[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 267/06 - Four Debian Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 267/06 dated 06.04.06  Time: 13:25  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Debian Security Advisories:

1. DSA 1024-1 - New clamav packages fix several vulnerabilities

2. DSA 1025-1 - New dia packages fix arbitrary code execution

3. DSA 1026-1 - New sash packages fix potential arbitrary code execution

4. DSA 1027-1 - New mailman packages fix denial of service


Detail
====== 

1. Several remote vulnerabilities have been discovered in the ClamAV
anti-virus toolkit, which may lead to denial of service and potentially
to the execution of arbitrary code. 

2. "infamous41md" discovered three buffer overflow errors in the xfig
import code of dia, a diagram editor, that can lead to the execution
of arbitrary code.

3. Markus Oberhumer discovered a flaw in the way zlib, a library used for
file compression and decompression, handles invalid input. This flaw can
cause programs which use zlib to crash when opening an invalid file.
A further error in the way zlib handles the inflation of certain
compressed files can cause a program which uses zlib to crash when opening
an invalid file.

4. A potential denial of service problem has been discovered in mailman,
the web-based GNU mailing list manager.  The (failing) parsing of
messages with malformed mime multiparts sometimes caused the whole
mailing list to become inoperative. 




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1024-1                    security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
April 5th, 2006                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : clamav 
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1614 CVE-2006-1615 CVE-2006-1630

Several remote vulnerabilities have been discovered in the ClamAV
anti-virus toolkit, which may lead to denial of service and potentially
to the execution of arbitrary code. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2006-1614

    Damian Put discovered an integer overflow in the PE header parser.
    This is only exploitable if the ArchiveMaxFileSize option is disabled.

CVE-2006-1615

    Format string vulnerabilities in the logging code have been discovered,
    which might lead to the execution of arbitrary code.

CVE-2006-1630
    
    David Luyer discovered, that ClamAV can be tricked into an invalid
    memory access in the cli_bitset_set() function, which may lead to
    a denial of service.

The old stable distribution (woody) doesn't contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.8.

For the unstable distribution (sid) these problems have been fixed in
version 0.88.1-1.

We recommend that you upgrade your clamav package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.dsc
      Size/MD5 checksum:      872 ab3b8945329f3ead12e0bc4665a7b1c8
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.diff.gz
      Size/MD5 checksum:   175767 1c70e8d67a61d49a51ffd11e2574323b
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.8_all.deb
      Size/MD5 checksum:   154760 d5856a0d9cc9d79842e840417e6eddea
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.8_all.deb
      Size/MD5 checksum:   694302 0c2adbade7ac8834f17cd93b2bb2d04a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.8_all.deb
      Size/MD5 checksum:   123772 bb7b5e11599fbc3626561334a4cc3b41

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:    74762 8f4e4c084200e30791eb02cc82b94a7d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:    48838 87a9f130d2f8b196d2705d3f5f9652c9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:  2176362 a5d414c3933204fca40fdc65a631bf85
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:    42116 0dd5f21866df4fb3103eef16f699b63b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:   255666 ee3063a5b42e80426680a4d3a6548742
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:   285526 8b60096789652370a9c1eb23426de0fb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:    68836 759081eefaefe1fbbe20b54b32c731f9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:    44190 750a423f1cebbb0e307fcbbd20fa2a52
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:  2173214 2ba25c51303c97a105f8d38953bf3387
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:    40006 0456d63d7fb286a73036df807e0e1b9c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:   176430 3b2092a8a89d581692bd26ba4e249524
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:   259636 de8ff1433bfd159c83eaf40fcbb5a9c3

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:    63914 950154f957a11c66fc2c7528abe1f80c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:    39592 bc92d523a15df87c66df15165815f684
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:  2171222 91e209cec252cd6e3303dbb15e61f38c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:    37310 8de5836510b35692e52ad04ff7e99909
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:   174784 916270130f4ae7f8d19476e8ed2696bb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:   249626 6239b4680637783bc25da305a5840c97

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:    65186 075b0a1e041ef16465f747e8615478eb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:    40306 186f3f67d4e01eefa9bd4de61cbc7597
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:  2171576 447093a4486b108a86daa3b1fb05df01
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:    38028 a3b09e4e355290b59442c4f55a221fc6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:   159538 61d3a1e151a892a93ff59b5e32406e44
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:   254266 00e35cca8aa52ca3025881de3ee6b843

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:    81818 84308736db6948a227fee4d603d5e9c3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:    55238 5b0c1145c0c7df81cef8ef147d6a67fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:  2180132 15de24581d6bd4237cc6e629b8fe2129
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:    49192 6423e0364941f3fd5a0a94db3a41cbc0
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:   252030 2b27bb90564d6d11a1ab7433878cfe2a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:   317596 7194c5171e051cec740d3e26b8ac1921

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:    68280 fab75c3065bc0daef29c03de7eb95616
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:    43290 8fb3f438a608a015394dc63c2e2262b7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:  2173664 6ac357059b165b64597b4298f2eb7c53
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:    39452 22c7fc2ead648754db1280ed45382f0c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:   202622 60c9ecb6f7de4f23d81f3a60a6f86af8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:   283312 92eec506c9c9c6c3e75f0180c83d9700

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:    62522 caaba4e546fa8c4bed7c6f43004cb5ab
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:    38208 176ca281e6004227c266b31dc8ba8b47
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:  2170472 090cb28e973bde8ab2d44fdf348ea3ad
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:    35068 80e3b711fa0b3c7b6eb481b76bbc0c96
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:   146248 8f95efb7f3ac12667fedf66014107fcd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:   250348 2cf8b9fdfcdaaf51e9ea2e3695e6d0e4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:    67952 5576ba2f730b4a4e73c08d85956a0fe1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:    43782 b93619f9da106b1ecbfb405ee022c1ee
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:  2172990 85507c94a036d0c39fb1c645bb050512
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:    37678 5a8947a6f3c6ba9c7c307c0fd48050dc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:   195428 c8b23ed440bccb7d24fd809f96daad87
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:   257460 3538a15689317678f878c28b1ab89d38

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:    67556 0547466b220feec6a84bb78803604cde
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:    43580 524a0264d0a5fbb55ee3f97bec588a27
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:  2172940 8823057cd5d1aa1a0c2b1bbab22f0e37
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:    37962 cae611d3f09c245cb58e4605d9d59702
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:   191858 a0760438641ec43b77b19e2884c94e96
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:   255080 0e54a23a6c5ecf5c7a5a47772cda3c78

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:    69288 f057daede2d7b7123681918d177ce539
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:    44674 59aefa09eaf2445d8359f0e420602be6
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:  2173578 af9dec3e7e471453ec51bcf48ce266d8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:    38870 bf9fe9d09d8da16d71d29257b25c3831
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:   187656 71a796fc913828ce8533e26133dc5905
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:   264812 d1c3dd57001bda9bcd7e069d2d5fe4fb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:    67904 9b1b8122712a2dd196766ebf29b5489a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:    43576 0794d581c44455ab27f08d81e55603c4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:  2172900 d2ac57b7351650121ed6d3eb956e5ca4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:    38936 83eeff4b13a29ff65228c1b6a1ceb630
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:   182596 38d749ca8410825c236a506d5948a823
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:   269402 b23c60b45653f744ef38e397c1fd9dbc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:    64416 70a8646252c0d3e0b78c8a37b7e25ab5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:    39466 b68bca7161019ac2e2405973028ea710
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:  2171110 49331350eee02929c0616fb459ff6c2e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:    36844 11eb76ec82a9faf969d3de83cdc341c8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:   175778 a57ba409c803d60813cf2202a6ed46e1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:   264714 eb2ab58670f241fc3d712a2ad56d9f70

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENCN3Xm3vHE4uyloRAuEiAKDc1onOL69izdvTQFSfeBYlq9I8RwCdGWvF
oAnQjx2aTKwOqZgWZJ344nY=
=Bb/9
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1025-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 6th, 2006                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : dia
Vulnerability  : programming error
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CAN-2005-2966
BugTraq ID     : 15000

"infamous41md" discovered three buffer overflow errors in the xfig
import code of dia, a diagram editor, that can lead to the execution
of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 0.88.1-3woody1.

For the stable distribution (sarge) these problems have been fixed in
version 0.94.0-7sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 0.94.0-18.

We recommend that you upgrade your dia package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1.dsc
      Size/MD5 checksum:      705 25bc7ead9731e940217ec0d8c6342073
    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1.diff.gz
      Size/MD5 checksum:     7531 a5776c952860a8446c2203626aa0bf0f
    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1.orig.tar.gz
      Size/MD5 checksum:  1977789 a44e91b49893c374577c6b4d4d0e1ce6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_alpha.deb
      Size/MD5 checksum:   248694 fc8417f7cd8e42839aaf4916bb128c61
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_alpha.deb
      Size/MD5 checksum:   922288 b0cbcefda3672be682fcdc31b9f1378e
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_alpha.deb
      Size/MD5 checksum:   276128 775b9daae70d5f7f5cd102b4186f1b12

  ARM architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_arm.deb
      Size/MD5 checksum:   196784 52b07976ebe24548d8617c82e0726312
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_arm.deb
      Size/MD5 checksum:   841756 8d769c0d0ecc14c2fe547675c51eede6
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_arm.deb
      Size/MD5 checksum:   224634 c617e978a7bd2b593be0fb18486daad5

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_i386.deb
      Size/MD5 checksum:   192818 a01fe6b5b0bdbbebe4f7d586d72413b7
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_i386.deb
      Size/MD5 checksum:   836314 1346f382feaa78a7968121c6e7c84dce
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_i386.deb
      Size/MD5 checksum:   220812 760776c41d68af504ec92d40e57a4645

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_ia64.deb
      Size/MD5 checksum:   332036 ff6d825a12c99c3403c227329ab88989
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_ia64.deb
      Size/MD5 checksum:  1059798 b1bb7b20860fa6350d85a399ec07670e
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_ia64.deb
      Size/MD5 checksum:   359196 37ca623ab7e77db84ff951cfd7509646

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_hppa.deb
      Size/MD5 checksum:   241214 21d08cd8430e7c0112008954941ca409
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_hppa.deb
      Size/MD5 checksum:   968394 331a9cb181c6b08421ef7ec45e7ca3ce
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_hppa.deb
      Size/MD5 checksum:   268478 9663e846de981d683aa023a1b9332b8c

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_m68k.deb
      Size/MD5 checksum:   175720 5a591481f242ed1a7c85f392c5146c77
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_m68k.deb
      Size/MD5 checksum:   845420 7b8359c0a077e7f672cebd8e25216fcf
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_m68k.deb
      Size/MD5 checksum:   204494 6e60913b1b96fc66dcae516095bb52a0

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_mips.deb
      Size/MD5 checksum:   220454 9b6596e6b650979a467d66476ba15f61
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_mips.deb
      Size/MD5 checksum:   866998 68e98906280a334e7a59155bf20bf2f8
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_mips.deb
      Size/MD5 checksum:   249110 c9ed24c60dd5d0b822bba402f0b9fe6c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_mipsel.deb
      Size/MD5 checksum:   218560 b8df5cc203668bd05bc6f2dffe45b523
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_mipsel.deb
      Size/MD5 checksum:   860318 a2472760168bf9f2491d7ca13c9fa1cc
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_mipsel.deb
      Size/MD5 checksum:   247180 3c3f636259b343d0b7a0a55f8ad73e3e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_powerpc.deb
      Size/MD5 checksum:   205918 a2478681bd1584123a5aff3d256e2895
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_powerpc.deb
      Size/MD5 checksum:   879228 e55ef75f15286aa96adabc0df51f12e1
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_powerpc.deb
      Size/MD5 checksum:   233898 bbf7c7e2f9b70376c9c11aa7ae549093

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_s390.deb
      Size/MD5 checksum:   188678 b99aebc99030c404423457da5b29a000
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_s390.deb
      Size/MD5 checksum:   844896 bb6edbdf7aa5af5af786795645b668b5
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_s390.deb
      Size/MD5 checksum:   217290 8a980c14c7e0f68c37b2f9401e992581

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_sparc.deb
      Size/MD5 checksum:   198208 b5c58e88eaea2470df35c12296cb785f
    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_sparc.deb
      Size/MD5 checksum:   914668 f117d6c48fd070baedf957d8fad1f737
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_sparc.deb
      Size/MD5 checksum:   225454 dc7dee2327b5dda324053da22023589c


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3.dsc
      Size/MD5 checksum:     1409 3ed723296cf60c4858ffd0d4bab9721b
    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3.diff.gz
      Size/MD5 checksum:    17180 67e2ed96916a32bbdfe4747e05f084ff
    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5 checksum:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent components:

    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.94.0-7sarge3_all.deb
      Size/MD5 checksum:  2149752 00c9a9808842eaef293bdd0d15b40105

  Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_alpha.deb
      Size/MD5 checksum:   222996 9994f2344248138de956e2c01f9a5f2f
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_alpha.deb
      Size/MD5 checksum:   224514 1347b1bed4f75873639a7ee1016b36c3
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_alpha.deb
      Size/MD5 checksum:   730208 3e2ffff7de550eb64635d0e3060c5cf0

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_amd64.deb
      Size/MD5 checksum:   193578 dbfe2816deca9a26b364ddec69ddc76b
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_amd64.deb
      Size/MD5 checksum:   195250 caeb5d00d7c7e4faf9858be67e9f6dfd
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_amd64.deb
      Size/MD5 checksum:   659832 38319799e3f30bc485b3b89b358deb80

  ARM architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_arm.deb
      Size/MD5 checksum:   173158 0561b19f35dd9c25402fb1baca037630
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_arm.deb
      Size/MD5 checksum:   174612 ac33f6894c875712c0a33a44b3efc708
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_arm.deb
      Size/MD5 checksum:   552736 28ddf48809e2d69caf7b2037c8093945

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_i386.deb
      Size/MD5 checksum:   184456 111b85a4f6be3dbf38f9adba71bc7446
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_i386.deb
      Size/MD5 checksum:   185872 26adf8b7cb9198e8154f944494ad7612
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_i386.deb
      Size/MD5 checksum:   592386 322b3b24b21e4f7c397a29a79192aab4

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_ia64.deb
      Size/MD5 checksum:   263866 56f4792d297eedc2da125eadf7334e69
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_ia64.deb
      Size/MD5 checksum:   265178 db670961bc9518a3e613e35be39e70bd
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_ia64.deb
      Size/MD5 checksum:   920300 bb901138437409be5362f49dad52f5d8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_hppa.deb
      Size/MD5 checksum:   200820 e8dce5e36532dcf0c9adfbd7ba2c86a3
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_hppa.deb
      Size/MD5 checksum:   202316 2114720c71ad4d6826848e827f391d5a
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_hppa.deb
      Size/MD5 checksum:   775548 b9d7b39ebcb59bd86067eebb0467714b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_m68k.deb
      Size/MD5 checksum:   160798 2a017d853dbc389416235377cd9f7d6c
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_m68k.deb
      Size/MD5 checksum:   162508 6b9fe5b3cda16582eb7e81f8568b248f
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_m68k.deb
      Size/MD5 checksum:   583970 f0585aee8d0fdad663f74aebae6d1a77

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_mips.deb
      Size/MD5 checksum:   177796 78ee12d62228a84e075b1d25daace8b8
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_mips.deb
      Size/MD5 checksum:   179362 5e74e8737c9f375d72e9daf388693f21
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_mips.deb
      Size/MD5 checksum:   642862 789848f83bdb10566b4639136a1ad750

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_mipsel.deb
      Size/MD5 checksum:   176242 595077160d1fa3f8435a91dfb26a38f1
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_mipsel.deb
      Size/MD5 checksum:   177832 fc0bf115dcbcd7d3ff9a4347352fd056
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_mipsel.deb
      Size/MD5 checksum:   631362 29384b2fe2d2dc0e735aff69b34991fe

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_powerpc.deb
      Size/MD5 checksum:   183460 f49ff0e3ac6065767677a09d12591984
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_powerpc.deb
      Size/MD5 checksum:   184984 5092ff74d7adf15d9918c559e619d5da
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_powerpc.deb
      Size/MD5 checksum:   675290 5cea9bd0e5c1096bb21c682508bad107

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_s390.deb
      Size/MD5 checksum:   185382 4c892cb6cc56319e8b75fc93509147b9
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_s390.deb
      Size/MD5 checksum:   187180 3848d94df174826697a2aee9f61d6946
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_s390.deb
      Size/MD5 checksum:   649504 e7a830a1c3e812a803d2f0f05e5c8860

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_sparc.deb
      Size/MD5 checksum:   175432 d300ddd04829200367e0c559096d64b4
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_sparc.deb
      Size/MD5 checksum:   176858 c4a617d51711693a9849146ac4ca2a33
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_sparc.deb
      Size/MD5 checksum:   610986 1e790fb90a3b8458253b9428d3529b93


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENMBqW5ql+IAeqTIRAv2yAKCJ+YBoRn7J+sMMdAXXPDPdiNlf3QCfcVdu
XQ2MR/67+q7tNQpssJmaMYo=
=LCqG
- -----END PGP SIGNATURE-----



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1026-1                    security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
April 6th, 2006                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : sash
Vulnerability  : buffer overflows
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2005-1849 CVE-2005-2096
Debian Bug     : 318069

Markus Oberhumer discovered a flaw in the way zlib, a library used for
file compression and decompression, handles invalid input. This flaw can
cause programs which use zlib to crash when opening an invalid file.
A further error in the way zlib handles the inflation of certain
compressed files can cause a program which uses zlib to crash when opening
an invalid file.

sash, the stand-alone shell, links statically against zlib, and was
thus affected by these problems.

The old stable distribution (woody) isn't affected by these problems.

For the stable distribution (sarge) these problems have been fixed in
version 3.7-5sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 3.7-6.

We recommend that you upgrade your sash package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1.dsc
      Size/MD5 checksum:      626 76b6e1da964b13f658be8d47cb86f549
    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1.diff.gz
      Size/MD5 checksum:    12884 31311a323d287e90fc009a2df0fd4cfa
    http://security.debian.org/pool/updates/main/s/sash/sash_3.7.orig.tar.gz
      Size/MD5 checksum:    50337 ee7c7ed5aad76599974d016a6f201ef4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_alpha.deb
      Size/MD5 checksum:   351674 0fb668feb016efc21047949391198358

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_amd64.deb
      Size/MD5 checksum:   319266 fd8cf5fac1897887967da5d847732a1d

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_arm.deb
      Size/MD5 checksum:   275770 ac7639f8b71b102e6af2a8e80ab49160

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_i386.deb
      Size/MD5 checksum:   277712 d15fd151bdcc9cb4bd0369d62a6f7275

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_ia64.deb
      Size/MD5 checksum:   416856 f57b2aa2f43a79d7a3a79d7448365508

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_hppa.deb
      Size/MD5 checksum:   309870 00056dd6979b462d2e00dd8bc2b65c26

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_m68k.deb
      Size/MD5 checksum:   236548 5f1788608ab337aa5a33e158d7aecade

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_mips.deb
      Size/MD5 checksum:   308406 db784c2fa118ba8a39b83c953b258b0f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_mipsel.deb
      Size/MD5 checksum:   307280 6d62964036a56514f1cd31f8e9d36cfe

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_powerpc.deb
      Size/MD5 checksum:   300344 d5a1c9f92acbfd515d0e183af808ca56

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_s390.deb
      Size/MD5 checksum:   289972 9772185159d49f7a613074faf922d428

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_sparc.deb
      Size/MD5 checksum:   283338 486946909f328f524d03a001dba83f47

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENMPLXm3vHE4uyloRAkJaAKCt19xGD5mXz5ApgiSX21LkmCFltQCg5yoo
u2FQQBPfGYptBGpFbSwd5AE=
=4m40
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1027-1                    security@xxxxxxxxxx
http://www.debian.org/security/                                 Steve Kemp
April 6th, 2006                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : mailman
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-0052
Debian Bug     : 358892

A potential denial of service problem has been discovered in mailman,
the web-based GNU mailing list manager.  The (failing) parsing of
messages with malformed mime multiparts sometimes caused the whole
mailing list to become inoperative.

The old stable distribution (woody) is not vulnerable to this issue.

For the stable distribution (sarge) this problem has been fixed in
version 2.1.5-8sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your mailman package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2.dsc
      Size/MD5 checksum:      620 bf2fdfa6ffd09b04d6a3c4917e8eefce
    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2.diff.gz
      Size/MD5 checksum:   188902 8b4f00cc1255671b3d8c8a73ad56ec27
    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5 checksum:  5745912 f5f56f04747cd4aff67427e7a45631af

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_alpha.deb
      Size/MD5 checksum:  6612060 7f577c66301793e3b2d4b0832b090e9a

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_amd64.deb
      Size/MD5 checksum:  6610750 6631eca22c9ea6825c6623cd02eb8226

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_arm.deb
      Size/MD5 checksum:  6610244 59bb6a1b0f20deefaeeaae745ecb9f29

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_i386.deb
      Size/MD5 checksum:  6610408 20f508bdf5f84c90b861bb7b9559df38

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_ia64.deb
      Size/MD5 checksum:  6611982 3f3d0e6379951b1114021fc3551f6660

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_hppa.deb
      Size/MD5 checksum:  6617536 be4b2b54bcb2b562db0118b869bdc496

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_m68k.deb
      Size/MD5 checksum:  6617384 b1d4ec2daf233e7cb998fa2c70359dc5

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_mips.deb
      Size/MD5 checksum:  6661086 2f5a8c12f1d9ca0ce72c4f000cceaabc

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_mipsel.deb
      Size/MD5 checksum:  6652266 ad1d7eb8d4917c6e1cf1a702ab9df18c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_powerpc.deb
      Size/MD5 checksum:  6617542 0d77a04d425904aecefe71c6baf041c5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_s390.deb
      Size/MD5 checksum:  6617066 21989209d204a2de04e41a539a3bb897

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_sparc.deb
      Size/MD5 checksum:  6616308 8a3eba0fdc23135fded9f3ab13e6ed7b


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENM++W5ql+IAeqTIRAkbFAJ0TFu5QOhoLPhiKjA8Ul7qs7FECiQCbBiGo
39+MABOAZh+CRKnhIIWmTG0=
=2plz
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBRDUHropao72zK539AQFvVgQAj+QGy9BhZ5ilFKVyyRpAD3f1nrCX6/7c
lpGyLTSFb7yIzjla9BLQdcur9UmoWOFS2J7G0Qm/xVT+mcBS82ppKHURleiGZF44
CDztHAu85fpmz98wLa1fdyzq+toajMwkueZibB/QUY7t05C+sdp0oxlciygXWU/a
1uEpuuyVgu8=
=HWUr
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________