-
Committer:
Package Import Robot
-
Author(s):
Thijs Kinkhorst, curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high, curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low, curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high, libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high, nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high, nss (3.12.8-1+squeeze7) squeeze-security; urgency=high
-
Date:
2014-01-31 09:19:46 UTC
-
Revision ID:
package-import@ubuntu.com-20140131091946-z2j1eo8mxt7r703f
Tags: 20140131
* Packages updated
[ curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high ]
* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
http://curl.haxx.se/docs/adv_20140129.html
* Set urgency=high accordingly
[ curl (7.21.0-2.1+squeeze6) oldstable-security; urgency=low ]
* Disable host verification too when using the --insecure option
(#729965)
[ curl (7.21.0-2.1+squeeze5) oldstable-security; urgency=high ]
* Fix OpenSSL checking of a certificate CN or SAN name field when the
digital signature verification is turned off as per CVE-2013-4545
http://curl.haxx.se/docs/adv_20131115.html
* Set urgency=high accordingly
[ libxml2 (2.7.8.dfsg-2+squeeze8) oldstable-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Fix cve-2013-2877: out-of-bounds read when handling documents that end
abruptly.
[ nspr (4.8.6-1+squeeze1) squeeze-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-5607: integer overflow on 64 bit systems
[ nss (3.12.8-1+squeeze7) squeeze-security; urgency=high ]
* Non-maintainer upload by the Security Team.
* Add CVE-2013-5605.patch.
CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
remote attackers to cause a denial of service or possibly have
unspecified other impact via invalid handshake packets.