[ubuntu/lucid-security] dovecot, dovecot (delayed) 1:1.2.9-1ubuntu6.4 (Accepted)
dovecot (1:1.2.9-1ubuntu6.4) lucid-security; urgency=low * SECURITY UPDATE: fix memory corruption when header names included null bytes: - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather than a string based copy. - CVE-2011-1929 Date: Tue, 31 May 2011 14:59:37 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dovecot/1:1.2.9-1ubuntu6.4 Format: 1.8 Date: Tue, 31 May 2011 14:59:37 -0700 Source: dovecot Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-dbg Architecture: source Version: 1:1.2.9-1ubuntu6.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: dovecot-common - secure mail server that supports mbox and maildir mailboxes dovecot-dbg - debug symbols for Dovecot dovecot-dev - header files for the dovecot mail server dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes dovecot-postfix - full mail server stack provided by Ubuntu server team Changes: dovecot (1:1.2.9-1ubuntu6.4) lucid-security; urgency=low . * SECURITY UPDATE: fix memory corruption when header names included null bytes: - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather than a string based copy. - CVE-2011-1929 Checksums-Sha1: d800e007ded1062bf9691562ab6f6815922d0c6d 2313 dovecot_1.2.9-1ubuntu6.4.dsc af46828e1615f0c59cbd00276cb655d05cd34410 1418925 dovecot_1.2.9-1ubuntu6.4.debian.tar.gz Checksums-Sha256: f7d39ce8a4f2802df2ef918ab41354691b731a67360eb66f6c0947ecba953fe1 2313 dovecot_1.2.9-1ubuntu6.4.dsc 4e75bb63576fd73611515a8ab277240477dd7acc79c7ed1b09ed533c776efa0b 1418925 dovecot_1.2.9-1ubuntu6.4.debian.tar.gz Files: 325a3e4bf7a26bde8c6ef880553808ce 2313 mail optional dovecot_1.2.9-1ubuntu6.4.dsc 8dfd5589f99bc099cf735589254e74ce 1418925 mail optional dovecot_1.2.9-1ubuntu6.4.debian.tar.gz Original-Maintainer: Dovecot Maintainers jaldhar-dove...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] pam_1.1.1-2ubuntu5.3_powerpc_translations.tar.gz, pam_1.1.1-2ubuntu5.3_ia64_translations.tar.gz, pam_1.1.1-2ubuntu5.3_armel_translations.tar.gz, pam_1.1.1-2ubuntu5.3_sparc_tran
pam (1.1.1-2ubuntu5.3) lucid-security; urgency=low * SECURITY REGRESSION: - debian/patches/security-dropprivs.patch: updated patch to preserve ABI and prevent daemons from needing to be restarted. (LP: #790538) - debian/patches/autoconf.patch: refreshed Date: Tue, 31 May 2011 07:07:44 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/pam/1.1.1-2ubuntu5.3 Format: 1.8 Date: Tue, 31 May 2011 07:07:44 -0400 Source: pam Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: source Version: 1.1.1-2ubuntu5.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Launchpad-Bugs-Fixed: 790538 Changes: pam (1.1.1-2ubuntu5.3) lucid-security; urgency=low . * SECURITY REGRESSION: - debian/patches/security-dropprivs.patch: updated patch to preserve ABI and prevent daemons from needing to be restarted. (LP: #790538) - debian/patches/autoconf.patch: refreshed Checksums-Sha1: 4048c6e86605e4bdc6063a4628dbc674238aaa72 2241 pam_1.1.1-2ubuntu5.3.dsc ed765b08635e14fbbd426c93af6026fc6e220e36 253825 pam_1.1.1-2ubuntu5.3.diff.gz Checksums-Sha256: 9f16d0d67e95d834aeb28f49a47aa15c2495d5c553858ca827579ea348851b3a 2241 pam_1.1.1-2ubuntu5.3.dsc ccab00dbbbe901abce532bab46abe5980c7be9a4bc37b6ceba3e820870fedd70 253825 pam_1.1.1-2ubuntu5.3.diff.gz Files: e622161f452a025a6b87985fc534b41e 2241 libs optional pam_1.1.1-2ubuntu5.3.dsc d7002da59783d6069bb01fedb015af03 253825 libs optional pam_1.1.1-2ubuntu5.3.diff.gz Original-Maintainer: Steve Langasek vor...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] bind9_9.7.0.dfsg.P1-1ubuntu0.2_sparc_translations.tar.gz (delayed), bind9_9.7.0.dfsg.P1-1ubuntu0.2_armel_translations.tar.gz, bind9_9.7.0.dfsg.P1-1ubuntu0.2_amd64_translations.
bind9 (1:9.7.0.dfsg.P1-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via multiple trust anchors for a single zone - lib/dns/validator.c: fix arguments to dns_keytable_findnextkeynode(). - Upstream change 2869. - CVE-2010-3762 * SECURITY UPDATE: denial of service via off-by-one - lib/dns/ncache.c: correctly validate length. - Patch backported from 9.7.3-P1. - CVE-2011-1910 Date: Fri, 27 May 2011 13:03:07 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.2 Format: 1.8 Date: Fri, 27 May 2011 13:03:07 -0400 Source: bind9 Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-60 libdns64 libisc60 liblwres60 libisccc60 libisccfg60 dnsutils lwresd Architecture: source Version: 1:9.7.0.dfsg.P1-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND libbind-dev - Static Libraries and Headers used by BIND libbind9-60 - BIND9 Shared Library used by BIND libdns64 - DNS Shared Library used by BIND libisc60 - ISC Shared Library used by BIND libisccc60 - Command Channel Library used by BIND libisccfg60 - Config File Handling Library used by BIND liblwres60 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.7.0.dfsg.P1-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via multiple trust anchors for a single zone - lib/dns/validator.c: fix arguments to dns_keytable_findnextkeynode(). - Upstream change 2869. - CVE-2010-3762 * SECURITY UPDATE: denial of service via off-by-one - lib/dns/ncache.c: correctly validate length. - Patch backported from 9.7.3-P1. - CVE-2011-1910 Checksums-Sha1: abcdd73e928d4f14e7322e1e989580410c529a39 2260 bind9_9.7.0.dfsg.P1-1ubuntu0.2.dsc fdfc44f9649f371fe57260ec60cf09d50768f98c 600792 bind9_9.7.0.dfsg.P1-1ubuntu0.2.diff.gz Checksums-Sha256: 583a9fa0104b9d48d41f0fff1665908854f113a42373e763e58e42c2bb543b06 2260 bind9_9.7.0.dfsg.P1-1ubuntu0.2.dsc f80fda6411ce668e2ce3b38d7cc52ea32c080ce99d07d386e7551beff63f023b 600792 bind9_9.7.0.dfsg.P1-1ubuntu0.2.diff.gz Files: 051e2502e8009d888e982dcb700c0233 2260 net optional bind9_9.7.0.dfsg.P1-1ubuntu0.2.dsc cde891579e4fc6d30271f855b6c0166f 600792 net optional bind9_9.7.0.dfsg.P1-1ubuntu0.2.diff.gz Original-Maintainer: LaMont Jones lam...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] pam_1.1.1-2ubuntu5.2_ia64_translations.tar.gz, pam_1.1.1-2ubuntu5.2_sparc_translations.tar.gz (delayed), pam_1.1.1-2ubuntu5.2_i386_translations.tar.gz, pam_1.1.1-2ubuntu5.2_amd
pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3316 - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches. Date: Thu, 19 May 2011 08:44:14 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/pam/1.1.1-2ubuntu5.2 Format: 1.8 Date: Thu, 19 May 2011 08:44:14 -0400 Source: pam Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: source Version: 1.1.1-2ubuntu5.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Changes: pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low . * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3316 - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches. Checksums-Sha1: c36bdd761352a59520ed8d22426642444dfa5d6c 2241 pam_1.1.1-2ubuntu5.2.dsc f32fe52343d898de21f69d34af105d9554ee77ae 244703 pam_1.1.1-2ubuntu5.2.diff.gz Checksums-Sha256: 71d0cc0889c964c8e3ea27b48d8e0b2393ff1e1b2525ac253ffdbe50dcfed872 2241 pam_1.1.1-2ubuntu5.2.dsc e79f313d13a41820b8632e281270e4c9ce329affca8a5adfbb9f9465cfbbd0b9 244703 pam_1.1.1-2ubuntu5.2.diff.gz Files: 42bcb5d6760e9133f987074a0fb53d14 2241 libs optional pam_1.1.1-2ubuntu5.2.dsc 7339405295e11e2485df59895a8965f8 244703 libs optional pam_1.1.1-2ubuntu5.2.diff.gz Original-Maintainer: Steve Langasek vor...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] eucalyptus_1.6.2-0ubuntu30.5_i386_translations.tar.gz, eucalyptus, eucalyptus_1.6.2-0ubuntu30.5_ia64_translations.tar.gz, eucalyptus_1.6.2-0ubuntu30.5_amd64_translations.tar.gz
eucalyptus (1.6.2-0ubuntu30.5) lucid-security; urgency=low * debian/patches/soap-security.patch: SOAP signature replay vulnerability. - add debian/patches/soap-security.patch, thanks to upstream. - CVE-2011-0730 Date: Wed, 11 May 2011 13:11:11 +0100 Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/eucalyptus/1.6.2-0ubuntu30.5 Format: 1.8 Date: Wed, 11 May 2011 13:11:11 +0100 Source: eucalyptus Binary: eucalyptus-common eucalyptus-sc eucalyptus-cloud eucalyptus-walrus eucalyptus-java-common eucalyptus-cc eucalyptus-nc eucalyptus-gl uec-component-listener eucalyptus-udeb Architecture: source Version: 1.6.2-0ubuntu30.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com Description: eucalyptus-cc - Elastic Utility Computing Architecture - Cluster controller eucalyptus-cloud - Elastic Utility Computing Architecture - Cloud controller eucalyptus-common - Elastic Utility Computing Architecture - Common files eucalyptus-gl - Elastic Utility Computing Architecture - Logging service eucalyptus-java-common - Elastic Utility Computing Architecture - Common Java package eucalyptus-nc - Elastic Utility Computing Architecture - Node controller eucalyptus-sc - Elastic Utility Computing Architecture - Storage controller eucalyptus-udeb - Elastic Utility Computing Architecture - installer integration (udeb) eucalyptus-walrus - Elastic Utility Computing Architecture - Walrus (S3) uec-component-listener - Ubuntu Enterprise Cloud - Component listener Changes: eucalyptus (1.6.2-0ubuntu30.5) lucid-security; urgency=low . * debian/patches/soap-security.patch: SOAP signature replay vulnerability. - add debian/patches/soap-security.patch, thanks to upstream. - CVE-2011-0730 Checksums-Sha1: 138e6f813cb9a8720e82ef469cf8e1e1eb064c3f 2925 eucalyptus_1.6.2-0ubuntu30.5.dsc 41a84ff972088aafa2c16a4eab7f5032563c420a 1010056 eucalyptus_1.6.2-0ubuntu30.5.diff.gz Checksums-Sha256: 0a623791d88e8bab90743608157305f8ba410187f0d46aed922a4ea72a086c9f 2925 eucalyptus_1.6.2-0ubuntu30.5.dsc 295ad5d841954f075a5c896d2b0ced4c967983778eafbf0e02f9883d1293c755 1010056 eucalyptus_1.6.2-0ubuntu30.5.diff.gz Files: 8ec7c3331850fa2a1370cc4132643e25 2925 admin extra eucalyptus_1.6.2-0ubuntu30.5.dsc 1179b70bb3ac533e6214794e686943f4 1010056 admin extra eucalyptus_1.6.2-0ubuntu30.5.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] rampart, rampart (delayed) 1.3.0-0ubuntu7.1 (Accepted)
rampart (1.3.0-0ubuntu7.1) lucid-security; urgency=low * Add debian/patches/xml-security.patch, thanks to Eucalyptus upstream, to support XML security. Date: Tue, 26 Apr 2011 15:58:23 -0700 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Michael Vogt m...@ubuntu.com https://launchpad.net/ubuntu/lucid/+source/rampart/1.3.0-0ubuntu7.1 Format: 1.8 Date: Tue, 26 Apr 2011 15:58:23 -0700 Source: rampart Binary: librampart0 librampart-dev librampart-doc Architecture: source Version: 1.3.0-0ubuntu7.1 Distribution: lucid-security Urgency: low Maintainer: Michael Vogt m...@ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: librampart-dev - Apache web services security engine - Development librampart-doc - Apache web services security engine - Documentation librampart0 - Apache web services security engine - Runtime Changes: rampart (1.3.0-0ubuntu7.1) lucid-security; urgency=low . * Add debian/patches/xml-security.patch, thanks to Eucalyptus upstream, to support XML security. Checksums-Sha1: c94ed2aa51f4bd32db5e32322a123a0273841ce8 1786 rampart_1.3.0-0ubuntu7.1.dsc 1a703685e5796237c391ae8cfc27e96769a26358 4834 rampart_1.3.0-0ubuntu7.1.diff.gz Checksums-Sha256: 502a3f1da02ea822d773109226f63b10ef7ee1aeec336629d7b42ef324351d91 1786 rampart_1.3.0-0ubuntu7.1.dsc 9ff8cb1747b4f0092d2873c7587eb318e77a94f888a2d4cfc6ec064364b70361 4834 rampart_1.3.0-0ubuntu7.1.diff.gz Files: 080e2e4ab25df68a6bd4a2abacc18ebe 1786 libs extra rampart_1.3.0-0ubuntu7.1.dsc e1d95e2fdecd38fab06003f265ed4a00 4834 libs extra rampart_1.3.0-0ubuntu7.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] dbus-glib (delayed), dbus-glib 0.84-1ubuntu0.2 (Accepted)
dbus-glib (0.84-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: fix to honor access flag on specified properties - debian/patches/01-CVE-2010-1172.patch: don't allow Set/write calls for readonly properties, or properties not listed in the XML - CVE-2010-1172 - LP: #616517 Date: Wed, 25 May 2011 15:46:32 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dbus-glib/0.84-1ubuntu0.2 Format: 1.8 Date: Wed, 25 May 2011 15:46:32 -0500 Source: dbus-glib Binary: libdbus-glib-1-dev libdbus-glib-1-2 libdbus-glib-1-doc libdbus-glib-1-2-dbg Architecture: source Version: 0.84-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: libdbus-glib-1-2 - simple interprocess messaging system (GLib-based shared library) libdbus-glib-1-2-dbg - simple interprocess messaging system (GLib library debug symbols) libdbus-glib-1-dev - simple interprocess messaging system (GLib interface) libdbus-glib-1-doc - simple interprocess messaging system (GLib library documentation) Launchpad-Bugs-Fixed: 616517 Changes: dbus-glib (0.84-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: fix to honor access flag on specified properties - debian/patches/01-CVE-2010-1172.patch: don't allow Set/write calls for readonly properties, or properties not listed in the XML - CVE-2010-1172 - LP: #616517 Checksums-Sha1: ef7cd8a12d228faad273ef5aa496fd2cf619ea31 2317 dbus-glib_0.84-1ubuntu0.2.dsc 84f1dba2f07c38d41ea99881f053f49dd98ead42 26940 dbus-glib_0.84-1ubuntu0.2.diff.gz Checksums-Sha256: 37d1f1d78dbdbc6185759e38e88af1ff538aa8f6e49b0741292af8f9b4b62314 2317 dbus-glib_0.84-1ubuntu0.2.dsc 06466b64a092757ca4e7d3277b0898417950d1e5c74455801e254baee5601400 26940 dbus-glib_0.84-1ubuntu0.2.diff.gz Files: f690f9aac100d2f59ccbcb6ffc9f0fca 2317 devel optional dbus-glib_0.84-1ubuntu0.2.dsc 1ad15bada48540b26fbda72d8a42c5e7 26940 devel optional dbus-glib_0.84-1ubuntu0.2.diff.gz Original-Maintainer: Utopia Maintenance Team pkg-utopia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] modemmanager (delayed), modemmanager 0.3-0ubuntu2.2 (Accepted)
modemmanager (0.3-0ubuntu2.2) lucid-security; urgency=low * no change rebuild for dbus-glib update Date: Thu, 26 May 2011 10:50:21 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Network Manager Team ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/modemmanager/0.3-0ubuntu2.2 Format: 1.8 Date: Thu, 26 May 2011 10:50:21 -0500 Source: modemmanager Binary: modemmanager Architecture: source Version: 0.3-0ubuntu2.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Network Manager Team ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: modemmanager - D-Bus service for managing modems Changes: modemmanager (0.3-0ubuntu2.2) lucid-security; urgency=low . * no change rebuild for dbus-glib update Checksums-Sha1: a96d69d80acea9c958614a8fbcc27784b66e9106 1946 modemmanager_0.3-0ubuntu2.2.dsc 66810e29a34768f04b1e0e00dc56280143058095 6454 modemmanager_0.3-0ubuntu2.2.diff.gz Checksums-Sha256: 02afa27f3af407e14f9a071cf171c5facddf5de67f508de4e9cdc5e41808ba0e 1946 modemmanager_0.3-0ubuntu2.2.dsc 8f788e87bd95b2d76f0a406e8efd4f95104b1eb74f6962200f6ca39cc6136a50 6454 modemmanager_0.3-0ubuntu2.2.diff.gz Files: 89869b828369c3a40b2f62b861e02f0f 1946 net optional modemmanager_0.3-0ubuntu2.2.dsc 425ad70eb50ffa9c4d10b882b5de51d7 6454 net optional modemmanager_0.3-0ubuntu2.2.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] network-manager_0.8-0ubuntu3.2_sparc_translations.tar.gz (delayed), network-manager_0.8-0ubuntu3.2_armel_translations.tar.gz, network-manager, network-manager_0.8-0ubuntu3.2_am
network-manager (0.8-0ubuntu3.2) lucid-security; urgency=low * no change rebuild for dbus-glib update Date: Thu, 26 May 2011 10:49:41 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Core Dev Team ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/network-manager/0.8-0ubuntu3.2 Format: 1.8 Date: Thu, 26 May 2011 10:49:41 -0500 Source: network-manager Binary: network-manager network-manager-dev libnm-glib2 libnm-glib-dev libnm-util1 libnm-util-dev Architecture: source Version: 0.8-0ubuntu3.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Dev Team ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: libnm-glib-dev - network management framework (GLib interface) libnm-glib2 - network management framework (GLib shared library) libnm-util-dev - network management framework (development files) libnm-util1 - network management framework (shared library) network-manager - network management framework daemon network-manager-dev - network management framework (development files) Changes: network-manager (0.8-0ubuntu3.2) lucid-security; urgency=low . * no change rebuild for dbus-glib update Checksums-Sha1: d7c023ed195a2c8369392dfa98e11aa23069e481 2359 network-manager_0.8-0ubuntu3.2.dsc 9b7bfbc86abeeb5121c4efec2ea33630f69695dc 49594 network-manager_0.8-0ubuntu3.2.diff.gz Checksums-Sha256: 1d25222926e49f99b92af899c00a98f258b53f64e9281e06f30fa645ce4825a8 2359 network-manager_0.8-0ubuntu3.2.dsc e8f7553a79b1df4d55f6e80a4d60d6471218a84308c471ad931eae7092d0 49594 network-manager_0.8-0ubuntu3.2.diff.gz Files: 5fe5e40f973a47b80d513161be32aef6 2359 net optional network-manager_0.8-0ubuntu3.2.dsc ece896ed6cbf15318d0f8d30e8c1778e 49594 net optional network-manager_0.8-0ubuntu3.2.diff.gz Original-Maintainer: Riccardo Setti gisk...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] rdesktop, rdesktop (delayed) 1.6.0-2ubuntu3.1 (Accepted)
rdesktop (1.6.0-2ubuntu3.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary file disclosure via directory traversal - debian/patches/81_CVE-2011-1595.dpatch: check path for /.. in disk.c. - CVE-2011-1595 Date: Tue, 24 May 2011 15:04:28 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/rdesktop/1.6.0-2ubuntu3.1 Format: 1.8 Date: Tue, 24 May 2011 15:04:28 -0400 Source: rdesktop Binary: rdesktop Architecture: source Version: 1.6.0-2ubuntu3.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: rdesktop - RDP client for Windows NT/2000 Terminal Server Changes: rdesktop (1.6.0-2ubuntu3.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary file disclosure via directory traversal - debian/patches/81_CVE-2011-1595.dpatch: check path for /.. in disk.c. - CVE-2011-1595 Checksums-Sha1: a70baaba14c6e4f87a91e14828192f6d341dfff1 1812 rdesktop_1.6.0-2ubuntu3.1.dsc ecf9472a392e88d668aa154e4cc4c2b9b6c0f938 29118 rdesktop_1.6.0-2ubuntu3.1.diff.gz Checksums-Sha256: e4fe8890355b2d63a195dc571e350e860be637956d3edf272e9c01ad28cb4cbe 1812 rdesktop_1.6.0-2ubuntu3.1.dsc f4a05a1146af65c52d58f49986e41e152f22f776bdc4f374c2a55ab14296a733 29118 rdesktop_1.6.0-2ubuntu3.1.diff.gz Files: aca591da20fb9e64acf416eaa4bd9e5d 1812 x11 optional rdesktop_1.6.0-2ubuntu3.1.dsc b907b440be0affcd0e7ae01ecd551e66 29118 x11 optional rdesktop_1.6.0-2ubuntu3.1.diff.gz Original-Maintainer: Laszlo Boszormenyi (GCS) g...@debian.hu -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] exim4_4.71-3ubuntu1.3_sparc_translations.tar.gz (delayed), exim4_4.71-3ubuntu1.3_armel_translations.tar.gz, exim4, exim4_4.71-3ubuntu1.3_ia64_translations.tar.gz, exim4_4.71-3u
exim4 (4.71-3ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via DKIM identities - debian/patches/86_CVE-2011-1407.patch: don't use match_isinlist() for simple string list matching in src/receive.c. - CVE-2011-1407 Date: Tue, 24 May 2011 15:49:34 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/exim4/4.71-3ubuntu1.3 Format: 1.8 Date: Tue, 24 May 2011 15:49:34 -0400 Source: exim4 Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy exim4-daemon-custom eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-daemon-custom-dbg exim4-dev Architecture: source Version: 4.71-3ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: exim4 - metapackage to ease Exim MTA (v4) installation exim4-base - support files for all Exim MTA (v4) packages exim4-config - configuration for the Exim MTA (v4) exim4-daemon-custom - custom Exim MTA (v4) daemon with locally set features exim4-daemon-custom-dbg - debugging symbols for the Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA (v4) packages exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-daemon-light-dbg - debugging symbols for the Exim MTA (v4) packages exim4-dbg - debugging symbols for the Exim MTA (v4) packages exim4-dev - header files for the Exim MTA (v4) packages eximon4- monitor application for the Exim MTA (v4) (X11 interface) Changes: exim4 (4.71-3ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via DKIM identities - debian/patches/86_CVE-2011-1407.patch: don't use match_isinlist() for simple string list matching in src/receive.c. - CVE-2011-1407 Checksums-Sha1: ace365c2cb713cc019dca779d6cd8211b7dff63e 2366 exim4_4.71-3ubuntu1.3.dsc 4afa62bb359bb2040296f1a1310b6279e4addfcf 596030 exim4_4.71-3ubuntu1.3.debian.tar.gz Checksums-Sha256: 891884e939fb25a3f699a199f12686692d7f7abb1aea6e7c75cc758564c5 2366 exim4_4.71-3ubuntu1.3.dsc 4b039c9a66b4fd4cecb3457aab6dabef5a951d095620e074a4e44de35cb4f1c6 596030 exim4_4.71-3ubuntu1.3.debian.tar.gz Files: 749cf0d9ed1783188c28829fc1af17af 2366 mail standard exim4_4.71-3ubuntu1.3.dsc 2e0fd86ad2b605a6570efbf24db8fb2b 596030 mail standard exim4_4.71-3ubuntu1.3.debian.tar.gz Original-Maintainer: Exim4 Maintainers pkg-exim4-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] apr, apr (delayed) 1.3.8-1ubuntu0.3 (Accepted)
apr (1.3.8-1ubuntu0.3) lucid-security; urgency=low * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via apache's mod_index - debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite apr_fnmatch to have a better time bounds on execution. - CVE-2011-0419 - debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible DoS introduced by patch for CVE-2011-0419. - CVE-2011-1928 * debian/patches/030_thumb2.dpatch; backport disabling process shared mutexes on arm to fix build hang (LP: #599874) Date: Mon, 23 May 2011 12:20:09 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/apr/1.3.8-1ubuntu0.3 Format: 1.8 Date: Mon, 23 May 2011 12:20:09 -0700 Source: apr Binary: libapr1 libapr1-dev libapr1-dbg Architecture: source Version: 1.3.8-1ubuntu0.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: libapr1- The Apache Portable Runtime Library libapr1-dbg - The Apache Portable Runtime Library - Debugging Symbols libapr1-dev - The Apache Portable Runtime Library - Development Headers Launchpad-Bugs-Fixed: 599874 Changes: apr (1.3.8-1ubuntu0.3) lucid-security; urgency=low . * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via apache's mod_index - debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite apr_fnmatch to have a better time bounds on execution. - CVE-2011-0419 - debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible DoS introduced by patch for CVE-2011-0419. - CVE-2011-1928 * debian/patches/030_thumb2.dpatch; backport disabling process shared mutexes on arm to fix build hang (LP: #599874) Checksums-Sha1: 4b1aeccbfe20950b69d7b19bf652c8cf57f39b06 2119 apr_1.3.8-1ubuntu0.3.dsc 7ed1b93b0c3ead2049d29a124a7b9534de50b22a 27199 apr_1.3.8-1ubuntu0.3.diff.gz Checksums-Sha256: 31ac3d3eb1be39b5724f7273c21452a4caee211cb6d8656b187a5efa1f89fb7a 2119 apr_1.3.8-1ubuntu0.3.dsc e893ce80588cd7223a40ca50879e35af028153469db0db63cd094fb3260134e4 27199 apr_1.3.8-1ubuntu0.3.diff.gz Files: 6553c2d9cfc60fce1da81134492ab23f 2119 libs optional apr_1.3.8-1ubuntu0.3.dsc b4501e2acb5fb7a51ccbb986cff7dc34 27199 libs optional apr_1.3.8-1ubuntu0.3.diff.gz Original-Maintainer: Debian Apache Maintainers debian-apa...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] mahara, mahara_1.2.4-1ubuntu0.3_i386_translations.tar.gz (delayed) 1.2.4-1ubuntu0.3 (Accepted)
mahara (1.2.4-1ubuntu0.3) lucid-security; urgency=low * SECURITY UPDATE: fixes to session key validation (CSRF) - debian/patches/CVE-2011-1403.patch: upstream patch * SECURITY UPDATE: privilege escalations - debian/patches/CVE-2011-1402.patch: upstream patch * SECURITY UPDATE: information disclosure in AJAX calls - debian/patches/CVE-2011-1404.patch: upstream patch * SECURITY UPDATE: https to http downgrade - debian/patches/CVE-2011-1406.patch: upstream patch * SECURITY UPDATE: sanitisation of HTML emails - debian/patches/CVE-2011-1405.patch: upstream patch Date: Tue, 10 May 2011 16:33:40 +1200 Changed-By: Francois Marier franc...@debian.org Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/mahara/1.2.4-1ubuntu0.3 Format: 1.8 Date: Tue, 10 May 2011 16:33:40 +1200 Source: mahara Binary: mahara mahara-apache2 Architecture: source Version: 1.2.4-1ubuntu0.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Francois Marier franc...@debian.org Description: mahara - Electronic portfolio, weblog, and resume builder mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config Changes: mahara (1.2.4-1ubuntu0.3) lucid-security; urgency=low . * SECURITY UPDATE: fixes to session key validation (CSRF) - debian/patches/CVE-2011-1403.patch: upstream patch . * SECURITY UPDATE: privilege escalations - debian/patches/CVE-2011-1402.patch: upstream patch . * SECURITY UPDATE: information disclosure in AJAX calls - debian/patches/CVE-2011-1404.patch: upstream patch . * SECURITY UPDATE: https to http downgrade - debian/patches/CVE-2011-1406.patch: upstream patch . * SECURITY UPDATE: sanitisation of HTML emails - debian/patches/CVE-2011-1405.patch: upstream patch Checksums-Sha1: 97ecdba1e41d4f0e724287ec3130b81339bfe42e 2021 mahara_1.2.4-1ubuntu0.3.dsc 60af8aa3c3c26ab6b888f7c1c6128d5682dc7c95 31167 mahara_1.2.4-1ubuntu0.3.debian.tar.gz Checksums-Sha256: 2c525eae4a0ff85a9fb4977a1e97169615fbe0c2e9db249ba2f7c717c5e8e886 2021 mahara_1.2.4-1ubuntu0.3.dsc be2ae130ab0c8ed5128a50657358cd76db0189fc2266454d36aeca5b3a255dbf 31167 mahara_1.2.4-1ubuntu0.3.debian.tar.gz Files: 67a7dd6f5223586cd1c37ced84b5867c 2021 web optional mahara_1.2.4-1ubuntu0.3.dsc 3d930dc0a2d0e0a33f8d044b0cb7d78b 31167 web optional mahara_1.2.4-1ubuntu0.3.debian.tar.gz Original-Maintainer: Mahara Packaging Team mahara-packag...@lists.launchpad.net -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1_i386_translations.tar.gz (delayed)
flashplugin-nonfree (10.3.181.14ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: New upstream release 10.3.181.14 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0579 - CVE-2011-0618 - CVE-2011-0619 - CVE-2011-0620 - CVE-2011-0621 - CVE-2011-0622 - CVE-2011-0623 - CVE-2011-0624 - CVE-2011-0625 - CVE-2011-0626 - CVE-2011-0627 Date: Mon, 16 May 2011 11:42:40 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.3.181.14ubuntu0.10.04.1 Format: 1.8 Date: Mon, 16 May 2011 11:42:40 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.3.181.14ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.3.181.14ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: New upstream release 10.3.181.14 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0579 - CVE-2011-0618 - CVE-2011-0619 - CVE-2011-0620 - CVE-2011-0621 - CVE-2011-0622 - CVE-2011-0623 - CVE-2011-0624 - CVE-2011-0625 - CVE-2011-0626 - CVE-2011-0627 Checksums-Sha1: 21d57304518e0d0d77c39a8fa6aeeaeac9f99652 1639 flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.dsc f2d4477ae99afff159e90758cb77cd1f4033969e 27103 flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.tar.gz Checksums-Sha256: c6217fc9c799c3cfdb40f610ff3bd3770d973a2f0e2a979df433d5cfd745e958 1639 flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.dsc 0f5ca536e4402722b5960f8de4ae38a45be1199028772fa3c17e440c036ef70e 27103 flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.tar.gz Files: 53d578e53db2a7e56e3ed7cafe784803 1639 contrib/web optional flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.dsc f2a8bbe987a913cf8af3244d309ac2bd 27103 contrib/web optional flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.tar.gz Original-Maintainer: Bart Martens ba...@knars.be -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] apturl, apturl_0.4.1ubuntu4.1_i386_translations.tar.gz (delayed) 0.4.1ubuntu4.1 (Accepted)
apturl (0.4.1ubuntu4.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service via long apt URL (LP: #783594) - check URL for length and shorten it for error dialog in AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py. - Patch thanks to Micheal Vogt - CVE number pending Date: Mon, 16 May 2011 13:57:01 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Michael Vogt m...@ubuntu.com https://launchpad.net/ubuntu/lucid/+source/apturl/0.4.1ubuntu4.1 Format: 1.8 Date: Mon, 16 May 2011 13:57:01 -0400 Source: apturl Binary: apturl-common apturl apturl-kde Architecture: source Version: 0.4.1ubuntu4.1 Distribution: lucid-security Urgency: low Maintainer: Michael Vogt m...@ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: apturl - install packages using the apt protocol - GTK+ frontend apturl-common - install packages using the apt protocol - common data apturl-kde - install packages using the apt protocol - KDE frontend Launchpad-Bugs-Fixed: 783594 Changes: apturl (0.4.1ubuntu4.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via long apt URL (LP: #783594) - check URL for length and shorten it for error dialog in AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py. - Patch thanks to Micheal Vogt - CVE number pending Checksums-Sha1: 001f28866d6b8cf3213db8ada4ed31e4d8fe7fa6 1637 apturl_0.4.1ubuntu4.1.dsc 78ed0496d0fd923149096ab0c5cf284b312b0a99 29592 apturl_0.4.1ubuntu4.1.tar.gz Checksums-Sha256: 71170838704f6f6656c7a9f1b8f18b5cedeead560a2618f8524e3c3e77ff92f7 1637 apturl_0.4.1ubuntu4.1.dsc f486b48d1b97666e7d85a3b8029d229c3a152a1eb99f137349de76116d2c674c 29592 apturl_0.4.1ubuntu4.1.tar.gz Files: 296b1d7c0afe4a9309de59a0d51099f1 1637 admin optional apturl_0.4.1ubuntu4.1.dsc c98809c36a640bf064b9b0dfdd76ad5f 29592 admin optional apturl_0.4.1ubuntu4.1.tar.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] postfix_2.7.0-1ubuntu0.2_sparc_translations.tar.gz (delayed), postfix_2.7.0-1ubuntu0.2_armel_translations.tar.gz, postfix, postfix_2.7.0-1ubuntu0.2_i386_translations.tar.gz, po
postfix (2.7.0-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: SASL memory corruption - src/smtpd/smtpd_sasl_proto.c: don't reuse the SASL handle after auth failure. - Origin: backported from postfix-2.7-patch04.gz - CVE-2011-1720 Date: Tue, 10 May 2011 08:37:13 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/postfix/2.7.0-1ubuntu0.2 Format: 1.8 Date: Tue, 10 May 2011 08:37:13 -0400 Source: postfix Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql postfix-pgsql postfix-dev postfix-doc Architecture: source Version: 2.7.0-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: postfix- High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-dev - Loadable modules development environment for Postfix postfix-doc - Documentation for Postfix postfix-ldap - LDAP map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix Changes: postfix (2.7.0-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: SASL memory corruption - src/smtpd/smtpd_sasl_proto.c: don't reuse the SASL handle after auth failure. - Origin: backported from postfix-2.7-patch04.gz - CVE-2011-1720 Checksums-Sha1: 607bb3d4ace5a44b585b97af9e046bf055acf1cd 2192 postfix_2.7.0-1ubuntu0.2.dsc a905f5d5b92315f15e4602abdf34fd373138c2b4 219237 postfix_2.7.0-1ubuntu0.2.diff.gz Checksums-Sha256: 4914287bde23b03455d6731d2cd614b058f30084400d3bd5ddc3dece60f5db1b 2192 postfix_2.7.0-1ubuntu0.2.dsc a27e5a3182d4bea48d3a13b50a6bddb20720e8a377539c5c9c4f212e75408a31 219237 postfix_2.7.0-1ubuntu0.2.diff.gz Files: 908020830d95ebbc7e51531244bd5df0 2192 mail extra postfix_2.7.0-1ubuntu0.2.dsc de2bc0f4b1c2e620812f27930076f1b1 219237 mail extra postfix_2.7.0-1ubuntu0.2.diff.gz Original-Maintainer: LaMont Jones lam...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] exim4_4.71-3ubuntu1.2_amd64_translations.tar.gz, exim4_4.71-3ubuntu1.2_sparc_translations.tar.gz (delayed), exim4, exim4_4.71-3ubuntu1.2_armel_translations.tar.gz, exim4_4.71-3
exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: format string vulnerability (LP: #779391) - debian/patches/85_CVE-2011-1764.patch: patch from upstream - CVE-2011-1764 Date: Sun, 08 May 2011 15:31:05 +0200 Changed-By: Felix Geyer debfx-...@fobos.de Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/exim4/4.71-3ubuntu1.2 Format: 1.8 Date: Sun, 08 May 2011 15:31:05 +0200 Source: exim4 Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy exim4-daemon-custom eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-daemon-custom-dbg exim4-dev Architecture: source Version: 4.71-3ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Felix Geyer debfx-...@fobos.de Description: exim4 - metapackage to ease Exim MTA (v4) installation exim4-base - support files for all Exim MTA (v4) packages exim4-config - configuration for the Exim MTA (v4) exim4-daemon-custom - custom Exim MTA (v4) daemon with locally set features exim4-daemon-custom-dbg - debugging symbols for the Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA (v4) packages exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-daemon-light-dbg - debugging symbols for the Exim MTA (v4) packages exim4-dbg - debugging symbols for the Exim MTA (v4) packages exim4-dev - header files for the Exim MTA (v4) packages eximon4- monitor application for the Exim MTA (v4) (X11 interface) Launchpad-Bugs-Fixed: 779391 Changes: exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: format string vulnerability (LP: #779391) - debian/patches/85_CVE-2011-1764.patch: patch from upstream - CVE-2011-1764 Checksums-Sha1: 7d6d0d0340c69e4758b33469d5b864bf5affceba 2404 exim4_4.71-3ubuntu1.2.dsc 05fc38cef1e026987de2776dc35053c161174746 591752 exim4_4.71-3ubuntu1.2.debian.tar.gz Checksums-Sha256: 3bd780ac46485b58199770637a701c4bf5f1b7034e1744a28f79b5c8bd9eca75 2404 exim4_4.71-3ubuntu1.2.dsc 7334d20c75f347d914481e8fbcaf5d8adb6e70c5ccd8ffb013576c501731b25a 591752 exim4_4.71-3ubuntu1.2.debian.tar.gz Files: 8fede4e8a95ac687f9a4017946c86016 2404 mail standard exim4_4.71-3ubuntu1.2.dsc f668e84fceb64ee6e5dc5d6646e96ba7 591752 mail standard exim4_4.71-3ubuntu1.2.debian.tar.gz Original-Maintainer: Exim4 Maintainers pkg-exim4-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] loop-aes-utils_2.15.1~rc1-2ubuntu1.1_ia64_translations.tar.gz, loop-aes-utils_2.15.1~rc1-2ubuntu1.1_sparc_translations.tar.gz (delayed), loop-aes-utils_2.15.1~rc1-2ubuntu1.1_i3
loop-aes-utils (2.15.1~rc1-2ubuntu1.1) lucid-security; urgency=low * debian/patches/30no-canonicalize.dpatch: Backport mount/umount --no-canonicalize option from util-linux (LP: #727220). Patch from Colin Watson. * debian/patches/31umount-fake.dpatch: Backport umount --fake option from util-linux. Patch from Colin Watson. Date: Wed, 04 May 2011 17:22:33 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/loop-aes-utils/2.15.1~rc1-2ubuntu1.1 Format: 1.8 Date: Wed, 04 May 2011 17:22:33 -0500 Source: loop-aes-utils Binary: loop-aes-utils mount-aes-udeb Architecture: source Version: 2.15.1~rc1-2ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: loop-aes-utils - Tools for mounting and manipulating filesystems mount-aes-udeb - Mount utils for loop-AES (udeb) Launchpad-Bugs-Fixed: 727220 Changes: loop-aes-utils (2.15.1~rc1-2ubuntu1.1) lucid-security; urgency=low . * debian/patches/30no-canonicalize.dpatch: Backport mount/umount --no-canonicalize option from util-linux (LP: #727220). Patch from Colin Watson. * debian/patches/31umount-fake.dpatch: Backport umount --fake option from util-linux. Patch from Colin Watson. Checksums-Sha1: 2ad3ffae6d5260b5954efbcf588433dc28c87316 1998 loop-aes-utils_2.15.1~rc1-2ubuntu1.1.dsc f5adabd6dd6db33c3ebcc928bc90914e6daa53f6 106921 loop-aes-utils_2.15.1~rc1-2ubuntu1.1.diff.gz Checksums-Sha256: 935f15d9e65eab2fd34e792c53de67322d527b50f581dc1a07a77460c63f5055 1998 loop-aes-utils_2.15.1~rc1-2ubuntu1.1.dsc 5a5bc81a9663254990c78c66cb372e83ae8c56132688da4c7ca244728df8827a 106921 loop-aes-utils_2.15.1~rc1-2ubuntu1.1.diff.gz Files: 1076dd506cbc99e65f77939d12326352 1998 admin optional loop-aes-utils_2.15.1~rc1-2ubuntu1.1.dsc 35b4fdf9de369f9fac846f743694ec3d 106921 admin optional loop-aes-utils_2.15.1~rc1-2ubuntu1.1.diff.gz Original-Maintainer: Debian Loop-AES Team pkg-loop-aes-ma...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.9_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.9_sparc_translations.tar.gz (delayed), php5_5.3.2-1ubuntu4.9_i386_translations.tar.gz, php5_5.3.2-1ubuntu4.
php5 (5.3.2-1ubuntu4.9) lucid-security; urgency=low * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) Date: Mon, 02 May 2011 09:21:53 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.9 Format: 1.8 Date: Mon, 02 May 2011 09:21:53 -0700 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.2-1ubuntu4.9 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd- GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 774452 Changes: php5 (5.3.2-1ubuntu4.9) lucid-security; urgency=low . * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) Checksums-Sha1: 7344b47b32b317f765853a1ac28f2d2a180414a6 3166 php5_5.3.2-1ubuntu4.9.dsc 9eacde17d050900293dda71f230dbb81c195f692 226634 php5_5.3.2-1ubuntu4.9.diff.gz Checksums-Sha256: f74052ab1bb06a826e29da6ce0f445f2cb0914d077bd6e768728f1c007d77e91 3166 php5_5.3.2-1ubuntu4.9.dsc 384cee970c8bcf5d728e6a612fc02f8b09bdbf47b078e47c517c4c8205b701fd 226634 php5_5.3.2-1ubuntu4.9.diff.gz Files: 5ac081027f6220d39fbedf8dee3a72c8 3166 php optional php5_5.3.2-1ubuntu4.9.dsc 586c771c45d314c339c0e6d5aa1c51ec 226634 php optional php5_5.3.2-1ubuntu4.9.diff.gz Original-Maintainer: Debian PHP Maintainers pkg-php-ma...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] perl (delayed), perl 5.10.1-8ubuntu2.1 (Accepted)
perl (5.10.1-8ubuntu2.1) lucid-security; urgency=low * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version 2.29 to fix multiple issues. - CVE-2010-1168 - CVE-2010-1447 * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary, and CRLF injections. - debian/patches/fixes/cgi-multiline-header.diff: fix issues with patch obtained from (5.10.1-17). - CVE-2010-2716 - CVE-2010-4410 - CVE-2010-4411 * SECURITY UPDATE: taint protection bypass via missing taint attributes - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end of pp_* functions. - CVE-2011-1487 Date: Thu, 21 Apr 2011 13:22:49 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/perl/5.10.1-8ubuntu2.1 Format: 1.8 Date: Thu, 21 Apr 2011 13:22:49 -0400 Source: perl Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl Architecture: source Version: 5.10.1-8ubuntu2.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libcgi-fast-perl - CGI::Fast Perl module libperl-dev - Perl library: development files libperl5.10 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules perl-suid - runs setuid Perl scripts Changes: perl (5.10.1-8ubuntu2.1) lucid-security; urgency=low . * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version 2.29 to fix multiple issues. - CVE-2010-1168 - CVE-2010-1447 * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary, and CRLF injections. - debian/patches/fixes/cgi-multiline-header.diff: fix issues with patch obtained from (5.10.1-17). - CVE-2010-2716 - CVE-2010-4410 - CVE-2010-4411 * SECURITY UPDATE: taint protection bypass via missing taint attributes - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end of pp_* functions. - CVE-2011-1487 Checksums-Sha1: ab13b7d826b2f424ba6fb22c4a0707b46d0fd675 2110 perl_5.10.1-8ubuntu2.1.dsc 6940c928693251bbb9bb18bc54625ac3d06f43b0 118283 perl_5.10.1-8ubuntu2.1.diff.gz Checksums-Sha256: 31dbdb6fcb509430111f992e4af537852c2ec40c4156194a0b63aca2433e70be 2110 perl_5.10.1-8ubuntu2.1.dsc aabd4982e9d144076053144909806e016d7bfa0265142a486d5617493921c31f 118283 perl_5.10.1-8ubuntu2.1.diff.gz Files: 37e72e62c1fbd67a7acff4588571fa5f 2110 perl standard perl_5.10.1-8ubuntu2.1.dsc b09bf4c1fc2a79c5d090ded735a12b3f 118283 perl standard perl_5.10.1-8ubuntu2.1.diff.gz Original-Maintainer: Niko Tyni nt...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] usb-creator_0.2.22.3_i386_translations.tar.gz (delayed), usb-creator 0.2.22.3 (Accepted)
usb-creator (0.2.22.3) lucid-security; urgency=low [ Marc Deslauriers ] * SECURITY UPDATE: unprivileged disk operations (LP: #771553) - CVE-2011-1828 * setup.cfg: Specify policykit policy file as xml_file so it gets translated properly instead of being malformed. [ Evan Dandrea ] * Guard UnmountFile with PolicyKit (LP: #771553). Date: Fri, 29 Apr 2011 13:15:02 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Installer Team ubuntu-instal...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/usb-creator/0.2.22.3 Format: 1.8 Date: Fri, 29 Apr 2011 13:15:02 -0400 Source: usb-creator Binary: usb-creator-common usb-creator usb-creator-gtk usb-creator-kde Architecture: source Version: 0.2.22.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Installer Team ubuntu-instal...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: usb-creator - Ubuntu startup disk creator transitional meta-package for GTK+ usb-creator-common - Ubuntu startup disk creator common files usb-creator-gtk - Ubuntu startup disk creator for GTK+ usb-creator-kde - Ubuntu USB desktop image creator for KDE Launchpad-Bugs-Fixed: 771553 771553 Changes: usb-creator (0.2.22.3) lucid-security; urgency=low . [ Marc Deslauriers ] * SECURITY UPDATE: unprivileged disk operations (LP: #771553) - CVE-2011-1828 * setup.cfg: Specify policykit policy file as xml_file so it gets translated properly instead of being malformed. . [ Evan Dandrea ] * Guard UnmountFile with PolicyKit (LP: #771553). Checksums-Sha1: a417de2abd6950716a24bccdee8fe84516970ca3 1638 usb-creator_0.2.22.3.dsc 28c24b71ac3da45d07e4fbd0cb286230dcb024a9 281214 usb-creator_0.2.22.3.tar.gz Checksums-Sha256: 33d0d19c9410edea03eaeda32350ac5bda1a040789cc4c2946293f741be843ef 1638 usb-creator_0.2.22.3.dsc efdbb7ed102fa4ebe70f2c032100a4746081f607a51d43e0f254369ef3145abb 281214 usb-creator_0.2.22.3.tar.gz Files: 4d848b5c909e7b9bc61a25941469d42c 1638 admin optional usb-creator_0.2.22.3.dsc 0f0966ac7d1096c5aab84a48d30a80cd 281214 admin optional usb-creator_0.2.22.3.tar.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] vino_2.28.2-0ubuntu2.1_sparc_translations.tar.gz (delayed), vino, vino_2.28.2-0ubuntu2.1_powerpc_translations.tar.gz, vino_2.28.2-0ubuntu2.1_armel_translations.tar.gz, vino_2.2
vino (2.28.2-0ubuntu2.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service or possible code execution via crafted framebuffer update request - debian/patches/04_CVE-2011-090x.patch: validate update rectangle in server/libvncserver/rfbserver.c. - CVE-2011-0904 - CVE-2011-0905 Date: Thu, 28 Apr 2011 08:57:31 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/vino/2.28.2-0ubuntu2.1 Format: 1.8 Date: Thu, 28 Apr 2011 08:57:31 -0400 Source: vino Binary: vino Architecture: source Version: 2.28.2-0ubuntu2.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: vino - VNC server for GNOME Changes: vino (2.28.2-0ubuntu2.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service or possible code execution via crafted framebuffer update request - debian/patches/04_CVE-2011-090x.patch: validate update rectangle in server/libvncserver/rfbserver.c. - CVE-2011-0904 - CVE-2011-0905 Checksums-Sha1: 490cb07e638a969f07e2037a7855e1c2e762b755 2565 vino_2.28.2-0ubuntu2.1.dsc 9c44027acb40ff54c8b1c91008296b2b1d353434 8318 vino_2.28.2-0ubuntu2.1.diff.gz Checksums-Sha256: 619cd7b1513be21f36c4d130b752f8cf47d46fe6ace907677de4f1631d9dc23b 2565 vino_2.28.2-0ubuntu2.1.dsc 57e895b6aeddae6b60f3dd08ad4408b03de5548bc150610df4721b4353b03c5e 8318 vino_2.28.2-0ubuntu2.1.diff.gz Files: 335d888031ce5ca6f394ebfe47832c9b 2565 gnome optional vino_2.28.2-0ubuntu2.1.dsc 95bb46195b2b2f3779261a1dd1c0609e 8318 gnome optional vino_2.28.2-0ubuntu2.1.diff.gz Original-Maintainer: Jordi Mallach jo...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.8_amd64_translations.tar.gz, php5_5.3.2-1ubuntu4.8_i386_translations.tar.gz, php5_5.3.2-1ubuntu4.8_powerpc_translations.tar.gz, php5_5.3.2-1ubuntu4.8_armel_
php5 (5.3.2-1ubuntu4.8) lucid-security; urgency=low * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files. - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 * SECURITY UPDATE: symlink tmp races in pear install - debian/patches/php5-pear-CVE-2011-1072.patch: improved tempfile handling. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1072 * SECURITY UPDATE: more symlink races in pear install - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save file handler. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1144 * SECURITY UPDATE: pathname restriction bypass vulnerability - debian/patches/php5-CVE-2006-7243.patch: check for passed filenames containing NULL bytes. - CVE-2006-7243 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2010-4697.patch: retain reference to object until getter/setter are done. - CVE-2010-4697 * SECURITY UPDATE: denial of service through application crash with invalid images - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing steps are either 4 or 16. - CVE-2010-4698 * SECURITY UPDATE: denial of service through application crash - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract() argument validation. - CVE-2011-0420 * SECURITY UPDATE: denial of service through application crash - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully when handling zero sized zipfile with the FL_UNCHANGED argument - CVE-2011-0421 * SECURITY UPDATE: denial of service through application crash when handling images with invalid exif tags - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking - CVE-2011-0708 * SECURITY UPDATE: denial of service and possible data disclosure through integer overflow - debian/patches/php5-CVE-2011-1092.patch: better boundary condition checks in shmop_read() - CVE-2011-1092 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2011-1148.patch: improve reference counting - CVE-2011-1148 * SECURITY UPDATE: format string vulnerability - debian/patches/php5-CVE-2011-1153.patch: correctly quote format strings - CVE-2011-1153 * SECURITY UPDATE: denial of service through buffer overflow crash (code execution mitigated by compilation with Fortify Source) - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision to ensure fitting within MAX_BUF_SIZE - CVE-2011-1464 * SECURITY UPDATE: denial of service through application crash via integer overflow. - debian/patches/php5-CVE-2011-1466.patch: improve boundary condition checking in SdnToJulian() - CVE-2011-1466 * SECURITY UPDATE: denial of service through application crash - debian/patches/php5-CVE-2011-1467.patch: check for invalid attribute symbols in NumberFormatter::setSymbol() - CVE-2011-1467 * SECURITY UPDATE: denial of service through memory leak - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of openssl contexts - CVE-2011-1468 * SECURITY UPDATE: denial of service through application crash when using HTTP proxy with the FTP wrapper - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling - CVE-2011-1469 * SECURITY UPDATE: denial of service through application crash when handling ziparchive streams - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of the meta data structure - CVE-2011-1470 * SECURITY UPDATE: denial of service through application crash when handling malformed zip files - debian/patches/php5-CVE-2011-1471.patch: correct integer signedness error when handling zip_fread() return value. - CVE-2011-1471 Date: Thu, 21 Apr 2011 11:07:40 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.8 Format: 1.8 Date: Thu, 21 Apr 2011 11:07:40 -0700 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.2-1ubuntu4.8 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter -
[ubuntu/lucid-security] rsync, rsync (delayed) 3.0.7-1ubuntu1.1 (Accepted)
rsync (3.0.7-1ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible arbitrary code execution via malformed data - debian/patches/security-CVE-2011-1097.diff: introduce and use FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*. - CVE-2011-1097 Date: Fri, 08 Apr 2011 10:06:25 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/rsync/3.0.7-1ubuntu1.1 Format: 1.8 Date: Fri, 08 Apr 2011 10:06:25 -0400 Source: rsync Binary: rsync Architecture: source Version: 3.0.7-1ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: rsync - fast remote file copy program (like rcp) Changes: rsync (3.0.7-1ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible arbitrary code execution via malformed data - debian/patches/security-CVE-2011-1097.diff: introduce and use FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*. - CVE-2011-1097 Checksums-Sha1: bde837a7e1618c4a11f64dd15faa6fb8d0f6303a 1704 rsync_3.0.7-1ubuntu1.1.dsc b8930b1d1219d16826c969e840dc0f59bde5c6c0 22550 rsync_3.0.7-1ubuntu1.1.diff.gz Checksums-Sha256: f4e528082938e9d93c74cac4c3491567966aaf63fc06dba614d6f1ea18cb97a0 1704 rsync_3.0.7-1ubuntu1.1.dsc 24bd918d148942d7a1d5d72a7f7df10f2cd35b5ab12ae15d9d3b0d5ddd6f38d5 22550 rsync_3.0.7-1ubuntu1.1.diff.gz Files: bf215ad7353d92bc39fa5c9761cb6a05 1704 net optional rsync_3.0.7-1ubuntu1.1.dsc f2d31cce58febafb914fbea7d2d4ae4c 22550 net optional rsync_3.0.7-1ubuntu1.1.diff.gz Original-Maintainer: Paul Slootman p...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] pcsc-lite (delayed), pcsc-lite 1.5.3-1ubuntu4.2 (Accepted)
pcsc-lite (1.5.3-1ubuntu4.2) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via long attribute value - src/atrhandler.c: verify against maximum attribute size. - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html - CVE-2010-4531 Date: Thu, 14 Apr 2011 09:38:09 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/pcsc-lite/1.5.3-1ubuntu4.2 Format: 1.8 Date: Thu, 14 Apr 2011 09:38:09 -0400 Source: pcsc-lite Binary: pcscd libpcsclite-dev libpcsclite1 Architecture: source Version: 1.5.3-1ubuntu4.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libpcsclite-dev - Middleware to access a smart card using PC/SC (development files) libpcsclite1 - Middleware to access a smart card using PC/SC (library) pcscd - Middleware to access a smart card using PC/SC (daemon side) Changes: pcsc-lite (1.5.3-1ubuntu4.2) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via long attribute value - src/atrhandler.c: verify against maximum attribute size. - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html - CVE-2010-4531 Checksums-Sha1: bde53dc76b93ed0eb2e5b3cf51cf3ddc17a7f90a 1987 pcsc-lite_1.5.3-1ubuntu4.2.dsc ecae06ea13b9942ac686ee30b149d7307c67831a 15079 pcsc-lite_1.5.3-1ubuntu4.2.diff.gz Checksums-Sha256: 5981080688d93bf5dfa6a6440454717a29d6fbf3620d5ba8d8161251bc73fe30 1987 pcsc-lite_1.5.3-1ubuntu4.2.dsc bd6c133a4116ceb84b4cc768cf01de25ab16b519457692ce80158ebe0ed2c7f2 15079 pcsc-lite_1.5.3-1ubuntu4.2.diff.gz Files: a443f723d64a9fb92e9733f258a5fa61 1987 misc extra pcsc-lite_1.5.3-1ubuntu4.2.dsc b26cd58914a67d2228dc466f3be8ac00 15079 misc extra pcsc-lite_1.5.3-1ubuntu4.2.diff.gz Original-Maintainer: Ludovic Rousseau rouss...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.7 (Accepted)
tiff (3.9.2-2ubuntu0.7) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via malformed JPEG - debian/patches/CVE-2009-5022.patch: check width in libtiff/tif_ojpeg.c. - CVE-2009-5022 Date: Wed, 20 Apr 2011 13:06:34 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.7 Format: 1.8 Date: Wed, 20 Apr 2011 13:06:34 -0400 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.9.2-2ubuntu0.7 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.9.2-2ubuntu0.7) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via malformed JPEG - debian/patches/CVE-2009-5022.patch: check width in libtiff/tif_ojpeg.c. - CVE-2009-5022 Checksums-Sha1: 33e6cf994973f556107a217cc0bf1c4e15e5a3ed 1936 tiff_3.9.2-2ubuntu0.7.dsc 704d4c5b587732e18834bc86a717236230f42e1b 21208 tiff_3.9.2-2ubuntu0.7.diff.gz Checksums-Sha256: 6b33ca70175d73ddeadfce6283e04faf41360c0907ae57f6c365f127d8052400 1936 tiff_3.9.2-2ubuntu0.7.dsc bd0e8f0d8e17182dc502e64a1b5d7e17535b29f077388e40ac9c32b908b7060e 21208 tiff_3.9.2-2ubuntu0.7.diff.gz Files: 87e7d8d4296732463e62d48ff2e17d64 1936 libs optional tiff_3.9.2-2ubuntu0.7.dsc 8fdb23dc4384a427139bbc5b8750b091 21208 libs optional tiff_3.9.2-2ubuntu0.7.diff.gz Original-Maintainer: Jay Berkenbilt q...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openslp-dfsg_1.2.1-7.6ubuntu0.1_i386_translations.tar.gz, openslp-dfsg_1.2.1-7.6ubuntu0.1_sparc_translations.tar.gz (delayed), openslp-dfsg_1.2.1-7.6ubuntu0.1_armel_translation
openslp-dfsg (1.2.1-7.6ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service via circular reference - debian/patches/CVE-2010-3609.patch: detect circular reference in common/slp_message.c. Patch thanks to SUSE. - CVE-2010-3609 * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in debian/patches actually get applied. * debian/patches/series: disable 01_have_net_if_arp.diff and 99_autoreconf.diff since they had never been applied. Date: Tue, 05 Apr 2011 14:57:51 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/openslp-dfsg/1.2.1-7.6ubuntu0.1 Format: 1.8 Date: Tue, 05 Apr 2011 14:57:51 -0400 Source: openslp-dfsg Binary: slpd openslp-doc libslp1 slptool libslp-dev Architecture: source Version: 1.2.1-7.6ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libslp-dev - OpenSLP development libraries libslp1- OpenSLP libraries openslp-doc - OpenSLP documentation slpd - OpenSLP Server (slpd) slptool- SLP command line tool Changes: openslp-dfsg (1.2.1-7.6ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via circular reference - debian/patches/CVE-2010-3609.patch: detect circular reference in common/slp_message.c. Patch thanks to SUSE. - CVE-2010-3609 * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in debian/patches actually get applied. * debian/patches/series: disable 01_have_net_if_arp.diff and 99_autoreconf.diff since they had never been applied. Checksums-Sha1: 9fc995b5e6fe074a0bfc9309fdc5885958d137ee 1870 openslp-dfsg_1.2.1-7.6ubuntu0.1.dsc df198bf861e665900e6a20a0628b32cdbbd0c25c 444768 openslp-dfsg_1.2.1-7.6ubuntu0.1.diff.gz Checksums-Sha256: 5dd544cc9601c39605750a7a8453c7e4247f3fcde2a1c73b409b4af6e6f2239e 1870 openslp-dfsg_1.2.1-7.6ubuntu0.1.dsc a2745714a9033d38a65ab3d54e8699832dc17766b022425376bec8d6dd7f3f85 444768 openslp-dfsg_1.2.1-7.6ubuntu0.1.diff.gz Files: 095adf798156726fa5a64322296f9995 1870 net extra openslp-dfsg_1.2.1-7.6ubuntu0.1.dsc f3285507058b445ef8f03628ccc0b34c 444768 net extra openslp-dfsg_1.2.1-7.6ubuntu0.1.diff.gz Original-Maintainer: Ganesan Rajagopal rgane...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] dhcp3_3.1.3-2ubuntu3.2_ia64_translations.tar.gz, dhcp3, dhcp3_3.1.3-2ubuntu3.2_armel_translations.tar.gz, dhcp3_3.1.3-2ubuntu3.2_sparc_translations.tar.gz (delayed), dhcp3_3.1.
dhcp3 (3.1.3-2ubuntu3.2) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted hostname - Patch for CVE-2011-0997 was getting reverted during the build because of special quilt handling in debian/rules for the ldap patches. - debian/patches/00list: move CVE-2011-0997 patch before the ldap patches, and add comment. - CVE-2011-0997 Date: Tue, 19 Apr 2011 09:10:55 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dhcp3/3.1.3-2ubuntu3.2 Format: 1.8 Date: Tue, 19 Apr 2011 09:10:55 -0400 Source: dhcp3 Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay Architecture: source Version: 3.1.3-2ubuntu3.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: dhcp-client - DHCP client transitional package dhcp3-client - DHCP client dhcp3-client-udeb - DHCP Client for debian-installer (udeb) dhcp3-common - common files used by all the dhcp3* packages dhcp3-dev - API for accessing and modifying the DHCP server and client state dhcp3-relay - DHCP relay daemon dhcp3-server - DHCP server for automatic IP address assignment dhcp3-server-ldap - DHCP server able to use LDAP as backend Changes: dhcp3 (3.1.3-2ubuntu3.2) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted hostname - Patch for CVE-2011-0997 was getting reverted during the build because of special quilt handling in debian/rules for the ldap patches. - debian/patches/00list: move CVE-2011-0997 patch before the ldap patches, and add comment. - CVE-2011-0997 Checksums-Sha1: a2d336a0fc6a556416df1eb196a0641306f02785 1950 dhcp3_3.1.3-2ubuntu3.2.dsc 792396a675a53e5bb724c6eb2653a363368ccf83 145184 dhcp3_3.1.3-2ubuntu3.2.diff.gz Checksums-Sha256: 73491feed384e541a25a903cda8b59c1d31a45dc94c8ffab6ecda162e2056df3 1950 dhcp3_3.1.3-2ubuntu3.2.dsc 329b85c3fc79a508f2039d11fc513f46d9b423825e17a76674d8a0dd0ad440c6 145184 dhcp3_3.1.3-2ubuntu3.2.diff.gz Files: 0dabda28e70a4531ca305a9966f7c23d 1950 net important dhcp3_3.1.3-2ubuntu3.2.dsc d5f2dbb6a79ebe4990b72530940b3cba 145184 net important dhcp3_3.1.3-2ubuntu3.2.diff.gz Original-Maintainer: Andrew Pollock apoll...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] ia32-libs (delayed), ia32-libs 2.7ubuntu26.1 (Accepted)
ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low * SECURITY UPDATE: Refresh packages to pull in security fixes, including: - lcms buffer overflow, CVE-2009-0793 (LP: #700198) - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245, and CVE-2010-2939 - libpango1.0: multiple DoS, possible code execution issues: CVE-2010-0421, CVE-2011-0020, CVE-2011-0064 - nss: many issues Date: Tue, 12 Apr 2011 11:26:47 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/ia32-libs/2.7ubuntu26.1 Format: 1.8 Date: Tue, 12 Apr 2011 11:26:47 -0700 Source: ia32-libs Binary: ia32-libs ia32-libs-dev lib32gcc1 Architecture: source Version: 2.7ubuntu26.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: ia32-libs - ia32 shared libraries for use on amd64 and ia64 systems ia32-libs-dev - ia32 development libraries and headers for use on ia32/ia64 syste lib32gcc1 - GCC support library (ia32) Launchpad-Bugs-Fixed: 700198 Changes: ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low . * SECURITY UPDATE: Refresh packages to pull in security fixes, including: - lcms buffer overflow, CVE-2009-0793 (LP: #700198) - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245, and CVE-2010-2939 - libpango1.0: multiple DoS, possible code execution issues: CVE-2010-0421, CVE-2011-0020, CVE-2011-0064 - nss: many issues Checksums-Sha1: 256d21788bd02244b6f38fd9af7ffc64239225a3 1711 ia32-libs_2.7ubuntu26.1.dsc 295e994e0d8ac446f9f79a89c71008dced4f3f79 694968028 ia32-libs_2.7ubuntu26.1.tar.gz Checksums-Sha256: 7ceb580b9014ad7e0f55aadc2b09a430d539148b333649c9fa18078cb30d9872 1711 ia32-libs_2.7ubuntu26.1.dsc 5dce1dd5dc5f9bc5e153a8492f0fca52c662db5431a39f3ba15acc076fd7689f 694968028 ia32-libs_2.7ubuntu26.1.tar.gz Files: 4a186746feaedf730afe7643624a7397 1711 libs extra ia32-libs_2.7ubuntu26.1.dsc 9885e6db4257b9cd8aa9381ae14f484f 694968028 libs extra ia32-libs_2.7ubuntu26.1.tar.gz Original-Maintainer: Debian ia32-libs Team pkg-ia32-libs-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] krb5, krb5_1.8.1+dfsg-2ubuntu0.9_armel_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.9_sparc_translations.tar.gz (delayed), krb5_1.8.1+dfsg-2ubuntu0.9_amd64_translations.tar.gz
krb5 (1.8.1+dfsg-2ubuntu0.9) lucid-security; urgency=low * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 Date: Mon, 18 Apr 2011 15:40:24 -0700 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.9 Format: 1.8 Date: Mon, 18 Apr 2011 15:40:24 -0700 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.8.1+dfsg-2ubuntu0.9 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.8.1+dfsg-2ubuntu0.9) lucid-security; urgency=low . * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 Checksums-Sha1: 86a498e5e5ea168b540e338fb070c7519c40b1b7 2361 krb5_1.8.1+dfsg-2ubuntu0.9.dsc 9a5da0d5cd4bdc58f671bb430617b05765a570d6 132403 krb5_1.8.1+dfsg-2ubuntu0.9.diff.gz Checksums-Sha256: 73e2fae593b0f08c7f6495fbbc76daacae90a52125cd1fd864e8f1686ad15e63 2361 krb5_1.8.1+dfsg-2ubuntu0.9.dsc 0e200b839b6e9c98fb357cdcfe1a86d8f70339916aac7ed6af7daf011c473aa5 132403 krb5_1.8.1+dfsg-2ubuntu0.9.diff.gz Files: 16911c18fd06058429724ad79319e9a3 2361 net standard krb5_1.8.1+dfsg-2ubuntu0.9.dsc 4750d8704de8df226b7c60c96a9ad5e7 132403 net standard krb5_1.8.1+dfsg-2ubuntu0.9.diff.gz Original-Maintainer: Sam Hartman hartm...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] policykit-1_0.96-2ubuntu0.1_powerpc_translations.tar.gz, policykit-1_0.96-2ubuntu0.1_ia64_translations.tar.gz, policykit-1_0.96-2ubuntu0.1_sparc_translations.tar.gz (delayed),
policykit-1 (0.96-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: avoid /proc race conditions when checking privileges for pkexec. - 10_fix_proc_race.patch - CVE-2011-1485 Date: Tue, 19 Apr 2011 12:38:05 -0700 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/policykit-1/0.96-2ubuntu0.1 Format: 1.8 Date: Tue, 19 Apr 2011 12:38:05 -0700 Source: policykit-1 Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev Architecture: source Version: 0.96-2ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-backend-1-0 - PolicyKit backend API libpolkit-backend-1-dev - PolicyKit backend API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files policykit-1 - framework for managing administrative policies and privileges policykit-1-doc - documentation for PolicyKit-1 Changes: policykit-1 (0.96-2ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: avoid /proc race conditions when checking privileges for pkexec. - 10_fix_proc_race.patch - CVE-2011-1485 Checksums-Sha1: 85c8dab6b2f0c0869c56a4505eb6556f0021c07a 2446 policykit-1_0.96-2ubuntu0.1.dsc f4cb203d6f2df86421d14a99fb793941d9cf2a1f 15245 policykit-1_0.96-2ubuntu0.1.diff.gz Checksums-Sha256: 53c1c59da84cd19269c0430e4d0066443a30fa6507d76f57014abc25d3044074 2446 policykit-1_0.96-2ubuntu0.1.dsc 21335943e97cd75aaabf7a2d0e0eb1069d426b059d85c5bf4d76e7c75af67966 15245 policykit-1_0.96-2ubuntu0.1.diff.gz Files: ecd691dc2a5bd0dde3cb5acc5d7ac7f1 2446 admin optional policykit-1_0.96-2ubuntu0.1.dsc 1c51b8d078f97a69478096955c82415e 15245 admin optional policykit-1_0.96-2ubuntu0.1.diff.gz Original-Maintainer: Utopia Maintenance Team pkg-utopia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] postfix_2.7.0-1ubuntu0.1_sparc_translations.tar.gz (delayed), postfix, postfix_2.7.0-1ubuntu0.1_amd64_translations.tar.gz, postfix_2.7.0-1ubuntu0.1_i386_translations.tar.gz, po
postfix (2.7.0-1ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: man-in-the-middle via plaintext command injection - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the stream buffer so there is no pending plaintext. - Origin: backported from postfix-2.7-patch03.gz - CVE-2011-0411 Date: Fri, 15 Apr 2011 10:21:59 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/postfix/2.7.0-1ubuntu0.1 Format: 1.8 Date: Fri, 15 Apr 2011 10:21:59 -0400 Source: postfix Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql postfix-pgsql postfix-dev postfix-doc Architecture: source Version: 2.7.0-1ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: postfix- High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-dev - Loadable modules development environment for Postfix postfix-doc - Documentation for Postfix postfix-ldap - LDAP map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix Changes: postfix (2.7.0-1ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: man-in-the-middle via plaintext command injection - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the stream buffer so there is no pending plaintext. - Origin: backported from postfix-2.7-patch03.gz - CVE-2011-0411 Checksums-Sha1: 2ee0c321c7b52476bf81e5b27de5f7332727c1df 2192 postfix_2.7.0-1ubuntu0.1.dsc a2f91d27fd95350d0ff7c92478179e0cebddebcc 218893 postfix_2.7.0-1ubuntu0.1.diff.gz Checksums-Sha256: 64df262373e36e849cd6f1f6e826fd04946a693abfe8d3a907ce09e7e5d4fddf 2192 postfix_2.7.0-1ubuntu0.1.dsc 051f20a7148a863961db88a89b1d6510cd9692a57d887cceec10d47b28050ee2 218893 postfix_2.7.0-1ubuntu0.1.diff.gz Files: a450b0f0491f396116591bf0f6761926 2192 mail extra postfix_2.7.0-1ubuntu0.1.dsc e819328774b3de78c268bd2bd8a16f22 218893 mail extra postfix_2.7.0-1ubuntu0.1.diff.gz Original-Maintainer: LaMont Jones lam...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] kdepimlibs_4.4.5-0ubuntu1.1_powerpc_translations.tar.gz, kdepimlibs_4.4.5-0ubuntu1.1_amd64_translations.tar.gz, kdepimlibs_4.4.5-0ubuntu1.1_sparc_translations.tar.gz (delayed),
kdepimlibs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low * no change rebuild for kdenetwork security update Date: Fri, 15 Apr 2011 09:21:38 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/kdepimlibs/4:4.4.5-0ubuntu1.1 Format: 1.8 Date: Fri, 15 Apr 2011 09:21:38 -0500 Source: kdepimlibs Binary: kdepimlibs5 kdepimlibs-data kdepimlibs5-dev kdepimlibs-dbg Architecture: source Version: 4:4.4.5-0ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: kdepimlibs-data - core shared data for KDE PIM 4 applications kdepimlibs-dbg - debugging symbols for the KDE 4 PIM libraries kdepimlibs5 - core libraries for KDE PIM 4 applications kdepimlibs5-dev - development files for the KDE 4 PIM libraries Changes: kdepimlibs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low . * no change rebuild for kdenetwork security update Checksums-Sha1: 397c85cace5f14121eb263687cda1565c67c00ff 2479 kdepimlibs_4.4.5-0ubuntu1.1.dsc f5babef87a6c29cb33325db418d478843263bf64 28263 kdepimlibs_4.4.5-0ubuntu1.1.diff.gz Checksums-Sha256: f1bd47adc985fc3e5868a32a728a8301d354c2a6be8a68d89aa11a7844bf54d8 2479 kdepimlibs_4.4.5-0ubuntu1.1.dsc fb49dc42b5b3f1a883ceaf5b4ef9a1658a4b90b15ec2bc0e8f037eddfe1c1ee6 28263 kdepimlibs_4.4.5-0ubuntu1.1.diff.gz Files: ec22efd8cf909101f4fc710834650ad9 2479 libs optional kdepimlibs_4.4.5-0ubuntu1.1.dsc 20094a94db4bfc7083ca1b09aac5428b 28263 libs optional kdepimlibs_4.4.5-0ubuntu1.1.diff.gz Original-Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] kdenetwork_4.4.5-0ubuntu1.1_sparc_translations.tar.gz (delayed), kdenetwork_4.4.5-0ubuntu1.1_armel_translations.tar.gz, kdenetwork_4.4.5-0ubuntu1.1_i386_translations.tar.gz, kd
kdenetwork (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: file name directory traversal attack (LP: #757526) - Add debian/patches/kubuntu_06_kget_metalinker.diff: check if the filename is well formed, without traversal opportunities - CVE-2011- (an incomplete fix for CVE-2010-1000) Date: Wed, 13 Apr 2011 20:03:50 +0200 Changed-By: Romain Perier romain.per...@gmail.com Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/kdenetwork/4:4.4.5-0ubuntu1.1 Format: 1.8 Date: Wed, 13 Apr 2011 20:03:50 +0200 Source: kdenetwork Binary: kdenetwork kdenetwork-filesharing kget libkopete4 kopete libkopete-dev kppp krdc krfb kdenetwork-dbg kde-zeroconf kopete-plugin-otr-kde4 Architecture: source Version: 4:4.4.5-0ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com Changed-By: Romain Perier romain.per...@gmail.com Description: kde-zeroconf - zeroconf plugins and kio slaves for KDE 4 kdenetwork - networking applications from the official KDE 4 release kdenetwork-dbg - debugging symbols for the KDE 4 networking module kdenetwork-filesharing - network filesharing configuration module for KDE 4 kget - download manager for KDE 4 kopete - instant messenger for KDE 4 kopete-plugin-otr-kde4 - Transitional package kppp - modem dialer for KDE 4 krdc - Remote Desktop Connection client for KDE 4 krfb - Desktop Sharing for KDE 4 libkopete-dev - development files for the KDE 4 networking module libkopete4 - main Kopete library Launchpad-Bugs-Fixed: 757526 Changes: kdenetwork (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: file name directory traversal attack (LP: #757526) - Add debian/patches/kubuntu_06_kget_metalinker.diff: check if the filename is well formed, without traversal opportunities - CVE-2011- (an incomplete fix for CVE-2010-1000) Checksums-Sha1: daf7659c250aee2a4db102eb2390a37c9fbf3f0f 2973 kdenetwork_4.4.5-0ubuntu1.1.dsc cba4f888f794f21361499fdb177fa0cee2178461 45508 kdenetwork_4.4.5-0ubuntu1.1.diff.gz Checksums-Sha256: 18a5571d7c68ce7a398bfd4e1eaddae67a608f51ae0606f7905472db3f3737b6 2973 kdenetwork_4.4.5-0ubuntu1.1.dsc cff07f76f05288ed6336fd89716bb40c80b7e3a76c1a56ec58506caa59b4d68f 45508 kdenetwork_4.4.5-0ubuntu1.1.diff.gz Files: 2a8829e9c2630cfb82e1ef1ff8e5e98c 2973 kde optional kdenetwork_4.4.5-0ubuntu1.1.dsc 4a0ee34757f54670c79e8997b6a629cb 45508 kde optional kdenetwork_4.4.5-0ubuntu1.1.diff.gz Original-Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1_i386_translations.tar.gz (delayed) 1
flashplugin-nonfree (10.2.159.1ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: New upstream release 10.2.159.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0611 Date: Sat, 16 Apr 2011 07:37:05 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.2.159.1ubuntu0.10.04.1 Format: 1.8 Date: Sat, 16 Apr 2011 07:37:05 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.2.159.1ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.2.159.1ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: New upstream release 10.2.159.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0611 Checksums-Sha1: 9b00452ede2af959973782f1b5d72e23bd2e8550 1635 flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.dsc d399316bc27cfbe937958ecdb790b19138c5be34 27034 flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.tar.gz Checksums-Sha256: cc0ecdd7b0972379364b0fc446a6466b25725a9b0681fc1f2e234ae49e0f34ad 1635 flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.dsc 7b586b646b78048164cc49e7accf761bdc30961d18d931704e3c216d77f03c65 27034 flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.tar.gz Files: 2d6f72a0b737de2dc314f76d3cbd20f8 1635 contrib/web optional flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.dsc e60c70b6ffd90fa437f8d9702c6190c1 27034 contrib/web optional flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.tar.gz Original-Maintainer: Bart Martens ba...@knars.be -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] vlc, vlc_1.0.6-1ubuntu1.6_i386_translations.tar.gz, vlc_1.0.6-1ubuntu1.6_sparc_translations.tar.gz (delayed), vlc_1.0.6-1ubuntu1.6_ia64_translations.tar.gz, vlc_1.0.6-1ubuntu1.
vlc (1.0.6-1ubuntu1.6) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted width - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in src/video_output/video_output.c. - CVE-2010-3275 - CVE-2010-3276 * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368) - debian/patches/CVE-2011-1684.patch: fix buffer overflow in modules/demux/mp4/libmp4.c. - CVE-2011-1684 Date: Wed, 13 Apr 2011 23:27:23 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.6 Format: 1.8 Date: Wed, 13 Apr 2011 23:27:23 -0400 Source: vlc Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data Architecture: source Version: 1.0.6-1ubuntu1.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libvlc-dev - development files for libvlc libvlc2- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore2 - base library for VLC and its modules mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC Launchpad-Bugs-Fixed: 756368 Changes: vlc (1.0.6-1ubuntu1.6) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted width - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in src/video_output/video_output.c. - CVE-2010-3275 - CVE-2010-3276 * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368) - debian/patches/CVE-2011-1684.patch: fix buffer overflow in modules/demux/mp4/libmp4.c. - CVE-2011-1684 Checksums-Sha1: 72e1878cb4e756c7f148dcd07ed04424538f6275 4008 vlc_1.0.6-1ubuntu1.6.dsc 7ad2cc55a4958e1f79e558041ee7749ac60c99fe 75928 vlc_1.0.6-1ubuntu1.6.diff.gz Checksums-Sha256: f71d9194494d83052976cc07e54933af56d79db8ef82a3e159c16423db061a6e 4008 vlc_1.0.6-1ubuntu1.6.dsc 6ad89ace4034080b3f2468a328a004a121ff601547059f303f27d7f39be5d66e 75928 vlc_1.0.6-1ubuntu1.6.diff.gz Files: 7212880abdbbd19b6fd58ac0ba6b85c6 4008 video optional vlc_1.0.6-1ubuntu1.6.dsc 28b143aa5072b5f98d9665ffca8af44c 75928 video optional vlc_1.0.6-1ubuntu1.6.diff.gz Original-Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] kde4libs_4.4.5-0ubuntu1.1_armel_translations.tar.gz, kde4libs, kde4libs_4.4.5-0ubuntu1.1_amd64_translations.tar.gz, kde4libs_4.4.5-0ubuntu1.1_i386_translations.tar.gz, kde4libs
kde4libs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low [ Felix Geyer ] * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages - debian/patches/security_02_CVE-2011-1168.diff: upstream patch - CVE-2011-1168 - LP: #743669 [ Jamie Strandboge ] * SECURITY UPDATE: fix certificate verification for certificates issued against an IP address - debian/patches/security_03_CVE-2011-1094.diff: based on upstream patch - CVE-2011-1094 Date: Mon, 11 Apr 2011 10:14:08 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/kde4libs/4:4.4.5-0ubuntu1.1 Format: 1.8 Date: Mon, 11 Apr 2011 10:14:08 -0500 Source: kde4libs Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs-bin libplasma3 kdelibs5-dbg Architecture: source Version: 4:4.4.5-0ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: kdelibs-bin - executables for all KDE 4 core applications kdelibs5 - core libraries for all KDE 4 applications kdelibs5-data - core shared data for all KDE 4 applications kdelibs5-dbg - debugging symbols for the KDE 4 libraries module kdelibs5-dev - development files for the KDE 4 core libraries libplasma3 - library for the KDE 4 Plasma desktop Launchpad-Bugs-Fixed: 743669 Changes: kde4libs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low . [ Felix Geyer ] * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages - debian/patches/security_02_CVE-2011-1168.diff: upstream patch - CVE-2011-1168 - LP: #743669 . [ Jamie Strandboge ] * SECURITY UPDATE: fix certificate verification for certificates issued against an IP address - debian/patches/security_03_CVE-2011-1094.diff: based on upstream patch - CVE-2011-1094 Checksums-Sha1: eae5215c786f3a27121fcf5b47c935b27308001b 3142 kde4libs_4.4.5-0ubuntu1.1.dsc 2364157ba1e953a541d92106a0a6e2960ffa7f82 107621 kde4libs_4.4.5-0ubuntu1.1.diff.gz Checksums-Sha256: d7a06b7a6d12837dbdf8c0a79bb93a4a3314b9400262ee63a60e9ceadc7ada96 3142 kde4libs_4.4.5-0ubuntu1.1.dsc e2d811e7f7838ad90a2708164b35c7471ff13a7582d7899bd23b2cff20c3d7ff 107621 kde4libs_4.4.5-0ubuntu1.1.diff.gz Files: 41fe3f44d4c194fbb16f783cb41a796b 3142 libs optional kde4libs_4.4.5-0ubuntu1.1.dsc 4fe005b14eac9ea6b663c963b1297822 107621 libs optional kde4libs_4.4.5-0ubuntu1.1.diff.gz Original-Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] dhcp3_3.1.3-2ubuntu3.1_amd64_translations.tar.gz, dhcp3, dhcp3_3.1.3-2ubuntu3.1_sparc_translations.tar.gz (delayed), dhcp3_3.1.3-2ubuntu3.1_i386_translations.tar.gz, dhcp3_3.1.
dhcp3 (3.1.3-2ubuntu3.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted hostname - debian/patches/CVE-2011-0997.dpatch: filter strings in client/dhclient.c, common/options.c. - CVE-2011-0997 Date: Mon, 11 Apr 2011 08:57:21 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dhcp3/3.1.3-2ubuntu3.1 Format: 1.8 Date: Mon, 11 Apr 2011 08:57:21 -0400 Source: dhcp3 Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay Architecture: source Version: 3.1.3-2ubuntu3.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: dhcp-client - DHCP client transitional package dhcp3-client - DHCP client dhcp3-client-udeb - DHCP Client for debian-installer (udeb) dhcp3-common - common files used by all the dhcp3* packages dhcp3-dev - API for accessing and modifying the DHCP server and client state dhcp3-relay - DHCP relay daemon dhcp3-server - DHCP server for automatic IP address assignment dhcp3-server-ldap - DHCP server able to use LDAP as backend Changes: dhcp3 (3.1.3-2ubuntu3.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted hostname - debian/patches/CVE-2011-0997.dpatch: filter strings in client/dhclient.c, common/options.c. - CVE-2011-0997 Checksums-Sha1: cdf92c0cd7c6917c3ffaa25d7e68798154118576 1950 dhcp3_3.1.3-2ubuntu3.1.dsc 00d763d73666a155eab46d8ff9920e9ac4c82a0b 145049 dhcp3_3.1.3-2ubuntu3.1.diff.gz Checksums-Sha256: 080f586996772ee185f75217ece09b140aad291a043656535a4b0f58b51355e6 1950 dhcp3_3.1.3-2ubuntu3.1.dsc 0be0e78fa03416c95967cea6d2a954074f31f59a0e4cea98ca284638c0768446 145049 dhcp3_3.1.3-2ubuntu3.1.diff.gz Files: 6fc0ed0a5f2f2897b25cb127fdf599bb 1950 net important dhcp3_3.1.3-2ubuntu3.1.dsc 762c8d99c1e8e1245830ff0cfc9c22cf 145049 net important dhcp3_3.1.3-2ubuntu3.1.diff.gz Original-Maintainer: Andrew Pollock apoll...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] mahara_1.2.4-1ubuntu0.2_i386_translations.tar.gz (delayed), mahara 1.2.4-1ubuntu0.2 (Accepted)
mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: cross-site scripting vulnerability - debian/patches/CVE-2011-0439.dpatch: upstream patch - CVE-2011-0439 - LP: #676336 * SECURITY UPDATE: possible cross-site request forgery (deleting blogs) - debian/patches/CVE-2011-0440.dpatch: upstream patch - CVE-2011-0440 Date: Fri, 18 Mar 2011 15:51:03 +1300 Changed-By: Francois Marier franc...@debian.org Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/mahara/1.2.4-1ubuntu0.2 Format: 1.8 Date: Fri, 18 Mar 2011 15:51:03 +1300 Source: mahara Binary: mahara mahara-apache2 Architecture: source Version: 1.2.4-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Francois Marier franc...@debian.org Description: mahara - Electronic portfolio, weblog, and resume builder mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config Launchpad-Bugs-Fixed: 676336 Changes: mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: cross-site scripting vulnerability - debian/patches/CVE-2011-0439.dpatch: upstream patch - CVE-2011-0439 - LP: #676336 . * SECURITY UPDATE: possible cross-site request forgery (deleting blogs) - debian/patches/CVE-2011-0440.dpatch: upstream patch - CVE-2011-0440 Checksums-Sha1: 824afc4208f6b2961d80214757743ebc25824d2f 2021 mahara_1.2.4-1ubuntu0.2.dsc 8c02050fb9d4dbee861a07ebcba23919245b229b 29743 mahara_1.2.4-1ubuntu0.2.debian.tar.gz Checksums-Sha256: 35f7f033e312619553254796310a6d51acb54844659690b593c6d921ad09971b 2021 mahara_1.2.4-1ubuntu0.2.dsc c974c614cd015784dd9cb7edfff550320cd4034134f8a8e7c7bc7a6b7e673099 29743 mahara_1.2.4-1ubuntu0.2.debian.tar.gz Files: 25cfec6958e77ae6bac0aba3965bd9e6 2021 web optional mahara_1.2.4-1ubuntu0.2.dsc 64e885cabfe3511a4146b7b27711662f 29743 web optional mahara_1.2.4-1ubuntu0.2.debian.tar.gz Original-Maintainer: Mahara Packaging Team mahara-packag...@lists.launchpad.net -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] ffmpeg-extra, ffmpeg-extra (delayed) 4:0.5.1-1ubuntu1.1 (Accepted)
ffmpeg-extra (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 Date: Wed, 06 Apr 2011 08:38:14 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/ffmpeg-extra/4:0.5.1-1ubuntu1.1 Format: 1.8 Date: Wed, 06 Apr 2011 08:38:14 -0400 Source: ffmpeg-extra Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0 Architecture: source Version: 4:0.5.1-1ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libavcodec-extra-52 - ffmpeg codec library libavcodec-unstripped-52 - ffmpeg utility library - transitional package libavdevice-extra-52 - ffmpeg device handling library libavdevice-unstripped-52 - ffmpeg utility library - transitional package libavfilter-extra-0 - ffmpeg video filtering library libavfilter-unstripped-0 - ffmpeg utility library - transitional package libavformat-extra-52 - ffmpeg file format library libavformat-unstripped-52 - ffmpeg utility library - transitional package libavutil-extra-49 - ffmpeg utility library libavutil-unstripped-49 - ffmpeg utility library - transitional package libpostproc-extra-51 - ffmpeg video postprocessing library libpostproc-unstripped-51 - ffmpeg utility library - transitional package libswscale-extra-0 - ffmpeg video scaling library libswscale-unstripped-0 - ffmpeg utility library - transitional package Launchpad-Bugs-Fixed: 690169 690169 690169 Changes: ffmpeg-extra (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 Checksums-Sha1: 1012038afa6ece0662a926e310715463ba9c32a7 3262 ffmpeg-extra_0.5.1-1ubuntu1.1.dsc 263155b413913b12e0b42d7259b73d6d4298af7e 65410 ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz Checksums-Sha256: 5193c782569762941cee9d03cf2a9fe4271a9cfced6dc7609e4440ed42cbdad9 3262 ffmpeg-extra_0.5.1-1ubuntu1.1.dsc 942c7d31a4e0fcd69a81141b399e349a013a5d16d4707c885222e0ef0736acc0 65410 ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz Files: 224b26d57c2b980ec0b0d379d7b64d70 3262 libs optional ffmpeg-extra_0.5.1-1ubuntu1.1.dsc 797721386d65ff2bce680b34a5b7ec30 65410 libs optional ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz Original-Maintainer: Debian multimedia packages maintainers
[ubuntu/lucid-security] x11-xserver-utils, x11-xserver-utils (delayed) 7.5+1ubuntu2.1 (Accepted)
x11-xserver-utils (7.5+1ubuntu2.1) lucid-security; urgency=low * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315) - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp case. - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 - CVE-2011-0465 Date: Wed, 06 Apr 2011 17:42:55 +0300 Changed-By: Timo Aaltonen tjaal...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/x11-xserver-utils/7.5+1ubuntu2.1 Format: 1.8 Date: Wed, 06 Apr 2011 17:42:55 +0300 Source: x11-xserver-utils Binary: x11-xserver-utils Architecture: source Version: 7.5+1ubuntu2.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Timo Aaltonen tjaal...@ubuntu.com Description: x11-xserver-utils - X server utilities Launchpad-Bugs-Fixed: 752315 Changes: x11-xserver-utils (7.5+1ubuntu2.1) lucid-security; urgency=low . * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315) - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp case. - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 - CVE-2011-0465 Checksums-Sha1: 5fc5ee2956add0cb83cd35831458959c81c79454 2053 x11-xserver-utils_7.5+1ubuntu2.1.dsc 2b89d9834d53641a1e4208f9739f21744d4a6852 2017972 x11-xserver-utils_7.5+1ubuntu2.1.tar.gz Checksums-Sha256: 4ea45deca62b49e8dfc5793e8bbc6d22712e04978060b92479b5a7535f6408ce 2053 x11-xserver-utils_7.5+1ubuntu2.1.dsc 44943230f05c5e2e5128b1d60f3da2646d1c6833018cd6817574adbf4479332d 2017972 x11-xserver-utils_7.5+1ubuntu2.1.tar.gz Files: af668fc46b52cbbb8fce94579db91662 2053 x11 optional x11-xserver-utils_7.5+1ubuntu2.1.dsc d68d1519793de89571ed5c78eae9dd1c 2017972 x11 optional x11-xserver-utils_7.5+1ubuntu2.1.tar.gz Original-Maintainer: Debian X Strike Force debia...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.6 (Accepted)
tiff (3.9.2-2ubuntu0.6) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted THUNDER_2BITDELTAS data - debian/patches/CVE-2011-1167.patch: validate bitspersample and make sure npixels is sane in libtiff/tif_thunder.c. - CVE-2011-1167 Date: Wed, 30 Mar 2011 13:04:49 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.6 Format: 1.8 Date: Wed, 30 Mar 2011 13:04:49 -0400 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.9.2-2ubuntu0.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.9.2-2ubuntu0.6) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted THUNDER_2BITDELTAS data - debian/patches/CVE-2011-1167.patch: validate bitspersample and make sure npixels is sane in libtiff/tif_thunder.c. - CVE-2011-1167 Checksums-Sha1: a6537e3a9dd0a7e92505a8c00ed286c256744ba0 1936 tiff_3.9.2-2ubuntu0.6.dsc 397332ae98194690dccc195bcdf182605b11dc00 20823 tiff_3.9.2-2ubuntu0.6.diff.gz Checksums-Sha256: f9031ae3bd2799f3a863fd623afcd81114a35ec4dcb29773e1aaae1279d4e5d0 1936 tiff_3.9.2-2ubuntu0.6.dsc 68fda2edeac3240db800b5ffd5a827cc4f849a1f4179ae72c4c7ddf1d67e 20823 tiff_3.9.2-2ubuntu0.6.diff.gz Files: 34fa3e9a9ff1508dd054357a60c9e208 1936 libs optional tiff_3.9.2-2ubuntu0.6.dsc 204dd7cc1cf0ba27ec36a461fa11cb0e 20823 libs optional tiff_3.9.2-2ubuntu0.6.diff.gz Original-Maintainer: Jay Berkenbilt q...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] ffmpeg (delayed), ffmpeg 4:0.5.1-1ubuntu1.1 (Accepted)
ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 Date: Thu, 31 Mar 2011 10:59:31 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/ffmpeg/4:0.5.1-1ubuntu1.1 Format: 1.8 Date: Thu, 31 Mar 2011 10:59:31 -0400 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: source Version: 4:0.5.1-1ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: ffmpeg - multimedia player, server and encoder ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API libavcodec-dev - development files for libavcodec libavcodec52 - ffmpeg codec library libavdevice-dev - development files for libavdevice libavdevice52 - ffmpeg device handling library libavfilter-dev - development files for libavfilter libavfilter0 - ffmpeg video filtering library libavformat-dev - development files for libavformat libavformat52 - ffmpeg file format library libavutil-dev - development files for libavutil libavutil49 - ffmpeg utility library libpostproc-dev - development files for libpostproc libpostproc51 - ffmpeg video postprocessing library libswscale-dev - development files for libswscale libswscale0 - ffmpeg video scaling library Launchpad-Bugs-Fixed: 690169 690169 690169 Changes: ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 Checksums-Sha1: 991015734d2355296ea1e379d355fac480e35956 2898 ffmpeg_0.5.1-1ubuntu1.1.dsc 76c8f9865760cb6b6060382abc430caf0a2878ec 64887 ffmpeg_0.5.1-1ubuntu1.1.diff.gz Checksums-Sha256: a84fcb8315e51400b6f77172f785c8fc9e714d73ddd4ec46801b5deea2da9fd9 2898 ffmpeg_0.5.1-1ubuntu1.1.dsc 9c18bfc4802de6d2f255cf837312fd2866dcdeb0d66029b1b5cf6ed65cfab4ab 64887 ffmpeg_0.5.1-1ubuntu1.1.diff.gz Files: 586f5b442d012f277d34b862200bd5b9 2898 libs optional ffmpeg_0.5.1-1ubuntu1.1.dsc 2cdc0301f57878e39ac4cb78594fd4e1 64887 libs optional ffmpeg_0.5.1-1ubuntu1.1.diff.gz Original-Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tex-common_2.06ubuntu0.1_i386_translations.tar.gz (delayed), tex-common 2.06ubuntu0.1 (Accepted)
tex-common (2.06ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted TeX document - conf/texmf.d/95NonPath.cnf: disable shell_escape completely as in Debian 2.08.1 version. - CVE-2011-1400 Date: Fri, 01 Apr 2011 10:11:00 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tex-common/2.06ubuntu0.1 Format: 1.8 Date: Fri, 01 Apr 2011 10:11:00 -0400 Source: tex-common Binary: tex-common Architecture: source Version: 2.06ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: tex-common - common infrastructure for building and installing TeX Changes: tex-common (2.06ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted TeX document - conf/texmf.d/95NonPath.cnf: disable shell_escape completely as in Debian 2.08.1 version. - CVE-2011-1400 Checksums-Sha1: bda52e64a4baee9905ee85213bac46d27138a709 1893 tex-common_2.06ubuntu0.1.dsc 4cca440ec1e4e2c545e4cdeb50f640517e1497ff 811096 tex-common_2.06ubuntu0.1.tar.gz Checksums-Sha256: a6229bbc49347a31f5a27e232611552b141e4e3e418fc0ef6ca5a751ec0fde84 1893 tex-common_2.06ubuntu0.1.dsc 0c5c51c1ea331e9f8dcd958fecc4bddcf3660c9b99bb22f91fdb2e443f525bd1 811096 tex-common_2.06ubuntu0.1.tar.gz Files: fa6f748f9666d6c32f4a14a6165bb431 1893 tex optional tex-common_2.06ubuntu0.1.dsc ca09fd481a53c8f90f82ab8b1ee6aaff 811096 tex optional tex-common_2.06ubuntu0.1.tar.gz Original-Maintainer: Debian TeX maintainers debian-tex-ma...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openldap_2.4.21-0ubuntu5.4_powerpc_translations.tar.gz, openldap_2.4.21-0ubuntu5.4_amd64_translations.tar.gz, openldap_2.4.21-0ubuntu5.4_sparc_translations.tar.gz (delayed), op
openldap (2.4.21-0ubuntu5.4) lucid-security; urgency=low * SECURITY UPDATE: fix successful anonymous bind via chain overlay when using forwarded authentication failures - debian/patches/CVE-2011-1024 - CVE-2011-1024 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb backend. Note: Ubuntu is not compiled with --enable-ndb by default - debian/patches/CVE-2011-1025 - CVE-2011-1025 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests and requestDN is empty - debian/patches/CVE-2011-1081 - CVE-2011-1081 Date: Wed, 16 Mar 2011 10:15:30 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/openldap/2.4.21-0ubuntu5.4 Format: 1.8 Date: Wed, 16 Mar 2011 10:15:30 -0500 Source: openldap Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source Version: 2.4.21-0ubuntu5.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) Changes: openldap (2.4.21-0ubuntu5.4) lucid-security; urgency=low . * SECURITY UPDATE: fix successful anonymous bind via chain overlay when using forwarded authentication failures - debian/patches/CVE-2011-1024 - CVE-2011-1024 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb backend. Note: Ubuntu is not compiled with --enable-ndb by default - debian/patches/CVE-2011-1025 - CVE-2011-1025 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests and requestDN is empty - debian/patches/CVE-2011-1081 - CVE-2011-1081 Checksums-Sha1: efebc4250ebb609f5abb2dfcaf20b2574d691f0a 2604 openldap_2.4.21-0ubuntu5.4.dsc 9074a56edf63e5dd1a775451291967719d6efdf2 153875 openldap_2.4.21-0ubuntu5.4.diff.gz Checksums-Sha256: 582ab80623c12e2a740b8efde84848796e39917cfd41fb89ceee13c7214fabaf 2604 openldap_2.4.21-0ubuntu5.4.dsc 123147004720aba35f9cbc78f4935a79d8b2da7d6cc3cf49f37f5ea941af0920 153875 openldap_2.4.21-0ubuntu5.4.diff.gz Files: aa8c045f1e85f4dbfa69de84707f29eb 2604 net optional openldap_2.4.21-0ubuntu5.4.dsc 3597ced7de4989ba2b7d79dc9be4eab3 153875 net optional openldap_2.4.21-0ubuntu5.4.diff.gz Original-Maintainer: Debian OpenLDAP Maintainers pkg-openldap-de...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] gdm_2.30.2.is.2.30.0-0ubuntu5.1_amd64_translations.tar.gz, gdm_2.30.2.is.2.30.0-0ubuntu5.1_ia64_translations.tar.gz, gdm_2.30.2.is.2.30.0-0ubuntu5.1_powerpc_translations.tar.gz
gdm (2.30.2.is.2.30.0-0ubuntu5.1) lucid-security; urgency=low * SECURITY UPDATE: race condition allowing privilege escalation - debian/patches/34_CVE-2011-0727.patch: fix daemon/gdm-session-worker.c to copy files as session user rather than root followed by a subsequent chown. - CVE-2011-0727 Date: Mon, 28 Mar 2011 16:24:02 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Sebastien Bacher seb...@ubuntu.com https://launchpad.net/ubuntu/lucid/+source/gdm/2.30.2.is.2.30.0-0ubuntu5.1 Format: 1.8 Date: Mon, 28 Mar 2011 16:24:02 -0700 Source: gdm Binary: gdm Architecture: source Version: 2.30.2.is.2.30.0-0ubuntu5.1 Distribution: lucid-security Urgency: low Maintainer: Sebastien Bacher seb...@ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: gdm- GNOME Display Manager Changes: gdm (2.30.2.is.2.30.0-0ubuntu5.1) lucid-security; urgency=low . * SECURITY UPDATE: race condition allowing privilege escalation - debian/patches/34_CVE-2011-0727.patch: fix daemon/gdm-session-worker.c to copy files as session user rather than root followed by a subsequent chown. - CVE-2011-0727 Checksums-Sha1: 13d948b0d1182217f5834eb8b976cfd26e757cd9 2223 gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc 870a99322f4b1de693ec59dc8cc2655d73110ace 795064 gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz Checksums-Sha256: c1ce09f7176075f23ed277918ff9f7abb119124009d8d09e0ceadf6b6d2575fa 2223 gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc f29bfd71f683d185469b29bc4c7998e3ed996f4e3f7e2047d0bf60e4621348a9 795064 gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz Files: ea497892c7cc53f86ea3769c78e75962 2223 gnome optional gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc e314a75da58ead79bd79cac83730c057 795064 gnome optional gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] libvirt, libvirt_0.7.5-5ubuntu27.9_amd64_translations.tar.gz, libvirt_0.7.5-5ubuntu27.9_ia64_translations.tar.gz, libvirt_0.7.5-5ubuntu27.9_i386_translations.tar.gz, libvirt_0.
libvirt (0.7.5-5ubuntu27.9) lucid-security; urgency=low * SECURITY UPDATE: debian/patches/9904-CVE-2011-1146.patch: Add missing checks for read only connections. - CVE-2011-1146 Date: Tue, 15 Mar 2011 16:21:40 -0500 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu27.9 Format: 1.8 Date: Tue, 15 Mar 2011 16:21:40 -0500 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.7.5-5ubuntu27.9 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Changes: libvirt (0.7.5-5ubuntu27.9) lucid-security; urgency=low . * SECURITY UPDATE: debian/patches/9904-CVE-2011-1146.patch: Add missing checks for read only connections. - CVE-2011-1146 Checksums-Sha1: ee4b44a73cc2f9cb6128ffe76c6b21c81860ac97 2636 libvirt_0.7.5-5ubuntu27.9.dsc 58d38f509eeb2b2f151817dd1d03e35aeff81c7b 79590 libvirt_0.7.5-5ubuntu27.9.diff.gz Checksums-Sha256: 9ff3ee3ee4da13e00f56b5436580737297ff5cffb2826271e46209df104b3037 2636 libvirt_0.7.5-5ubuntu27.9.dsc c4327abaa638e39afe9c4da80b03b91a76c2bd31c9b8e4bfc6e7ab0eaa4279de 79590 libvirt_0.7.5-5ubuntu27.9.diff.gz Files: a43760f77881a106dc6512c6ffcbbf39 2636 libs optional libvirt_0.7.5-5ubuntu27.9.dsc dbfee62055eef69166bcbae32943868a 79590 libs optional libvirt_0.7.5-5ubuntu27.9.diff.gz Original-Maintainer: Debian Libvirt Maintainers pkg-libvirt-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tomcat6, tomcat6 (delayed) 6.0.24-2ubuntu1.7 (Accepted)
tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 Date: Thu, 24 Mar 2011 11:08:39 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tomcat6/6.0.24-2ubuntu1.7 Format: 1.8 Date: Thu, 24 Mar 2011 11:08:39 -0400 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: source Version: 6.0.24-2ubuntu1.7 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6- Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- documentation tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Launchpad-Bugs-Fixed: 714239 717396 717396 Changes: tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low . * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 Checksums-Sha1: f0cca8b7d5db855f55301442e405fdcf187d1868 2405 tomcat6_6.0.24-2ubuntu1.7.dsc 6f25b68c4d7e63fa2131ff86c09c192e9a146dd8 36286 tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz Checksums-Sha256: c6a6a334f9c8af99e3797cc5d89dece3c39899c0f6164d807966fc6f999e197f 2405 tomcat6_6.0.24-2ubuntu1.7.dsc 51ff078ef13c5db431aba7ecf2fb743e71f8f94481bfde811e8443cac8b8d068 36286 tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz Files: 6b7d220adbe7cd6be08219e82d9aa455 2405 java optional tomcat6_6.0.24-2ubuntu1.7.dsc 14073ec9f0672f44cc6a32235e81c29d 36286 java optional tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz Original-Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] subversion_1.6.6dfsg-2ubuntu1.2_powerpc_translations.tar.gz, subversion_1.6.6dfsg-2ubuntu1.2_sparc_translations.tar.gz (delayed), subversion, subversion_1.6.6dfsg-2ubuntu1.2_ar
subversion (1.6.6dfsg-2ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via request containing lock token - debian/patches/CVE-2011-0715.patch: correctly handle locks being passed when authn isn't enabled in subversion/mod_dav_svn/repos.c, subversion/mod_dav_svn/version.c. - CVE-2011-0715 Date: Mon, 21 Mar 2011 15:10:54 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/subversion/1.6.6dfsg-2ubuntu1.2 Format: 1.8 Date: Mon, 21 Mar 2011 15:10:54 -0400 Source: subversion Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby Architecture: source Version: 1.6.6dfsg-2ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion python-subversion-dbg - Python bindings for Subversion (debug extension) subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion Changes: subversion (1.6.6dfsg-2ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via request containing lock token - debian/patches/CVE-2011-0715.patch: correctly handle locks being passed when authn isn't enabled in subversion/mod_dav_svn/repos.c, subversion/mod_dav_svn/version.c. - CVE-2011-0715 Checksums-Sha1: ad41b6c2aef74aa8cd818a4f26dfeadf00e89831 2683 subversion_1.6.6dfsg-2ubuntu1.2.dsc 0a204205940ea9cfa5315c69465da08902fd74e5 113531 subversion_1.6.6dfsg-2ubuntu1.2.diff.gz Checksums-Sha256: d010435ebeacbededa2112787dfc8ebd36fbf395ae995c2b161b822b0bb5f3c8 2683 subversion_1.6.6dfsg-2ubuntu1.2.dsc 1a8f0d18595f60d56419794a1298700690121a95264b19c6dba4d4c2126049d4 113531 subversion_1.6.6dfsg-2ubuntu1.2.diff.gz Files: 281c7ae768d3494d8ac9566157a12dba 2683 vcs optional subversion_1.6.6dfsg-2ubuntu1.2.dsc a62b4d1b318ce267790174dabd75b567 113531 vcs optional subversion_1.6.6dfsg-2ubuntu1.2.diff.gz Original-Maintainer: Peter Samuelson pe...@p12n.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] quagga_0.99.15-1ubuntu0.2_ia64_translations.tar.gz, quagga_0.99.15-1ubuntu0.2_amd64_translations.tar.gz, quagga, quagga_0.99.15-1ubuntu0.2_sparc_translations.tar.gz (delayed),
quagga (0.99.15-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via malformed extended communities - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended communities in bgpd/bgp_attr.c. - CVE-2010-1674 * SECURITY UPDATE: denial of service via AS_PATHLIMIT - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support in bgpd/bgp_attr.c. - CVE-2010-1675 Date: Wed, 23 Mar 2011 14:07:57 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/quagga/0.99.15-1ubuntu0.2 Format: 1.8 Date: Wed, 23 Mar 2011 14:07:57 -0400 Source: quagga Binary: quagga quagga-doc Architecture: source Version: 0.99.15-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: quagga - BGP/OSPF/RIP routing daemon quagga-doc - documentation files for quagga Changes: quagga (0.99.15-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via malformed extended communities - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended communities in bgpd/bgp_attr.c. - CVE-2010-1674 * SECURITY UPDATE: denial of service via AS_PATHLIMIT - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support in bgpd/bgp_attr.c. - CVE-2010-1675 Checksums-Sha1: f19fc4bbd6f8177080719564dbb42945e9bca9b4 2043 quagga_0.99.15-1ubuntu0.2.dsc d997c0645a605207fddca7993d2dff3770f9aee7 38186 quagga_0.99.15-1ubuntu0.2.diff.gz Checksums-Sha256: 51dd746c36da597c540604eea6e2d467957166906c12d3cb403fd95883f8f416 2043 quagga_0.99.15-1ubuntu0.2.dsc 67524561176728e82a073ad9e31c8d7d40b6417bf3c2791cb49714d3b2a05d45 38186 quagga_0.99.15-1ubuntu0.2.diff.gz Files: 2782c599e61e924024bac7c91bf625dc 2043 net optional quagga_0.99.15-1ubuntu0.2.dsc c160867f187579266c7e9e2530901c46 38186 net optional quagga_0.99.15-1ubuntu0.2.diff.gz Original-Maintainer: Christian Hammers c...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] loggerhead, loggerhead (delayed) 1.17+bzr400-1ubuntu0.1 (Accepted)
loggerhead (1.17+bzr400-1ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch contents. (LP: #740142) - debian/patches/bug-740142.diff: improve escaping of filenames. - CVE-2011-0728 Date: Thu, 24 Mar 2011 13:39:43 +1100 Changed-By: William Grant william.gr...@canonical.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/loggerhead/1.17+bzr400-1ubuntu0.1 Format: 1.8 Date: Thu, 24 Mar 2011 13:39:43 +1100 Source: loggerhead Binary: loggerhead Architecture: source Version: 1.17+bzr400-1ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: William Grant william.gr...@canonical.com Description: loggerhead - Web viewer for Bazaar Launchpad-Bugs-Fixed: 740142 Changes: loggerhead (1.17+bzr400-1ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch contents. (LP: #740142) - debian/patches/bug-740142.diff: improve escaping of filenames. - CVE-2011-0728 Checksums-Sha1: c628096106579f38e0ef61e34300e0f3cca22b12 2148 loggerhead_1.17+bzr400-1ubuntu0.1.dsc 80ed4abba053952631c23e02d407b8e873779cf0 6948 loggerhead_1.17+bzr400-1ubuntu0.1.diff.gz Checksums-Sha256: ba88fd44ddf3175432296c4b9e843d90ff362967c5b28e7bb45884c1e76f566d 2148 loggerhead_1.17+bzr400-1ubuntu0.1.dsc 766f9583ba63c4eac33bb3a597d04915f864c74c798f5d52ddbbba19b16a9546 6948 loggerhead_1.17+bzr400-1ubuntu0.1.diff.gz Files: d7dfa3c9f473b14e569dbc7648451d1e 2148 devel optional loggerhead_1.17+bzr400-1ubuntu0.1.dsc c1175132259d51beea54e3e16992e6c4 6948 devel optional loggerhead_1.17+bzr400-1ubuntu0.1.diff.gz Original-Maintainer: Debian Bazaar Maintainers pkg-bazaar-ma...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1_i386_translations.tar.gz (delayed) 1
flashplugin-nonfree (10.2.153.1ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: New upstream release 10.2.153.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0609 * debian/postinst: make wget use the proxy defined for apt and decrease number of tries to a reasonable amount. (LP: #580523) Date: Wed, 23 Mar 2011 08:44:00 -0400 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.2.153.1ubuntu0.10.04.1 Format: 1.8 Date: Wed, 23 Mar 2011 08:44:00 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.2.153.1ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Launchpad-Bugs-Fixed: 580523 Changes: flashplugin-nonfree (10.2.153.1ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: New upstream release 10.2.153.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0609 * debian/postinst: make wget use the proxy defined for apt and decrease number of tries to a reasonable amount. (LP: #580523) Checksums-Sha1: ca14a4d255885c09e040f23b5b110cf1f9c7f348 1635 flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.dsc 1613c4b8efb0faf72579c3b0b5bdb8da022ab7e9 27019 flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.tar.gz Checksums-Sha256: 4afb55d7e3f5387859b370605532e6be16f9bb8a37d163ea02e6fc3d0cef8e32 1635 flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.dsc fae213d1764fb35cfa5c8f861b52d8a2792a6193babfa51b9ac53000d0ecfcc3 27019 flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.tar.gz Files: ef1f01a50b893defecb874c45e6d190d 1635 contrib/web optional flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.dsc ee8a0d7eeb9b9da0eb895993ec870496 27019 contrib/web optional flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.tar.gz Original-Maintainer: Bart Martens ba...@knars.be -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] krb5, krb5_1.8.1+dfsg-2ubuntu0.8_ia64_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.8_i386_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.8_amd64_translations.tar.gz, krb5_1.8.1
krb5 (1.8.1+dfsg-2ubuntu0.8) lucid-security; urgency=low * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 Date: Mon, 14 Mar 2011 16:01:50 -0700 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.8 Format: 1.8 Date: Mon, 14 Mar 2011 16:01:50 -0700 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.8.1+dfsg-2ubuntu0.8 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.8.1+dfsg-2ubuntu0.8) lucid-security; urgency=low . * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 Checksums-Sha1: 4189bf1df050fb506a10544475c4fe1f2bd55cb1 2323 krb5_1.8.1+dfsg-2ubuntu0.8.dsc 97e94df44293efa34fdfc5fa5a8d3261289d0b59 131516 krb5_1.8.1+dfsg-2ubuntu0.8.diff.gz Checksums-Sha256: 595f71757c03f77948dbcf934280e8764d5d3262ace825a086892b650dbf29f6 2323 krb5_1.8.1+dfsg-2ubuntu0.8.dsc ebdb7ccad160667982c6947c281889a146d1e86375bfbf9e550218e04a5a0514 131516 krb5_1.8.1+dfsg-2ubuntu0.8.diff.gz Files: 21539a7799a5d215aec5fd0260aa0ff4 2323 net standard krb5_1.8.1+dfsg-2ubuntu0.8.dsc e81a5f9896059c8b68791e09cd779f0a 131516 net standard krb5_1.8.1+dfsg-2ubuntu0.8.diff.gz Original-Maintainer: Sam Hartman hartm...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_amd64_translations.tar.gz, kvirc, kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_sparc_translations.tar.gz (delayed), kvirc_4.0.0~svn3900+rc2-1ubuntu0.2
kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452. - 33_upstream_security_#858.patch - Patch based on upstream SVN revision 4693. - CVE-2010-2785: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785 - LP: #612682 Date: Sat, 12 Mar 2011 20:00:18 -0600 Changed-By: Nathan Handler nhand...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/kvirc/4:4.0.0~svn3900+rc2-1ubuntu0.2 Format: 1.8 Date: Sat, 12 Mar 2011 20:00:18 -0600 Source: kvirc Binary: kvirc kvirc-data kvirc-dbg Architecture: source Version: 4:4.0.0~svn3900+rc2-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Nathan Handler nhand...@ubuntu.com Description: kvirc - KDE-based next generation IRC client with module support kvirc-data - Data files for KVIrc kvirc-dbg - KVIrc (IRC client) debugging symbols Launchpad-Bugs-Fixed: 612682 Changes: kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452. - 33_upstream_security_#858.patch - Patch based on upstream SVN revision 4693. - CVE-2010-2785: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785 - LP: #612682 Checksums-Sha1: 8456a1ec33df73af55fdf558d1172b392e07f65f 2315 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc b44a814a818128c5cbf890176fbfe0b57d8d3dc1 33404 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz Checksums-Sha256: 0aba1d65f0da61d4d0406600ae17f9afeaf79a3116dbb1a8c1edd323e13832b7 2315 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc 7c7babb9cd16468c134cb8f0d1d1c1d722e14a7c0e6495a841648326f8ab3ae6 33404 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz Files: 1f8ac31839fbeabab63181b41a046dd1 2315 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc ac363cfcadd5efb850633c44021546a8 33404 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz Original-Maintainer: Debian KDE Extras Team pkg-kde-ext...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.5 (Accepted)
tiff (3.9.2-2ubuntu0.5) lucid-security; urgency=low * debian/patches/CVE-2011-0192.patch: update for regression in processing of certain CCITTFAX4 files (LP: #731540). - http://bugzilla.maptools.org/show_bug.cgi?id=2297 Date: Mon, 14 Mar 2011 10:47:02 -0700 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.5 Format: 1.8 Date: Mon, 14 Mar 2011 10:47:02 -0700 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.9.2-2ubuntu0.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Launchpad-Bugs-Fixed: 731540 Changes: tiff (3.9.2-2ubuntu0.5) lucid-security; urgency=low . * debian/patches/CVE-2011-0192.patch: update for regression in processing of certain CCITTFAX4 files (LP: #731540). - http://bugzilla.maptools.org/show_bug.cgi?id=2297 Checksums-Sha1: fd7fd5f99a5ab829e81ca297742aa1fcff68f4d3 1974 tiff_3.9.2-2ubuntu0.5.dsc ba4fb2466bdf70faf4f66777c51fef75fded37dc 20142 tiff_3.9.2-2ubuntu0.5.diff.gz Checksums-Sha256: b7058f94a57d963eac97ce0ecbe424298f40a7d93b1b96e56105254ac43a4556 1974 tiff_3.9.2-2ubuntu0.5.dsc 2906bc812cfdefbf75497cde2c6cfd4e6cf23d757fb609eb618c57e0f1afe731 20142 tiff_3.9.2-2ubuntu0.5.diff.gz Files: 0ab3539d8af96ca2ca23c1d74d79e8c6 1974 libs optional tiff_3.9.2-2ubuntu0.5.dsc b939eddaecc09a223f750ddc9ec300a7 20142 libs optional tiff_3.9.2-2ubuntu0.5.diff.gz Original-Maintainer: Jay Berkenbilt q...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.4 (Accepted)
tiff (3.9.2-2ubuntu0.4) lucid-security; urgency=low * SECURITY UPDATE: denial of service via invalid td_stripbytecount field (LP: #597246) - debian/patches/CVE-2010-2482.patch: look for missing strip byte counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c. - CVE-2010-2482 * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite values - debian/patches/CVE-2010-2595.patch: validate values in libtiff/tif_color.c. - CVE-2010-2595 * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067) - debian/patches/CVE-2010-2597.patch: properly initialize fields in libtiff/tif_strip.c. - CVE-2010-2597 - CVE-2010-2598 * SECURITY UPDATE: denial of service via out-of-order tags - debian/patches/CVE-2010-2630.patch: correctly handle order in libtiff/tif_dirread.c. - CVE-2010-2630 * SECURITY UPDATE: denial of service and possible code execution via heap corruption in JPEGDecodeRaw - debian/patches/CVE-2010-3087.patch: check for overflows in libtiff/tif_jpeg.c, libtiff/tif_strip.c. - CVE-2010-3087 * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in Fax4Decode - debian/patches/CVE-2011-0192.patch: check length in libtiff/tif_fax3.h. - CVE-2011-0192 Date: Thu, 03 Mar 2011 13:42:43 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.4 Format: 1.8 Date: Thu, 03 Mar 2011 13:42:43 -0500 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.9.2-2ubuntu0.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Launchpad-Bugs-Fixed: 593067 597246 Changes: tiff (3.9.2-2ubuntu0.4) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via invalid td_stripbytecount field (LP: #597246) - debian/patches/CVE-2010-2482.patch: look for missing strip byte counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c. - CVE-2010-2482 * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite values - debian/patches/CVE-2010-2595.patch: validate values in libtiff/tif_color.c. - CVE-2010-2595 * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067) - debian/patches/CVE-2010-2597.patch: properly initialize fields in libtiff/tif_strip.c. - CVE-2010-2597 - CVE-2010-2598 * SECURITY UPDATE: denial of service via out-of-order tags - debian/patches/CVE-2010-2630.patch: correctly handle order in libtiff/tif_dirread.c. - CVE-2010-2630 * SECURITY UPDATE: denial of service and possible code execution via heap corruption in JPEGDecodeRaw - debian/patches/CVE-2010-3087.patch: check for overflows in libtiff/tif_jpeg.c, libtiff/tif_strip.c. - CVE-2010-3087 * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in Fax4Decode - debian/patches/CVE-2011-0192.patch: check length in libtiff/tif_fax3.h. - CVE-2011-0192 Checksums-Sha1: 0e7321a02c7a302d2173356696750f5a3357bb10 1936 tiff_3.9.2-2ubuntu0.4.dsc f61cc52895f07a87fc619265784341a0e99b5576 20063 tiff_3.9.2-2ubuntu0.4.diff.gz Checksums-Sha256: e9b1677042638660e361ca4d6d98be30761c0aea7c974fd68ebc41f30265a8ca 1936 tiff_3.9.2-2ubuntu0.4.dsc 193bc6ba7f87d8407ba1cc2435b208f71d31ed014d45767164b1bab4fb28d3af 20063 tiff_3.9.2-2ubuntu0.4.diff.gz Files: 47c1d116c4f792f5423dc8f1d3eb54db 1936 libs optional tiff_3.9.2-2ubuntu0.4.dsc ad8a0d1f9dfdd079921a554a091f4977 20063 libs optional tiff_3.9.2-2ubuntu0.4.diff.gz Original-Maintainer: Jay Berkenbilt q...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] avahi_0.6.25-1ubuntu6.2_amd64_translations.tar.gz, avahi_0.6.25-1ubuntu6.2_i386_translations.tar.gz, avahi_0.6.25-1ubuntu6.2_sparc_translations.tar.gz (delayed), avahi_0.6.25-1
avahi (0.6.25-1ubuntu6.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via NULL packet - debian/patches/CVE-2011-1002.patch: still read corrupt packets from sockets in avahi-core/socket.c. - CVE-2011-1002 Date: Fri, 04 Mar 2011 14:11:47 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/avahi/0.6.25-1ubuntu6.2 Format: 1.8 Date: Fri, 04 Mar 2011 14:11:47 -0500 Source: avahi Binary: avahi-daemon avahi-dnsconfd avahi-autoipd python-avahi avahi-utils avahi-discover libavahi-common3 libavahi-common-data libavahi-common-dev libavahi-common3-udeb libavahi-core6 libavahi-core-dev libavahi-core6-udeb libavahi-client3 libavahi-client-dev libavahi-glib1 libavahi-glib-dev libavahi-gobject0 libavahi-gobject-dev libavahi-qt3-1 libavahi-qt3-dev libavahi-qt4-1 libavahi-qt4-dev libavahi-compat-howl0 libavahi-compat-howl-dev libavahi-compat-libdnssd1 libavahi-compat-libdnssd-dev libavahi-ui0 libavahi-ui-dev avahi-ui-utils avahi-dbg Architecture: source Version: 0.6.25-1ubuntu6.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: avahi-autoipd - Avahi IPv4LL network address configuration daemon avahi-daemon - Avahi mDNS/DNS-SD daemon avahi-dbg - Avahi - debugging symbols avahi-discover - Service discover user interface for avahi avahi-dnsconfd - Avahi DNS configuration tool avahi-ui-utils - Avahi GTK+ utilities avahi-utils - Avahi browsing, publishing and discovery utilities libavahi-client-dev - Development files for the Avahi client library libavahi-client3 - Avahi client library libavahi-common-data - Avahi common data files libavahi-common-dev - Development files for the Avahi common library libavahi-common3 - Avahi common library libavahi-common3-udeb - Avahi common library (debian-installer) (udeb) libavahi-compat-howl-dev - Development headers for the Avahi Howl compatibility library libavahi-compat-howl0 - Avahi Howl compatibility library libavahi-compat-libdnssd-dev - Development headers for the Avahi Apple Bonjour compatibility lib libavahi-compat-libdnssd1 - Avahi Apple Bonjour compatibility library libavahi-core-dev - Development files for Avahi's embeddable mDNS/DNS-SD library libavahi-core6 - Avahi's embeddable mDNS/DNS-SD library libavahi-core6-udeb - Avahi's embeddable mDNS/DNS-SD library (debian-installer) (udeb) libavahi-glib-dev - Development headers for the Avahi glib integration library libavahi-glib1 - Avahi glib integration library libavahi-gobject-dev - Development headers for the Avahi GObject library libavahi-gobject0 - Avahi GObject library libavahi-qt3-1 - Avahi Qt 3 integration library libavahi-qt3-dev - Development headers for the Avahi Qt 3 integration library libavahi-qt4-1 - Avahi Qt 4 integration library libavahi-qt4-dev - Development headers for the Avahi Qt 4 integration library libavahi-ui-dev - Development headers for the Avahi GTK+ User interface library libavahi-ui0 - Avahi GTK+ User interface library python-avahi - Python utility package for Avahi Changes: avahi (0.6.25-1ubuntu6.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via NULL packet - debian/patches/CVE-2011-1002.patch: still read corrupt packets from sockets in avahi-core/socket.c. - CVE-2011-1002 Checksums-Sha1: 84429f79b38c4a8daed1633554e3a0ee9bee5420 3107 avahi_0.6.25-1ubuntu6.2.dsc 8741a1b3544c46f8582bccd977e3603a48530099 33068 avahi_0.6.25-1ubuntu6.2.diff.gz Checksums-Sha256: 59626da176ac200faaa93baf59c9740cd167498cad1d9bf54bfc2db3bb2c88e6 3107 avahi_0.6.25-1ubuntu6.2.dsc bb8a1f0773b4357a233a1854946e2ec3300430eeaa68b0c65d682ea4dd4c02a5 33068 avahi_0.6.25-1ubuntu6.2.diff.gz Files: 1a378d0dd872b98b607a0a14679a2117 3107 net optional avahi_0.6.25-1ubuntu6.2.dsc 1a5fb01b36c4d251405f87de713a4cf8 33068 net optional avahi_0.6.25-1ubuntu6.2.diff.gz Original-Maintainer: Utopia Maintenance Team pkg-utopia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] pango1.0, pango1.0 (delayed) 1.28.0-0ubuntu2.2 (Accepted)
pango1.0 (1.28.0-0ubuntu2.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via crafted font file (LP: #696616) - debian/patches/20_CVE-2011-0020.patch: check for overflow in pango/pangoft2-render.c. - CVE-2011-0020 * SECURITY UPDATE: denial of service and possible code execution via unchecked realloc failures - debian/patches/21_CVE-2011-0064.patch: check for realloc failures in pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h. - CVE-2011-0064 Date: Tue, 01 Mar 2011 10:02:14 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/pango1.0/1.28.0-0ubuntu2.2 Format: 1.8 Date: Tue, 01 Mar 2011 10:02:14 -0500 Source: pango1.0 Binary: libpango1.0-0 libpango1.0-udeb libpango1.0-common libpango1.0-dev libpango1.0-0-dbg libpango1.0-doc gir1.0-pango-1.0 Architecture: source Version: 1.28.0-0ubuntu2.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: gir1.0-pango-1.0 - Layout and rendering of internationalized text libpango1.0-0 - Layout and rendering of internationalized text libpango1.0-0-dbg - The Pango library and debugging symbols libpango1.0-common - Modules and configuration files for the Pango libpango1.0-dev - Development files for the Pango libpango1.0-doc - Documentation files for the Pango libpango1.0-udeb - Layout and rendering of internationalized text - minimal runtime (udeb) Launchpad-Bugs-Fixed: 696616 Changes: pango1.0 (1.28.0-0ubuntu2.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via crafted font file (LP: #696616) - debian/patches/20_CVE-2011-0020.patch: check for overflow in pango/pangoft2-render.c. - CVE-2011-0020 * SECURITY UPDATE: denial of service and possible code execution via unchecked realloc failures - debian/patches/21_CVE-2011-0064.patch: check for realloc failures in pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h. - CVE-2011-0064 Checksums-Sha1: 01f9feff0170e794e1b9e0dabaae3e3ea26f 2444 pango1.0_1.28.0-0ubuntu2.2.dsc 7e01302084589de427104c48b2e2d8ff359c728e 39118 pango1.0_1.28.0-0ubuntu2.2.diff.gz Checksums-Sha256: 87aa147f07a080eabe527aa6c769b4a0cf09773f16ea266927a5942e5b469c92 2444 pango1.0_1.28.0-0ubuntu2.2.dsc bc37913e946ba4f8053f01df5c5763a4fc7136fe4ca99ddc46a348e89da7c2b8 39118 pango1.0_1.28.0-0ubuntu2.2.diff.gz Files: 8e7681561927ec35998140c8ce912fdc 2444 libs optional pango1.0_1.28.0-0ubuntu2.2.dsc 2c09932db5084cbb64cf78d472a6dc18 39118 libs optional pango1.0_1.28.0-0ubuntu2.2.diff.gz Original-Maintainer: Sebastien Bacher seb...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] fuse, fuse (delayed) 2.8.1-1.1ubuntu3.1 (Accepted)
fuse (2.8.1-1.1ubuntu3.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary unprivileged unmount - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when unmounting in case of a failed mtab update in util/fusermount.c. - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing mount/umount in util/fusermount.c. - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux support so symlinks don't get followed upon fallback in lib/mount_util.c, util/fusermount.c. - CVE-2011-0541 - CVE-2011-0542 - CVE-2011-0543 Date: Fri, 11 Feb 2011 13:41:20 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/fuse/2.8.1-1.1ubuntu3.1 Format: 1.8 Date: Fri, 11 Feb 2011 13:41:20 -0500 Source: fuse Binary: fuse-utils libfuse-dev libfuse2 fuse-utils-udeb libfuse2-udeb Architecture: source Version: 2.8.1-1.1ubuntu3.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: fuse-utils - Filesystem in USErspace (utilities) fuse-utils-udeb - Filesystem in USErspace (utilities) (udeb) libfuse-dev - Filesystem in USErspace (development files) libfuse2 - Filesystem in USErspace library libfuse2-udeb - Filesystem in USErspace library (udeb) Changes: fuse (2.8.1-1.1ubuntu3.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary unprivileged unmount - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when unmounting in case of a failed mtab update in util/fusermount.c. - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing mount/umount in util/fusermount.c. - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux support so symlinks don't get followed upon fallback in lib/mount_util.c, util/fusermount.c. - CVE-2011-0541 - CVE-2011-0542 - CVE-2011-0543 Checksums-Sha1: e367a2e0bc6aa6af666cd6999621ead3977b170a 1996 fuse_2.8.1-1.1ubuntu3.1.dsc c1709b9ff7eb87167e4d734d4470a9f428098de0 27383 fuse_2.8.1-1.1ubuntu3.1.diff.gz Checksums-Sha256: 766185e986ddc72f837a12bdebdb3ea908874c731d51e4d7d288b58c2aa1919f 1996 fuse_2.8.1-1.1ubuntu3.1.dsc 386a09daf7c3f62da66e6335fc965129964ef6a3caa8d51f93084b5a0e38ec52 27383 fuse_2.8.1-1.1ubuntu3.1.diff.gz Files: 011e99d872ef8aa01bfd5aa53e2f348c 1996 libs optional fuse_2.8.1-1.1ubuntu3.1.dsc 0d3a2d5c7858db66234aec282f7176d0 27383 libs optional fuse_2.8.1-1.1ubuntu3.1.diff.gz Original-Maintainer: Bartosz Fenski fe...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] clamav_0.96.5+dfsg-1ubuntu1.10.04.2_amd64_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.2_powerpc_translations.tar.gz, clamav, clamav_0.96.5+dfsg-1ubuntu1.10.04.2_ia64
clamav (0.96.5+dfsg-1ubuntu1.10.04.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via double free in vba processing - libclamav/vba_extract.c: set buf to NULL when it gets freed. - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f - CVE-2011-1003 Date: Wed, 23 Feb 2011 14:31:05 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.2 Format: 1.8 Date: Wed, 23 Feb 2011 14:31:05 -0500 Source: clamav Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter Architecture: source Version: 0.96.5+dfsg-1ubuntu1.10.04.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: clamav - anti-virus utility for Unix - command-line interface clamav-base - anti-virus utility for Unix - base package clamav-daemon - anti-virus utility for Unix - scanner daemon clamav-dbg - debug symbols for ClamAV clamav-docs - anti-virus utility for Unix - documentation clamav-freshclam - anti-virus utility for Unix - virus database update utility clamav-milter - anti-virus utility for Unix - sendmail integration clamav-testfiles - anti-virus utility for Unix - test files libclamav-dev - anti-virus utility for Unix - development files libclamav6 - anti-virus utility for Unix - library Changes: clamav (0.96.5+dfsg-1ubuntu1.10.04.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via double free in vba processing - libclamav/vba_extract.c: set buf to NULL when it gets freed. - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f - CVE-2011-1003 Checksums-Sha1: e82437d82167925733597689b65e3d8beae31d10 2316 clamav_0.96.5+dfsg-1ubuntu1.10.04.2.dsc 5c788b07ccfe65b25ca7ba3ee810e9718af22e96 284840 clamav_0.96.5+dfsg-1ubuntu1.10.04.2.diff.gz Checksums-Sha256: cff9afa76d13592e26825731b101b0e5f858f90824e448b286401b8f4703c8ab 2316 clamav_0.96.5+dfsg-1ubuntu1.10.04.2.dsc 17077b7c62568e5235796ccf3ac31c74952d1ce721e0706d9a9d8f75026b2988 284840 clamav_0.96.5+dfsg-1ubuntu1.10.04.2.diff.gz Files: 84d432b7b885c83125985604f64b0f0b 2316 utils optional clamav_0.96.5+dfsg-1ubuntu1.10.04.2.dsc 42781ef7dd2292f9c5ecd09d17d7c33a 284840 utils optional clamav_0.96.5+dfsg-1ubuntu1.10.04.2.diff.gz Original-Maintainer: ClamAV Team pkg-clamav-de...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] samba_3.4.7~dfsg-1ubuntu3.4_ia64_translations.tar.gz, samba, samba_3.4.7~dfsg-1ubuntu3.4_armel_translations.tar.gz, samba_3.4.7~dfsg-1ubuntu3.4_amd64_translations.tar.gz, samba
samba (2:3.4.7~dfsg-1ubuntu3.4) lucid-security; urgency=low * SECURITY UPDATE: denial of service via missing range checks on file descriptors - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous file descriptors. - CVE-2011-0719 Date: Wed, 23 Feb 2011 13:19:19 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/samba/2:3.4.7~dfsg-1ubuntu3.4 Format: 1.8 Date: Wed, 23 Feb 2011 13:19:19 -0500 Source: samba Binary: samba samba-common-bin samba-common samba-tools smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg libwbclient0 Architecture: source Version: 2:3.4.7~dfsg-1ubuntu3.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libpam-smbpass - pluggable authentication module for Samba libsmbclient - shared library for communication with SMB/CIFS servers libsmbclient-dev - development files for libsmbclient libwbclient0 - Samba winbind client library samba - SMB/CIFS file, print, and login server for Unix samba-common - common files used by both the Samba server and client samba-common-bin - common files used by both the Samba server and client samba-dbg - Samba debugging symbols samba-doc - Samba documentation samba-doc-pdf - Samba documentation in PDF format samba-tools - Samba testing utilities smbclient - command-line SMB/CIFS clients for Unix smbfs - Samba file system utilities swat - Samba Web Administration Tool winbind- Samba nameservice integration server Changes: samba (2:3.4.7~dfsg-1ubuntu3.4) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via missing range checks on file descriptors - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous file descriptors. - CVE-2011-0719 Checksums-Sha1: 97af72f6a7300a4d89c11ee8cad70b8978a5a163 2909 samba_3.4.7~dfsg-1ubuntu3.4.dsc 5330d3ac2a09b34e84c85c358a981e3a4a4a6fcb 498929 samba_3.4.7~dfsg-1ubuntu3.4.debian.tar.gz Checksums-Sha256: 6d09db7e1fff7ca2330ce00faa934611126f7bd70997dd9f345a70b29ebcaa5b 2909 samba_3.4.7~dfsg-1ubuntu3.4.dsc 5013c2d2b482f5c00c9c629a678a8e1e5d7f08478d6f7e23176f6d3afcb14f91 498929 samba_3.4.7~dfsg-1ubuntu3.4.debian.tar.gz Files: 1336631c05b66ac6fae3a45a188f6a76 2909 net optional samba_3.4.7~dfsg-1ubuntu3.4.dsc d20ae93204d9806b721d5caaae5adf9c 498929 net optional samba_3.4.7~dfsg-1ubuntu3.4.debian.tar.gz Original-Maintainer: Debian Samba Maintainers pkg-samba-ma...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] logwatch, logwatch (delayed) 7.3.6.cvs20090906-1ubuntu2.1 (Accepted)
logwatch (7.3.6.cvs20090906-1ubuntu2.1) lucid-security; urgency=low * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revisionrevision=26 - CVE-2011-1018 Date: Sat, 26 Feb 2011 01:10:16 -0800 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/logwatch/7.3.6.cvs20090906-1ubuntu2.1 Format: 1.8 Date: Sat, 26 Feb 2011 01:10:16 -0800 Source: logwatch Binary: logwatch Architecture: source Version: 7.3.6.cvs20090906-1ubuntu2.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: logwatch - log analyser with nice output written in Perl Changes: logwatch (7.3.6.cvs20090906-1ubuntu2.1) lucid-security; urgency=low . * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revisionrevision=26 - CVE-2011-1018 Checksums-Sha1: 952a58720b9a7416de757f41959426b4b6e762ba 1932 logwatch_7.3.6.cvs20090906-1ubuntu2.1.dsc f5f55833f31b90e8d1639bdf310c37b724d55786 87803 logwatch_7.3.6.cvs20090906-1ubuntu2.1.diff.gz Checksums-Sha256: 3151b976869dab78f8912f22db5971d17f8d2807f5df638a0a6b758ea01ae668 1932 logwatch_7.3.6.cvs20090906-1ubuntu2.1.dsc 14db7604bd1153f3b3fe245265916d26cb22b1b9f39df5ecec84414f1edc5b50 87803 logwatch_7.3.6.cvs20090906-1ubuntu2.1.diff.gz Files: d87291a904f97e6c13dc15f0c996eeb4 1932 admin optional logwatch_7.3.6.cvs20090906-1ubuntu2.1.dsc 0bba6a4701307c1abb9fea16c15c11fd 87803 admin optional logwatch_7.3.6.cvs20090906-1ubuntu2.1.diff.gz Original-Maintainer: Willi Mann wi...@wm1.at -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.7-0ubuntu1~10.04.1 (Accepted)
openjdk-6 (6b20-1.9.7-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.9.7 release. - SECURITY UPDATE: + S4421494, CVE-2010-4476: infinite loop while parsing double literal. + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption + S6907662, CVE-2010-4465: Swing timer-based security manager bypass + S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets + S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries + S6985453, CVE-2010-4471: Java2D font-related system property leak + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation + RH677332, CVE-2011-0706: Multiple signers privilege escalation - Bug fixes + RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken + G344659: Fix issue when building on SPARC + Fix latent JAXP bug caused by missing import * dropped patch due to different fix applied upstream: - debian/patches/hotspot-sparc-fix.diff * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap zerovm instead to compensate for http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631 Date: Wed, 23 Feb 2011 10:01:27 -0800 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: OpenJDK Team open...@lists.launchpad.net https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.7-0ubuntu1~10.04.1 Format: 1.8 Date: Wed, 23 Feb 2011 10:01:27 -0800 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.7-0ubuntu1~10.04.1 Distribution: lucid-security Urgency: low Maintainer: OpenJDK Team open...@lists.launchpad.net Changed-By: Steve Beattie sbeat...@ubuntu.com Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.7-0ubuntu1~10.04.1) lucid-security; urgency=low . * IcedTea6 1.9.7 release. - SECURITY UPDATE: + S4421494, CVE-2010-4476: infinite loop while parsing double literal. + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption + S6907662, CVE-2010-4465: Swing timer-based security manager bypass + S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets + S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries + S6985453, CVE-2010-4471: Java2D font-related system property leak + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation + RH677332, CVE-2011-0706: Multiple signers privilege escalation - Bug fixes + RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken + G344659: Fix issue when building on SPARC + Fix latent JAXP bug caused by missing import * dropped patch due to different fix applied upstream: - debian/patches/hotspot-sparc-fix.diff * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap zerovm instead to compensate for http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631 Checksums-Sha1: 21c1b0b70fe764f0c85fb7021413f7074dd67047 3077 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc 150395cb29650662384afe0dab4fc16d7ed4c44d 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz e5d4f1c125efbac9100399182410fe5001ee5ba5 131924 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz Checksums-Sha256: faf01e612743f8b1e7981e5f4582402e83e87adf1ad8ce21bd3d32b3cb73d858 3077 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc fb7e696f7b8019c2a8ac78b4823bb4c91efa62ddde9ff9ed799e62b886d79785 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz 908dfa45e2ffe676151acc192673663e2f293bc2287fe34fd1040ce34e6b99af 131924 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz
[ubuntu/lucid-security] mailman_2.1.13-1ubuntu0.2_sparc_translations.tar.gz (delayed), mailman_2.1.13-1ubuntu0.2_armel_translations.tar.gz, mailman, mailman_2.1.13-1ubuntu0.2_i386_translations.tar.gz,
mailman (1:2.1.13-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py - debian/patches/80_CVE-2011-0707.patch: properly clean strings in Mailman/Cgi/confirm.py. - CVE-2011-0707 * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list information and description fields - debian/patches/81_CVE-2010-3089.patch: properly clean strings in Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py. - CVE-2010-3089 Date: Thu, 17 Feb 2011 10:02:48 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/mailman/1:2.1.13-1ubuntu0.2 Format: 1.8 Date: Thu, 17 Feb 2011 10:02:48 -0500 Source: mailman Binary: mailman Architecture: source Version: 1:2.1.13-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: mailman- Powerful, web-based mailing list manager Changes: mailman (1:2.1.13-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py - debian/patches/80_CVE-2011-0707.patch: properly clean strings in Mailman/Cgi/confirm.py. - CVE-2011-0707 * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list information and description fields - debian/patches/81_CVE-2010-3089.patch: properly clean strings in Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py. - CVE-2010-3089 Checksums-Sha1: 8b0f21f2573dd0c010b3d498f3ca081391897f09 2078 mailman_2.1.13-1ubuntu0.2.dsc 64576a4483321a6452c4d3c689b53a4e508317b1 134303 mailman_2.1.13-1ubuntu0.2.diff.gz Checksums-Sha256: 96ba9640cfe0197202299c6fd9f2ae72d7d3dfc662aa6281e9da356d0255015d 2078 mailman_2.1.13-1ubuntu0.2.dsc c0a4d38e3f1ae7ffd2c86163cf222508181a6e1052fee7b96e1ca09525d78b66 134303 mailman_2.1.13-1ubuntu0.2.diff.gz Files: c330e0f5c5ca37e2fc3d7dfdaf9da0d2 2078 mail optional mailman_2.1.13-1ubuntu0.2.dsc 2229842594cc9fc00db4f0633316abfc 134303 mail optional mailman_2.1.13-1ubuntu0.2.diff.gz Original-Maintainer: Mailman for Debian pkg-mailman-hack...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] cgiirc, cgiirc (delayed) 0.5.9-3squeeze1build0.10.04.1 (Accepted)
cgiirc (0.5.9-3squeeze1build0.10.04.1) lucid-security; urgency=low * fake sync from Debian cgiirc (0.5.9-3squeeze1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Fixed XSS flaw in handling clients who have Javascript disabled. [CVE-2011-0050] Date: Fri, 18 Feb 2011 12:42:49 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Damián Viano d...@debian.org https://launchpad.net/ubuntu/lucid/+source/cgiirc/0.5.9-3squeeze1build0.10.04.1 Format: 1.8 Date: Fri, 18 Feb 2011 12:42:49 -0600 Source: cgiirc Binary: cgiirc Architecture: source Version: 0.5.9-3squeeze1build0.10.04.1 Distribution: lucid-security Urgency: high Maintainer: Damián Viano d...@debian.org Changed-By: Jamie Strandboge ja...@ubuntu.com Description: cgiirc - web based irc client Changes: cgiirc (0.5.9-3squeeze1build0.10.04.1) lucid-security; urgency=low . * fake sync from Debian . cgiirc (0.5.9-3squeeze1) stable-security; urgency=high . * Non-maintainer upload by The Security Team. * Fixed XSS flaw in handling clients who have Javascript disabled. [CVE-2011-0050] Checksums-Sha1: 5e97895cd447c2d102d9fc41c0f9b97605164ae8 1671 cgiirc_0.5.9-3squeeze1build0.10.04.1.dsc 764800b5084b9fc909ca6268849af99ab378dac7 6404 cgiirc_0.5.9-3squeeze1build0.10.04.1.diff.gz Checksums-Sha256: 899f23dc0de39af4ba093d9c2ff5eef9349bea921177bf278c82f908c7d2e32f 1671 cgiirc_0.5.9-3squeeze1build0.10.04.1.dsc f978c1a8545ac1c3ff56a637769d3d186111c3bdb0bcf2bfdede739708ee38e0 6404 cgiirc_0.5.9-3squeeze1build0.10.04.1.diff.gz Files: 2ca63f467df0f8837045a09b79f6bd9a 1671 net extra cgiirc_0.5.9-3squeeze1build0.10.04.1.dsc 3ece07f4df51d98ebac83ce731c7d31f 6404 net extra cgiirc_0.5.9-3squeeze1build0.10.04.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] python-django_1.1.1-2ubuntu1.3_i386_translations.tar.gz (delayed), python-django 1.1.1-2ubuntu1.3 (Accepted)
python-django (1.1.1-2ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: flaw in CSRF handling (LP: #719031) - debian/patches/10_CVE-2011-0696.diff: apply full CSRF validation to all requests, regardless of apparent AJAX origin. This is technically backwards-incompatible, but the security risks have been judged to outweigh the compatibility concerns in this case. See the Django project notes for more information: http://www.djangoproject.com/weblog/2011/feb/08/security/ - CVE-2011-0696 * SECURITY UPDATE: potential XSS in file field rendering - debian/patches/11_CVE-2011-0697.diff: properly escape URL in django/contrib/admin/widgets.py - CVE-2011-0697 Date: Tue, 15 Feb 2011 17:11:08 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.3 Format: 1.8 Date: Tue, 15 Feb 2011 17:11:08 -0600 Source: python-django Binary: python-django python-django-doc Architecture: source Version: 1.1.1-2ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Launchpad-Bugs-Fixed: 719031 Changes: python-django (1.1.1-2ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: flaw in CSRF handling (LP: #719031) - debian/patches/10_CVE-2011-0696.diff: apply full CSRF validation to all requests, regardless of apparent AJAX origin. This is technically backwards-incompatible, but the security risks have been judged to outweigh the compatibility concerns in this case. See the Django project notes for more information: http://www.djangoproject.com/weblog/2011/feb/08/security/ - CVE-2011-0696 * SECURITY UPDATE: potential XSS in file field rendering - debian/patches/11_CVE-2011-0697.diff: properly escape URL in django/contrib/admin/widgets.py - CVE-2011-0697 Checksums-Sha1: d28769717e144aec693d1e59248cdcfb400aca19 2215 python-django_1.1.1-2ubuntu1.3.dsc bfde784bbb42c5374a25d435e4952b3f5003656b 46514 python-django_1.1.1-2ubuntu1.3.diff.gz Checksums-Sha256: 3a6ea8212c42fd083056b58f456af04eaf067044798aa1fa815498a2650aefed 2215 python-django_1.1.1-2ubuntu1.3.dsc b818178155392f59b785cdaea185c109d4b0bdaa13525b533790819a826ee260 46514 python-django_1.1.1-2ubuntu1.3.diff.gz Files: 4de71582b629ed7c3fe5c3334e1d98aa 2215 python optional python-django_1.1.1-2ubuntu1.3.dsc cdf31c55963b3a900c532a56ad14ba54 46514 python optional python-django_1.1.1-2ubuntu1.3.diff.gz Original-Maintainer: Chris Lamb la...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] telepathy-gabble, telepathy-gabble (delayed) 0.8.12-0ubuntu1.1 (Accepted)
telepathy-gabble (0.8.12-0ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: don't process google:jingleinfo updates from contacts - debian/patches/0001-ignore-google-jingleinfo-from-contacts.patch: don't accept jingleinfo except from self or server - CVE-2011- Date: Tue, 15 Feb 2011 12:53:17 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/telepathy-gabble/0.8.12-0ubuntu1.1 Format: 1.8 Date: Tue, 15 Feb 2011 12:53:17 -0600 Source: telepathy-gabble Binary: telepathy-gabble telepathy-gabble-dbg Architecture: source Version: 0.8.12-0ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: telepathy-gabble - Jabber/XMPP connection manager telepathy-gabble-dbg - Jabber/XMPP connection manager (debug symbols) Changes: telepathy-gabble (0.8.12-0ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: don't process google:jingleinfo updates from contacts - debian/patches/0001-ignore-google-jingleinfo-from-contacts.patch: don't accept jingleinfo except from self or server - CVE-2011- Checksums-Sha1: a0e05d1a46636e27fab2e4a167e8727173df17b5 2580 telepathy-gabble_0.8.12-0ubuntu1.1.dsc deb3111d1371a492cbf2674fd37f9d568486b79b 10969 telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz Checksums-Sha256: 499e42200c4f823add2717108e40b6fb7b94d5fcdbcb348351384fc780022262 2580 telepathy-gabble_0.8.12-0ubuntu1.1.dsc 9f138af7701371df6c75d129d49c61a21b47c342e93c5343f96b30ae66711dce 10969 telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz Files: 7b16f1de82f1577bf264330c17d164a2 2580 net optional telepathy-gabble_0.8.12-0ubuntu1.1.dsc bced372df48c20f3c8f19a61c5511057 10969 net optional telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz Original-Maintainer: Debian Telepathy maintainers pkg-telepathy-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] vlc_1.0.6-1ubuntu1.5_armel_translations.tar.gz, vlc_1.0.6-1ubuntu1.5_sparc_translations.tar.gz (delayed), vlc, vlc_1.0.6-1ubuntu1.5_i386_translations.tar.gz, vlc_1.0.6-1ubuntu1
vlc (1.0.6-1ubuntu1.5) lucid-security; urgency=low * SECURITY UPDATE: memory corruption, code execution (LP: #714089) - debian/patches/mkv-input-validation.diff: Fix MKV improper input validation, thanks to Steve Lhomme - CVE-2011-0531 - VideoLAN-SA-1102 Date: Thu, 10 Feb 2011 00:00:19 +0100 Changed-By: Benjamin Drung bdr...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.5 Format: 1.8 Date: Thu, 10 Feb 2011 00:00:19 +0100 Source: vlc Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data Architecture: source Version: 1.0.6-1ubuntu1.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Benjamin Drung bdr...@ubuntu.com Description: libvlc-dev - development files for libvlc libvlc2- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore2 - base library for VLC and its modules mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC Launchpad-Bugs-Fixed: 714089 Changes: vlc (1.0.6-1ubuntu1.5) lucid-security; urgency=low . * SECURITY UPDATE: memory corruption, code execution (LP: #714089) - debian/patches/mkv-input-validation.diff: Fix MKV improper input validation, thanks to Steve Lhomme - CVE-2011-0531 - VideoLAN-SA-1102 Checksums-Sha1: 80013a8e14d08bb44c7c33de001297d5c00f343a 4008 vlc_1.0.6-1ubuntu1.5.dsc bdb375d09716cf924fb28029d66d0054e9f7b3cf 76268 vlc_1.0.6-1ubuntu1.5.diff.gz Checksums-Sha256: b04aee890313774c49035a13a3fde4f15d3edb95d4ea758e11b39de7af364d51 4008 vlc_1.0.6-1ubuntu1.5.dsc 7793ccf294cd182d8414fc923c43d65e232c05c3b3600ad53c70f4adabd94108 76268 vlc_1.0.6-1ubuntu1.5.diff.gz Files: b75dc6bc0787e6779bc53bb498a57b37 4008 video optional vlc_1.0.6-1ubuntu1.5.dsc 3cf9d0395e67af38ca2f0d777beb7b2f 76268 video optional vlc_1.0.6-1ubuntu1.5.diff.gz Original-Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openssl_0.9.8k-7ubuntu8.6_i386_translations.tar.gz, openssl_0.9.8k-7ubuntu8.6_ia64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.6_powerpc_translations.tar.gz, openssl_0.9.8k-7u
openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low * SECURITY UPDATE: OCSP stapling vulnerability - debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch: stricter parsing of ClientHello message in ssl/t1_lib.c - CVE-2011-0014 * Forward TLS version interop patch - debian/patches/openssl-forward-interop.patch - Handle TLS versions 2.0 and later properly and correctly use the highest version of TLS/SSL supported. Although TLS = 2.0 is some way off ancient servers have a habit of sticking around for a while... [Steve Henson] Date: Wed, 09 Feb 2011 16:47:44 -0800 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.6 Format: 1.8 Date: Wed, 09 Feb 2011 16:47:44 -0800 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: source Version: 0.9.8k-7ubuntu8.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl- Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Changes: openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low . * SECURITY UPDATE: OCSP stapling vulnerability - debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch: stricter parsing of ClientHello message in ssl/t1_lib.c - CVE-2011-0014 * Forward TLS version interop patch - debian/patches/openssl-forward-interop.patch - Handle TLS versions 2.0 and later properly and correctly use the highest version of TLS/SSL supported. Although TLS = 2.0 is some way off ancient servers have a habit of sticking around for a while... [Steve Henson] Checksums-Sha1: b3f064b99416d789caad144ee7dc2dd5d4922be6 2097 openssl_0.9.8k-7ubuntu8.6.dsc eeaf5f86572724dc772fca5c2623bdf451b991b6 113947 openssl_0.9.8k-7ubuntu8.6.diff.gz Checksums-Sha256: 3fef69b76674107664f0c74a95c073ecb44952caecaf853c3a01c5c7cfda38bc 2097 openssl_0.9.8k-7ubuntu8.6.dsc 7ab4b64668265ee6814278ac176c39117a6f10cfcf9dfa57f6ce82568ac2f247 113947 openssl_0.9.8k-7ubuntu8.6.diff.gz Files: a9aee866b987128cbb53018bb4c3e076 2097 utils optional openssl_0.9.8k-7ubuntu8.6.dsc 666d4d39c8d15495574b3e8cde84d14b 113947 utils optional openssl_0.9.8k-7ubuntu8.6.diff.gz Original-Maintainer: Debian OpenSSL Team pkg-openssl-de...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] shadow_4.1.4.2-1ubuntu2.2_ia64_translations.tar.gz, shadow_4.1.4.2-1ubuntu2.2_powerpc_translations.tar.gz, shadow_4.1.4.2-1ubuntu2.2_armel_translations.tar.gz, shadow, shadow_4
shadow (1:4.1.4.2-1ubuntu2.2) lucid-security; urgency=low * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd. - debian/patches/900_locale_env_sanity: actually set locale environment variables correctly. - debian/patches/901_reject_newline: reject newlines in GECOS updates. - CVE-2011-0721 Date: Mon, 14 Feb 2011 13:42:29 -0800 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/shadow/1:4.1.4.2-1ubuntu2.2 Format: 1.8 Date: Mon, 14 Feb 2011 13:42:29 -0800 Source: shadow Binary: passwd login Architecture: source Version: 1:4.1.4.2-1ubuntu2.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: login - system login tools passwd - change and administer password and group data Changes: shadow (1:4.1.4.2-1ubuntu2.2) lucid-security; urgency=low . * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd. - debian/patches/900_locale_env_sanity: actually set locale environment variables correctly. - debian/patches/901_reject_newline: reject newlines in GECOS updates. - CVE-2011-0721 Checksums-Sha1: 1af3b20eefc88f7da16fb0352f6953dba6afe017 2349 shadow_4.1.4.2-1ubuntu2.2.dsc a1c055a13f53258ab0824b2f409d987de19ed0f4 81829 shadow_4.1.4.2-1ubuntu2.2.diff.gz Checksums-Sha256: 1c048b0302159dad7dbd10e54092f69d215a713740cdd668a03290e41cf6cdc6 2349 shadow_4.1.4.2-1ubuntu2.2.dsc 28bcb02df69b2f015e0f9b7ac60f07ef44b3468e389e85ffb380b09558fbe097 81829 shadow_4.1.4.2-1ubuntu2.2.diff.gz Files: 788910a4c21d47240c4540f597c3fd72 2349 admin required shadow_4.1.4.2-1ubuntu2.2.dsc 877012c903d9fdcce5d77f017f2f0584 81829 admin required shadow_4.1.4.2-1ubuntu2.2.diff.gz Original-Maintainer: Shadow package maintainers pkg-shadow-de...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] qemu-kvm, qemu-kvm (delayed) 0.12.3+noroms-0ubuntu9.4 (Accepted)
qemu-kvm (0.12.3+noroms-0ubuntu9.4) lucid-security; urgency=low * SECURITY UPDATE: Setting VNC password to empty string silently disables all authentication (LP: #697197) - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson. - CVE-2011-0011 Date: Fri, 11 Feb 2011 09:57:30 -0600 Changed-By: Dustin Kirkland kirkl...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.4 Format: 1.8 Date: Fri, 11 Feb 2011 09:57:30 -0600 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.3+noroms-0ubuntu9.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Dustin Kirkland kirkl...@ubuntu.com Description: kvm- dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Launchpad-Bugs-Fixed: 697197 Changes: qemu-kvm (0.12.3+noroms-0ubuntu9.4) lucid-security; urgency=low . * SECURITY UPDATE: Setting VNC password to empty string silently disables all authentication (LP: #697197) - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson. - CVE-2011-0011 Checksums-Sha1: 84d0c516920b2b9184d0cc720b22ad8ac545f4a0 2195 qemu-kvm_0.12.3+noroms-0ubuntu9.4.dsc 3e55fe748d23d5214e454066d9ec968e54d18fe2 59055 qemu-kvm_0.12.3+noroms-0ubuntu9.4.diff.gz Checksums-Sha256: 12bafa5a96f2cb4dbdb0d227669ee56c5ab738b9cfa7485e040215a046e5a4aa 2195 qemu-kvm_0.12.3+noroms-0ubuntu9.4.dsc 941034be641f51986e45a6c63f6347c0eaf8697d0ec224168dbda1a70363cdaf 59055 qemu-kvm_0.12.3+noroms-0ubuntu9.4.diff.gz Files: 0cfe7be7ae0d42394c7faa4d7b14cd4d 2195 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.4.dsc ddd620576dad48286d6844784606f663 59055 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.4.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] krb5, krb5_1.8.1+dfsg-2ubuntu0.6_i386_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.6_ia64_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.6_powerpc_translations.tar.gz, krb5_1.8
krb5 (1.8.1+dfsg-2ubuntu0.6) lucid-security; urgency=low * SECURITY UPDATE: kpropd denial of service via invalid network input - src/slave/kpropd.c: don't return on kpropd child exit; applied inline. - CVE-2010-4022 - MITKRB5-SA-2011-001 * SECURITY UPDATE: kdc denial of service from unauthenticated remote attackers - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h, src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: applied inline - CVE-2011-0281 - CVE-2011-0282 - MITKRB5-SA-2011-002 Date: Wed, 09 Feb 2011 12:31:51 -0800 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.6 Format: 1.8 Date: Wed, 09 Feb 2011 12:31:51 -0800 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.8.1+dfsg-2ubuntu0.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.8.1+dfsg-2ubuntu0.6) lucid-security; urgency=low . * SECURITY UPDATE: kpropd denial of service via invalid network input - src/slave/kpropd.c: don't return on kpropd child exit; applied inline. - CVE-2010-4022 - MITKRB5-SA-2011-001 * SECURITY UPDATE: kdc denial of service from unauthenticated remote attackers - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h, src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: applied inline - CVE-2011-0281 - CVE-2011-0282 - MITKRB5-SA-2011-002 Checksums-Sha1: c0b34718791daa4981b84ab039c38b3cf34c32da 2323 krb5_1.8.1+dfsg-2ubuntu0.6.dsc d7d49d5c6365910b6707e30972e1020b2d237857 131056 krb5_1.8.1+dfsg-2ubuntu0.6.diff.gz Checksums-Sha256: 7d432d428e49d6456908a599136e7ff4e3e7ec82130b544401ebf256ee8152df 2323 krb5_1.8.1+dfsg-2ubuntu0.6.dsc 4d26c3d098958e52bec654b79387c88c459499103c21c5dfea3d8074d1212e5a 131056 krb5_1.8.1+dfsg-2ubuntu0.6.diff.gz Files: 6a19f2ba141e0b96c3c8e4fd59f559ed 2323 net standard krb5_1.8.1+dfsg-2ubuntu0.6.dsc 39e2e27334dbc04b0c7f3e9463e1bef1 131056 net standard krb5_1.8.1+dfsg-2ubuntu0.6.diff.gz Original-Maintainer: Sam Hartman hartm...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] italc_1.0.9.1-0ubuntu18.10.04.1_powerpc_translations.tar.gz, italc_1.0.9.1-0ubuntu18.10.04.1_i386_translations.tar.gz, italc_1.0.9.1-0ubuntu18.10.04.1_armel_translations.tar.gz
italc (1:1.0.9.1-0ubuntu18.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: private keys potentially reused from liveCD. - debian/italc-client.postinst: re-generate the private and public keys when they match one of the Edubuntu Live DVD ones (LP: #714864) - CVE-2011-0724 Date: Mon, 07 Feb 2011 22:21:23 -0500 Changed-By: Stéphane Graber stgra...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/italc/1:1.0.9.1-0ubuntu18.10.04.1 Format: 1.8 Date: Mon, 07 Feb 2011 22:21:23 -0500 Source: italc Binary: italc-master italc-client libitalc Architecture: source Version: 1:1.0.9.1-0ubuntu18.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Stéphane Graber stgra...@ubuntu.com Description: italc-client - Intelligent Teaching and Learning with Computers (client part) italc-master - Intelligent Teaching and Learning with Computers (master part) libitalc - Intelligent Teaching and Learning with Computers (library) Launchpad-Bugs-Fixed: 714864 Changes: italc (1:1.0.9.1-0ubuntu18.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: private keys potentially reused from liveCD. - debian/italc-client.postinst: re-generate the private and public keys when they match one of the Edubuntu Live DVD ones (LP: #714864) - CVE-2011-0724 Checksums-Sha1: d5f287b80cbfb0b2a7261976294f7917d133706d 1944 italc_1.0.9.1-0ubuntu18.10.04.1.dsc 3163cc9327e576770595d204c8292e8e8be4ff9e 17359 italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz Checksums-Sha256: 57bab3a25bdb0c20aaaeb51644629691c7e6a3b32d0570817b34f1d0314e241e 1944 italc_1.0.9.1-0ubuntu18.10.04.1.dsc b5a53c751d2442e682c5ae4297329c18af95d6e8703ecfb74ca46865dcd51396 17359 italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz Files: 462055fb0ec328c3bc732189bb9b78ff 1944 x11 optional italc_1.0.9.1-0ubuntu18.10.04.1.dsc 01b5b5b9b20a3318de6eebff121bc060 17359 x11 optional italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz Original-Maintainer: Patrick Winnertz win...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1_i386_translations.tar.gz (delayed), flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1_amd64_translations.tar.gz
flashplugin-nonfree (10.2.152.27ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: New upstream release 10.2.152.27 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0558 - CVE-2011-0559 - CVE-2011-0560 - CVE-2011-0561 - CVE-2011-0571 - CVE-2011-0572 - CVE-2011-0573 - CVE-2011-0574 - CVE-2011-0575 - CVE-2011-0577 - CVE-2011-0578 - CVE-2011-0607 - CVE-2011-0608 Date: Wed, 09 Feb 2011 08:59:49 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.2.152.27ubuntu0.10.04.1 Format: 1.8 Date: Wed, 09 Feb 2011 08:59:49 -0500 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.2.152.27ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.2.152.27ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: New upstream release 10.2.152.27 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0558 - CVE-2011-0559 - CVE-2011-0560 - CVE-2011-0561 - CVE-2011-0571 - CVE-2011-0572 - CVE-2011-0573 - CVE-2011-0574 - CVE-2011-0575 - CVE-2011-0577 - CVE-2011-0578 - CVE-2011-0607 - CVE-2011-0608 Checksums-Sha1: 8e1a0e290c6499d9e7061d9d109c79b74d113928 1639 flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.dsc ae98c1a1a06d3cd7a35a36b85bbb827dfa4da486 26114 flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.tar.gz Checksums-Sha256: da521037a21411a53196b53bb284d156605c47dfa206906c8d9354e8213270b4 1639 flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.dsc 0d1486705daae4d85c4a8a794123288d4f28be0ab30f8a08700ad700cbce512d 26114 flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.tar.gz Files: cb31fe8a151148d9a901de87bb43e6cc 1639 contrib/web optional flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.dsc c56a9edff7a13f3ce628832acf49ddcf 26114 contrib/web optional flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.tar.gz Original-Maintainer: Bart Martens ba...@knars.be -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] dovecot, dovecot (delayed) 1:1.2.9-1ubuntu6.3 (Accepted)
dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low * SECURITY UPDATE: information disclosure via newly created mailboxes with incorrect ACLs - debian/patches/CVE-2010-3304.patch: verify the directory isn't the same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3304 * SECURITY UPDATE: ACL bypass via incorrect ACL merging - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c, acl-cache.c}. - CVE-2010-3706 - CVE-2010-3707 * SECURITY UPDATE: restriction bypass via mailbox ACL changing - debian/patches/CVE-2010-3779.patch: don't give admin rights to all owner mailboxes in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3779 * SECURITY UPDATE: denial of service via many simultaneous disconnects. - debian/patches/CVE-2010-3780.patch: don't die after three failed writes to log in src/lib/failures.c. - CVE-2010-3780 * debian/control: removed linux-kernel-headers from Build-Conflicts to resolve building with sbuild. * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that was in -proposed. Date: Mon, 31 Jan 2011 13:53:14 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dovecot/1:1.2.9-1ubuntu6.3 Format: 1.8 Date: Mon, 31 Jan 2011 13:53:14 -0500 Source: dovecot Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-dbg Architecture: source Version: 1:1.2.9-1ubuntu6.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: dovecot-common - secure mail server that supports mbox and maildir mailboxes dovecot-dbg - debug symbols for Dovecot dovecot-dev - header files for the dovecot mail server dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes dovecot-postfix - full mail server stack provided by Ubuntu server team Changes: dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low . * SECURITY UPDATE: information disclosure via newly created mailboxes with incorrect ACLs - debian/patches/CVE-2010-3304.patch: verify the directory isn't the same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3304 * SECURITY UPDATE: ACL bypass via incorrect ACL merging - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c, acl-cache.c}. - CVE-2010-3706 - CVE-2010-3707 * SECURITY UPDATE: restriction bypass via mailbox ACL changing - debian/patches/CVE-2010-3779.patch: don't give admin rights to all owner mailboxes in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3779 * SECURITY UPDATE: denial of service via many simultaneous disconnects. - debian/patches/CVE-2010-3780.patch: don't die after three failed writes to log in src/lib/failures.c. - CVE-2010-3780 * debian/control: removed linux-kernel-headers from Build-Conflicts to resolve building with sbuild. * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that was in -proposed. Checksums-Sha1: ae8f0f0d17203353acbdcb9791aeaa4523c3b97a 2318 dovecot_1.2.9-1ubuntu6.3.dsc ed002c84dc317e12ca47df39d1c25a5cf91c0ada 1418658 dovecot_1.2.9-1ubuntu6.3.debian.tar.gz Checksums-Sha256: f95d48ba219c799d910cfa89243cd154951b966446f1cbac487d8c73f06c8f8f 2318 dovecot_1.2.9-1ubuntu6.3.dsc 29f6e4901bad4247c2e07ff8ad2dcee01c2c7afd1a33beafe68059f29e8d0bb5 1418658 dovecot_1.2.9-1ubuntu6.3.debian.tar.gz Files: fec51e228070f787fb056143796db75c 2318 mail optional dovecot_1.2.9-1ubuntu6.3.dsc e63585f0ff54bca7e0bf13cfc231b71f 1418658 mail optional dovecot_1.2.9-1ubuntu6.3.debian.tar.gz Original-Maintainer: Dovecot Maintainers jaldhar-dove...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openoffice.org, openoffice.org_3.2.0-7ubuntu4.2_amd64_translations.tar.gz, openoffice.org_3.2.0-7ubuntu4.2_armel_translations.tar.gz, openoffice.org_3.2.0-7ubuntu4.2_powerpc_tr
openoffice.org (1:3.2.0-7ubuntu4.2) lucid-security; urgency=low * SECURITY UPDATE: multiple OpenOffice.org vulnerabilities. - debian/patches/SA40775.diff: buffer overflow fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-2935, CVE-2010-2936). - debian/patches/tread-invalid-path-segments-correctly.diff: directory traversal fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-3450). - debian/patches/cws-hb22.diff: multiple fixes from upstream, patch thanks to Rene Engelhard. - corrupt table model in RTF parser (CVE-2010-3451) - SwRTFParser::ReadNumSecLevel (CVE-2010-3452) - WW8ListManager::WW8ListManager (CVE-2010-3453) - WW8DopTypography::ReadFromMem (CVE-2010-3454) - LD_LIBRARY_PATH current directory injection (CVE-2010-3689) - debian/patches/security-fixes-drom-cws-os145.diff: heap overflow in PPT fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4253). - debian/patches/security-fixes-from-cws-impress208.diff: heap overflow in TGA fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4643). Date: Tue, 25 Jan 2011 12:54:50 -0800 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/openoffice.org/1:3.2.0-7ubuntu4.2 Format: 1.8 Date: Tue, 25 Jan 2011 12:54:50 -0800 Source: openoffice.org Binary: openoffice.org broffice.org openoffice.org-l10n-za openoffice.org-l10n-in openoffice.org-core openoffice.org-common openoffice.org-java-common openoffice.org-writer openoffice.org-calc openoffice.org-impress openoffice.org-draw openoffice.org-math openoffice.org-base-core openoffice.org-base openoffice.org-style-crystal openoffice.org-style-oxygen openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-style-human openoffice.org-style-hicontrast openoffice.org-style-galaxy openoffice.org-style-andromeda openoffice.org-gtk openoffice.org-gnome openoffice.org-evolution openoffice.org-emailmerge python-uno openoffice.org-officebean openoffice.org-filter-binfilter openoffice.org-filter-mobiledev libmythes-dev openoffice.org-dtd-officedocument1.0 uno-libs3 uno-libs3-dbg ure ure-dbg openoffice.org-gcj cli-uno-bridge libuno-cli-basetypes1.0-cil libuno-cli-uretypes1.0-cil libuno-cli-oootypes1.0-cil libuno-cli-cppuhelper1.0-cil libuno-cli-ure1.0-cil mozilla-openoffice.org openoffice.org-ogltrans openoffice.org-wiki-publisher openoffice.org-report-builder openoffice.org-report-builder-bin openoffice.org-presentation-minimizer openoffice.org-presenter-console openoffice.org-pdfimport ttf-opensymbol openoffice.org-dev openoffice.org-dev-doc openoffice.org-kde openoffice.org-kab openoffice.org-sdbc-postgresql openoffice.org-mysql-connector Architecture: source Version: 1:3.2.0-7ubuntu4.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: broffice.org - office productivity suite -- BrOffice.org branding cli-uno-bridge - OpenOffice.org bindings for Mono CLI libmythes-dev - simple thesaurus library -- development files libuno-cli-basetypes1.0-cil - OpenOffice.org bindings for Mono CLI -- base types libuno-cli-cppuhelper1.0-cil - OpenOffice.org bindings for Mono CLI -- bootstrapping library libuno-cli-oootypes1.0-cil - OpenOffice.org bindings for Mono CLI -- OpenOffice.org type libra libuno-cli-ure1.0-cil - OpenOffice.org bindings for Mono CLI -- helper classes libuno-cli-uretypes1.0-cil - OpenOffice.org bindings for Mono CLI -- URE type library mozilla-openoffice.org - office productivity suite -- Mozilla plugin openoffice.org - office productivity suite openoffice.org-base - office productivity suite -- database openoffice.org-base-core - office productivity suite -- shared library openoffice.org-calc - office productivity suite -- spreadsheet openoffice.org-common - office productivity suite -- arch-independent files openoffice.org-core - office productivity suite -- arch-dependent files openoffice.org-dev - office productivity suite -- SDK openoffice.org-dev-doc - office productivity suite -- SDK documentation openoffice.org-draw - office productivity suite -- drawing openoffice.org-dtd-officedocument1.0 - office productivity suite -- legacy 1.0 XML DTD openoffice.org-emailmerge - office productivity suite -- email mail merge openoffice.org-evolution - office productivity suite -- Evolution addressbook support openoffice.org-filter-binfilter - office productivity suite -- legacy filters (e.g. StarOffice 5.2) openoffice.org-filter-mobiledev - office productivity suite -- mobile devices filters openoffice.org-gcj - office productivity suite -- Java libraries for GIJ openoffice.org-gnome - office productivity suite -- GNOME integration openoffice.org-gtk - office productivity suite -- GTK+ integration
[ubuntu/lucid-security] subversion_1.6.6dfsg-2ubuntu1.1_amd64_translations.tar.gz, subversion_1.6.6dfsg-2ubuntu1.1_powerpc_translations.tar.gz, subversion_1.6.6dfsg-2ubuntu1.1_ia64_translations.tar.gz
subversion (1.6.6dfsg-2ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: restriction bypass via named repo as a rule scope - debian/patches/CVE-2010-3315.patch: use repo_basename in subversion/mod_dav_svn/authz.c. - CVE-2010-3315 * SECURITY UPDATE: denial of service via SVNParentPath walking - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath collection in subversion/mod_dav_svn/repos.c. - CVE-2010-4539 * SECURITY UPDATE: denial of service via -g memory leaks - debian/patches/CVE-2010-4644.patch: improve logic in subversion/libsvn_repos/rev_hunt.c. - CVE-2010-4644 Date: Fri, 14 Jan 2011 12:36:43 -0600 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/subversion/1.6.6dfsg-2ubuntu1.1 Format: 1.8 Date: Fri, 14 Jan 2011 12:36:43 -0600 Source: subversion Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby Architecture: source Version: 1.6.6dfsg-2ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion python-subversion-dbg - Python bindings for Subversion (debug extension) subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion Changes: subversion (1.6.6dfsg-2ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: restriction bypass via named repo as a rule scope - debian/patches/CVE-2010-3315.patch: use repo_basename in subversion/mod_dav_svn/authz.c. - CVE-2010-3315 * SECURITY UPDATE: denial of service via SVNParentPath walking - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath collection in subversion/mod_dav_svn/repos.c. - CVE-2010-4539 * SECURITY UPDATE: denial of service via -g memory leaks - debian/patches/CVE-2010-4644.patch: improve logic in subversion/libsvn_repos/rev_hunt.c. - CVE-2010-4644 Checksums-Sha1: 09847812451846f1c4368d252a214c17efa0b78e 2683 subversion_1.6.6dfsg-2ubuntu1.1.dsc c57ffc577b806603d5441782356a4e9d2d755d80 113229 subversion_1.6.6dfsg-2ubuntu1.1.diff.gz Checksums-Sha256: 2ec05d4bebdc7e2c7c13c440157ad45424d33dbfddc7d014002c52f573b3b274 2683 subversion_1.6.6dfsg-2ubuntu1.1.dsc 5394174a2c2e8110f0a1db903e7c8398342a562a31239537b3f37f25f7d033dc 113229 subversion_1.6.6dfsg-2ubuntu1.1.diff.gz Files: fecd83d9cae9d8460eb81f8eeb81a6eb 2683 vcs optional subversion_1.6.6dfsg-2ubuntu1.1.dsc 91e4c53093dca55bc4fbf8ec98720e36 113229 vcs optional subversion_1.6.6dfsg-2ubuntu1.1.diff.gz Original-Maintainer: Peter Samuelson pe...@p12n.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openjdk-6b18 (delayed), openjdk-6b18 6b18-1.8.5-0ubuntu1~10.04.1 (Accepted)
openjdk-6b18 (6b18-1.8.5-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Date: Thu, 27 Jan 2011 10:30:52 +0100 Changed-By: Matthias Klose d...@ubuntu.com Maintainer: OpenJDK Team open...@lists.launchpad.net https://launchpad.net/ubuntu/lucid/+source/openjdk-6b18/6b18-1.8.5-0ubuntu1~10.04.1 Format: 1.8 Date: Thu, 27 Jan 2011 10:30:52 +0100 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.5-0ubuntu1~10.04.1 Distribution: lucid-security Urgency: low Maintainer: OpenJDK Team open...@lists.launchpad.net Changed-By: Matthias Klose d...@ubuntu.com Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Changes: openjdk-6b18 (6b18-1.8.5-0ubuntu1~10.04.1) lucid-security; urgency=low . * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Checksums-Sha1: c1a0311281ba340ec0839c30481bb2464abc2418 3056 openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc 80ba4e92b7fb607bf027a16f1f2fc6273b5b46ba 71411043 openjdk-6b18_6b18-1.8.5.orig.tar.gz 3fd6ea528f2cc9c9bd7b074b2cc98fe395b46254 131798 openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz Checksums-Sha256: 0700b4dd30c9d582dd3c74dc1b9c048ddb827bb89a0bdd923e2c47fb2f33c9ed 3056 openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc 1a7c1c81bcd638e5a621f03943e10c616610eeb3d10726d13503ef3d0157deb8 71411043 openjdk-6b18_6b18-1.8.5.orig.tar.gz d1a74f4f7250c2bcaa2260e4f2107787630928fe46ae4cb135a7c6b786b62ecc 131798 openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz Files: 1df0b04c982b3bf22c1dbe70fe59ea32 3056 java optional openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc bd54d036357114075c6d4cfb162cb3ad 71411043 java optional openjdk-6b18_6b18-1.8.5.orig.tar.gz 93e1c17619a492d6d98d4c93d088a9f3 131798 java optional openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.5-0ubuntu1~10.04.1 (Accepted)
openjdk-6 (6b20-1.9.5-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.9.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Date: Thu, 27 Jan 2011 10:13:13 +0100 Changed-By: Matthias Klose d...@ubuntu.com Maintainer: OpenJDK Team open...@lists.launchpad.net https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.5-0ubuntu1~10.04.1 Format: 1.8 Date: Thu, 27 Jan 2011 10:13:13 +0100 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.5-0ubuntu1~10.04.1 Distribution: lucid-security Urgency: low Maintainer: OpenJDK Team open...@lists.launchpad.net Changed-By: Matthias Klose d...@ubuntu.com Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.5-0ubuntu1~10.04.1) lucid-security; urgency=low . * IcedTea6 1.9.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Checksums-Sha1: cf7db978a4e9887d79658bbbfcf91543da9421cc 3077 openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc af31b860879bddaa6c3754450198072829f0db3e 73242981 openjdk-6_6b20-1.9.5.orig.tar.gz 1ffba7df277422dfe314ba0af5f181e51df05f97 130653 openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz Checksums-Sha256: 0bdb6b11849f9bc918adb157879c59f7bfc21307f7da7b83e2cf476716824d42 3077 openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc 083ba959b06c8ba0c8ee50fa971cc640fd7c8c585c5f7bdc808b3a717a539f95 73242981 openjdk-6_6b20-1.9.5.orig.tar.gz 0a868952cc4f25eea22ff4dd48620637342186c88bfd4ac3901ce3690081bee8 130653 openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz Files: 40a56a96db71060b96816204590f877f 3077 java optional openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc a46692c197b9d63625a0593f0f5261a1 73242981 java optional openjdk-6_6b20-1.9.5.orig.tar.gz 4250574bc50a42af16707919a2c09791 130653 java optional openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openjdk-6b18 (delayed), openjdk-6b18 6b18-1.8.4-0ubuntu1~10.04.1 (Accepted)
openjdk-6b18 (6b18-1.8.4-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.8.4 release. - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Date: Fri, 07 Jan 2011 11:40:12 +0100 Changed-By: Matthias Klose d...@ubuntu.com Maintainer: OpenJDK Team open...@lists.launchpad.net https://launchpad.net/ubuntu/lucid/+source/openjdk-6b18/6b18-1.8.4-0ubuntu1~10.04.1 Format: 1.8 Date: Fri, 07 Jan 2011 11:40:12 +0100 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.4-0ubuntu1~10.04.1 Distribution: lucid-security Urgency: low Maintainer: OpenJDK Team open...@lists.launchpad.net Changed-By: Matthias Klose d...@ubuntu.com Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Changes: openjdk-6b18 (6b18-1.8.4-0ubuntu1~10.04.1) lucid-security; urgency=low . * IcedTea6 1.8.4 release. - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Checksums-Sha1: fc0ae1d8a6d698445e69902a2cfa79e0942ebee7 3056 openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.dsc 1ae7f2e13c8c5e94006407e8d837835a8386abaf 71375187 openjdk-6b18_6b18-1.8.4.orig.tar.gz b86096b7f684f13b5ab408cf78f254d7fc0692fd 142566 openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.diff.gz Checksums-Sha256: a4dcc22e215357fed6a9d830ec355b8d44e8e15034631518c88498d1c275d2eb 3056 openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.dsc ee12559a7ece35b62fdfe35ec34ee4e6b31f8e503967fb5313da7198fdd25091 71375187 openjdk-6b18_6b18-1.8.4.orig.tar.gz e1fba0ab4041af568fc7e0cc4826c1194ee3760a7c287157d54ee62944b9d51a 142566 openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.diff.gz Files: 8f97f5c3302d0cd0b5abff9ab17415b9 3056 java optional openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.dsc 36e126c797818b9385d8ac48136782de 71375187 java optional openjdk-6b18_6b18-1.8.4.orig.tar.gz 9fca90a013d88bd6c0baebcdecd01283 142566 java optional openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.4-0ubuntu1~10.04.1 (Accepted)
openjdk-6 (6b20-1.9.4-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.9.4 release. - CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Date: Thu, 06 Jan 2011 23:39:28 +0100 Changed-By: Matthias Klose d...@ubuntu.com Maintainer: OpenJDK Team open...@lists.launchpad.net https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.4-0ubuntu1~10.04.1 Format: 1.8 Date: Thu, 06 Jan 2011 23:39:28 +0100 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.4-0ubuntu1~10.04.1 Distribution: lucid-security Urgency: low Maintainer: OpenJDK Team open...@lists.launchpad.net Changed-By: Matthias Klose d...@ubuntu.com Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.4-0ubuntu1~10.04.1) lucid-security; urgency=low . * IcedTea6 1.9.4 release. - CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Checksums-Sha1: 71e2b970c64168f1a5715a5430c86ba9c3cc3686 3077 openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.dsc efc457659270ef7b4da1bddfbbb59cc774352365 73205024 openjdk-6_6b20-1.9.4.orig.tar.gz 4f388e9f5d5a82ef3607332507569305665c092d 130615 openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.diff.gz Checksums-Sha256: 0f9aa7c43a3d6f33ac626ea6054e33a3533fa9f80fa79d5a55ee22c7c964a643 3077 openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.dsc 41a411e45d069ea02937182ab6ee0dbb6bfd4c3a8802b429a9786d77227038b2 73205024 openjdk-6_6b20-1.9.4.orig.tar.gz 68841ba38d05f1090c284baa42ab62c263031c96fe32def3bb2d8a5c95bc5573 130615 openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.diff.gz Files: 0166e34134c4a1f1e3e4e006705f9b5c 3077 java optional openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.dsc b8a99377ee01bc543e73c21caba0e16d 73205024 java optional openjdk-6_6b20-1.9.4.orig.tar.gz b6bd90a6a401bec50e8bf9900852113b 130615 java optional openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] hplip_3.10.2-2ubuntu2.2_armel_translations.tar.gz, hplip_3.10.2-2ubuntu2.2_sparc_translations.tar.gz (delayed), hplip_3.10.2-2ubuntu2.2_i386_translations.tar.gz, hplip, hplip_3
hplip (3.10.2-2ubuntu2.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible arbitrary code execution via long SNMP response - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c. - CVE-2010-4267 Date: Mon, 24 Jan 2011 11:25:11 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/hplip/3.10.2-2ubuntu2.2 Format: 1.8 Date: Mon, 24 Jan 2011 11:25:11 -0500 Source: hplip Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs hplip-cups libhpmud0 libhpmud-dev Architecture: source Version: 3.10.2-2ubuntu2.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs) hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files hplip - HP Linux Printing and Imaging System (HPLIP) hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups) hplip-data - HP Linux Printing and Imaging - data files hplip-dbg - HP Linux Printing and Imaging - debugging information hplip-doc - HP Linux Printing and Imaging - documentation hplip-gui - HP Linux Printing and Imaging - GUI utilities libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries libhpmud0 - HP Multi-Point Transport Driver (hpmud) run-time libraries Changes: hplip (3.10.2-2ubuntu2.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible arbitrary code execution via long SNMP response - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c. - CVE-2010-4267 Checksums-Sha1: 59267d182271ac913bc909f49a81475efb5c2483 2623 hplip_3.10.2-2ubuntu2.2.dsc f04829565d200cc7af308334d191074db4e2a8df 92048 hplip_3.10.2-2ubuntu2.2.diff.gz Checksums-Sha256: 79eab27958ff3f08af16b9d53e0181755094ed159ea288ff9568632568addc48 2623 hplip_3.10.2-2ubuntu2.2.dsc f6f2b75a49119f573ea1a082350c75e593e70c96fc44864a3a0bd405aac0dee5 92048 hplip_3.10.2-2ubuntu2.2.diff.gz Files: 02586d2ea60d91d22fd10725013de412 2623 utils optional hplip_3.10.2-2ubuntu2.2.dsc ce04ffbba2b3d38965c34e579f410a3e 92048 utils optional hplip_3.10.2-2ubuntu2.2.diff.gz Original-Maintainer: Debian HPIJS and HPLIP maintainers pkg-hpijs-de...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] vlc_1.0.6-1ubuntu1.4_i386_translations.tar.gz, vlc_1.0.6-1ubuntu1.4_amd64_translations.tar.gz, vlc, vlc_1.0.6-1ubuntu1.4_powerpc_translations.tar.gz, vlc_1.0.6-1ubuntu1.4_armel
vlc (1.0.6-1ubuntu1.4) lucid-security; urgency=low * SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154) - debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG decoder, thanks to Dan Rosenberg * SECURITY UPDATE: heap corruption in some XML based subtitles decoder - debian/patches/xml-heap-corruption.diff: Handle early termination properly in StripTags, thanks to Harry Sintonen Date: Mon, 24 Jan 2011 22:59:31 +0100 Changed-By: Benjamin Drung bdr...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.4 Format: 1.8 Date: Mon, 24 Jan 2011 22:59:31 +0100 Source: vlc Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data Architecture: source Version: 1.0.6-1ubuntu1.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Benjamin Drung bdr...@ubuntu.com Description: libvlc-dev - development files for libvlc libvlc2- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore2 - base library for VLC and its modules mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC Launchpad-Bugs-Fixed: 707154 Changes: vlc (1.0.6-1ubuntu1.4) lucid-security; urgency=low . * SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154) - debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG decoder, thanks to Dan Rosenberg * SECURITY UPDATE: heap corruption in some XML based subtitles decoder - debian/patches/xml-heap-corruption.diff: Handle early termination properly in StripTags, thanks to Harry Sintonen Checksums-Sha1: cf24679f5180b8c02d71a02badc5d368475db98e 4008 vlc_1.0.6-1ubuntu1.4.dsc d041e43aef51b3275a4cece4a939da457aaf31a5 74829 vlc_1.0.6-1ubuntu1.4.diff.gz Checksums-Sha256: 3e3314fd557e1f3c1791122946fd1f2fda4736a8ff3abc819079c6af80711a9e 4008 vlc_1.0.6-1ubuntu1.4.dsc 6410d8f739af239b4df53bac37cc24a2b090e09facf643d6fc2ac75def629282 74829 vlc_1.0.6-1ubuntu1.4.diff.gz Files: e4caa40c21ba9be453a9e350a74cacb7 4008 video optional vlc_1.0.6-1ubuntu1.4.dsc a3a70ef2d93eb08b2046e79324401ed8 74829 video optional vlc_1.0.6-1ubuntu1.4.diff.gz Original-Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] tomcat6, tomcat6 (delayed) 6.0.24-2ubuntu1.6 (Accepted)
tomcat6 (6.0.24-2ubuntu1.6) lucid-security; urgency=low * SECURITY UPDATE: cross-site scripting in Manager application - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to java/org/apache/catalina/manager/JspHelper.java, webapps/manager/{sessionDetail,sessionsList}.jsp. - patch backported from Debian 6.0.28-9 package - CVE-2010-4172 Date: Thu, 13 Jan 2011 15:32:24 -0600 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/tomcat6/6.0.24-2ubuntu1.6 Format: 1.8 Date: Thu, 13 Jan 2011 15:32:24 -0600 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: source Version: 6.0.24-2ubuntu1.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6- Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- documentation tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat6 (6.0.24-2ubuntu1.6) lucid-security; urgency=low . * SECURITY UPDATE: cross-site scripting in Manager application - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to java/org/apache/catalina/manager/JspHelper.java, webapps/manager/{sessionDetail,sessionsList}.jsp. - patch backported from Debian 6.0.28-9 package - CVE-2010-4172 Checksums-Sha1: 8ca437b2f5ef079f4df0ad0ed782b43ff437b880 2405 tomcat6_6.0.24-2ubuntu1.6.dsc 141fc3c84f9b4231f07b93afd4e82b8910c07566 32782 tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz Checksums-Sha256: ba6deea37bb41459612dc9927f8d9c90ece17931d122775c509bdcfb9c17a2ff 2405 tomcat6_6.0.24-2ubuntu1.6.dsc 9340d9d72fa398c8af58e295981857902eff70f7a11482a4177df320f81026e1 32782 tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz Files: 2ee1921228239791f5aab04bc2bf6c48 2405 java optional tomcat6_6.0.24-2ubuntu1.6.dsc d369c0e8ab9ef06c320a74ba10c5e361 32782 java optional tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz Original-Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] awstats, awstats (delayed) 6.9~dfsg-1ubuntu3.10.04.1 (Accepted)
awstats (6.9~dfsg-1ubuntu3.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: directory traversal via crafted LoadPlugin directory - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin name in wwwroot/cgi-bin/awstats.pl. - CVE-2010-4369 Date: Tue, 11 Jan 2011 17:05:56 -0600 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Core Develoers ubuntu-de...@lists.ubunutu.com https://launchpad.net/ubuntu/lucid/+source/awstats/6.9~dfsg-1ubuntu3.10.04.1 Format: 1.8 Date: Tue, 11 Jan 2011 17:05:56 -0600 Source: awstats Binary: awstats Architecture: source Version: 6.9~dfsg-1ubuntu3.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Develoers ubuntu-de...@lists.ubunutu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: awstats- powerful and featureful web server log analyzer Changes: awstats (6.9~dfsg-1ubuntu3.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: directory traversal via crafted LoadPlugin directory - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin name in wwwroot/cgi-bin/awstats.pl. - CVE-2010-4369 Checksums-Sha1: fa3b53c078517f0fb550a20e45cbb8eaa76405f8 2202 awstats_6.9~dfsg-1ubuntu3.10.04.1.dsc 7afdd754b08ffc24f2d9a88fb320fc80afc59d39 45789 awstats_6.9~dfsg-1ubuntu3.10.04.1.diff.gz Checksums-Sha256: a496105d51efe8048ad7c81bd408523ea3fd365d2f6fccd37a9e87d5ec516674 2202 awstats_6.9~dfsg-1ubuntu3.10.04.1.dsc 8864fcb4d1c514eee4997c0ec38c2943321b5fb1b5830393c8556a19a39a2e6f 45789 awstats_6.9~dfsg-1ubuntu3.10.04.1.diff.gz Files: 2536cf6fe0fbec527f16cf6e5e3ada47 2202 web optional awstats_6.9~dfsg-1ubuntu3.10.04.1.dsc f21c60b02413fc47263702e37bbd317c 45789 web optional awstats_6.9~dfsg-1ubuntu3.10.04.1.diff.gz Original-Maintainer: Debian AWStats Team pkg-awstats-de...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] xpdf, xpdf (delayed) 3.02-2ubuntu1.1 (Accepted)
xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. (LP: #701220) - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3702 * SECURITY UPDATE: FoFiType1::parse function allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. (LP: #701220) - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3704 Date: Thu, 20 Jan 2011 16:49:30 -0500 Changed-By: Brian Thomason brian.thoma...@canonical.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/xpdf/3.02-2ubuntu1.1 Format: 1.8 Date: Thu, 20 Jan 2011 16:49:30 -0500 Source: xpdf Binary: xpdf xpdf-common xpdf-reader xpdf-utils Architecture: source Version: 3.02-2ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Brian Thomason brian.thoma...@canonical.com Description: xpdf - Portable Document Format (PDF) suite xpdf-common - Portable Document Format (PDF) suite -- common files xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11 xpdf-utils - Portable Document Format (PDF) suite -- utilities Launchpad-Bugs-Fixed: 701220 701220 Changes: xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. (LP: #701220) - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3702 * SECURITY UPDATE: FoFiType1::parse function allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. (LP: #701220) - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3704 Checksums-Sha1: 26525da9aa5a2d9fbbbd56101165d21d85eedd44 2076 xpdf_3.02-2ubuntu1.1.dsc 5dfe873a44f6152f8cba13832cbcce77bfc35cbc 59861 xpdf_3.02-2ubuntu1.1.debian.tar.gz Checksums-Sha256: 2b0509ad1ee4e67d560468f24aa7bce802ad2de24bc72c8fe247eee0aa9ff8b4 2076 xpdf_3.02-2ubuntu1.1.dsc 6162b2b0b905c2cdffd0f7cdbe202d818d84d435c39a15329b9c53ddad6305bd 59861 xpdf_3.02-2ubuntu1.1.debian.tar.gz Files: 6e0ba37a8b31fde9b8eda5281e331c5d 2076 text optional xpdf_3.02-2ubuntu1.1.dsc 9629b96bed87639ab211b12a92105702 59861 text optional xpdf_3.02-2ubuntu1.1.debian.tar.gz Original-Maintainer: Michael Gilbert michael.s.gilb...@gmail.com -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] asterisk (delayed), asterisk 1:1.6.2.5-0ubuntu1.3 (Accepted)
asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 Date: Thu, 20 Jan 2011 23:31:55 + Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com Maintainer: Ubuntu MOTU Developers ubuntu-m...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/asterisk/1:1.6.2.5-0ubuntu1.3 Format: 1.8 Date: Thu, 20 Jan 2011 23:31:55 + Source: asterisk Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: source Version: 1:1.6.2.5-0ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu MOTU Developers ubuntu-m...@lists.ubuntu.com Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h323 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Launchpad-Bugs-Fixed: 705014 Changes: asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 Checksums-Sha1: 010f082e46b48dc6a2fb612fadc95fec44865d98 2683 asterisk_1.6.2.5-0ubuntu1.3.dsc 382a1d55efed3f8ed541fa852ad4229b11715e34 62648 asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz Checksums-Sha256: 00af7418a7f4545675c1d168ae803303ab08e42b5902f930a36f6b2809cda27c 2683 asterisk_1.6.2.5-0ubuntu1.3.dsc 53bc8c7612bc9b81c7449b8975610d8f42eb131b834585fb22870fa4ed3d9104 62648 asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz Files: ca634dee9a2a0a59b18a8932229fdf6e 2683 comm optional asterisk_1.6.2.5-0ubuntu1.3.dsc 9e8955f86da0ee0a4cec1622e2309ddc 62648 comm optional asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz Original-Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] mumble_1.2.2-1ubuntu1.1_ia64_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_i386_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_amd64_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_p
mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674) - debian/mumble-server.postinst: Set permissions of mumble-server.ini to 0640 and the owner to root:mumble-server. Date: Thu, 20 Jan 2011 12:56:28 +0100 Changed-By: Felix Geyer debfx-...@fobos.de Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/mumble/1.2.2-1ubuntu1.1 Format: 1.8 Date: Thu, 20 Jan 2011 12:56:28 +0100 Source: mumble Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web Architecture: source Version: 1.2.2-1ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Felix Geyer debfx-...@fobos.de Description: mumble - Low latency VoIP client mumble-11x - Low latency VoIP client (1.1.x) mumble-dbg - Low latency VoIP client (debugging symbols) mumble-server - Low latency VoIP server mumble-server-web - Web scripts for mumble-server Launchpad-Bugs-Fixed: 704674 Changes: mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674) - debian/mumble-server.postinst: Set permissions of mumble-server.ini to 0640 and the owner to root:mumble-server. Checksums-Sha1: fcb82333c22f7440f5e6c135b97400ca73f97a24 2657 mumble_1.2.2-1ubuntu1.1.dsc f12c604a33682507ae3337090e187c6e00e8f8f1 26916 mumble_1.2.2-1ubuntu1.1.debian.tar.gz Checksums-Sha256: c95bc113f1231f9eb6011da9e96509a58b600c9c208d7ad0195afc89772d1dbb 2657 mumble_1.2.2-1ubuntu1.1.dsc 4687b816c3dc61a2985c36ed6f34b4d9c2dd3120b275e83b8521a4e9764d4294 26916 mumble_1.2.2-1ubuntu1.1.debian.tar.gz Files: 3278e12c874a79bd9e587897b9f408e1 2657 sound optional mumble_1.2.2-1ubuntu1.1.dsc 32330c916aea3fd85670e5c9b59dfd35 26916 sound optional mumble_1.2.2-1ubuntu1.1.debian.tar.gz Original-Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] sudo, sudo (delayed) 1.7.2p1-1ubuntu5.3 (Accepted)
sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low * SECURITY UPDATE: privilege escalation via -g when using group Runas_List - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits 48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used only with check.c to fix CVE-2011-0010 instead of doing the refactoring. Going forward, will need to look at this code also if a flaw is found in this refactored code. If needed, the refactoring work is in 48ca8c2eddf8 and 6ebc55d4716b. - check.c: prompt for password when the user is running sudo as himself but as a different group. Backported from fe8a94f96542. - CVE-2011-0010 Date: Wed, 19 Jan 2011 10:39:09 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/sudo/1.7.2p1-1ubuntu5.3 Format: 1.8 Date: Wed, 19 Jan 2011 10:39:09 -0600 Source: sudo Binary: sudo sudo-ldap Architecture: source Version: 1.7.2p1-1ubuntu5.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Changes: sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low . * SECURITY UPDATE: privilege escalation via -g when using group Runas_List - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits 48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used only with check.c to fix CVE-2011-0010 instead of doing the refactoring. Going forward, will need to look at this code also if a flaw is found in this refactored code. If needed, the refactoring work is in 48ca8c2eddf8 and 6ebc55d4716b. - check.c: prompt for password when the user is running sudo as himself but as a different group. Backported from fe8a94f96542. - CVE-2011-0010 Checksums-Sha1: 95f1390dd52c8f87bf601e8e5d94e13682ed11a9 1771 sudo_1.7.2p1-1ubuntu5.3.dsc e55bcd8845aee67eea0765c036dd5d1dc915ff04 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz Checksums-Sha256: 36ade179324638c9539183c8a81924f2563f0ece7d7073dc58a0f6656558117f 1771 sudo_1.7.2p1-1ubuntu5.3.dsc bbe7e00b44e953b48f937343e2280c005e889acf7f2172d67d36ba6e5d48022c 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz Files: 0254600b76a959ce7f4751487e8aba1c 1771 admin optional sudo_1.7.2p1-1ubuntu5.3.dsc 1d366b7edf66dcb6ab3a0aef6543677b 27664 admin optional sudo_1.7.2p1-1ubuntu5.3.diff.gz Original-Maintainer: Bdale Garbee bd...@gag.com -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] dbus, dbus (delayed) 1.2.16-2ubuntu4.1 (Accepted)
dbus (1.2.16-2ubuntu4.1) lucid-security; urgency=low * SECURITY UPDATE: fix DoS with too deeply nested messages - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic message variants. Backported from upstream. - CVE-2010-4352 - LP: #688992 Date: Tue, 04 Jan 2011 14:33:58 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dbus/1.2.16-2ubuntu4.1 Format: 1.8 Date: Tue, 04 Jan 2011 14:33:58 -0600 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev Architecture: source Version: 1.2.16-2ubuntu4.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: dbus - simple interprocess messaging system dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Launchpad-Bugs-Fixed: 688992 Changes: dbus (1.2.16-2ubuntu4.1) lucid-security; urgency=low . * SECURITY UPDATE: fix DoS with too deeply nested messages - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic message variants. Backported from upstream. - CVE-2010-4352 - LP: #688992 Checksums-Sha1: 859c44babcbe0825400c0fddcb456b59f5e5bd02 2360 dbus_1.2.16-2ubuntu4.1.dsc 808c0aa359b43b79df32508994ab0a57418d963b 33308 dbus_1.2.16-2ubuntu4.1.diff.gz Checksums-Sha256: de9378d07132ff17ee1d509d978d252878c047ea150db7d3a014c6e48ab94245 2360 dbus_1.2.16-2ubuntu4.1.dsc 356825c8ae899ce089bd6cb9d177aaa42c82319914110a9e6167213d3cba88cc 33308 dbus_1.2.16-2ubuntu4.1.diff.gz Files: 1e891a07e45ecb29f39b502daf28c0b5 2360 devel optional dbus_1.2.16-2ubuntu4.1.dsc 2cff23d217dd81eb8d906c77e9b1e922 33308 devel optional dbus_1.2.16-2ubuntu4.1.diff.gz Original-Maintainer: Utopia Maintenance Team pkg-utopia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.7_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.7_ia64_translations.tar.gz, php5_5.3.2-1ubuntu4.7_sparc_translations.tar.gz (delayed), php5_5.3.2-1ubuntu4.
php5 (5.3.2-1ubuntu4.7) lucid-security; urgency=low * debian/patches/php5-CVE-2010-3436-regression.patch: update main/fopen_wrappers.c to include fix for open_basedir restriction regression (LP: #701896) Date: Wed, 12 Jan 2011 07:28:55 -0800 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.7 Format: 1.8 Date: Wed, 12 Jan 2011 07:28:55 -0800 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.2-1ubuntu4.7 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd- GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 701896 Changes: php5 (5.3.2-1ubuntu4.7) lucid-security; urgency=low . * debian/patches/php5-CVE-2010-3436-regression.patch: update main/fopen_wrappers.c to include fix for open_basedir restriction regression (LP: #701896) Checksums-Sha1: 70cbe65ce6fe713c2033221ba97b5f9f4a0c2b24 3171 php5_5.3.2-1ubuntu4.7.dsc b82b50adb820a8230d5d1815dcc6e6fb1349854b 193943 php5_5.3.2-1ubuntu4.7.diff.gz Checksums-Sha256: 5be14704f5b51a8b03ce596853b2d1774ea11e3983f7591397a93a6aa5feb9d8 3171 php5_5.3.2-1ubuntu4.7.dsc 4fff808b940d8b59eb7a51a3fdd3a3e16fbf6cb3dfed2cbed7172454a740f594 193943 php5_5.3.2-1ubuntu4.7.diff.gz Files: ccdb830b6fa19bb29575cefe42584fdb 3171 php optional php5_5.3.2-1ubuntu4.7.dsc 4d9d9360b9d23fa3e8b5ee8de6710c80 193943 php optional php5_5.3.2-1ubuntu4.7.diff.gz Original-Maintainer: Debian PHP Maintainers pkg-php-ma...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] eglibc_2.11.1-0ubuntu7.7_sparc_translations.tar.gz (delayed), eglibc_2.11.1-0ubuntu7.7_amd64_translations.tar.gz, eglibc_2.11.1-0ubuntu7.7_ia64_translations.tar.gz, eglibc, egl
eglibc (2.11.1-0ubuntu7.7) lucid-security; urgency=low * SECURITY UPDATE: setuid iconv users could load arbitrary libraries. - debian/patches/any/dst-expansion-fix.diff: refresh with new proposed solution, avoiding iconv issues. - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856, which was already had a work-around in 2.11.1-0ubuntu7.5. Date: Mon, 10 Jan 2011 19:18:57 -0800 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Core developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/eglibc/2.11.1-0ubuntu7.7 Format: 1.8 Date: Mon, 10 Jan 2011 19:18:57 -0800 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-sparcv9v libc6-sparcv9v2 libc6-sparc64b libc6-sparc64v libc6-sparc64v2 libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source Version: 2.11.1-0ubuntu7.7 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1- Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3- Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparc64b - GNU C Library: 64bit Shared libraries for UltraSPARC [v9b optimiz libc6-sparc64v - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v optimiz libc6-sparc64v2 - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v2 optimi libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized] libc6-sparcv9v - GNU C Library: Shared libraries [v9v optimized] libc6-sparcv9v2 - GNU C Library: Shared libraries [v9v2 optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - GNU C Library: Shared libraries [Xen version] libc6.1- Embedded GNU C
[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.6_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.6_amd64_translations.tar.gz, php5_5.3.2-1ubuntu4.6_i386_translations.tar.gz, php5_5.3.2-1ubuntu4.6_ia64_tra
php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low * SECURITY UPDATE: open_basedir bypass - debian/patches/php5-CVE-2010-3436.patch: more strict checking in php_check_specific_open_basedir() - CVE-2010-3436 * SECURITY UPDATE: NULL pointer dereference crash - debian/patches/php5-CVE-2010-3709.patch: check for NULL when getting zip comment - CVE-2010-3709 * SECURITY UPDATE: memory consumption denial of service - debian/patches/php5-CVE-2010-3710.patch: check for email address longer than RFC 2821 allows - CVE-2010-3710 * SECURITY UPDATE: xml decode bypass - debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding - CVE-2010-3870 * SECURITY UPDATE: integer overflow can cause an application crash - debian/patches/php5-CVE-2010-4409.patch: fix invalid args in NumberFormatter::getSymbol() - CVE-2010-4409 * SECURITY UPDATE: infinite loop/denial of service when dealing with certain textual forms of MAX_FLOAT (LP: #697181) - debian/patches/php5-CVE-2010-4645.patch: treat local doubles as volatile to avoid x87 registers in zend_strtod() - CVE-2010-4645 Date: Fri, 07 Jan 2011 10:56:23 -0800 Changed-By: Steve Beattie sbeat...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.6 Format: 1.8 Date: Fri, 07 Jan 2011 10:56:23 -0800 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.2-1ubuntu4.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Steve Beattie sbeat...@ubuntu.com Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd- GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 697181 Changes: php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low . * SECURITY UPDATE: open_basedir bypass - debian/patches/php5-CVE-2010-3436.patch: more strict checking in php_check_specific_open_basedir() - CVE-2010-3436 * SECURITY UPDATE: NULL pointer dereference crash - debian/patches/php5-CVE-2010-3709.patch: check for NULL when getting zip comment - CVE-2010-3709 * SECURITY UPDATE: memory consumption denial of service - debian/patches/php5-CVE-2010-3710.patch: check for email address longer than RFC 2821 allows - CVE-2010-3710 * SECURITY UPDATE: xml decode bypass - debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding - CVE-2010-3870 * SECURITY UPDATE: integer overflow can cause an application crash - debian/patches/php5-CVE-2010-4409.patch: fix invalid args in NumberFormatter::getSymbol() - CVE-2010-4409 * SECURITY UPDATE: infinite loop/denial of service when dealing with certain textual forms of MAX_FLOAT (LP: #697181) - debian/patches/php5-CVE-2010-4645.patch: treat local doubles as volatile to avoid x87 registers in zend_strtod() - CVE-2010-4645 Checksums-Sha1: e807a1526879d31575de24dbe078ce46e48acbb9 3171 php5_5.3.2-1ubuntu4.6.dsc 8eaa4c417b68ef14e6e0b3d5fff094565c4e7c5f 193556 php5_5.3.2-1ubuntu4.6.diff.gz Checksums-Sha256: 0a957aa4f0f4707865b81ea82833f5527ee9bc34315662193d757f64349b65ff 3171 php5_5.3.2-1ubuntu4.6.dsc 6315397d4aa4bbb750601698971e2062f760246c96b62ab3379e6c6b866500d0 193556 php5_5.3.2-1ubuntu4.6.diff.gz Files: 4f79fffb63072daafda61e5a3c8666cc 3171 php optional php5_5.3.2-1ubuntu4.6.dsc 0980b5fba5c89ce04a027fc41ef08071 193556 php optional
[ubuntu/lucid-security] lcms (delayed), lcms 1.18.dfsg-1ubuntu2.10.04.1 (Accepted)
lcms (1.18.dfsg-1ubuntu2.10.04.1) lucid-security; urgency=low * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198) - Fix DoS via a crafted image that triggers execution of incorrect code for transformations of monochrome profiles. - CVE-2009-0073 Date: Sat, 08 Jan 2011 04:39:19 +0100 Changed-By: Artur Rona ari-tc...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/lcms/1.18.dfsg-1ubuntu2.10.04.1 Format: 1.8 Date: Sat, 08 Jan 2011 04:39:19 +0100 Source: lcms Binary: liblcms1 liblcms-utils liblcms1-dev python-liblcms Architecture: source Version: 1.18.dfsg-1ubuntu2.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Artur Rona ari-tc...@ubuntu.com Description: liblcms-utils - Color management library (Additional utilities) liblcms1 - Color management library liblcms1-dev - Color management library (Development headers) python-liblcms - Python bindings for liblcms color management library Launchpad-Bugs-Fixed: 700198 Changes: lcms (1.18.dfsg-1ubuntu2.10.04.1) lucid-security; urgency=low . * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198) - Fix DoS via a crafted image that triggers execution of incorrect code for transformations of monochrome profiles. - CVE-2009-0073 Checksums-Sha1: f9a570e573a81a217863b910a61aea7c6c393be2 2048 lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc 3b63c2fa394e6c53535e6773dd2310cf8156ebc3 9897 lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz Checksums-Sha256: a05dc52c406d1b9a6eb20f8a4b349f3fa6d075009ee0c3cc35e7eabc10630977 2048 lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc eebadfb6e8d3f6034c76d1bebb8a67dbd61729e2b5f21bf9e7bc8c8e9b5930b2 9897 lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz Files: 6316f6fdaca98550248d454f218c8aa8 2048 libs optional lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc 50c87fff6501f9194d8417254fbeaa00 9897 libs optional lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz Original-Maintainer: Oleksandr Moskalenko ma...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] libapache2-mod-fcgid (delayed), libapache2-mod-fcgid 1:2.3.4-2ubuntu0.2 (Accepted)
libapache2-mod-fcgid (1:2.3.4-2ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060) - modules/fcgid/fcgid_bucket.c: patch from upstream - CVE-2010-3872 Date: Thu, 06 Jan 2011 13:04:02 +0100 Changed-By: Felix Geyer debfx-...@fobos.de Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/libapache2-mod-fcgid/1:2.3.4-2ubuntu0.2 Format: 1.8 Date: Thu, 06 Jan 2011 13:04:02 +0100 Source: libapache2-mod-fcgid Binary: libapache2-mod-fcgid libapache2-mod-fcgid-dbg Architecture: source Version: 1:2.3.4-2ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Felix Geyer debfx-...@fobos.de Description: libapache2-mod-fcgid - an alternative module compat with mod_fastcgi libapache2-mod-fcgid-dbg - debugging symbols for mod_fcgid Launchpad-Bugs-Fixed: 698060 Changes: libapache2-mod-fcgid (1:2.3.4-2ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060) - modules/fcgid/fcgid_bucket.c: patch from upstream - CVE-2010-3872 Checksums-Sha1: 67cdd8aadda3f85c3f5d785ff3d0ad1aa4944ce0 1999 libapache2-mod-fcgid_2.3.4-2ubuntu0.2.dsc 27646af0f989bf319e413cc889edcafbbb7518b6 5929 libapache2-mod-fcgid_2.3.4-2ubuntu0.2.diff.gz Checksums-Sha256: 7c394b3df414107c782cb25e0698193e5db77d3d921fe8d97c02d1874c4b5a19 1999 libapache2-mod-fcgid_2.3.4-2ubuntu0.2.dsc db29c52858c3d6cedcdba3079846e178f5c1015694fca8dbefc5313fad9fb967 5929 libapache2-mod-fcgid_2.3.4-2ubuntu0.2.diff.gz Files: ab3bd3db97e29d40a3ed20538a69e808 1999 httpd optional libapache2-mod-fcgid_2.3.4-2ubuntu0.2.dsc ec5a5b65f1c00abef5ea4612c6d8cd71 5929 httpd optional libapache2-mod-fcgid_2.3.4-2ubuntu0.2.diff.gz Original-Maintainer: Tatsuki Sugiura s...@nemui.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] dpkg_1.15.5.6ubuntu4.5_powerpc_translations.tar.gz, dpkg_1.15.5.6ubuntu4.5_sparc_translations.tar.gz (delayed), dpkg_1.15.5.6ubuntu4.5_i386_translations.tar.gz, dpkg_1.15.5.6ub
dpkg (1.15.5.6ubuntu4.5) lucid-security; urgency=low * SECURITY UPDATE: relative directory and symlink following in source pkgs. - scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm, scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog, thanks to Raphael Geissert. - CVE-2010-1679 Date: Thu, 06 Jan 2011 11:08:21 -0800 Changed-By: Kees Cook k...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/dpkg/1.15.5.6ubuntu4.5 Format: 1.8 Date: Thu, 06 Jan 2011 11:08:21 -0800 Source: dpkg Binary: dpkg dpkg-dev dselect Architecture: source Version: 1.15.5.6ubuntu4.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Kees Cook k...@ubuntu.com Description: dpkg - Debian package management system dpkg-dev - Debian package development tools dselect- Debian package management front-end Changes: dpkg (1.15.5.6ubuntu4.5) lucid-security; urgency=low . * SECURITY UPDATE: relative directory and symlink following in source pkgs. - scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm, scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog, thanks to Raphael Geissert. - CVE-2010-1679 Checksums-Sha1: c3bc1b728777dc4e4e8e7f00639fe4e41ed4cdcb 1351 dpkg_1.15.5.6ubuntu4.5.dsc 6b57c49d9a5f09630a811a619d7b0011f738f08b 4682350 dpkg_1.15.5.6ubuntu4.5.tar.bz2 Checksums-Sha256: b55585c2679790955d568668b3301ed1d0182aaa9f86ee784892a678110c93f7 1351 dpkg_1.15.5.6ubuntu4.5.dsc b07b1778274a884c42359e973a7b84f42a2cbee46997a4a417f2e82003e40d32 4682350 dpkg_1.15.5.6ubuntu4.5.tar.bz2 Files: e9c42a50bdb677925283efd746d26827 1351 admin required dpkg_1.15.5.6ubuntu4.5.dsc 0404022baa0d35a11724f6268f806f35 4682350 admin required dpkg_1.15.5.6ubuntu4.5.tar.bz2 Original-Maintainer: Dpkg Developers debian-d...@lists.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] ifupdown_0.6.8ubuntu29.2_i386_translations.tar.gz, ifupdown_0.6.8ubuntu29.2_amd64_translations.tar.gz, ifupdown, ifupdown_0.6.8ubuntu29.2_powerpc_translations.tar.gz, ifupdown_
ifupdown (0.6.8ubuntu29.2) lucid-security; urgency=low * debian/ifupdown.network-interface{,-security}.upstart: handle race condition when loading AppArmor profiles for interfaces (LP: #689892). Patch by Kees Cook. Date: Tue, 04 Jan 2011 12:48:52 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/ifupdown/0.6.8ubuntu29.2 Format: 1.8 Date: Tue, 04 Jan 2011 12:48:52 -0600 Source: ifupdown Binary: ifupdown Architecture: source Version: 0.6.8ubuntu29.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: ifupdown - high level tools to configure network interfaces Launchpad-Bugs-Fixed: 689892 Changes: ifupdown (0.6.8ubuntu29.2) lucid-security; urgency=low . * debian/ifupdown.network-interface{,-security}.upstart: handle race condition when loading AppArmor profiles for interfaces (LP: #689892). Patch by Kees Cook. Checksums-Sha1: ef54ff862a29f15756509e5ead6253eb321e9a66 1531 ifupdown_0.6.8ubuntu29.2.dsc 1c8c750c7fd96099e951e4c15b8febb3ae05ae49 132164 ifupdown_0.6.8ubuntu29.2.tar.gz Checksums-Sha256: c22bd03bff6f02b4b4ccc1632b6662d2458d663c6fef4c0dbc5f3e4b8b14cedb 1531 ifupdown_0.6.8ubuntu29.2.dsc 99ab0885635fe23c27637dc8a868ce702bd956307169e0510fb341eb1b80c4a5 132164 ifupdown_0.6.8ubuntu29.2.tar.gz Files: 4d254ce468044487883f656b52644456 1531 admin important ifupdown_0.6.8ubuntu29.2.dsc 8a6f969a7d860ca7712ae8e0763817aa 132164 admin important ifupdown_0.6.8ubuntu29.2.tar.gz Original-Maintainer: Anthony Towns a...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] vlc_1.0.6-1ubuntu1.3_i386_translations.tar.gz, vlc, vlc_1.0.6-1ubuntu1.3_armel_translations.tar.gz, vlc_1.0.6-1ubuntu1.3_amd64_translations.tar.gz, vlc_1.0.6-1ubuntu1.3_ia64_tr
vlc (1.0.6-1ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173) - modules/demux/real.c: Fix heap buffer overflow, thanks to Rémi Denis-Courmont - CVE-2010-3907 - VideoLAN-SA-1007 Date: Thu, 30 Dec 2010 01:14:56 +0100 Changed-By: Benjamin Drung bdr...@ubuntu.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.3 Format: 1.8 Date: Thu, 30 Dec 2010 01:14:56 +0100 Source: vlc Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data Architecture: source Version: 1.0.6-1ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Benjamin Drung bdr...@ubuntu.com Description: libvlc-dev - development files for libvlc libvlc2- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore2 - base library for VLC and its modules mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC Launchpad-Bugs-Fixed: 690173 Changes: vlc (1.0.6-1ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173) - modules/demux/real.c: Fix heap buffer overflow, thanks to Rémi Denis-Courmont - CVE-2010-3907 - VideoLAN-SA-1007 Checksums-Sha1: 6d25681d03c713537fcc89c8424cefc74a825f7b 4008 vlc_1.0.6-1ubuntu1.3.dsc 452733a46e1b6f243f4e717df9df330d77072998 73461 vlc_1.0.6-1ubuntu1.3.diff.gz Checksums-Sha256: ff01900f5c042f5538d117767b4f8059e803c7daa6ceadfd80a4fcb930ad039d 4008 vlc_1.0.6-1ubuntu1.3.dsc 18120e26575a626aaf946c0800db29a12c06b6610f9920a588ecaf432a1f75f5 73461 vlc_1.0.6-1ubuntu1.3.diff.gz Files: 4dd7c04c961bfa55ebd4afa040d30dbf 4008 video optional vlc_1.0.6-1ubuntu1.3.dsc 6415e5a0b71d3898d921dccf5c87c669 73461 video optional vlc_1.0.6-1ubuntu1.3.diff.gz Original-Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] apparmor_2.5.1-0ubuntu0.10.04.2_i386_translations.tar.gz, apparmor_2.5.1-0ubuntu0.10.04.2_powerpc_translations.tar.gz, apparmor, apparmor_2.5.1-0ubuntu0.10.04.2_armel_translat
apparmor (2.5.1-0ubuntu0.10.04.2) lucid-security; urgency=low * Fix for apparmor_parser not generating correct policy when mixing exec transitions with and without unconfined fallback transitions. - debian/patches/0013-lp693082.patch: adjust dfa match flag table size and fix index calculation for pux and cux. - LP: #693082 Date: Wed, 05 Jan 2011 12:15:29 -0600 Changed-By: Jamie Strandboge ja...@ubuntu.com Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/apparmor/2.5.1-0ubuntu0.10.04.2 Format: 1.8 Date: Wed, 05 Jan 2011 12:15:29 -0600 Source: apparmor Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor apparmor-notify Architecture: source Version: 2.5.1-0ubuntu0.10.04.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Jamie Strandboge ja...@ubuntu.com Description: apparmor - User-space parser utility for AppArmor apparmor-docs - Documentation for AppArmor apparmor-notify - AppArmor notification system apparmor-profiles - Profiles for AppArmor Security policies apparmor-utils - Utilities for controlling AppArmor libapache2-mod-apparmor - changehat AppArmor library as an Apache module libapparmor-dev - AppArmor development libraries and header files libapparmor-perl - AppArmor library Perl bindings libapparmor1 - changehat AppArmor library libpam-apparmor - changehat AppArmor library as a PAM module Launchpad-Bugs-Fixed: 693082 Changes: apparmor (2.5.1-0ubuntu0.10.04.2) lucid-security; urgency=low . * Fix for apparmor_parser not generating correct policy when mixing exec transitions with and without unconfined fallback transitions. - debian/patches/0013-lp693082.patch: adjust dfa match flag table size and fix index calculation for pux and cux. - LP: #693082 Checksums-Sha1: b0650e0857565c07dd4ec55977dcda9370395f5c 2151 apparmor_2.5.1-0ubuntu0.10.04.2.dsc 7ef541d3f30a6ebfb4c23e219f73401f154cb08e 35139 apparmor_2.5.1-0ubuntu0.10.04.2.diff.gz Checksums-Sha256: ad059352469695a225707f43986c485175b065ae6db3531e0a2d3c816c076cb9 2151 apparmor_2.5.1-0ubuntu0.10.04.2.dsc 5fe81f0185c1e5434cf604cb64b923a640d590499020394801b608abd875e56d 35139 apparmor_2.5.1-0ubuntu0.10.04.2.diff.gz Files: 552cbde8f7a6d69cd11d5b7acc9935ea 2151 admin extra apparmor_2.5.1-0ubuntu0.10.04.2.dsc a9ac1717cff08a2e77c404279893 35139 admin extra apparmor_2.5.1-0ubuntu0.10.04.2.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] evince_2.30.3-0ubuntu1.2_powerpc_translations.tar.gz, evince_2.30.3-0ubuntu1.2_ia64_translations.tar.gz, evince_2.30.3-0ubuntu1.2_static_translations.tar.gz (delayed), evince,
evince (2.30.3-0ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via multiple dvi backend overflows - debian/patches/02_CVE-2010-264x.patch: add bounds checking in backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c. - CVE-2010-2640 - CVE-2010-2641 - CVE-2010-2642 - CVE-2010-2643 Date: Mon, 03 Jan 2011 13:13:51 -0500 Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Maintainer: Ubuntu Desktop Team ubuntu-desk...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/evince/2.30.3-0ubuntu1.2 Format: 1.8 Date: Mon, 03 Jan 2011 13:13:51 -0500 Source: evince Binary: evince evince-dbg libevview-dev libevview2 libevdocument-dev libevdocument2 Architecture: source Version: 2.30.3-0ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Desktop Team ubuntu-desk...@lists.ubuntu.com Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com Description: evince - Document (postscript, pdf) viewer evince-dbg - Document (postscript, pdf) viewer - debugging symbols libevdocument-dev - GNOME document viewer backend library - development headers libevdocument2 - GNOME document viewer backend library libevview-dev - GNOME document viewer view library - development headers libevview2 - GNOME document viewer view library Changes: evince (2.30.3-0ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via multiple dvi backend overflows - debian/patches/02_CVE-2010-264x.patch: add bounds checking in backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c. - CVE-2010-2640 - CVE-2010-2641 - CVE-2010-2642 - CVE-2010-2643 Checksums-Sha1: c3b8fb0b3801e9009d187b63e49a4409bb72b346 2573 evince_2.30.3-0ubuntu1.2.dsc 38532cbe73e2c0c5df4b5172874ee4a7a6bc998f 36123 evince_2.30.3-0ubuntu1.2.diff.gz Checksums-Sha256: 684ebf82b310e83a043f6e77291c3778b87abdd4f5ed8e2cf24728840504c3de 2573 evince_2.30.3-0ubuntu1.2.dsc b9addf763653fe4e6727c9169236ae497b6207a7584b5d98d60287a7d822d273 36123 evince_2.30.3-0ubuntu1.2.diff.gz Files: 1355ee5f76f96a5a6656d1e5718218d3 2573 gnome optional evince_2.30.3-0ubuntu1.2.dsc eae9ac8c4495ec8bd31794a3c0841b4e 36123 gnome optional evince_2.30.3-0ubuntu1.2.diff.gz Original-Maintainer: Marc 'HE' Brockschmidt h...@debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes