[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 553/05 - Debian - Four Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 553/05 dated 19.07.05  Time: 15:00  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Debian - Four Security Advisories:
     1.  New phppgadmin packages fix directory traversal vulnerability [DSA 759-1]
     2.  New ekg packages fix several vulnerabilities                  [DSA 760-1]
     3.  New heartbeat packages fix insecure temporary files           [DSA 761-1]
     4.  New affix packages fix arbitrary command and code execution   [DSA 762-1] 


Detail
====== 

Security advisory summaries:

     1.  A vulnerability has been discovered in phppgadmin, a set of PHP
         scripts to administrate PostgreSQL over the WWW, that can lead to
         disclose sensitive information.

     2.  Several vulnerabilities have been discovered in ekg, a console Gadu
         Gadu client, an instant messaging program.

     3.  Eric Romang discovered several insecure temporary file creations in
         heartbeat, the subsystem for High-Availability Linux.

     4.  Kevin Finisterre discovered two problems in the Bluetooth FTP client
         from affix, user space utilities for the Affix Bluetooth protocol
         stack.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 759-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
July 18th, 2005                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : phppgadmin
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2256
BugTraq ID     : 14142

A vulnerability has been discovered in phppgadmin, a set of PHP
scripts to administrate PostgreSQL over the WWW, that can lead to
disclose sensitive information.  Successful exploitation requires that
"magic_quotes_gpc" is disabled.

the old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 3.5.2-5.

For the unstable distribution (sid) this problem has been fixed in
version 3.5.4.

We recommend that you upgrade your phppgadmin package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.dsc
      Size/MD5 checksum:      584 46f4509ee768781e441286d125afe0f5
    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.diff.gz
      Size/MD5 checksum:    10063 8f1d0323ae84979c21a409334c6e70db
    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2.orig.tar.gz
      Size/MD5 checksum:   612995 9978c0a723a9e4572f2264478c0ba193

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5_all.deb
      Size/MD5 checksum:   601022 b9e4117adf7ef565e6884fbde4daaf9f


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC24QQW5ql+IAeqTIRAuNeAJ9gsmWwsgBINoKXojvNE3wH54IWJACgi/FK
A0LZceCQa5vcLWI8fHuR+OA=
=I1x/
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 760-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
July 18th, 2005                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : ekg
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-1850 CAN-2005-1851 CAN-2005-1916
Debian Bug     : 317027 318059

Several vulnerabilities have been discovered in ekg, a console Gadu
Gadu client, an instant messaging program.  The Common Vulnerabilities
and Exposures project identifies the following vulnerabilities:

CAN-2005-1850

    Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary
    file creation in contributed scripts.

CAN-2005-1851

    Marcin Owsiany and Wojtek Kaniewski discovered potential shell
    command injection in a contributed script.

CAN-2005-1916

    Eric Romang discovered insecure temporary file creation and
    arbitrary command execution in a contributed script that can be
    exploited by a local attacker.

The old stable distribution (woody) does not contain an ekg package.

For the stable distribution (sarge) these problems have been fixed in
version 1.5+20050411-4.

For the unstable distribution (sid) these problems have been fixed in
version 1.5+20050712+1.6rc2-1.

We recommend that you upgrade your ekg package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.dsc
      Size/MD5 checksum:      755 afa73f3af76f74355574c130ba76d461
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
      Size/MD5 checksum:    40957 385352563d78e23c0ba637d9ad504315
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
      Size/MD5 checksum:   495079 bc246779de6f6c97f289e60b60db6c14

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_alpha.deb
      Size/MD5 checksum:   310804 35d7c8cbf8a12901b9d40fe9b0f6afb0
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
      Size/MD5 checksum:   151072 fe52ee0e5b5178b354cf1215a1c70797
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_alpha.deb
      Size/MD5 checksum:    69360 d4076333e7a8ea9ea030ee74b949268d

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_arm.deb
      Size/MD5 checksum:   267786 b6d7d7cee20a21b908970f38bb568ad3
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
      Size/MD5 checksum:   129136 8ce65bb7f665b77ab34b337a2fde411a
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_arm.deb
      Size/MD5 checksum:    62250 b54df9bcb8a054d17edcd9a46aba4f1a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_i386.deb
      Size/MD5 checksum:   270560 d7da9425b12bade210092332eb4ead24
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
      Size/MD5 checksum:   126152 b9f5a0c2c12f9b3e62242d1e8bd2f2ef
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_i386.deb
      Size/MD5 checksum:    63260 9f7cee9a3edcf0bdeabdd604f4db9e8b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_ia64.deb
      Size/MD5 checksum:   355198 9f1aa917338fd9f82fe25c3b79d81cb6
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
      Size/MD5 checksum:   150008 4a795a0f7f5ee180eeadd396b94f7a8c
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_ia64.deb
      Size/MD5 checksum:    79918 fcf1dc826c929f6ed7b064bc1eabe0f0

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_hppa.deb
      Size/MD5 checksum:   287906 0ec525527f56e0024394f3ec4b94ca9e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
      Size/MD5 checksum:   135454 b8f890184a99fdebaa7fa6fb45edbe88
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_hppa.deb
      Size/MD5 checksum:    68776 97e1579e479f6079efa4ca9437e11048

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_m68k.deb
      Size/MD5 checksum:   248558 265300b483f1ccb46933d35590ebeb4e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
      Size/MD5 checksum:   121620 7d367ffda93603c7efbb3e318dafcd80
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_m68k.deb
      Size/MD5 checksum:    61862 4a46b3bc96f5a4504573d14434f39ace

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mips.deb
      Size/MD5 checksum:   280752 ec0bde8528d052a57bf790fa3c668bce
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
      Size/MD5 checksum:   131864 a2bfe75adc1f9e64d017b736e0b73e85
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mips.deb
      Size/MD5 checksum:    61666 fddfdd1c6f69b7594d1912571c3c1f6f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mipsel.deb
      Size/MD5 checksum:   280416 180f2466a931ad0e8aa41bc026a3ebf8
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
      Size/MD5 checksum:   131848 e3050e9504665b1732fe32f1e38f236f
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mipsel.deb
      Size/MD5 checksum:    61666 6342defe0f25bace47bed4ed21023f17

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_powerpc.deb
      Size/MD5 checksum:   280532 c8cd83e7a1810c202c795dc72759f3e6
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
      Size/MD5 checksum:   131524 c60af9fcc06d88bca764dd9cdf80b722
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_powerpc.deb
      Size/MD5 checksum:    65636 b5f436a764e7556075ec241da72fb457

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_s390.deb
      Size/MD5 checksum:   279018 96b787165549cdb9eb1d148c63752656
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
      Size/MD5 checksum:   128726 5be20aa3b72856ad6f17835ff8e25e56
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_s390.deb
      Size/MD5 checksum:    64164 4548c97ed8ed104301c63f9dc528c74e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_sparc.deb
      Size/MD5 checksum:   269416 b096a73c10c7ef0386dc27a89aad30e7
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
      Size/MD5 checksum:   128084 b74cc91e48e91e2b0c117a9fd897059d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_sparc.deb
      Size/MD5 checksum:    64176 a49f36139775619d597c8afd1132c3eb


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC2+hlW5ql+IAeqTIRAiexAKC321vEYqLOqkkd9tU7hgcZ6tTvXACfcbIC
0VrXQqOCsqFNwdkwcDw9mBE=
=Yot6
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 761-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
July 19th, 2005                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2231

Eric Romang discovered several insecure temporary file creations in
heartbeat, the subsystem for High-Availability Linux.

For the old stable distribution (woody) these problems have been fixed in
version 0.4.9.0l-7.3.

For the stable distribution (sarge) these problems have been fixed in
version 1.2.3-9sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 1.2.3-12.

We recommend that you upgrade your heartbeat package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.dsc
      Size/MD5 checksum:      658 2de794d2f0c7bbeafa08ecca95a47a12
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.diff.gz
      Size/MD5 checksum:    47040 1376087e2548ffea01f1fa05f0644952
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz
      Size/MD5 checksum:   308033 1dcae9e87ad2e5c2113e91a884c1ca8e

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.3_all.deb
      Size/MD5 checksum:    33196 1555855937e539691c90d0922c5b4723

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:   207842 2ac37764f43c65cb2c52ccbcb01c200c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:    15528 09da0f1657f0cecdd5a61e64d427d2cd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:    14166 68f4624f3ab15fdb40ca5c03509801a9
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:    63996 e6be61aaf9968a45279836d2c0ccfe06

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:   194086 c844f2f1b2229158a9f957a35692a9b7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:    15192 553019cc16dca110440b1ff71b89c41a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:    13514 3f0388253daf988d1130e3ca85b22466
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:    53664 fa8d400ac60493dcb9a532d8267aa2a7

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:   185258 f31317301ac9a8c059e1198604e3501f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:    14860 231f74af0884ca03735c775ad382e8b9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:    13370 6c003c7a78a50aee134f5e0fb80afca3
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:    51094 4699c73994b6f5ec39f9ece83dbcfc81

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:   259426 34814d6a05215a9cbd3e5c96420d16dd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:    16156 65ff55faefafac7d4283ce57441d7d00
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:    15240 ff38757ef93dc3bf1027062c6f3bc06e
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:   100186 cc86feab05680b136abd9730a42c49c7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:   195524 56abbe7f95d60d060417a6ec48c12483
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:    15340 9e20f4711e2eea62b7af29ff66e73410
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:    13712 87b566f57390860362f28e1d36fabd39
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:    55302 d578c7989b3ee7e817bbc4f7a1747aca

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:   187656 7659d4d20a0497e6fcd392f748876c79
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:    15026 d13593c6bc76f66760a1a158665f3bff
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:    13560 36324500270366b1e96b229857d53273
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:    53844 805cb90d55db38fbf63491097525af2d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:   185602 346bd385318eb68b07fb6e46923ba497
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:    15274 9c621d34da8824d136ebdd4936fe222b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:    13478 335a654e6d4419517ba0ac9f1f616d93
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:    51264 a7f3dd6afb7e8783bef2c112f0c05f5c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:   185328 ee8e33a8fc55f5c1b40a4124627c9809
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:    15290 6f4b59bf0e457b0a1c4ab1ff3906056a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:    13458 5b315945a4488e867304bbb30dbc5ccb
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:    50692 c47d7b8ea66b7adab97f71451632d82e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:   187646 a5a6db6f8bdcf231c19967f83825ab2f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:    14998 215f2585d66fa25d75caa9a58ae4f814
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:    13512 cb16f3b5d02d62cd26b97c64f2328a33
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:    52968 1dd68c1e52f0baafe093c1479d0ecfd1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:   192078 78473e34aa764f4928a99ec072976a2f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:    15002 18e2a84299bc88cee8368c2450834152
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:    13594 447c803912d89fcaf0f99cea1dc34b65
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:    50648 6fd38fc07695cefc9d6f2c5af4457781

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:   204660 701227fa11d9a1cae8beb2cc2cd68bd4
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:    15332 e2f9b50afc00eb526b4f0c71a32f4240
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:    13526 ead73a8645f1729fa08d245b2e672938
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:    68402 a0f407908bb7e5fe31c5bc7075a924f3


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2.dsc
      Size/MD5 checksum:      881 d4d3d4d3ffdb81c703e193d1418bdf94
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2.diff.gz
      Size/MD5 checksum:   267336 448b159ad198b3e5aaa660fa4ba6b018
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge2_all.deb
      Size/MD5 checksum:    45260 1712cab7c30f489ab160d5f7d06a3716

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:   574418 1ac2659439d0671361f3162eddd347b3
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:   150546 c31bf25636f891049cb053044a570aaf
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    70828 75ff910609f049c38bccaa54aef64fe3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    53860 2b730ffadbd9acf789622e3388eb1b03
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    31016 334717fd25592ce2b643b3ae7616975e
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    94036 a7616bfe7d88fb048836ccd8cf993987
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    31472 7d264c0cb86bf84a3ec624d487589a04

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:   498330 c7efb45f68781a939308a72526f89384
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:   123540 d5ada0bb40732f0600e214109b82fb65
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    63128 c34a0b395cf9ff89f9d900d7922553a0
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    48984 e61af3427c0fa8b91d3da816fb56ca03
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    29752 26269c283c1d25dadc460646db6328cb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    77326 9762feec9177b5f25fb7a27df2343797
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    30182 31d4ef55c09e15c7216b45b9fba8d7c0

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:   493576 aa1036e1d88d4ed7e427c41c59b4c299
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:   117480 bdac3d64829390a9f1d4e9f072cedcd2
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    58838 e02009ab5394e1c6c8e23f6b82ce27ed
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    48020 897a098bf7c4eb050b9bbb25f4b4cb51
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    29484 4c6cf357f0f3f9489148e371101b5158
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    79082 7e0fed09db38b4aa952b49c504c1e2e9
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    30334 934b99ffd0c64cbaa93d98924dec7ce9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:   648240 9fa7f6229d090538201900967ae19b98
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:   152596 6420045a3eca23f837b95afc764b441e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    74092 0696213e6ae465f94895fd8bfce04e06
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    62356 a7188eaa4220e15d66e68d25b81ef8f5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    31158 503f77fe0a202131271d5c7bd5644154
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:   104520 e67cde820023abd4d3f972fe5b382786
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    32408 0b523cf39ff5637d3a1a77087acfc568

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:   550526 04644d7961eb113e73df5421aa95c2ec
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:   135838 305b84e50925aa9649c6d1bc85a01b4d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    68118 6003de303229ac0d7620ad186e37feb8
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    55496 f3a577742b3f36f7930da7a0be4834b9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    30262 7491e3eee8f09a3e4c4182e52188b8b6
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    92738 4bbd6be9256859def562f7bc2ce609c2
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    31342 043d19ec3865b81da9a4614c871598d7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:   480546 52de98aa76b73fc50f3c76320134f162
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:   113396 1fabe1ce369c9598fc54c3dd98ea7c4c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    56432 d29cde3792cdf7f87f82555fc73a0017
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    48172 938a4dff2081fc7b0e3b2b3a2682be76
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    29382 ac7c0249dec626802b288a47f8453550
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    81846 947c019eadd0d23c7035d55797e84020
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    30176 2b79abf07dd5ccf750e24d8c340f2936

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:   536356 34cc0c834822a400940f0f8ce35fbba3
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:   132518 73ed368f00343201e2b8aae24b16bc2e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    65420 d5c9dc962b061e87df0b2c1de8e17b52
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    48294 09c0de4f6afe635b343ae267f9c8479a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    30092 3af323a0a152ebdb35e874aa46ad2153
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    80576 e5b762cba06123a188d8b702ab1ea426
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    32554 af522fc1d263d87b3e4990f90d6fe0f9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:   536930 cd16e4657be6e5e80b6d42e083b0b59e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:   132626 f3cebb2630ca5fabed9c2d7dd85b718f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    65190 1de3a22e027cf649c38ed3ee6e306fff
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    48504 a1a5790879c230ae02e34d0e8dff66fb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    30118 686a83f067d915355659a1b7de6fcb79
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    80490 9f2c86dcab0d151ef75df431dad1016a
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    32542 06cf7d8f2f62346771da7205a0c2ba68

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:   554912 ffda2ab8ed9fbd870f39ca12ec7ce51b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:   127456 0a82ec5198eeca8f10db33a14ff78ed3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    61698 68ec3aea447a88a2d1b3939ce3d0cc49
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    53354 c655c0674036cfb81474381bf5e24bcd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    29970 138543206d3ff9ce4c329e2d3bf1f3a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    98528 55a8e99ad199ea6d08cbfe25ccb5fcfe
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    33138 8e049d3fd4863eb717a03c22acc12855

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:   530408 719bec59d58bf3b4a0ade578d2f43d43
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:   126590 7822fa62f40cdd4759cd6e0fff682b7e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    62282 6837ea537550f5acc19f0bbcb3b1ff17
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    52798 8298af9cff07a7bdc24afb31cb750a12
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    29864 1bb5ab18a77f5ad667c3c5ad850f5dae
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    84714 bb3ee107874ee4bd21957d4cdfc899cb
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    30832 cb960d90b91d2f2ae3c25cf66900531e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:   500806 402c337b801c3fd473efa6215ab057b4
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:   121060 9e80b92c79d823c227a1faa00744eefb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    62868 8fe8d18f0988fc58c6e42af1b4fd6cb7
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    49962 ff349f6dd6d4afd784b9313b60e08876
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    29724 81ed86ebcfd7e4bd2a45d9210e6e9618
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    81058 54d0183a7a4dc65672a543900b525cf6
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    30268 e420c028e3a64d063327fc28e3dd193b


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC3JbYW5ql+IAeqTIRAiyrAKCB65OIpGivYLfUyaCpkHmvWa9D8ACggqL8
AWLHBRnD1/fbdmwJX6Ow97c=
=vE9B
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 762-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
July 19th, 2005                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : affix
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2250 CAN-2005-2277
BugTraq ID     : 14230
Debian Bug     : 318327 318328

Kevin Finisterre discovered two problems in the Bluetooth FTP client
from affix, user space utilities for the Affix Bluetooth protocol
stack.  The Common Vulnerabilities and Exposures project identifies
the following vulnerabilities:

CAN-2005-2250

    A buffer overflow allows remote attackers to execute arbitrary
    code via a long filename in an OBEX file share.

CAN-2005-2277

    Missing input sanitising before executing shell commands allow an
    attacker to execute arbitrary commands as root.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in
version 2.1.1-2.

For the unstable distribution (sid) these problems have been fixed in
version 2.1.2-2.

We recommend that you upgrade your affix package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2.dsc
      Size/MD5 checksum:      669 bb24e5747a984193075e7ad2cde94bd2
    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2.diff.gz
      Size/MD5 checksum:    81326 c1e434ed0667a4e0f60d6e8f431fbc11
    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1.orig.tar.gz
      Size/MD5 checksum:   415816 34af8e6b1d20d99d01427f7da5c777ef

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_alpha.deb
      Size/MD5 checksum:   103006 d897078ef26ac210835785a60f63ba40
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_alpha.deb
      Size/MD5 checksum:    93410 d606fe680c82300c17f821ab0238517d
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_alpha.deb
      Size/MD5 checksum:    75560 50dd674ab6f58b456152bd65232ef486

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_arm.deb
      Size/MD5 checksum:    85840 47fe949ac3eaf11e40785d535df13de5
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_arm.deb
      Size/MD5 checksum:    69494 17cbdd22f998e972d6d3719509766f1c
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_arm.deb
      Size/MD5 checksum:    56790 a1f04650c5e0f086e95a3c90d87f0a14

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_i386.deb
      Size/MD5 checksum:    84860 7f5b869acb23ff4d03074e72c5848972
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_i386.deb
      Size/MD5 checksum:    63308 c6931e79eb3f8ab121a6211bcb09d71c
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_i386.deb
      Size/MD5 checksum:    59606 2b52f0d5ce8c700b50a2119c70e38330

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_ia64.deb
      Size/MD5 checksum:   122082 e674b494cc0738be0ca67fe58e6fd366
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_ia64.deb
      Size/MD5 checksum:    93876 40a4a3b972b76d84839b22ec0047a1de
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_ia64.deb
      Size/MD5 checksum:    83630 c5af3eee5c18f3783d306bfcf2e6a3cf

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_hppa.deb
      Size/MD5 checksum:    94884 f1fc0e6bd41671594f4ee434cad99505
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_hppa.deb
      Size/MD5 checksum:    76596 e1f3ed8b636875f9dfb744b71af2f172
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_hppa.deb
      Size/MD5 checksum:    68508 a3312999b8c7fea595e12a67b8d10640

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_m68k.deb
      Size/MD5 checksum:    79808 d2e87f6c2ccb4f8b47c863e0d487d80b
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_m68k.deb
      Size/MD5 checksum:    58412 b118a825ac9844a648fe576389b3900c
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_m68k.deb
      Size/MD5 checksum:    54900 6dea7ad75560dda0689e77b0325df561

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mips.deb
      Size/MD5 checksum:    97384 c29b563a1f965492e4a50fe0f563ae67
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_mips.deb
      Size/MD5 checksum:    76390 f0cc63d8b1cecdf0dc2947800e2f2452
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_mips.deb
      Size/MD5 checksum:    61332 ecb60a17b182d2a2324f329c5a7564da

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mipsel.deb
      Size/MD5 checksum:    97114 719915fc14b4892bc0f7bc5d5158cf46
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_mipsel.deb
      Size/MD5 checksum:    76264 af38e4dc83f10cce8d5cee6da728be1b
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_mipsel.deb
      Size/MD5 checksum:    60964 51af51daffb9106b7a882ac60ce603eb

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_powerpc.deb
      Size/MD5 checksum:    94696 b2ffdb13a801392080093183099f564d
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_powerpc.deb
      Size/MD5 checksum:    70040 3beda3ff644615921cb6f70670c0a712
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_powerpc.deb
      Size/MD5 checksum:    65412 a05f1b318e88ce0f152558ed6919632f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_s390.deb
      Size/MD5 checksum:    92346 bbb62a4e6378d311414ee0740e94b712
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_s390.deb
      Size/MD5 checksum:    72978 364b0841f0806b6cfdf4f1b10b3d270b
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_s390.deb
      Size/MD5 checksum:    66764 41c5dad2e40c6771b6179b5567b39681

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_sparc.deb
      Size/MD5 checksum:    84660 021fa0ec494ff7066f79ef40475ad5dd
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_sparc.deb
      Size/MD5 checksum:    66050 b450abbd6079f564c4c285eeec220434
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_sparc.deb
      Size/MD5 checksum:    57714 e09e4599c7bfc96493d0d6185d8c0ca0


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC3LZJW5ql+IAeqTIRAvIJAKCfkBt30ujIJ1iquSTZi18Dbb4VPQCgu5Qb
wnDST7zQnsC5v/OrpYR2uGU=
=1V9D
- -----END PGP SIGNATURE-----


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQt0He4pao72zK539AQGTuAP9Gwu4fYwnu5dmxMWdMQvUTii8UV/g4jpd
M8qKlva341GDK1CxxYejBcebPO6+nO77ktRjQwd3qBi56CKZj7jIzy4bMyjQDQSv
CxfWLc3KqsAn/MFwGzyAXVwWXqOd8cUKQiIsOm9z/m04QQSf9eiWIYVywXSEdToE
AZ3in9H2Hog=
=m2gv
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________