Accepted cyrus-sasl 1.5.28-6.2 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Oct 2004 12:04:47 -0300
Source: cyrus-sasl
Binary: libsasl-digestmd5 libsasl-gssapi-heimdal sasl-bin libsasl-dev libsasl-modules-plain libsasl7
Architecture: source i386
Version: 1.5.28-6.2
Distribution: unstable
Urgency: emergency
Maintainer: Dima Barsky <dima@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Description:
libsasl-dev - Development files for authentication abstraction library
libsasl-digestmd5 - DIGEST-MD5 module for SASL
libsasl-gssapi-heimdal - GSSAPI Authentication Module for SASL
libsasl-modules-plain - Basic Pluggable Authentication Modules for SASL
libsasl7 - Authentication abstraction library
sasl-bin - Programs for manipulating the SASL users database
Closes: 275432
Changes:
cyrus-sasl (1.5.28-6.2) unstable; urgency=emergency
.
* NMU
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories:
RHSA-2004:546-02; GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in
setuid environment. from Gentoo (CVE CAN-2004-0884);
(closes: #275432)
Files:
435ce3d42cbcecf794244d92e53723c9 788 libs important cyrus-sasl_1.5.28-6.2.dsc
233f242f3a9d4065c43a82ddb5e9b5ea 14458 libs important cyrus-sasl_1.5.28-6.2.diff.gz
50bcdba5d2773437e827dbbae0a8cbed 68106 devel optional libsasl-dev_1.5.28-6.2_i386.deb
0a8d6c90b7cc78e4e99a4486e2efcc81 12212 utils optional sasl-bin_1.5.28-6.2_i386.deb
4361766bd6f0b134067526d8fea29fee 12960 libs optional libsasl-modules-plain_1.5.28-6.2_i386.deb
79f2f0c01752100ae2c0fa55d4c8fcf0 15218 libs optional libsasl-digestmd5_1.5.28-6.2_i386.deb
185c74ab9e3b9705caaf390ab9d65da0 7854 libs important libsasl-gssapi-heimdal_1.5.28-6.2_i386.deb
6af8d1c375a887f63785973f24bfc0cd 97920 libs important libsasl7_1.5.28-6.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBZq8K7iXePxzbD+MRAmfaAJ9vL4af6QKXLUXZCr3CS3FhKT+hXwCfbpoF
/2SjUpGMybGjaKg8vymtphM=
=ub1L
-----END PGP SIGNATURE-----
Accepted:
cyrus-sasl_1.5.28-6.2.diff.gz
to pool/main/c/cyrus-sasl/cyrus-sasl_1.5.28-6.2.diff.gz
cyrus-sasl_1.5.28-6.2.dsc
to pool/main/c/cyrus-sasl/cyrus-sasl_1.5.28-6.2.dsc
libsasl-dev_1.5.28-6.2_i386.deb
to pool/main/c/cyrus-sasl/libsasl-dev_1.5.28-6.2_i386.deb
libsasl-digestmd5_1.5.28-6.2_i386.deb
to pool/main/c/cyrus-sasl/libsasl-digestmd5_1.5.28-6.2_i386.deb
libsasl-gssapi-heimdal_1.5.28-6.2_i386.deb
to pool/main/c/cyrus-sasl/libsasl-gssapi-heimdal_1.5.28-6.2_i386.deb
libsasl-modules-plain_1.5.28-6.2_i386.deb
to pool/main/c/cyrus-sasl/libsasl-modules-plain_1.5.28-6.2_i386.deb
libsasl7_1.5.28-6.2_i386.deb
to pool/main/c/cyrus-sasl/libsasl7_1.5.28-6.2_i386.deb
sasl-bin_1.5.28-6.2_i386.deb
to pool/main/c/cyrus-sasl/sasl-bin_1.5.28-6.2_i386.deb
Reply to: