Accepted cyrus-sasl2-mit 2.1.19-1.1 (i386 source)

To: debian-devel-changes@lists.debian.org
Subject: Accepted cyrus-sasl2-mit 2.1.19-1.1 (i386 source)
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun, 17 Oct 2004 00:47:04 -0400
Message-id: <[🔎] E1CJ2wi-0008ET-00@newraff.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 17 Oct 2004 00:43:17 -0300
Source: cyrus-sasl2-mit
Binary: libsasl2-gssapi-mit libsasl2-krb4-mit
Architecture: source i386
Version: 2.1.19-1.1
Distribution: unstable
Urgency: emergency
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Description: 
 libsasl2-gssapi-mit - GSSAPI  module for SASL using MIT Kerberos
 libsasl2-krb4-mit - Kerberos4  module for SASL using MIT Kerberos
Closes: 276865
Changes: 
 cyrus-sasl2-mit (2.1.19-1.1) unstable; urgency=emergency
 .
   * NMU
   * resync to cyrus-sasl2 2.1.19-1.5):
     * SECURITY FIX: SASL_PATH environment variable must not be honoured on
       setuid environments, otherwise we have a local privilege escalation
       exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
       GLSA 200410-05 (closes: #276865)
       * upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
         environment. from Gentoo (CVE CAN-2004-0884);
       * Fix to upstream CVS security fix: initialize *path = NULL
     * upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES
     * upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c,
       plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability
       warnings
     * Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
       problems with the braindead idea of globals SASL has, and with libraries
       that think they can get around mucking with them (hello openldap!)
     * Add Build-Conflicts: autoconf2.13, automake1.4
Files: 
 3be5030888271063230b418652612554 963 devel optional cyrus-sasl2-mit_2.1.19-1.1.dsc
 0e92a745b32df885f946fc614e5b97a1 28997 devel optional cyrus-sasl2-mit_2.1.19-1.1.diff.gz
 ab5ebb48be1118d5a356aab298e58a53 55522 devel optional libsasl2-gssapi-mit_2.1.19-1.1_i386.deb
 af5045897fac080499ea084f5610b54e 52882 devel optional libsasl2-krb4-mit_2.1.19-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBcfbi7iXePxzbD+MRAjp1AJ9eQqpQffba7eBez3lMmtTlLk3f7wCeJx6e
d/j4nWTTteQsdsIdISqaaZA=
=ZdU6
-----END PGP SIGNATURE-----


Accepted:
cyrus-sasl2-mit_2.1.19-1.1.diff.gz
  to pool/main/c/cyrus-sasl2-mit/cyrus-sasl2-mit_2.1.19-1.1.diff.gz
cyrus-sasl2-mit_2.1.19-1.1.dsc
  to pool/main/c/cyrus-sasl2-mit/cyrus-sasl2-mit_2.1.19-1.1.dsc
libsasl2-gssapi-mit_2.1.19-1.1_i386.deb
  to pool/main/c/cyrus-sasl2-mit/libsasl2-gssapi-mit_2.1.19-1.1_i386.deb
libsasl2-krb4-mit_2.1.19-1.1_i386.deb
  to pool/main/c/cyrus-sasl2-mit/libsasl2-krb4-mit_2.1.19-1.1_i386.deb

Reply to:

Prev by Date: Accepted prebaseconfig 1.04 (all source)
Next by Date: Accepted rootskel 1.06 (i386 source)
Previous by thread: Accepted prebaseconfig 1.04 (all source)
Next by thread: Accepted rootskel 1.06 (i386 source)
Index(es):
- Date
- Thread