[guru] Debian biztonsagi frissitesek
DATE: Fri, 03 Oct 2008 00:38:11 +0200
Több buffer overflow hibát is találtak a git-core csomag programjaiban.
Az openssh signal kezelői nem csak async-signal-safe függvényeket
használnak, ami zombie sshd processzek felszaporodását és így a rendszer
DoS-olását eredményezi. Az etch-re backport-olt verzió nem volt megfelelő,
így újabb javítást adtak ki.
A twiki nem megfelelően ellenőrzi a konfigurációs script image paraméterét,
a támadó kódot futtathat vagy a webszerver felhasználó jogaival fájlokhoz
férhet hozzá.
A Django nevű python webes keretrendszer HTTP POST esetén cross site
request forgery hibát tartalmaz, ami a CSRF szűrésen is átcsúszik.
Több biztonsági hibát is találtak a phpMyAdmin csomagban: kód futtatási
lehetőség a script paraméterben, CSS hiba a setup script-ben, cross site
request forgery segítségével a támadó új adatbázisokat hozhat létre.
XSS hibát találtak a Horde MIME csatolmány fájlnevének kezelésekor.
Az előző wordnet csomag javítás hibás volt, újat adtak ki.
Az előző python-dns javítás hibásan kezelte az UTF-8 kódolt neveket,
most újabb javítást adtak ki.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1637-1 security@debian.org
http://www.debian.org/security/ Devin Carraway
September 15, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : git-core
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-3546
Debian Bug : 494097
Multiple vulnerabilities have been identified in git-core, the core of
the git distributed revision control system. Improper path length
limitations in git's diff and grep functions, in combination with
maliciously crafted repositories or changes, could enable a stack
buffer overflow and potentially the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies this
vulnerabilitiy as CVE-2008-3546.
For the stable distribution (etch), this problem has been fixed in
version 1.4.4.4-2.1+etch1.
For the unstable distribution (sid), this problem has been fixed in
version 1.5.6.5-1.
We recommend that you upgrade your git-core packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1.dsc
Size/MD5 checksum: 801 e1da32690d937c31112734e3a568a6b2
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
Size/MD5 checksum: 1054130 99bc7ea441226f792b6f796a838e7ef0
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1.diff.gz
Size/MD5 checksum: 80042 b10d0f2f899b73e92cc22fd0e7616f8a
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 68534 bc1c4be53e445eb2a9a1cba42410f85e
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 93752 fbbef80ad27745f79072bce3e5ae3a96
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 62850 dfaff5a7df0025792768a536fae519af
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 88008 b10f4275020e838c1fb1a1af6ccef056
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 55366 5b7be4b5951849b301d1faddf831dff8
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 466200 0a21d338c7741147ff36242abaf3b402
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 100590 990844afb17ba526bbffb49796497b6e
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-2.1+etch1_all.deb
Size/MD5 checksum: 99352 a2d4c126758efa9fa9a549e8736f80a3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_alpha.deb
Size/MD5 checksum: 3092536 10a91198e5606dc6b1f6037803389d53
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_amd64.deb
Size/MD5 checksum: 2627502 3fad9097fef2d907e66a28c9cb3f9684
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_arm.deb
Size/MD5 checksum: 2317560 de4bd89d3a608df2b1216f86cf0b8b53
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_hppa.deb
Size/MD5 checksum: 2692126 53c2bf7b21e779e94c34405201be7910
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_i386.deb
Size/MD5 checksum: 2330734 769253444bc1f266f706bc742bec86ee
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_ia64.deb
Size/MD5 checksum: 3813238 65d7e5064d427e425173653300a6b5c6
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_mips.deb
Size/MD5 checksum: 2784982 4cd7c71d0cb63880562ec56b9c30ba0f
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_mipsel.deb
Size/MD5 checksum: 2799604 8cedf2b70c763b893500a04d42ffa82d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_powerpc.deb
Size/MD5 checksum: 2636198 fe400a070ce9d89c60dc619334501d94
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_s390.deb
Size/MD5 checksum: 2620338 2c0192889678a8159a26c1f8c9d3a970
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_sparc.deb
Size/MD5 checksum: 2278862 cd969645dfe4fb36e457dabc3a5c7516
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIzg5eU5XKDemr/NIRAtskAKDb86DRKtjvC4xLal3kgdnQcL6GOQCfaKqO
8yxmorHwWyHkVLSsGB1WikQ=
=0rLf
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1638-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
September 16, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssh
Vulnerability : remote
Problem type : unsafe signal handler
Debian-specific: no
CVE Id(s) : CVE-2008-4109
Debian Bug : 498678
It has been discovered that the signal handler implementing the login
timeout in Debian's version of the OpenSSH server uses functions which
are not async-signal-safe, leading to a denial of service
vulnerability (CVE-2008-4109).
The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051),
but the patch backported to the version released with etch was
incorrect.
Systems affected by this issue suffer from lots of zombie sshd
processes. Processes stuck with a "[net]" process title have also been
observed. Over time, a sufficient number of processes may accumulate
such that further login attempts are impossible. Presence of these
processes does not indicate active exploitation of this vulnerability.
It is possible to trigger this denial of service condition by accident.
For the stable distribution (etch), this problem has been fixed in
version 4.3p2-9etch3.
For the unstable distribution (sid) and the testing distribution
(lenny), this problem has been fixed in version 4.6p1-1.
We recommend that you upgrade your openssh packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.diff.gz
Size/MD5 checksum: 275859 d36cb34826bb92eca24a9397369baee6
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.dsc
Size/MD5 checksum: 1310 1888a56e6050c8b8c2caf95e9da1db84
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch3_all.deb
Size/MD5 checksum: 91378 2748b67458de398e05e7c05227a0c612
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch3_all.deb
Size/MD5 checksum: 1052 f47a80d017cd3184bc981a38ced31ee8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_alpha.deb
Size/MD5 checksum: 782932 e7f3b896603dc1aebadb370d79ab90f5
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_alpha.deb
Size/MD5 checksum: 100580 8ed4b61e252f3080073134abae2a36cd
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_alpha.udeb
Size/MD5 checksum: 213712 9eb6b65f9292db607a4b2d6bf498c54f
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_alpha.deb
Size/MD5 checksum: 266512 81805fcb11c56d7252ecdf4a1e74d713
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_alpha.udeb
Size/MD5 checksum: 198516 d294a1db5f4257c4c58154bb160232f1
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_amd64.deb
Size/MD5 checksum: 710490 816deaa292a89d07a1d8b6ad196eb72d
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_amd64.deb
Size/MD5 checksum: 99976 05a863e6cd0aaced1cf8c774d7573274
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_amd64.udeb
Size/MD5 checksum: 183846 a9c89a870bb58463606ec8b736643144
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_amd64.deb
Size/MD5 checksum: 244368 9d0b3126c34e338b4f5216284518aea8
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_amd64.udeb
Size/MD5 checksum: 171380 2cf03617de7bd22ff03b85f8ca2b25f0
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_arm.deb
Size/MD5 checksum: 650726 a50736277f77d29a8cd59be5de31efe8
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_arm.deb
Size/MD5 checksum: 99754 bee5a81d4168699a324ff572d6e436d6
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_arm.udeb
Size/MD5 checksum: 164866 067f69be0283f3bb3cf697f4312d2bbb
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_arm.deb
Size/MD5 checksum: 218966 2a8dfbfc4e5abe2d333f20e123ad38ad
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_arm.udeb
Size/MD5 checksum: 171672 a0ce63abaee1e7cfbaf64e62dc8164b5
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_hppa.deb
Size/MD5 checksum: 732946 3177a89f68634880a3da10e054abe538
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_hppa.udeb
Size/MD5 checksum: 189606 92ce0ac13874e3ec7ef20e7d97221850
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_hppa.deb
Size/MD5 checksum: 249864 191165420d41b4ea84f7ae820a61dee1
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_hppa.udeb
Size/MD5 checksum: 198138 af0b7c29c951135595170b63251dd484
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_hppa.deb
Size/MD5 checksum: 100532 55db615aae32e2adf40dbe79b5fc7cf1
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_i386.deb
Size/MD5 checksum: 99766 5844bc9b9aebd6da32ceba7b80017dea
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_i386.udeb
Size/MD5 checksum: 162626 b8ce1b90a26b1097ddfc5fb8323dc1d3
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_i386.deb
Size/MD5 checksum: 223696 087b8d33303c197953ba2a9904345592
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_i386.udeb
Size/MD5 checksum: 154038 308a4f0d415532bfa7b3836d70aaf4ea
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_i386.deb
Size/MD5 checksum: 659992 df6bf6ae7a34e91d5677115bbdb01b73
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_ia64.deb
Size/MD5 checksum: 962182 49dc85d747e2a50d8e37b9c4e7428e6e
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_ia64.udeb
Size/MD5 checksum: 269904 bf013bd6ab07afab765d6ca84be21666
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_ia64.deb
Size/MD5 checksum: 338240 3fe40ae711c9c0c3689f5d8c50b70af7
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_ia64.deb
Size/MD5 checksum: 101440 c49ecbbdd0101c8a90fcc9d4b60ae1c8
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_ia64.udeb
Size/MD5 checksum: 251934 793c1d31b7a179a766ed57d6ad5649cf
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_mips.deb
Size/MD5 checksum: 732114 9ec13c1de7481000339c6f10ebb7f149
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_mips.udeb
Size/MD5 checksum: 191298 d190ada9fd3c0420d949126c02fa85da
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_mips.deb
Size/MD5 checksum: 251044 c97d6f7d9baf2b1678289e9e067ea4d4
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_mips.udeb
Size/MD5 checksum: 200554 028987ca5310b3fb2e6003ba385b2bd0
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_mips.deb
Size/MD5 checksum: 99996 f52e7996ddb5f7bff8d6ced65f82bd2d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_powerpc.udeb
Size/MD5 checksum: 168340 030a27c9ce4287f28669ba4a5af8247c
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_powerpc.deb
Size/MD5 checksum: 237020 3cde6fe4ab569ca83cc9616572be11ca
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_powerpc.udeb
Size/MD5 checksum: 173280 38bdde6d16b07399ba996dd66a6311ae
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_powerpc.deb
Size/MD5 checksum: 700832 6397ec69df1deb0c5e0bc4c58ffae141
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_powerpc.deb
Size/MD5 checksum: 101248 bfcd1a41ede062d9449f5be7eb7cd16f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_s390.deb
Size/MD5 checksum: 246734 9181c374dcb69441bd7ec030aadfb911
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_s390.udeb
Size/MD5 checksum: 188516 a3786ab0a693ddb4f81fdeeead01ec51
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_s390.deb
Size/MD5 checksum: 100226 73ec19e480b2e9b4c2809a04a77d27b9
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_s390.deb
Size/MD5 checksum: 725828 7ff9eafecb36d2147305e08289ca22a4
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_s390.udeb
Size/MD5 checksum: 196900 23c3164ff897157de7fdd6b334a39e95
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_sparc.deb
Size/MD5 checksum: 640266 7c833bcc2eb5a606be3bc4243313bc97
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_sparc.deb
Size/MD5 checksum: 218194 eceb87ee9c789edfae071afe782c3a5f
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_sparc.udeb
Size/MD5 checksum: 166716 869791f368a6de4cfc3ddd818be8c33f
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_sparc.deb
Size/MD5 checksum: 99714 8564652d41a2c1709c6d3794b241ddc5
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_sparc.udeb
Size/MD5 checksum: 158356 d2f2015c554f5f1cd918d07559f82ebd
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJI0Bl3AAoJEL97/wQC1SS+wIsIAJ91WnpBmk2Xkoyauc1ODZyL
KHOQ+NKy9DgjZ9GsHhPWQIcPbc1HjIbtsMhp+xDyZsM+f9e/+1lrqmqsGE4Nnyhj
YKFpnvD7d/wgUWvB/mc8znqL3iW0XNu71o5fgW2JQ8AE9R5erhcJqPijyV/Kakuw
ASlAtGIgJ7Z/8kExMiwM8eA9MAat6K4ISWDIHKXMegaUGsXQKU6THmZ5+ony3sBG
M8ur+hH70PFsWr/aj5dkqLl9sMQOp9u/FmodK//W3OOEKh5SUkbw5PYQ8qqHHMI3
4Nm9+R207pd3IM4kr7kiMdVzz7gE4doFxrgwkxVfKO2vbdwoZeY5HPMIBFgYjUM=
=GId6
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1639-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
September 19, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : twiki
Vulnerability : command execution
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3195
Debian Bug : 499534
It was discovered that twiki, a web based collaboration platform,
didn't properly sanitize the image parameter in its configuration script.
This could allow remote users to execute arbitrary commands upon the
system, or read any files which were readable by the webserver user.
For the stable distribution (etch), this problem has been fixed in version
1:4.0.5-9.1etch1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your twiki package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.dsc
Size/MD5 checksum: 657 402a4ba19643a0a537c9f790bd03c9d0
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5.orig.tar.gz
Size/MD5 checksum: 4264148 d984b90886c12601b76f51419bb5352b
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.diff.gz
Size/MD5 checksum: 40238 265511661493e751ffce5ba2b00c1555
Architecture independent packages:
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1_all.deb
Size/MD5 checksum: 4254028 cd6524136eca86aefb207cc86abce619
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFI0/xqwM/Gs81MDZ0RAuyxAKDkEOe+fr78WK0CUe56xuVypEmB2ACg097f
dvE1s1Hj/XgkcgG1Y4PDwno=
=hzuq
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1640-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python-django
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3909 CVE-2007-5712
Debian Bug : 497765 448838
Simon Willison discovered that in Django, a Python web framework, the
feature to retain HTTP POST data during user reauthentication allowed
a remote attacker to perform unauthorized modification of data through
cross site request forgery. The is possible regardless of the Django
plugin to prevent cross site request forgery being enabled. The Common
Vulnerabilities and Exposures project identifies this issue as
CVE-2008-3909.
In this update the affected feature is disabled; this is in accordance
with upstream's preferred solution for this situation.
This update takes the opportunity to also include a relatively minor
denial of service attack in the internationalisaton framework, known
as CVE-2007-5712.
For the stable distribution (etch), these problems have been fixed in
version 0.95.1-1etch2.
For the unstable distribution (sid), these problems have been fixed in
version 1.0-1.
We recommend that you upgrade your python-django package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2.dsc
Size/MD5 checksum: 940 62d31adf6a658ab089df66916148d2d8
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1.orig.tar.gz
Size/MD5 checksum: 1297839 07f09d8429916481e09e84fd01e97355
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2.diff.gz
Size/MD5 checksum: 8069 6e5e17af4148911137b1a8aebaa8096c
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2_all.deb
Size/MD5 checksum: 1025742 93417b16a120eada12b807b8372cc858
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSNT1Q2z0hbPcukPfAQLGLQgAsA4MuOT8zyDNY/lR4ONjr+t1eJr583er
u77Z3nn5zGn6DoOUEww7tRV04I2iMI+s2jAbFLcw8j3Q7U+AY3HXtJq0Tlk2Zyup
OKAZdiCNIYMR4gulWrs0MQG0cWePLvK5hjSL2Hmol651p288vVQ1k/CknCVX8j0s
L/l+fB1XhOCvF2Mk985iBT5ZVw9fpHHjiK+QVE3HEayGNHzEr9oTE/GEhIYv6SZ0
eIWzmNHVYmBuevMun7Hn31AqYe4WRAfza+AWryt8RnGCGOVLbRFJ2YO4zsNh+9Ps
p0GLXWM4JKqferyzZgwsl2/1sb7PdtWWgWynQbOSG/7NxsG5SyHDmA==
=1lGA
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1641-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : phpmyadmin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096
Several remote vulnerabilities have been discovered in phpMyAdmin, a
tool to administrate MySQL databases over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-4096
Remote authenticated users could execute arbitrary code on the
host running phpMyAdmin through manipulation of a script parameter.
CVE-2008-3457
Cross site scripting through the setup script was possible in
rare circumstances.
CVE-2008-3456
Protection has been added against remote websites loading phpMyAdmin
into a frameset.
CVE-2008-3197
Cross site request forgery allowed remote attackers to create a new
database, but not perform any other action on it.
For the stable distribution (etch), these problems have been fixed in
version 4:2.9.1.1-8.
For the unstable distribution (sid), these problems have been fixed in
version 4:2.11.8.1-2.
We recommend that you upgrade your phpmyadmin package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8.dsc
Size/MD5 checksum: 1011 37114453aaf82b81dce82755e64ec033
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8.diff.gz
Size/MD5 checksum: 54521 a5b37a0f2d161337cc2acd5653c42312
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
Size/MD5 checksum: 3500563 f598509b308bf96aee836eb2338f523c
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8_all.deb
Size/MD5 checksum: 3607794 01749fe13d966bba1c6394ff2c185204
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSNT3HWz0hbPcukPfAQIE0wf+In02iCbrhM9hSwsrRTPg5luM/SHZNlTw
TQ673K6gRq22vJilEXJAZU/O6z1fUBNmgS+xSuPBiowcKb3MXdC6CIpbbLDcviA/
SLXqdJeOVu3abuenze6iC8Xc3ovxAgP+1UUhZPjmReYFWoFd1LkL1UkFdLPc9E7/
mqprk/CD4SeWSlr0j6mENet1aqsgj7FyYKDBZDzoGqqkxUUFebhH+IWNvs3swSUN
DqVyFPWKJjWB4CBIHShJmWgOsyZ52iT1e4j2qpaTQybyvqccdRWz7FZiS0C7WuIs
CMzz50QirUu08eOmx5CCRSCr6FelPV1xIEtm9i/L5++neONs2cxXoQ==
=do4b
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1642-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : horde3
Vulnerability : cross site scripting
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3823
Will Drewry discovered that the Horde, allows remote attackers to send
an email with a crafted MIME attachment filename attribute to perform
cross site scripting.
For the stable distribution (etch), this problem has been fixed in
version 3.1.3-4etch4.
For the testing distribution (lenny), this problem has been fixed in
version 3.2.1+debian0-2+lenny1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your horde3 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.dsc
Size/MD5 checksum: 1076 2f84d0bcc79176fd975a2e33402c1a3f
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.diff.gz
Size/MD5 checksum: 13225 c1a2fd542348e7b1110dd76b3077620b
Architecture independent packages:
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4_all.deb
Size/MD5 checksum: 5259800 6a9bee45882c4613788e7f51648ca24b
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSNT4u2z0hbPcukPfAQK/rAf/Z8qAwKcdZ+VQHPckbh6Ak8AGVHXbmeT6
GoRogJ3TGYcTVO+SjgEoVQQDtoiEMQ+xGBV5Z1IHZW+ZlwTfVB1Ntp++R3fWXYb7
5EsbmKBXiUpQ3r/lsl1gccfGK5qrciIYxUDG9wo6IZEGWZGM3smiLUH56tD58PNU
xaDKmanHda1DaYJpkvwrLogDfnrBS+5ZLeAcEF5d9m7trKZbO1z4mY2p4ApiN5LM
2iyX3c6Oi3BgHo8w4/z1VhGlWtnorKL3uJ1CKjnExdmX1TpHdKjmVrTJZhVMkPVN
3tKAbCWVvUXePanLR5iERt/q35aCbWxD8hHrv6UjBsRh+Erjrhw0+w==
=+3XT
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1634-2 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wordnet
Vulnerability : stack and heap overflows
Problem type : local (remote)
Debian-specific: no
CVE id(s) : CVE-2008-2149
Debian Bug : 481186 498855
A regression was discovered in the original patch addressing this issue
for WordNet, which this update fixes. For reference the text of the
original advisory follows.
Rob Holland discovered several programming errors in WordNet, an
electronic lexical database of the English language. These flaws could
allow arbitrary code execution when used with untrusted input, for
example when WordNet is in use as a back end for a web application.
For the stable distribution (etch), these problems have been fixed in
version 1:2.1-4+etch2.
For the unstable distribution (sid), these problems have been fixed in
version 1:3.0-13.
We recommend that you upgrade your wordnet package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2.dsc
Size/MD5 checksum: 772 79778d56b18a02598ee5b6fd96ab08a3
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2.diff.gz
Size/MD5 checksum: 23138 e0c766b20c9b7a0af75d95ba45b450a1
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1.orig.tar.gz
Size/MD5 checksum: 6379385 95a6e8144254a92a5ea0e97771ef9d07
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-base_2.1-4+etch2_all.deb
Size/MD5 checksum: 8701512 4455bf81c9015708cb74eab60ccd2bcc
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-sense-index_2.1-4+etch2_all.deb
Size/MD5 checksum: 2242610 07c445b555abf08a505128392008f993
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_alpha.deb
Size/MD5 checksum: 109538 4803d423c191e9faa98384326c8d6d70
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_alpha.deb
Size/MD5 checksum: 80824 4dbf0d39d155acc639aea8483a08972b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_amd64.deb
Size/MD5 checksum: 65198 3cc2012ba668fd282398befb9afc1f32
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_amd64.deb
Size/MD5 checksum: 105098 176e4394cb71c2dde0f7a7f67b9d5698
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_arm.deb
Size/MD5 checksum: 100134 4dabf40eafe6254f8f9d16ae7ab4bcdc
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_arm.deb
Size/MD5 checksum: 61152 23f695939c47966390fccc29d8666d94
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_hppa.deb
Size/MD5 checksum: 69956 e32d6a37145ed84c9af98af9215a001e
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_hppa.deb
Size/MD5 checksum: 108402 2b7b1db48cde550ef290ea68518e7dd8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_i386.deb
Size/MD5 checksum: 63156 de49f05b5e9a08a2c4cd4cc9ec1f7f64
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_i386.deb
Size/MD5 checksum: 101844 cb8c045b1f98f009fe976fa46e3b88e8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_ia64.deb
Size/MD5 checksum: 119820 8ab8da0fa9022893263f77ef5b9f4dae
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_ia64.deb
Size/MD5 checksum: 83122 b728bb71e4557f34a8a57c06d4e7d075
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_mips.deb
Size/MD5 checksum: 105560 12a113044b150102f1f2503a2e03c082
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_mips.deb
Size/MD5 checksum: 73206 6e3ab13fbbdde8c87a3e74047438adfc
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_mipsel.deb
Size/MD5 checksum: 104772 2354e8d8dc3d328cad3fe07d5f477392
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_mipsel.deb
Size/MD5 checksum: 71744 4be1791f3df308f53002d8bd25e6fa9b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_powerpc.deb
Size/MD5 checksum: 69922 4d9e3c840edd6ab17d2b6821d3d7cc97
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_powerpc.deb
Size/MD5 checksum: 108874 9265e4f871c578b4327f125e666dce0b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_s390.deb
Size/MD5 checksum: 107146 6d8d4beb4358469c7b09acb4074d043d
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_s390.deb
Size/MD5 checksum: 65784 2da9f599826e67def06f5b5efba2b7dd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_sparc.deb
Size/MD5 checksum: 64894 418d78b3ff25b4402a4f5938672b7dbd
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_sparc.deb
Size/MD5 checksum: 102988 9041d53dab5cf6e39ebe4eed982df8d3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSNT532z0hbPcukPfAQJ4CAf/fDkPLHqRmkeQV2FXQQJRWwz95wbySHQ5
8K475ZAGfACUzHZvwk9RqjHGd62EYZrfvpNVmUp6LDIywhmlqqlxNl62LhX3t6sE
OfI0ecci76VXz+4mPbooxEqUVCz1pchm+EfkU4ZE8yBLcEEJkydQhwqIg3JgE9zn
miUm1V8jhYOe9r0vYYhN6H7gAN3/YHj11zDS8U4+DWB4OcOYpkLUFmjwOEZxdtL3
OYLIY3exQs9lU+aji/WO+jMbQZRh9KzwE4+AtciIZx6s+M3Gs17WFEYTxjjTCan4
XaTi6rodpUYZfJquonNdVDamAhCyMSdiQZq1irCsQ6+/Go9/ioDrmw==
=SMUD
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1619-2 security@debian.org
http://www.debian.org/security/ Devin Carraway
September 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python-dns
Vulnerability : DNS response spoofing
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1447
Debian Bug : 490217
In DSA-1619-1, an update was announced for DNS response spoofing
vulnerabilities in python-dns. The fix introduced a regression in the
library breaking the resolution of UTF-8 encoded record names. An
updated release is available which corrects this problem. For
reference, the original advisory text follows.
Multiple weaknesses have been identified in PyDNS, a DNS client
implementation for the Python language. Dan Kaminsky identified a
practical vector of DNS response spoofing and cache poisoning,
exploiting the limited entropy in a DNS transaction ID and lack of
UDP source port randomization in many DNS implementations. Scott
Kitterman noted that python-dns is vulnerable to this predictability,
as it randomizes neither its transaction ID nor its source port.
Taken together, this lack of entropy leaves applications using
python-dns to perform DNS queries highly susceptible to response
forgery.
The Common Vulnerabilities and Exposures project identifies this
class of weakness as CVE-2008-1447.
For the stable distribution (etch), these problems have been fixed in
version 2.3.0-5.2+etch2.
We recommend that you upgrade your python-dns package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch2.diff.gz
Size/MD5 checksum: 3807 4c9dceefe0dfc4ee933f3c9298764153
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0.orig.tar.gz
Size/MD5 checksum: 21084 82d377c6a59181072b30b0da4e9835b8
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch2.dsc
Size/MD5 checksum: 695 16b84a9d56bdd4baf5cdf1bf7e413521
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch2_all.deb
Size/MD5 checksum: 22972 59775332c3bb11b1408c83cf25b8e253
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI1zZ3U5XKDemr/NIRAj/fAKDW30OzI8426TLokTZohgj5GNBa3wCg36qG
5+lokOAioaVH2Y4vJsDYM8o=
=rINc
-----END PGP SIGNATURE-----
--- End Message ---