[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.22 (Accepted)

php5 (5.5.9+dfsg-1ubuntu4.22) trusty-security; urgency=medium * SECURITY UPDATE: Zend OpCache shared memory issue - debian/patches/CVE-2015-8994-1.patch: check cached files permissions in ext/opcache/ZendAccelerator.*, ext/opcache/zend_accelerator_hash.c,

[ubuntu/trusty-updates] update-manager 1:0.196.24 (Accepted)

update-manager (1:0.196.24) trusty-proposed; urgency=medium * Recommend libgtk2-perl be installed so we have a working debconf frontend. (LP: #1607929) Date: 2017-07-25 00:45:09.988306+00:00 Changed-By: Brian Murray

[ubuntu/trusty-security] subversion 1.8.8-1ubuntu3.3 (Accepted)

subversion (1.8.8-1ubuntu3.3) trusty-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution on clients through malicious svn+ssh URLs - debian/patches/CVE-2017-9800-1.8.18.patch: ensure that host arguments to ssh cannot be treated as ssh options. - CVE-2017-9800

[ubuntu/trusty-proposed] logrotate 3.8.7-1ubuntu1.2 (Accepted)

logrotate (3.8.7-1ubuntu1.2) trusty; urgency=medium * logrotate does not ever recover from a corrupted statefile (LP: #1709670) - d/p/do-not-treat-failure-of-readState-as-fatal.patch (Backported from commit b9d82003002c98370e4131a7e43c76afcd23306a) Date: Wed, 09 Aug 2017 15:55:36 -0400

[ubuntu/trusty-updates] libapache2-mod-auth-pgsql 2.0.3-6ubuntu0.1 (Accepted)

libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) trusty; urgency=medium * d/p/fixdoublefree.patch: set freed pointers to NULL before subsequent checks against NULL. (LP: #1272857) * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3) (LP: #1698758) Date: 2017-07-27

[ubuntu/trusty-updates] linux-signed-lts-xenial 4.4.0-91.114~14.04.1 (Accepted)

linux-signed-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=medium * Master Version 4.4.0-91.114~14.04.1 Date: 2017-08-09 11:34:23.426018+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft

[ubuntu/trusty-security] linux-signed-lts-xenial 4.4.0-91.114~14.04.1 (Accepted)

linux-signed-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=medium * Master Version 4.4.0-91.114~14.04.1 Date: 2017-08-09 11:34:23.426018+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft

[ubuntu/trusty-updates] linux-lts-xenial 4.4.0-91.114~14.04.1 (Accepted)

linux-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - udp: avoid ufo handling on

[ubuntu/trusty-security] linux 3.13.0-128.177 (Accepted)

linux (3.13.0-128.177) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - ipv6: Should use consistent conditional

[ubuntu/trusty-updates] linux-meta 3.13.0.128.137 (Accepted)

linux-meta (3.13.0.128.137) trusty; urgency=medium * Bump ABI 3.13.0-128 Date: 2017-08-09 11:34:13.710880+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta/3.13.0.128.137 Sorry, changesfile

[ubuntu/trusty-security] linux-lts-xenial 4.4.0-91.114~14.04.1 (Accepted)

linux-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - udp: avoid ufo handling on

[ubuntu/trusty-security] linux-meta-lts-xenial 4.4.0.91.75 (Accepted)

linux-meta-lts-xenial (4.4.0.91.75) trusty; urgency=medium * Bump ABI 4.4.0-91 Date: 2017-08-09 11:34:19.081549+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-lts-xenial/4.4.0.91.75

[ubuntu/trusty-updates] linux-signed 3.13.0-128.177 (Accepted)

linux-signed (3.13.0-128.177) trusty; urgency=medium * Version 3.13.0-128.177 Date: 2017-08-09 11:34:21.325598+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed/3.13.0-128.177 Sorry,

[ubuntu/trusty-security] linux-meta 3.13.0.128.137 (Accepted)

linux-meta (3.13.0.128.137) trusty; urgency=medium * Bump ABI 3.13.0-128 Date: 2017-08-09 11:34:13.710880+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta/3.13.0.128.137 Sorry, changesfile

[ubuntu/trusty-updates] linux-meta-lts-xenial 4.4.0.91.75 (Accepted)

linux-meta-lts-xenial (4.4.0.91.75) trusty; urgency=medium * Bump ABI 4.4.0-91 Date: 2017-08-09 11:34:19.081549+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-lts-xenial/4.4.0.91.75

[ubuntu/trusty-security] linux-signed 3.13.0-128.177 (Accepted)

linux-signed (3.13.0-128.177) trusty; urgency=medium * Version 3.13.0-128.177 Date: 2017-08-09 11:34:21.325598+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed/3.13.0-128.177 Sorry,

[ubuntu/trusty-updates] linux 3.13.0-128.177 (Accepted)

linux (3.13.0-128.177) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - ipv6: Should use consistent conditional

[ubuntu/trusty-updates] linux-lts-xenial_4.4.0-91.114~14.04.1_amd64.tar.gz - (Accepted)

linux-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - udp: avoid ufo handling on

[ubuntu/trusty-updates] linux_3.13.0-128.177_amd64.tar.gz - (Accepted)

linux (3.13.0-128.177) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - ipv6: Should use consistent conditional

[ubuntu/trusty-proposed] linux-lts-xenial_4.4.0-91.114~14.04.1_amd64.tar.gz - (Accepted)

linux-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - udp: avoid ufo handling on

[ubuntu/trusty-proposed] linux_3.13.0-128.177_amd64.tar.gz - (Accepted)

linux (3.13.0-128.177) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - ipv6: Should use consistent conditional

[ubuntu/partner/trusty] google-cloud-sdk 163.0.0-0ubuntu1~14.04.0 (Accepted)

google-cloud-sdk (163.0.0-0ubuntu1~14.04.0) trusty; urgency=medium * Backport to trusty. * New upstream release google-cloud-sdk (154.0.0-0ubuntu1) artful; urgency=medium * New upstream release Date: 2017-07-24 14:33:09.917059+00:00 Changed-By: Łukasz Zemczak

[ubuntu/trusty-security] php5 5.5.9+dfsg-1ubuntu4.22 (Accepted)

php5 (5.5.9+dfsg-1ubuntu4.22) trusty-security; urgency=medium * SECURITY UPDATE: Zend OpCache shared memory issue - debian/patches/CVE-2015-8994-1.patch: check cached files permissions in ext/opcache/ZendAccelerator.*, ext/opcache/zend_accelerator_hash.c,

[ubuntu/trusty-proposed] linux-lts-xenial 4.4.0-91.114~14.04.1 (Accepted)

linux-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=low * CVE-2017-1000112 - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output - ipv6: Don't use ufo handling on later transformed packets - udp: avoid ufo handling on

[ubuntu/trusty-proposed] linux-signed 3.13.0-128.177 (Accepted)

linux-signed (3.13.0-128.177) trusty; urgency=medium * Version 3.13.0-128.177 Date: 2017-08-09 11:34:21.325598+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed/3.13.0-128.177 Sorry,

[ubuntu/trusty-proposed] linux-signed-lts-xenial 4.4.0-91.114~14.04.1 (Accepted)

linux-signed-lts-xenial (4.4.0-91.114~14.04.1) trusty; urgency=medium * Master Version 4.4.0-91.114~14.04.1 Date: 2017-08-09 11:34:23.426018+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft

[ubuntu/trusty-proposed] linux-meta-lts-xenial 4.4.0.91.75 (Accepted)

linux-meta-lts-xenial (4.4.0.91.75) trusty; urgency=medium * Bump ABI 4.4.0-91 Date: 2017-08-09 11:34:19.081549+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-lts-xenial/4.4.0.91.75

[ubuntu/trusty-proposed] linux-meta 3.13.0.128.137 (Accepted)

linux-meta (3.13.0.128.137) trusty; urgency=medium * Bump ABI 3.13.0-128 Date: 2017-08-09 11:34:13.710880+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta/3.13.0.128.137 Sorry, changesfile

[ubuntu/trusty-security] libsoup2.4 2.44.2-1ubuntu2.2 (Accepted)

libsoup2.4 (2.44.2-1ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: chunked encoding stack buffer overflow - debian/patches/CVE-2017-2885.patch: better boundary checking in soup-filter-input-stream.c - CVE-2017-2885 Date: 2017-08-09 07:19:13.887596+00:00 Changed-By:

[ubuntu/trusty-updates] libsoup2.4 2.44.2-1ubuntu2.2 (Accepted)

libsoup2.4 (2.44.2-1ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: chunked encoding stack buffer overflow - debian/patches/CVE-2017-2885.patch: better boundary checking in soup-filter-input-stream.c - CVE-2017-2885 Date: 2017-08-09 07:19:13.887596+00:00 Changed-By:

[ubuntu/trusty-security] git 1:1.9.1-1ubuntu0.6 (Accepted)

git (1:1.9.1-1ubuntu0.6) trusty-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution on clients through malicious ssh URLs. - debian/diff/0019-CVE-2017-1000117.patch: filter out hostnames that would interpreted as cli arguments to ssh - CVE-2017-1000117 Date:

[ubuntu/trusty-updates] git 1:1.9.1-1ubuntu0.6 (Accepted)

git (1:1.9.1-1ubuntu0.6) trusty-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution on clients through malicious ssh URLs. - debian/diff/0019-CVE-2017-1000117.patch: filter out hostnames that would interpreted as cli arguments to ssh - CVE-2017-1000117 Date: