[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#726013: opu: package ia32-libs/20131011

Package: release.debian.org
Tags: squeeze
User: release.debian.org@packages.debian.org
Usertags: opu

Hi,

A final check of ia32-libs against current repositories shows us one
additional updated package to be included for the point release. See
attached debdiff. Can I upload this?

For ia32-libs-gtk no updates are needed.

Cheers,
Thijs

diff -Nru ia32-libs-20130924/debian/changelog ia32-libs-20131011/debian/changelog
--- ia32-libs-20130924/debian/changelog	2013-09-24 08:21:12.000000000 +0200
+++ ia32-libs-20131011/debian/changelog	2013-10-11 09:50:18.000000000 +0200
@@ -1,3 +1,21 @@
+ia32-libs (20131011) squeeze-proposed-updates; urgency=low
+
+  * Packages updated
+
+  [ nas (1.9.2-4squeeze1) oldstable-security; urgency=high ]
+
+  * Fixes for various long-standing security issues found by Hamid
+    Zamani <me@hamidx9.ir>. #720287
+    + Validate the port offset of nasd to fix a potential buffer overflow
+      (CVE-2013-4256)
+    + Use better string functions to guard against heap overflows
+      (CVE-2013-4257)
+    + Sanity-check the TCP_DEVICE environment variable for safety.
+  * Fix string handling in aulog.c:osLogMsg() to fix missing format string
+    in call to syslog() (CVE-2013-4258).
+
+ -- Thijs Kinkhorst <thijs@debian.org>  Fri, 11 Oct 2013 09:40:55 +0200
+
 ia32-libs (20130924) squeeze-proposed-updates; urgency=low
 
   * Packages updated
diff -Nru ia32-libs-20130924/debian/copyright ia32-libs-20131011/debian/copyright
--- ia32-libs-20130924/debian/copyright	2013-09-24 08:20:24.000000000 +0200
+++ ia32-libs-20131011/debian/copyright	2013-10-11 09:43:20.000000000 +0200
@@ -9643,7 +9643,7 @@
 be found in the file ROAD_TO_LGPL that is part of mpg123's source distribution.
 It is located in the 'doc' subdirectory.
 ---------------------------------------------------------------
-Copyright for ./nas_1.9.2-4.dsc
+Copyright for ./nas_1.9.2-4squeeze1.dsc
 This is the Debian GNU/Linux prepackaged version of NAS, the Network
 Audio System.  The Network Audio System was written by Jim Fulton,
 Greg Renda, and Dave Lemke at Network Computing Devices, Inc. and is
Binary files /tmp/lMHKt0Fl1d/ia32-libs-20130924/pkgs/libaudio-dev_1.9.2-4_i386.deb and /tmp/6G6mfOzNF3/ia32-libs-20131011/pkgs/libaudio-dev_1.9.2-4_i386.deb differ
Binary files /tmp/lMHKt0Fl1d/ia32-libs-20130924/pkgs/libaudio-dev_1.9.2-4squeeze1_i386.deb and /tmp/6G6mfOzNF3/ia32-libs-20131011/pkgs/libaudio-dev_1.9.2-4squeeze1_i386.deb differ
Binary files /tmp/lMHKt0Fl1d/ia32-libs-20130924/pkgs/libaudio2_1.9.2-4_i386.deb and /tmp/6G6mfOzNF3/ia32-libs-20131011/pkgs/libaudio2_1.9.2-4_i386.deb differ
Binary files /tmp/lMHKt0Fl1d/ia32-libs-20130924/pkgs/libaudio2_1.9.2-4squeeze1_i386.deb and /tmp/6G6mfOzNF3/ia32-libs-20131011/pkgs/libaudio2_1.9.2-4squeeze1_i386.deb differ
Binary files /tmp/lMHKt0Fl1d/ia32-libs-20130924/srcs/nas_1.9.2-4.diff.gz and /tmp/6G6mfOzNF3/ia32-libs-20131011/srcs/nas_1.9.2-4.diff.gz differ
diff -Nru ia32-libs-20130924/srcs/nas_1.9.2-4.dsc ia32-libs-20131011/srcs/nas_1.9.2-4.dsc
--- ia32-libs-20130924/srcs/nas_1.9.2-4.dsc	2010-11-14 19:17:08.000000000 +0100
+++ ia32-libs-20131011/srcs/nas_1.9.2-4.dsc	1970-01-01 01:00:00.000000000 +0100
@@ -1,38 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-Format: 1.0
-Source: nas
-Binary: libaudio2, nas, libaudio-dev, nas-bin, nas-doc
-Architecture: any
-Version: 1.9.2-4
-Maintainer: Steve McIntyre <93sam@debian.org>
-Standards-Version: 3.8.2.0
-Build-Depends: autotools-dev, libxp-dev, libxau-dev, libsm-dev, libice-dev, libx11-dev, libxt-dev, libxaw7-dev, xutils-dev, bison, flex, file, po-debconf
-Checksums-Sha1: 
- b1d439c87eef89838ad463c140d0b9ca0f823f5e 1484369 nas_1.9.2.orig.tar.gz
- 592daa599dbfd173eb727138bc8e91f1c9b15a2d 40208 nas_1.9.2-4.diff.gz
-Checksums-Sha256: 
- 722d4f567f61e89e735277a0c1d3cfed98842160e3349bf956b1db525eacd2d3 1484369 nas_1.9.2.orig.tar.gz
- 6c2332c2bf8fa823b36396d49d9b596ef460c286d536e8f027e98778fca376d7 40208 nas_1.9.2-4.diff.gz
-Files: 
- ed7864f55b384452167959022cfb403b 1484369 nas_1.9.2.orig.tar.gz
- 9006a8591c9698f8d182071dbb191133 40208 nas_1.9.2-4.diff.gz
-
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-
-iQIcBAEBCAAGBQJM4CQlAAoJEFh5eVc0QmhOVxMP/2oLdNPl5ajEJQxADHZtIc0f
-/2jMVYpAMThRH/+CDL5K553+ym86zefkqyeGnHlC0dpfabJCJFx3jbd5+ULuiIIE
-sIdf/3sk+oDV9Q7J2dA3/hU8wzjdRnBAuiROC0KIlv42vE7+LnkOthgKcZFFjFLf
-Zst/QrsZQUD/fi8c+p69pDCC6zOHZFj+aMk/HaHyQLhaKZzJHZ8yKqnGsoQExWoS
-9y0RKeAZ9FB8Oe0NIBURzi4R758yxJMGcJXq/GQ+Ob2hWQXwkZ1fnHJefzR1CvjK
-Jxol0g4LPzkBEcMPVZxR0T/tyQcDB/1msZwrsnR0lx4OUKuU/waqVrylzUR3yvLh
-eLDSDUY34HPebk3en5Livcpyr7O3o+8cvoDd/fQ7wv9Sc7uQ1A1pkd+JzoDDLt8j
-/JV9CeV5iHgrfnFHto6V/sgao9+fswsJskH8xPdAi8CtphmZWAOpUKVIql/CmE5z
-u2lwL+Sppj6O7oPPxPiqQYok+8uWc/PLbGzaeZtln/KelZK+/RsXstzgy/40Dh/S
-OYwJsU4purOLjpcjJOVQwrgWHZBH40+jIIQH44tnDfpAy66I3kH1C/ZX5f/a3sHR
-N96Dn2M8Y6/3lRYfTC1MZd8NshTKzbhujuXB5C37BhhMCvT8c4Hqkia4yqVUtAgf
-kV5bbv/jbR59arrWs0Pz
-=mBNS
------END PGP SIGNATURE-----
Binary files /tmp/lMHKt0Fl1d/ia32-libs-20130924/srcs/nas_1.9.2-4squeeze1.diff.gz and /tmp/6G6mfOzNF3/ia32-libs-20131011/srcs/nas_1.9.2-4squeeze1.diff.gz differ
diff -Nru ia32-libs-20130924/srcs/nas_1.9.2-4squeeze1.dsc ia32-libs-20131011/srcs/nas_1.9.2-4squeeze1.dsc
--- ia32-libs-20130924/srcs/nas_1.9.2-4squeeze1.dsc	1970-01-01 01:00:00.000000000 +0100
+++ ia32-libs-20131011/srcs/nas_1.9.2-4squeeze1.dsc	2013-09-27 16:58:14.000000000 +0200
@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+Format: 1.0
+Source: nas
+Binary: libaudio2, nas, libaudio-dev, nas-bin, nas-doc
+Architecture: any
+Version: 1.9.2-4squeeze1
+Maintainer: Steve McIntyre <93sam@debian.org>
+Standards-Version: 3.8.2.0
+Build-Depends: autotools-dev, libxp-dev, libxau-dev, libsm-dev, libice-dev, libx11-dev, libxt-dev, libxaw7-dev, xutils-dev, bison, flex, file, po-debconf
+Checksums-Sha1: 
+ b1d439c87eef89838ad463c140d0b9ca0f823f5e 1484369 nas_1.9.2.orig.tar.gz
+ 9e7a8358e76fb0db056bab57c864ac548f29b134 43710 nas_1.9.2-4squeeze1.diff.gz
+Checksums-Sha256: 
+ 722d4f567f61e89e735277a0c1d3cfed98842160e3349bf956b1db525eacd2d3 1484369 nas_1.9.2.orig.tar.gz
+ 780d4ae15b496035f7d3bd99e1fac22bdd5a5944bbf938a1e23a5733b3ae29fe 43710 nas_1.9.2-4squeeze1.diff.gz
+Files: 
+ ed7864f55b384452167959022cfb403b 1484369 nas_1.9.2.orig.tar.gz
+ cf9841f2419d4b853757ca8d6af75686 43710 nas_1.9.2-4squeeze1.diff.gz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQIcBAEBCAAGBQJSRZvoAAoJEFh5eVc0QmhOTQcP/jJsJTnhwR4eZjX8NyoQUpIA
+MzNOy+J6Ez40NrDPHpY96OgPWwOxxPSUXjBBXt8GVCYw52xojwJ7gacOQ0fxyMUX
+R1bVVn/xgVLhnC0FlmoP3lo8NwXDgOEejSkh87SrW4R+yvOFNmOIuQu6hAfHYLrM
+QindGe9r1odp0PPJnGGV19UuH1CDfs30QoBqI/DNEByJLyMSvWMN5UI9JV7FhWqA
+4WV9Z0I0s4xNbeIxHhzqCQzrdq6+FDPRS2Ea4ajewA94duAhnEeVnO/gTl3IZjh7
+FWjMLnHcctrkWcgrY1hQ5qPJkNTmdyJJjmf6vm5+SXS7iXB3o+tukCd89HPA+Mg9
+er4j4ikzm+uoFBfGHHINyjAbvTVfcQxV6SgsKv20D2Zur4Ie/UU9TqQaSIaIHrz3
+bZuK903nt5C4lEt7rGGVXOdfE/DFUm7LBhTcw6m/qoi2Nn6hmL4CQ+AJEikm8JEB
+v3QrpR6eCAL2BMLrb53EAnTA4BkWL+je0RHai6PAtDAfQtaHcFFWR2s19wERW/I0
+I46PTMMs4dmVqsm0OgweBBrEctHc+1QdM5vguQZQOZLgkTYm3zDsDEVYOeOOckKl
+GvCLGvqD1N6HbPhls1lTrDLvEHL1ftlL5wjdvzcBz7zVHdF9X3I8WTeB8cWYx2eE
+v8E0iYRikHrGNLM8RMDg
+=y5H8
+-----END PGP SIGNATURE-----
diff -Nru ia32-libs-20130924/versions/20131011 ia32-libs-20131011/versions/20131011
--- ia32-libs-20130924/versions/20131011	1970-01-01 01:00:00.000000000 +0100
+++ ia32-libs-20131011/versions/20131011	2013-10-11 09:43:19.000000000 +0200
@@ -0,0 +1,113 @@
+acl 2.2.49-4
+arts 1.5.9-3
+attr 1:2.4.44-2
+audiofile 0.2.6-8
+avahi 0.6.27-2+squeeze1
+celt 0.7.1-1
+coreutils 8.5-1
+cups 1.4.4-7+squeeze3
+curl 7.21.0-2.1+squeeze4
+cyrus-sasl2 2.1.23.dfsg1-7
+db4.8 4.8.30-2
+dbus 1.2.24-4+squeeze2
+directfb 1.2.10.0-4
+e2fsprogs 1.41.12-4stable1
+esound 0.2.41-8
+expat 2.0.1-7+squeeze1
+flac 1.2.1-2
+fltk1.1 1.1.10-2
+fontconfig 2.8.0-2.1
+freeglut 2.6.0-1
+freetype 2.4.2-2.1+squeeze4
+gcc-3.3 1:3.3.6ds1-20
+gdbm 1.8.3-9
+gnutls26 2.8.6-1+squeeze2
+hal 0.5.14-3
+isdnutils 1:3.9.20060704+dfsg.2-4.1
+jack-audio-connection-kit 1:0.118+svn3796-7
+keyutils 1.4-1
+krb5 1.8.3+dfsg-4squeeze7
+lcms 1.18.dfsg-1.2
+lesstif2 1:0.95.2-1
+libaio 0.3.107-7
+libasyncns 0.3-1.1
+libbsd 0.2.0-1
+libcap2 1:2.19-3
+libdrm 2.4.21-1~squeeze3
+libedit 2.11-20080614-2
+libexif 0.6.19-1+squeeze1
+libgcrypt11 1.4.5-2+squeeze1
+libgpg-error 1.6-1
+libgphoto2 2.4.6-3
+libice 2:1.0.6-2
+libidn 1.15-2
+libieee1284 0.2.11-6
+libjpeg6b 6b1-1
+libjpeg8 8b-1
+libnss-ldap 264-2.2
+libogg 1.2.0~dfsg-1
+libpam-ldap 184-8.5
+libpng 1.2.44-1+squeeze4
+libsamplerate 0.1.7-3
+libsdl1.2 1.2.14-6.1
+libselinux 2.0.96-1
+libsigc++-2.0 2.2.4.2-1
+libsm 2:1.1.1-1
+libsndfile 1.0.21-3+squeeze1
+libssh2 1.2.6-1
+libtasn1-3 2.7-1+squeeze+1
+libtool 2.2.6b-2
+libusb 2:0.1.12-16
+libvorbis 1.3.1-1+squeeze1
+libx11 2:1.3.3-4+squeeze1
+libx86 1.1+ds1-6
+libxau 1:1.0.6-1
+libxaw 2:1.0.7-1
+libxcb 1.6-1+squeeze1
+libxcomposite 1:0.4.2-1
+libxcursor 1:1.1.10-2+squeeze1
+libxdamage 1:1.1.3-1
+libxdmcp 1:1.0.3-2
+libxext 2:1.1.2-1+squeeze1
+libxfixes 1:4.0.5-1+squeeze1
+libxi 2:1.3-8
+libxinerama 2:1.1-3+squeeze1
+libxml2 2.7.8.dfsg-2+squeeze7
+libxmu 2:1.0.5-2
+libxp 1:1.0.0.xsf1-2+squeeze1
+libxpm 1:3.5.8-1
+libxrandr 2:1.3.0-3+squeeze1
+libxrender 1:0.9.6-1+squeeze1
+libxslt 1.1.26-6+squeeze3
+libxss 1:1.2.0-2
+libxt 1:1.0.7-1+squeeze1
+libxtst 2:1.1.0-3+squeeze1
+libxv 2:1.0.5-1+squeeze1
+libxxf86vm 1:1.1.0-2+squeeze1
+lzo2 2.03-2
+mesa 7.7.1-6
+mpg123 1.12.1-3
+nas 1.9.2-4squeeze1
+nspr 4.8.6-1
+nss 3.12.8-1+squeeze6
+openal-soft 1:1.12.854-2
+openldap 2.4.23-7.3
+openssl 0.9.8o-4squeeze14
+pam 1.1.1-6.1+squeeze1
+popt 1.16-1
+pulseaudio 0.9.21-3+squeeze1
+sane-backends 1.0.21-9
+sqlite3 3.7.3-1
+svgalib 1:1.4.3-29
+sysfsutils 2.1.0+repack-1
+tcp-wrappers 7.6.q-19
+tdb 1.2.1-2
+tiff 3.9.4-5+squeeze10
+tslib 1.0-7
+unixodbc 2.2.14p2-1
+util-linux 2.17.2-9
+xaw3d 1.5+E-18
+xbitmaps 1.1.0-1
+xcb-util 0.3.6-1
+xcursor-themes 1.0.2-1
+xft 2.1.14-2
Reply to: