Saturday, February 21, 2009

Security Update: git and libpng

Two security updates has been released today along with several other updated packages on -Current and -Stable. Here they are:
Fri Feb 20 17:20:49 CST 2009
a/cpio-2.9-i486-1.tgz: Upgraded to cpio-2.9.

ap/cdrtools-2.01.01a57-i486-2.tgz: Fixed build script to put the charset conversion tables in /usr/lib/siconv. Hopefully this will work correctly with k3b now. Thanks to Krasimir Kazakov for the bug report.

ap/sqlite-3.6.11-i486-1.tgz: Upgraded to sqlite-3.6.11.

d/git- Upgraded to git-
This fixes a vulnerability where running git-diff or git-grep on a hostile git repository would result in the execution of arbirary code as the git user.
For more information, see:
(* Security fix *)

d/subversion-1.5.5-i486-1.tgz: Upgraded to subversion-1.5.5.

l/libpng-1.2.35-i486-1.tgz: Upgraded to libpng-1.2.35.
This fixes multiple memory-corruption vulnerabilities due to a failure to properly initialize data structures.
For more information, see:
(* Security fix *)

n/dnsmasq-2.47-i486-1.tgz: Upgraded to dnsmasq-2.47.

n/vsftpd-2.1.0-i486-1.tgz: Upgraded to vsftpd-2.1.0.

testing/packages/kde4/extragear/ktorrent-3.2-i486-1.tgz: Upgraded to ktorrent-3.2.