2004-04-17: Several security fixes

cvs (1.11.1p1debian-9woody2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rename patches to match updated CVE assignments 66_CAN-2004-0180-2 -> 66_CAN-2004-0405 -- Matt Zimmerman Fri, 16 Apr 2004 08:50:49 -0700 cvs (1.11.1p1debian-9woody1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Upstream fix for exploit of client via pserver using absolute and relative (../) pathnames (CAN-2004-0180) [debian/patches/66_CAN-2004-0180, debian/patches/66_CAN-2004-0180-2] -- Matt Zimmerman Thu, 15 Apr 2004 09:27:47 -0700 mysql (3.23.49-8.6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix insecure temporary file creation [scripts/mysqlbug.sh, CAN-2004-0381, Bugtraq ID 9976] * Corrected another insecure temporary file creation [scripts/mysqld_multi.sh] * Removed the mysql-doc package since the same exists in non-free with a higher version number which would cause this update to be rejected. -- Martin Schulze Tue, 6 Apr 2004 08:29:27 +0200 perl (5.6.1-8.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Updated 20_fix_suidperl from Brendan O'Dea with yet more complete fix for CAN-2003-0618 -- Matt Zimmerman Sat, 3 Apr 2004 21:02:08 -0800 zope (2.5.1-1woody1) stable-security; urgency=high * Applied Zope Hotfix_2003-06-14 (security of the indexes of ZCatalog objects). Cf. http://zope.org/Products/Zope/Hotfix_2002-06-14/security_alert. [lib/python/Products/Hotfix_2002-06-14/, CVE-2002-0688] -- Gregor Hoffleit Thu, 8 Apr 2004 12:52:16 +0200