[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 971/05 - Debian - Various Security Bulletins
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 971/05 dated 22.11.05 Time: 11:01
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Debian Security Advisories
Detail
======
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 900-2 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
November 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : fetchmail
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-3088
Debian Bug : 336096
Due to restrictive dependency definition the updated fetchmailconf
package couldn't be installed on the old stable distribution (woody)
together with fetchmail-ssl. Hence, this update loosens it, so that
the update can be pulled in. For completeness we're including the
original advisory text:
Thomas Wolff discovered that the fetchmailconfig program which is
provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail
gatherer/forwarder, creates the new configuration in an insecure
fashion that can lead to leaking passwords for mail accounts to
local users.
This update also fixes a regression in the package for stable caused
by the last security update.
For the old stable distribution (woody) this problem has been fixed in
version 5.9.11-6.4.
For the stable distribution (sarge) this problem has been fixed in
version 6.2.5-12sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 6.2.5.4-1.
We recommend that you upgrade your fetchmail package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4.dsc
Size/MD5 checksum: 712 e1a82c36c542d941d9ab5fddd72a084b
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4.diff.gz
Size/MD5 checksum: 300946 003692d316f2ff494fe6486c33211490
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
Architecture independent components:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.4_all.deb
Size/MD5 checksum: 165494 c81bd2391062a87978341feebd8c37b9
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.9.11-6.4_all.deb
Size/MD5 checksum: 92860 e6839df03c88066d2512ec2aa15f4409
Alpha architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_alpha.deb
Size/MD5 checksum: 307132 e726923c5c1fe0466d94fc850011abb8
ARM architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_arm.deb
Size/MD5 checksum: 290738 d77ba92322089b6616153ec4c7174918
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_i386.deb
Size/MD5 checksum: 286456 44493842e69d13461215ccf3f005ada2
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_ia64.deb
Size/MD5 checksum: 329954 ded4883a2870ade58dcc1ca525a76fc9
HP Precision architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_hppa.deb
Size/MD5 checksum: 299108 a149496bb4e367043440b54faa8f3420
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_m68k.deb
Size/MD5 checksum: 281270 79d99ef204a11fc4855cd80c987deba8
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_mips.deb
Size/MD5 checksum: 296536 5dbce03b1d4c4dafefd2a76865d038d0
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_mipsel.deb
Size/MD5 checksum: 296000 db69187b67827063291609685c992245
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_powerpc.deb
Size/MD5 checksum: 291488 8cecaef33456e36256a7498c8ce07556
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_s390.deb
Size/MD5 checksum: 288956 3d5dd68aca0781fdaa64bc600960af46
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_sparc.deb
Size/MD5 checksum: 293594 24741d48693824b9654fe54f28690fd4
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgY/aW5ql+IAeqTIRAkiuAKCT29H2NQLFBWmTqqNCrvMBlPW6aQCfUynO
I0XlLd+3EfcgvkLutbt93P8=
=hMMc
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 901-1 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
November 19th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : gnump3d
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3349 CVE-2005-3355
Several vulnerabilities have been discovered in gnump3d, a streaming
server for MP3 and OGG files. The Common Vulnerabilities and
Exposures Project identifies the following problems:
CVE-2005-3349
Ludwig Nussel discovered several temporary files that are created
with predictable filenames in an insecure fashion and allows local
attackers to craft symlink attacks.
CVE-2005-3355
Ludwig Nussel discovered that the theme parameter to HTTP
requests may be used for path traversal.
The old stable distribution (woody) does not contain a gnump3d package.
For the stable distribution (sarge) these problems have been fixed in
version 2.9.3-1sarge3.
For the unstable distribution (sid) these problems have been fixed in
version 2.9.8-1.
We recommend that you upgrade your gnump3 package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge3.dsc
Size/MD5 checksum: 575 49b982ffa8bc0981063c22e43e37d8e0
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge3.diff.gz
Size/MD5 checksum: 16233 c719d2a258db442db1523c8f5c06560c
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3.orig.tar.gz
Size/MD5 checksum: 616250 1a0d6a10f6ac2354e1f8c6000665f299
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge3_all.deb
Size/MD5 checksum: 603396 87d0c50400f7cd2d96e4c42982102f7e
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDftFUW5ql+IAeqTIRAvsTAJ0UBLkVAUo4NSQg8r3MsbMtXGC0CgCfcvA0
wR5CC4V9G2kyiBDF9UsYWXE=
=/EV6
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 902-1 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
November 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : xmail
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-2943
A buffer overflow has been discovered in the sendmail program of
xmail, an advanced, fast and reliable ESMTP/POP3 mail server that
could lead to the execution of arbitrary code with group mail
privileges.
The old stable distribution (woody) does not contain xmail packages.
For the stable distribution (sarge) this problem has been fixed in
version 1.21-3sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 1.22-1.
We recommend that you upgrade your xmail package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1.dsc
Size/MD5 checksum: 657 a4e8cbdcec1936899e9adddc6b1bc906
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1.diff.gz
Size/MD5 checksum: 28636 bdd037ca57a8a87c7ab8bb3a88129c51
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21.orig.tar.gz
Size/MD5 checksum: 413237 c6417c5b66cd0b0bff7375767d07235b
Architecture independent components:
http://security.debian.org/pool/updates/main/x/xmail/xmail-doc_1.21-3sarge1_all.deb
Size/MD5 checksum: 167674 f0fa9b9b5cacf6b74dfcd69263c9828f
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_alpha.deb
Size/MD5 checksum: 278502 b101478b4cf0e95815f555ee6bdd454a
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_amd64.deb
Size/MD5 checksum: 221568 4bd15b227397150b4bc19f3796f3bc2d
ARM architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_arm.deb
Size/MD5 checksum: 192590 ba0ef6c44b48499884a8223a7a461fea
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_i386.deb
Size/MD5 checksum: 217318 bdc30f339ec5a24d350bc48b7dff8230
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_ia64.deb
Size/MD5 checksum: 302600 2d4d3612ddaac4dabcc82952273edfc7
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_hppa.deb
Size/MD5 checksum: 221460 9d190d6f7c447408da4e6455bc5a024b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_m68k.deb
Size/MD5 checksum: 171800 83523cace162c5512e871b522f8f7856
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_mips.deb
Size/MD5 checksum: 253434 72c21574bd267b086525d6dc0aa0d1b5
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_mipsel.deb
Size/MD5 checksum: 252274 438867cf4bf498f4b7718f660dea4daa
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_powerpc.deb
Size/MD5 checksum: 237562 50e3a3caa64ac6b7bd48c041a7631d4d
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_s390.deb
Size/MD5 checksum: 207120 4a8224bbd34e2fdf08ba38f416ae367c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_sparc.deb
Size/MD5 checksum: 200282 eeae78fc7f3b86637dde718f2191247a
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgX0qW5ql+IAeqTIRAk7gAJ9iEkkF3Me2oSa2OxTPq3OCDFZzNwCeOrN2
5HBvgXDJyEA6EMUQUtpFy8Q=
=7g5i
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 903-1 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
November 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : unzip
Vulnerability : race condition
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2475
BugTraq ID : 14450
Debian Bug : 321927
Imran Ghory discovered a race condition in the permissions setting
code in unzip. When decompressing a file in a directory an attacker
has access to, unzip could be tricked to set the file permissions to a
different file the user has permissions to.
For the old stable distribution (woody) this problem has been fixed in
version 5.50-1woody4.
For the stable distribution (sarge) this problem has been fixed in
version 5.52-1sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 5.52-4.
We recommend that you upgrade your unzip package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4.dsc
Size/MD5 checksum: 571 684b8e8a520bfb6fa00ed477e1df9f0e
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4.diff.gz
Size/MD5 checksum: 6099 44a7e7bb15dd3ab02a7e001cdaa0ca79
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
Size/MD5 checksum: 1068379 6d27bcdf9b51d0ad0f78161d0f99582e
Alpha architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_alpha.deb
Size/MD5 checksum: 160404 4031c211175ee7c728f8cc42334ae816
ARM architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_arm.deb
Size/MD5 checksum: 139336 7ebcf2fc5f4cc97000954c05bd80966b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_i386.deb
Size/MD5 checksum: 122764 2369eed1365bb4f6aadd09ac75c9693b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_ia64.deb
Size/MD5 checksum: 190982 a0e88f9c1279d3b2c7941690e439ff65
HP Precision architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_hppa.deb
Size/MD5 checksum: 146928 7cfae9b95228d90ca3a1d83bda79655b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_m68k.deb
Size/MD5 checksum: 119542 f3b8481fb06596dc6fc84aeefd7e5bbf
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_mips.deb
Size/MD5 checksum: 142948 dc037b7fa6f703ca7a1b140d2c19911e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_mipsel.deb
Size/MD5 checksum: 143390 3630211263e9245e1773913a2474a9ff
PowerPC architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_powerpc.deb
Size/MD5 checksum: 136326 0aa9b78a55e11796693b906f0900ac64
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_s390.deb
Size/MD5 checksum: 137018 cfd3ef68d1c6d2ecde54c1a67a6c3adc
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_sparc.deb
Size/MD5 checksum: 147472 3f90c2488e0bf3aa6b3f0ec8acd815d9
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2.dsc
Size/MD5 checksum: 528 84e70559fc6ca7a2a9331f31f462b548
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2.diff.gz
Size/MD5 checksum: 4970 69b3a1be17c376bf4419201f4d1ec8a5
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5 checksum: 1140291 9d23919999d6eac9217d1f41472034a9
Alpha architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_alpha.deb
Size/MD5 checksum: 175420 841029027991b860df6215c994b7c3b6
AMD64 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_amd64.deb
Size/MD5 checksum: 154804 c3a1cf3a9e5f63af998df54898e4d88f
ARM architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_arm.deb
Size/MD5 checksum: 155356 7d0ea21c83b7c01c74c3822abd5f022c
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_i386.deb
Size/MD5 checksum: 144864 320a080d0cfbf93a47e75469d95f84e9
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_ia64.deb
Size/MD5 checksum: 206580 ba92d4f8810bc7a44ab7c8957f23222a
HP Precision architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_hppa.deb
Size/MD5 checksum: 162756 fd86bf652a165e4f8d390faae9568514
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_m68k.deb
Size/MD5 checksum: 133674 da733ceba3d7467b46a5ec4ba92d4acc
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_mips.deb
Size/MD5 checksum: 163318 773c63ffc83a536d8809757d5a8a8b4a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_mipsel.deb
Size/MD5 checksum: 163892 18f2898f965b04c40d72d92c91243dfd
PowerPC architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_powerpc.deb
Size/MD5 checksum: 157286 822fb6f064c6a298659f4966034a76fb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_s390.deb
Size/MD5 checksum: 156410 7bb65d46d779040eeaddab1ff916c039
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_sparc.deb
Size/MD5 checksum: 154876 763b24730efd2ac6a334f8d1af1706be
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgatcW5ql+IAeqTIRAvMvAKCcVwATytiDdN4K/62sYNSoqSzJNQCfQqzu
zrJu9fZOdCZoskHU/ct/SUQ=
=9Jbk
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 904-1 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
November 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : netpbm-free
Vulnerability : buffer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-3632
Greg Roelofs discovered and fixed several buffer overflows in pnmtopng
which is also included in netpbm, a collection of graphic conversion
utilities, that can lead to the execution of arbitrary code via a
specially crafted PNM file.
For the old stable distribution (woody) these problems have been fixed in
version 9.20-8.5.
For the stable distribution (sarge) these problems have been fixed in
version 10.0-8sarge2.
For the unstable distribution (sid) these problems will be fixed in
version 10.0-11.
We recommend that you upgrade your netpbm package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.5.dsc
Size/MD5 checksum: 662 96a668f0bb42e934723b9b817689cc15
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.5.diff.gz
Size/MD5 checksum: 53572 9f2a3165379c73a32e804b204b9b1e59
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Size/MD5 checksum: 1882851 0f153116c21bc7d2e167e574a486c22f
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_alpha.deb
Size/MD5 checksum: 77848 627c196dd4639c50f6da9690496be51e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_alpha.deb
Size/MD5 checksum: 135546 806a23dbf8413a1f843aa11fbbfa781b
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_alpha.deb
Size/MD5 checksum: 1414082 fa04a52a558e6c669be2d094f93a4e56
ARM architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_arm.deb
Size/MD5 checksum: 64254 6f3e8baa362a0a3bbaa786c6a407d650
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_arm.deb
Size/MD5 checksum: 125610 74820b9a024736466427ce1d11a6adcd
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_arm.deb
Size/MD5 checksum: 1127918 4a832be9b32a6f862587021e25fc86f4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_i386.deb
Size/MD5 checksum: 62566 727555759e3ee96e14afc427fd1a4ed4
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_i386.deb
Size/MD5 checksum: 103548 e4d71b9a616d71d62fda09bda5488edd
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_i386.deb
Size/MD5 checksum: 1078678 e308c85fd1bee7a94f7d07eb0814e607
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_ia64.deb
Size/MD5 checksum: 96604 aa26dc77cfae42c85fc827080c3c14cc
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_ia64.deb
Size/MD5 checksum: 170564 0f28db29582f8574fe5efec313f0381a
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_ia64.deb
Size/MD5 checksum: 1608842 b600f6008f1bec860ace6011e2fa9c0a
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_hppa.deb
Size/MD5 checksum: 84002 62a268babaa314dcdd5b033c72266a11
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_hppa.deb
Size/MD5 checksum: 123008 aee769727d4ab3aa31ff9c81e8711758
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_hppa.deb
Size/MD5 checksum: 1337864 2267fdf93760dadda27bedeba21caaa9
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_m68k.deb
Size/MD5 checksum: 62134 16cf3e3a10d721afec49783d7c3fbf92
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_m68k.deb
Size/MD5 checksum: 102356 c3d4d655a64999384c32fe344a599682
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_m68k.deb
Size/MD5 checksum: 1016676 2fc4559a8210aab615c916b802ba7684
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_mips.deb
Size/MD5 checksum: 66994 825061bf9972d1ded323d5acdcd710b3
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_mips.deb
Size/MD5 checksum: 123604 437b49b289dc3072ebaae26ebbbbff66
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_mips.deb
Size/MD5 checksum: 1181322 2de610968c7e02bbf260b212a6a1ac84
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_mipsel.deb
Size/MD5 checksum: 66838 565e13796a04a757af7e5020290dcde4
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_mipsel.deb
Size/MD5 checksum: 123662 64da6e70b45ddb6f4468f46e7c44e9d6
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_mipsel.deb
Size/MD5 checksum: 1180028 b29bbde4848b486ee1c2f533197d6752
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_powerpc.deb
Size/MD5 checksum: 69042 21dd1ef5cbe08aceb71b58d7d1a7a16f
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_powerpc.deb
Size/MD5 checksum: 117970 b2c077652d4f90fa4f03e0f28534559e
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_powerpc.deb
Size/MD5 checksum: 1154096 2e415b674c4e3d73d79894a2a6d54e52
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_s390.deb
Size/MD5 checksum: 66788 a4b358db59bf28ce606efa8ed31f8428
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_s390.deb
Size/MD5 checksum: 116142 cf4293b7b0ae9e370b5f4fcd4bc8d112
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_s390.deb
Size/MD5 checksum: 1130568 d0e7577566b78bc0a24dec621fd81e85
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_sparc.deb
Size/MD5 checksum: 65400 d17577ed10e69ee74f75e703b385882e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_sparc.deb
Size/MD5 checksum: 118692 903289a73a661db5132034669d22ba45
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_sparc.deb
Size/MD5 checksum: 1435808 07cb72079ccdedd112694b06fd034552
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge2.dsc
Size/MD5 checksum: 749 8ab3b792bc83b9d768a09132935966a4
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge2.diff.gz
Size/MD5 checksum: 45837 4182abb160edf2f5081bfc2b7bc31377
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5 checksum: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_alpha.deb
Size/MD5 checksum: 82672 37d22ebe7276477898ac5a80f3c3ca00
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_alpha.deb
Size/MD5 checksum: 145984 c88fc97f0e29e0388ca2d17aba17ba09
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_alpha.deb
Size/MD5 checksum: 91588 d13c945e0bb3e9bee58e0ff2b170207e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_alpha.deb
Size/MD5 checksum: 146408 f2776a853306abf2dcfa40623d576e06
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_alpha.deb
Size/MD5 checksum: 1594906 2bdc07c20834ae3bf3f4457357de1f19
AMD64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_amd64.deb
Size/MD5 checksum: 68748 ef2f34beb730485fee2a4ffd875941f8
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_amd64.deb
Size/MD5 checksum: 118008 ff2f3169d6fb407bf8f2c72161321b1a
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_amd64.deb
Size/MD5 checksum: 77132 776dab5922464bc0e0530498f8cb1b54
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_amd64.deb
Size/MD5 checksum: 118400 ae18aec98ef8662f6666e0f8d32c87d3
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_amd64.deb
Size/MD5 checksum: 1277520 c212cf4f1ec34de9c59268312b298956
ARM architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_arm.deb
Size/MD5 checksum: 61804 55de08dc9496ac0ab77b17a2c766c80c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_arm.deb
Size/MD5 checksum: 114652 ea128cedb8a31391821c3d377adcc196
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_arm.deb
Size/MD5 checksum: 68900 025644277b7b494a6b67850085f32f02
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_arm.deb
Size/MD5 checksum: 115068 01c46f8400fb00dbd4f2ab57cff93466
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_arm.deb
Size/MD5 checksum: 1226686 d11f8e54b13050f7b5823fd0f72330a1
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_i386.deb
Size/MD5 checksum: 64926 ce68c6c99dd0d6946caa158974a3a201
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_i386.deb
Size/MD5 checksum: 110566 39d16a56f46bd49d39a6dc6fd89aa08a
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_i386.deb
Size/MD5 checksum: 72040 e5dffe84d5d74b74d0e8acaaed1c3d55
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_i386.deb
Size/MD5 checksum: 110738 305012924bc7390035d1d69b6c5c721d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_i386.deb
Size/MD5 checksum: 1178734 999eddf08e1d0c24d16f601a220c9b93
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_ia64.deb
Size/MD5 checksum: 96466 544eb8f9ff0086c3e9d3abdec86fbec9
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_ia64.deb
Size/MD5 checksum: 154668 80d6aebf07b4338ce1816959226c1227
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_ia64.deb
Size/MD5 checksum: 107210 515ff376d227fa5cd1e3f314da465934
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_ia64.deb
Size/MD5 checksum: 155020 3b539cd2d6b0fee495dcc954faedf0a1
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_ia64.deb
Size/MD5 checksum: 1816522 cb9920b1ce0035f070db19adbc15373b
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_hppa.deb
Size/MD5 checksum: 77962 4640e42165c5a28faee159623eaf3b47
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_hppa.deb
Size/MD5 checksum: 128068 045b1b3c72a4b538de0eef9f39f22bf4
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_hppa.deb
Size/MD5 checksum: 88608 5e57aa608b3b5bb7da235d8f81de6fd5
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_hppa.deb
Size/MD5 checksum: 128532 7620a8001c3436855b929cd80c8f7af6
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_hppa.deb
Size/MD5 checksum: 1410172 936284480aff9674517eccfaae99f76d
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_m68k.deb
Size/MD5 checksum: 62276 a7695c8d946d05b977686d8c5a43d569
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_m68k.deb
Size/MD5 checksum: 105384 428c32376928676f579b4acc808df5ba
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_m68k.deb
Size/MD5 checksum: 69594 bc6914997fd9942c4881124feff14bd6
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_m68k.deb
Size/MD5 checksum: 105604 f11be5ff58c8fd6ee632bf01647e4199
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_m68k.deb
Size/MD5 checksum: 1119642 fbd4be6544590ec08a818220e08d0e71
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_mips.deb
Size/MD5 checksum: 68680 554ee1f49b1399d0e0ce57aaccfdaa22
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_mips.deb
Size/MD5 checksum: 120034 acb9e8860ffd41b6abedaacae15d22cc
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_mips.deb
Size/MD5 checksum: 75504 5e82d1e1f5e806d470d6f139a474ed77
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_mips.deb
Size/MD5 checksum: 120384 6c23833c6690f184a9f4099cf2de7d38
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_mips.deb
Size/MD5 checksum: 1671538 565ffe085afee85bdadb3931716aff9a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_mipsel.deb
Size/MD5 checksum: 68390 09eaf6ff62842b12bba001003ceda8dc
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_mipsel.deb
Size/MD5 checksum: 120134 ea9ca48c392b946b75591818b1a7f08a
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_mipsel.deb
Size/MD5 checksum: 75164 26701ac67beabf7d842e894a0d40130c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_mipsel.deb
Size/MD5 checksum: 120442 ab43c7303e4a3d00cf281f5a05e4e83f
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_mipsel.deb
Size/MD5 checksum: 1678264 f4df4fa5a4873fa38fcdf06a93d867b2
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_powerpc.deb
Size/MD5 checksum: 71138 5537258e9e342998750d9b6506982164
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_powerpc.deb
Size/MD5 checksum: 123604 e12f868f695adfcef8a6256cbb89daaa
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_powerpc.deb
Size/MD5 checksum: 83324 129d59fb7fdfda0dfd06327eda4ea214
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_powerpc.deb
Size/MD5 checksum: 123910 193561799536112dbfac38c50cb89a6b
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_powerpc.deb
Size/MD5 checksum: 1521584 f2ec44857eaf4bf9e591a2e0d993d65c
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_s390.deb
Size/MD5 checksum: 70438 deaf1eac0c8c8e1ed2e676aee31cec47
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_s390.deb
Size/MD5 checksum: 115184 4a96f38c41c6e0bf4c66aa3419178a22
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_s390.deb
Size/MD5 checksum: 77632 ca8446b3919271228491d8b255fd5bf9
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_s390.deb
Size/MD5 checksum: 115652 37cb64b6ac171da0fffa8944fbe5f60d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_s390.deb
Size/MD5 checksum: 1256870 427dae51b929fdb0ef16feb60019fdcd
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_sparc.deb
Size/MD5 checksum: 67734 b3eacbd2deeb9da5fed21fa03647951f
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_sparc.deb
Size/MD5 checksum: 117286 fce7a4a7d08697f2cf5b2b22c94934ea
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_sparc.deb
Size/MD5 checksum: 74492 81ece0d62781d46579cfc923e2f9ad4d
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_sparc.deb
Size/MD5 checksum: 117698 5217fe47475db4e8d0e8f99ff5675aca
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_sparc.deb
Size/MD5 checksum: 1279416 f0e1ad2342fefbdce08630777d03c579
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgf5OW5ql+IAeqTIRAmMmAJ9mjT2xHOCjQj43OERq7JFtD3ze6gCfRPh0
E/yFbQi4Oo+JrV/fUw4h3u0=
=Z1R9
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 811-2 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
November 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : common-lisp-controller
Vulnerability : design error
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2657
The bugfix for the problem mentioned below contained an error that
caused third party programs to fail. The problem is corrected by this
update. For completeness we're including the original advisory text:
Francois-Rene Rideau discovered a bug in common-lisp-controller, a
Common Lisp source and compiler manager, that allows a local user
to compile malicious code into a cache directory which is executed
by another user if that user has not used Common Lisp before.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 4.15sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 4.18.
We recommend that you upgrade your common-lisp-controller package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/common-lisp-controller/common-lisp-controller_4.15sarge3.dsc
Size/MD5 checksum: 599 20ea8fa341ceb1cf7b023aff4df6e389
http://security.debian.org/pool/updates/main/c/common-lisp-controller/common-lisp-controller_4.15sarge3.tar.gz
Size/MD5 checksum: 25132 0f2d6f3e075eb70397b6664c37e99867
Architecture independent components:
http://security.debian.org/pool/updates/main/c/common-lisp-controller/common-lisp-controller_4.15sarge3_all.deb
Size/MD5 checksum: 24184 854430ec786872dc81f7d735dd554e54
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgW8EW5ql+IAeqTIRAkusAKCcoQkyJQv+Ra/wJ3g4WiM1WH1DXwCbB/jp
wF+MXIlgUhcChT9hrccg7HY=
=irng
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQCVAwUBQ4L67Ipao72zK539AQFtGAP/S/H8qT/MD8AGNxXIbhwSKGufjL4Axo7I
nnnAVauwXKFjBpQFxIKDuOcxv7/1gx+qNXpjj2VTbyvWniebNp/orMgzBpdGTqsy
R+pZPPD/ZKAT3+GigVScflyPTUoRANcpPiFD7+olJVNLg+cZ+bBp3WV7P2WNQBZs
JD3Uk7k0pLI=
=YUSW
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________