-
Committer:
Package Import Robot
-
Author(s):
Thijs Kinkhorst, cups (1.4.4-7+squeeze4) oldstable-security; urgency=high, curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium, gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high
-
Date:
2014-06-30 13:45:39 UTC
-
Revision ID:
package-import@ubuntu.com-20140630134539-c552yd621pj8016r
Tags: 20140630
* Packages updated
[ cups (1.4.4-7+squeeze4) oldstable-security; urgency=high ]
* Backport security fix from cups-filters 1.0.47:
pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
arbitrary code execution with the privileges of the "lp" user via
malicious PDF files. Also restrict the directory from where OPVP drivers
can get loaded (#741333)
[ curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium ]
* Fix multiple security issues (#742728):
- Fix connection re-use when using different log-in credentials
as per CVE-2014-0138
http://curl.haxx.se/docs/adv_20140326A.html
- Reject IP address wildcard matches as per CVE-2014-0139
http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly
[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]
* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
certificate validation issue. CVE-2014-0092