« back to all changes in this revision
Viewing changes to srcs/nss_3.12.8-1+squeeze7.dsc
- Committer: Package Import Robot
- Date: 2014-01-31 09:19:46 UTC
- Revision ID: package-import@ubuntu.com-20140131091946-z2j1eo8mxt7r703f
* Packages updated
[ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]
* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
http://curl.haxx.se/docs/adv_20140129.html
* Set urgency=high accordingly
[ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]
* Disable host verification too when using the --insecure option
(#729965)
[ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]
* Fix OpenSSL checking of a certificate CN or SAN name field when the
digital signature verification is turned off as per CVE-2013-4545
http://curl.haxx.se/docs/adv_20131115.html
* Set urgency=high accordingly
[ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
abruptly.
[ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems
[ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
remote attackers to cause a denial of service or possibly have
unspecified other impact via invalid handshake packets.
[ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]
* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
http://curl.haxx.se/docs/adv_20140129.html
* Set urgency=high accordingly
[ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]
* Disable host verification too when using the --insecure option
(#729965)
[ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]
* Fix OpenSSL checking of a certificate CN or SAN name field when the
digital signature verification is turned off as per CVE-2013-4545
http://curl.haxx.se/docs/adv_20131115.html
* Set urgency=high accordingly
[ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
abruptly.
[ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems
[ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
remote attackers to cause a denial of service or possibly have
unspecified other impact via invalid handshake packets.
- files added:
- pkgs/libcurl3_7.21.0-2.1+squeeze7_i386.deb
- files removed:
- pkgs/libcurl3_7.21.0-2.1+squeeze4_i386.deb
- files modified:
- debian/changelog
added
removed
srcs/nss_3.12.8-1+squeeze7.dsc
