From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
Date: Wed, 1 Aug 2007 02:05:28 +0400
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <20070731220528.GA15459@hint1.office.altlinux.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: Sisyphus-4.0-branch packages: +3 (6046)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk list
	<sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>,
	<mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>,
	<mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2007 22:05:29 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/20070731220528.GA15459@hint1.office.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	3 UPDATED packages

GraphicsMagick - An X application for displaying and manipulating images
* Mon Jul 30 2007 Slava Dubrovskiy <dubrsl@altlinux> 1.1.8-alt1
- New version
- Removed patches from debian (in upstream)
- Security Fixes:
  + Shell command injection via delegates subsystem (CVE-2005-4601).
  + Insecure use of filenames as a "sprintf" specification (CVE-2006-0082).
  + EXIF IFD stack overflow vulnerability.
  + BMP  format: Verify seek before proceeding.
  + DCM  format: Buffer overflow prevention (CVE-2006-5456).
  + DCM  format: Integer overflow prevention (CVE-2007-1797).
  + PALM format: Heap overflow prevention (CVE-2006-5456).
  + SGI  format: Fixes for RLE decoding issue (CVE-2006-4144).
  + XCF  format: Buffer overflow prevention, infinite loop prevention.
- Bugs Fixed:
  + Typo when searching for HTMLDecodeDelegate.
  + Avoid crash if delegate program fails to return an image.
  + EXIF memory leak fixes.
  + Command parser memory leak fixes.
  + Deadlock fix for event log initialization.
  + Work with latest Ghostscript "GPL Ghostscript" under Windows.
  + 'gm import' now returns image of appropriate depth.
  + Fixed memory map resource managment.
  + Fixed includedir variable in pkg-config files.
  + Fixed validation of -affine argument.
  + Fixed bug where fseeko() and ftello() were not used when available.
  + Fixed issue when pread() and pwrite() prototypes are missing.
  + Fixed pixel cache issues when size_t is an unsigned type.
  + Fixed dcraw delegate options to work with modern dcraw.
  + Fixed -level argument parsing to allow embedded % characters.
  + Fix for segfault in InitializeMagick(NULL).
  + Fix for segfault in ModifyCache().
  + Fix for Wand MagickGetQuantumDepth() interface.
  + Fix for GrayscalePseudoClassImage() on 64-bit systems.
  + Fix for MagickReallocMemory memory leak under certain error conditions.
  + Validate BLOB access range.
  + ICON format: Segfault fix.
  + JPEG format: Fixed reading 12-bit grayscale JPEG.
  + MAT  format: Stability improvements.
  + MIFF format: Handle a compression value of 'None'.
  + PCX  format: Segfault fix.  Heap overflow fix.
  + PDF  format: Fixed writing with JPEG compression.
  + PICT format: Segfault fix.
  + PNG  format: Fixed compile problem with some libpng versions. Segfault fix.
  + PNM  format: Fixed scaling problem due to rounding error. Validate scaling.
  + PSD  format: Fixed memory leak with layerd PSD files.
  + SGI  format: Handle 16-bit SGI image files correctly.
  + SUN  format: Segfault fix.
  + TIFF format: Secure error reporting.  Finally support LZW under Windows.
  + WPG  format: Fixed crash with clip-art WPG files.
  + XWD  format: Fix for integer under/overflow.
- Feature Improvements
  + CIN format: Implementation is entirely replaced.
  + MAT format: Support Byte and Word formats, as well as big/little endian.
  + WPG format: Support for CTM translation.
* Thu Apr 12 2007 Slava Dubrovskiy <dubrsl@altlinux> 1.1.7-alt7

apache - The most widely used Web server on the Internet
* Tue Jul 31 2007 Michael Shigorin <mike@altlinux> 1.3.37rusPL30.23-alt5
- merged security fix from RHEL2.1 (RH#245116):
  + CVE-2007-3304 (DoS by referencing an arbitrary process ID in scoreboard
    which then gets SIGUSR1 from master process; requires scripting ability)
* Tue Jun 26 2007 Michael Shigorin <mike@altlinux> 1.3.37rusPL30.23-alt4
- verified and disambiguated mime types; thanks Denis Smirnov (mithraen@)
  for a linter pass (fixes: #12141, #11461)
* Fri Apr 06 2007 Michael Shigorin <mike@altlinux> 1.3.37rusPL30.23-alt3

cups - Common Unix Printing System - server package             	[12M]
* Tue Jul 31 2007 Stanislav Ievlev <inger@altlinux> 1.2.12-alt2
- CVE-2007-3387
* Tue Jul 17 2007 Stanislav Ievlev <inger@altlinux> 1.2.12-alt1

Total 6046 source packages.