Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: opu
Hi RT,
In preparation of the upcoming Squeeze point release I've prepared updated
versions of ia32-libs and ia32-libs-gtk, as usual. The changelogs are below.
Is it ok to upload?
Cheers,
Thijs
ia32-libs (20140630) squeeze-proposed-updates; urgency=low
* Packages updated
[ cups (1.4.4-7+squeeze4) oldstable-security; urgency=high ]
* Backport security fix from cups-filters 1.0.47:
pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
arbitrary code execution with the privileges of the "lp" user via
malicious PDF files. Also restrict the directory from where OPVP drivers
can get loaded (#741333)
[ curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium ]
* Fix multiple security issues (#742728):
- Fix connection re-use when using different log-in credentials
as per CVE-2014-0138
http://curl.haxx.se/docs/adv_20140326A.html
- Reject IP address wildcard matches as per CVE-2014-0139
http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly
[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]
* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
certificate validation issue. CVE-2014-0092
-- Thijs Kinkhorst <[email protected]> Mon, 30 Jun 2014 13:45:39 +0200
ia32-libs-gtk (20140630) squeeze-proposed-updates; urgency=low
* Packages updated
[ pixman (0.16.4-1+deb6u1) squeeze-security; urgency=high ]
* pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT
Addresses CVE-2013-6425
-- Thijs Kinkhorst <[email protected]> Fri, 31 Jan 2014 11:18:31 +0100
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
