headers
Andreas Barth | 1 Jun 14:38

debian-volatile: Service Update

Hi,

In the past few weeks, there have been a lot of improvements to the
debian-volatile service. As a couple of them are infrastructural
changes, please read this mail, especialy if you plan to upgrade to
Etch.

New suite "Etch" added
----------------------
We finally had the time to add a suite for Etch to volatile. During
these changes, we also archived woody, and upgraded to a newer version
of the archive scripts. If you notice some small hiccups, please just
warn us (best by mail to debian-volatile <at> lists.debian.org) so that we
can fix them. The changes include a different archive signing key, and
separate keys per suite.

New archive signing key for debian-volatile
-------------------------------------------
If you run sarge, nothing changed for you. The key should be 

pub   1024D/276981F4 2004-12-24 [expires: 2008-01-06] 
uid                  Volatile woody/sarge Archive Key <katie <at> volatile.debian.net>
uid                  Volatile Archive Key 2005 <katie <at> volatile.debian.net>

If you run Etch, you should add the following key to your apt-keyring:

pub   1024D/BBE55AB3 2007-03-31 [expires: 2010-03-30]
uid                  Debian-Volatile Archive Automatic Signing Key (4.0/etch)
sub   2048g/36CA98F3 2007-03-31 [expires: 2010-03-30]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Barth | 1 Jun 14:43

[VUA 32-1] Updated clamav package fixes security flaw

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 32-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org                              Andreas Barth
June 01st, 2007
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.90.3-0volatile1 and 0.90.3-1~volatile1
Importance           : high
CVE IDs              : CVE-2007-2650
                       3 further CVE IDs not yet assigned

The following security flaws were found and fixed in clamav:

[CVE-2007-2650]: libclamav/ole2_extract.c: detect block list loop
[CVE-2007-XXXX]: libclamav/unsp.c: fix end of buffer calculation
[CVE-2007-XXXX]: libclamav/unrar/unrar.c: heap corruption causing DoS with
                 corrupted rar archive, better handle truncated files
[CVE-2007-XXXX]: libclamav/others.c: tighten permissions on unpacked files

For sarge, an updated clamav package is available in sarge/volatile
as version 0.90.3-0volatile1. 

For etch, an updated clamav package is available in etch/volatile 
as version 0.90.3-1~volatile1.

We recommend that you update your system.

This advisory was sent out without builds for alpha, m68k, mips, mipsel
and sparc architectures being available. They will be released as soon
(Continue reading)

Permalink | Reply | 0 comments |

Gmane