1
ia32-libs (20140131) squeeze-proposed-updates; urgency=low
5
[ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]
7
* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
8
http://curl.haxx.se/docs/adv_20140129.html
9
* Set urgency=high accordingly
11
[ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]
13
* Disable host verification too when using the --insecure option
16
[ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]
18
* Fix OpenSSL checking of a certificate CN or SAN name field when the
19
digital signature verification is turned off as per CVE-2013-4545
20
http://curl.haxx.se/docs/adv_20131115.html
21
* Set urgency=high accordingly
23
[ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]
25
* Non-maintainer upload by the Security Team.
26
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
29
[ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]
31
* Non-maintainer upload by the Security Team.
32
* Fix CVE-2013-5607: integer overflow on 64 bit systems
34
[ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]
36
* Non-maintainer upload by the Security Team.
37
* Add CVE-2013-5605.patch.
38
CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
39
remote attackers to cause a denial of service or possibly have
40
unspecified other impact via invalid handshake packets.
42
-- Thijs Kinkhorst <thijs@debian.org> Fri, 31 Jan 2014 09:19:46 +0100
1
44
ia32-libs (20131011) squeeze-proposed-updates; urgency=low