patches/packages/apache-1.3.34-i486-1.tgz
Fixes this minor security bug: “If a request contains both Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some HTTP
Request Splitting/Spoofing attacks.”
(* Security fix *)

patches/packages/curl-7.12.2-i486-2.tgz
overflow in libcurl's NTLM function that could have possible security
implications.
For more details, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)

patches/packages/imapd-4.64-i486-1.tgz
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions…
(* Security fix *)

patches/packages/koffice-1.3.1-i486-4.tgz
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(* Security fix *)

patches/packages/lynx-2.8.5rel.5-i486-1.tgz
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
(* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz:
Upgraded to mod_ssl-2.8.25-1.3.34.

patches/packages/pine-4.64-i486-1.tgz

patches/packages/wget-1.10.2-i486-1.tgz
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)