[ubuntu/lucid-security] dovecot, dovecot (delayed) 1:1.2.9-1ubuntu6.4 (Accepted)

[Ubuntu Installer]

dovecot (1:1.2.9-1ubuntu6.4) lucid-security; urgency=low

  * SECURITY UPDATE: fix memory corruption when header names included
null bytes:
- debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather
  than a string based copy.
- CVE-2011-1929

Date: Tue, 31 May 2011 14:59:37 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dovecot/1:1.2.9-1ubuntu6.4
Format: 1.8
Date: Tue, 31 May 2011 14:59:37 -0700
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix 
dovecot-dbg
Architecture: source
Version: 1:1.2.9-1ubuntu6.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 dovecot-common - secure mail server that supports mbox and maildir mailboxes
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
 dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
 dovecot-postfix - full mail server stack provided by Ubuntu server team
Changes: 
 dovecot (1:1.2.9-1ubuntu6.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fix memory corruption when header names included
 null bytes:
 - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather
   than a string based copy.
 - CVE-2011-1929
Checksums-Sha1: 
 d800e007ded1062bf9691562ab6f6815922d0c6d 2313 dovecot_1.2.9-1ubuntu6.4.dsc
 af46828e1615f0c59cbd00276cb655d05cd34410 1418925 
dovecot_1.2.9-1ubuntu6.4.debian.tar.gz
Checksums-Sha256: 
 f7d39ce8a4f2802df2ef918ab41354691b731a67360eb66f6c0947ecba953fe1 2313 
dovecot_1.2.9-1ubuntu6.4.dsc
 4e75bb63576fd73611515a8ab277240477dd7acc79c7ed1b09ed533c776efa0b 1418925 
dovecot_1.2.9-1ubuntu6.4.debian.tar.gz
Files: 
 325a3e4bf7a26bde8c6ef880553808ce 2313 mail optional 
dovecot_1.2.9-1ubuntu6.4.dsc
 8dfd5589f99bc099cf735589254e74ce 1418925 mail optional 
dovecot_1.2.9-1ubuntu6.4.debian.tar.gz
Original-Maintainer: Dovecot Maintainers jaldhar-dove...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] pam_1.1.1-2ubuntu5.3_powerpc_translations.tar.gz, pam_1.1.1-2ubuntu5.3_ia64_translations.tar.gz, pam_1.1.1-2ubuntu5.3_armel_translations.tar.gz, pam_1.1.1-2ubuntu5.3_sparc_tran

[Ubuntu Installer]

pam (1.1.1-2ubuntu5.3) lucid-security; urgency=low

  * SECURITY REGRESSION:
- debian/patches/security-dropprivs.patch: updated patch to preserve
  ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/autoconf.patch: refreshed

Date: Tue, 31 May 2011 07:07:44 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/pam/1.1.1-2ubuntu5.3
Format: 1.8
Date: Tue, 31 May 2011 07:07:44 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib 
libpam-doc
Architecture: source
Version: 1.1.1-2ubuntu5.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Launchpad-Bugs-Fixed: 790538
Changes: 
 pam (1.1.1-2ubuntu5.3) lucid-security; urgency=low
 .
   * SECURITY REGRESSION:
 - debian/patches/security-dropprivs.patch: updated patch to preserve
   ABI and prevent daemons from needing to be restarted. (LP: #790538)
 - debian/patches/autoconf.patch: refreshed
Checksums-Sha1: 
 4048c6e86605e4bdc6063a4628dbc674238aaa72 2241 pam_1.1.1-2ubuntu5.3.dsc
 ed765b08635e14fbbd426c93af6026fc6e220e36 253825 pam_1.1.1-2ubuntu5.3.diff.gz
Checksums-Sha256: 
 9f16d0d67e95d834aeb28f49a47aa15c2495d5c553858ca827579ea348851b3a 2241 
pam_1.1.1-2ubuntu5.3.dsc
 ccab00dbbbe901abce532bab46abe5980c7be9a4bc37b6ceba3e820870fedd70 253825 
pam_1.1.1-2ubuntu5.3.diff.gz
Files: 
 e622161f452a025a6b87985fc534b41e 2241 libs optional pam_1.1.1-2ubuntu5.3.dsc
 d7002da59783d6069bb01fedb015af03 253825 libs optional 
pam_1.1.1-2ubuntu5.3.diff.gz
Original-Maintainer: Steve Langasek vor...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] bind9_9.7.0.dfsg.P1-1ubuntu0.2_sparc_translations.tar.gz (delayed), bind9_9.7.0.dfsg.P1-1ubuntu0.2_armel_translations.tar.gz, bind9_9.7.0.dfsg.P1-1ubuntu0.2_amd64_translations.

[Ubuntu Installer]

bind9 (1:9.7.0.dfsg.P1-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via multiple trust anchors for a
single zone
- lib/dns/validator.c: fix arguments to dns_keytable_findnextkeynode().
- Upstream change 2869.
- CVE-2010-3762
  * SECURITY UPDATE: denial of service via off-by-one
- lib/dns/ncache.c: correctly validate length.
- Patch backported from 9.7.3-P1.
- CVE-2011-1910

Date: Fri, 27 May 2011 13:03:07 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.2
Format: 1.8
Date: Fri, 27 May 2011 13:03:07 -0400
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-60 libdns64 
libisc60 liblwres60 libisccc60 libisccfg60 dnsutils lwresd
Architecture: source
Version: 1:9.7.0.dfsg.P1-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 bind9  - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-60 - BIND9 Shared Library used by BIND
 libdns64   - DNS Shared Library used by BIND
 libisc60   - ISC Shared Library used by BIND
 libisccc60 - Command Channel Library used by BIND
 libisccfg60 - Config File Handling Library used by BIND
 liblwres60 - Lightweight Resolver Library used by BIND
 lwresd - Lightweight Resolver Daemon
Changes: 
 bind9 (1:9.7.0.dfsg.P1-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via multiple trust anchors for a
 single zone
 - lib/dns/validator.c: fix arguments to dns_keytable_findnextkeynode().
 - Upstream change 2869.
 - CVE-2010-3762
   * SECURITY UPDATE: denial of service via off-by-one
 - lib/dns/ncache.c: correctly validate length.
 - Patch backported from 9.7.3-P1.
 - CVE-2011-1910
Checksums-Sha1: 
 abcdd73e928d4f14e7322e1e989580410c529a39 2260 
bind9_9.7.0.dfsg.P1-1ubuntu0.2.dsc
 fdfc44f9649f371fe57260ec60cf09d50768f98c 600792 
bind9_9.7.0.dfsg.P1-1ubuntu0.2.diff.gz
Checksums-Sha256: 
 583a9fa0104b9d48d41f0fff1665908854f113a42373e763e58e42c2bb543b06 2260 
bind9_9.7.0.dfsg.P1-1ubuntu0.2.dsc
 f80fda6411ce668e2ce3b38d7cc52ea32c080ce99d07d386e7551beff63f023b 600792 
bind9_9.7.0.dfsg.P1-1ubuntu0.2.diff.gz
Files: 
 051e2502e8009d888e982dcb700c0233 2260 net optional 
bind9_9.7.0.dfsg.P1-1ubuntu0.2.dsc
 cde891579e4fc6d30271f855b6c0166f 600792 net optional 
bind9_9.7.0.dfsg.P1-1ubuntu0.2.diff.gz
Original-Maintainer: LaMont Jones lam...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] pam_1.1.1-2ubuntu5.2_ia64_translations.tar.gz, pam_1.1.1-2ubuntu5.2_sparc_translations.tar.gz (delayed), pam_1.1.1-2ubuntu5.2_i386_translations.tar.gz, pam_1.1.1-2ubuntu5.2_amd

[Ubuntu Installer]

pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/security-dropprivs.patch: introduce new privilege
  dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
  libpam/include/security/pam_modutil.h, libpam/libpam.map,
  modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
  modules/pam_xauth/pam_xauth.c.
- CVE-2010-3316
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/CVE-2010-3853.patch: use clean environment in
  modules/pam_namespace/pam_namespace.c.
- CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.

Date: Thu, 19 May 2011 08:44:14 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/pam/1.1.1-2ubuntu5.2
Format: 1.8
Date: Thu, 19 May 2011 08:44:14 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib 
libpam-doc
Architecture: source
Version: 1.1.1-2ubuntu5.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Changes: 
 pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: multiple issues with lack of adequate privilege
 dropping
 - debian/patches/security-dropprivs.patch: introduce new privilege
   dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
   libpam/include/security/pam_modutil.h, libpam/libpam.map,
   modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
   modules/pam_xauth/pam_xauth.c.
 - CVE-2010-3316
 - CVE-2010-3430
 - CVE-2010-3431
 - CVE-2010-3435
 - CVE-2010-4706
 - CVE-2010-4707
   * SECURITY UPDATE: privilege escalation via incorrect environment
 - debian/patches/CVE-2010-3853.patch: use clean environment in
   modules/pam_namespace/pam_namespace.c.
 - CVE-2010-3853
   * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
 isn't needed for Ubuntu, and it needs to be rewritten to work with the
 massive privilege refactoring in the security patches.
Checksums-Sha1: 
 c36bdd761352a59520ed8d22426642444dfa5d6c 2241 pam_1.1.1-2ubuntu5.2.dsc
 f32fe52343d898de21f69d34af105d9554ee77ae 244703 pam_1.1.1-2ubuntu5.2.diff.gz
Checksums-Sha256: 
 71d0cc0889c964c8e3ea27b48d8e0b2393ff1e1b2525ac253ffdbe50dcfed872 2241 
pam_1.1.1-2ubuntu5.2.dsc
 e79f313d13a41820b8632e281270e4c9ce329affca8a5adfbb9f9465cfbbd0b9 244703 
pam_1.1.1-2ubuntu5.2.diff.gz
Files: 
 42bcb5d6760e9133f987074a0fb53d14 2241 libs optional pam_1.1.1-2ubuntu5.2.dsc
 7339405295e11e2485df59895a8965f8 244703 libs optional 
pam_1.1.1-2ubuntu5.2.diff.gz
Original-Maintainer: Steve Langasek vor...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] eucalyptus_1.6.2-0ubuntu30.5_i386_translations.tar.gz, eucalyptus, eucalyptus_1.6.2-0ubuntu30.5_ia64_translations.tar.gz, eucalyptus_1.6.2-0ubuntu30.5_amd64_translations.tar.gz

[Ubuntu Installer]

eucalyptus (1.6.2-0ubuntu30.5) lucid-security; urgency=low

  * debian/patches/soap-security.patch: SOAP signature replay vulnerability.
- add debian/patches/soap-security.patch, thanks to upstream.
- CVE-2011-0730

Date: Wed, 11 May 2011 13:11:11 +0100
Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/eucalyptus/1.6.2-0ubuntu30.5
Format: 1.8
Date: Wed, 11 May 2011 13:11:11 +0100
Source: eucalyptus
Binary: eucalyptus-common eucalyptus-sc eucalyptus-cloud eucalyptus-walrus 
eucalyptus-java-common eucalyptus-cc eucalyptus-nc eucalyptus-gl 
uec-component-listener eucalyptus-udeb
Architecture: source
Version: 1.6.2-0ubuntu30.5
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com
Description: 
 eucalyptus-cc - Elastic Utility Computing Architecture - Cluster controller
 eucalyptus-cloud - Elastic Utility Computing Architecture - Cloud controller
 eucalyptus-common - Elastic Utility Computing Architecture - Common files
 eucalyptus-gl - Elastic Utility Computing Architecture - Logging service
 eucalyptus-java-common - Elastic Utility Computing Architecture - Common Java 
package
 eucalyptus-nc - Elastic Utility Computing Architecture - Node controller
 eucalyptus-sc - Elastic Utility Computing Architecture - Storage controller
 eucalyptus-udeb - Elastic Utility Computing Architecture - installer 
integration (udeb)
 eucalyptus-walrus - Elastic Utility Computing Architecture - Walrus (S3)
 uec-component-listener - Ubuntu Enterprise Cloud - Component listener
Changes: 
 eucalyptus (1.6.2-0ubuntu30.5) lucid-security; urgency=low
 .
   * debian/patches/soap-security.patch: SOAP signature replay vulnerability.
 - add debian/patches/soap-security.patch, thanks to upstream.
 - CVE-2011-0730
Checksums-Sha1: 
 138e6f813cb9a8720e82ef469cf8e1e1eb064c3f 2925 eucalyptus_1.6.2-0ubuntu30.5.dsc
 41a84ff972088aafa2c16a4eab7f5032563c420a 1010056 
eucalyptus_1.6.2-0ubuntu30.5.diff.gz
Checksums-Sha256: 
 0a623791d88e8bab90743608157305f8ba410187f0d46aed922a4ea72a086c9f 2925 
eucalyptus_1.6.2-0ubuntu30.5.dsc
 295ad5d841954f075a5c896d2b0ced4c967983778eafbf0e02f9883d1293c755 1010056 
eucalyptus_1.6.2-0ubuntu30.5.diff.gz
Files: 
 8ec7c3331850fa2a1370cc4132643e25 2925 admin extra 
eucalyptus_1.6.2-0ubuntu30.5.dsc
 1179b70bb3ac533e6214794e686943f4 1010056 admin extra 
eucalyptus_1.6.2-0ubuntu30.5.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] rampart, rampart (delayed) 1.3.0-0ubuntu7.1 (Accepted)

[Ubuntu Installer]

rampart (1.3.0-0ubuntu7.1) lucid-security; urgency=low

  * Add debian/patches/xml-security.patch, thanks to Eucalyptus upstream,
to support XML security.

Date: Tue, 26 Apr 2011 15:58:23 -0700
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Michael Vogt m...@ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/rampart/1.3.0-0ubuntu7.1
Format: 1.8
Date: Tue, 26 Apr 2011 15:58:23 -0700
Source: rampart
Binary: librampart0 librampart-dev librampart-doc
Architecture: source
Version: 1.3.0-0ubuntu7.1
Distribution: lucid-security
Urgency: low
Maintainer: Michael Vogt m...@ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 librampart-dev - Apache web services security engine - Development
 librampart-doc - Apache web services security engine - Documentation
 librampart0 - Apache web services security engine - Runtime
Changes: 
 rampart (1.3.0-0ubuntu7.1) lucid-security; urgency=low
 .
   * Add debian/patches/xml-security.patch, thanks to Eucalyptus upstream,
 to support XML security.
Checksums-Sha1: 
 c94ed2aa51f4bd32db5e32322a123a0273841ce8 1786 rampart_1.3.0-0ubuntu7.1.dsc
 1a703685e5796237c391ae8cfc27e96769a26358 4834 rampart_1.3.0-0ubuntu7.1.diff.gz
Checksums-Sha256: 
 502a3f1da02ea822d773109226f63b10ef7ee1aeec336629d7b42ef324351d91 1786 
rampart_1.3.0-0ubuntu7.1.dsc
 9ff8cb1747b4f0092d2873c7587eb318e77a94f888a2d4cfc6ec064364b70361 4834 
rampart_1.3.0-0ubuntu7.1.diff.gz
Files: 
 080e2e4ab25df68a6bd4a2abacc18ebe 1786 libs extra rampart_1.3.0-0ubuntu7.1.dsc
 e1d95e2fdecd38fab06003f265ed4a00 4834 libs extra 
rampart_1.3.0-0ubuntu7.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] dbus-glib (delayed), dbus-glib 0.84-1ubuntu0.2 (Accepted)

[Ubuntu Installer]

dbus-glib (0.84-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: fix to honor access flag on specified properties
   - debian/patches/01-CVE-2010-1172.patch: don't allow Set/write calls for
 readonly properties, or properties not listed in the XML
   - CVE-2010-1172
   - LP: #616517

Date: Wed, 25 May 2011 15:46:32 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dbus-glib/0.84-1ubuntu0.2
Format: 1.8
Date: Wed, 25 May 2011 15:46:32 -0500
Source: dbus-glib
Binary: libdbus-glib-1-dev libdbus-glib-1-2 libdbus-glib-1-doc 
libdbus-glib-1-2-dbg
Architecture: source
Version: 0.84-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 libdbus-glib-1-2 - simple interprocess messaging system (GLib-based shared 
library)
 libdbus-glib-1-2-dbg - simple interprocess messaging system (GLib library 
debug symbols)
 libdbus-glib-1-dev - simple interprocess messaging system (GLib interface)
 libdbus-glib-1-doc - simple interprocess messaging system (GLib library 
documentation)
Launchpad-Bugs-Fixed: 616517
Changes: 
 dbus-glib (0.84-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fix to honor access flag on specified properties
- debian/patches/01-CVE-2010-1172.patch: don't allow Set/write calls for
  readonly properties, or properties not listed in the XML
- CVE-2010-1172
- LP: #616517
Checksums-Sha1: 
 ef7cd8a12d228faad273ef5aa496fd2cf619ea31 2317 dbus-glib_0.84-1ubuntu0.2.dsc
 84f1dba2f07c38d41ea99881f053f49dd98ead42 26940 
dbus-glib_0.84-1ubuntu0.2.diff.gz
Checksums-Sha256: 
 37d1f1d78dbdbc6185759e38e88af1ff538aa8f6e49b0741292af8f9b4b62314 2317 
dbus-glib_0.84-1ubuntu0.2.dsc
 06466b64a092757ca4e7d3277b0898417950d1e5c74455801e254baee5601400 26940 
dbus-glib_0.84-1ubuntu0.2.diff.gz
Files: 
 f690f9aac100d2f59ccbcb6ffc9f0fca 2317 devel optional 
dbus-glib_0.84-1ubuntu0.2.dsc
 1ad15bada48540b26fbda72d8a42c5e7 26940 devel optional 
dbus-glib_0.84-1ubuntu0.2.diff.gz
Original-Maintainer: Utopia Maintenance Team 
pkg-utopia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] modemmanager (delayed), modemmanager 0.3-0ubuntu2.2 (Accepted)

[Ubuntu Installer]

modemmanager (0.3-0ubuntu2.2) lucid-security; urgency=low

  * no change rebuild for dbus-glib update

Date: Thu, 26 May 2011 10:50:21 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Network Manager Team ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/modemmanager/0.3-0ubuntu2.2
Format: 1.8
Date: Thu, 26 May 2011 10:50:21 -0500
Source: modemmanager
Binary: modemmanager
Architecture: source
Version: 0.3-0ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Network Manager Team ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 modemmanager - D-Bus service for managing modems
Changes: 
 modemmanager (0.3-0ubuntu2.2) lucid-security; urgency=low
 .
   * no change rebuild for dbus-glib update
Checksums-Sha1: 
 a96d69d80acea9c958614a8fbcc27784b66e9106 1946 modemmanager_0.3-0ubuntu2.2.dsc
 66810e29a34768f04b1e0e00dc56280143058095 6454 
modemmanager_0.3-0ubuntu2.2.diff.gz
Checksums-Sha256: 
 02afa27f3af407e14f9a071cf171c5facddf5de67f508de4e9cdc5e41808ba0e 1946 
modemmanager_0.3-0ubuntu2.2.dsc
 8f788e87bd95b2d76f0a406e8efd4f95104b1eb74f6962200f6ca39cc6136a50 6454 
modemmanager_0.3-0ubuntu2.2.diff.gz
Files: 
 89869b828369c3a40b2f62b861e02f0f 1946 net optional 
modemmanager_0.3-0ubuntu2.2.dsc
 425ad70eb50ffa9c4d10b882b5de51d7 6454 net optional 
modemmanager_0.3-0ubuntu2.2.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] network-manager_0.8-0ubuntu3.2_sparc_translations.tar.gz (delayed), network-manager_0.8-0ubuntu3.2_armel_translations.tar.gz, network-manager, network-manager_0.8-0ubuntu3.2_am

[Ubuntu Installer]

network-manager (0.8-0ubuntu3.2) lucid-security; urgency=low

  * no change rebuild for dbus-glib update

Date: Thu, 26 May 2011 10:49:41 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Core Dev Team ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/network-manager/0.8-0ubuntu3.2
Format: 1.8
Date: Thu, 26 May 2011 10:49:41 -0500
Source: network-manager
Binary: network-manager network-manager-dev libnm-glib2 libnm-glib-dev 
libnm-util1 libnm-util-dev
Architecture: source
Version: 0.8-0ubuntu3.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Dev Team ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 libnm-glib-dev - network management framework (GLib interface)
 libnm-glib2 - network management framework (GLib shared library)
 libnm-util-dev - network management framework (development files)
 libnm-util1 - network management framework (shared library)
 network-manager - network management framework daemon
 network-manager-dev - network management framework (development files)
Changes: 
 network-manager (0.8-0ubuntu3.2) lucid-security; urgency=low
 .
   * no change rebuild for dbus-glib update
Checksums-Sha1: 
 d7c023ed195a2c8369392dfa98e11aa23069e481 2359 
network-manager_0.8-0ubuntu3.2.dsc
 9b7bfbc86abeeb5121c4efec2ea33630f69695dc 49594 
network-manager_0.8-0ubuntu3.2.diff.gz
Checksums-Sha256: 
 1d25222926e49f99b92af899c00a98f258b53f64e9281e06f30fa645ce4825a8 2359 
network-manager_0.8-0ubuntu3.2.dsc
 e8f7553a79b1df4d55f6e80a4d60d6471218a84308c471ad931eae7092d0 49594 
network-manager_0.8-0ubuntu3.2.diff.gz
Files: 
 5fe5e40f973a47b80d513161be32aef6 2359 net optional 
network-manager_0.8-0ubuntu3.2.dsc
 ece896ed6cbf15318d0f8d30e8c1778e 49594 net optional 
network-manager_0.8-0ubuntu3.2.diff.gz
Original-Maintainer: Riccardo Setti gisk...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] rdesktop, rdesktop (delayed) 1.6.0-2ubuntu3.1 (Accepted)

[Ubuntu Installer]

rdesktop (1.6.0-2ubuntu3.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary file disclosure via directory traversal
- debian/patches/81_CVE-2011-1595.dpatch: check path for /.. in
  disk.c.
- CVE-2011-1595

Date: Tue, 24 May 2011 15:04:28 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/rdesktop/1.6.0-2ubuntu3.1
Format: 1.8
Date: Tue, 24 May 2011 15:04:28 -0400
Source: rdesktop
Binary: rdesktop
Architecture: source
Version: 1.6.0-2ubuntu3.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 rdesktop   - RDP client for Windows NT/2000 Terminal Server
Changes: 
 rdesktop (1.6.0-2ubuntu3.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary file disclosure via directory traversal
 - debian/patches/81_CVE-2011-1595.dpatch: check path for /.. in
   disk.c.
 - CVE-2011-1595
Checksums-Sha1: 
 a70baaba14c6e4f87a91e14828192f6d341dfff1 1812 rdesktop_1.6.0-2ubuntu3.1.dsc
 ecf9472a392e88d668aa154e4cc4c2b9b6c0f938 29118 
rdesktop_1.6.0-2ubuntu3.1.diff.gz
Checksums-Sha256: 
 e4fe8890355b2d63a195dc571e350e860be637956d3edf272e9c01ad28cb4cbe 1812 
rdesktop_1.6.0-2ubuntu3.1.dsc
 f4a05a1146af65c52d58f49986e41e152f22f776bdc4f374c2a55ab14296a733 29118 
rdesktop_1.6.0-2ubuntu3.1.diff.gz
Files: 
 aca591da20fb9e64acf416eaa4bd9e5d 1812 x11 optional 
rdesktop_1.6.0-2ubuntu3.1.dsc
 b907b440be0affcd0e7ae01ecd551e66 29118 x11 optional 
rdesktop_1.6.0-2ubuntu3.1.diff.gz
Original-Maintainer: Laszlo Boszormenyi (GCS) g...@debian.hu
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] exim4_4.71-3ubuntu1.3_sparc_translations.tar.gz (delayed), exim4_4.71-3ubuntu1.3_armel_translations.tar.gz, exim4, exim4_4.71-3ubuntu1.3_ia64_translations.tar.gz, exim4_4.71-3u

[Ubuntu Installer]

exim4 (4.71-3ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via DKIM identities
- debian/patches/86_CVE-2011-1407.patch: don't use match_isinlist() for
  simple string list matching in src/receive.c.
- CVE-2011-1407

Date: Tue, 24 May 2011 15:49:34 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/exim4/4.71-3ubuntu1.3
Format: 1.8
Date: Tue, 24 May 2011 15:49:34 -0400
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy 
exim4-daemon-custom eximon4 exim4-dbg exim4-daemon-light-dbg 
exim4-daemon-heavy-dbg exim4-daemon-custom-dbg exim4-dev
Architecture: source
Version: 4.71-3ubuntu1.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 exim4  - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-custom - custom Exim MTA (v4) daemon with locally set features
 exim4-daemon-custom-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including 
exiscan-ac
 exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-daemon-light-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-dbg  - debugging symbols for the Exim MTA (v4) packages
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4- monitor application for the Exim MTA (v4) (X11 interface)
Changes: 
 exim4 (4.71-3ubuntu1.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via DKIM identities
 - debian/patches/86_CVE-2011-1407.patch: don't use match_isinlist() for
   simple string list matching in src/receive.c.
 - CVE-2011-1407
Checksums-Sha1: 
 ace365c2cb713cc019dca779d6cd8211b7dff63e 2366 exim4_4.71-3ubuntu1.3.dsc
 4afa62bb359bb2040296f1a1310b6279e4addfcf 596030 
exim4_4.71-3ubuntu1.3.debian.tar.gz
Checksums-Sha256: 
 891884e939fb25a3f699a199f12686692d7f7abb1aea6e7c75cc758564c5 2366 
exim4_4.71-3ubuntu1.3.dsc
 4b039c9a66b4fd4cecb3457aab6dabef5a951d095620e074a4e44de35cb4f1c6 596030 
exim4_4.71-3ubuntu1.3.debian.tar.gz
Files: 
 749cf0d9ed1783188c28829fc1af17af 2366 mail standard exim4_4.71-3ubuntu1.3.dsc
 2e0fd86ad2b605a6570efbf24db8fb2b 596030 mail standard 
exim4_4.71-3ubuntu1.3.debian.tar.gz
Original-Maintainer: Exim4 Maintainers 
pkg-exim4-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] apr, apr (delayed) 1.3.8-1ubuntu0.3 (Accepted)

[Ubuntu Installer]

apr (1.3.8-1ubuntu0.3) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
apache's mod_index
- debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite
  apr_fnmatch to have a better time bounds on execution.
- CVE-2011-0419
- debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible
  DoS introduced by patch for CVE-2011-0419.
- CVE-2011-1928
  * debian/patches/030_thumb2.dpatch; backport disabling process shared
mutexes on arm to fix build hang (LP: #599874)

Date: Mon, 23 May 2011 12:20:09 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/apr/1.3.8-1ubuntu0.3
Format: 1.8
Date: Mon, 23 May 2011 12:20:09 -0700
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source
Version: 1.3.8-1ubuntu0.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 libapr1- The Apache Portable Runtime Library
 libapr1-dbg - The Apache Portable Runtime Library - Debugging Symbols
 libapr1-dev - The Apache Portable Runtime Library - Development Headers
Launchpad-Bugs-Fixed: 599874
Changes: 
 apr (1.3.8-1ubuntu0.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
 apache's mod_index
 - debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite
   apr_fnmatch to have a better time bounds on execution.
 - CVE-2011-0419
 - debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible
   DoS introduced by patch for CVE-2011-0419.
 - CVE-2011-1928
   * debian/patches/030_thumb2.dpatch; backport disabling process shared
 mutexes on arm to fix build hang (LP: #599874)
Checksums-Sha1: 
 4b1aeccbfe20950b69d7b19bf652c8cf57f39b06 2119 apr_1.3.8-1ubuntu0.3.dsc
 7ed1b93b0c3ead2049d29a124a7b9534de50b22a 27199 apr_1.3.8-1ubuntu0.3.diff.gz
Checksums-Sha256: 
 31ac3d3eb1be39b5724f7273c21452a4caee211cb6d8656b187a5efa1f89fb7a 2119 
apr_1.3.8-1ubuntu0.3.dsc
 e893ce80588cd7223a40ca50879e35af028153469db0db63cd094fb3260134e4 27199 
apr_1.3.8-1ubuntu0.3.diff.gz
Files: 
 6553c2d9cfc60fce1da81134492ab23f 2119 libs optional apr_1.3.8-1ubuntu0.3.dsc
 b4501e2acb5fb7a51ccbb986cff7dc34 27199 libs optional 
apr_1.3.8-1ubuntu0.3.diff.gz
Original-Maintainer: Debian Apache Maintainers debian-apa...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] mahara, mahara_1.2.4-1ubuntu0.3_i386_translations.tar.gz (delayed) 1.2.4-1ubuntu0.3 (Accepted)

[Ubuntu Installer]

mahara (1.2.4-1ubuntu0.3) lucid-security; urgency=low

  * SECURITY UPDATE: fixes to session key validation (CSRF)
- debian/patches/CVE-2011-1403.patch: upstream patch

  * SECURITY UPDATE: privilege escalations
- debian/patches/CVE-2011-1402.patch: upstream patch

  * SECURITY UPDATE: information disclosure in AJAX calls
- debian/patches/CVE-2011-1404.patch: upstream patch

  * SECURITY UPDATE: https to http downgrade
- debian/patches/CVE-2011-1406.patch: upstream patch

  * SECURITY UPDATE: sanitisation of HTML emails
- debian/patches/CVE-2011-1405.patch: upstream patch

Date: Tue, 10 May 2011 16:33:40 +1200
Changed-By: Francois Marier franc...@debian.org
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/mahara/1.2.4-1ubuntu0.3
Format: 1.8
Date: Tue, 10 May 2011 16:33:40 +1200
Source: mahara
Binary: mahara mahara-apache2
Architecture: source
Version: 1.2.4-1ubuntu0.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Francois Marier franc...@debian.org
Description: 
 mahara - Electronic portfolio, weblog, and resume builder
 mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 
config
Changes: 
 mahara (1.2.4-1ubuntu0.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fixes to session key validation (CSRF)
 - debian/patches/CVE-2011-1403.patch: upstream patch
 .
   * SECURITY UPDATE: privilege escalations
 - debian/patches/CVE-2011-1402.patch: upstream patch
 .
   * SECURITY UPDATE: information disclosure in AJAX calls
 - debian/patches/CVE-2011-1404.patch: upstream patch
 .
   * SECURITY UPDATE: https to http downgrade
 - debian/patches/CVE-2011-1406.patch: upstream patch
 .
   * SECURITY UPDATE: sanitisation of HTML emails
 - debian/patches/CVE-2011-1405.patch: upstream patch
Checksums-Sha1: 
 97ecdba1e41d4f0e724287ec3130b81339bfe42e 2021 mahara_1.2.4-1ubuntu0.3.dsc
 60af8aa3c3c26ab6b888f7c1c6128d5682dc7c95 31167 
mahara_1.2.4-1ubuntu0.3.debian.tar.gz
Checksums-Sha256: 
 2c525eae4a0ff85a9fb4977a1e97169615fbe0c2e9db249ba2f7c717c5e8e886 2021 
mahara_1.2.4-1ubuntu0.3.dsc
 be2ae130ab0c8ed5128a50657358cd76db0189fc2266454d36aeca5b3a255dbf 31167 
mahara_1.2.4-1ubuntu0.3.debian.tar.gz
Files: 
 67a7dd6f5223586cd1c37ced84b5867c 2021 web optional mahara_1.2.4-1ubuntu0.3.dsc
 3d930dc0a2d0e0a33f8d044b0cb7d78b 31167 web optional 
mahara_1.2.4-1ubuntu0.3.debian.tar.gz
Original-Maintainer: Mahara Packaging Team 
mahara-packag...@lists.launchpad.net
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1_i386_translations.tar.gz (delayed)

[Ubuntu Installer]

flashplugin-nonfree (10.3.181.14ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.3.181.14
- debian/config, debian/postinst: Updated sha256sums and path.
- CVE-2011-0579
- CVE-2011-0618
- CVE-2011-0619
- CVE-2011-0620
- CVE-2011-0621
- CVE-2011-0622
- CVE-2011-0623
- CVE-2011-0624
- CVE-2011-0625
- CVE-2011-0626
- CVE-2011-0627

Date: Mon, 16 May 2011 11:42:40 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.3.181.14ubuntu0.10.04.1
Format: 1.8
Date: Mon, 16 May 2011 11:42:40 -0400
Source: flashplugin-nonfree
Binary: flashplugin-installer flashplugin-nonfree
Architecture: source
Version: 10.3.181.14ubuntu0.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 flashplugin-installer - Adobe Flash Player plugin installer
 flashplugin-nonfree - Adobe Flash Player plugin installer (transitional 
package)
Changes: 
 flashplugin-nonfree (10.3.181.14ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: New upstream release 10.3.181.14
 - debian/config, debian/postinst: Updated sha256sums and path.
 - CVE-2011-0579
 - CVE-2011-0618
 - CVE-2011-0619
 - CVE-2011-0620
 - CVE-2011-0621
 - CVE-2011-0622
 - CVE-2011-0623
 - CVE-2011-0624
 - CVE-2011-0625
 - CVE-2011-0626
 - CVE-2011-0627
Checksums-Sha1: 
 21d57304518e0d0d77c39a8fa6aeeaeac9f99652 1639 
flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.dsc
 f2d4477ae99afff159e90758cb77cd1f4033969e 27103 
flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.tar.gz
Checksums-Sha256: 
 c6217fc9c799c3cfdb40f610ff3bd3770d973a2f0e2a979df433d5cfd745e958 1639 
flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.dsc
 0f5ca536e4402722b5960f8de4ae38a45be1199028772fa3c17e440c036ef70e 27103 
flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.tar.gz
Files: 
 53d578e53db2a7e56e3ed7cafe784803 1639 contrib/web optional 
flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.dsc
 f2a8bbe987a913cf8af3244d309ac2bd 27103 contrib/web optional 
flashplugin-nonfree_10.3.181.14ubuntu0.10.04.1.tar.gz
Original-Maintainer: Bart Martens ba...@knars.be
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] apturl, apturl_0.4.1ubuntu4.1_i386_translations.tar.gz (delayed) 0.4.1ubuntu4.1 (Accepted)

[Ubuntu Installer]

apturl (0.4.1ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
- check URL for length and shorten it for error dialog in
  AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
- Patch thanks to Micheal Vogt
- CVE number pending

Date: Mon, 16 May 2011 13:57:01 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Michael Vogt m...@ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/apturl/0.4.1ubuntu4.1
Format: 1.8
Date: Mon, 16 May 2011 13:57:01 -0400
Source: apturl
Binary: apturl-common apturl apturl-kde
Architecture: source
Version: 0.4.1ubuntu4.1
Distribution: lucid-security
Urgency: low
Maintainer: Michael Vogt m...@ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 apturl - install packages using the apt protocol - GTK+ frontend
 apturl-common - install packages using the apt protocol - common data
 apturl-kde - install packages using the apt protocol - KDE frontend
Launchpad-Bugs-Fixed: 783594
Changes: 
 apturl (0.4.1ubuntu4.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via long apt URL (LP: #783594)
 - check URL for length and shorten it for error dialog in
   AptUrl/AptUrl.py, AptUrl/Parser.py, tests/apturlparse.py.
 - Patch thanks to Micheal Vogt
 - CVE number pending
Checksums-Sha1: 
 001f28866d6b8cf3213db8ada4ed31e4d8fe7fa6 1637 apturl_0.4.1ubuntu4.1.dsc
 78ed0496d0fd923149096ab0c5cf284b312b0a99 29592 apturl_0.4.1ubuntu4.1.tar.gz
Checksums-Sha256: 
 71170838704f6f6656c7a9f1b8f18b5cedeead560a2618f8524e3c3e77ff92f7 1637 
apturl_0.4.1ubuntu4.1.dsc
 f486b48d1b97666e7d85a3b8029d229c3a152a1eb99f137349de76116d2c674c 29592 
apturl_0.4.1ubuntu4.1.tar.gz
Files: 
 296b1d7c0afe4a9309de59a0d51099f1 1637 admin optional apturl_0.4.1ubuntu4.1.dsc
 c98809c36a640bf064b9b0dfdd76ad5f 29592 admin optional 
apturl_0.4.1ubuntu4.1.tar.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] postfix_2.7.0-1ubuntu0.2_sparc_translations.tar.gz (delayed), postfix_2.7.0-1ubuntu0.2_armel_translations.tar.gz, postfix, postfix_2.7.0-1ubuntu0.2_i386_translations.tar.gz, po

[Ubuntu Installer]

postfix (2.7.0-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: SASL memory corruption
- src/smtpd/smtpd_sasl_proto.c: don't reuse the SASL handle after
  auth failure.
- Origin: backported from postfix-2.7-patch04.gz
- CVE-2011-1720

Date: Tue, 10 May 2011 08:37:13 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/postfix/2.7.0-1ubuntu0.2
Format: 1.8
Date: Tue, 10 May 2011 08:37:13 -0400
Source: postfix
Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql 
postfix-pgsql postfix-dev postfix-doc
Architecture: source
Version: 2.7.0-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 postfix- High-performance mail transport agent
 postfix-cdb - CDB map support for Postfix
 postfix-dev - Loadable modules development environment for Postfix
 postfix-doc - Documentation for Postfix
 postfix-ldap - LDAP map support for Postfix
 postfix-mysql - MySQL map support for Postfix
 postfix-pcre - PCRE map support for Postfix
 postfix-pgsql - PostgreSQL map support for Postfix
Changes: 
 postfix (2.7.0-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: SASL memory corruption
 - src/smtpd/smtpd_sasl_proto.c: don't reuse the SASL handle after
   auth failure.
 - Origin: backported from postfix-2.7-patch04.gz
 - CVE-2011-1720
Checksums-Sha1: 
 607bb3d4ace5a44b585b97af9e046bf055acf1cd 2192 postfix_2.7.0-1ubuntu0.2.dsc
 a905f5d5b92315f15e4602abdf34fd373138c2b4 219237 
postfix_2.7.0-1ubuntu0.2.diff.gz
Checksums-Sha256: 
 4914287bde23b03455d6731d2cd614b058f30084400d3bd5ddc3dece60f5db1b 2192 
postfix_2.7.0-1ubuntu0.2.dsc
 a27e5a3182d4bea48d3a13b50a6bddb20720e8a377539c5c9c4f212e75408a31 219237 
postfix_2.7.0-1ubuntu0.2.diff.gz
Files: 
 908020830d95ebbc7e51531244bd5df0 2192 mail extra postfix_2.7.0-1ubuntu0.2.dsc
 de2bc0f4b1c2e620812f27930076f1b1 219237 mail extra 
postfix_2.7.0-1ubuntu0.2.diff.gz
Original-Maintainer: LaMont Jones lam...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] exim4_4.71-3ubuntu1.2_amd64_translations.tar.gz, exim4_4.71-3ubuntu1.2_sparc_translations.tar.gz (delayed), exim4, exim4_4.71-3ubuntu1.2_armel_translations.tar.gz, exim4_4.71-3

[Ubuntu Installer]

exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: format string vulnerability (LP: #779391)
- debian/patches/85_CVE-2011-1764.patch: patch from upstream
- CVE-2011-1764

Date: Sun, 08 May 2011 15:31:05 +0200
Changed-By: Felix Geyer debfx-...@fobos.de
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/exim4/4.71-3ubuntu1.2
Format: 1.8
Date: Sun, 08 May 2011 15:31:05 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy 
exim4-daemon-custom eximon4 exim4-dbg exim4-daemon-light-dbg 
exim4-daemon-heavy-dbg exim4-daemon-custom-dbg exim4-dev
Architecture: source
Version: 4.71-3ubuntu1.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Felix Geyer debfx-...@fobos.de
Description: 
 exim4  - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-custom - custom Exim MTA (v4) daemon with locally set features
 exim4-daemon-custom-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including 
exiscan-ac
 exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-daemon-light-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-dbg  - debugging symbols for the Exim MTA (v4) packages
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4- monitor application for the Exim MTA (v4) (X11 interface)
Launchpad-Bugs-Fixed: 779391
Changes: 
 exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: format string vulnerability (LP: #779391)
 - debian/patches/85_CVE-2011-1764.patch: patch from upstream
 - CVE-2011-1764
Checksums-Sha1: 
 7d6d0d0340c69e4758b33469d5b864bf5affceba 2404 exim4_4.71-3ubuntu1.2.dsc
 05fc38cef1e026987de2776dc35053c161174746 591752 
exim4_4.71-3ubuntu1.2.debian.tar.gz
Checksums-Sha256: 
 3bd780ac46485b58199770637a701c4bf5f1b7034e1744a28f79b5c8bd9eca75 2404 
exim4_4.71-3ubuntu1.2.dsc
 7334d20c75f347d914481e8fbcaf5d8adb6e70c5ccd8ffb013576c501731b25a 591752 
exim4_4.71-3ubuntu1.2.debian.tar.gz
Files: 
 8fede4e8a95ac687f9a4017946c86016 2404 mail standard exim4_4.71-3ubuntu1.2.dsc
 f668e84fceb64ee6e5dc5d6646e96ba7 591752 mail standard 
exim4_4.71-3ubuntu1.2.debian.tar.gz
Original-Maintainer: Exim4 Maintainers 
pkg-exim4-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] loop-aes-utils_2.15.1~rc1-2ubuntu1.1_ia64_translations.tar.gz, loop-aes-utils_2.15.1~rc1-2ubuntu1.1_sparc_translations.tar.gz (delayed), loop-aes-utils_2.15.1~rc1-2ubuntu1.1_i3

[Ubuntu Installer]

loop-aes-utils (2.15.1~rc1-2ubuntu1.1) lucid-security; urgency=low

  * debian/patches/30no-canonicalize.dpatch: Backport mount/umount
--no-canonicalize option from util-linux (LP: #727220). Patch from
Colin Watson.
  * debian/patches/31umount-fake.dpatch: Backport umount --fake option from
util-linux. Patch from Colin Watson.

Date: Wed, 04 May 2011 17:22:33 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/loop-aes-utils/2.15.1~rc1-2ubuntu1.1
Format: 1.8
Date: Wed, 04 May 2011 17:22:33 -0500
Source: loop-aes-utils
Binary: loop-aes-utils mount-aes-udeb
Architecture: source
Version: 2.15.1~rc1-2ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 loop-aes-utils - Tools for mounting and manipulating filesystems
 mount-aes-udeb - Mount utils for loop-AES (udeb)
Launchpad-Bugs-Fixed: 727220
Changes: 
 loop-aes-utils (2.15.1~rc1-2ubuntu1.1) lucid-security; urgency=low
 .
   * debian/patches/30no-canonicalize.dpatch: Backport mount/umount
 --no-canonicalize option from util-linux (LP: #727220). Patch from
 Colin Watson.
   * debian/patches/31umount-fake.dpatch: Backport umount --fake option from
 util-linux. Patch from Colin Watson.
Checksums-Sha1: 
 2ad3ffae6d5260b5954efbcf588433dc28c87316 1998 
loop-aes-utils_2.15.1~rc1-2ubuntu1.1.dsc
 f5adabd6dd6db33c3ebcc928bc90914e6daa53f6 106921 
loop-aes-utils_2.15.1~rc1-2ubuntu1.1.diff.gz
Checksums-Sha256: 
 935f15d9e65eab2fd34e792c53de67322d527b50f581dc1a07a77460c63f5055 1998 
loop-aes-utils_2.15.1~rc1-2ubuntu1.1.dsc
 5a5bc81a9663254990c78c66cb372e83ae8c56132688da4c7ca244728df8827a 106921 
loop-aes-utils_2.15.1~rc1-2ubuntu1.1.diff.gz
Files: 
 1076dd506cbc99e65f77939d12326352 1998 admin optional 
loop-aes-utils_2.15.1~rc1-2ubuntu1.1.dsc
 35b4fdf9de369f9fac846f743694ec3d 106921 admin optional 
loop-aes-utils_2.15.1~rc1-2ubuntu1.1.diff.gz
Original-Maintainer: Debian Loop-AES Team 
pkg-loop-aes-ma...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.9_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.9_sparc_translations.tar.gz (delayed), php5_5.3.2-1ubuntu4.9_i386_translations.tar.gz, php5_5.3.2-1ubuntu4.

[Ubuntu Installer]

php5 (5.3.2-1ubuntu4.9) lucid-security; urgency=low

  * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

Date: Mon, 02 May 2011 09:21:53 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.9
Format: 1.8
Date: Mon, 02 May 2011 09:21:53 -0700
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi 
php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp 
php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode 
php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.3.2-1ubuntu4.9
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 
module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language 
(apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5   - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-enchant - Enchant module for php5
 php5-gd- GD module for php5
 php5-gmp   - GMP module for php5
 php5-intl  - internationalisation module for php5
 php5-ldap  - LDAP module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Launchpad-Bugs-Fixed: 774452
Changes: 
 php5 (5.3.2-1ubuntu4.9) lucid-security; urgency=low
 .
   * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
 mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)
Checksums-Sha1: 
 7344b47b32b317f765853a1ac28f2d2a180414a6 3166 php5_5.3.2-1ubuntu4.9.dsc
 9eacde17d050900293dda71f230dbb81c195f692 226634 php5_5.3.2-1ubuntu4.9.diff.gz
Checksums-Sha256: 
 f74052ab1bb06a826e29da6ce0f445f2cb0914d077bd6e768728f1c007d77e91 3166 
php5_5.3.2-1ubuntu4.9.dsc
 384cee970c8bcf5d728e6a612fc02f8b09bdbf47b078e47c517c4c8205b701fd 226634 
php5_5.3.2-1ubuntu4.9.diff.gz
Files: 
 5ac081027f6220d39fbedf8dee3a72c8 3166 php optional php5_5.3.2-1ubuntu4.9.dsc
 586c771c45d314c339c0e6d5aa1c51ec 226634 php optional 
php5_5.3.2-1ubuntu4.9.diff.gz
Original-Maintainer: Debian PHP Maintainers 
pkg-php-ma...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] perl (delayed), perl 5.10.1-8ubuntu2.1 (Accepted)

[Ubuntu Installer]

perl (5.10.1-8ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
- debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
  2.29 to fix multiple issues.
- CVE-2010-1168
- CVE-2010-1447
  * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
and CRLF injections.
- debian/patches/fixes/cgi-multiline-header.diff: fix issues with
  patch obtained from (5.10.1-17).
- CVE-2010-2716
- CVE-2010-4410
- CVE-2010-4411
  * SECURITY UPDATE: taint protection bypass via missing taint attributes
- debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
  of pp_* functions.
- CVE-2011-1487

Date: Thu, 21 Apr 2011 13:22:49 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/perl/5.10.1-8ubuntu2.1
Format: 1.8
Date: Thu, 21 Apr 2011 13:22:49 -0400
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid 
libperl5.10 libperl-dev perl
Architecture: source
Version: 5.10.1-8ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.10 - shared Perl library
 perl   - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - runs setuid Perl scripts
Changes: 
 perl (5.10.1-8ubuntu2.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
 - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
   2.29 to fix multiple issues.
 - CVE-2010-1168
 - CVE-2010-1447
   * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
 and CRLF injections.
 - debian/patches/fixes/cgi-multiline-header.diff: fix issues with
   patch obtained from (5.10.1-17).
 - CVE-2010-2716
 - CVE-2010-4410
 - CVE-2010-4411
   * SECURITY UPDATE: taint protection bypass via missing taint attributes
 - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
   of pp_* functions.
 - CVE-2011-1487
Checksums-Sha1: 
 ab13b7d826b2f424ba6fb22c4a0707b46d0fd675 2110 perl_5.10.1-8ubuntu2.1.dsc
 6940c928693251bbb9bb18bc54625ac3d06f43b0 118283 perl_5.10.1-8ubuntu2.1.diff.gz
Checksums-Sha256: 
 31dbdb6fcb509430111f992e4af537852c2ec40c4156194a0b63aca2433e70be 2110 
perl_5.10.1-8ubuntu2.1.dsc
 aabd4982e9d144076053144909806e016d7bfa0265142a486d5617493921c31f 118283 
perl_5.10.1-8ubuntu2.1.diff.gz
Files: 
 37e72e62c1fbd67a7acff4588571fa5f 2110 perl standard perl_5.10.1-8ubuntu2.1.dsc
 b09bf4c1fc2a79c5d090ded735a12b3f 118283 perl standard 
perl_5.10.1-8ubuntu2.1.diff.gz
Original-Maintainer: Niko Tyni nt...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] usb-creator_0.2.22.3_i386_translations.tar.gz (delayed), usb-creator 0.2.22.3 (Accepted)

[Ubuntu Installer]

usb-creator (0.2.22.3) lucid-security; urgency=low

  [ Marc Deslauriers ]
  * SECURITY UPDATE: unprivileged disk operations (LP: #771553)
- CVE-2011-1828
  * setup.cfg: Specify policykit policy file as xml_file so it gets
translated properly instead of being malformed.

  [ Evan Dandrea ]
  * Guard UnmountFile with PolicyKit (LP: #771553).

Date: Fri, 29 Apr 2011 13:15:02 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Installer Team ubuntu-instal...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/usb-creator/0.2.22.3
Format: 1.8
Date: Fri, 29 Apr 2011 13:15:02 -0400
Source: usb-creator
Binary: usb-creator-common usb-creator usb-creator-gtk usb-creator-kde
Architecture: source
Version: 0.2.22.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Installer Team ubuntu-instal...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 usb-creator - Ubuntu startup disk creator transitional meta-package for GTK+
 usb-creator-common - Ubuntu startup disk creator common files
 usb-creator-gtk - Ubuntu startup disk creator for GTK+
 usb-creator-kde - Ubuntu USB desktop image creator for KDE
Launchpad-Bugs-Fixed: 771553 771553
Changes: 
 usb-creator (0.2.22.3) lucid-security; urgency=low
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: unprivileged disk operations (LP: #771553)
 - CVE-2011-1828
   * setup.cfg: Specify policykit policy file as xml_file so it gets
 translated properly instead of being malformed.
 .
   [ Evan Dandrea ]
   * Guard UnmountFile with PolicyKit (LP: #771553).
Checksums-Sha1: 
 a417de2abd6950716a24bccdee8fe84516970ca3 1638 usb-creator_0.2.22.3.dsc
 28c24b71ac3da45d07e4fbd0cb286230dcb024a9 281214 usb-creator_0.2.22.3.tar.gz
Checksums-Sha256: 
 33d0d19c9410edea03eaeda32350ac5bda1a040789cc4c2946293f741be843ef 1638 
usb-creator_0.2.22.3.dsc
 efdbb7ed102fa4ebe70f2c032100a4746081f607a51d43e0f254369ef3145abb 281214 
usb-creator_0.2.22.3.tar.gz
Files: 
 4d848b5c909e7b9bc61a25941469d42c 1638 admin optional usb-creator_0.2.22.3.dsc
 0f0966ac7d1096c5aab84a48d30a80cd 281214 admin optional 
usb-creator_0.2.22.3.tar.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] vino_2.28.2-0ubuntu2.1_sparc_translations.tar.gz (delayed), vino, vino_2.28.2-0ubuntu2.1_powerpc_translations.tar.gz, vino_2.28.2-0ubuntu2.1_armel_translations.tar.gz, vino_2.2

[Ubuntu Installer]

vino (2.28.2-0ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service or possible code execution via
crafted framebuffer update request
- debian/patches/04_CVE-2011-090x.patch: validate update rectangle in
  server/libvncserver/rfbserver.c.
- CVE-2011-0904
- CVE-2011-0905

Date: Thu, 28 Apr 2011 08:57:31 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/vino/2.28.2-0ubuntu2.1
Format: 1.8
Date: Thu, 28 Apr 2011 08:57:31 -0400
Source: vino
Binary: vino
Architecture: source
Version: 2.28.2-0ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 vino   - VNC server for GNOME
Changes: 
 vino (2.28.2-0ubuntu2.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service or possible code execution via
 crafted framebuffer update request
 - debian/patches/04_CVE-2011-090x.patch: validate update rectangle in
   server/libvncserver/rfbserver.c.
 - CVE-2011-0904
 - CVE-2011-0905
Checksums-Sha1: 
 490cb07e638a969f07e2037a7855e1c2e762b755 2565 vino_2.28.2-0ubuntu2.1.dsc
 9c44027acb40ff54c8b1c91008296b2b1d353434 8318 vino_2.28.2-0ubuntu2.1.diff.gz
Checksums-Sha256: 
 619cd7b1513be21f36c4d130b752f8cf47d46fe6ace907677de4f1631d9dc23b 2565 
vino_2.28.2-0ubuntu2.1.dsc
 57e895b6aeddae6b60f3dd08ad4408b03de5548bc150610df4721b4353b03c5e 8318 
vino_2.28.2-0ubuntu2.1.diff.gz
Files: 
 335d888031ce5ca6f394ebfe47832c9b 2565 gnome optional vino_2.28.2-0ubuntu2.1.dsc
 95bb46195b2b2f3779261a1dd1c0609e 8318 gnome optional 
vino_2.28.2-0ubuntu2.1.diff.gz
Original-Maintainer: Jordi Mallach jo...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.8_amd64_translations.tar.gz, php5_5.3.2-1ubuntu4.8_i386_translations.tar.gz, php5_5.3.2-1ubuntu4.8_powerpc_translations.tar.gz, php5_5.3.2-1ubuntu4.8_armel_

[Ubuntu Installer]

php5 (5.3.2-1ubuntu4.8) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary files removal via cronjob
- debian/php5-common.php5.cron.d: take greater care when removing
  session files.
- 
http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
- CVE-2011-0441
  * SECURITY UPDATE: symlink tmp races in pear install
- debian/patches/php5-pear-CVE-2011-1072.patch: improved
  tempfile handling.
- debian/rules: apply patch manually after unpacking PEAR phar
  archive.
- CVE-2011-1072
  * SECURITY UPDATE: more symlink races in pear install
- debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
  file handler.
- debian/rules: apply patch manually after unpacking PEAR phar
  archive.
- CVE-2011-1144
  * SECURITY UPDATE: pathname restriction bypass vulnerability
- debian/patches/php5-CVE-2006-7243.patch: check for passed
  filenames containing NULL bytes.
- CVE-2006-7243
  * SECURITY UPDATE: use-after-free vulnerability
- debian/patches/php5-CVE-2010-4697.patch: retain reference to
  object until getter/setter are done.
- CVE-2010-4697
  * SECURITY UPDATE: denial of service through application crash with
invalid images
- debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing
  steps are either 4 or 16.
- CVE-2010-4698
  * SECURITY UPDATE: denial of service through application crash
- debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract()
  argument validation.
- CVE-2011-0420
  * SECURITY UPDATE: denial of service through application crash
- debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully
  when handling zero sized zipfile with the FL_UNCHANGED argument
- CVE-2011-0421
  * SECURITY UPDATE: denial of service through application crash when
handling images with invalid exif tags
- debian/patches/php5-CVE-2011-0708.patch: stricter exif checking
- CVE-2011-0708
  * SECURITY UPDATE: denial of service and possible data disclosure
through integer overflow
- debian/patches/php5-CVE-2011-1092.patch: better boundary
  condition checks in shmop_read()
- CVE-2011-1092
  * SECURITY UPDATE: use-after-free vulnerability
- debian/patches/php5-CVE-2011-1148.patch: improve reference
  counting
- CVE-2011-1148
  * SECURITY UPDATE: format string vulnerability
- debian/patches/php5-CVE-2011-1153.patch: correctly quote format
  strings
- CVE-2011-1153
  * SECURITY UPDATE: denial of service through buffer overflow crash
(code execution mitigated by compilation with Fortify Source)
- debian/patches/php5-CVE-2011-1464.patch: limit amount of precision
  to ensure fitting within MAX_BUF_SIZE
- CVE-2011-1464
  * SECURITY UPDATE: denial of service through application crash via
integer overflow.
- debian/patches/php5-CVE-2011-1466.patch: improve boundary
  condition checking in SdnToJulian()
- CVE-2011-1466
  * SECURITY UPDATE: denial of service through application crash
- debian/patches/php5-CVE-2011-1467.patch: check for invalid
  attribute symbols in NumberFormatter::setSymbol()
- CVE-2011-1467
  * SECURITY UPDATE: denial of service through memory leak
- debian/patches/php5-CVE-2011-1468.patch: fix memory leak of
  openssl contexts
- CVE-2011-1468
  * SECURITY UPDATE: denial of service through application crash
when using HTTP proxy with the FTP wrapper
- debian/patches/php5-CVE-2011-1469.patch: improve pointer handling
- CVE-2011-1469
  * SECURITY UPDATE: denial of service through application crash when
handling ziparchive streams
- debian/patches/php5-CVE-2011-1470.patch: set necessary elements of
  the meta data structure
- CVE-2011-1470
  * SECURITY UPDATE: denial of service through application crash when
handling malformed zip files
- debian/patches/php5-CVE-2011-1471.patch: correct integer
  signedness error when handling zip_fread() return value.
- CVE-2011-1471

Date: Thu, 21 Apr 2011 11:07:40 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.8
Format: 1.8
Date: Thu, 21 Apr 2011 11:07:40 -0700
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi 
php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp 
php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode 
php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.3.2-1ubuntu4.8
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 
module)
 libapache2-mod-php5filter - 

[ubuntu/lucid-security] rsync, rsync (delayed) 3.0.7-1ubuntu1.1 (Accepted)

[Ubuntu Installer]

rsync (3.0.7-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
execution via malformed data
- debian/patches/security-CVE-2011-1097.diff: introduce and use
  FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
- CVE-2011-1097

Date: Fri, 08 Apr 2011 10:06:25 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/rsync/3.0.7-1ubuntu1.1
Format: 1.8
Date: Fri, 08 Apr 2011 10:06:25 -0400
Source: rsync
Binary: rsync
Architecture: source
Version: 3.0.7-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 rsync  - fast remote file copy program (like rcp)
Changes: 
 rsync (3.0.7-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible arbitrary code
 execution via malformed data
 - debian/patches/security-CVE-2011-1097.diff: introduce and use
   FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
 - CVE-2011-1097
Checksums-Sha1: 
 bde837a7e1618c4a11f64dd15faa6fb8d0f6303a 1704 rsync_3.0.7-1ubuntu1.1.dsc
 b8930b1d1219d16826c969e840dc0f59bde5c6c0 22550 rsync_3.0.7-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 f4e528082938e9d93c74cac4c3491567966aaf63fc06dba614d6f1ea18cb97a0 1704 
rsync_3.0.7-1ubuntu1.1.dsc
 24bd918d148942d7a1d5d72a7f7df10f2cd35b5ab12ae15d9d3b0d5ddd6f38d5 22550 
rsync_3.0.7-1ubuntu1.1.diff.gz
Files: 
 bf215ad7353d92bc39fa5c9761cb6a05 1704 net optional rsync_3.0.7-1ubuntu1.1.dsc
 f2d31cce58febafb914fbea7d2d4ae4c 22550 net optional 
rsync_3.0.7-1ubuntu1.1.diff.gz
Original-Maintainer: Paul Slootman p...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] pcsc-lite (delayed), pcsc-lite 1.5.3-1ubuntu4.2 (Accepted)

[Ubuntu Installer]

pcsc-lite (1.5.3-1ubuntu4.2) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long attribute value
- src/atrhandler.c: verify against maximum attribute size.
- 
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
- CVE-2010-4531

Date: Thu, 14 Apr 2011 09:38:09 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/pcsc-lite/1.5.3-1ubuntu4.2
Format: 1.8
Date: Thu, 14 Apr 2011 09:38:09 -0400
Source: pcsc-lite
Binary: pcscd libpcsclite-dev libpcsclite1
Architecture: source
Version: 1.5.3-1ubuntu4.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libpcsclite-dev - Middleware to access a smart card using PC/SC (development 
files)
 libpcsclite1 - Middleware to access a smart card using PC/SC (library)
 pcscd  - Middleware to access a smart card using PC/SC (daemon side)
Changes: 
 pcsc-lite (1.5.3-1ubuntu4.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via long attribute value
 - src/atrhandler.c: verify against maximum attribute size.
 - 
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
 - CVE-2010-4531
Checksums-Sha1: 
 bde53dc76b93ed0eb2e5b3cf51cf3ddc17a7f90a 1987 pcsc-lite_1.5.3-1ubuntu4.2.dsc
 ecae06ea13b9942ac686ee30b149d7307c67831a 15079 
pcsc-lite_1.5.3-1ubuntu4.2.diff.gz
Checksums-Sha256: 
 5981080688d93bf5dfa6a6440454717a29d6fbf3620d5ba8d8161251bc73fe30 1987 
pcsc-lite_1.5.3-1ubuntu4.2.dsc
 bd6c133a4116ceb84b4cc768cf01de25ab16b519457692ce80158ebe0ed2c7f2 15079 
pcsc-lite_1.5.3-1ubuntu4.2.diff.gz
Files: 
 a443f723d64a9fb92e9733f258a5fa61 1987 misc extra pcsc-lite_1.5.3-1ubuntu4.2.dsc
 b26cd58914a67d2228dc466f3be8ac00 15079 misc extra 
pcsc-lite_1.5.3-1ubuntu4.2.diff.gz
Original-Maintainer: Ludovic Rousseau rouss...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.7 (Accepted)

[Ubuntu Installer]

tiff (3.9.2-2ubuntu0.7) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via malformed JPEG
- debian/patches/CVE-2009-5022.patch: check width in
  libtiff/tif_ojpeg.c.
- CVE-2009-5022

Date: Wed, 20 Apr 2011 13:06:34 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.7
Format: 1.8
Date: Wed, 20 Apr 2011 13:06:34 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source
Version: 3.9.2-2ubuntu0.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes: 
 tiff (3.9.2-2ubuntu0.7) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via malformed JPEG
 - debian/patches/CVE-2009-5022.patch: check width in
   libtiff/tif_ojpeg.c.
 - CVE-2009-5022
Checksums-Sha1: 
 33e6cf994973f556107a217cc0bf1c4e15e5a3ed 1936 tiff_3.9.2-2ubuntu0.7.dsc
 704d4c5b587732e18834bc86a717236230f42e1b 21208 tiff_3.9.2-2ubuntu0.7.diff.gz
Checksums-Sha256: 
 6b33ca70175d73ddeadfce6283e04faf41360c0907ae57f6c365f127d8052400 1936 
tiff_3.9.2-2ubuntu0.7.dsc
 bd0e8f0d8e17182dc502e64a1b5d7e17535b29f077388e40ac9c32b908b7060e 21208 
tiff_3.9.2-2ubuntu0.7.diff.gz
Files: 
 87e7d8d4296732463e62d48ff2e17d64 1936 libs optional tiff_3.9.2-2ubuntu0.7.dsc
 8fdb23dc4384a427139bbc5b8750b091 21208 libs optional 
tiff_3.9.2-2ubuntu0.7.diff.gz
Original-Maintainer: Jay Berkenbilt q...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openslp-dfsg_1.2.1-7.6ubuntu0.1_i386_translations.tar.gz, openslp-dfsg_1.2.1-7.6ubuntu0.1_sparc_translations.tar.gz (delayed), openslp-dfsg_1.2.1-7.6ubuntu0.1_armel_translation

[Ubuntu Installer]

openslp-dfsg (1.2.1-7.6ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via circular reference
- debian/patches/CVE-2010-3609.patch: detect circular reference in
  common/slp_message.c. Patch thanks to SUSE.
- CVE-2010-3609
  * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in
debian/patches actually get applied.
  * debian/patches/series: disable 01_have_net_if_arp.diff and
99_autoreconf.diff since they had never been applied.

Date: Tue, 05 Apr 2011 14:57:51 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/openslp-dfsg/1.2.1-7.6ubuntu0.1
Format: 1.8
Date: Tue, 05 Apr 2011 14:57:51 -0400
Source: openslp-dfsg
Binary: slpd openslp-doc libslp1 slptool libslp-dev
Architecture: source
Version: 1.2.1-7.6ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libslp-dev - OpenSLP development libraries
 libslp1- OpenSLP libraries
 openslp-doc - OpenSLP documentation
 slpd   - OpenSLP Server (slpd)
 slptool- SLP command line tool
Changes: 
 openslp-dfsg (1.2.1-7.6ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via circular reference
 - debian/patches/CVE-2010-3609.patch: detect circular reference in
   common/slp_message.c. Patch thanks to SUSE.
 - CVE-2010-3609
   * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in
 debian/patches actually get applied.
   * debian/patches/series: disable 01_have_net_if_arp.diff and
 99_autoreconf.diff since they had never been applied.
Checksums-Sha1: 
 9fc995b5e6fe074a0bfc9309fdc5885958d137ee 1870 
openslp-dfsg_1.2.1-7.6ubuntu0.1.dsc
 df198bf861e665900e6a20a0628b32cdbbd0c25c 444768 
openslp-dfsg_1.2.1-7.6ubuntu0.1.diff.gz
Checksums-Sha256: 
 5dd544cc9601c39605750a7a8453c7e4247f3fcde2a1c73b409b4af6e6f2239e 1870 
openslp-dfsg_1.2.1-7.6ubuntu0.1.dsc
 a2745714a9033d38a65ab3d54e8699832dc17766b022425376bec8d6dd7f3f85 444768 
openslp-dfsg_1.2.1-7.6ubuntu0.1.diff.gz
Files: 
 095adf798156726fa5a64322296f9995 1870 net extra 
openslp-dfsg_1.2.1-7.6ubuntu0.1.dsc
 f3285507058b445ef8f03628ccc0b34c 444768 net extra 
openslp-dfsg_1.2.1-7.6ubuntu0.1.diff.gz
Original-Maintainer: Ganesan Rajagopal rgane...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] dhcp3_3.1.3-2ubuntu3.2_ia64_translations.tar.gz, dhcp3, dhcp3_3.1.3-2ubuntu3.2_armel_translations.tar.gz, dhcp3_3.1.3-2ubuntu3.2_sparc_translations.tar.gz (delayed), dhcp3_3.1.

[Ubuntu Installer]

dhcp3 (3.1.3-2ubuntu3.2) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
- Patch for CVE-2011-0997 was getting reverted during the build
  because of special quilt handling in debian/rules for the ldap
  patches.
- debian/patches/00list: move CVE-2011-0997 patch before the ldap
  patches, and add comment.
- CVE-2011-0997

Date: Tue, 19 Apr 2011 09:10:55 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dhcp3/3.1.3-2ubuntu3.2
Format: 1.8
Date: Tue, 19 Apr 2011 09:10:55 -0400
Source: dhcp3
Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client 
dhcp3-client dhcp3-client-udeb dhcp3-relay
Architecture: source
Version: 3.1.3-2ubuntu3.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 dhcp-client - DHCP client transitional package
 dhcp3-client - DHCP client
 dhcp3-client-udeb - DHCP Client for debian-installer (udeb)
 dhcp3-common - common files used by all the dhcp3* packages
 dhcp3-dev  - API for accessing and modifying the DHCP server and client state
 dhcp3-relay - DHCP relay daemon
 dhcp3-server - DHCP server for automatic IP address assignment
 dhcp3-server-ldap - DHCP server able to use LDAP as backend
Changes: 
 dhcp3 (3.1.3-2ubuntu3.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted hostname
 - Patch for CVE-2011-0997 was getting reverted during the build
   because of special quilt handling in debian/rules for the ldap
   patches.
 - debian/patches/00list: move CVE-2011-0997 patch before the ldap
   patches, and add comment.
 - CVE-2011-0997
Checksums-Sha1: 
 a2d336a0fc6a556416df1eb196a0641306f02785 1950 dhcp3_3.1.3-2ubuntu3.2.dsc
 792396a675a53e5bb724c6eb2653a363368ccf83 145184 dhcp3_3.1.3-2ubuntu3.2.diff.gz
Checksums-Sha256: 
 73491feed384e541a25a903cda8b59c1d31a45dc94c8ffab6ecda162e2056df3 1950 
dhcp3_3.1.3-2ubuntu3.2.dsc
 329b85c3fc79a508f2039d11fc513f46d9b423825e17a76674d8a0dd0ad440c6 145184 
dhcp3_3.1.3-2ubuntu3.2.diff.gz
Files: 
 0dabda28e70a4531ca305a9966f7c23d 1950 net important dhcp3_3.1.3-2ubuntu3.2.dsc
 d5f2dbb6a79ebe4990b72530940b3cba 145184 net important 
dhcp3_3.1.3-2ubuntu3.2.diff.gz
Original-Maintainer: Andrew Pollock apoll...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] ia32-libs (delayed), ia32-libs 2.7ubuntu26.1 (Accepted)

[Ubuntu Installer]

ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
including:
- lcms buffer overflow, CVE-2009-0793 (LP: #700198)
- openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
  and CVE-2010-2939
- libpango1.0: multiple DoS, possible code execution issues:
  CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
- nss: many issues

Date: Tue, 12 Apr 2011 11:26:47 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/ia32-libs/2.7ubuntu26.1
Format: 1.8
Date: Tue, 12 Apr 2011 11:26:47 -0700
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev lib32gcc1
Architecture: source
Version: 2.7ubuntu26.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 ia32-libs  - ia32 shared libraries for use on amd64 and ia64 systems
 ia32-libs-dev - ia32 development libraries and headers for use on ia32/ia64 
syste
 lib32gcc1  - GCC support library (ia32)
Launchpad-Bugs-Fixed: 700198
Changes: 
 ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Refresh packages to pull in security fixes,
 including:
 - lcms buffer overflow, CVE-2009-0793 (LP: #700198)
 - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
   and CVE-2010-2939
 - libpango1.0: multiple DoS, possible code execution issues:
   CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
 - nss: many issues
Checksums-Sha1: 
 256d21788bd02244b6f38fd9af7ffc64239225a3 1711 ia32-libs_2.7ubuntu26.1.dsc
 295e994e0d8ac446f9f79a89c71008dced4f3f79 694968028 
ia32-libs_2.7ubuntu26.1.tar.gz
Checksums-Sha256: 
 7ceb580b9014ad7e0f55aadc2b09a430d539148b333649c9fa18078cb30d9872 1711 
ia32-libs_2.7ubuntu26.1.dsc
 5dce1dd5dc5f9bc5e153a8492f0fca52c662db5431a39f3ba15acc076fd7689f 694968028 
ia32-libs_2.7ubuntu26.1.tar.gz
Files: 
 4a186746feaedf730afe7643624a7397 1711 libs extra ia32-libs_2.7ubuntu26.1.dsc
 9885e6db4257b9cd8aa9381ae14f484f 694968028 libs extra 
ia32-libs_2.7ubuntu26.1.tar.gz
Original-Maintainer: Debian ia32-libs Team 
pkg-ia32-libs-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] krb5, krb5_1.8.1+dfsg-2ubuntu0.9_armel_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.9_sparc_translations.tar.gz (delayed), krb5_1.8.1+dfsg-2ubuntu0.9_amd64_translations.tar.gz

[Ubuntu Installer]

krb5 (1.8.1+dfsg-2ubuntu0.9) lucid-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
pointer.
- src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
- CVE-2011-0285
- MITKRB5-SA-2011-004

Date: Mon, 18 Apr 2011 15:40:24 -0700
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.9
Format: 1.8
Date: Mon, 18 Apr 2011 15:40:24 -0700
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev 
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 
libkrb5support0
Architecture: source
Version: 1.8.1+dfsg-2ubuntu0.9
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-4  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Changes: 
 krb5 (1.8.1+dfsg-2ubuntu0.9) lucid-security; urgency=low
 .
   * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
 pointer.
 - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
 - CVE-2011-0285
 - MITKRB5-SA-2011-004
Checksums-Sha1: 
 86a498e5e5ea168b540e338fb070c7519c40b1b7 2361 krb5_1.8.1+dfsg-2ubuntu0.9.dsc
 9a5da0d5cd4bdc58f671bb430617b05765a570d6 132403 
krb5_1.8.1+dfsg-2ubuntu0.9.diff.gz
Checksums-Sha256: 
 73e2fae593b0f08c7f6495fbbc76daacae90a52125cd1fd864e8f1686ad15e63 2361 
krb5_1.8.1+dfsg-2ubuntu0.9.dsc
 0e200b839b6e9c98fb357cdcfe1a86d8f70339916aac7ed6af7daf011c473aa5 132403 
krb5_1.8.1+dfsg-2ubuntu0.9.diff.gz
Files: 
 16911c18fd06058429724ad79319e9a3 2361 net standard 
krb5_1.8.1+dfsg-2ubuntu0.9.dsc
 4750d8704de8df226b7c60c96a9ad5e7 132403 net standard 
krb5_1.8.1+dfsg-2ubuntu0.9.diff.gz
Original-Maintainer: Sam Hartman hartm...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] policykit-1_0.96-2ubuntu0.1_powerpc_translations.tar.gz, policykit-1_0.96-2ubuntu0.1_ia64_translations.tar.gz, policykit-1_0.96-2ubuntu0.1_sparc_translations.tar.gz (delayed),

[Ubuntu Installer]

policykit-1 (0.96-2ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: avoid /proc race conditions when checking privileges
for pkexec.
- 10_fix_proc_race.patch
- CVE-2011-1485

Date: Tue, 19 Apr 2011 12:38:05 -0700
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/policykit-1/0.96-2ubuntu0.1
Format: 1.8
Date: Tue, 19 Apr 2011 12:38:05 -0700
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 
libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev 
libpolkit-backend-1-0 libpolkit-backend-1-dev
Architecture: source
Version: 0.96-2ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 libpolkit-agent-1-0 - PolicyKit Authentication Agent API
 libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
 libpolkit-backend-1-0 - PolicyKit backend API
 libpolkit-backend-1-dev - PolicyKit backend API - development files
 libpolkit-gobject-1-0 - PolicyKit Authorization API
 libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
 policykit-1 - framework for managing administrative policies and privileges
 policykit-1-doc - documentation for PolicyKit-1
Changes: 
 policykit-1 (0.96-2ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: avoid /proc race conditions when checking privileges
 for pkexec.
 - 10_fix_proc_race.patch
 - CVE-2011-1485
Checksums-Sha1: 
 85c8dab6b2f0c0869c56a4505eb6556f0021c07a 2446 policykit-1_0.96-2ubuntu0.1.dsc
 f4cb203d6f2df86421d14a99fb793941d9cf2a1f 15245 
policykit-1_0.96-2ubuntu0.1.diff.gz
Checksums-Sha256: 
 53c1c59da84cd19269c0430e4d0066443a30fa6507d76f57014abc25d3044074 2446 
policykit-1_0.96-2ubuntu0.1.dsc
 21335943e97cd75aaabf7a2d0e0eb1069d426b059d85c5bf4d76e7c75af67966 15245 
policykit-1_0.96-2ubuntu0.1.diff.gz
Files: 
 ecd691dc2a5bd0dde3cb5acc5d7ac7f1 2446 admin optional 
policykit-1_0.96-2ubuntu0.1.dsc
 1c51b8d078f97a69478096955c82415e 15245 admin optional 
policykit-1_0.96-2ubuntu0.1.diff.gz
Original-Maintainer: Utopia Maintenance Team 
pkg-utopia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] postfix_2.7.0-1ubuntu0.1_sparc_translations.tar.gz (delayed), postfix, postfix_2.7.0-1ubuntu0.1_amd64_translations.tar.gz, postfix_2.7.0-1ubuntu0.1_i386_translations.tar.gz, po

[Ubuntu Installer]

postfix (2.7.0-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: man-in-the-middle via plaintext command injection
- src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
  stream buffer so there is no pending plaintext.
- Origin: backported from postfix-2.7-patch03.gz
- CVE-2011-0411

Date: Fri, 15 Apr 2011 10:21:59 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/postfix/2.7.0-1ubuntu0.1
Format: 1.8
Date: Fri, 15 Apr 2011 10:21:59 -0400
Source: postfix
Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql 
postfix-pgsql postfix-dev postfix-doc
Architecture: source
Version: 2.7.0-1ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 postfix- High-performance mail transport agent
 postfix-cdb - CDB map support for Postfix
 postfix-dev - Loadable modules development environment for Postfix
 postfix-doc - Documentation for Postfix
 postfix-ldap - LDAP map support for Postfix
 postfix-mysql - MySQL map support for Postfix
 postfix-pcre - PCRE map support for Postfix
 postfix-pgsql - PostgreSQL map support for Postfix
Changes: 
 postfix (2.7.0-1ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: man-in-the-middle via plaintext command injection
 - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
   stream buffer so there is no pending plaintext.
 - Origin: backported from postfix-2.7-patch03.gz
 - CVE-2011-0411
Checksums-Sha1: 
 2ee0c321c7b52476bf81e5b27de5f7332727c1df 2192 postfix_2.7.0-1ubuntu0.1.dsc
 a2f91d27fd95350d0ff7c92478179e0cebddebcc 218893 
postfix_2.7.0-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 64df262373e36e849cd6f1f6e826fd04946a693abfe8d3a907ce09e7e5d4fddf 2192 
postfix_2.7.0-1ubuntu0.1.dsc
 051f20a7148a863961db88a89b1d6510cd9692a57d887cceec10d47b28050ee2 218893 
postfix_2.7.0-1ubuntu0.1.diff.gz
Files: 
 a450b0f0491f396116591bf0f6761926 2192 mail extra postfix_2.7.0-1ubuntu0.1.dsc
 e819328774b3de78c268bd2bd8a16f22 218893 mail extra 
postfix_2.7.0-1ubuntu0.1.diff.gz
Original-Maintainer: LaMont Jones lam...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] kdepimlibs_4.4.5-0ubuntu1.1_powerpc_translations.tar.gz, kdepimlibs_4.4.5-0ubuntu1.1_amd64_translations.tar.gz, kdepimlibs_4.4.5-0ubuntu1.1_sparc_translations.tar.gz (delayed),

[Ubuntu Installer]

kdepimlibs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low

  * no change rebuild for kdenetwork security update

Date: Fri, 15 Apr 2011 09:21:38 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/kdepimlibs/4:4.4.5-0ubuntu1.1
Format: 1.8
Date: Fri, 15 Apr 2011 09:21:38 -0500
Source: kdepimlibs
Binary: kdepimlibs5 kdepimlibs-data kdepimlibs5-dev kdepimlibs-dbg
Architecture: source
Version: 4:4.4.5-0ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 kdepimlibs-data - core shared data for KDE PIM 4 applications
 kdepimlibs-dbg - debugging symbols for the KDE 4 PIM libraries
 kdepimlibs5 - core libraries for KDE PIM 4 applications
 kdepimlibs5-dev - development files for the KDE 4 PIM libraries
Changes: 
 kdepimlibs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low
 .
   * no change rebuild for kdenetwork security update
Checksums-Sha1: 
 397c85cace5f14121eb263687cda1565c67c00ff 2479 kdepimlibs_4.4.5-0ubuntu1.1.dsc
 f5babef87a6c29cb33325db418d478843263bf64 28263 
kdepimlibs_4.4.5-0ubuntu1.1.diff.gz
Checksums-Sha256: 
 f1bd47adc985fc3e5868a32a728a8301d354c2a6be8a68d89aa11a7844bf54d8 2479 
kdepimlibs_4.4.5-0ubuntu1.1.dsc
 fb49dc42b5b3f1a883ceaf5b4ef9a1658a4b90b15ec2bc0e8f037eddfe1c1ee6 28263 
kdepimlibs_4.4.5-0ubuntu1.1.diff.gz
Files: 
 ec22efd8cf909101f4fc710834650ad9 2479 libs optional 
kdepimlibs_4.4.5-0ubuntu1.1.dsc
 20094a94db4bfc7083ca1b09aac5428b 28263 libs optional 
kdepimlibs_4.4.5-0ubuntu1.1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] kdenetwork_4.4.5-0ubuntu1.1_sparc_translations.tar.gz (delayed), kdenetwork_4.4.5-0ubuntu1.1_armel_translations.tar.gz, kdenetwork_4.4.5-0ubuntu1.1_i386_translations.tar.gz, kd

[Ubuntu Installer]

kdenetwork (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: file name directory traversal attack (LP: #757526)
- Add debian/patches/kubuntu_06_kget_metalinker.diff: check if the
  filename is well formed, without traversal opportunities
- CVE-2011- (an incomplete fix for CVE-2010-1000)

Date: Wed, 13 Apr 2011 20:03:50 +0200
Changed-By: Romain Perier romain.per...@gmail.com
Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/kdenetwork/4:4.4.5-0ubuntu1.1
Format: 1.8
Date: Wed, 13 Apr 2011 20:03:50 +0200
Source: kdenetwork
Binary: kdenetwork kdenetwork-filesharing kget libkopete4 kopete libkopete-dev 
kppp krdc krfb kdenetwork-dbg kde-zeroconf kopete-plugin-otr-kde4
Architecture: source
Version: 4:4.4.5-0ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com
Changed-By: Romain Perier romain.per...@gmail.com
Description: 
 kde-zeroconf - zeroconf plugins and kio slaves for KDE 4
 kdenetwork - networking applications from the official KDE 4 release
 kdenetwork-dbg - debugging symbols for the KDE 4 networking module
 kdenetwork-filesharing - network filesharing configuration module for KDE 4
 kget   - download manager for KDE 4
 kopete - instant messenger for KDE 4
 kopete-plugin-otr-kde4 - Transitional package
 kppp   - modem dialer for KDE 4
 krdc   - Remote Desktop Connection client for KDE 4
 krfb   - Desktop Sharing for KDE 4
 libkopete-dev - development files for the KDE 4 networking module
 libkopete4 - main Kopete library
Launchpad-Bugs-Fixed: 757526
Changes: 
 kdenetwork (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: file name directory traversal attack (LP: #757526)
 - Add debian/patches/kubuntu_06_kget_metalinker.diff: check if the
   filename is well formed, without traversal opportunities
 - CVE-2011- (an incomplete fix for CVE-2010-1000)
Checksums-Sha1: 
 daf7659c250aee2a4db102eb2390a37c9fbf3f0f 2973 kdenetwork_4.4.5-0ubuntu1.1.dsc
 cba4f888f794f21361499fdb177fa0cee2178461 45508 
kdenetwork_4.4.5-0ubuntu1.1.diff.gz
Checksums-Sha256: 
 18a5571d7c68ce7a398bfd4e1eaddae67a608f51ae0606f7905472db3f3737b6 2973 
kdenetwork_4.4.5-0ubuntu1.1.dsc
 cff07f76f05288ed6336fd89716bb40c80b7e3a76c1a56ec58506caa59b4d68f 45508 
kdenetwork_4.4.5-0ubuntu1.1.diff.gz
Files: 
 2a8829e9c2630cfb82e1ef1ff8e5e98c 2973 kde optional 
kdenetwork_4.4.5-0ubuntu1.1.dsc
 4a0ee34757f54670c79e8997b6a629cb 45508 kde optional 
kdenetwork_4.4.5-0ubuntu1.1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1_i386_translations.tar.gz (delayed) 1

[Ubuntu Installer]

flashplugin-nonfree (10.2.159.1ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.2.159.1
- debian/config, debian/postinst: Updated sha256sums and path.
- CVE-2011-0611

Date: Sat, 16 Apr 2011 07:37:05 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.2.159.1ubuntu0.10.04.1
Format: 1.8
Date: Sat, 16 Apr 2011 07:37:05 -0400
Source: flashplugin-nonfree
Binary: flashplugin-installer flashplugin-nonfree
Architecture: source
Version: 10.2.159.1ubuntu0.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 flashplugin-installer - Adobe Flash Player plugin installer
 flashplugin-nonfree - Adobe Flash Player plugin installer (transitional 
package)
Changes: 
 flashplugin-nonfree (10.2.159.1ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: New upstream release 10.2.159.1
 - debian/config, debian/postinst: Updated sha256sums and path.
 - CVE-2011-0611
Checksums-Sha1: 
 9b00452ede2af959973782f1b5d72e23bd2e8550 1635 
flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.dsc
 d399316bc27cfbe937958ecdb790b19138c5be34 27034 
flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.tar.gz
Checksums-Sha256: 
 cc0ecdd7b0972379364b0fc446a6466b25725a9b0681fc1f2e234ae49e0f34ad 1635 
flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.dsc
 7b586b646b78048164cc49e7accf761bdc30961d18d931704e3c216d77f03c65 27034 
flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.tar.gz
Files: 
 2d6f72a0b737de2dc314f76d3cbd20f8 1635 contrib/web optional 
flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.dsc
 e60c70b6ffd90fa437f8d9702c6190c1 27034 contrib/web optional 
flashplugin-nonfree_10.2.159.1ubuntu0.10.04.1.tar.gz
Original-Maintainer: Bart Martens ba...@knars.be
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] vlc, vlc_1.0.6-1ubuntu1.6_i386_translations.tar.gz, vlc_1.0.6-1ubuntu1.6_sparc_translations.tar.gz (delayed), vlc_1.0.6-1ubuntu1.6_ia64_translations.tar.gz, vlc_1.0.6-1ubuntu1.

[Ubuntu Installer]

vlc (1.0.6-1ubuntu1.6) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted width
- debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
  src/video_output/video_output.c.
- CVE-2010-3275
- CVE-2010-3276
  * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
- debian/patches/CVE-2011-1684.patch: fix buffer overflow in
  modules/demux/mp4/libmp4.c.
- CVE-2011-1684

Date: Wed, 13 Apr 2011 23:27:23 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.6
Format: 1.8
Date: Wed, 13 Apr 2011 23:27:23 -0400
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev 
vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib 
vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data
Architecture: source
Version: 1.0.6-1ubuntu1.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libvlc-dev - development files for libvlc
 libvlc2- multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore2 - base library for VLC and its modules
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc- multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg- debugging symbols for vlc
 vlc-nox- multimedia player and streamer (without X support)
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Launchpad-Bugs-Fixed: 756368
Changes: 
 vlc (1.0.6-1ubuntu1.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted width
 - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
   src/video_output/video_output.c.
 - CVE-2010-3275
 - CVE-2010-3276
   * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
 - debian/patches/CVE-2011-1684.patch: fix buffer overflow in
   modules/demux/mp4/libmp4.c.
 - CVE-2011-1684
Checksums-Sha1: 
 72e1878cb4e756c7f148dcd07ed04424538f6275 4008 vlc_1.0.6-1ubuntu1.6.dsc
 7ad2cc55a4958e1f79e558041ee7749ac60c99fe 75928 vlc_1.0.6-1ubuntu1.6.diff.gz
Checksums-Sha256: 
 f71d9194494d83052976cc07e54933af56d79db8ef82a3e159c16423db061a6e 4008 
vlc_1.0.6-1ubuntu1.6.dsc
 6ad89ace4034080b3f2468a328a004a121ff601547059f303f27d7f39be5d66e 75928 
vlc_1.0.6-1ubuntu1.6.diff.gz
Files: 
 7212880abdbbd19b6fd58ac0ba6b85c6 4008 video optional vlc_1.0.6-1ubuntu1.6.dsc
 28b143aa5072b5f98d9665ffca8af44c 75928 video optional 
vlc_1.0.6-1ubuntu1.6.diff.gz
Original-Maintainer: Debian multimedia packages maintainers 
pkg-multimedia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] kde4libs_4.4.5-0ubuntu1.1_armel_translations.tar.gz, kde4libs, kde4libs_4.4.5-0ubuntu1.1_amd64_translations.tar.gz, kde4libs_4.4.5-0ubuntu1.1_i386_translations.tar.gz, kde4libs

[Ubuntu Installer]

kde4libs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low

  [ Felix Geyer ]
  * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages
- debian/patches/security_02_CVE-2011-1168.diff: upstream patch
- CVE-2011-1168
- LP: #743669

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix certificate verification for certificates issued
against an IP address
- debian/patches/security_03_CVE-2011-1094.diff: based on upstream patch
- CVE-2011-1094

Date: Mon, 11 Apr 2011 10:14:08 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/kde4libs/4:4.4.5-0ubuntu1.1
Format: 1.8
Date: Mon, 11 Apr 2011 10:14:08 -0500
Source: kde4libs
Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs-bin libplasma3 kdelibs5-dbg
Architecture: source
Version: 4:4.4.5-0ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Kubuntu Developers kubuntu-de...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 kdelibs-bin - executables for all KDE 4 core applications
 kdelibs5   - core libraries for all KDE 4 applications
 kdelibs5-data - core shared data for all KDE 4 applications
 kdelibs5-dbg - debugging symbols for the KDE 4 libraries module
 kdelibs5-dev - development files for the KDE 4 core libraries
 libplasma3 - library for the KDE 4 Plasma desktop
Launchpad-Bugs-Fixed: 743669
Changes: 
 kde4libs (4:4.4.5-0ubuntu1.1) lucid-security; urgency=low
 .
   [ Felix Geyer ]
   * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages
 - debian/patches/security_02_CVE-2011-1168.diff: upstream patch
 - CVE-2011-1168
 - LP: #743669
 .
   [ Jamie Strandboge ]
   * SECURITY UPDATE: fix certificate verification for certificates issued
 against an IP address
 - debian/patches/security_03_CVE-2011-1094.diff: based on upstream patch
 - CVE-2011-1094
Checksums-Sha1: 
 eae5215c786f3a27121fcf5b47c935b27308001b 3142 kde4libs_4.4.5-0ubuntu1.1.dsc
 2364157ba1e953a541d92106a0a6e2960ffa7f82 107621 
kde4libs_4.4.5-0ubuntu1.1.diff.gz
Checksums-Sha256: 
 d7a06b7a6d12837dbdf8c0a79bb93a4a3314b9400262ee63a60e9ceadc7ada96 3142 
kde4libs_4.4.5-0ubuntu1.1.dsc
 e2d811e7f7838ad90a2708164b35c7471ff13a7582d7899bd23b2cff20c3d7ff 107621 
kde4libs_4.4.5-0ubuntu1.1.diff.gz
Files: 
 41fe3f44d4c194fbb16f783cb41a796b 3142 libs optional 
kde4libs_4.4.5-0ubuntu1.1.dsc
 4fe005b14eac9ea6b663c963b1297822 107621 libs optional 
kde4libs_4.4.5-0ubuntu1.1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] dhcp3_3.1.3-2ubuntu3.1_amd64_translations.tar.gz, dhcp3, dhcp3_3.1.3-2ubuntu3.1_sparc_translations.tar.gz (delayed), dhcp3_3.1.3-2ubuntu3.1_i386_translations.tar.gz, dhcp3_3.1.

[Ubuntu Installer]

dhcp3 (3.1.3-2ubuntu3.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
  client/dhclient.c, common/options.c.
- CVE-2011-0997

Date: Mon, 11 Apr 2011 08:57:21 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dhcp3/3.1.3-2ubuntu3.1
Format: 1.8
Date: Mon, 11 Apr 2011 08:57:21 -0400
Source: dhcp3
Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client 
dhcp3-client dhcp3-client-udeb dhcp3-relay
Architecture: source
Version: 3.1.3-2ubuntu3.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 dhcp-client - DHCP client transitional package
 dhcp3-client - DHCP client
 dhcp3-client-udeb - DHCP Client for debian-installer (udeb)
 dhcp3-common - common files used by all the dhcp3* packages
 dhcp3-dev  - API for accessing and modifying the DHCP server and client state
 dhcp3-relay - DHCP relay daemon
 dhcp3-server - DHCP server for automatic IP address assignment
 dhcp3-server-ldap - DHCP server able to use LDAP as backend
Changes: 
 dhcp3 (3.1.3-2ubuntu3.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted hostname
 - debian/patches/CVE-2011-0997.dpatch: filter strings in
   client/dhclient.c, common/options.c.
 - CVE-2011-0997
Checksums-Sha1: 
 cdf92c0cd7c6917c3ffaa25d7e68798154118576 1950 dhcp3_3.1.3-2ubuntu3.1.dsc
 00d763d73666a155eab46d8ff9920e9ac4c82a0b 145049 dhcp3_3.1.3-2ubuntu3.1.diff.gz
Checksums-Sha256: 
 080f586996772ee185f75217ece09b140aad291a043656535a4b0f58b51355e6 1950 
dhcp3_3.1.3-2ubuntu3.1.dsc
 0be0e78fa03416c95967cea6d2a954074f31f59a0e4cea98ca284638c0768446 145049 
dhcp3_3.1.3-2ubuntu3.1.diff.gz
Files: 
 6fc0ed0a5f2f2897b25cb127fdf599bb 1950 net important dhcp3_3.1.3-2ubuntu3.1.dsc
 762c8d99c1e8e1245830ff0cfc9c22cf 145049 net important 
dhcp3_3.1.3-2ubuntu3.1.diff.gz
Original-Maintainer: Andrew Pollock apoll...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] mahara_1.2.4-1ubuntu0.2_i386_translations.tar.gz (delayed), mahara 1.2.4-1ubuntu0.2 (Accepted)

[Ubuntu Installer]

mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2011-0439.dpatch: upstream patch
- CVE-2011-0439
- LP: #676336

  * SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
- debian/patches/CVE-2011-0440.dpatch: upstream patch
- CVE-2011-0440

Date: Fri, 18 Mar 2011 15:51:03 +1300
Changed-By: Francois Marier franc...@debian.org
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/mahara/1.2.4-1ubuntu0.2
Format: 1.8
Date: Fri, 18 Mar 2011 15:51:03 +1300
Source: mahara
Binary: mahara mahara-apache2
Architecture: source
Version: 1.2.4-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Francois Marier franc...@debian.org
Description: 
 mahara - Electronic portfolio, weblog, and resume builder
 mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 
config
Launchpad-Bugs-Fixed: 676336
Changes: 
 mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: cross-site scripting vulnerability
 - debian/patches/CVE-2011-0439.dpatch: upstream patch
 - CVE-2011-0439
 - LP: #676336
 .
   * SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
 - debian/patches/CVE-2011-0440.dpatch: upstream patch
 - CVE-2011-0440
Checksums-Sha1: 
 824afc4208f6b2961d80214757743ebc25824d2f 2021 mahara_1.2.4-1ubuntu0.2.dsc
 8c02050fb9d4dbee861a07ebcba23919245b229b 29743 
mahara_1.2.4-1ubuntu0.2.debian.tar.gz
Checksums-Sha256: 
 35f7f033e312619553254796310a6d51acb54844659690b593c6d921ad09971b 2021 
mahara_1.2.4-1ubuntu0.2.dsc
 c974c614cd015784dd9cb7edfff550320cd4034134f8a8e7c7bc7a6b7e673099 29743 
mahara_1.2.4-1ubuntu0.2.debian.tar.gz
Files: 
 25cfec6958e77ae6bac0aba3965bd9e6 2021 web optional mahara_1.2.4-1ubuntu0.2.dsc
 64e885cabfe3511a4146b7b27711662f 29743 web optional 
mahara_1.2.4-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Mahara Packaging Team 
mahara-packag...@lists.launchpad.net
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] ffmpeg-extra, ffmpeg-extra (delayed) 4:0.5.1-1ubuntu1.1 (Accepted)

[Ubuntu Installer]

ffmpeg-extra (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
  libavcodec/flicvideo.c.
- CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
  libavcodec/utils.c.
- CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
  libavcodec/vorbis_dec.c.
- CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
  libavcodec/vorbis_dec.c.
- CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
(LP: #690169)
- debian/patches/CVE-2011-0722.patch: set dimensions in
  libavcodec/rv34.c.
- CVE-2011-0722
  * SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
  libavcodec/vc1dec.c.
- CVE-2011-0723

Date: Wed, 06 Apr 2011 08:38:14 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/ffmpeg-extra/4:0.5.1-1ubuntu1.1
Format: 1.8
Date: Wed, 06 Apr 2011 08:38:14 -0400
Source: ffmpeg-extra
Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 
libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 
libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 
libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 
libswscale-extra-0 libswscale-unstripped-0
Architecture: source
Version: 4:0.5.1-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libavcodec-extra-52 - ffmpeg codec library
 libavcodec-unstripped-52 - ffmpeg utility library - transitional package
 libavdevice-extra-52 - ffmpeg device handling library
 libavdevice-unstripped-52 - ffmpeg utility library - transitional package
 libavfilter-extra-0 - ffmpeg video filtering library
 libavfilter-unstripped-0 - ffmpeg utility library - transitional package
 libavformat-extra-52 - ffmpeg file format library
 libavformat-unstripped-52 - ffmpeg utility library - transitional package
 libavutil-extra-49 - ffmpeg utility library
 libavutil-unstripped-49 - ffmpeg utility library - transitional package
 libpostproc-extra-51 - ffmpeg video postprocessing library
 libpostproc-unstripped-51 - ffmpeg utility library - transitional package
 libswscale-extra-0 - ffmpeg video scaling library
 libswscale-unstripped-0 - ffmpeg utility library - transitional package
Launchpad-Bugs-Fixed: 690169 690169 690169
Changes: 
 ffmpeg-extra (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted flic file
 - debian/patches/CVE-2010-3429.patch: add checks to
   libavcodec/flicvideo.c.
 - CVE-2010-3429
   * SECURITY UPDATE: arbitrary code execution via crafted wmv file
 (LP: #690169)
 - debian/patches/CVE-2010-3908.patch: properly calculate size in
   libavcodec/utils.c.
 - CVE-2010-3908
   * SECURITY UPDATE: denial of service via crafted .ogg file
 - debian/patches/CVE-2010-4704.patch: validate codebook in
   libavcodec/vorbis_dec.c.
 - CVE-2010-4704
   * SECURITY UPDATE: denial of service and possible code execution via
 crafted WebM file
 - debian/patches/CVE-2011-0480.patch: check rangebits in
   libavcodec/vorbis_dec.c.
 - CVE-2011-0480
   * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
 (LP: #690169)
 - debian/patches/CVE-2011-0722.patch: set dimensions in
   libavcodec/rv34.c.
 - CVE-2011-0722
   * SECURITY UPDATE: denial of service and possible code execution via
 crafted VC1 file (LP: #690169)
 - debian/patches/CVE-2011-0723.patch: fix invalid reads in
   libavcodec/vc1dec.c.
 - CVE-2011-0723
Checksums-Sha1: 
 1012038afa6ece0662a926e310715463ba9c32a7 3262 ffmpeg-extra_0.5.1-1ubuntu1.1.dsc
 263155b413913b12e0b42d7259b73d6d4298af7e 65410 
ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 5193c782569762941cee9d03cf2a9fe4271a9cfced6dc7609e4440ed42cbdad9 3262 
ffmpeg-extra_0.5.1-1ubuntu1.1.dsc
 942c7d31a4e0fcd69a81141b399e349a013a5d16d4707c885222e0ef0736acc0 65410 
ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz
Files: 
 224b26d57c2b980ec0b0d379d7b64d70 3262 libs optional 
ffmpeg-extra_0.5.1-1ubuntu1.1.dsc
 797721386d65ff2bce680b34a5b7ec30 65410 libs optional 
ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz
Original-Maintainer: Debian multimedia packages maintainers 

[ubuntu/lucid-security] x11-xserver-utils, x11-xserver-utils (delayed) 7.5+1ubuntu2.1 (Accepted)

[Ubuntu Installer]

x11-xserver-utils (7.5+1ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
- xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
  case.
- 
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
- CVE-2011-0465

Date: Wed, 06 Apr 2011 17:42:55 +0300
Changed-By: Timo Aaltonen tjaal...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/x11-xserver-utils/7.5+1ubuntu2.1
Format: 1.8
Date: Wed, 06 Apr 2011 17:42:55 +0300
Source: x11-xserver-utils
Binary: x11-xserver-utils
Architecture: source
Version: 7.5+1ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Timo Aaltonen tjaal...@ubuntu.com
Description: 
 x11-xserver-utils - X server utilities
Launchpad-Bugs-Fixed: 752315
Changes: 
 x11-xserver-utils (7.5+1ubuntu2.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
 - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
   case.
 - 
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
 - CVE-2011-0465
Checksums-Sha1: 
 5fc5ee2956add0cb83cd35831458959c81c79454 2053 
x11-xserver-utils_7.5+1ubuntu2.1.dsc
 2b89d9834d53641a1e4208f9739f21744d4a6852 2017972 
x11-xserver-utils_7.5+1ubuntu2.1.tar.gz
Checksums-Sha256: 
 4ea45deca62b49e8dfc5793e8bbc6d22712e04978060b92479b5a7535f6408ce 2053 
x11-xserver-utils_7.5+1ubuntu2.1.dsc
 44943230f05c5e2e5128b1d60f3da2646d1c6833018cd6817574adbf4479332d 2017972 
x11-xserver-utils_7.5+1ubuntu2.1.tar.gz
Files: 
 af668fc46b52cbbb8fce94579db91662 2053 x11 optional 
x11-xserver-utils_7.5+1ubuntu2.1.dsc
 d68d1519793de89571ed5c78eae9dd1c 2017972 x11 optional 
x11-xserver-utils_7.5+1ubuntu2.1.tar.gz
Original-Maintainer: Debian X Strike Force debia...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.6 (Accepted)

[Ubuntu Installer]

tiff (3.9.2-2ubuntu0.6) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted
THUNDER_2BITDELTAS data
- debian/patches/CVE-2011-1167.patch: validate bitspersample and
  make sure npixels is sane in libtiff/tif_thunder.c.
- CVE-2011-1167

Date: Wed, 30 Mar 2011 13:04:49 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.6
Format: 1.8
Date: Wed, 30 Mar 2011 13:04:49 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source
Version: 3.9.2-2ubuntu0.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes: 
 tiff (3.9.2-2ubuntu0.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted
 THUNDER_2BITDELTAS data
 - debian/patches/CVE-2011-1167.patch: validate bitspersample and
   make sure npixels is sane in libtiff/tif_thunder.c.
 - CVE-2011-1167
Checksums-Sha1: 
 a6537e3a9dd0a7e92505a8c00ed286c256744ba0 1936 tiff_3.9.2-2ubuntu0.6.dsc
 397332ae98194690dccc195bcdf182605b11dc00 20823 tiff_3.9.2-2ubuntu0.6.diff.gz
Checksums-Sha256: 
 f9031ae3bd2799f3a863fd623afcd81114a35ec4dcb29773e1aaae1279d4e5d0 1936 
tiff_3.9.2-2ubuntu0.6.dsc
 68fda2edeac3240db800b5ffd5a827cc4f849a1f4179ae72c4c7ddf1d67e 20823 
tiff_3.9.2-2ubuntu0.6.diff.gz
Files: 
 34fa3e9a9ff1508dd054357a60c9e208 1936 libs optional tiff_3.9.2-2ubuntu0.6.dsc
 204dd7cc1cf0ba27ec36a461fa11cb0e 20823 libs optional 
tiff_3.9.2-2ubuntu0.6.diff.gz
Original-Maintainer: Jay Berkenbilt q...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] ffmpeg (delayed), ffmpeg 4:0.5.1-1ubuntu1.1 (Accepted)

[Ubuntu Installer]

ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
  libavcodec/flicvideo.c.
- CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
  libavcodec/utils.c.
- CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
  libavcodec/vorbis_dec.c.
- CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
  libavcodec/vorbis_dec.c.
- CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
(LP: #690169)
- debian/patches/CVE-2011-0722.patch: set dimensions in
  libavcodec/rv34.c.
- CVE-2011-0722
  * SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
  libavcodec/vc1dec.c.
- CVE-2011-0723

Date: Thu, 31 Mar 2011 10:59:31 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/ffmpeg/4:0.5.1-1ubuntu1.1
Format: 1.8
Date: Thu, 31 Mar 2011 10:59:31 -0400
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 
libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev 
libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev 
libswscale-dev
Architecture: source
Version: 4:0.5.1-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 ffmpeg - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter0 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Launchpad-Bugs-Fixed: 690169 690169 690169
Changes: 
 ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted flic file
 - debian/patches/CVE-2010-3429.patch: add checks to
   libavcodec/flicvideo.c.
 - CVE-2010-3429
   * SECURITY UPDATE: arbitrary code execution via crafted wmv file
 (LP: #690169)
 - debian/patches/CVE-2010-3908.patch: properly calculate size in
   libavcodec/utils.c.
 - CVE-2010-3908
   * SECURITY UPDATE: denial of service via crafted .ogg file
 - debian/patches/CVE-2010-4704.patch: validate codebook in
   libavcodec/vorbis_dec.c.
 - CVE-2010-4704
   * SECURITY UPDATE: denial of service and possible code execution via
 crafted WebM file
 - debian/patches/CVE-2011-0480.patch: check rangebits in
   libavcodec/vorbis_dec.c.
 - CVE-2011-0480
   * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
 (LP: #690169)
 - debian/patches/CVE-2011-0722.patch: set dimensions in
   libavcodec/rv34.c.
 - CVE-2011-0722
   * SECURITY UPDATE: denial of service and possible code execution via
 crafted VC1 file (LP: #690169)
 - debian/patches/CVE-2011-0723.patch: fix invalid reads in
   libavcodec/vc1dec.c.
 - CVE-2011-0723
Checksums-Sha1: 
 991015734d2355296ea1e379d355fac480e35956 2898 ffmpeg_0.5.1-1ubuntu1.1.dsc
 76c8f9865760cb6b6060382abc430caf0a2878ec 64887 ffmpeg_0.5.1-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 a84fcb8315e51400b6f77172f785c8fc9e714d73ddd4ec46801b5deea2da9fd9 2898 
ffmpeg_0.5.1-1ubuntu1.1.dsc
 9c18bfc4802de6d2f255cf837312fd2866dcdeb0d66029b1b5cf6ed65cfab4ab 64887 
ffmpeg_0.5.1-1ubuntu1.1.diff.gz
Files: 
 586f5b442d012f277d34b862200bd5b9 2898 libs optional ffmpeg_0.5.1-1ubuntu1.1.dsc
 2cdc0301f57878e39ac4cb78594fd4e1 64887 libs optional 
ffmpeg_0.5.1-1ubuntu1.1.diff.gz
Original-Maintainer: Debian multimedia packages maintainers 
pkg-multimedia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tex-common_2.06ubuntu0.1_i386_translations.tar.gz (delayed), tex-common 2.06ubuntu0.1 (Accepted)

[Ubuntu Installer]

tex-common (2.06ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted TeX document
- conf/texmf.d/95NonPath.cnf: disable shell_escape completely as in
  Debian 2.08.1 version.
- CVE-2011-1400

Date: Fri, 01 Apr 2011 10:11:00 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tex-common/2.06ubuntu0.1
Format: 1.8
Date: Fri, 01 Apr 2011 10:11:00 -0400
Source: tex-common
Binary: tex-common
Architecture: source
Version: 2.06ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 tex-common - common infrastructure for building and installing TeX
Changes: 
 tex-common (2.06ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted TeX document
 - conf/texmf.d/95NonPath.cnf: disable shell_escape completely as in
   Debian 2.08.1 version.
 - CVE-2011-1400
Checksums-Sha1: 
 bda52e64a4baee9905ee85213bac46d27138a709 1893 tex-common_2.06ubuntu0.1.dsc
 4cca440ec1e4e2c545e4cdeb50f640517e1497ff 811096 tex-common_2.06ubuntu0.1.tar.gz
Checksums-Sha256: 
 a6229bbc49347a31f5a27e232611552b141e4e3e418fc0ef6ca5a751ec0fde84 1893 
tex-common_2.06ubuntu0.1.dsc
 0c5c51c1ea331e9f8dcd958fecc4bddcf3660c9b99bb22f91fdb2e443f525bd1 811096 
tex-common_2.06ubuntu0.1.tar.gz
Files: 
 fa6f748f9666d6c32f4a14a6165bb431 1893 tex optional tex-common_2.06ubuntu0.1.dsc
 ca09fd481a53c8f90f82ab8b1ee6aaff 811096 tex optional 
tex-common_2.06ubuntu0.1.tar.gz
Original-Maintainer: Debian TeX maintainers debian-tex-ma...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openldap_2.4.21-0ubuntu5.4_powerpc_translations.tar.gz, openldap_2.4.21-0ubuntu5.4_amd64_translations.tar.gz, openldap_2.4.21-0ubuntu5.4_sparc_translations.tar.gz (delayed), op

[Ubuntu Installer]

openldap (2.4.21-0ubuntu5.4) lucid-security; urgency=low

  * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
  * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
backend. Note: Ubuntu is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
  * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081

Date: Wed, 16 Mar 2011 10:15:30 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/openldap/2.4.21-0ubuntu5.4
Format: 1.8
Date: Wed, 16 Mar 2011 10:15:30 -0500
Source: openldap
Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.21-0ubuntu5.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd  - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
Changes: 
 openldap (2.4.21-0ubuntu5.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
 using forwarded authentication failures
 - debian/patches/CVE-2011-1024
 - CVE-2011-1024
   * SECURITY UPDATE: verify password when authenticating to rootdn and using 
ndb
 backend. Note: Ubuntu is not compiled with --enable-ndb by default
 - debian/patches/CVE-2011-1025
 - CVE-2011-1025
   * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
 and requestDN is empty
 - debian/patches/CVE-2011-1081
 - CVE-2011-1081
Checksums-Sha1: 
 efebc4250ebb609f5abb2dfcaf20b2574d691f0a 2604 openldap_2.4.21-0ubuntu5.4.dsc
 9074a56edf63e5dd1a775451291967719d6efdf2 153875 
openldap_2.4.21-0ubuntu5.4.diff.gz
Checksums-Sha256: 
 582ab80623c12e2a740b8efde84848796e39917cfd41fb89ceee13c7214fabaf 2604 
openldap_2.4.21-0ubuntu5.4.dsc
 123147004720aba35f9cbc78f4935a79d8b2da7d6cc3cf49f37f5ea941af0920 153875 
openldap_2.4.21-0ubuntu5.4.diff.gz
Files: 
 aa8c045f1e85f4dbfa69de84707f29eb 2604 net optional 
openldap_2.4.21-0ubuntu5.4.dsc
 3597ced7de4989ba2b7d79dc9be4eab3 153875 net optional 
openldap_2.4.21-0ubuntu5.4.diff.gz
Original-Maintainer: Debian OpenLDAP Maintainers 
pkg-openldap-de...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] gdm_2.30.2.is.2.30.0-0ubuntu5.1_amd64_translations.tar.gz, gdm_2.30.2.is.2.30.0-0ubuntu5.1_ia64_translations.tar.gz, gdm_2.30.2.is.2.30.0-0ubuntu5.1_powerpc_translations.tar.gz

[Ubuntu Installer]

gdm (2.30.2.is.2.30.0-0ubuntu5.1) lucid-security; urgency=low

  * SECURITY UPDATE: race condition allowing privilege escalation
- debian/patches/34_CVE-2011-0727.patch: fix
  daemon/gdm-session-worker.c to copy files as session user rather
  than root followed by a subsequent chown.
- CVE-2011-0727

Date: Mon, 28 Mar 2011 16:24:02 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Sebastien Bacher seb...@ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/gdm/2.30.2.is.2.30.0-0ubuntu5.1
Format: 1.8
Date: Mon, 28 Mar 2011 16:24:02 -0700
Source: gdm
Binary: gdm
Architecture: source
Version: 2.30.2.is.2.30.0-0ubuntu5.1
Distribution: lucid-security
Urgency: low
Maintainer: Sebastien Bacher seb...@ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 gdm- GNOME Display Manager
Changes: 
 gdm (2.30.2.is.2.30.0-0ubuntu5.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: race condition allowing privilege escalation
 - debian/patches/34_CVE-2011-0727.patch: fix
   daemon/gdm-session-worker.c to copy files as session user rather
   than root followed by a subsequent chown.
 - CVE-2011-0727
Checksums-Sha1: 
 13d948b0d1182217f5834eb8b976cfd26e757cd9 2223 
gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc
 870a99322f4b1de693ec59dc8cc2655d73110ace 795064 
gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz
Checksums-Sha256: 
 c1ce09f7176075f23ed277918ff9f7abb119124009d8d09e0ceadf6b6d2575fa 2223 
gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc
 f29bfd71f683d185469b29bc4c7998e3ed996f4e3f7e2047d0bf60e4621348a9 795064 
gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz
Files: 
 ea497892c7cc53f86ea3769c78e75962 2223 gnome optional 
gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc
 e314a75da58ead79bd79cac83730c057 795064 gnome optional 
gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] libvirt, libvirt_0.7.5-5ubuntu27.9_amd64_translations.tar.gz, libvirt_0.7.5-5ubuntu27.9_ia64_translations.tar.gz, libvirt_0.7.5-5ubuntu27.9_i386_translations.tar.gz, libvirt_0.

[Ubuntu Installer]

libvirt (0.7.5-5ubuntu27.9) lucid-security; urgency=low

  * SECURITY UPDATE: debian/patches/9904-CVE-2011-1146.patch: Add missing
checks for read only connections.
- CVE-2011-1146

Date: Tue, 15 Mar 2011 16:21:40 -0500
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu27.9
Format: 1.8
Date: Tue, 15 Mar 2011 16:21:40 -0500
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source
Version: 0.7.5-5ubuntu27.9
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Changes: 
 libvirt (0.7.5-5ubuntu27.9) lucid-security; urgency=low
 .
   * SECURITY UPDATE: debian/patches/9904-CVE-2011-1146.patch: Add missing
 checks for read only connections.
 - CVE-2011-1146
Checksums-Sha1: 
 ee4b44a73cc2f9cb6128ffe76c6b21c81860ac97 2636 libvirt_0.7.5-5ubuntu27.9.dsc
 58d38f509eeb2b2f151817dd1d03e35aeff81c7b 79590 
libvirt_0.7.5-5ubuntu27.9.diff.gz
Checksums-Sha256: 
 9ff3ee3ee4da13e00f56b5436580737297ff5cffb2826271e46209df104b3037 2636 
libvirt_0.7.5-5ubuntu27.9.dsc
 c4327abaa638e39afe9c4da80b03b91a76c2bd31c9b8e4bfc6e7ab0eaa4279de 79590 
libvirt_0.7.5-5ubuntu27.9.diff.gz
Files: 
 a43760f77881a106dc6512c6ffcbbf39 2636 libs optional 
libvirt_0.7.5-5ubuntu27.9.dsc
 dbfee62055eef69166bcbae32943868a 79590 libs optional 
libvirt_0.7.5-5ubuntu27.9.diff.gz
Original-Maintainer: Debian Libvirt Maintainers 
pkg-libvirt-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tomcat6, tomcat6 (delayed) 6.0.24-2ubuntu1.7 (Accepted)

[Ubuntu Installer]

tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low

  * SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/0012-CVE-2010-3718.patch: mark as read only in
  java/org/apache/catalina/core/StandardContext.java.
- CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/0013-CVE-2011-0013.patch: properly filter values in
  java/org/apache/catalina/manager/{HTMLManagerServlet.java,
  StatusTransformer.java}.
- CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
  java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2011-0534

Date: Thu, 24 Mar 2011 11:08:39 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tomcat6/6.0.24-2ubuntu1.7
Format: 1.8
Date: Thu, 24 Mar 2011 11:08:39 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java 
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.24-2ubuntu1.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6- Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Launchpad-Bugs-Fixed: 714239 717396 717396
Changes: 
 tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low
 .
   * SECURITY UPDATE: directory traversal via incorrect ServetContext
 attribute (LP: #717396)
 - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
   java/org/apache/catalina/core/StandardContext.java.
 - CVE-2010-3718
   * SECURITY UPDATE: cross-site scripting in HTML Manager interface
 - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
   java/org/apache/catalina/manager/{HTMLManagerServlet.java,
   StatusTransformer.java}.
 - CVE-2011-0013
   * SECURITY UPDATE: denial of service via NIOS HTTP connector
 (LP: #714239, LP: #717396)
 - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
   java/org/apache/coyote/http11/InternalNioInputBuffer.java.
 - CVE-2011-0534
Checksums-Sha1: 
 f0cca8b7d5db855f55301442e405fdcf187d1868 2405 tomcat6_6.0.24-2ubuntu1.7.dsc
 6f25b68c4d7e63fa2131ff86c09c192e9a146dd8 36286 
tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Checksums-Sha256: 
 c6a6a334f9c8af99e3797cc5d89dece3c39899c0f6164d807966fc6f999e197f 2405 
tomcat6_6.0.24-2ubuntu1.7.dsc
 51ff078ef13c5db431aba7ecf2fb743e71f8f94481bfde811e8443cac8b8d068 36286 
tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Files: 
 6b7d220adbe7cd6be08219e82d9aa455 2405 java optional 
tomcat6_6.0.24-2ubuntu1.7.dsc
 14073ec9f0672f44cc6a32235e81c29d 36286 java optional 
tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Original-Maintainer: Debian Java Maintainers 
pkg-java-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] subversion_1.6.6dfsg-2ubuntu1.2_powerpc_translations.tar.gz, subversion_1.6.6dfsg-2ubuntu1.2_sparc_translations.tar.gz (delayed), subversion, subversion_1.6.6dfsg-2ubuntu1.2_ar

[Ubuntu Installer]

subversion (1.6.6dfsg-2ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via request containing lock token
- debian/patches/CVE-2011-0715.patch: correctly handle locks being
  passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
  subversion/mod_dav_svn/version.c.
- CVE-2011-0715

Date: Mon, 21 Mar 2011 15:10:54 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/subversion/1.6.6dfsg-2ubuntu1.2
Format: 1.8
Date: Mon, 21 Mar 2011 15:10:54 -0400
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn 
python-subversion python-subversion-dbg subversion-tools libsvn-java 
libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source
Version: 1.6.6dfsg-2ubuntu1.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1- Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Changes: 
 subversion (1.6.6dfsg-2ubuntu1.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via request containing lock token
 - debian/patches/CVE-2011-0715.patch: correctly handle locks being
   passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
   subversion/mod_dav_svn/version.c.
 - CVE-2011-0715
Checksums-Sha1: 
 ad41b6c2aef74aa8cd818a4f26dfeadf00e89831 2683 
subversion_1.6.6dfsg-2ubuntu1.2.dsc
 0a204205940ea9cfa5315c69465da08902fd74e5 113531 
subversion_1.6.6dfsg-2ubuntu1.2.diff.gz
Checksums-Sha256: 
 d010435ebeacbededa2112787dfc8ebd36fbf395ae995c2b161b822b0bb5f3c8 2683 
subversion_1.6.6dfsg-2ubuntu1.2.dsc
 1a8f0d18595f60d56419794a1298700690121a95264b19c6dba4d4c2126049d4 113531 
subversion_1.6.6dfsg-2ubuntu1.2.diff.gz
Files: 
 281c7ae768d3494d8ac9566157a12dba 2683 vcs optional 
subversion_1.6.6dfsg-2ubuntu1.2.dsc
 a62b4d1b318ce267790174dabd75b567 113531 vcs optional 
subversion_1.6.6dfsg-2ubuntu1.2.diff.gz
Original-Maintainer: Peter Samuelson pe...@p12n.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] quagga_0.99.15-1ubuntu0.2_ia64_translations.tar.gz, quagga_0.99.15-1ubuntu0.2_amd64_translations.tar.gz, quagga, quagga_0.99.15-1ubuntu0.2_sparc_translations.tar.gz (delayed),

[Ubuntu Installer]

quagga (0.99.15-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed extended communities
- debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
  communities in bgpd/bgp_attr.c.
- CVE-2010-1674
  * SECURITY UPDATE: denial of service via AS_PATHLIMIT
- debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support
  in bgpd/bgp_attr.c.
- CVE-2010-1675

Date: Wed, 23 Mar 2011 14:07:57 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/quagga/0.99.15-1ubuntu0.2
Format: 1.8
Date: Wed, 23 Mar 2011 14:07:57 -0400
Source: quagga
Binary: quagga quagga-doc
Architecture: source
Version: 0.99.15-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 quagga - BGP/OSPF/RIP routing daemon
 quagga-doc - documentation files for quagga
Changes: 
 quagga (0.99.15-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via malformed extended communities
 - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
   communities in bgpd/bgp_attr.c.
 - CVE-2010-1674
   * SECURITY UPDATE: denial of service via AS_PATHLIMIT
 - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support
   in bgpd/bgp_attr.c.
 - CVE-2010-1675
Checksums-Sha1: 
 f19fc4bbd6f8177080719564dbb42945e9bca9b4 2043 quagga_0.99.15-1ubuntu0.2.dsc
 d997c0645a605207fddca7993d2dff3770f9aee7 38186 
quagga_0.99.15-1ubuntu0.2.diff.gz
Checksums-Sha256: 
 51dd746c36da597c540604eea6e2d467957166906c12d3cb403fd95883f8f416 2043 
quagga_0.99.15-1ubuntu0.2.dsc
 67524561176728e82a073ad9e31c8d7d40b6417bf3c2791cb49714d3b2a05d45 38186 
quagga_0.99.15-1ubuntu0.2.diff.gz
Files: 
 2782c599e61e924024bac7c91bf625dc 2043 net optional 
quagga_0.99.15-1ubuntu0.2.dsc
 c160867f187579266c7e9e2530901c46 38186 net optional 
quagga_0.99.15-1ubuntu0.2.diff.gz
Original-Maintainer: Christian Hammers c...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] loggerhead, loggerhead (delayed) 1.17+bzr400-1ubuntu0.1 (Accepted)

[Ubuntu Installer]

loggerhead (1.17+bzr400-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch
contents. (LP: #740142)
- debian/patches/bug-740142.diff: improve escaping of filenames.
- CVE-2011-0728

Date: Thu, 24 Mar 2011 13:39:43 +1100
Changed-By: William Grant william.gr...@canonical.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/loggerhead/1.17+bzr400-1ubuntu0.1
Format: 1.8
Date: Thu, 24 Mar 2011 13:39:43 +1100
Source: loggerhead
Binary: loggerhead
Architecture: source
Version: 1.17+bzr400-1ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: William Grant william.gr...@canonical.com
Description: 
 loggerhead - Web viewer for Bazaar
Launchpad-Bugs-Fixed: 740142
Changes: 
 loggerhead (1.17+bzr400-1ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch
 contents. (LP: #740142)
 - debian/patches/bug-740142.diff: improve escaping of filenames.
 - CVE-2011-0728
Checksums-Sha1: 
 c628096106579f38e0ef61e34300e0f3cca22b12 2148 
loggerhead_1.17+bzr400-1ubuntu0.1.dsc
 80ed4abba053952631c23e02d407b8e873779cf0 6948 
loggerhead_1.17+bzr400-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 ba88fd44ddf3175432296c4b9e843d90ff362967c5b28e7bb45884c1e76f566d 2148 
loggerhead_1.17+bzr400-1ubuntu0.1.dsc
 766f9583ba63c4eac33bb3a597d04915f864c74c798f5d52ddbbba19b16a9546 6948 
loggerhead_1.17+bzr400-1ubuntu0.1.diff.gz
Files: 
 d7dfa3c9f473b14e569dbc7648451d1e 2148 devel optional 
loggerhead_1.17+bzr400-1ubuntu0.1.dsc
 c1175132259d51beea54e3e16992e6c4 6948 devel optional 
loggerhead_1.17+bzr400-1ubuntu0.1.diff.gz
Original-Maintainer: Debian Bazaar Maintainers 
pkg-bazaar-ma...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1_i386_translations.tar.gz (delayed) 1

[Ubuntu Installer]

flashplugin-nonfree (10.2.153.1ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.2.153.1
- debian/config, debian/postinst: Updated sha256sums and path.
- CVE-2011-0609
  * debian/postinst: make wget use the proxy defined for apt and decrease
number of tries to a reasonable amount. (LP: #580523)

Date: Wed, 23 Mar 2011 08:44:00 -0400
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.2.153.1ubuntu0.10.04.1
Format: 1.8
Date: Wed, 23 Mar 2011 08:44:00 -0400
Source: flashplugin-nonfree
Binary: flashplugin-installer flashplugin-nonfree
Architecture: source
Version: 10.2.153.1ubuntu0.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 flashplugin-installer - Adobe Flash Player plugin installer
 flashplugin-nonfree - Adobe Flash Player plugin installer (transitional 
package)
Launchpad-Bugs-Fixed: 580523
Changes: 
 flashplugin-nonfree (10.2.153.1ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: New upstream release 10.2.153.1
 - debian/config, debian/postinst: Updated sha256sums and path.
 - CVE-2011-0609
   * debian/postinst: make wget use the proxy defined for apt and decrease
 number of tries to a reasonable amount. (LP: #580523)
Checksums-Sha1: 
 ca14a4d255885c09e040f23b5b110cf1f9c7f348 1635 
flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.dsc
 1613c4b8efb0faf72579c3b0b5bdb8da022ab7e9 27019 
flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.tar.gz
Checksums-Sha256: 
 4afb55d7e3f5387859b370605532e6be16f9bb8a37d163ea02e6fc3d0cef8e32 1635 
flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.dsc
 fae213d1764fb35cfa5c8f861b52d8a2792a6193babfa51b9ac53000d0ecfcc3 27019 
flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.tar.gz
Files: 
 ef1f01a50b893defecb874c45e6d190d 1635 contrib/web optional 
flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.dsc
 ee8a0d7eeb9b9da0eb895993ec870496 27019 contrib/web optional 
flashplugin-nonfree_10.2.153.1ubuntu0.10.04.1.tar.gz
Original-Maintainer: Bart Martens ba...@knars.be
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] krb5, krb5_1.8.1+dfsg-2ubuntu0.8_ia64_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.8_i386_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.8_amd64_translations.tar.gz, krb5_1.8.1

[Ubuntu Installer]

krb5 (1.8.1+dfsg-2ubuntu0.8) lucid-security; urgency=low

  * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
capability is used.
- src/kdc/do_as_req.c: clear fields on allocation; applied inline,
  thanks to upstream
- CVE-2011-0284
- MITKRB5-SA-2011-003

Date: Mon, 14 Mar 2011 16:01:50 -0700
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.8
Format: 1.8
Date: Mon, 14 Mar 2011 16:01:50 -0700
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev 
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 
libkrb5support0
Architecture: source
Version: 1.8.1+dfsg-2ubuntu0.8
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-4  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Changes: 
 krb5 (1.8.1+dfsg-2ubuntu0.8) lucid-security; urgency=low
 .
   * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
 capability is used.
 - src/kdc/do_as_req.c: clear fields on allocation; applied inline,
   thanks to upstream
 - CVE-2011-0284
 - MITKRB5-SA-2011-003
Checksums-Sha1: 
 4189bf1df050fb506a10544475c4fe1f2bd55cb1 2323 krb5_1.8.1+dfsg-2ubuntu0.8.dsc
 97e94df44293efa34fdfc5fa5a8d3261289d0b59 131516 
krb5_1.8.1+dfsg-2ubuntu0.8.diff.gz
Checksums-Sha256: 
 595f71757c03f77948dbcf934280e8764d5d3262ace825a086892b650dbf29f6 2323 
krb5_1.8.1+dfsg-2ubuntu0.8.dsc
 ebdb7ccad160667982c6947c281889a146d1e86375bfbf9e550218e04a5a0514 131516 
krb5_1.8.1+dfsg-2ubuntu0.8.diff.gz
Files: 
 21539a7799a5d215aec5fd0260aa0ff4 2323 net standard 
krb5_1.8.1+dfsg-2ubuntu0.8.dsc
 e81a5f9896059c8b68791e09cd779f0a 131516 net standard 
krb5_1.8.1+dfsg-2ubuntu0.8.diff.gz
Original-Maintainer: Sam Hartman hartm...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_amd64_translations.tar.gz, kvirc, kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_sparc_translations.tar.gz (delayed), kvirc_4.0.0~svn3900+rc2-1ubuntu0.2

[Ubuntu Installer]

kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
r4693 does not properly handle \ (backslash) characters, which allows
remote authenticated users to execute arbitrary CTCP commands via vectors
involving \r and \40 sequences, a different vulnerability than CVE-2010-2451
and CVE-2010-2452.
- 33_upstream_security_#858.patch
  - Patch based on upstream SVN revision 4693.
- CVE-2010-2785:
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785
- LP: #612682

Date: Sat, 12 Mar 2011 20:00:18 -0600
Changed-By: Nathan Handler nhand...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/kvirc/4:4.0.0~svn3900+rc2-1ubuntu0.2
Format: 1.8
Date: Sat, 12 Mar 2011 20:00:18 -0600
Source: kvirc
Binary: kvirc kvirc-data kvirc-dbg
Architecture: source
Version: 4:4.0.0~svn3900+rc2-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Nathan Handler nhand...@ubuntu.com
Description: 
 kvirc  - KDE-based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dbg  - KVIrc (IRC client) debugging symbols
Launchpad-Bugs-Fixed: 612682
Changes: 
 kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
 r4693 does not properly handle \ (backslash) characters, which allows
 remote authenticated users to execute arbitrary CTCP commands via vectors
 involving \r and \40 sequences, a different vulnerability than 
CVE-2010-2451
 and CVE-2010-2452.
 - 33_upstream_security_#858.patch
   - Patch based on upstream SVN revision 4693.
 - CVE-2010-2785:
   - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785
 - LP: #612682
Checksums-Sha1: 
 8456a1ec33df73af55fdf558d1172b392e07f65f 2315 
kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc
 b44a814a818128c5cbf890176fbfe0b57d8d3dc1 33404 
kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz
Checksums-Sha256: 
 0aba1d65f0da61d4d0406600ae17f9afeaf79a3116dbb1a8c1edd323e13832b7 2315 
kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc
 7c7babb9cd16468c134cb8f0d1d1c1d722e14a7c0e6495a841648326f8ab3ae6 33404 
kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz
Files: 
 1f8ac31839fbeabab63181b41a046dd1 2315 net optional 
kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc
 ac363cfcadd5efb850633c44021546a8 33404 net optional 
kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Debian KDE Extras Team 
pkg-kde-ext...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.5 (Accepted)

[Ubuntu Installer]

tiff (3.9.2-2ubuntu0.5) lucid-security; urgency=low

  * debian/patches/CVE-2011-0192.patch: update for regression in
processing of certain CCITTFAX4 files (LP: #731540).
- http://bugzilla.maptools.org/show_bug.cgi?id=2297

Date: Mon, 14 Mar 2011 10:47:02 -0700
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.5
Format: 1.8
Date: Mon, 14 Mar 2011 10:47:02 -0700
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source
Version: 3.9.2-2ubuntu0.5
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Launchpad-Bugs-Fixed: 731540
Changes: 
 tiff (3.9.2-2ubuntu0.5) lucid-security; urgency=low
 .
   * debian/patches/CVE-2011-0192.patch: update for regression in
 processing of certain CCITTFAX4 files (LP: #731540).
 - http://bugzilla.maptools.org/show_bug.cgi?id=2297
Checksums-Sha1: 
 fd7fd5f99a5ab829e81ca297742aa1fcff68f4d3 1974 tiff_3.9.2-2ubuntu0.5.dsc
 ba4fb2466bdf70faf4f66777c51fef75fded37dc 20142 tiff_3.9.2-2ubuntu0.5.diff.gz
Checksums-Sha256: 
 b7058f94a57d963eac97ce0ecbe424298f40a7d93b1b96e56105254ac43a4556 1974 
tiff_3.9.2-2ubuntu0.5.dsc
 2906bc812cfdefbf75497cde2c6cfd4e6cf23d757fb609eb618c57e0f1afe731 20142 
tiff_3.9.2-2ubuntu0.5.diff.gz
Files: 
 0ab3539d8af96ca2ca23c1d74d79e8c6 1974 libs optional tiff_3.9.2-2ubuntu0.5.dsc
 b939eddaecc09a223f750ddc9ec300a7 20142 libs optional 
tiff_3.9.2-2ubuntu0.5.diff.gz
Original-Maintainer: Jay Berkenbilt q...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.4 (Accepted)

[Ubuntu Installer]

tiff (3.9.2-2ubuntu0.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
(LP: #597246)
- debian/patches/CVE-2010-2482.patch: look for missing strip byte
  counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
- CVE-2010-2482
  * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/CVE-2010-2595.patch: validate values in
  libtiff/tif_color.c.
- CVE-2010-2595
  * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/CVE-2010-2597.patch: properly initialize fields in
  libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
  * SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/CVE-2010-2630.patch: correctly handle order in
  libtiff/tif_dirread.c.
- CVE-2010-2630
  * SECURITY UPDATE: denial of service and possible code execution via
heap corruption in JPEGDecodeRaw
- debian/patches/CVE-2010-3087.patch: check for overflows in
  libtiff/tif_jpeg.c, libtiff/tif_strip.c.
- CVE-2010-3087
  * SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/CVE-2011-0192.patch: check length in
  libtiff/tif_fax3.h.
- CVE-2011-0192

Date: Thu, 03 Mar 2011 13:42:43 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.4
Format: 1.8
Date: Thu, 03 Mar 2011 13:42:43 -0500
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source
Version: 3.9.2-2ubuntu0.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Launchpad-Bugs-Fixed: 593067 597246
Changes: 
 tiff (3.9.2-2ubuntu0.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
 (LP: #597246)
 - debian/patches/CVE-2010-2482.patch: look for missing strip byte
   counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
 - CVE-2010-2482
   * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
 values
 - debian/patches/CVE-2010-2595.patch: validate values in
   libtiff/tif_color.c.
 - CVE-2010-2595
   * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
 - debian/patches/CVE-2010-2597.patch: properly initialize fields in
   libtiff/tif_strip.c.
 - CVE-2010-2597
 - CVE-2010-2598
   * SECURITY UPDATE: denial of service via out-of-order tags
 - debian/patches/CVE-2010-2630.patch: correctly handle order in
   libtiff/tif_dirread.c.
 - CVE-2010-2630
   * SECURITY UPDATE: denial of service and possible code execution via
 heap corruption in JPEGDecodeRaw
 - debian/patches/CVE-2010-3087.patch: check for overflows in
   libtiff/tif_jpeg.c, libtiff/tif_strip.c.
 - CVE-2010-3087
   * SECURITY UPDATE: denial of service and possible code execution via
 buffer overflow in Fax4Decode
 - debian/patches/CVE-2011-0192.patch: check length in
   libtiff/tif_fax3.h.
 - CVE-2011-0192
Checksums-Sha1: 
 0e7321a02c7a302d2173356696750f5a3357bb10 1936 tiff_3.9.2-2ubuntu0.4.dsc
 f61cc52895f07a87fc619265784341a0e99b5576 20063 tiff_3.9.2-2ubuntu0.4.diff.gz
Checksums-Sha256: 
 e9b1677042638660e361ca4d6d98be30761c0aea7c974fd68ebc41f30265a8ca 1936 
tiff_3.9.2-2ubuntu0.4.dsc
 193bc6ba7f87d8407ba1cc2435b208f71d31ed014d45767164b1bab4fb28d3af 20063 
tiff_3.9.2-2ubuntu0.4.diff.gz
Files: 
 47c1d116c4f792f5423dc8f1d3eb54db 1936 libs optional tiff_3.9.2-2ubuntu0.4.dsc
 ad8a0d1f9dfdd079921a554a091f4977 20063 libs optional 
tiff_3.9.2-2ubuntu0.4.diff.gz
Original-Maintainer: Jay Berkenbilt q...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] avahi_0.6.25-1ubuntu6.2_amd64_translations.tar.gz, avahi_0.6.25-1ubuntu6.2_i386_translations.tar.gz, avahi_0.6.25-1ubuntu6.2_sparc_translations.tar.gz (delayed), avahi_0.6.25-1

[Ubuntu Installer]

avahi (0.6.25-1ubuntu6.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via NULL packet
- debian/patches/CVE-2011-1002.patch: still read corrupt packets from
  sockets in avahi-core/socket.c.
- CVE-2011-1002

Date: Fri, 04 Mar 2011 14:11:47 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/avahi/0.6.25-1ubuntu6.2
Format: 1.8
Date: Fri, 04 Mar 2011 14:11:47 -0500
Source: avahi
Binary: avahi-daemon avahi-dnsconfd avahi-autoipd python-avahi avahi-utils 
avahi-discover libavahi-common3 libavahi-common-data libavahi-common-dev 
libavahi-common3-udeb libavahi-core6 libavahi-core-dev libavahi-core6-udeb 
libavahi-client3 libavahi-client-dev libavahi-glib1 libavahi-glib-dev 
libavahi-gobject0 libavahi-gobject-dev libavahi-qt3-1 libavahi-qt3-dev 
libavahi-qt4-1 libavahi-qt4-dev libavahi-compat-howl0 libavahi-compat-howl-dev 
libavahi-compat-libdnssd1 libavahi-compat-libdnssd-dev libavahi-ui0 
libavahi-ui-dev avahi-ui-utils avahi-dbg
Architecture: source
Version: 0.6.25-1ubuntu6.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 avahi-autoipd - Avahi IPv4LL network address configuration daemon
 avahi-daemon - Avahi mDNS/DNS-SD daemon
 avahi-dbg  - Avahi - debugging symbols
 avahi-discover - Service discover user interface for avahi
 avahi-dnsconfd - Avahi DNS configuration tool
 avahi-ui-utils - Avahi GTK+ utilities
 avahi-utils - Avahi browsing, publishing and discovery utilities
 libavahi-client-dev - Development files for the Avahi client library
 libavahi-client3 - Avahi client library
 libavahi-common-data - Avahi common data files
 libavahi-common-dev - Development files for the Avahi common library
 libavahi-common3 - Avahi common library
 libavahi-common3-udeb - Avahi common library (debian-installer) (udeb)
 libavahi-compat-howl-dev - Development headers for the Avahi Howl 
compatibility library
 libavahi-compat-howl0 - Avahi Howl compatibility library
 libavahi-compat-libdnssd-dev - Development headers for the Avahi Apple Bonjour 
compatibility lib
 libavahi-compat-libdnssd1 - Avahi Apple Bonjour compatibility library
 libavahi-core-dev - Development files for Avahi's embeddable mDNS/DNS-SD 
library
 libavahi-core6 - Avahi's embeddable mDNS/DNS-SD library
 libavahi-core6-udeb - Avahi's embeddable mDNS/DNS-SD library 
(debian-installer) (udeb)
 libavahi-glib-dev - Development headers for the Avahi glib integration library
 libavahi-glib1 - Avahi glib integration library
 libavahi-gobject-dev - Development headers for the Avahi GObject library
 libavahi-gobject0 - Avahi GObject library
 libavahi-qt3-1 - Avahi Qt 3 integration library
 libavahi-qt3-dev - Development headers for the Avahi Qt 3 integration library
 libavahi-qt4-1 - Avahi Qt 4 integration library
 libavahi-qt4-dev - Development headers for the Avahi Qt 4 integration library
 libavahi-ui-dev - Development headers for the Avahi GTK+ User interface library
 libavahi-ui0 - Avahi GTK+ User interface library
 python-avahi - Python utility package for Avahi
Changes: 
 avahi (0.6.25-1ubuntu6.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via NULL packet
 - debian/patches/CVE-2011-1002.patch: still read corrupt packets from
   sockets in avahi-core/socket.c.
 - CVE-2011-1002
Checksums-Sha1: 
 84429f79b38c4a8daed1633554e3a0ee9bee5420 3107 avahi_0.6.25-1ubuntu6.2.dsc
 8741a1b3544c46f8582bccd977e3603a48530099 33068 avahi_0.6.25-1ubuntu6.2.diff.gz
Checksums-Sha256: 
 59626da176ac200faaa93baf59c9740cd167498cad1d9bf54bfc2db3bb2c88e6 3107 
avahi_0.6.25-1ubuntu6.2.dsc
 bb8a1f0773b4357a233a1854946e2ec3300430eeaa68b0c65d682ea4dd4c02a5 33068 
avahi_0.6.25-1ubuntu6.2.diff.gz
Files: 
 1a378d0dd872b98b607a0a14679a2117 3107 net optional avahi_0.6.25-1ubuntu6.2.dsc
 1a5fb01b36c4d251405f87de713a4cf8 33068 net optional 
avahi_0.6.25-1ubuntu6.2.diff.gz
Original-Maintainer: Utopia Maintenance Team 
pkg-utopia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] pango1.0, pango1.0 (delayed) 1.28.0-0ubuntu2.2 (Accepted)

[Ubuntu Installer]

pango1.0 (1.28.0-0ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
crafted font file (LP: #696616)
- debian/patches/20_CVE-2011-0020.patch: check for overflow in
  pango/pangoft2-render.c.
- CVE-2011-0020
  * SECURITY UPDATE: denial of service and possible code execution via
unchecked realloc failures
- debian/patches/21_CVE-2011-0064.patch: check for realloc failures in
  pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h.
- CVE-2011-0064

Date: Tue, 01 Mar 2011 10:02:14 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/pango1.0/1.28.0-0ubuntu2.2
Format: 1.8
Date: Tue, 01 Mar 2011 10:02:14 -0500
Source: pango1.0
Binary: libpango1.0-0 libpango1.0-udeb libpango1.0-common libpango1.0-dev 
libpango1.0-0-dbg libpango1.0-doc gir1.0-pango-1.0
Architecture: source
Version: 1.28.0-0ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 gir1.0-pango-1.0 - Layout and rendering of internationalized text
 libpango1.0-0 - Layout and rendering of internationalized text
 libpango1.0-0-dbg - The Pango library and debugging symbols
 libpango1.0-common - Modules and configuration files for the Pango
 libpango1.0-dev - Development files for the Pango
 libpango1.0-doc - Documentation files for the Pango
 libpango1.0-udeb - Layout and rendering of internationalized text - minimal 
runtime (udeb)
Launchpad-Bugs-Fixed: 696616
Changes: 
 pango1.0 (1.28.0-0ubuntu2.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
 crafted font file (LP: #696616)
 - debian/patches/20_CVE-2011-0020.patch: check for overflow in
   pango/pangoft2-render.c.
 - CVE-2011-0020
   * SECURITY UPDATE: denial of service and possible code execution via
 unchecked realloc failures
 - debian/patches/21_CVE-2011-0064.patch: check for realloc failures in
   pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h.
 - CVE-2011-0064
Checksums-Sha1: 
 01f9feff0170e794e1b9e0dabaae3e3ea26f 2444 pango1.0_1.28.0-0ubuntu2.2.dsc
 7e01302084589de427104c48b2e2d8ff359c728e 39118 
pango1.0_1.28.0-0ubuntu2.2.diff.gz
Checksums-Sha256: 
 87aa147f07a080eabe527aa6c769b4a0cf09773f16ea266927a5942e5b469c92 2444 
pango1.0_1.28.0-0ubuntu2.2.dsc
 bc37913e946ba4f8053f01df5c5763a4fc7136fe4ca99ddc46a348e89da7c2b8 39118 
pango1.0_1.28.0-0ubuntu2.2.diff.gz
Files: 
 8e7681561927ec35998140c8ce912fdc 2444 libs optional 
pango1.0_1.28.0-0ubuntu2.2.dsc
 2c09932db5084cbb64cf78d472a6dc18 39118 libs optional 
pango1.0_1.28.0-0ubuntu2.2.diff.gz
Original-Maintainer: Sebastien Bacher seb...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] fuse, fuse (delayed) 2.8.1-1.1ubuntu3.1 (Accepted)

[Ubuntu Installer]

fuse (2.8.1-1.1ubuntu3.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary unprivileged unmount
- debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when
  unmounting in case of a failed mtab update in util/fusermount.c.
- debian/patches/CVE-2011-0542.dpatch: chdir to / before performing
  mount/umount in util/fusermount.c.
- debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux
  support so symlinks don't get followed upon fallback in
  lib/mount_util.c, util/fusermount.c.
- CVE-2011-0541
- CVE-2011-0542
- CVE-2011-0543

Date: Fri, 11 Feb 2011 13:41:20 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/fuse/2.8.1-1.1ubuntu3.1
Format: 1.8
Date: Fri, 11 Feb 2011 13:41:20 -0500
Source: fuse
Binary: fuse-utils libfuse-dev libfuse2 fuse-utils-udeb libfuse2-udeb
Architecture: source
Version: 2.8.1-1.1ubuntu3.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 fuse-utils - Filesystem in USErspace (utilities)
 fuse-utils-udeb - Filesystem in USErspace (utilities) (udeb)
 libfuse-dev - Filesystem in USErspace (development files)
 libfuse2   - Filesystem in USErspace library
 libfuse2-udeb - Filesystem in USErspace library (udeb)
Changes: 
 fuse (2.8.1-1.1ubuntu3.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary unprivileged unmount
 - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when
   unmounting in case of a failed mtab update in util/fusermount.c.
 - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing
   mount/umount in util/fusermount.c.
 - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux
   support so symlinks don't get followed upon fallback in
   lib/mount_util.c, util/fusermount.c.
 - CVE-2011-0541
 - CVE-2011-0542
 - CVE-2011-0543
Checksums-Sha1: 
 e367a2e0bc6aa6af666cd6999621ead3977b170a 1996 fuse_2.8.1-1.1ubuntu3.1.dsc
 c1709b9ff7eb87167e4d734d4470a9f428098de0 27383 fuse_2.8.1-1.1ubuntu3.1.diff.gz
Checksums-Sha256: 
 766185e986ddc72f837a12bdebdb3ea908874c731d51e4d7d288b58c2aa1919f 1996 
fuse_2.8.1-1.1ubuntu3.1.dsc
 386a09daf7c3f62da66e6335fc965129964ef6a3caa8d51f93084b5a0e38ec52 27383 
fuse_2.8.1-1.1ubuntu3.1.diff.gz
Files: 
 011e99d872ef8aa01bfd5aa53e2f348c 1996 libs optional fuse_2.8.1-1.1ubuntu3.1.dsc
 0d3a2d5c7858db66234aec282f7176d0 27383 libs optional 
fuse_2.8.1-1.1ubuntu3.1.diff.gz
Original-Maintainer: Bartosz Fenski fe...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] clamav_0.96.5+dfsg-1ubuntu1.10.04.2_amd64_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.2_powerpc_translations.tar.gz, clamav, clamav_0.96.5+dfsg-1ubuntu1.10.04.2_ia64

[Ubuntu Installer]

clamav (0.96.5+dfsg-1ubuntu1.10.04.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via double free in vba processing
- libclamav/vba_extract.c: set buf to NULL when it gets freed.
- 
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
- CVE-2011-1003

Date: Wed, 23 Feb 2011 14:31:05 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.2
Format: 1.8
Date: Wed, 23 Feb 2011 14:31:05 -0500
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source
Version: 0.96.5+dfsg-1ubuntu1.10.04.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 clamav - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Changes: 
 clamav (0.96.5+dfsg-1ubuntu1.10.04.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via double free in vba processing
 - libclamav/vba_extract.c: set buf to NULL when it gets freed.
 - 
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
 - CVE-2011-1003
Checksums-Sha1: 
 e82437d82167925733597689b65e3d8beae31d10 2316 
clamav_0.96.5+dfsg-1ubuntu1.10.04.2.dsc
 5c788b07ccfe65b25ca7ba3ee810e9718af22e96 284840 
clamav_0.96.5+dfsg-1ubuntu1.10.04.2.diff.gz
Checksums-Sha256: 
 cff9afa76d13592e26825731b101b0e5f858f90824e448b286401b8f4703c8ab 2316 
clamav_0.96.5+dfsg-1ubuntu1.10.04.2.dsc
 17077b7c62568e5235796ccf3ac31c74952d1ce721e0706d9a9d8f75026b2988 284840 
clamav_0.96.5+dfsg-1ubuntu1.10.04.2.diff.gz
Files: 
 84d432b7b885c83125985604f64b0f0b 2316 utils optional 
clamav_0.96.5+dfsg-1ubuntu1.10.04.2.dsc
 42781ef7dd2292f9c5ecd09d17d7c33a 284840 utils optional 
clamav_0.96.5+dfsg-1ubuntu1.10.04.2.diff.gz
Original-Maintainer: ClamAV Team pkg-clamav-de...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] samba_3.4.7~dfsg-1ubuntu3.4_ia64_translations.tar.gz, samba, samba_3.4.7~dfsg-1ubuntu3.4_armel_translations.tar.gz, samba_3.4.7~dfsg-1ubuntu3.4_amd64_translations.tar.gz, samba

[Ubuntu Installer]

samba (2:3.4.7~dfsg-1ubuntu3.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via missing range checks on file
descriptors
- debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
  file descriptors.
- CVE-2011-0719

Date: Wed, 23 Feb 2011 13:19:19 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/samba/2:3.4.7~dfsg-1ubuntu3.4
Format: 1.8
Date: Wed, 23 Feb 2011 13:19:19 -0500
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat 
samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev 
winbind samba-dbg libwbclient0
Architecture: source
Version: 2:3.4.7~dfsg-1ubuntu3.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libpam-smbpass - pluggable authentication module for Samba
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient0 - Samba winbind client library
 samba  - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - common files used by both the Samba server and client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation in PDF format
 samba-tools - Samba testing utilities
 smbclient  - command-line SMB/CIFS clients for Unix
 smbfs  - Samba file system utilities
 swat   - Samba Web Administration Tool
 winbind- Samba nameservice integration server
Changes: 
 samba (2:3.4.7~dfsg-1ubuntu3.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via missing range checks on file
 descriptors
 - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
   file descriptors.
 - CVE-2011-0719
Checksums-Sha1: 
 97af72f6a7300a4d89c11ee8cad70b8978a5a163 2909 samba_3.4.7~dfsg-1ubuntu3.4.dsc
 5330d3ac2a09b34e84c85c358a981e3a4a4a6fcb 498929 
samba_3.4.7~dfsg-1ubuntu3.4.debian.tar.gz
Checksums-Sha256: 
 6d09db7e1fff7ca2330ce00faa934611126f7bd70997dd9f345a70b29ebcaa5b 2909 
samba_3.4.7~dfsg-1ubuntu3.4.dsc
 5013c2d2b482f5c00c9c629a678a8e1e5d7f08478d6f7e23176f6d3afcb14f91 498929 
samba_3.4.7~dfsg-1ubuntu3.4.debian.tar.gz
Files: 
 1336631c05b66ac6fae3a45a188f6a76 2909 net optional 
samba_3.4.7~dfsg-1ubuntu3.4.dsc
 d20ae93204d9806b721d5caaae5adf9c 498929 net optional 
samba_3.4.7~dfsg-1ubuntu3.4.debian.tar.gz
Original-Maintainer: Debian Samba Maintainers 
pkg-samba-ma...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] logwatch, logwatch (delayed) 7.3.6.cvs20090906-1ubuntu2.1 (Accepted)

[Ubuntu Installer]

logwatch (7.3.6.cvs20090906-1ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: privileged code execution via badly named logfiles
- scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
  names don't contain '.
- 
http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revisionrevision=26
- CVE-2011-1018

Date: Sat, 26 Feb 2011 01:10:16 -0800
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/logwatch/7.3.6.cvs20090906-1ubuntu2.1
Format: 1.8
Date: Sat, 26 Feb 2011 01:10:16 -0800
Source: logwatch
Binary: logwatch
Architecture: source
Version: 7.3.6.cvs20090906-1ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 logwatch   - log analyser with nice output written in Perl
Changes: 
 logwatch (7.3.6.cvs20090906-1ubuntu2.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: privileged code execution via badly named logfiles
 - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
   names don't contain '.
 - 
http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revisionrevision=26
 - CVE-2011-1018
Checksums-Sha1: 
 952a58720b9a7416de757f41959426b4b6e762ba 1932 
logwatch_7.3.6.cvs20090906-1ubuntu2.1.dsc
 f5f55833f31b90e8d1639bdf310c37b724d55786 87803 
logwatch_7.3.6.cvs20090906-1ubuntu2.1.diff.gz
Checksums-Sha256: 
 3151b976869dab78f8912f22db5971d17f8d2807f5df638a0a6b758ea01ae668 1932 
logwatch_7.3.6.cvs20090906-1ubuntu2.1.dsc
 14db7604bd1153f3b3fe245265916d26cb22b1b9f39df5ecec84414f1edc5b50 87803 
logwatch_7.3.6.cvs20090906-1ubuntu2.1.diff.gz
Files: 
 d87291a904f97e6c13dc15f0c996eeb4 1932 admin optional 
logwatch_7.3.6.cvs20090906-1ubuntu2.1.dsc
 0bba6a4701307c1abb9fea16c15c11fd 87803 admin optional 
logwatch_7.3.6.cvs20090906-1ubuntu2.1.diff.gz
Original-Maintainer: Willi Mann wi...@wm1.at
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.7-0ubuntu1~10.04.1 (Accepted)

[Ubuntu Installer]

openjdk-6 (6b20-1.9.7-0ubuntu1~10.04.1) lucid-security; urgency=low

  * IcedTea6 1.9.7 release.
- SECURITY UPDATE:
  + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
  + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
  + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
  + S6994263, CVE-2010-4472: Untrusted code allowed to replace
DSIG/C14N implementation
  + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
  + S6983554, CVE-2010-4450: Launcher incorrect processing of
empty library path entries
  + S6985453, CVE-2010-4471: Java2D font-related system property leak
  + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
  + RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes
  + RH676659: Pass -export-dynamic flag to linker using -Wl,
as option in gcc 4.6+ is broken
  + G344659: Fix issue when building on SPARC
  + Fix latent JAXP bug caused by missing import
  * dropped patch due to different fix applied upstream:
- debian/patches/hotspot-sparc-fix.diff
  * debian/patches/hotspot-fix_added_define.patch: added to fix
redefinition added by patch for S6878713
  * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
zerovm instead to compensate for
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631

Date: Wed, 23 Feb 2011 10:01:27 -0800
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: OpenJDK Team open...@lists.launchpad.net
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.7-0ubuntu1~10.04.1
Format: 1.8
Date: Wed, 23 Feb 2011 10:01:27 -0800
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib 
openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin 
icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.7-0ubuntu1~10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: OpenJDK Team open...@lists.launchpad.net
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute 
Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b20-1.9.7-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * IcedTea6 1.9.7 release.
 - SECURITY UPDATE:
   + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
   + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
   + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
   + S6994263, CVE-2010-4472: Untrusted code allowed to replace
 DSIG/C14N implementation
   + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
   + S6983554, CVE-2010-4450: Launcher incorrect processing of
 empty library path entries
   + S6985453, CVE-2010-4471: Java2D font-related system property leak
   + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
   + RH677332, CVE-2011-0706: Multiple signers privilege escalation
 - Bug fixes
   + RH676659: Pass -export-dynamic flag to linker using -Wl,
 as option in gcc 4.6+ is broken
   + G344659: Fix issue when building on SPARC
   + Fix latent JAXP bug caused by missing import
   * dropped patch due to different fix applied upstream:
 - debian/patches/hotspot-sparc-fix.diff
   * debian/patches/hotspot-fix_added_define.patch: added to fix
 redefinition added by patch for S6878713
   * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
 zerovm instead to compensate for
 http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631
Checksums-Sha1: 
 21c1b0b70fe764f0c85fb7021413f7074dd67047 3077 
openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc
 150395cb29650662384afe0dab4fc16d7ed4c44d 73265927 
openjdk-6_6b20-1.9.7.orig.tar.gz
 e5d4f1c125efbac9100399182410fe5001ee5ba5 131924 
openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz
Checksums-Sha256: 
 faf01e612743f8b1e7981e5f4582402e83e87adf1ad8ce21bd3d32b3cb73d858 3077 
openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc
 fb7e696f7b8019c2a8ac78b4823bb4c91efa62ddde9ff9ed799e62b886d79785 73265927 
openjdk-6_6b20-1.9.7.orig.tar.gz
 908dfa45e2ffe676151acc192673663e2f293bc2287fe34fd1040ce34e6b99af 131924 
openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz

[ubuntu/lucid-security] mailman_2.1.13-1ubuntu0.2_sparc_translations.tar.gz (delayed), mailman_2.1.13-1ubuntu0.2_armel_translations.tar.gz, mailman, mailman_2.1.13-1ubuntu0.2_i386_translations.tar.gz,

[Ubuntu Installer]

mailman (1:2.1.13-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
- debian/patches/80_CVE-2011-0707.patch: properly clean strings in
  Mailman/Cgi/confirm.py.
- CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
information and description fields
- debian/patches/81_CVE-2010-3089.patch: properly clean strings in
  Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
- CVE-2010-3089

Date: Thu, 17 Feb 2011 10:02:48 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/mailman/1:2.1.13-1ubuntu0.2
Format: 1.8
Date: Thu, 17 Feb 2011 10:02:48 -0500
Source: mailman
Binary: mailman
Architecture: source
Version: 1:2.1.13-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 mailman- Powerful, web-based mailing list manager
Changes: 
 mailman (1:2.1.13-1ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
 - debian/patches/80_CVE-2011-0707.patch: properly clean strings in
   Mailman/Cgi/confirm.py.
 - CVE-2011-0707
   * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
 information and description fields
 - debian/patches/81_CVE-2010-3089.patch: properly clean strings in
   Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
 - CVE-2010-3089
Checksums-Sha1: 
 8b0f21f2573dd0c010b3d498f3ca081391897f09 2078 mailman_2.1.13-1ubuntu0.2.dsc
 64576a4483321a6452c4d3c689b53a4e508317b1 134303 
mailman_2.1.13-1ubuntu0.2.diff.gz
Checksums-Sha256: 
 96ba9640cfe0197202299c6fd9f2ae72d7d3dfc662aa6281e9da356d0255015d 2078 
mailman_2.1.13-1ubuntu0.2.dsc
 c0a4d38e3f1ae7ffd2c86163cf222508181a6e1052fee7b96e1ca09525d78b66 134303 
mailman_2.1.13-1ubuntu0.2.diff.gz
Files: 
 c330e0f5c5ca37e2fc3d7dfdaf9da0d2 2078 mail optional 
mailman_2.1.13-1ubuntu0.2.dsc
 2229842594cc9fc00db4f0633316abfc 134303 mail optional 
mailman_2.1.13-1ubuntu0.2.diff.gz
Original-Maintainer: Mailman for Debian 
pkg-mailman-hack...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] cgiirc, cgiirc (delayed) 0.5.9-3squeeze1build0.10.04.1 (Accepted)

[Ubuntu Installer]

cgiirc (0.5.9-3squeeze1build0.10.04.1) lucid-security; urgency=low

  * fake sync from Debian

cgiirc (0.5.9-3squeeze1) stable-security; urgency=high

  * Non-maintainer upload by The Security Team.
  * Fixed XSS flaw in handling clients who have Javascript disabled.
[CVE-2011-0050]

Date: Fri, 18 Feb 2011 12:42:49 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Damián Viano d...@debian.org
https://launchpad.net/ubuntu/lucid/+source/cgiirc/0.5.9-3squeeze1build0.10.04.1
Format: 1.8
Date: Fri, 18 Feb 2011 12:42:49 -0600
Source: cgiirc
Binary: cgiirc
Architecture: source
Version: 0.5.9-3squeeze1build0.10.04.1
Distribution: lucid-security
Urgency: high
Maintainer: Damián Viano d...@debian.org
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 cgiirc - web based irc client
Changes: 
 cgiirc (0.5.9-3squeeze1build0.10.04.1) lucid-security; urgency=low
 .
   * fake sync from Debian
 .
 cgiirc (0.5.9-3squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by The Security Team.
   * Fixed XSS flaw in handling clients who have Javascript disabled.
 [CVE-2011-0050]
Checksums-Sha1: 
 5e97895cd447c2d102d9fc41c0f9b97605164ae8 1671 
cgiirc_0.5.9-3squeeze1build0.10.04.1.dsc
 764800b5084b9fc909ca6268849af99ab378dac7 6404 
cgiirc_0.5.9-3squeeze1build0.10.04.1.diff.gz
Checksums-Sha256: 
 899f23dc0de39af4ba093d9c2ff5eef9349bea921177bf278c82f908c7d2e32f 1671 
cgiirc_0.5.9-3squeeze1build0.10.04.1.dsc
 f978c1a8545ac1c3ff56a637769d3d186111c3bdb0bcf2bfdede739708ee38e0 6404 
cgiirc_0.5.9-3squeeze1build0.10.04.1.diff.gz
Files: 
 2ca63f467df0f8837045a09b79f6bd9a 1671 net extra 
cgiirc_0.5.9-3squeeze1build0.10.04.1.dsc
 3ece07f4df51d98ebac83ce731c7d31f 6404 net extra 
cgiirc_0.5.9-3squeeze1build0.10.04.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] python-django_1.1.1-2ubuntu1.3_i386_translations.tar.gz (delayed), python-django 1.1.1-2ubuntu1.3 (Accepted)

[Ubuntu Installer]

python-django (1.1.1-2ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/10_CVE-2011-0696.diff: apply full CSRF validation to all
  requests, regardless of apparent AJAX origin. This is technically
  backwards-incompatible, but the security risks have been judged to
  outweigh the compatibility concerns in this case. See the Django project
  notes for more information:
  http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
  * SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/11_CVE-2011-0697.diff: properly escape URL in
  django/contrib/admin/widgets.py
- CVE-2011-0697

Date: Tue, 15 Feb 2011 17:11:08 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.3
Format: 1.8
Date: Tue, 15 Feb 2011 17:11:08 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-2ubuntu1.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Launchpad-Bugs-Fixed: 719031
Changes: 
 python-django (1.1.1-2ubuntu1.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
 - debian/patches/10_CVE-2011-0696.diff: apply full CSRF validation to all
   requests, regardless of apparent AJAX origin. This is technically
   backwards-incompatible, but the security risks have been judged to
   outweigh the compatibility concerns in this case. See the Django project
   notes for more information:
   http://www.djangoproject.com/weblog/2011/feb/08/security/
 - CVE-2011-0696
   * SECURITY UPDATE: potential XSS in file field rendering
 - debian/patches/11_CVE-2011-0697.diff: properly escape URL in
   django/contrib/admin/widgets.py
 - CVE-2011-0697
Checksums-Sha1: 
 d28769717e144aec693d1e59248cdcfb400aca19 2215 
python-django_1.1.1-2ubuntu1.3.dsc
 bfde784bbb42c5374a25d435e4952b3f5003656b 46514 
python-django_1.1.1-2ubuntu1.3.diff.gz
Checksums-Sha256: 
 3a6ea8212c42fd083056b58f456af04eaf067044798aa1fa815498a2650aefed 2215 
python-django_1.1.1-2ubuntu1.3.dsc
 b818178155392f59b785cdaea185c109d4b0bdaa13525b533790819a826ee260 46514 
python-django_1.1.1-2ubuntu1.3.diff.gz
Files: 
 4de71582b629ed7c3fe5c3334e1d98aa 2215 python optional 
python-django_1.1.1-2ubuntu1.3.dsc
 cdf31c55963b3a900c532a56ad14ba54 46514 python optional 
python-django_1.1.1-2ubuntu1.3.diff.gz
Original-Maintainer: Chris Lamb la...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] telepathy-gabble, telepathy-gabble (delayed) 0.8.12-0ubuntu1.1 (Accepted)

[Ubuntu Installer]

telepathy-gabble (0.8.12-0ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: don't process google:jingleinfo updates from contacts
- debian/patches/0001-ignore-google-jingleinfo-from-contacts.patch: don't
  accept jingleinfo except from self or server
- CVE-2011-

Date: Tue, 15 Feb 2011 12:53:17 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/telepathy-gabble/0.8.12-0ubuntu1.1
Format: 1.8
Date: Tue, 15 Feb 2011 12:53:17 -0600
Source: telepathy-gabble
Binary: telepathy-gabble telepathy-gabble-dbg
Architecture: source
Version: 0.8.12-0ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 telepathy-gabble - Jabber/XMPP connection manager
 telepathy-gabble-dbg - Jabber/XMPP connection manager (debug symbols)
Changes: 
 telepathy-gabble (0.8.12-0ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: don't process google:jingleinfo updates from contacts
 - debian/patches/0001-ignore-google-jingleinfo-from-contacts.patch: don't
   accept jingleinfo except from self or server
 - CVE-2011-
Checksums-Sha1: 
 a0e05d1a46636e27fab2e4a167e8727173df17b5 2580 
telepathy-gabble_0.8.12-0ubuntu1.1.dsc
 deb3111d1371a492cbf2674fd37f9d568486b79b 10969 
telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz
Checksums-Sha256: 
 499e42200c4f823add2717108e40b6fb7b94d5fcdbcb348351384fc780022262 2580 
telepathy-gabble_0.8.12-0ubuntu1.1.dsc
 9f138af7701371df6c75d129d49c61a21b47c342e93c5343f96b30ae66711dce 10969 
telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz
Files: 
 7b16f1de82f1577bf264330c17d164a2 2580 net optional 
telepathy-gabble_0.8.12-0ubuntu1.1.dsc
 bced372df48c20f3c8f19a61c5511057 10969 net optional 
telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz
Original-Maintainer: Debian Telepathy maintainers 
pkg-telepathy-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] vlc_1.0.6-1ubuntu1.5_armel_translations.tar.gz, vlc_1.0.6-1ubuntu1.5_sparc_translations.tar.gz (delayed), vlc, vlc_1.0.6-1ubuntu1.5_i386_translations.tar.gz, vlc_1.0.6-1ubuntu1

[Ubuntu Installer]

vlc (1.0.6-1ubuntu1.5) lucid-security; urgency=low

  * SECURITY UPDATE: memory corruption, code execution (LP: #714089)
- debian/patches/mkv-input-validation.diff: Fix MKV improper input
  validation, thanks to Steve Lhomme
- CVE-2011-0531
- VideoLAN-SA-1102

Date: Thu, 10 Feb 2011 00:00:19 +0100
Changed-By: Benjamin Drung bdr...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.5
Format: 1.8
Date: Thu, 10 Feb 2011 00:00:19 +0100
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev 
vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib 
vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data
Architecture: source
Version: 1.0.6-1ubuntu1.5
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Benjamin Drung bdr...@ubuntu.com
Description: 
 libvlc-dev - development files for libvlc
 libvlc2- multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore2 - base library for VLC and its modules
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc- multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg- debugging symbols for vlc
 vlc-nox- multimedia player and streamer (without X support)
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Launchpad-Bugs-Fixed: 714089
Changes: 
 vlc (1.0.6-1ubuntu1.5) lucid-security; urgency=low
 .
   * SECURITY UPDATE: memory corruption, code execution (LP: #714089)
 - debian/patches/mkv-input-validation.diff: Fix MKV improper input
   validation, thanks to Steve Lhomme
 - CVE-2011-0531
 - VideoLAN-SA-1102
Checksums-Sha1: 
 80013a8e14d08bb44c7c33de001297d5c00f343a 4008 vlc_1.0.6-1ubuntu1.5.dsc
 bdb375d09716cf924fb28029d66d0054e9f7b3cf 76268 vlc_1.0.6-1ubuntu1.5.diff.gz
Checksums-Sha256: 
 b04aee890313774c49035a13a3fde4f15d3edb95d4ea758e11b39de7af364d51 4008 
vlc_1.0.6-1ubuntu1.5.dsc
 7793ccf294cd182d8414fc923c43d65e232c05c3b3600ad53c70f4adabd94108 76268 
vlc_1.0.6-1ubuntu1.5.diff.gz
Files: 
 b75dc6bc0787e6779bc53bb498a57b37 4008 video optional vlc_1.0.6-1ubuntu1.5.dsc
 3cf9d0395e67af38ca2f0d777beb7b2f 76268 video optional 
vlc_1.0.6-1ubuntu1.5.diff.gz
Original-Maintainer: Debian multimedia packages maintainers 
pkg-multimedia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openssl_0.9.8k-7ubuntu8.6_i386_translations.tar.gz, openssl_0.9.8k-7ubuntu8.6_ia64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.6_powerpc_translations.tar.gz, openssl_0.9.8k-7u

[Ubuntu Installer]

openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low

  * SECURITY UPDATE: OCSP stapling vulnerability
- debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch:
  stricter parsing of ClientHello message in ssl/t1_lib.c
- CVE-2011-0014
  * Forward TLS version interop patch
- debian/patches/openssl-forward-interop.patch
- Handle TLS versions 2.0 and later properly and correctly use
  the highest version of TLS/SSL supported. Although TLS =
  2.0 is some way off ancient servers have a habit of sticking
  around for a while...
  [Steve Henson]

Date: Wed, 09 Feb 2011 16:47:44 -0800
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.6
Format: 1.8
Date: Wed, 09 Feb 2011 16:47:44 -0800
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb 
libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8k-7ubuntu8.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: OCSP stapling vulnerability
 - debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch:
   stricter parsing of ClientHello message in ssl/t1_lib.c
 - CVE-2011-0014
   * Forward TLS version interop patch
 - debian/patches/openssl-forward-interop.patch
 - Handle TLS versions 2.0 and later properly and correctly use
   the highest version of TLS/SSL supported. Although TLS =
   2.0 is some way off ancient servers have a habit of sticking
   around for a while...
   [Steve Henson]
Checksums-Sha1: 
 b3f064b99416d789caad144ee7dc2dd5d4922be6 2097 openssl_0.9.8k-7ubuntu8.6.dsc
 eeaf5f86572724dc772fca5c2623bdf451b991b6 113947 
openssl_0.9.8k-7ubuntu8.6.diff.gz
Checksums-Sha256: 
 3fef69b76674107664f0c74a95c073ecb44952caecaf853c3a01c5c7cfda38bc 2097 
openssl_0.9.8k-7ubuntu8.6.dsc
 7ab4b64668265ee6814278ac176c39117a6f10cfcf9dfa57f6ce82568ac2f247 113947 
openssl_0.9.8k-7ubuntu8.6.diff.gz
Files: 
 a9aee866b987128cbb53018bb4c3e076 2097 utils optional 
openssl_0.9.8k-7ubuntu8.6.dsc
 666d4d39c8d15495574b3e8cde84d14b 113947 utils optional 
openssl_0.9.8k-7ubuntu8.6.diff.gz
Original-Maintainer: Debian OpenSSL Team 
pkg-openssl-de...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] shadow_4.1.4.2-1ubuntu2.2_ia64_translations.tar.gz, shadow_4.1.4.2-1ubuntu2.2_powerpc_translations.tar.gz, shadow_4.1.4.2-1ubuntu2.2_armel_translations.tar.gz, shadow, shadow_4

[Ubuntu Installer]

shadow (1:4.1.4.2-1ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
- debian/patches/900_locale_env_sanity: actually set locale environment
  variables correctly.
- debian/patches/901_reject_newline: reject newlines in GECOS updates.
- CVE-2011-0721

Date: Mon, 14 Feb 2011 13:42:29 -0800
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/shadow/1:4.1.4.2-1ubuntu2.2
Format: 1.8
Date: Mon, 14 Feb 2011 13:42:29 -0800
Source: shadow
Binary: passwd login
Architecture: source
Version: 1:4.1.4.2-1ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 login  - system login tools
 passwd - change and administer password and group data
Changes: 
 shadow (1:4.1.4.2-1ubuntu2.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
 - debian/patches/900_locale_env_sanity: actually set locale environment
   variables correctly.
 - debian/patches/901_reject_newline: reject newlines in GECOS updates.
 - CVE-2011-0721
Checksums-Sha1: 
 1af3b20eefc88f7da16fb0352f6953dba6afe017 2349 shadow_4.1.4.2-1ubuntu2.2.dsc
 a1c055a13f53258ab0824b2f409d987de19ed0f4 81829 
shadow_4.1.4.2-1ubuntu2.2.diff.gz
Checksums-Sha256: 
 1c048b0302159dad7dbd10e54092f69d215a713740cdd668a03290e41cf6cdc6 2349 
shadow_4.1.4.2-1ubuntu2.2.dsc
 28bcb02df69b2f015e0f9b7ac60f07ef44b3468e389e85ffb380b09558fbe097 81829 
shadow_4.1.4.2-1ubuntu2.2.diff.gz
Files: 
 788910a4c21d47240c4540f597c3fd72 2349 admin required 
shadow_4.1.4.2-1ubuntu2.2.dsc
 877012c903d9fdcce5d77f017f2f0584 81829 admin required 
shadow_4.1.4.2-1ubuntu2.2.diff.gz
Original-Maintainer: Shadow package maintainers 
pkg-shadow-de...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] qemu-kvm, qemu-kvm (delayed) 0.12.3+noroms-0ubuntu9.4 (Accepted)

[Ubuntu Installer]

qemu-kvm (0.12.3+noroms-0ubuntu9.4) lucid-security; urgency=low

  * SECURITY UPDATE: Setting VNC password to empty string silently
disables all authentication (LP: #697197)
- debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the
  change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson.
- CVE-2011-0011

Date: Fri, 11 Feb 2011 09:57:30 -0600
Changed-By: Dustin Kirkland kirkl...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.4
Format: 1.8
Date: Fri, 11 Feb 2011 09:57:30 -0600
Source: qemu-kvm
Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static 
qemu-arm-static kvm qemu
Architecture: source
Version: 0.12.3+noroms-0ubuntu9.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Dustin Kirkland kirkl...@ubuntu.com
Description: 
 kvm- dummy transitional pacakge from kvm to qemu-kvm
 qemu   - dummy transitional pacakge from qemu to qemu-kvm
 qemu-arm-static - dummy transitional package for qemu-kvm-extras-static
 qemu-common - qemu common functionality (bios, documentation, etc)
 qemu-kvm   - Full virtualization on i386 and amd64 hardware
 qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures
 qemu-kvm-extras-static - static QEMU user mode emulation binaries
Launchpad-Bugs-Fixed: 697197
Changes: 
 qemu-kvm (0.12.3+noroms-0ubuntu9.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Setting VNC password to empty string silently
 disables all authentication (LP: #697197)
 - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the
   change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson.
 - CVE-2011-0011
Checksums-Sha1: 
 84d0c516920b2b9184d0cc720b22ad8ac545f4a0 2195 
qemu-kvm_0.12.3+noroms-0ubuntu9.4.dsc
 3e55fe748d23d5214e454066d9ec968e54d18fe2 59055 
qemu-kvm_0.12.3+noroms-0ubuntu9.4.diff.gz
Checksums-Sha256: 
 12bafa5a96f2cb4dbdb0d227669ee56c5ab738b9cfa7485e040215a046e5a4aa 2195 
qemu-kvm_0.12.3+noroms-0ubuntu9.4.dsc
 941034be641f51986e45a6c63f6347c0eaf8697d0ec224168dbda1a70363cdaf 59055 
qemu-kvm_0.12.3+noroms-0ubuntu9.4.diff.gz
Files: 
 0cfe7be7ae0d42394c7faa4d7b14cd4d 2195 misc optional 
qemu-kvm_0.12.3+noroms-0ubuntu9.4.dsc
 ddd620576dad48286d6844784606f663 59055 misc optional 
qemu-kvm_0.12.3+noroms-0ubuntu9.4.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] krb5, krb5_1.8.1+dfsg-2ubuntu0.6_i386_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.6_ia64_translations.tar.gz, krb5_1.8.1+dfsg-2ubuntu0.6_powerpc_translations.tar.gz, krb5_1.8

[Ubuntu Installer]

krb5 (1.8.1+dfsg-2ubuntu0.6) lucid-security; urgency=low

  * SECURITY UPDATE: kpropd denial of service via invalid network input
- src/slave/kpropd.c: don't return on kpropd child exit; applied
  inline.
- CVE-2010-4022
- MITKRB5-SA-2011-001
  * SECURITY UPDATE: kdc denial of service from unauthenticated remote
attackers
- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h,
  src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c,
  src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c,
  src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:
  applied inline
- CVE-2011-0281
- CVE-2011-0282
- MITKRB5-SA-2011-002

Date: Wed, 09 Feb 2011 12:31:51 -0800
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.6
Format: 1.8
Date: Wed, 09 Feb 2011 12:31:51 -0800
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev 
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 
libkrb5support0
Architecture: source
Version: 1.8.1+dfsg-2ubuntu0.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-4  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Changes: 
 krb5 (1.8.1+dfsg-2ubuntu0.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: kpropd denial of service via invalid network input
 - src/slave/kpropd.c: don't return on kpropd child exit; applied
   inline.
 - CVE-2010-4022
 - MITKRB5-SA-2011-001
   * SECURITY UPDATE: kdc denial of service from unauthenticated remote
 attackers
 - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h,
   src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c,
   src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c,
   src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:
   applied inline
 - CVE-2011-0281
 - CVE-2011-0282
 - MITKRB5-SA-2011-002
Checksums-Sha1: 
 c0b34718791daa4981b84ab039c38b3cf34c32da 2323 krb5_1.8.1+dfsg-2ubuntu0.6.dsc
 d7d49d5c6365910b6707e30972e1020b2d237857 131056 
krb5_1.8.1+dfsg-2ubuntu0.6.diff.gz
Checksums-Sha256: 
 7d432d428e49d6456908a599136e7ff4e3e7ec82130b544401ebf256ee8152df 2323 
krb5_1.8.1+dfsg-2ubuntu0.6.dsc
 4d26c3d098958e52bec654b79387c88c459499103c21c5dfea3d8074d1212e5a 131056 
krb5_1.8.1+dfsg-2ubuntu0.6.diff.gz
Files: 
 6a19f2ba141e0b96c3c8e4fd59f559ed 2323 net standard 
krb5_1.8.1+dfsg-2ubuntu0.6.dsc
 39e2e27334dbc04b0c7f3e9463e1bef1 131056 net standard 
krb5_1.8.1+dfsg-2ubuntu0.6.diff.gz
Original-Maintainer: Sam Hartman hartm...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] italc_1.0.9.1-0ubuntu18.10.04.1_powerpc_translations.tar.gz, italc_1.0.9.1-0ubuntu18.10.04.1_i386_translations.tar.gz, italc_1.0.9.1-0ubuntu18.10.04.1_armel_translations.tar.gz

[Ubuntu Installer]

italc (1:1.0.9.1-0ubuntu18.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: private keys potentially reused from liveCD.
- debian/italc-client.postinst: re-generate the private and public
  keys when they match one of the Edubuntu Live DVD ones (LP: #714864)
- CVE-2011-0724

Date: Mon, 07 Feb 2011 22:21:23 -0500
Changed-By: Stéphane Graber stgra...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/italc/1:1.0.9.1-0ubuntu18.10.04.1
Format: 1.8
Date: Mon, 07 Feb 2011 22:21:23 -0500
Source: italc
Binary: italc-master italc-client libitalc
Architecture: source
Version: 1:1.0.9.1-0ubuntu18.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Stéphane Graber stgra...@ubuntu.com
Description: 
 italc-client - Intelligent Teaching and Learning with Computers (client part)
 italc-master - Intelligent Teaching and Learning with Computers (master part)
 libitalc   - Intelligent Teaching and Learning with Computers (library)
Launchpad-Bugs-Fixed: 714864
Changes: 
 italc (1:1.0.9.1-0ubuntu18.10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: private keys potentially reused from liveCD.
 - debian/italc-client.postinst: re-generate the private and public
   keys when they match one of the Edubuntu Live DVD ones (LP: #714864)
 - CVE-2011-0724
Checksums-Sha1: 
 d5f287b80cbfb0b2a7261976294f7917d133706d 1944 
italc_1.0.9.1-0ubuntu18.10.04.1.dsc
 3163cc9327e576770595d204c8292e8e8be4ff9e 17359 
italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz
Checksums-Sha256: 
 57bab3a25bdb0c20aaaeb51644629691c7e6a3b32d0570817b34f1d0314e241e 1944 
italc_1.0.9.1-0ubuntu18.10.04.1.dsc
 b5a53c751d2442e682c5ae4297329c18af95d6e8703ecfb74ca46865dcd51396 17359 
italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz
Files: 
 462055fb0ec328c3bc732189bb9b78ff 1944 x11 optional 
italc_1.0.9.1-0ubuntu18.10.04.1.dsc
 01b5b5b9b20a3318de6eebff121bc060 17359 x11 optional 
italc_1.0.9.1-0ubuntu18.10.04.1.diff.gz
Original-Maintainer: Patrick Winnertz win...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1_i386_translations.tar.gz (delayed), flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1_amd64_translations.tar.gz

[Ubuntu Installer]

flashplugin-nonfree (10.2.152.27ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.2.152.27
- debian/config, debian/postinst: Updated sha256sums and path.
- CVE-2011-0558
- CVE-2011-0559
- CVE-2011-0560
- CVE-2011-0561
- CVE-2011-0571
- CVE-2011-0572
- CVE-2011-0573
- CVE-2011-0574
- CVE-2011-0575
- CVE-2011-0577
- CVE-2011-0578
- CVE-2011-0607
- CVE-2011-0608

Date: Wed, 09 Feb 2011 08:59:49 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.2.152.27ubuntu0.10.04.1
Format: 1.8
Date: Wed, 09 Feb 2011 08:59:49 -0500
Source: flashplugin-nonfree
Binary: flashplugin-installer flashplugin-nonfree
Architecture: source
Version: 10.2.152.27ubuntu0.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 flashplugin-installer - Adobe Flash Player plugin installer
 flashplugin-nonfree - Adobe Flash Player plugin installer (transitional 
package)
Changes: 
 flashplugin-nonfree (10.2.152.27ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: New upstream release 10.2.152.27
 - debian/config, debian/postinst: Updated sha256sums and path.
 - CVE-2011-0558
 - CVE-2011-0559
 - CVE-2011-0560
 - CVE-2011-0561
 - CVE-2011-0571
 - CVE-2011-0572
 - CVE-2011-0573
 - CVE-2011-0574
 - CVE-2011-0575
 - CVE-2011-0577
 - CVE-2011-0578
 - CVE-2011-0607
 - CVE-2011-0608
Checksums-Sha1: 
 8e1a0e290c6499d9e7061d9d109c79b74d113928 1639 
flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.dsc
 ae98c1a1a06d3cd7a35a36b85bbb827dfa4da486 26114 
flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.tar.gz
Checksums-Sha256: 
 da521037a21411a53196b53bb284d156605c47dfa206906c8d9354e8213270b4 1639 
flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.dsc
 0d1486705daae4d85c4a8a794123288d4f28be0ab30f8a08700ad700cbce512d 26114 
flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.tar.gz
Files: 
 cb31fe8a151148d9a901de87bb43e6cc 1639 contrib/web optional 
flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.dsc
 c56a9edff7a13f3ce628832acf49ddcf 26114 contrib/web optional 
flashplugin-nonfree_10.2.152.27ubuntu0.10.04.1.tar.gz
Original-Maintainer: Bart Martens ba...@knars.be
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] dovecot, dovecot (delayed) 1:1.2.9-1ubuntu6.3 (Accepted)

[Ubuntu Installer]

dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low

  * SECURITY UPDATE: information disclosure via newly created mailboxes
with incorrect ACLs
- debian/patches/CVE-2010-3304.patch: verify the directory isn't the
  same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3304
  * SECURITY UPDATE: ACL bypass via incorrect ACL merging
- debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
  ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
  acl-cache.c}.
- CVE-2010-3706
- CVE-2010-3707
  * SECURITY UPDATE: restriction bypass via mailbox ACL changing
- debian/patches/CVE-2010-3779.patch: don't give admin rights to all
  owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3779
  * SECURITY UPDATE: denial of service via many simultaneous disconnects.
- debian/patches/CVE-2010-3780.patch: don't die after three failed
  writes to log in src/lib/failures.c.
- CVE-2010-3780
  * debian/control: removed linux-kernel-headers from Build-Conflicts to
resolve building with sbuild.
  * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
was in -proposed.

Date: Mon, 31 Jan 2011 13:53:14 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dovecot/1:1.2.9-1ubuntu6.3
Format: 1.8
Date: Mon, 31 Jan 2011 13:53:14 -0500
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix 
dovecot-dbg
Architecture: source
Version: 1:1.2.9-1ubuntu6.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 dovecot-common - secure mail server that supports mbox and maildir mailboxes
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
 dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
 dovecot-postfix - full mail server stack provided by Ubuntu server team
Changes: 
 dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: information disclosure via newly created mailboxes
 with incorrect ACLs
 - debian/patches/CVE-2010-3304.patch: verify the directory isn't the
   same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
 - CVE-2010-3304
   * SECURITY UPDATE: ACL bypass via incorrect ACL merging
 - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
   ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
   acl-cache.c}.
 - CVE-2010-3706
 - CVE-2010-3707
   * SECURITY UPDATE: restriction bypass via mailbox ACL changing
 - debian/patches/CVE-2010-3779.patch: don't give admin rights to all
   owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
 - CVE-2010-3779
   * SECURITY UPDATE: denial of service via many simultaneous disconnects.
 - debian/patches/CVE-2010-3780.patch: don't die after three failed
   writes to log in src/lib/failures.c.
 - CVE-2010-3780
   * debian/control: removed linux-kernel-headers from Build-Conflicts to
 resolve building with sbuild.
   * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
 was in -proposed.
Checksums-Sha1: 
 ae8f0f0d17203353acbdcb9791aeaa4523c3b97a 2318 dovecot_1.2.9-1ubuntu6.3.dsc
 ed002c84dc317e12ca47df39d1c25a5cf91c0ada 1418658 
dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Checksums-Sha256: 
 f95d48ba219c799d910cfa89243cd154951b966446f1cbac487d8c73f06c8f8f 2318 
dovecot_1.2.9-1ubuntu6.3.dsc
 29f6e4901bad4247c2e07ff8ad2dcee01c2c7afd1a33beafe68059f29e8d0bb5 1418658 
dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Files: 
 fec51e228070f787fb056143796db75c 2318 mail optional 
dovecot_1.2.9-1ubuntu6.3.dsc
 e63585f0ff54bca7e0bf13cfc231b71f 1418658 mail optional 
dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Original-Maintainer: Dovecot Maintainers jaldhar-dove...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openoffice.org, openoffice.org_3.2.0-7ubuntu4.2_amd64_translations.tar.gz, openoffice.org_3.2.0-7ubuntu4.2_armel_translations.tar.gz, openoffice.org_3.2.0-7ubuntu4.2_powerpc_tr

[Ubuntu Installer]

openoffice.org (1:3.2.0-7ubuntu4.2) lucid-security; urgency=low

  * SECURITY UPDATE: multiple OpenOffice.org vulnerabilities.
- debian/patches/SA40775.diff: buffer overflow fixes from upstream,
  patch thanks to Rene Engelhard (CVE-2010-2935, CVE-2010-2936).
- debian/patches/tread-invalid-path-segments-correctly.diff: directory
  traversal fixes from upstream, patch thanks to Rene Engelhard
  (CVE-2010-3450).
- debian/patches/cws-hb22.diff: multiple fixes from upstream, patch
  thanks to Rene Engelhard.
  - corrupt table model in RTF parser (CVE-2010-3451)
  - SwRTFParser::ReadNumSecLevel (CVE-2010-3452)
  - WW8ListManager::WW8ListManager (CVE-2010-3453)
  - WW8DopTypography::ReadFromMem (CVE-2010-3454)
  - LD_LIBRARY_PATH current directory injection (CVE-2010-3689)
- debian/patches/security-fixes-drom-cws-os145.diff: heap overflow in
  PPT fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4253).
- debian/patches/security-fixes-from-cws-impress208.diff: heap overflow in
  TGA fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4643).

Date: Tue, 25 Jan 2011 12:54:50 -0800
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/openoffice.org/1:3.2.0-7ubuntu4.2
Format: 1.8
Date: Tue, 25 Jan 2011 12:54:50 -0800
Source: openoffice.org
Binary: openoffice.org broffice.org openoffice.org-l10n-za 
openoffice.org-l10n-in openoffice.org-core openoffice.org-common 
openoffice.org-java-common openoffice.org-writer openoffice.org-calc 
openoffice.org-impress openoffice.org-draw openoffice.org-math 
openoffice.org-base-core openoffice.org-base openoffice.org-style-crystal 
openoffice.org-style-oxygen openoffice.org-style-industrial 
openoffice.org-style-tango openoffice.org-style-human 
openoffice.org-style-hicontrast openoffice.org-style-galaxy 
openoffice.org-style-andromeda openoffice.org-gtk openoffice.org-gnome 
openoffice.org-evolution openoffice.org-emailmerge python-uno 
openoffice.org-officebean openoffice.org-filter-binfilter 
openoffice.org-filter-mobiledev libmythes-dev 
openoffice.org-dtd-officedocument1.0 uno-libs3 uno-libs3-dbg ure ure-dbg 
openoffice.org-gcj cli-uno-bridge libuno-cli-basetypes1.0-cil 
libuno-cli-uretypes1.0-cil libuno-cli-oootypes1.0-cil 
libuno-cli-cppuhelper1.0-cil libuno-cli-ure1.0-cil mozilla-openoffice.org
 openoffice.org-ogltrans openoffice.org-wiki-publisher 
openoffice.org-report-builder openoffice.org-report-builder-bin 
openoffice.org-presentation-minimizer openoffice.org-presenter-console 
openoffice.org-pdfimport ttf-opensymbol openoffice.org-dev 
openoffice.org-dev-doc openoffice.org-kde openoffice.org-kab 
openoffice.org-sdbc-postgresql openoffice.org-mysql-connector
Architecture: source
Version: 1:3.2.0-7ubuntu4.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 broffice.org - office productivity suite -- BrOffice.org branding
 cli-uno-bridge - OpenOffice.org bindings for Mono CLI
 libmythes-dev - simple thesaurus library -- development files
 libuno-cli-basetypes1.0-cil - OpenOffice.org bindings for Mono CLI -- base 
types
 libuno-cli-cppuhelper1.0-cil - OpenOffice.org bindings for Mono CLI -- 
bootstrapping library
 libuno-cli-oootypes1.0-cil - OpenOffice.org bindings for Mono CLI -- 
OpenOffice.org type libra
 libuno-cli-ure1.0-cil - OpenOffice.org bindings for Mono CLI -- helper classes
 libuno-cli-uretypes1.0-cil - OpenOffice.org bindings for Mono CLI -- URE type 
library
 mozilla-openoffice.org - office productivity suite -- Mozilla plugin
 openoffice.org - office productivity suite
 openoffice.org-base - office productivity suite -- database
 openoffice.org-base-core - office productivity suite -- shared library
 openoffice.org-calc - office productivity suite -- spreadsheet
 openoffice.org-common - office productivity suite -- arch-independent files
 openoffice.org-core - office productivity suite -- arch-dependent files
 openoffice.org-dev - office productivity suite -- SDK
 openoffice.org-dev-doc - office productivity suite -- SDK documentation
 openoffice.org-draw - office productivity suite -- drawing
 openoffice.org-dtd-officedocument1.0 - office productivity suite -- legacy 1.0 
XML DTD
 openoffice.org-emailmerge - office productivity suite -- email mail merge
 openoffice.org-evolution - office productivity suite -- Evolution addressbook 
support
 openoffice.org-filter-binfilter - office productivity suite -- legacy filters 
(e.g. StarOffice 5.2)
 openoffice.org-filter-mobiledev - office productivity suite -- mobile devices 
filters
 openoffice.org-gcj - office productivity suite -- Java libraries for GIJ
 openoffice.org-gnome - office productivity suite -- GNOME integration
 openoffice.org-gtk - office productivity suite -- GTK+ integration
 

[ubuntu/lucid-security] subversion_1.6.6dfsg-2ubuntu1.1_amd64_translations.tar.gz, subversion_1.6.6dfsg-2ubuntu1.1_powerpc_translations.tar.gz, subversion_1.6.6dfsg-2ubuntu1.1_ia64_translations.tar.gz

[Ubuntu Installer]

subversion (1.6.6dfsg-2ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: restriction bypass via named repo as a rule scope
- debian/patches/CVE-2010-3315.patch: use repo_basename in
  subversion/mod_dav_svn/authz.c.
- CVE-2010-3315
  * SECURITY UPDATE: denial of service via SVNParentPath walking
- debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath
  collection in subversion/mod_dav_svn/repos.c.
- CVE-2010-4539
  * SECURITY UPDATE: denial of service via -g memory leaks
- debian/patches/CVE-2010-4644.patch: improve logic in
  subversion/libsvn_repos/rev_hunt.c.
- CVE-2010-4644

Date: Fri, 14 Jan 2011 12:36:43 -0600
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/subversion/1.6.6dfsg-2ubuntu1.1
Format: 1.8
Date: Fri, 14 Jan 2011 12:36:43 -0600
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn 
python-subversion python-subversion-dbg subversion-tools libsvn-java 
libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source
Version: 1.6.6dfsg-2ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1- Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Changes: 
 subversion (1.6.6dfsg-2ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: restriction bypass via named repo as a rule scope
 - debian/patches/CVE-2010-3315.patch: use repo_basename in
   subversion/mod_dav_svn/authz.c.
 - CVE-2010-3315
   * SECURITY UPDATE: denial of service via SVNParentPath walking
 - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath
   collection in subversion/mod_dav_svn/repos.c.
 - CVE-2010-4539
   * SECURITY UPDATE: denial of service via -g memory leaks
 - debian/patches/CVE-2010-4644.patch: improve logic in
   subversion/libsvn_repos/rev_hunt.c.
 - CVE-2010-4644
Checksums-Sha1: 
 09847812451846f1c4368d252a214c17efa0b78e 2683 
subversion_1.6.6dfsg-2ubuntu1.1.dsc
 c57ffc577b806603d5441782356a4e9d2d755d80 113229 
subversion_1.6.6dfsg-2ubuntu1.1.diff.gz
Checksums-Sha256: 
 2ec05d4bebdc7e2c7c13c440157ad45424d33dbfddc7d014002c52f573b3b274 2683 
subversion_1.6.6dfsg-2ubuntu1.1.dsc
 5394174a2c2e8110f0a1db903e7c8398342a562a31239537b3f37f25f7d033dc 113229 
subversion_1.6.6dfsg-2ubuntu1.1.diff.gz
Files: 
 fecd83d9cae9d8460eb81f8eeb81a6eb 2683 vcs optional 
subversion_1.6.6dfsg-2ubuntu1.1.dsc
 91e4c53093dca55bc4fbf8ec98720e36 113229 vcs optional 
subversion_1.6.6dfsg-2ubuntu1.1.diff.gz
Original-Maintainer: Peter Samuelson pe...@p12n.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openjdk-6b18 (delayed), openjdk-6b18 6b18-1.8.5-0ubuntu1~10.04.1 (Accepted)

[Ubuntu Installer]

openjdk-6b18 (6b18-1.8.5-0ubuntu1~10.04.1) lucid-security; urgency=low

  * IcedTea6 1.8.5 release.
- CVE-2011-0025: IcedTea jarfile signature verification bypass.

Date: Thu, 27 Jan 2011 10:30:52 +0100
Changed-By: Matthias Klose d...@ubuntu.com
Maintainer: OpenJDK Team open...@lists.launchpad.net
https://launchpad.net/ubuntu/lucid/+source/openjdk-6b18/6b18-1.8.5-0ubuntu1~10.04.1
Format: 1.8
Date: Thu, 27 Jan 2011 10:30:52 +0100
Source: openjdk-6b18
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo 
openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b18-1.8.5-0ubuntu1~10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: OpenJDK Team open...@lists.launchpad.net
Changed-By: Matthias Klose d...@ubuntu.com
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute 
Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
Changes: 
 openjdk-6b18 (6b18-1.8.5-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * IcedTea6 1.8.5 release.
 - CVE-2011-0025: IcedTea jarfile signature verification bypass.
Checksums-Sha1: 
 c1a0311281ba340ec0839c30481bb2464abc2418 3056 
openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc
 80ba4e92b7fb607bf027a16f1f2fc6273b5b46ba 71411043 
openjdk-6b18_6b18-1.8.5.orig.tar.gz
 3fd6ea528f2cc9c9bd7b074b2cc98fe395b46254 131798 
openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz
Checksums-Sha256: 
 0700b4dd30c9d582dd3c74dc1b9c048ddb827bb89a0bdd923e2c47fb2f33c9ed 3056 
openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc
 1a7c1c81bcd638e5a621f03943e10c616610eeb3d10726d13503ef3d0157deb8 71411043 
openjdk-6b18_6b18-1.8.5.orig.tar.gz
 d1a74f4f7250c2bcaa2260e4f2107787630928fe46ae4cb135a7c6b786b62ecc 131798 
openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz
Files: 
 1df0b04c982b3bf22c1dbe70fe59ea32 3056 java optional 
openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.dsc
 bd54d036357114075c6d4cfb162cb3ad 71411043 java optional 
openjdk-6b18_6b18-1.8.5.orig.tar.gz
 93e1c17619a492d6d98d4c93d088a9f3 131798 java optional 
openjdk-6b18_6b18-1.8.5-0ubuntu1~10.04.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.5-0ubuntu1~10.04.1 (Accepted)

[Ubuntu Installer]

openjdk-6 (6b20-1.9.5-0ubuntu1~10.04.1) lucid-security; urgency=low

  * IcedTea6 1.9.5 release.
- CVE-2011-0025: IcedTea jarfile signature verification bypass.

Date: Thu, 27 Jan 2011 10:13:13 +0100
Changed-By: Matthias Klose d...@ubuntu.com
Maintainer: OpenJDK Team open...@lists.launchpad.net
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.5-0ubuntu1~10.04.1
Format: 1.8
Date: Thu, 27 Jan 2011 10:13:13 +0100
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib 
openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin 
icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.5-0ubuntu1~10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: OpenJDK Team open...@lists.launchpad.net
Changed-By: Matthias Klose d...@ubuntu.com
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute 
Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b20-1.9.5-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * IcedTea6 1.9.5 release.
 - CVE-2011-0025: IcedTea jarfile signature verification bypass.
Checksums-Sha1: 
 cf7db978a4e9887d79658bbbfcf91543da9421cc 3077 
openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc
 af31b860879bddaa6c3754450198072829f0db3e 73242981 
openjdk-6_6b20-1.9.5.orig.tar.gz
 1ffba7df277422dfe314ba0af5f181e51df05f97 130653 
openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz
Checksums-Sha256: 
 0bdb6b11849f9bc918adb157879c59f7bfc21307f7da7b83e2cf476716824d42 3077 
openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc
 083ba959b06c8ba0c8ee50fa971cc640fd7c8c585c5f7bdc808b3a717a539f95 73242981 
openjdk-6_6b20-1.9.5.orig.tar.gz
 0a868952cc4f25eea22ff4dd48620637342186c88bfd4ac3901ce3690081bee8 130653 
openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz
Files: 
 40a56a96db71060b96816204590f877f 3077 java optional 
openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.dsc
 a46692c197b9d63625a0593f0f5261a1 73242981 java optional 
openjdk-6_6b20-1.9.5.orig.tar.gz
 4250574bc50a42af16707919a2c09791 130653 java optional 
openjdk-6_6b20-1.9.5-0ubuntu1~10.04.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openjdk-6b18 (delayed), openjdk-6b18 6b18-1.8.4-0ubuntu1~10.04.1 (Accepted)

[Ubuntu Installer]

openjdk-6b18 (6b18-1.8.4-0ubuntu1~10.04.1) lucid-security; urgency=low

  * IcedTea6 1.8.4 release.
- Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass.

Date: Fri, 07 Jan 2011 11:40:12 +0100
Changed-By: Matthias Klose d...@ubuntu.com
Maintainer: OpenJDK Team open...@lists.launchpad.net
https://launchpad.net/ubuntu/lucid/+source/openjdk-6b18/6b18-1.8.4-0ubuntu1~10.04.1
Format: 1.8
Date: Fri, 07 Jan 2011 11:40:12 +0100
Source: openjdk-6b18
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo 
openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b18-1.8.4-0ubuntu1~10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: OpenJDK Team open...@lists.launchpad.net
Changed-By: Matthias Klose d...@ubuntu.com
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute 
Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
Changes: 
 openjdk-6b18 (6b18-1.8.4-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * IcedTea6 1.8.4 release.
 - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass.
Checksums-Sha1: 
 fc0ae1d8a6d698445e69902a2cfa79e0942ebee7 3056 
openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.dsc
 1ae7f2e13c8c5e94006407e8d837835a8386abaf 71375187 
openjdk-6b18_6b18-1.8.4.orig.tar.gz
 b86096b7f684f13b5ab408cf78f254d7fc0692fd 142566 
openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.diff.gz
Checksums-Sha256: 
 a4dcc22e215357fed6a9d830ec355b8d44e8e15034631518c88498d1c275d2eb 3056 
openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.dsc
 ee12559a7ece35b62fdfe35ec34ee4e6b31f8e503967fb5313da7198fdd25091 71375187 
openjdk-6b18_6b18-1.8.4.orig.tar.gz
 e1fba0ab4041af568fc7e0cc4826c1194ee3760a7c287157d54ee62944b9d51a 142566 
openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.diff.gz
Files: 
 8f97f5c3302d0cd0b5abff9ab17415b9 3056 java optional 
openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.dsc
 36e126c797818b9385d8ac48136782de 71375187 java optional 
openjdk-6b18_6b18-1.8.4.orig.tar.gz
 9fca90a013d88bd6c0baebcdecd01283 142566 java optional 
openjdk-6b18_6b18-1.8.4-0ubuntu1~10.04.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.4-0ubuntu1~10.04.1 (Accepted)

[Ubuntu Installer]

openjdk-6 (6b20-1.9.4-0ubuntu1~10.04.1) lucid-security; urgency=low

  * IcedTea6 1.9.4 release.
- CVE-2010-4351: IcedTea JNLP SecurityManager bypass.

Date: Thu, 06 Jan 2011 23:39:28 +0100
Changed-By: Matthias Klose d...@ubuntu.com
Maintainer: OpenJDK Team open...@lists.launchpad.net
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.4-0ubuntu1~10.04.1
Format: 1.8
Date: Thu, 06 Jan 2011 23:39:28 +0100
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib 
openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin 
icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.4-0ubuntu1~10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: OpenJDK Team open...@lists.launchpad.net
Changed-By: Matthias Klose d...@ubuntu.com
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute 
Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b20-1.9.4-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * IcedTea6 1.9.4 release.
 - CVE-2010-4351: IcedTea JNLP SecurityManager bypass.
Checksums-Sha1: 
 71e2b970c64168f1a5715a5430c86ba9c3cc3686 3077 
openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.dsc
 efc457659270ef7b4da1bddfbbb59cc774352365 73205024 
openjdk-6_6b20-1.9.4.orig.tar.gz
 4f388e9f5d5a82ef3607332507569305665c092d 130615 
openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.diff.gz
Checksums-Sha256: 
 0f9aa7c43a3d6f33ac626ea6054e33a3533fa9f80fa79d5a55ee22c7c964a643 3077 
openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.dsc
 41a411e45d069ea02937182ab6ee0dbb6bfd4c3a8802b429a9786d77227038b2 73205024 
openjdk-6_6b20-1.9.4.orig.tar.gz
 68841ba38d05f1090c284baa42ab62c263031c96fe32def3bb2d8a5c95bc5573 130615 
openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.diff.gz
Files: 
 0166e34134c4a1f1e3e4e006705f9b5c 3077 java optional 
openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.dsc
 b8a99377ee01bc543e73c21caba0e16d 73205024 java optional 
openjdk-6_6b20-1.9.4.orig.tar.gz
 b6bd90a6a401bec50e8bf9900852113b 130615 java optional 
openjdk-6_6b20-1.9.4-0ubuntu1~10.04.1.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] hplip_3.10.2-2ubuntu2.2_armel_translations.tar.gz, hplip_3.10.2-2ubuntu2.2_sparc_translations.tar.gz (delayed), hplip_3.10.2-2ubuntu2.2_i386_translations.tar.gz, hplip, hplip_3

[Ubuntu Installer]

hplip (3.10.2-2ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
execution via long SNMP response
- debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
- CVE-2010-4267

Date: Mon, 24 Jan 2011 11:25:11 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/hplip/3.10.2-2ubuntu2.2
Format: 1.8
Date: Mon, 24 Jan 2011 11:25:11 -0500
Source: hplip
Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs 
hplip-cups libhpmud0 libhpmud-dev
Architecture: source
Version: 3.10.2-2ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 hpijs  - HP Linux Printing and Imaging - gs IJS driver (hpijs)
 hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
 hplip  - HP Linux Printing and Imaging System (HPLIP)
 hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
 hplip-data - HP Linux Printing and Imaging - data files
 hplip-dbg  - HP Linux Printing and Imaging - debugging information
 hplip-doc  - HP Linux Printing and Imaging - documentation
 hplip-gui  - HP Linux Printing and Imaging - GUI utilities
 libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries
 libhpmud0  - HP Multi-Point Transport Driver (hpmud) run-time libraries
Changes: 
 hplip (3.10.2-2ubuntu2.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible arbitrary code
 execution via long SNMP response
 - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
 - CVE-2010-4267
Checksums-Sha1: 
 59267d182271ac913bc909f49a81475efb5c2483 2623 hplip_3.10.2-2ubuntu2.2.dsc
 f04829565d200cc7af308334d191074db4e2a8df 92048 hplip_3.10.2-2ubuntu2.2.diff.gz
Checksums-Sha256: 
 79eab27958ff3f08af16b9d53e0181755094ed159ea288ff9568632568addc48 2623 
hplip_3.10.2-2ubuntu2.2.dsc
 f6f2b75a49119f573ea1a082350c75e593e70c96fc44864a3a0bd405aac0dee5 92048 
hplip_3.10.2-2ubuntu2.2.diff.gz
Files: 
 02586d2ea60d91d22fd10725013de412 2623 utils optional 
hplip_3.10.2-2ubuntu2.2.dsc
 ce04ffbba2b3d38965c34e579f410a3e 92048 utils optional 
hplip_3.10.2-2ubuntu2.2.diff.gz
Original-Maintainer: Debian HPIJS and HPLIP maintainers 
pkg-hpijs-de...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] vlc_1.0.6-1ubuntu1.4_i386_translations.tar.gz, vlc_1.0.6-1ubuntu1.4_amd64_translations.tar.gz, vlc, vlc_1.0.6-1ubuntu1.4_powerpc_translations.tar.gz, vlc_1.0.6-1ubuntu1.4_armel

[Ubuntu Installer]

vlc (1.0.6-1ubuntu1.4) lucid-security; urgency=low

  * SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
- debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG
  decoder, thanks to Dan Rosenberg
  * SECURITY UPDATE: heap corruption in some XML based subtitles decoder
- debian/patches/xml-heap-corruption.diff: Handle early termination
  properly in StripTags, thanks to Harry Sintonen

Date: Mon, 24 Jan 2011 22:59:31 +0100
Changed-By: Benjamin Drung bdr...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.4
Format: 1.8
Date: Mon, 24 Jan 2011 22:59:31 +0100
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev 
vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib 
vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data
Architecture: source
Version: 1.0.6-1ubuntu1.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Benjamin Drung bdr...@ubuntu.com
Description: 
 libvlc-dev - development files for libvlc
 libvlc2- multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore2 - base library for VLC and its modules
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc- multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg- debugging symbols for vlc
 vlc-nox- multimedia player and streamer (without X support)
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Launchpad-Bugs-Fixed: 707154
Changes: 
 vlc (1.0.6-1ubuntu1.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
 - debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG
   decoder, thanks to Dan Rosenberg
   * SECURITY UPDATE: heap corruption in some XML based subtitles decoder
 - debian/patches/xml-heap-corruption.diff: Handle early termination
   properly in StripTags, thanks to Harry Sintonen
Checksums-Sha1: 
 cf24679f5180b8c02d71a02badc5d368475db98e 4008 vlc_1.0.6-1ubuntu1.4.dsc
 d041e43aef51b3275a4cece4a939da457aaf31a5 74829 vlc_1.0.6-1ubuntu1.4.diff.gz
Checksums-Sha256: 
 3e3314fd557e1f3c1791122946fd1f2fda4736a8ff3abc819079c6af80711a9e 4008 
vlc_1.0.6-1ubuntu1.4.dsc
 6410d8f739af239b4df53bac37cc24a2b090e09facf643d6fc2ac75def629282 74829 
vlc_1.0.6-1ubuntu1.4.diff.gz
Files: 
 e4caa40c21ba9be453a9e350a74cacb7 4008 video optional vlc_1.0.6-1ubuntu1.4.dsc
 a3a70ef2d93eb08b2046e79324401ed8 74829 video optional 
vlc_1.0.6-1ubuntu1.4.diff.gz
Original-Maintainer: Debian multimedia packages maintainers 
pkg-multimedia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] tomcat6, tomcat6 (delayed) 6.0.24-2ubuntu1.6 (Accepted)

[Ubuntu Installer]

tomcat6 (6.0.24-2ubuntu1.6) lucid-security; urgency=low

  * SECURITY UPDATE: cross-site scripting in Manager application
- debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
  java/org/apache/catalina/manager/JspHelper.java,
  webapps/manager/{sessionDetail,sessionsList}.jsp.
- patch backported from Debian 6.0.28-9 package
- CVE-2010-4172

Date: Thu, 13 Jan 2011 15:32:24 -0600
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/tomcat6/6.0.24-2ubuntu1.6
Format: 1.8
Date: Thu, 13 Jan 2011 15:32:24 -0600
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java 
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.24-2ubuntu1.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6- Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat6 (6.0.24-2ubuntu1.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: cross-site scripting in Manager application
 - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
   java/org/apache/catalina/manager/JspHelper.java,
   webapps/manager/{sessionDetail,sessionsList}.jsp.
 - patch backported from Debian 6.0.28-9 package
 - CVE-2010-4172
Checksums-Sha1: 
 8ca437b2f5ef079f4df0ad0ed782b43ff437b880 2405 tomcat6_6.0.24-2ubuntu1.6.dsc
 141fc3c84f9b4231f07b93afd4e82b8910c07566 32782 
tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
Checksums-Sha256: 
 ba6deea37bb41459612dc9927f8d9c90ece17931d122775c509bdcfb9c17a2ff 2405 
tomcat6_6.0.24-2ubuntu1.6.dsc
 9340d9d72fa398c8af58e295981857902eff70f7a11482a4177df320f81026e1 32782 
tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
Files: 
 2ee1921228239791f5aab04bc2bf6c48 2405 java optional 
tomcat6_6.0.24-2ubuntu1.6.dsc
 d369c0e8ab9ef06c320a74ba10c5e361 32782 java optional 
tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
Original-Maintainer: Debian Java Maintainers 
pkg-java-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] awstats, awstats (delayed) 6.9~dfsg-1ubuntu3.10.04.1 (Accepted)

[Ubuntu Installer]

awstats (6.9~dfsg-1ubuntu3.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
- debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin
  name in wwwroot/cgi-bin/awstats.pl.
- CVE-2010-4369

Date: Tue, 11 Jan 2011 17:05:56 -0600
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Core Develoers ubuntu-de...@lists.ubunutu.com
https://launchpad.net/ubuntu/lucid/+source/awstats/6.9~dfsg-1ubuntu3.10.04.1
Format: 1.8
Date: Tue, 11 Jan 2011 17:05:56 -0600
Source: awstats
Binary: awstats
Architecture: source
Version: 6.9~dfsg-1ubuntu3.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Develoers ubuntu-de...@lists.ubunutu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 awstats- powerful and featureful web server log analyzer
Changes: 
 awstats (6.9~dfsg-1ubuntu3.10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
 - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin
   name in wwwroot/cgi-bin/awstats.pl.
 - CVE-2010-4369
Checksums-Sha1: 
 fa3b53c078517f0fb550a20e45cbb8eaa76405f8 2202 
awstats_6.9~dfsg-1ubuntu3.10.04.1.dsc
 7afdd754b08ffc24f2d9a88fb320fc80afc59d39 45789 
awstats_6.9~dfsg-1ubuntu3.10.04.1.diff.gz
Checksums-Sha256: 
 a496105d51efe8048ad7c81bd408523ea3fd365d2f6fccd37a9e87d5ec516674 2202 
awstats_6.9~dfsg-1ubuntu3.10.04.1.dsc
 8864fcb4d1c514eee4997c0ec38c2943321b5fb1b5830393c8556a19a39a2e6f 45789 
awstats_6.9~dfsg-1ubuntu3.10.04.1.diff.gz
Files: 
 2536cf6fe0fbec527f16cf6e5e3ada47 2202 web optional 
awstats_6.9~dfsg-1ubuntu3.10.04.1.dsc
 f21c60b02413fc47263702e37bbd317c 45789 web optional 
awstats_6.9~dfsg-1ubuntu3.10.04.1.diff.gz
Original-Maintainer: Debian AWStats Team 
pkg-awstats-de...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] xpdf, xpdf (delayed) 3.02-2ubuntu1.1 (Accepted)

[Ubuntu Installer]

xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference. (LP: #701220)
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
- CVE-2010-3702
  * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption. (LP: #701220)
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
- CVE-2010-3704

Date: Thu, 20 Jan 2011 16:49:30 -0500
Changed-By: Brian Thomason brian.thoma...@canonical.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/xpdf/3.02-2ubuntu1.1
Format: 1.8
Date: Thu, 20 Jan 2011 16:49:30 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-2ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Brian Thomason brian.thoma...@canonical.com
Description: 
 xpdf   - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Launchpad-Bugs-Fixed: 701220 701220
Changes: 
 xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
 cause a denial of service (crash) via unknown vectors that trigger an
 uninitialized pointer dereference. (LP: #701220)
 - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
 - CVE-2010-3702
   * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
 attackers to cause a denial of service (crash) and possibly execute
 arbitrary code via a PDF file with a crafted Type1 font that contains a
 negative array index, which bypasses input validation and which triggers
 memory corruption. (LP: #701220)
 - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
 - CVE-2010-3704
Checksums-Sha1: 
 26525da9aa5a2d9fbbbd56101165d21d85eedd44 2076 xpdf_3.02-2ubuntu1.1.dsc
 5dfe873a44f6152f8cba13832cbcce77bfc35cbc 59861 
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 2b0509ad1ee4e67d560468f24aa7bce802ad2de24bc72c8fe247eee0aa9ff8b4 2076 
xpdf_3.02-2ubuntu1.1.dsc
 6162b2b0b905c2cdffd0f7cdbe202d818d84d435c39a15329b9c53ddad6305bd 59861 
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Files: 
 6e0ba37a8b31fde9b8eda5281e331c5d 2076 text optional xpdf_3.02-2ubuntu1.1.dsc
 9629b96bed87639ab211b12a92105702 59861 text optional 
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Original-Maintainer: Michael Gilbert michael.s.gilb...@gmail.com
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] asterisk (delayed), asterisk 1:1.6.2.5-0ubuntu1.3 (Accepted)

[Ubuntu Installer]

asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
- debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
  to the ast_uri_encode function is now properly respected in main/utils.c.
  Patch courtesy of upstream.
- CVE-2011-0495

Date: Thu, 20 Jan 2011 23:31:55 +
Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com
Maintainer: Ubuntu MOTU Developers ubuntu-m...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/asterisk/1:1.6.2.5-0ubuntu1.3
Format: 1.8
Date: Thu, 20 Jan 2011 23:31:55 +
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg 
asterisk-sounds-main asterisk-config
Architecture: source
Version: 1:1.6.2.5-0ubuntu1.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu MOTU Developers ubuntu-m...@lists.ubuntu.com
Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Launchpad-Bugs-Fixed: 705014
Changes: 
 asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
 - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
   to the ast_uri_encode function is now properly respected in main/utils.c.
   Patch courtesy of upstream.
 - CVE-2011-0495
Checksums-Sha1: 
 010f082e46b48dc6a2fb612fadc95fec44865d98 2683 asterisk_1.6.2.5-0ubuntu1.3.dsc
 382a1d55efed3f8ed541fa852ad4229b11715e34 62648 
asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz
Checksums-Sha256: 
 00af7418a7f4545675c1d168ae803303ab08e42b5902f930a36f6b2809cda27c 2683 
asterisk_1.6.2.5-0ubuntu1.3.dsc
 53bc8c7612bc9b81c7449b8975610d8f42eb131b834585fb22870fa4ed3d9104 62648 
asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz
Files: 
 ca634dee9a2a0a59b18a8932229fdf6e 2683 comm optional 
asterisk_1.6.2.5-0ubuntu1.3.dsc
 9e8955f86da0ee0a4cec1622e2309ddc 62648 comm optional 
asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz
Original-Maintainer: Debian VoIP Team 
pkg-voip-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] mumble_1.2.2-1ubuntu1.1_ia64_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_i386_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_amd64_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_p

[Ubuntu Installer]

mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
- debian/mumble-server.postinst: Set permissions of mumble-server.ini to
  0640 and the owner to root:mumble-server.

Date: Thu, 20 Jan 2011 12:56:28 +0100
Changed-By: Felix Geyer debfx-...@fobos.de
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/mumble/1.2.2-1ubuntu1.1
Format: 1.8
Date: Thu, 20 Jan 2011 12:56:28 +0100
Source: mumble
Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web
Architecture: source
Version: 1.2.2-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Felix Geyer debfx-...@fobos.de
Description: 
 mumble - Low latency VoIP client
 mumble-11x - Low latency VoIP client (1.1.x)
 mumble-dbg - Low latency VoIP client (debugging symbols)
 mumble-server - Low latency VoIP server
 mumble-server-web - Web scripts for mumble-server
Launchpad-Bugs-Fixed: 704674
Changes: 
 mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
 - debian/mumble-server.postinst: Set permissions of mumble-server.ini to
   0640 and the owner to root:mumble-server.
Checksums-Sha1: 
 fcb82333c22f7440f5e6c135b97400ca73f97a24 2657 mumble_1.2.2-1ubuntu1.1.dsc
 f12c604a33682507ae3337090e187c6e00e8f8f1 26916 
mumble_1.2.2-1ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 c95bc113f1231f9eb6011da9e96509a58b600c9c208d7ad0195afc89772d1dbb 2657 
mumble_1.2.2-1ubuntu1.1.dsc
 4687b816c3dc61a2985c36ed6f34b4d9c2dd3120b275e83b8521a4e9764d4294 26916 
mumble_1.2.2-1ubuntu1.1.debian.tar.gz
Files: 
 3278e12c874a79bd9e587897b9f408e1 2657 sound optional 
mumble_1.2.2-1ubuntu1.1.dsc
 32330c916aea3fd85670e5c9b59dfd35 26916 sound optional 
mumble_1.2.2-1ubuntu1.1.debian.tar.gz
Original-Maintainer: Debian VoIP Team 
pkg-voip-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] sudo, sudo (delayed) 1.7.2p1-1ubuntu5.3 (Accepted)

[Ubuntu Installer]

sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low

  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
  48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
  only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
  Going forward, will need to look at this code also if a flaw is found in
  this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
  and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
  but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010

Date: Wed, 19 Jan 2011 10:39:09 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/sudo/1.7.2p1-1ubuntu5.3
Format: 1.8
Date: Wed, 19 Jan 2011 10:39:09 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.7.2p1-1ubuntu5.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 sudo   - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Changes: 
 sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
 - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
   48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
   only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
   Going forward, will need to look at this code also if a flaw is found in
   this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
   and 6ebc55d4716b.
 - check.c: prompt for password when the user is running sudo as himself
   but as a different group. Backported from fe8a94f96542.
 - CVE-2011-0010
Checksums-Sha1: 
 95f1390dd52c8f87bf601e8e5d94e13682ed11a9 1771 sudo_1.7.2p1-1ubuntu5.3.dsc
 e55bcd8845aee67eea0765c036dd5d1dc915ff04 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz
Checksums-Sha256: 
 36ade179324638c9539183c8a81924f2563f0ece7d7073dc58a0f6656558117f 1771 
sudo_1.7.2p1-1ubuntu5.3.dsc
 bbe7e00b44e953b48f937343e2280c005e889acf7f2172d67d36ba6e5d48022c 27664 
sudo_1.7.2p1-1ubuntu5.3.diff.gz
Files: 
 0254600b76a959ce7f4751487e8aba1c 1771 admin optional 
sudo_1.7.2p1-1ubuntu5.3.dsc
 1d366b7edf66dcb6ab3a0aef6543677b 27664 admin optional 
sudo_1.7.2p1-1ubuntu5.3.diff.gz
Original-Maintainer: Bdale Garbee bd...@gag.com
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] dbus, dbus (delayed) 1.2.16-2ubuntu4.1 (Accepted)

[Ubuntu Installer]

dbus (1.2.16-2ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: fix DoS with too deeply nested messages
- debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
  message variants. Backported from upstream.
- CVE-2010-4352
- LP: #688992

Date: Tue, 04 Jan 2011 14:33:58 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dbus/1.2.16-2ubuntu4.1
Format: 1.8
Date: Tue, 04 Jan 2011 14:33:58 -0600
Source: dbus
Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev
Architecture: source
Version: 1.2.16-2ubuntu4.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 dbus   - simple interprocess messaging system
 dbus-1-doc - simple interprocess messaging system (documentation)
 dbus-x11   - simple interprocess messaging system (X11 deps)
 libdbus-1-3 - simple interprocess messaging system
 libdbus-1-dev - simple interprocess messaging system (development headers)
Launchpad-Bugs-Fixed: 688992
Changes: 
 dbus (1.2.16-2ubuntu4.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fix DoS with too deeply nested messages
 - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
   message variants. Backported from upstream.
 - CVE-2010-4352
 - LP: #688992
Checksums-Sha1: 
 859c44babcbe0825400c0fddcb456b59f5e5bd02 2360 dbus_1.2.16-2ubuntu4.1.dsc
 808c0aa359b43b79df32508994ab0a57418d963b 33308 dbus_1.2.16-2ubuntu4.1.diff.gz
Checksums-Sha256: 
 de9378d07132ff17ee1d509d978d252878c047ea150db7d3a014c6e48ab94245 2360 
dbus_1.2.16-2ubuntu4.1.dsc
 356825c8ae899ce089bd6cb9d177aaa42c82319914110a9e6167213d3cba88cc 33308 
dbus_1.2.16-2ubuntu4.1.diff.gz
Files: 
 1e891a07e45ecb29f39b502daf28c0b5 2360 devel optional dbus_1.2.16-2ubuntu4.1.dsc
 2cff23d217dd81eb8d906c77e9b1e922 33308 devel optional 
dbus_1.2.16-2ubuntu4.1.diff.gz
Original-Maintainer: Utopia Maintenance Team 
pkg-utopia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.7_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.7_ia64_translations.tar.gz, php5_5.3.2-1ubuntu4.7_sparc_translations.tar.gz (delayed), php5_5.3.2-1ubuntu4.

[Ubuntu Installer]

php5 (5.3.2-1ubuntu4.7) lucid-security; urgency=low

  * debian/patches/php5-CVE-2010-3436-regression.patch: update
main/fopen_wrappers.c to include fix for open_basedir restriction
regression (LP: #701896)

Date: Wed, 12 Jan 2011 07:28:55 -0800
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.7
Format: 1.8
Date: Wed, 12 Jan 2011 07:28:55 -0800
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi 
php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp 
php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode 
php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.3.2-1ubuntu4.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 
module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language 
(apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5   - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-enchant - Enchant module for php5
 php5-gd- GD module for php5
 php5-gmp   - GMP module for php5
 php5-intl  - internationalisation module for php5
 php5-ldap  - LDAP module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Launchpad-Bugs-Fixed: 701896
Changes: 
 php5 (5.3.2-1ubuntu4.7) lucid-security; urgency=low
 .
   * debian/patches/php5-CVE-2010-3436-regression.patch: update
 main/fopen_wrappers.c to include fix for open_basedir restriction
 regression (LP: #701896)
Checksums-Sha1: 
 70cbe65ce6fe713c2033221ba97b5f9f4a0c2b24 3171 php5_5.3.2-1ubuntu4.7.dsc
 b82b50adb820a8230d5d1815dcc6e6fb1349854b 193943 php5_5.3.2-1ubuntu4.7.diff.gz
Checksums-Sha256: 
 5be14704f5b51a8b03ce596853b2d1774ea11e3983f7591397a93a6aa5feb9d8 3171 
php5_5.3.2-1ubuntu4.7.dsc
 4fff808b940d8b59eb7a51a3fdd3a3e16fbf6cb3dfed2cbed7172454a740f594 193943 
php5_5.3.2-1ubuntu4.7.diff.gz
Files: 
 ccdb830b6fa19bb29575cefe42584fdb 3171 php optional php5_5.3.2-1ubuntu4.7.dsc
 4d9d9360b9d23fa3e8b5ee8de6710c80 193943 php optional 
php5_5.3.2-1ubuntu4.7.diff.gz
Original-Maintainer: Debian PHP Maintainers 
pkg-php-ma...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] eglibc_2.11.1-0ubuntu7.7_sparc_translations.tar.gz (delayed), eglibc_2.11.1-0ubuntu7.7_amd64_translations.tar.gz, eglibc_2.11.1-0ubuntu7.7_ia64_translations.tar.gz, eglibc, egl

[Ubuntu Installer]

eglibc (2.11.1-0ubuntu7.7) lucid-security; urgency=low

  * SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
- debian/patches/any/dst-expansion-fix.diff: refresh with new
  proposed solution, avoiding iconv issues.
- any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
  which was already had a work-around in 2.11.1-0ubuntu7.5.

Date: Mon, 10 Jan 2011 19:18:57 -0800
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Core developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/eglibc/2.11.1-0ubuntu7.7
Format: 1.8
Date: Mon, 10 Jan 2011 19:18:57 -0800
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev 
libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev 
libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev 
libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 
libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 
libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 
libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 
libc0.1-dev-i386 libc6-sparcv9b libc6-sparcv9v libc6-sparcv9v2 libc6-sparc64b 
libc6-sparc64v libc6-sparc64v2 libc6-i686 libc6-xen libc0.1-i686 
libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source
Version: 2.11.1-0ubuntu7.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1- Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3- Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6  - Embedded GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for 
ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparc64b - GNU C Library: 64bit Shared libraries for UltraSPARC [v9b 
optimiz
 libc6-sparc64v - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v 
optimiz
 libc6-sparc64v2 - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v2 
optimi
 libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
 libc6-sparcv9v - GNU C Library: Shared libraries [v9v optimized]
 libc6-sparcv9v2 - GNU C Library: Shared libraries [v9v2 optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1- Embedded GNU C 

[ubuntu/lucid-security] php5_5.3.2-1ubuntu4.6_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.6_amd64_translations.tar.gz, php5_5.3.2-1ubuntu4.6_i386_translations.tar.gz, php5_5.3.2-1ubuntu4.6_ia64_tra

[Ubuntu Installer]

php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low

  * SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
  php_check_specific_open_basedir()
- CVE-2010-3436
  * SECURITY UPDATE: NULL pointer dereference crash
- debian/patches/php5-CVE-2010-3709.patch: check for NULL when
  getting zip comment
- CVE-2010-3709
  * SECURITY UPDATE: memory consumption denial of service
- debian/patches/php5-CVE-2010-3710.patch: check for email address
  longer than RFC 2821 allows
- CVE-2010-3710
  * SECURITY UPDATE: xml decode bypass
- debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding
- CVE-2010-3870
  * SECURITY UPDATE: integer overflow can cause an application crash
- debian/patches/php5-CVE-2010-4409.patch: fix invalid args in
  NumberFormatter::getSymbol()
- CVE-2010-4409
  * SECURITY UPDATE: infinite loop/denial of service when dealing with
certain textual forms of MAX_FLOAT (LP: #697181)
- debian/patches/php5-CVE-2010-4645.patch: treat local doubles
  as volatile to avoid x87 registers in zend_strtod()
- CVE-2010-4645

Date: Fri, 07 Jan 2011 10:56:23 -0800
Changed-By: Steve Beattie sbeat...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.6
Format: 1.8
Date: Fri, 07 Jan 2011 10:56:23 -0800
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi 
php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp 
php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode 
php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.3.2-1ubuntu4.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Steve Beattie sbeat...@ubuntu.com
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 
module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language 
(apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5   - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-enchant - Enchant module for php5
 php5-gd- GD module for php5
 php5-gmp   - GMP module for php5
 php5-intl  - internationalisation module for php5
 php5-ldap  - LDAP module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Launchpad-Bugs-Fixed: 697181
Changes: 
 php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: open_basedir bypass
 - debian/patches/php5-CVE-2010-3436.patch: more strict checking in
   php_check_specific_open_basedir()
 - CVE-2010-3436
   * SECURITY UPDATE: NULL pointer dereference crash
 - debian/patches/php5-CVE-2010-3709.patch: check for NULL when
   getting zip comment
 - CVE-2010-3709
   * SECURITY UPDATE: memory consumption denial of service
 - debian/patches/php5-CVE-2010-3710.patch: check for email address
   longer than RFC 2821 allows
 - CVE-2010-3710
   * SECURITY UPDATE: xml decode bypass
 - debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding
 - CVE-2010-3870
   * SECURITY UPDATE: integer overflow can cause an application crash
 - debian/patches/php5-CVE-2010-4409.patch: fix invalid args in
   NumberFormatter::getSymbol()
 - CVE-2010-4409
   * SECURITY UPDATE: infinite loop/denial of service when dealing with
 certain textual forms of MAX_FLOAT (LP: #697181)
 - debian/patches/php5-CVE-2010-4645.patch: treat local doubles
   as volatile to avoid x87 registers in zend_strtod()
 - CVE-2010-4645
Checksums-Sha1: 
 e807a1526879d31575de24dbe078ce46e48acbb9 3171 php5_5.3.2-1ubuntu4.6.dsc
 8eaa4c417b68ef14e6e0b3d5fff094565c4e7c5f 193556 php5_5.3.2-1ubuntu4.6.diff.gz
Checksums-Sha256: 
 0a957aa4f0f4707865b81ea82833f5527ee9bc34315662193d757f64349b65ff 3171 
php5_5.3.2-1ubuntu4.6.dsc
 6315397d4aa4bbb750601698971e2062f760246c96b62ab3379e6c6b866500d0 193556 
php5_5.3.2-1ubuntu4.6.diff.gz
Files: 
 4f79fffb63072daafda61e5a3c8666cc 3171 php optional php5_5.3.2-1ubuntu4.6.dsc
 0980b5fba5c89ce04a027fc41ef08071 193556 php optional 

[ubuntu/lucid-security] lcms (delayed), lcms 1.18.dfsg-1ubuntu2.10.04.1 (Accepted)

[Ubuntu Installer]

lcms (1.18.dfsg-1ubuntu2.10.04.1) lucid-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
- Fix DoS via a crafted image that triggers execution of incorrect
  code for transformations of monochrome profiles.
- CVE-2009-0073

Date: Sat, 08 Jan 2011 04:39:19 +0100
Changed-By: Artur Rona ari-tc...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/lcms/1.18.dfsg-1ubuntu2.10.04.1
Format: 1.8
Date: Sat, 08 Jan 2011 04:39:19 +0100
Source: lcms
Binary: liblcms1 liblcms-utils liblcms1-dev python-liblcms
Architecture: source
Version: 1.18.dfsg-1ubuntu2.10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Artur Rona ari-tc...@ubuntu.com
Description: 
 liblcms-utils - Color management library (Additional utilities)
 liblcms1   - Color management library
 liblcms1-dev - Color management library (Development headers)
 python-liblcms - Python bindings for liblcms color management library
Launchpad-Bugs-Fixed: 700198
Changes: 
 lcms (1.18.dfsg-1ubuntu2.10.04.1) lucid-security; urgency=low
 .
   * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
 - Fix DoS via a crafted image that triggers execution of incorrect
   code for transformations of monochrome profiles.
 - CVE-2009-0073
Checksums-Sha1: 
 f9a570e573a81a217863b910a61aea7c6c393be2 2048 
lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc
 3b63c2fa394e6c53535e6773dd2310cf8156ebc3 9897 
lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz
Checksums-Sha256: 
 a05dc52c406d1b9a6eb20f8a4b349f3fa6d075009ee0c3cc35e7eabc10630977 2048 
lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc
 eebadfb6e8d3f6034c76d1bebb8a67dbd61729e2b5f21bf9e7bc8c8e9b5930b2 9897 
lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz
Files: 
 6316f6fdaca98550248d454f218c8aa8 2048 libs optional 
lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc
 50c87fff6501f9194d8417254fbeaa00 9897 libs optional 
lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz
Original-Maintainer: Oleksandr Moskalenko ma...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] libapache2-mod-fcgid (delayed), libapache2-mod-fcgid 1:2.3.4-2ubuntu0.2 (Accepted)

[Ubuntu Installer]

libapache2-mod-fcgid (1:2.3.4-2ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
- modules/fcgid/fcgid_bucket.c: patch from upstream
- CVE-2010-3872

Date: Thu, 06 Jan 2011 13:04:02 +0100
Changed-By: Felix Geyer debfx-...@fobos.de
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/libapache2-mod-fcgid/1:2.3.4-2ubuntu0.2
Format: 1.8
Date: Thu, 06 Jan 2011 13:04:02 +0100
Source: libapache2-mod-fcgid
Binary: libapache2-mod-fcgid libapache2-mod-fcgid-dbg
Architecture: source
Version: 1:2.3.4-2ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Felix Geyer debfx-...@fobos.de
Description: 
 libapache2-mod-fcgid - an alternative module compat with mod_fastcgi
 libapache2-mod-fcgid-dbg - debugging symbols for mod_fcgid
Launchpad-Bugs-Fixed: 698060
Changes: 
 libapache2-mod-fcgid (1:2.3.4-2ubuntu0.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
 - modules/fcgid/fcgid_bucket.c: patch from upstream
 - CVE-2010-3872
Checksums-Sha1: 
 67cdd8aadda3f85c3f5d785ff3d0ad1aa4944ce0 1999 
libapache2-mod-fcgid_2.3.4-2ubuntu0.2.dsc
 27646af0f989bf319e413cc889edcafbbb7518b6 5929 
libapache2-mod-fcgid_2.3.4-2ubuntu0.2.diff.gz
Checksums-Sha256: 
 7c394b3df414107c782cb25e0698193e5db77d3d921fe8d97c02d1874c4b5a19 1999 
libapache2-mod-fcgid_2.3.4-2ubuntu0.2.dsc
 db29c52858c3d6cedcdba3079846e178f5c1015694fca8dbefc5313fad9fb967 5929 
libapache2-mod-fcgid_2.3.4-2ubuntu0.2.diff.gz
Files: 
 ab3bd3db97e29d40a3ed20538a69e808 1999 httpd optional 
libapache2-mod-fcgid_2.3.4-2ubuntu0.2.dsc
 ec5a5b65f1c00abef5ea4612c6d8cd71 5929 httpd optional 
libapache2-mod-fcgid_2.3.4-2ubuntu0.2.diff.gz
Original-Maintainer: Tatsuki Sugiura s...@nemui.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] dpkg_1.15.5.6ubuntu4.5_powerpc_translations.tar.gz, dpkg_1.15.5.6ubuntu4.5_sparc_translations.tar.gz (delayed), dpkg_1.15.5.6ubuntu4.5_i386_translations.tar.gz, dpkg_1.15.5.6ub

[Ubuntu Installer]

dpkg (1.15.5.6ubuntu4.5) lucid-security; urgency=low

  * SECURITY UPDATE: relative directory and symlink following in source pkgs.
- scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm,
  scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog,
  thanks to Raphael Geissert.
- CVE-2010-1679

Date: Thu, 06 Jan 2011 11:08:21 -0800
Changed-By: Kees Cook k...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/dpkg/1.15.5.6ubuntu4.5
Format: 1.8
Date: Thu, 06 Jan 2011 11:08:21 -0800
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source
Version: 1.15.5.6ubuntu4.5
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Kees Cook k...@ubuntu.com
Description: 
 dpkg   - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect- Debian package management front-end
Changes: 
 dpkg (1.15.5.6ubuntu4.5) lucid-security; urgency=low
 .
   * SECURITY UPDATE: relative directory and symlink following in source pkgs.
 - scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm,
   scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog,
   thanks to Raphael Geissert.
 - CVE-2010-1679
Checksums-Sha1: 
 c3bc1b728777dc4e4e8e7f00639fe4e41ed4cdcb 1351 dpkg_1.15.5.6ubuntu4.5.dsc
 6b57c49d9a5f09630a811a619d7b0011f738f08b 4682350 dpkg_1.15.5.6ubuntu4.5.tar.bz2
Checksums-Sha256: 
 b55585c2679790955d568668b3301ed1d0182aaa9f86ee784892a678110c93f7 1351 
dpkg_1.15.5.6ubuntu4.5.dsc
 b07b1778274a884c42359e973a7b84f42a2cbee46997a4a417f2e82003e40d32 4682350 
dpkg_1.15.5.6ubuntu4.5.tar.bz2
Files: 
 e9c42a50bdb677925283efd746d26827 1351 admin required dpkg_1.15.5.6ubuntu4.5.dsc
 0404022baa0d35a11724f6268f806f35 4682350 admin required 
dpkg_1.15.5.6ubuntu4.5.tar.bz2
Original-Maintainer: Dpkg Developers debian-d...@lists.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] ifupdown_0.6.8ubuntu29.2_i386_translations.tar.gz, ifupdown_0.6.8ubuntu29.2_amd64_translations.tar.gz, ifupdown, ifupdown_0.6.8ubuntu29.2_powerpc_translations.tar.gz, ifupdown_

[Ubuntu Installer]

ifupdown (0.6.8ubuntu29.2) lucid-security; urgency=low

  * debian/ifupdown.network-interface{,-security}.upstart: handle race
condition when loading AppArmor profiles for interfaces (LP: #689892).
Patch by Kees Cook.

Date: Tue, 04 Jan 2011 12:48:52 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/ifupdown/0.6.8ubuntu29.2
Format: 1.8
Date: Tue, 04 Jan 2011 12:48:52 -0600
Source: ifupdown
Binary: ifupdown
Architecture: source
Version: 0.6.8ubuntu29.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 ifupdown   - high level tools to configure network interfaces
Launchpad-Bugs-Fixed: 689892
Changes: 
 ifupdown (0.6.8ubuntu29.2) lucid-security; urgency=low
 .
   * debian/ifupdown.network-interface{,-security}.upstart: handle race
 condition when loading AppArmor profiles for interfaces (LP: #689892).
 Patch by Kees Cook.
Checksums-Sha1: 
 ef54ff862a29f15756509e5ead6253eb321e9a66 1531 ifupdown_0.6.8ubuntu29.2.dsc
 1c8c750c7fd96099e951e4c15b8febb3ae05ae49 132164 ifupdown_0.6.8ubuntu29.2.tar.gz
Checksums-Sha256: 
 c22bd03bff6f02b4b4ccc1632b6662d2458d663c6fef4c0dbc5f3e4b8b14cedb 1531 
ifupdown_0.6.8ubuntu29.2.dsc
 99ab0885635fe23c27637dc8a868ce702bd956307169e0510fb341eb1b80c4a5 132164 
ifupdown_0.6.8ubuntu29.2.tar.gz
Files: 
 4d254ce468044487883f656b52644456 1531 admin important 
ifupdown_0.6.8ubuntu29.2.dsc
 8a6f969a7d860ca7712ae8e0763817aa 132164 admin important 
ifupdown_0.6.8ubuntu29.2.tar.gz
Original-Maintainer: Anthony Towns a...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] vlc_1.0.6-1ubuntu1.3_i386_translations.tar.gz, vlc, vlc_1.0.6-1ubuntu1.3_armel_translations.tar.gz, vlc_1.0.6-1ubuntu1.3_amd64_translations.tar.gz, vlc_1.0.6-1ubuntu1.3_ia64_tr

[Ubuntu Installer]

vlc (1.0.6-1ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173)
- modules/demux/real.c: Fix heap buffer overflow, thanks to Rémi
  Denis-Courmont
- CVE-2010-3907
- VideoLAN-SA-1007

Date: Thu, 30 Dec 2010 01:14:56 +0100
Changed-By: Benjamin Drung bdr...@ubuntu.com
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/vlc/1.0.6-1ubuntu1.3
Format: 1.8
Date: Thu, 30 Dec 2010 01:14:56 +0100
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore2 libvlc2 libvlccore-dev libvlc-dev 
vlc-plugin-sdl vlc-plugin-ggi mozilla-plugin-vlc vlc-plugin-svgalib 
vlc-plugin-jack vlc-plugin-pulse vlc-plugin-svg vlc-data
Architecture: source
Version: 1.0.6-1ubuntu1.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Benjamin Drung bdr...@ubuntu.com
Description: 
 libvlc-dev - development files for libvlc
 libvlc2- multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore2 - base library for VLC and its modules
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc- multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg- debugging symbols for vlc
 vlc-nox- multimedia player and streamer (without X support)
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Launchpad-Bugs-Fixed: 690173
Changes: 
 vlc (1.0.6-1ubuntu1.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173)
 - modules/demux/real.c: Fix heap buffer overflow, thanks to Rémi
   Denis-Courmont
 - CVE-2010-3907
 - VideoLAN-SA-1007
Checksums-Sha1: 
 6d25681d03c713537fcc89c8424cefc74a825f7b 4008 vlc_1.0.6-1ubuntu1.3.dsc
 452733a46e1b6f243f4e717df9df330d77072998 73461 vlc_1.0.6-1ubuntu1.3.diff.gz
Checksums-Sha256: 
 ff01900f5c042f5538d117767b4f8059e803c7daa6ceadfd80a4fcb930ad039d 4008 
vlc_1.0.6-1ubuntu1.3.dsc
 18120e26575a626aaf946c0800db29a12c06b6610f9920a588ecaf432a1f75f5 73461 
vlc_1.0.6-1ubuntu1.3.diff.gz
Files: 
 4dd7c04c961bfa55ebd4afa040d30dbf 4008 video optional vlc_1.0.6-1ubuntu1.3.dsc
 6415e5a0b71d3898d921dccf5c87c669 73461 video optional 
vlc_1.0.6-1ubuntu1.3.diff.gz
Original-Maintainer: Debian multimedia packages maintainers 
pkg-multimedia-maintain...@lists.alioth.debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] apparmor_2.5.1-0ubuntu0.10.04.2_i386_translations.tar.gz, apparmor_2.5.1-0ubuntu0.10.04.2_powerpc_translations.tar.gz, apparmor, apparmor_2.5.1-0ubuntu0.10.04.2_armel_translat

[Ubuntu Installer]

apparmor (2.5.1-0ubuntu0.10.04.2) lucid-security; urgency=low

  * Fix for apparmor_parser not generating correct policy when mixing exec
transitions with and without unconfined fallback transitions.
- debian/patches/0013-lp693082.patch: adjust dfa match flag table size
  and fix index calculation for pux and cux.
- LP: #693082

Date: Wed, 05 Jan 2011 12:15:29 -0600
Changed-By: Jamie Strandboge ja...@ubuntu.com
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/apparmor/2.5.1-0ubuntu0.10.04.2
Format: 1.8
Date: Wed, 05 Jan 2011 12:15:29 -0600
Source: apparmor
Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev 
libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor 
apparmor-notify
Architecture: source
Version: 2.5.1-0ubuntu0.10.04.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com
Changed-By: Jamie Strandboge ja...@ubuntu.com
Description: 
 apparmor   - User-space parser utility for AppArmor
 apparmor-docs - Documentation for AppArmor
 apparmor-notify - AppArmor notification system
 apparmor-profiles - Profiles for AppArmor Security policies
 apparmor-utils - Utilities for controlling AppArmor
 libapache2-mod-apparmor - changehat AppArmor library as an Apache module
 libapparmor-dev - AppArmor development libraries and header files
 libapparmor-perl - AppArmor library Perl bindings
 libapparmor1 - changehat AppArmor library
 libpam-apparmor - changehat AppArmor library as a PAM module
Launchpad-Bugs-Fixed: 693082
Changes: 
 apparmor (2.5.1-0ubuntu0.10.04.2) lucid-security; urgency=low
 .
   * Fix for apparmor_parser not generating correct policy when mixing exec
 transitions with and without unconfined fallback transitions.
 - debian/patches/0013-lp693082.patch: adjust dfa match flag table size
   and fix index calculation for pux and cux.
 - LP: #693082
Checksums-Sha1: 
 b0650e0857565c07dd4ec55977dcda9370395f5c 2151 
apparmor_2.5.1-0ubuntu0.10.04.2.dsc
 7ef541d3f30a6ebfb4c23e219f73401f154cb08e 35139 
apparmor_2.5.1-0ubuntu0.10.04.2.diff.gz
Checksums-Sha256: 
 ad059352469695a225707f43986c485175b065ae6db3531e0a2d3c816c076cb9 2151 
apparmor_2.5.1-0ubuntu0.10.04.2.dsc
 5fe81f0185c1e5434cf604cb64b923a640d590499020394801b608abd875e56d 35139 
apparmor_2.5.1-0ubuntu0.10.04.2.diff.gz
Files: 
 552cbde8f7a6d69cd11d5b7acc9935ea 2151 admin extra 
apparmor_2.5.1-0ubuntu0.10.04.2.dsc
 a9ac1717cff08a2e77c404279893 35139 admin extra 
apparmor_2.5.1-0ubuntu0.10.04.2.diff.gz
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] evince_2.30.3-0ubuntu1.2_powerpc_translations.tar.gz, evince_2.30.3-0ubuntu1.2_ia64_translations.tar.gz, evince_2.30.3-0ubuntu1.2_static_translations.tar.gz (delayed), evince,

[Ubuntu Installer]

evince (2.30.3-0ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via multiple dvi backend
overflows
- debian/patches/02_CVE-2010-264x.patch: add bounds checking in
  backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c.
- CVE-2010-2640
- CVE-2010-2641
- CVE-2010-2642
- CVE-2010-2643

Date: Mon, 03 Jan 2011 13:13:51 -0500
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Maintainer: Ubuntu Desktop Team ubuntu-desk...@lists.ubuntu.com
https://launchpad.net/ubuntu/lucid/+source/evince/2.30.3-0ubuntu1.2
Format: 1.8
Date: Mon, 03 Jan 2011 13:13:51 -0500
Source: evince
Binary: evince evince-dbg libevview-dev libevview2 libevdocument-dev 
libevdocument2
Architecture: source
Version: 2.30.3-0ubuntu1.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Desktop Team ubuntu-desk...@lists.ubuntu.com
Changed-By: Marc Deslauriers marc.deslauri...@ubuntu.com
Description: 
 evince - Document (postscript, pdf) viewer
 evince-dbg - Document (postscript, pdf) viewer - debugging symbols
 libevdocument-dev - GNOME document viewer backend library - development headers
 libevdocument2 - GNOME document viewer backend library
 libevview-dev - GNOME document viewer view library - development headers
 libevview2 - GNOME document viewer view library
Changes: 
 evince (2.30.3-0ubuntu1.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via multiple dvi backend
 overflows
 - debian/patches/02_CVE-2010-264x.patch: add bounds checking in
   backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c.
 - CVE-2010-2640
 - CVE-2010-2641
 - CVE-2010-2642
 - CVE-2010-2643
Checksums-Sha1: 
 c3b8fb0b3801e9009d187b63e49a4409bb72b346 2573 evince_2.30.3-0ubuntu1.2.dsc
 38532cbe73e2c0c5df4b5172874ee4a7a6bc998f 36123 evince_2.30.3-0ubuntu1.2.diff.gz
Checksums-Sha256: 
 684ebf82b310e83a043f6e77291c3778b87abdd4f5ed8e2cf24728840504c3de 2573 
evince_2.30.3-0ubuntu1.2.dsc
 b9addf763653fe4e6727c9169236ae497b6207a7584b5d98d60287a7d822d273 36123 
evince_2.30.3-0ubuntu1.2.diff.gz
Files: 
 1355ee5f76f96a5a6656d1e5718218d3 2573 gnome optional 
evince_2.30.3-0ubuntu1.2.dsc
 eae9ac8c4495ec8bd31794a3c0841b4e 36123 gnome optional 
evince_2.30.3-0ubuntu1.2.diff.gz
Original-Maintainer: Marc 'HE' Brockschmidt h...@debian.org
-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes