~ubuntu-branches/debian/squeeze/ia32-libs/squeeze

Viewing all changes in revision 23.

  • Committer: Package Import Robot
  • Author(s): Thijs Kinkhorst, cups (1.4.4-7+squeeze4) oldstable-security; urgency=high, curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium, gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high
  • Date: 2014-06-30 13:45:39 UTC
  • Revision ID: package-import@ubuntu.com-20140630134539-c552yd621pj8016r
Tags: 20140630
* Packages updated

[ cups (1.4.4-7+squeeze4) oldstable-security; urgency=high ]

* Backport security fix from cups-filters 1.0.47:
  pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
  CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
  arbitrary code execution with the privileges of the "lp" user via
  malicious PDF files. Also restrict the directory from where OPVP drivers
  can get loaded (#741333)

[ curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium ]

* Fix multiple security issues (#742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]

* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
  certificate validation issue. CVE-2014-0092

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: