Accepted cyrus-sasl2-mit 2.1.19-2 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Dec 2005 22:01:06 -0500
Source: cyrus-sasl2-mit
Binary: libsasl2-gssapi-mit libsasl2-krb4-mit
Architecture: source i386
Version: 2.1.19-2
Distribution: unstable
Urgency: emergency
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Description:
libsasl2-gssapi-mit - GSSAPI module for SASL using MIT Kerberos
libsasl2-krb4-mit - Kerberos4 module for SASL using MIT Kerberos
Closes: 276865 285613
Changes:
cyrus-sasl2-mit (2.1.19-2) unstable; urgency=low
.
* Sync with 2.1.19-1.7
- Includes fix for FTBFS, Closes: #285613
* Include NMU from 2.1.19-1.1
* Disable gssapi library mutexes as we no longer need them.
.
cyrus-sasl2-mit (2.1.19-1.1) unstable; urgency=emergency
.
* NMU
* resync to cyrus-sasl2 2.1.19-1.5):
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05 (closes: #276865)
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884);
* Fix to upstream CVS security fix: initialize *path = NULL
* upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES
* upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c,
plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
* Add Build-Conflicts: autoconf2.13, automake1.4
Files:
b3021859beb20f11f58466aa27e4c8d7 924 devel optional cyrus-sasl2-mit_2.1.19-2.dsc
10e1a4dc0005dbf7127a7ae800b5c4ab 29804 devel optional cyrus-sasl2-mit_2.1.19-2.diff.gz
6f37f12141dd49e2f84fc0b7c361dc03 47140 devel optional libsasl2-gssapi-mit_2.1.19-2_i386.deb
73d6bf373291da2c6c7825390cd52317 46734 devel optional libsasl2-krb4-mit_2.1.19-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDo4IL/I12czyGJg8RAshiAJ4kHzqn+8rV9JJqnMrWnD8UBuQ8ZgCg0Hz0
jsyGbPScyYyuFQw4NRWkxAY=
=NkFZ
-----END PGP SIGNATURE-----
Accepted:
cyrus-sasl2-mit_2.1.19-2.diff.gz
to pool/main/c/cyrus-sasl2-mit/cyrus-sasl2-mit_2.1.19-2.diff.gz
cyrus-sasl2-mit_2.1.19-2.dsc
to pool/main/c/cyrus-sasl2-mit/cyrus-sasl2-mit_2.1.19-2.dsc
libsasl2-gssapi-mit_2.1.19-2_i386.deb
to pool/main/c/cyrus-sasl2-mit/libsasl2-gssapi-mit_2.1.19-2_i386.deb
libsasl2-krb4-mit_2.1.19-2_i386.deb
to pool/main/c/cyrus-sasl2-mit/libsasl2-krb4-mit_2.1.19-2_i386.deb
Reply to: