Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Debian Security vulnerabilities

February 2005

Debian Security vulnerabilities

ID: 00155
Ref: 139/2005
Date: 22 February 2005:14:02:25
Version: 1
Title: Debian Security vulnerabilities
Abstract: Descriptions of Debian vulnerabilities in in mailman, postgresql, typespeed, bidwatcher
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 674-3 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : mailman
Vulnerability : cross-site scripting, directory traversal
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1177 CAN-2005-0202

Due to an incompatibility between Python 1.5 and 2.1 the last mailman update did not run with Python 1.5 anymore. This problem is corrected with this update. This advisory only updates the packages updated with DSA 674-2. The version in unstable is not affected since it is not supposed to work with Python 1.5 anymore. For completeness below is the original advisory text:

Two security related problems have been discovered in mailman,
web-based GNU mailing list manager. The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2004-1177

Florian Weimer discovered a cross-site scripting vulnerability in
mailman's automatically generated error messages. An attacker
could craft an URL containing JavaScript (or other content
embedded into HTML) which triggered a mailman error page that
would include the malicious code verbatim.

CAN-2005-0202

Several listmasters have noticed unauthorised access to archives
of private lists and the list configuration itself, including the
users passwords. Administrators are advised to check the
webserver logfiles for requests that contain "/...../" and the
path to the archives or cofiguration. This does only seem to
affect installations running on web servers that do not strip
slashes, such as Apache 1.3.

For the stable distribution (woody) these problems have been fixed in version 2.0.11-1woody11.

We recommend that you upgrade your mailman package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.dsc
Size/MD5 checksum: 597 2bd1ff64a1bdaa6655656c5ec2b10db8
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.diff.gz
Size/MD5 checksum: 33161 6b4be5023a62ba488398a174bd9139fe
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz
Size/MD5 checksum: 415129 915264cb1ac8d7b78ea9eff3ba38ee04

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_alpha.deb
Size/MD5 checksum: 461712 8ccd3f0c5cf0791f885f5e0850e2d37c

ARM architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_arm.deb
Size/MD5 checksum: 459286 72cef07f59aa7cd0f0a77c26a3b7dc77

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_i386.deb
Size/MD5 checksum: 452438 3b7179c3d729f392d129d185cd3641db

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_ia64.deb
Size/MD5 checksum: 462256 34338a3fab74b3af221e89cffb0d7eb9

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_hppa.deb
Size/MD5 checksum: 459964 c772ec5f0b1274f7460d4336f7ec7dee

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_m68k.deb
Size/MD5 checksum: 459408 a6413a53de20e77e50b8403b18dadfa8

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_mips.deb
Size/MD5 checksum: 459984 ca6ac0ebd589bb1cf3b716ab3f6df8d2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_mipsel.deb
Size/MD5 checksum: 460088 b3b5426e9a88dd7ab43cf3160ef1a3e9

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_powerpc.deb
Size/MD5 checksum: 460248 db24ceb03ca9f678d1ec89eacc74694a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_s390.deb
Size/MD5 checksum: 460300 f51f741f3e1dfe80981e59e4fdc9b238

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_sparc.deb
Size/MD5 checksum: 465056 e140e8b13fbf54ecb25d9f4d50d9da44


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCGbf8W5ql+IAeqTIRAo9JAKCD0ut8FBMPjLyR6ny5LTnbKhbXfQCgkJD9
s80Hsthn4vlbG5Et9QjPC7c=
=a2/h
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 683-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 15th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : postgresql
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE IDs : CAN-2005-0245 CAN-2005-0247

Several buffer overflows have been discovered in PL/PgSQL as part of the PostgreSQL engine which could lead to the execution of arbitrary code.

For the stable distribution (woody) these problems have been fixed in version 7.2.1-2woody8.

For the unstable distribution (sid) these problems have been fixed in version 7.4.7-2.

We recommend that you upgrade your postgresql packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8.dsc
Size/MD5 checksum: 966 d4a2c0311749b876f6f8cc22038289e2
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8.diff.gz
Size/MD5 checksum: 120615 530bfcef7b85fe6da221c95fe222c852
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
Size/MD5 checksum: 9237680 d075e9c49135899645dff57bc58d6233

Architecture independent components:

http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody8_all.deb
Size/MD5 checksum: 2069670 1bf4b5b7f2711e4efa36880151fc24bd

Alpha architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 34802 b412685534d6774a6262870416518ea7
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 68764 def41f131067ae15e80ee3b9e5148f65
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 78040 3d719ec62a11f02205f57eadff14ff6d
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 67748 4a34eb3cc1774ba25e091b885f944b53
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 290372 e9a61698a5b698cf6a059b9e610f3411
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 425460 fee5452a125419cc39a4b5b1974dd2bf
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 1817274 92519cd5969004437fd2ec149140f1ec
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 319940 75acaf5ef86d2362f851ddf5918aca96
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 387604 8c1aaa630da56fd3f2d0a39eae2765ad
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 541264 459dab9286c3710de72751a983df9ef7
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_alpha.deb
Size/MD5 checksum: 65434 69c853e90b8213c9a9e50662e6411ec8

ARM architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 31900 c913966d0170207e19bc5ac955ce2e27
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 64910 cd34de8e8fe0c5b778b4a20f5601b05a
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 65752 2f3793f5f55b9f81aedb5dec71a4f99f
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 57976 26e63872c92df8ff0be687bef7cb05f1
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 234316 ff0712ecc0a84df3161413f6a0e31178
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 425632 a2a13e576824a00299c447ec44f7eea3
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 1600434 a856cc118e459f68227e82231dbc6ac4
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 285624 e45f81629e315c9f30c002cae8e7d663
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 341184 fa19e637fe18b1fbd18cc79c90dac1ef
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 511168 db1e5ac754673cb66fa2da69fb1f6a92
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_arm.deb
Size/MD5 checksum: 62684 c35acc4775b94a8e7bae5914c72f6d47

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 30968 1682a3299c2b75a788e666522a23c814
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 61664 a4a94cb1ea89b6f40dc21a6f6dd06b49
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 66276 4dc34046e8ef98054b35f526b2d8b6ab
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 54836 5f37ed094318ec8c18f044cedb82e295
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 202142 5a1c4efa11b40dc78ccc722225ee4f24
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 426522 4993bce996442d0da4e24ccb1ec71694
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 1554460 0ca6fc2c65ac4ab63360d1b50c4c70d2
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 281584 2a57aeac5d1da5d7c249b56f91dd74fd
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 328480 7903136dd2a962c2860725c900e3a8ef
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 498292 5d80bff4016138138952094c80c145aa
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_i386.deb
Size/MD5 checksum: 61770 93237d245dd81b4d5c070bccea66ffcf

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 39650 f69594da10e390e89848e417fc10fa4f
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 77524 de23bfdc2b738e322e32239331a8970f
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 90840 73a348937e49415602c0680242a5227b
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 77308 01fbe3520e37c68d4a45346c7b85e64b
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 333404 79be96b1704ce9e17aa9da75a65ce4d1
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 425444 30511fbdfd15d5efdfbc81c2581e4b01
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 2093210 561bf768519c684a331b9d514b551023
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 363686 17a7339200ce40aea16189d9cbca4a70
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 434908 852ea8acaae71f48a5ee9acfd66ea6fc
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 555282 97996ae93a665dfae9cf8a2f787b7174
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_ia64.deb
Size/MD5 checksum: 71332 5abc8f8ae02ea9faaf87ae97eb371193

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 34130 29605f9520c9026004babc1a009ae7a1
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 70742 ecf1ffc13f35a5973580f5e16dca9b18
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 77274 1da8955209e3602f116b67e3daf8e800
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 65966 d08701e1b27e7238b3ae9ab96fbdffe4
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 254910 b0b958f79f47076f754550a1cc4fb476
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 425612 dcb57cdfab9f70179f776a6854c87d42
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 1826464 bb9330cd346abe7902980f65091359de
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 304938 bc5612b62c4a2cbcfffc8355dc0099c7
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 372308 28fb0415d8f45daeda2a6b1b27c81083
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 524440 99b3d8e0974202591aa3416ad40816cb
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_hppa.deb
Size/MD5 checksum: 66502 dee6fd24194876f6c88dddfc9d3ad306

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 30802 9f644ffed633065990d6de07af5238e7
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 63262 5506b71797c8210362c63d5473ec62df
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 65884 cab66990426a2009ca5c0f600a76694c
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 55024 c0bbf8050d03bd602b62c336b338883a
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 187718 1e6ca320fddfba90078c82a6f160db4e
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 425712 68ba215eaa737141055c3b0e442071be
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 1583932 e0cc73b36eca938793007a3b26e84d86
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 270154 f975145555d8f045190e384b01df14c9
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 325436 3b54bd0850225fd6a36351f5772fb007
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 490144 68fd09da2dd077f1e5f30095e9b52476
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_m68k.deb
Size/MD5 checksum: 62506 8bbd6c5d71d4ca6a52cf6ec33dc55214

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 31264 cb5c636aca0e3659ef8edc0ebb760a19
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 59270 079e6c6402d4ee85868e2f0dc260d42a
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 65522 86deb1988dc9802dcd051b43fd3f1c6e
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 59382 06a50008fc190a0b4d3f84f78995e015
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 237574 a5c71e182d095bb96856489b8f1cf082
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 425682 5c92cb84583fcf313425c9a58dea9f83
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 1751004 0c7c254ea8cec35ac9be1b17b8d48ffb
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 294392 3cae1c91c52da1eb7a269b234ca66e4b
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 344098 b122316c8a2cb3d68ed57bf197f84d2e
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 515688 de46f1282ed5f11890dffdcd110093f9
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_mips.deb
Size/MD5 checksum: 61794 8d3bb00fc58241680ca3acf6e6ae6cea

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 31272 21b679efde2078f5f81fc026412a98c3
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 59018 2238a2413e7f2fa7e35872b5d75d2de3
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 65112 78ff31b4f46a6b8b0c16f9a4c4fe9d52
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 59316 caa3be5d90de0d0e5cb444270df3dd2a
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 237978 3e4a3566553feaf89ba5b9696db45a2b
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 425642 59061e36b04fc35d5e83a99b27ea6194
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 1662586 bfccb4377def44e2154b49f72a0250da
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 294726 4f5f2c81b89ebb05e8a6d13920814c48
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 343854 d3770ada61a0a7eeeffb431fd30ece44
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 512992 3704c957cd4f1a4b2af9167ee1d3975a
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_mipsel.deb
Size/MD5 checksum: 61756 d2d8ca618da849f8caa26ca4ddf9630a

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 32638 f265ebdd0cc0632b6b235fe1a343a5e0
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 69692 0769b917b6735fee10066099954c18ad
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 67726 bf35313e0db194e8284fa65f8570d295
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 57250 08b836c73dc00a1a1095106d61a7c61e
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 243138 00f2791b1f289bddb1b69c16ed851c56
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 425468 418cac90c2ae5da3f7832d1fc971ffec
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 1701098 87ffcc4e822603d35aae07816d711816
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 288740 0c8e185593df1169887e39ae591ee894
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 342142 0d27af61834bf9834d9cd3a337ffd64b
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 511328 a733e169d84fc3c63cbca3f0d428c762
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_powerpc.deb
Size/MD5 checksum: 62626 19c0660f6daa96cfb75ebc279d37c6c3

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 31542 e41ba2f776e9d5190e420ef1819836dc
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 64100 88597686e78b43f65c06adccb3dd0a68
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 68338 a9da5f084b636f82e51366789b981d23
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 56510 133ea519128490277f117b65fe7df681
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 214856 b9f4257d85ecc93c6679b75f4ff79593
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 425486 a2822cb5ee1d452df5cd83aa1d024d16
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 1669472 47d1c05ea009cbf6735719f7543cb62b
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 284502 f6ddd8d1cbb2b96dac5f3908f9156356
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 347172 2481686c9542ae89904b01d15d0e5b8a
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 502284 f14563130b1665ff9e2d5dd77828d596
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_s390.deb
Size/MD5 checksum: 63120 4f3dcc1e7a125faac0345878a10942c8

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 31224 4cfd13e0a0a7ffd2130d8d2c59a4231e
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 64900 8e173f3fb59d05c7e3c09f334ca4801f
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 68474 b47d3ec99048af40e0fd70a6ad3dfbdd
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 55348 27bb3a34c1ef367daad54deab1294c9e
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 232904 ba3283469f3aefe1da3cab2498be2122
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 425514 d19e08e82966f652eb95b3c12a90202e
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 1672056 e2dd0c17c4d349e02d2d0fe1cc3aa8ca
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 289146 97800fc500df6dc0fb79ce56a8ce32b0
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 371450 0201925279f540de1ebba8126f46c506
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 502430 afdee51b834c8f6f1fa63e7ce8125478
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_sparc.deb
Size/MD5 checksum: 62682 e0e47123d47f4b7aae4a0e50bf329105


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCEh1MW5ql+IAeqTIRAg9DAJ4jahqS4+5ap9dYqZJZXzwlpTq4wwCgrMvf
AI8DcyabJxnumlb6dyFq6CU=
=O+VR
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 684-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 16th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : typespeed
Vulnerability : format string
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0105

Ulf Härnhammar from the Debian Security Audit Project discovered a problem in typespeed, a touch-typist trainer disguised as game. This could lead to a local attacker executing arbitrary code as group games.

For the stable distribution (woody) this problem has been fixed in version 0.4.1-2.3.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your typespeed package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3.dsc
Size/MD5 checksum: 575 70ebea5828757f0c963a27e2d87d8515
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3.diff.gz
Size/MD5 checksum: 8457 78235ab890462e83f9c2779d0882e329
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
Size/MD5 checksum: 35492 0af9809cd20bd9010732ced930090f32

Alpha architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_alpha.deb
Size/MD5 checksum: 44486 81d20c78d05fd028c5d40a77fc09923d

ARM architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_arm.deb
Size/MD5 checksum: 39164 5eedf595ec3b9714e1c7de731f34e5a1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_i386.deb
Size/MD5 checksum: 38852 96e8651b24c5cbc48bfb21ed4e8196d4

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_ia64.deb
Size/MD5 checksum: 50122 d422760c9350d78d2b30a933a2b25df0

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_hppa.deb
Size/MD5 checksum: 42064 0123e88f6b81d9d95f43d06a73e015b6

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_m68k.deb
Size/MD5 checksum: 37570 8052b9b8e45dbba90b946eb76d8625fa

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_mips.deb
Size/MD5 checksum: 41224 897c4771e1cd215e178cb4cc922ede0a

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_mipsel.deb
Size/MD5 checksum: 41250 0972a4ec92ec47bb4cd81e10a9255bee

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_powerpc.deb
Size/MD5 checksum: 41408 0e3c124090e9f410fe82751214c68cdd

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_s390.deb
Size/MD5 checksum: 38994 0b9306e15ab0afa697ad9aca5fd799e7

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_sparc.deb
Size/MD5 checksum: 43140 e7f9fbb0dc02dadf975a4f22a0fadc94


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCEzNwW5ql+IAeqTIRAkbYAJ9Bjy8vBHnpgtcNmZmizYYmUhhDGQCcDnTC
EYvRN6r1hUTqQ1H86RNokEI=
=zlYF
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 687-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 18th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : bidwatcher
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0158

Ulf Härnhammar from the Debian Security Audit Project discovered a format string vulnerability in bidwatcher, a tool for watching and bidding on eBay auctions. This problem can be triggered remotely by a web server of eBay, or someone pretending to be eBay, sending certain data back. As of version 1.3.17 the program uses cURL and is not vulnerable anymore.

For the stable distribution (woody) this problem has been fixed in version 1.3.3-1woody1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your bidwatcher package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.dsc
Size/MD5 checksum: 637 2a65bc6cbed81466721793318948aed4
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.diff.gz
Size/MD5 checksum: 3368 b36c63ae2e6a5c42bb13c506f980e1ba
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3.orig.tar.gz
Size/MD5 checksum: 136679 2094c233fa21c80f65d5dce1bf4fb133

Alpha architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_alpha.deb
Size/MD5 checksum: 95574 dc1f1c5581af8526fe916ea0246fec8e

ARM architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_arm.deb
Size/MD5 checksum: 85060 6dff37d2dbb68c869553b4008b47f7df

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_i386.deb
Size/MD5 checksum: 82152 49d709d2f5a81dcfd8b462d60af5218b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_ia64.deb
Size/MD5 checksum: 103978 874237be875f51817240c7ce79a96732

HP Precision architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_hppa.deb
Size/MD5 checksum: 109292 b164a9dc42b40a2eda85896dfec8d310

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_m68k.deb
Size/MD5 checksum: 79942 7d101eb867927c88d5ec2fd127494497

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mips.deb
Size/MD5 checksum: 81562 f0f65a2f84feef4dc4afa5cb82126350

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mipsel.deb
Size/MD5 checksum: 80606 1e2786878f126a90e26c6894d44f7d35

PowerPC architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_powerpc.deb
Size/MD5 checksum: 81478 19128bd956597ed8ed7c6780b09ee15d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_s390.deb
Size/MD5 checksum: 80902 d4d892f6ffb796106bdcb09c8ed3181a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_sparc.deb
Size/MD5 checksum: 80802 d5882fbca7b6a7b2205a1fb8b5c76112


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCFh7aW5ql+IAeqTIRAjjLAJ41DHcqCxgorvj2YOZQ1THak4eaKgCdFwoy
U2Lv4hX+dt2oYYG8depUris=
=sKEt
- -----END PGP SIGNATURE-----


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |