-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.6
Date: Fri, 17 Jan 2003 13:50:33 -0500
Source: cupsys
Binary: cupsys-bsd libcupsys1 cupsys libcupsys1-dev
Architecture: m68k
Version: 1.0.4-12.1
Distribution: oldstable-security
Urgency: high
Maintainer: Debian/m68k buildd <buildd@thing2.marenka.net>
Description: 
 cupsys     - Common UNIX Printing System(tm) - base
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 libcupsys1 - Common UNIX Printing System(tm) - libs
 libcupsys1-dev - Common UNIX Printing System(tm) - development files
Changes: 
 cupsys (1.0.4-12.1) oldstable-security; urgency=high
 .
   * Security team NMU
   * Fix bugs reported in iDEFENSE advisory
     http://www.idefense.com/advisory/12.19.02.txt
     - [issue 1] patch integer overflows in image handling code
       (filter/image-*.c)
     - [issue 2] not applicable to this version
     - [issue 3] check for invalid URIs in browse packets
       (scheduler/dirsvc.c)
     - [issue 4] protect against negative length memcpy calls
       (scheduler/client.c, cups/http.c)
     - [issue 5] fix unsafe strncat calls
       (scheduler/job.c)
     - [issue 6] add check for zero-{width,height} GIF image
       (filter/image-gif.c)
     - [issue 7] detect errors and close file descriptors appropriately
       (scheduler/client.c)
   * Fix other instances of incorrect strncat usage
     (scheduler/client.c, scheduler/dirsvc.c,
      scheduler/log.c)
   * Include additional fixes from Debian maintainer, Jeff Licquia
     <licquia@debian.org>
     - Recover from file descriptor DoS more gracefully
     - Fix from upstream to return status indicating whether
       CloseClient was called, to prevent further processing
     - add missing CloseClient call which caused DoS to be
       re-introduced by above patch
Files: 
 e16fc52c24c8c89151e104292a6c598c 2244722 net extra cupsys_1.0.4-12.1_m68k.deb
 91f8d44a474e0258ab10c307ffe0099e 60086 net extra libcupsys1_1.0.4-12.1_m68k.deb
 28bb402a4bcf5ed618089e7ef7d99650 76130 net extra libcupsys1-dev_1.0.4-12.1_m68k.deb
 94271dc6ccfd72526b5a991b6506fd93 16246 net extra cupsys-bsd_1.0.4-12.1_m68k.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Kr2ZW5ql+IAeqTIRAnXJAKClyGGbSJFZeGmtaWZ9OsdRVQvivQCfWfmY
Urz8ooUyl1Pycbt4hsBriyA=
=lDZb
-----END PGP SIGNATURE-----