← Back to branch summary

~ubuntu-branches/debian/squeeze/ia32-libs/squeeze

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Thijs Kinkhorst, curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high, curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low, curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high, libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high, nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high, nss (3.12.8-1+squeeze7) squeeze-security; urgency=high
  • Date: 2014-01-31 09:19:46 UTC
  • Revision ID: package-import@ubuntu.com-20140131091946-z2j1eo8mxt7r703f
Tags: 20140131
* Packages updated

[ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]

* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
  http://curl.haxx.se/docs/adv_20140129.html
* Set urgency=high accordingly

[ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]

* Disable host verification too when using the --insecure option
  (#729965)

[ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]

* Fix OpenSSL checking of a certificate CN or SAN name field when the
  digital signature verification is turned off as per CVE-2013-4545
  http://curl.haxx.se/docs/adv_20131115.html
* Set urgency=high accordingly

[ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
  abruptly.

[ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems

[ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]

* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
  CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
  remote attackers to cause a denial of service or possibly have
  unspecified other impact via invalid handshake packets.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/changelog
 
1
ia32-libs (20140131) squeeze-proposed-updates; urgency=low
 
2
 
 
3
  * Packages updated
 
4
 
 
5
  [ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]
 
6
 
 
7
  * Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
 
8
    http://curl.haxx.se/docs/adv_20140129.html
 
9
  * Set urgency=high accordingly
 
10
 
 
11
  [ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]
 
12
 
 
13
  * Disable host verification too when using the --insecure option
 
14
    (#729965)
 
15
 
 
16
  [ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]
 
17
 
 
18
  * Fix OpenSSL checking of a certificate CN or SAN name field when the
 
19
    digital signature verification is turned off as per CVE-2013-4545
 
20
    http://curl.haxx.se/docs/adv_20131115.html
 
21
  * Set urgency=high accordingly
 
22
 
 
23
  [ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]
 
24
 
 
25
  * Non-maintainer upload by the Security Team.
 
26
  * Fix cve-2013-2877: out-of-bounds read when handling documents that end
 
27
    abruptly.
 
28
 
 
29
  [ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]
 
30
 
 
31
  * Non-maintainer upload by the Security Team.
 
32
  * Fix CVE-2013-5607: integer overflow on 64 bit systems
 
33
 
 
34
  [ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]
 
35
 
 
36
  * Non-maintainer upload by the Security Team.
 
37
  * Add CVE-2013-5605.patch.
 
38
    CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
 
39
    remote attackers to cause a denial of service or possibly have
 
40
    unspecified other impact via invalid handshake packets.
 
41
 
 
42
 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 31 Jan 2014 09:19:46 +0100
 
43
 
1
44
ia32-libs (20131011) squeeze-proposed-updates; urgency=low
2
45
 
3
46
  * Packages updated