-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Thu, 19 Jun 2003 00:45:02 +0200
Source: tiger
Binary: tiger
Architecture: source i386
Version: 2.2.4-23
Distribution: stable
Urgency: medium
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Description: 
 tiger      - Report system security vulnerabilities
Closes: 157695 170461 172377
Changes: 
 tiger (2.2.4-23) stable; urgency=medium
 .
   * Upload to the proposed-updates queue to be considered by the
     Release Manager. This version generated for the benefit of
     stable users (which are still encouraged to use 3.2 since
     it fixes many more bugs and can be backported easily, but still).
     This package fixes some open (and important) bugs including a
     security bug and also updates data (DSA listing) to latest
     available information. Bugs fixed:
   * Fixed buffer overflow discovered by Steve Grub in realpath.c
     this might be able to be locally exploited if a user can make
     a _very_ long path in the system but it might be difficult to
     pull off local privilege escalation with this one. Still, worth
     fixing. The fix has been backported from the 3.2 version.
   * Fixed the installation so all scripts are set as executable (I'm
     not incorporating all the Makefile changes done on 3.2 but it's now
     better) this has the side effect of now setting check_listeningprocs
     executable and properly installing check_sendmail
     (Closes: #157695, #172377)
   * No longer depends on essential packages as per policy, since there
     are no known versioned dependancies (there are for the 3.x release)
     for any of them (Closes: #170461)
   * Updated deb_advisories to include all the latest
     Debian Security Advisories so that the deb_checkadvisories check
     makes sense (was over a year out of date). Notice that, without this
     update the deb_checkadvisories is useless. This check is still useful
     for those running a system without internet access (i.e. cannot check
     updates at security.debian.org). If there is a new release of the
     CD images this might turn out useful for users updating through CD.
Files: 
 9765cffceb61e0a95794210085672082 668 admin optional tiger_2.2.4-23.dsc
 85e245333dac76c9e80e9a4d421291d6 99984 admin optional tiger_2.2.4-23.diff.gz
 4c1f22da5ccd663cb392df1b313b578a 207972 admin optional tiger_2.2.4-23_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPvD15PtEPvakNq0lAQEqaQQAtzKHZ/3KCzED2Qab8654YT/VqsvNTuc4
VvQFekkeeUC7q8yl4XCwqZS0RH9kWgqqm0z5zR0K2hWu67X/UDGFdrtXEUlueZxw
ptvNnd0bkD+VhWBsLmaFeSFl5JxsHPtrZ9CattoZxJcYQs+da0uAz0wB07O1wJKQ
K2G66UlhKUA=
=rD33
-----END PGP SIGNATURE-----