[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted ample 0.5.7-1 (i386 source)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 26 Nov 2003 22:03:50 +0100
Source: ample
Binary: ample
Architecture: source i386
Version: 0.5.7-1
Distribution: unstable
Urgency: medium
Maintainer: Samuele Giovanni Tonon <samu@debian.org>
Changed-By: Samuele Giovanni Tonon <samu@debian.org>
Description: 
 ample      - A simple MP3 server easy to use
Changes: 
 ample (0.5.7-1) unstable; urgency=medium
 .
   * New Upstream Release with *SECURITY* fixes
   * Fixed a buffer overflow maybe locally exploitable; David told me:
     "The overflow is not very serious due to two facts:
     1) No data is actually written, but the buffer contents is copied until
     NULL is found meaning that huge amounts of memory may be allocated
     2) The socket which the malicious data must enter trough is bound to the
     loopback interface so it should only be locally exploitable"
Files: 
 ac0d6f1fc91bd5229d26a01fceae8d85 573 sound optional ample_0.5.7-1.dsc
 46eb2b3a444d370067bffe1e5bc2bcc8 87813 sound optional ample_0.5.7.orig.tar.gz
 51064b4e8bebd874dd13c55d4e4c387c 22996 sound optional ample_0.5.7-1.diff.gz
 0b798586de6a0c9128e07ceee8fc20bf 35668 sound optional ample_0.5.7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/xRakzvFcH/JZfgQRAoCMAJ91byDt1MD59VED3k1K0w/yPbvh5gCfZg1Z
P0Ntb1IrnMjWMtKrQIthv2w=
=dXj7
-----END PGP SIGNATURE-----


Accepted:
ample_0.5.7-1.diff.gz
  to pool/main/a/ample/ample_0.5.7-1.diff.gz
ample_0.5.7-1.dsc
  to pool/main/a/ample/ample_0.5.7-1.dsc
ample_0.5.7-1_i386.deb
  to pool/main/a/ample/ample_0.5.7-1_i386.deb
ample_0.5.7.orig.tar.gz
  to pool/main/a/ample/ample_0.5.7.orig.tar.gz
Reply to: