Dear RMs, please grant a freeze exception for the ht package replacing the current ht_0.8.0-1 with 0.8.0-2, of course pending the (so far) missing powerpc and m68k builds and the usual grace period. Bug#308587 (grave, security) has been fixed in ht_0.8.0-2, the changelog reads as follows: +ht (0.8.0-2) unstable; urgency=high + + * Urgency high due to security fix + * Security fix pulled from upstream CVS (Closes: #308587) + + fix an integer overflow in the ELF segment parsing + (cplus-dem.c, htanaly.cc, htcoff.cc, htelf.cc, htpef.cc, htpeimp.cc) + + fix some buffer overflows in the PE parser + (htperes.cc) + + this is also Gentoo GLSA 200505-08 + Thanks a lot to Moritz Muehlenhoff for the report! + * debian/control: added upstream homepage to long description + + -- Florian Ernst <florian@debian.org> Wed, 11 May 2005 20:02:24 +0200 No further changes have been applied, the package is lintian / linda / debdiff clean and seems to compile (pbuilder) and run (chroot) just fine. omg, I feel like being back at d-mentors again... :) Additionally I've just contacted the security team wrt the possible impact on Woody. Thanks for all your hard work, cheers, Flo
Attachment:
signature.asc
Description: Digital signature