Message-Id: <email address hidden>
Date: Fri, 08 Oct 2004 10:47:03 -0400
From: Henrique de Moraes Holschuh <email address hidden>
To: <email address hidden>
Cc: Henrique de Moraes Holschuh <email address hidden>, Dima Barsky <email address hidden>
Subject: Fixed in NMU of cyrus-sasl2 2.1.19-1.2
tag 274087 + fixed
tag 275431 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Oct 2004 11:15:39 -0300
Source: cyrus-sasl2
Binary: libsasl2 libsasl2-modules-sql sasl2-bin libsasl2-modules libsasl2-dev libsasl2-modules-gssapi-heimdal libsasl2-modules-kerberos-heimdal
Architecture: source i386
Version: 2.1.19-1.2
Distribution: unstable
Urgency: high
Maintainer: Dima Barsky <email address hidden>
Changed-By: Henrique de Moraes Holschuh <email address hidden>
Description:
libsasl2 - Authentication abstraction library
libsasl2-dev - Development files for authentication abstraction library
libsasl2-modules - Pluggable Authentication Modules for SASL
libsasl2-modules-gssapi-heimdal - Pluggable Authentication Modules for SASL
libsasl2-modules-kerberos-heimdal - Pluggable Authentication Modules for SASL
libsasl2-modules-sql - Pluggable Authentication Modules for SASL
sasl2-bin - Programs for manipulating the SASL users database
Closes: 274087 275431
Changes:
cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high
.
* NMU, since I am not sure Dima is back yet
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431)
* upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES
* upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c,
plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
(closes: #274087)
Files:
3babd0a1794f1ad1e049315db5abc325 1062 devel important cyrus-sasl2_2.1.19-1.2.dsc
e489181f0ca74cace906efa79a2cbb8c 30654 devel important cyrus-sasl2_2.1.19-1.2.diff.gz
c3509401264b0939e7989fbb6ff67da5 112786 utils important sasl2-bin_2.1.19-1.2_i386.deb
b69a98c3039f0704f859ec28c9b75862 155828 libs important libsasl2-modules_2.1.19-1.2_i386.deb
0eeddbff8fee4a4b283b8c33710e8bc1 50992 libs optional libsasl2-modules-sql_2.1.19-1.2_i386.deb
82fd1fc5f09fb53a7d6a4af85dcb937f 53016 libs optional libsasl2-modules-gssapi-heimdal_2.1.19-1.2_i386.deb
4bbce17451309ff60819a4ea20fda7e9 52696 libs optional libsasl2-modules-kerberos-heimdal_2.1.19-1.2_i386.deb
8125b12a6cabff4e72b38bb04476d3e4 258138 libs important libsasl2_2.1.19-1.2_i386.deb
e825bd4e73049bd70dba004661880a8d 245878 libdevel optional libsasl2-dev_2.1.19-1.2_i386.deb
Message-Id: <email address hidden>
Date: Fri, 08 Oct 2004 10:47:03 -0400
From: Henrique de Moraes Holschuh <email address hidden>
To: <email address hidden>
Cc: Henrique de Moraes Holschuh <email address hidden>, Dima Barsky <email address hidden>
Subject: Fixed in NMU of cyrus-sasl2 2.1.19-1.2
tag 274087 + fixed
tag 275431 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7 modules- sql sasl2-bin libsasl2-modules libsasl2-dev libsasl2- modules- gssapi- heimdal libsasl2- modules- kerberos- heimdal modules- gssapi- heimdal - Pluggable Authentication Modules for SASL modules- kerberos- heimdal - Pluggable Authentication Modules for SASL modules- sql - Pluggable Authentication Modules for SASL kerberos4. c: document weirdness with openssl DES cram.c, plugins/ anonymous. c,plugins/ login.c, plain.c, plugins/ sasldb. c: Fixed several 64 bit portability d1e049315db5abc 325 1062 devel important cyrus-sasl2_ 2.1.19- 1.2.dsc ace906efa79a2cb b8c 30654 devel important cyrus-sasl2_ 2.1.19- 1.2.diff. gz 39e7989fbb6ff67 da5 112786 utils important sasl2-bin_ 2.1.19- 1.2_i386. deb 04f859ec28c9b75 862 155828 libs important libsasl2- modules_ 2.1.19- 1.2_i386. deb 4b283b8c33710e8 bc1 50992 libs optional libsasl2- modules- sql_2.1. 19-1.2_ i386.deb 3a7d6a4af85dcb9 37f 53016 libs optional libsasl2- modules- gssapi- heimdal_ 2.1.19- 1.2_i386. deb f60819a4ea20fda 7e9 52696 libs optional libsasl2- modules- kerberos- heimdal_ 2.1.19- 1.2_i386. deb 4e72b38bb04476d 3e4 258138 libs important libsasl2_ 2.1.19- 1.2_i386. deb d70dba004661880 a8d 245878 libdevel optional libsasl2- dev_2.1. 19-1.2_ i386.deb
Date: Fri, 8 Oct 2004 11:15:39 -0300
Source: cyrus-sasl2
Binary: libsasl2 libsasl2-
Architecture: source i386
Version: 2.1.19-1.2
Distribution: unstable
Urgency: high
Maintainer: Dima Barsky <email address hidden>
Changed-By: Henrique de Moraes Holschuh <email address hidden>
Description:
libsasl2 - Authentication abstraction library
libsasl2-dev - Development files for authentication abstraction library
libsasl2-modules - Pluggable Authentication Modules for SASL
libsasl2-
libsasl2-
libsasl2-
sasl2-bin - Programs for manipulating the SASL users database
Closes: 274087 275431
Changes:
cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high
.
* NMU, since I am not sure Dima is back yet
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431)
* upstream CVS: plugins/
* upstream CVS: plugins/
plugins/
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
(closes: #274087)
Files:
3babd0a1794f1a
e489181f0ca74c
c3509401264b09
b69a98c3039f07
0eeddbff8fee4a
82fd1fc5f09fb5
4bbce17451309f
8125b12a6cabff
e825bd4e73049b
-----BEGIN PGP SIGNATURE-----
ePxzbD+ MRAiJTAJ0TZ3h9x RTrDdjoY1ji840V pyQoOACfYFKZ tboFsKF8=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBZqX97iX
9R0pq3Zge7GGyTL
=P67P
-----END PGP SIGNATURE-----