Bug#752667: ldirectord uses inet_ntop without importing it from the Socket library

Package: ldirectord Version: 1:3.9.2-5+deb7u2 Severity: critical Tags: upstream Justification: causes serious data loss Hi, This is easy to fix, but it was hard to troubleshoot. Any load balancer relying on simpletcp checks will fail when upgrade from squeeze to wheezy basically because of this.

Bug#731837: New upstream release, fixes security bug

Package: sftpcloudfs Version: 0.9-2 Since 0.9 (2013-08-29), several version have been released. Some of them add functionalities, but 0.12.2 fixes a security bug that basically requires the dependency python-ftp-cloufs to be upgraded to 0.25.2. Regards, Juan -- Juan J. Martinez Software

Bug#731833: New upstream release, fixes security bug

ObjectStorageFS when used in "delayed authentication" mode that resulted in a information leak vulnerability in sftp-cloudfs. Under certain conditions it was possible to serve a cached directory listing from a different user. It is recommended to upgrade to version 0.25.2. Regards, Juan

Bug#727197: pound: TLS compression is insecure (CRIME attack) and can't be disabled

Package: pound Version: 2.5-1 Severity: important Tags: patch Pound 2.5 has TLS compression enabled and that makes possible a practical attack known as CRIME [1]. There's a simple patch to disable TLS compression. Please see included patch. 1: https://community.qualys.com/blogs/securitylabs/20