Saturday, February 21, 2009

Security Update: git and libpng

Two security updates has been released today along with several other updated packages on -Current and -Stable. Here they are:
Fri Feb 20 17:20:49 CST 2009
a/cpio-2.9-i486-1.tgz: Upgraded to cpio-2.9.

ap/cdrtools-2.01.01a57-i486-2.tgz: Fixed build script to put the charset conversion tables in /usr/lib/siconv. Hopefully this will work correctly with k3b now. Thanks to Krasimir Kazakov for the bug report.

ap/sqlite-3.6.11-i486-1.tgz: Upgraded to sqlite-3.6.11.

d/git-1.6.1.3-i486-1.tgz: Upgraded to git-1.6.1.3.
This fixes a vulnerability where running git-diff or git-grep on a hostile git repository would result in the execution of arbirary code as the git user.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
(* Security fix *)

d/subversion-1.5.5-i486-1.tgz: Upgraded to subversion-1.5.5.

l/libpng-1.2.35-i486-1.tgz: Upgraded to libpng-1.2.35.
This fixes multiple memory-corruption vulnerabilities due to a failure to properly initialize data structures.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
(* Security fix *)

n/dnsmasq-2.47-i486-1.tgz: Upgraded to dnsmasq-2.47.

n/vsftpd-2.1.0-i486-1.tgz: Upgraded to vsftpd-2.1.0.

testing/packages/kde4/extragear/ktorrent-3.2-i486-1.tgz: Upgraded to ktorrent-3.2.