-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 Aug 2013 00:40:42 +0100 Source: nas Binary: libaudio2 nas libaudio-dev nas-bin nas-doc Architecture: ia64 Version: 1.9.3-5wheezy1 Distribution: wheezy-security Urgency: high Maintainer: ia64 Build Daemon (mundy) Changed-By: Steve McIntyre <93sam@debian.org> Description: libaudio-dev - Network Audio System - development files libaudio2 - Network Audio System - shared libraries nas - Network Audio System - local server nas-bin - Network Audio System - client binaries nas-doc - Network Audio System - extra documentation Closes: 720287 Changes: nas (1.9.3-5wheezy1) stable-security; urgency=high . * Fixes for various long-standing security issues found by Hamid Zamani . Closes: #720287 + Validate the port offset of nasd to fix a potential buffer overflow (CVE-2013-4256) + Use better string functions to guard against heap overflows (CVE-2013-4257) + Sanity-check the TCP_DEVICE environment variable to remove a format string bug (CVE-2013-4258) Checksums-Sha1: d95422497a5695784c4c3fd2b17c0919b179c2b6 159736 nas_1.9.3-5wheezy1_ia64.deb 11e87fa19f0e15815efad9e6210e90bdb3bc3329 227308 nas-bin_1.9.3-5wheezy1_ia64.deb 72998261718cac8af8a04f8f5cbbcf7d0e5b37a1 110748 libaudio2_1.9.3-5wheezy1_ia64.deb 192ce3814155fe4d2ba7d608ec745110877e59ca 601758 libaudio-dev_1.9.3-5wheezy1_ia64.deb Checksums-Sha256: 006caa9e11b175764f039d965736e2d19ee14c5777fe3519820fd5ee8511bec8 159736 nas_1.9.3-5wheezy1_ia64.deb 3b0a25f180e0b548323a2eadf9f97423c57e0385bea950e4de3adb6e31eb694c 227308 nas-bin_1.9.3-5wheezy1_ia64.deb 43ca67fe850d17668643a34c8d1d1650cb0bb5874c3e40b1655d92ef89eacaa9 110748 libaudio2_1.9.3-5wheezy1_ia64.deb 184888bc8ca7f1e516fe116db806eeb5ada67e47f66fe6534ef5844017d3d34f 601758 libaudio-dev_1.9.3-5wheezy1_ia64.deb Files: 0e817b8deae54eb29a47ed17d07fc041 159736 sound optional nas_1.9.3-5wheezy1_ia64.deb 5c9cfea45baab806f7f7068725079036 227308 sound extra nas-bin_1.9.3-5wheezy1_ia64.deb f62bc8c7f4f09aa7deff7299d589e1d2 110748 libs optional libaudio2_1.9.3-5wheezy1_ia64.deb 07f743e0668aab2f8622f005a99e6b62 601758 libdevel optional libaudio-dev_1.9.3-5wheezy1_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSVFfUAAoJEPxZc8HvAKuyj3gP/jy8kNu/G7gLerf4DAcCnU1A rAovnllB0aKZXykBidKtBKdgQUzge4vx3wm4xuVj7lM8PYGcsT8kTp1xFLRUGz8j Mfzo+OExSh1pjPoXWG6AT2l0nFPdeTDwyi1K10pSzmQNE5Z1v8Gq6iUdNcJYAvn/ AeO3stV2ewqYjnr0CRH272GzdCqx3o7S6MSCnyInkik8XZPdrA6r4Vjcjm+cuBh9 rQGtdNqxHnM5i9ZJE4n1mmqujmyLvUMzLc0ARZTg9RkVFt7Y1f4Jc7dZw69Evkce s8+F01AzTZkGYfbvi7sHUrGIsaHMTLL/fQ4WlkSbmG+eLbeA2oSP4PXNgrP9RASe OY5JfjR02m9xnHqDyTyeZsPcP/ICUY9Zy6maW5MdjIPTciumjkk6i1YoK7TgMnlB XACzHYnLZ6ysHQZb6Pf8EN4jjkzMDn77aKlT8v5ohAo6vLgBMfjkuQz6ECWNpcAG OcY+QaDB0DWdb2uJ1MW74Mx/Im+eH2LSELymd1twCak1kM3YTE1jk7mBGYD9+mBo RA/Rex+TI76jh5S9HPaKlH4Mjivb4VNR1jLwHIF1E70le0ZFWHGLdg80BcYj6Hte YO3yWzPyA+CR8X0TMOSGwys3A1EM6r6YVLNoKHw+8zjMj99tWLYARoWxHWbqbq0g eXe6MRBdycgALELRtdRD =EnTp -----END PGP SIGNATURE-----