015.
 .
   [ glibc (2.7-18lenny1) stable; urgency=low ]
 .
   * patches/any/cvs-realloc.diff: fix bug in realloc() when enlarging a
     memory allocation.  bug#550625.
 .
   [ glibc (2.7-18) unstable; urgency=low ]
 .
   * patches/localedata/mt_MT_euro.diff, patches/localedata/el_CY_euro.diff:
     new patches to switch Cyprus and Malta currency to Euro.
 .
   [ glibc (2.7-17) unstable; urgency=low ]
 .
   * patches/localedata/sk_SK_euro.diff: new patch to switch Slovakia
     currency to Euro.  bug#510423.
 .
   [ glibc (2.7-16) unstable; urgency=low ]
 .
   * patches/any/cvs-rpcgen-makefile.diff: new patch from upstream to fix
     fancy Makefile filename when using rpcgen -a.  bug#503182.
   * patches/s390/local-atomic.diff: new patch from Michael Matz to fix
     atomic lock on s390.  bug#468793, bug#479952.
   * patches/any/cvs-gai-stacksize.diff new patch from upstream to fix
     getaddrinfo_a segfaults.  bug#495007.
   * debhelper.in/locales.config: use previous debconf settings if
     /etc/locales does not exists.
 .
   [ glibc (2.7-15) unstable; urgency=low ]
 .
   * debhelper.in/locales.config, debhelper.in/locales.postinst: modify
     /etc/locale.gen instead of regenerating it.  bug#494468.
   * any/cvs-nscd-getservbyport.diff: new patch from upstream to fix getservbyport()
     when nscd is used.  bug#500055.
 .
   [ glibc (2.7-14) unstable; urgency=low ]
 .
   [ Petr Salinger ]
   * kfreebsd/local-sysdeps.diff: update to revision 2322 (from glibc-bsd).
   * extend kfreebsd/local-ftw.diff: do not use *at functions also in glob.c,
     this patch is applied only on kfreebsd, fixes globtest.out failure.
   * any/local-linuxthreads-weak.diff: new patch to pass
     stdio-common/scanf15.out test on linuxthreads platforms,
     although it seems to be rather gcc 4.x bug, see GCC Bugzilla Bug 37266.
 .
   [ Aurelien Jarno ]
   * patches/mips/cvs-mknod.diff: new patch from upstream to allow > 255 minors
     on mips.  #493751.
   * patches/sparc/cvs-context.diff: new patch from upstream to add
     getcontext(), setcontext(), makecontext() on Sparc.  #295173.
   * patches/hppa/cvs-context.diff: new patch from upstream to add
     getcontext(), setcontext(), makecontext() on PARISC.  #492778.
   * any/local-ip6-localhost.diff: new patch from upstream BTS, to remove the
     ::1 -> 127.0.0.1 mapping.
   * any/cvs-isoc99_vscanf.diff: new patch from upstream to fix vscanf on
     non-GNU compilers.
   * Fix nosegneg pseudo hwcap.  #499366.
 .
   [ Samuel Thibault ]
   * patches/hurd-i386/cvs-lock-memory-clobber.diff: new patch from upstream
     to fix safety of locks.
   * patches/hurd-i386/local-pthread_posix-option.diff: new patch to advertise
     the libpthread from the hurd packages.
   * patches/hurd-i386/cvs-signal-werror.diff: new patch to fix gdb compilation.
   * patches/hurd-i386/local-tls-support.diff: fix cthread compilation.
 .
   [ gnutls26 (2.4.2-6+lenny2) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-2730: a vulnerability related to NUL bytes in X.509
     certificate name fields. (#541439) GNUTLS-SA-2009-4
 .
   [ gnutls26 (2.4.2-6+lenny1) stable-security; urgency=high ]
 .
   * Add patch from Simon Josefsson to reenable X.509v1 support for root
     CAs.  #514807, #514735.
 .
   [ gnutls26 (2.4.2-6) unstable; urgency=medium ]
 .
   * New patches, syncing with 2.4.3 upstream oldstable release:
     + 24_intermedcertificate.patch If a non-root certificate ist trusted
       gnutls certificateificate verification stops there instead of checking
       up to the root of the certificate chain.
     + 22_whitespace.patch - Whitespace only changes, to make it possible to
       apply upstream fixes without manual changes.
     + 25_bufferoverrun.patch. Fix buffer overrun bug in
       gnutls_x509_crt_list_import.
       http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
 .
   [ gnutls26 (2.4.2-5) unstable; urgency=low ]
 .
   * Pull two patches from upstream stable branch to make gnutls behavior
     match documentation:
    + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
      certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
      GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. #509593
    + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
      certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
      GNUTLS_CERT_INSECURE_ALGORITHM verification output.
 .
   [ gnutls26 (2.4.2-4) unstable; urgency=medium ]
 .
   * Add Simon Josefsson to uploaders.
   * Another fix for the verification fix. Some correct certificate chains were
     not recognized as verified. #507633
 .
   [ gnutls26 (2.4.2-3) unstable; urgency=low ]
 .
   * Fix a crash on trying to verify self-signed certificates introduced by the
     patch for CVE-2008-4989. #505279
 .
   [ gnutls26 (2.4.2-2) unstable; urgency=medium ]
 .
   * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
     verification. CVE-2008-4989 GNUTLS-SA-2008-3
 .
   [ gnutls26 (2.4.2-1) unstable; urgency=low ]
 .
   * New upstream bugfix release.
   * Up to date gnutls-cli manpage. #492775
 .
   [ hal (0.5.11-8) unstable; urgency=high ]
 .
   * debian/patches/75-at_console.patch
     - Added. Allow local users (at_console) to call methods on the CPUFreq,
       WakeOnLan and Dockstation interface, i.e. you are using consolekit and
       not static Debian group policies.
   * Priority high as this also addresses #510639.
 .
   [ hal (0.5.11-7) unstable; urgency=high ]
 .
   * debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
     - Added. Add send_destination to all rules using send_interface in the
       D-Bus config
   * debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
     - Added. Always allow D-Bus introspection
   * debian/patches/73-Let-root-call-any-hal-method.patch
     - Added. Allow the root user to use any HAL method. Needed to make
       NetworkManager and powersaved work properly.
   * debian/patches/74-powerdev.patch
     - Added. Allow users in the powerdev group to clal methods on the CPUFreq,
       WakeOnLan and Dockstation interface
   * Thanks to Simon McVittie for preparing and testing the patches
   * Makes HAL suitable for use with less permissive versions of D-Bus, like the
     one intended to ship with lenny (#510639)
   * Priority high as it fixes an RC bug
 .
   [ hal (0.5.11-6) unstable; urgency=low ]
 .
   * debian/patches/56_revert_ntfs_locale_mount_option.patch
     - The 'locale=' NTFS mount option is not supported by the Linux kernel
       NTFS driver, so remove it. The ntfs-3g package will ship a separate fdi
       file which enables this mount option again when the ntfs-3g driver is
       used. (#497463)
   * debian/hal.postinst
     - Remove existing stop symlinks in rc0 and rc6 on package upgrades.
       (#501662)
 .
   [ hal (0.5.11-5) unstable; urgency=low ]
 .
   * Don't stop hal in runlevels 0 and 6, sendsigs is fine; from Ubuntu; thanks
     Martin Pitt; #501310.
   * Build depend on libsmbios >= 2.0.3; see LP #261665.
 .
   [ hal (0.5.11-4) unstable; urgency=low ]
 .
   [ Loic Minier ]
   * New patches from upstream git, fixing support of some wifi chips with
     2.6.27 kernels; #498132, #498478, #501004.
     - 60_use-phy80211-instead-of-wiphy-symlink-to-detect, fixes the sysfs
       symlink lookup to use the proper pathname.
     - 61_use-wext-ioctl-instead-of-sysfs-to-detect-wireless, fixes detection
       of wifi interfaces with 2.6.27 kernels.
 .
   [ Michael Biebl ]
   * Add file trigger which re-generates the hal fdi cache. (#500916)
 .
   [ Loic Minier ]
   * Bump debhelper bdep to >= 5.0.59 for debian/package.triggers support.
 .
   [ isdnutils (1:3.9.20060704-3.6) unstable; urgency=medium ]
 .
   * Non-maintainer upload.
   * Add dependencies on makedev to capiutils, ipppd and isdnvboxserver
     (#502825, #502693)
 .
   [ isdnutils (1:3.9.20060704-3.5) unstable; urgency=low ]
 .
   * Non-maintainer upload.
   * Fix bashism in an eurofile script. Thanks to Chris Lamb for the patch
     #486036
   * Fix pending l10n issues. Debconf translations:
     - Swedish. #491770
 .
   [ jack-audio-connection-kit (0.109.2-5) testing-proposed-updates; urgency=low ]
 .
   * Add myself to uploaders
   * Target testing-proposed-updates
   * clean dependency_libs line in /usr/lib/*.la as suggested by Loïc
     Minier. This breaks static linking as well, but doesn't break packages
     like bio2jack that reference our *.la files. (#510673)
 .
   [ jack-audio-connection-kit (0.109.2-4) unstable; urgency=low ]
 .
   * Added init script to start jackd at system startup
 .
   [ keyutils (1.2-9) unstable; urgency=low ]
 .
   * Correcting previous local email address in changelog.
   * Simplyfing libkeyutils1 install file.
 .
   [ keyutils (1.2-8) unstable; urgency=low ]
 .
   * Removing cflags handling in rules, not required anymore.
   * Adding two patches from Michael Gebetsroither <gebi@grml.org> to fix memory
     leaks (#496466).
   * Updating to standards 3.8.0.
   * Using comma seperator for file pattern in copyright file.
   * Updatingto debhelper 7.
   * Correcting indenting in copyright file.
   * Adjusting indenting in rules file.
 .
   [ krb5 (1.6.dfsg.4~beta1-5lenny2) stable-security; urgency=high ]
 .
   * cve-2009-4212, MIT-KRB5-SA-2009-004:  Integer underflows in AES and
     RC4 decriptions.  This can definitely lead to a DOS attack and
     potentially may leae to execution of unexpected code.  It's
     potentially possible that arbitrary code could be executed, although
     much more likely that permuted heap contents or buffers not under
     attacker control will be executed.
 .
   [ krb5 (1.6.dfsg.4~beta1-5lenny1) stable-security; urgency=high ]
 .
   * MITKRB5-SA-2009-0001: Fix read-beyond-end-of-buffer DOS in SPNEGO, an
     SPNEGO null pointer dereference, and incorrect length validation in
     an ASN.1 decoder.  (CVE-2009-0844, CVE-2009-0845, CVE-2009-0847)
   * MITKRB5-SA-2009-002: ASN.1 general time decoder can free uninitialized
     pointer.  (CVE-2009-0846)
 .
   [ krb5 (1.6.dfsg.4~beta1-5) unstable; urgency=low ]
 .
   * Correct the actions of krb5_newrealm in its man page.  It doesn't
     create a keytab for kadmind since kadmind no longer needs one.
     Mention that it does create a stash file and that it starts the KDC
     and kadmind daemons.  Thanks, David Medberry.  (#504126)
   * Translation updates:
     - Spanish, thanks Ignacio Mondino.  (#504766)
 .
   [ lcms (1.17.dfsg-1+lenny2) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the security team
   * Fix possible regression and enhance security patch
     Thanks to Marc Deslauriers
 .
   [ lcms (1.17.dfsg-1+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the security team
   * Include upstream fixes for integer overflows, possible memory leaks
     and a buffer overflow
     Fixes: CVE-2009-0723 CVE-2009-0581 CVE-2009-0733
 .
   [ libaio (0.3.107-3) unstable; urgency=low ]
 .
   * Fix the Vcs-Git URL.
   * Remove XB- from the Package-Type field.
   * Fix watch file URL. (#502884)
     Thanks to JiÅ?í PaleÄ?ek <jpalecek@web.de>.
 .
   [ libaio (0.3.107-2) unstable; urgency=low ]
 .
   * Only run the test suite on i386 as it has not been ported for other
     architectures. (#488812)
   * Use $(filter ...) instead of $(findstring ...) to extract space separated
     options from DEB_BUILD_OPTIONS in debian/rules.
   * Do not check for the existence of the Makefile on clean, it's always
     there.
   * Switch to use dh_lintian instead of manually installing the overrides.
     - Bump the versioned debhelper Build-Depends to 6.0.7.
 .
   [ libaio (0.3.107-1) unstable; urgency=low ]
 .
   * New upstream release.
   * Run the test suite on install, and support nocheck DEB_BUILD_OPTIONS
     to disable it.
 .
   [ libaio (0.3.106-9) unstable; urgency=low ]
 .
   * Fix misspelled words (linux -> Linux and aio -> AIO).
   * Update packaging Vcs fields to the new URL.
   * Improve debian/copyright:
     - Change 'Copyright Holder' to 'Copyright Holders'.
     - Use UTF-8 copyright sign.
     - Update upstream download url.
     - Refer to LGPL-2.1 from common-licenses instead of just LGPL.
   * Add a debian/README.source file.
   * Now using Standards-Version 3.8.0.
   * Refresh patches with -pab. (#484962)
   * Update watch file URL. (#450017)
 .
   [ libdrm (2.3.1-2) unstable; urgency=high ]
 .
   * Remove from the source package a bunch of files that are only used by the
     kernel drm component.  This gets rid of the mga, r128 and radeon
     microcode, and thus #502675.  Thanks, Ben Hutchings!
 .
   [ libnss-ldap (261-2.1) unstable; urgency=low ]
 .
   * Non-maintainer upload.
   * libnss-ldap calls nscd init script w/o checking its existance
     (#502760)
 .
   [ libpam-ldap (184-4.2) unstable; urgency=low ]
 .
   * Non-maintainer upload.
   * Fix spelling error in package description. Package description
     rewritten with help of debian-l10n-english. #502782
   * Fix pending l10n issues. Debconf translations:
     - Italian. #496322
     - Traditional Chinese. #503179
     - Bokmål, Norwegian. #503197
     - Danish. #503736
 .
   [ libpng (1.2.27-2+lenny2) stable-security; urgency=high ]
 .
   * Fix memory leak on CRC errors in tEXt chunks (CVE-2008-6218).
 .
   [ libpng (1.2.27-2+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload.
   * debian/patches/03-CVE-2008-5907.diff: update pngwutil.c to properly set
     new_key to NULL string. (CVE-2008-5907) (#512665)
   * debian/patches/04-CVE-2009-0040.diff: initialize pointers in pngread.c,
     pngrtans.c, pngset.c and example.c (CVE-2009-0040) (#516256)
 .
   [ libpng (1.2.27-2) unstable; urgency=medium ]
 .
   * Fix CVE-2008-3964: off-by-one error in pngtest.c; #501109
   * Standards-Version is 3.8.0
 .
   [ libselinux (2.0.65-5) unstable; urgency=high ]
 .
   * Bug fix: "Python errors during upgrade", thanks to Frans Pop
     This is a serious bug.                              (#499086).
   * mount point /selinux does not exist. Fixed, though I believe it should
     go into base-files. But we need the fix for lenny, and I am not
     interested in bug-pong.                             (#498010)
   * Updated Standards-Version: No changes required.
 .
   [ libtool (1.5.26-4+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the security team.
   * Fixes local privilege escalation vulnerability: CVE-2009-3736
     (#559797).
 .
   [ libusb (2:0.1.12-13) unstable; urgency=low ]
 .
   * Use quilt to manage patches.
   * debian/rules: fix cross build support.
   * Add debian/patches/05_emdebian.diff from Neil Williams
     (bug#492555).
 .
   [ libwmf (0.2.8.4-6+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix use-after-free in embedded copy of gd enabling an attacker
     to do DoS attacks or execute arbitrary code via a crafted wmf file
     (CVE-2009-1364; #526434).
 .
   [ libx11 (2:1.1.5-2) unstable; urgency=medium ]
 .
   * Cherry-picked from upstream git: Fix an XCB leak when the client has a
     non-fatal error handler.
 .
   [ libx11 (2:1.1.5-1) unstable; urgency=low ]
 .
   [ Brice Goglin ]
   * Add upstream URL to debian/copyright.
   * Add a link to www.X.org and a reference to the upstream module
     in the long description.
 .
   [ Timo Aaltonen ]
   * New upstream release.
     + adds missing <cedilla> Compose sequences (#394068)
 .
   [ Julien Cristau ]
   * 014_add_Khmer_digraphs.diff: remove, applied upstream
   * 006_tailor_pt_BR.UTF-8_Compose.diff: update
 .
   [ libxcb (1.1-1.2) stable; urgency=low ]
 .
   * Non-maintainer upload to fix important performance issues
     (#487635).
   * Fix some fd leaks in _xcb_open_*()
   * Increase libxcb buffer size to 16k from 4k
   * Disable Nagle on TCP socket
 .
   [ libxi (2:1.1.4-1) unstable; urgency=low ]
 .
   * New upstream release.
 .
   [ libxml2 (2.6.32.dfsg-5+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fix multiple use-after-free flaws when parsing notation and
     enumeration attribute types (CVE-2009-2416).
   * Fix stack overflow when parsing root XML document element DTD
     definition (CVE-2009-2414).
 .
   [ libxml2 (2.6.32.dfsg-5) unstable; urgency=high ]
 .
   * parserInternals.c: apply patch from upstream revision 3741 to avoid
     double-free in some situations. This fixes a crash while running the
     W3C/OASIS XML conformance test.
   * tree.c: Fix infinite loop. Fixes: CVE-2008-4225.
   * SAX2.c: Fix integer overflow. Fixes: CVE-2008-4226.
 .
   [ libxml2 (2.6.32.dfsg-4) unstable; urgency=high ]
 .
   * Fix regressions due to previous security fixes. Fixes: CVE-2008-3529.
     #498768.
 .
   [ mesa (7.0.3-7) unstable; urgency=low ]
 .
   * Cherry-pick patch from upstream:
     Use 3Dnow! x86-64 routines only on processors that support 3Dnow!
     (#484180).
   * Also build the x86-specific dri drivers on kfreebsd (#492894).
 .
   [ mesa (7.0.3-6) unstable; urgency=high ]
 .
   * Update debian/copyright to the SGI Free Software License B, version 2.0.
     It now mirrors the free X11 license used by X.Org (#368560).
     http://www.sgi.com/company_info/newsroom/press_releases/2008/september/opengl.html
 .
   [ nas (1.9.1-5) unstable; urgency=low ]
 .
   * Fix pending l10n issues. Debconf translations:
   * Swedish. #491766 (thanks to brother@bsnet.se)
   * Arabic. #500437 (thanks to Ossama Khayat)
   * Basque. #500533 (thanks to Piarres Beobide)
   * Brazilian Portuguese. #500973 (thanks to Felipe
     Augusto van de Wiel)
   * Many thanks again to Christian Perrier for his i18n efforts,
     co-ordinating the above.
 .
   [ ncurses (5.7+20081213-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.7+20081213.
 .
   [ ncurses (5.7+20081206-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.7+20081206.
   * Removing gpm.dpatch, went upstream.
 .
   [ ncurses (5.7+20081129-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.7+20081129.
   * Correcting previous changelog and patch description to point out
     that the actual applied patch is the one from Thomas Dickey, the
     upstream maintainer.
 .
   [ ncurses (5.7+20081122-2) unstable; urgency=low ]
 .
   * Adding patch from upstream based on Samuel Thibault
     <samuel.thibault@ens-lyon.org> analysis to ensure that aalib checks the
     value returned by Gpm_GetEvent() and only proceeds if value == 1
     (#506717).
 .
   [ ncurses (5.7+20081122-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.7+20081122.
 .
   [ ncurses (5.7+2008115-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.7+20081115:
     - Includes tabs utility from GNU termutils (#502260).
 .
   [ ncurses (5.7-2) unstable; urgency=low ]
 .
   * Replacing obsolete dh_clean -k with dh_prep.
   * Adding patch from Petr Salinger <Petr.Salinger@seznam.cz> to fix FTBFS on
     GNU/kFreeBSD (#504820).
   * Temporarily downgrading sodepver again; this was actually ment to go to
     lenny, but I'm to tired to push it... (#504745).
 .
   [ ncurses (5.7-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.7.
   * Updating soname and sodepver to 5.7 in rules.
 .
   [ ncurses (5.6+20081025-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20081025.
 .
   [ ncurses (5.6+20081018-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20081018.
   * Adding dh_md5sums calls (#502840).
 .
   [ ncurses (5.6+20081012-2) unstable; urgency=low ]
 .
   * Removing symlinks in /usr/share/doc for ncurses-base and ncurses-
     term as well (#502686).
 .
   [ ncurses (5.6+20081012-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20081012.
   * Rediffing debian-backspace.dpatch.
   * Removing --disable-tic-depends again; was missunderstanding of mine.
   * Don't symlink doc directories (#502620).
 .
   [ ncurses (5.6+20081011-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20081011.
   * Building with --disable-tic-depends.
 .
   [ ncurses (5.6+20081004-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20081004.
 .
   [ ncurses (5.6+20080927-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080927.
 .
   [ ncurses (5.6+20080925-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080925:
     - fix bug in mouse code for GPM from 20080920 changes
       (#500103, #500369).
 .
   [ ncurses (5.6+20080920-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080920.
 .
   [ ncurses (5.6+20080913-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080913.
 .
   [ ncurses (5.6+20080907-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080907.
   * Installing changelog and docs also for ncurse-base and ncurse-term.
     This allows replace the strict versioned depends against libncurses5
     with an unversioned depends.
 .
   [ ncurses (5.6+20080906-1) unstable; urgency=low ]
 .
   * Updating vcs fields in control file.
   * Merging upstream version 5.6+20080906.
 .
   [ ncurses (5.6+20080830-1) unstable; urgency=medium ]
 .
   * Merging upstream version 5.6+20080830.
   * Switching kdch1 from 177 to E[3~ in debians, for legacy reasons, own
     embedded xterm defintions (#319554).
 .
   [ ncurses (5.6+20080823-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080823:
     - Adds Eterm-256color terminal (#495815).
 .
   [ ncurses (5.6+20080821-1) unstable; urgency=low ]
 .
   * Merging upstream version 5.6+20080821.
 .
   [ openldap (2.4.11-1+lenny1) stable-security; urgency=high ]
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
     character in subject Common Name (#553432)
 .
   [ openldap (2.4.11-1) unstable; urgency=low ]
 .
   * New upstream version (#499560).
     - Fixes a crash with syncrepl and delcsn (#491066).
     - Fix CRL handling with GnuTLS (#498410).
     - Drop patches no_backend_inter-linking,
       CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
       upstream.
 .
   [ Russ Allbery ]
   * New patch, back-perl-init, which updates the calling conventions
     around initialization and shutdown of the Perl interpreter to match
     the current perlembed recommendations.  Fixes probable hangs on HPPA
     in back-perl.  Thanks, Niko Tyni.  (#495069)
 .
   [ Steve Langasek ]
   * Drop the conflict with libldap2, which is not the standard means of
     handling symbol conflicts in Debian and which causes serious upgrade
     problems from etch.  #487211.
 .
   [ openssl (0.9.8g-15+lenny6) stable-security; urgency=low ]
 .
   * Clean up zlib state so that it will be reinitialized on next use and
     not cause a memory leak.  (CVE-2009-4355)
 .
   [ openssl (0.9.8g-15+lenny5) stable-security; urgency=low ]
 .
   * Don't check self signed certificate signatures in X509_verify_cert()
     (#541735)
 .
   [ openssl (0.9.8g-15+lenny4) stable-security; urgency=low ]
 .
   * Remove MD2 from digest algorithm table.  (CVE-2009-2409) (#539899)
 .
   [ openssl (0.9.8g-15+lenny3) stable-security; urgency=low ]
 .
   * Fix DoS via a DTLS ChangeCipherSpec packet that occurs before ClientHello
     (CVE-2009-1386)
   * Fix DoS via an out-of-sequence DTLS handshake message (CVE-2009-1387)
 .
   [ openssl (0.9.8g-15+lenny2) stable-security; urgency=low ]
 .
   * Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
   * Fix "DTLS fragment handling" (CVE-2009-1378)
   * Fix "DTLS use after free" (CVE-2009-1379)
 .
   [ openssl (0.9.8g-15+lenny1) stable-security; urgency=low ]
 .
   * Properly validate the length of an encoded BMPString and UniversalString
     (CVE-2009-0590)
 .
   [ openssl (0.9.8g-15) unstable; urgency=low ]
 .
   * Internal calls to didn't properly check for errors which
     resulted in malformed DSA and ECDSA signatures being treated as
     a good signature rather than as an error.  (CVE-2008-5077)
   * ipv6_from_asc() could write 1 byte longer than the buffer in case
     the ipv6 address didn't have "::" part.  (#506111)
 .
   [ openssl (0.9.8g-14) unstable; urgency=low ]
 .
   * Don't give the warning about security updates when upgrading
     from etch since it doesn't have any known security problems.
   * Automaticly use engines that succesfully initialised.  Patch
     from the 0.9.8h upstream version.  (#502177)
 .
   [ pam (1.0.1-5+lenny1) stable; urgency=high ]
 .
   * Security NMU, high urgency.
   * Fix signedness error in _pam_StrTok(), CVE-2009-0887.
     #520115.
 .
   [ pam (1.0.1-5) unstable; urgency=low ]
 .
   * Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
     a dependency of libpam-modules if it's installed during the build.
     Thanks to Larry Doolittle for catching.
   * Don't refer to gnome-screensaver in the debconf template; it isn't
     actually affected by the libpam symbol issue because it forks a separate
     process to display the screensaver dialog.
   * Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
     warn users about needing to disable xscreensaver and xlockmore
     before libpam-modules is unpacked.  #502140, LP: #256238.
   * Updated debconf translations for the new template:
     - Italian, thanks to David Paleino <d.paleino@gmail.com>
     - Simplified Chinese, thanks to Deng Xiyue
       <manphiz-guest@users.alioth.debian.org> (#510371)
     - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
     - Swedish, thanks to Martin Bagge <brother@bsnet.se> (#510379)
     - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (#510380)
     - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (#510382)
     - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
       (#510389)
     - Galician, thanks to Marce Villarino <mvillarino@gmail.com>
     - Slovak, thanks to helix84 <helix84@centrum.sk> (#510412)
     - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org>
     - Czech, thanks to Miroslav Kure <<kurem@upcase.inf.upol.cz>
       (#510608)
     - French, thanks to Steve Petruzzello <dlist@bluewin.ch>
     - German, thanks to Sven Joachim <svenjoac@gmx.de> (#510617)
     - Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
       (#510699)
     - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (#510701)
     - Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (#510707)
 .
   [ pulseaudio (0.9.10-3+lenny1) stable-security; urgency=high ]
 .
   * Remove broken re-exec (CVE-2009-1894)
   * Used ld flags to pre-load DSOs
   * Regenerate auto* files
 .
   [ pulseaudio (0.9.10-3) unstable; urgency=low ]
 .
   * debian/patches/0006-fix-iteration-over-random-devices.patch
     - Added. Iterate over the various random devices if opening fails
       (#491270)
 .
   [ sane-backends (1.0.19-23) unstable; urgency=low ]
 .
   * debian/patches/09_avision_fixes.dpatch:
     + Updated; fix reader task handling to not signal the whole process group
       erroneously.
 .
   * debconf translations:
     + it.po: courtesy of Luca Monducci (#507563).
 .
   [ sane-backends (1.0.19-22) unstable; urgency=low ]
 .
   * debian/patches/41_epjitsu_fixes.dpatch:
     + Added; from CVS, fix double-free issues in epjitsu (#506750).
 .
   [ sane-backends (1.0.19-21) unstable; urgency=low ]
 .
   * debian/rules:
     + Use an error handler for saned's init.
   * debian/sane-utils.postinst:
     + Added error handler for saned init (#493745).
 .
   * debconf translations:
     + es.po: courtesy of Ignacio Mondino (#499202).
 .
   [ sane-backends (1.0.19-20) unstable; urgency=low ]
 .
   * debian/control:
     + Make sane-utils depend on update-inetd (>= 4.31) which won't break
       with debconf.
   * debian/sane-utils.postinst:
     + update-inetd needs debconf sometimes, so keep debconf enabled until
       after the update-inetd call.
 .
   [ sane-backends (1.0.19-19) unstable; urgency=low ]
 .
   * debian/rules:
     + Install umax_pp into sane-utils (#496833).
 .
   * debian/patches/40_fujitsu_fixes.dpatch:
     + Added; upstream backport of fujitsu backend fixes, fixes a string
       initialization issue in config file parsing, adds color mode for the
       fi-6130, 6230, 6140, 6240 and fixes fi-6230 hangs at wakeup from
       powersave mode.
       Thanks to M. Allan Noah for providing a backport (#494156).
 .
   [ sane-backends (1.0.19-18) unstable; urgency=low ]
 .
   * debian/patches/10_sm3840_unbreak_sane_open.dpatch:
     + Added; from CVS, fix the way sane_open() checks for sanei_usb_open()
       errors (#496249).
 .
   * debconf translations:
     + ja.po: courtesy of Hideki Yamane (#493568).
 .
   [ tiff (3.8.2-11.2) stable-security; urgency=high ]
 .
   * Revised patch for CVE-2009-2347, new patch for CVE-2009-2285
 .
   [ tiff (3.8.2-11.1) stable-security; urgency=high ]
 .
   * CVE-2009-2347
 .
   [ xorg (1:7.3+20) stable; urgency=low ]
 .
   * Non-maintainer upload, supervised by Julien Cristau.
   * xserver-xorg.postinst: fix for the previous patch. #535624
 .
   [ xorg (1:7.3+19) stable; urgency=low ]
 .
   * xserver-xorg.postinst: default to the fbdev driver on sparc, even when we
     find PCI devices, to work around #488669.
 .
   [ xorg (1:7.3+18) unstable; urgency=low ]
 .
   [ Debconf translations ]
   * Wolof. #500669
 .
   [ Julien Cristau ]
   * Version the Replaces/Conflicts on xserver-common, so we can reintroduce it
     later if needed.
 .
   [ xorg (1:7.3+17) unstable; urgency=low ]
 .
   [ Debconf translations ]
   * Croatian. #498054
   * Spanish. #498435
   * Greek. #498465
 .
   [ xorg (1:7.3+16) unstable; urgency=low ]
 .
   [ Debconf translations ]
   * Lithuanian. #497314
   * Norwegian Bokmal. #497315
   * Polish. #497162


Reply to: