[Bug 1137946] Re: ChangeLog Stops full update on 12:10 Ubuntu

Thu May 9 23:21:15 UTC 2013

** Also affects: apt-listchanges (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1137946

Title:
  ChangeLog Stops full update on 12:10 Ubuntu

Status in “apt” package in Ubuntu:
  New
Status in “apt-listchanges” package in Ubuntu:
  New

Bug description:
  When installing updates / upgrades via software update system
  changelog comes up and stops any other actions occuring - need to
  Ctrl-C to exit window - program finishes on END.

  This occurs with synaptic and from apt-get

  installArchives() failed: Reading changelogs... 3%%
  Reading changelogs... 6%%
  Reading changelogs... 9%%
  Reading changelogs... 12%%
  Reading changelogs... 15%%
  Reading changelogs... 18%%
  Reading changelogs... 21%%
  Reading changelogs... 25%%
  Reading changelogs... 28%%
  Reading changelogs... 31%%
  Reading changelogs... 34%%
  Reading changelogs... 37%%
  Reading changelogs... 40%%
  Reading changelogs... 43%%
  Reading changelogs... 46%%
  Reading changelogs... 50%%
  Reading changelogs... 53%%
  Reading changelogs... 56%%
  Reading changelogs... 59%%
  E: changelog for this version is not (yet) available; try https://launchpad.net/ubuntu/+source/adobe-flashplugin/+changelog
  Reading changelogs... 62%%
  E: changelog for this version is not (yet) available; try https://launchpad.net/ubuntu/+source/adobe-flashplugin/+changelog
  Reading changelogs... 65%%
  Reading changelogs... 68%%
  Reading changelogs... 71%%
  Reading changelogs... 75%%
  Reading changelogs... 78%%
  Reading changelogs... 81%%
  Reading changelogs... 84%%
  Reading changelogs... 87%%
  Reading changelogs... 90%%
  Reading changelogs... 93%%
  Reading changelogs... 96%%
  Reading changelogs... 100%%

  Reading changelogs... Done

  Get:1 Changelog for libdbus-glib-1-2 (http://changelogs.ubuntu.com/changelogs/po ol/main/d/dbus-glib/dbus-glib_0.100-1ubuntu0.1/changelog) [44.0 kB]
  dbus-glib (0.100-1ubuntu0.1) quantal-security; urgency=low

    * SECURITY UPDATE: possible privilege escalation via source spoofing
      - debian/patches/CVE-2013-0292.patch: verify sender of NameOwnerChanged
        signals in dbus/dbus-gproxy.c.
      - CVE-2013-0292

   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 22 Feb 2013
  15:33:44 -0 500

  Get:1 Changelog for libgnutls26 (http://changelogs.ubuntu.com/changelogs/pool/ma in/g/gnutls26/gnutls26_2.12.14-5ubuntu4.2/changelog) [55.3 kB]
  gnutls26 (2.12.14-5ubuntu4.2) quantal-security; urgency=low

    * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
      - debian/patches/CVE-2013-1619.patch: avoid timing attacks in
        lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
      - CVE-2013-1619

   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Mon, 25 Feb 2013 11:31:46 -0 500
  /tmp/tmpa577Ac
  :
  Get:1 Changelog for linux-image-3.5.0-25-generic (http://changelogs.ubuntu.com/c :
  hangelogs/pool/main/l/linux/linux_3.5.0-25.39/changelog) [377 kB]
  :
  linux (3.5.0-25.39) quantal-proposed; urgency=low
  :
  :
    [Brad Figg]
  :
  :
    * Release Tracking Bug
  :
      - LP: #1132885
  :
  :
    [ Upstream Kernel Changes ]
  :
  :
    * sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
  :
  :
   -- Brad Figg <brad.figg at canonical.com>  Mon, 25 Feb 2013 09:04:12 -0800
  :
  :
  Get:1 Changelog for openjdk-7-jre-headless (http://changelogs.ubuntu.com/changel :
  ogs/pool/main/o/openjdk-7/openjdk-7_7u15-2.3.7-0ubuntu1~12.10/changelog) [117 kB :
  ]
  :
  openjdk-7 (7u15-2.3.7-0ubuntu1~12.10) quantal-security; urgency=low
  :
  :
    * Build for quantal.
  :
  :
   -- Matthias Klose <doko at ubuntu.com>  Thu, 21 Feb 2013 00:14:41 +0100
  :
  :
  openjdk-7 (7u15-2.3.7-1) experimental; urgency=low
  :
  :
    * IcedTea7 2.3.7 release.
  :
    * Security fixes:
  :
      - S8004937, CVE-2013-1484: Improve proxy construction.
  :
      - S8006439, CVE-2013-1485: Improve MethodHandles coverage.
  :
      - S8006446, CVE-2013-1486: Restrict MBeanServer access.
  :
      - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages.
  :
      - S8007688: Blacklist known bad certificate.
  :
    * Backports:
  :
      - S8007393: Possible race condition after JDK-6664509.
  :
      - S8007611: logging behavior in applet changed.
  :
    * For zero builds, use the same hotspot version as in 2.1.6.
  :
    * Reenable bootstrap builds, except for alpha.
  :
    * Explicitly disable building on mips/mipsel.  Not supported by the
  :
      Debian OpenJDK maintainers, the Debian mips porters, or the Debian
  :
      Java team.
  :
  :
   -- Matthias Klose <doko at ubuntu.com>  Wed, 20 Feb 2013 23:33:58 +0100
  :
  :
  openjdk-7 (7u13-2.3.6-1) experimental; urgency=low
  :
  :
    * IcedTea7 2.3.6 release.
  :
      - Disable bootstrap builds, currently broken in IcedTea.
  :
    * Security fixes:
  :
      - S6563318, CVE-2013-0424: RMI data sanitization.
  :
      - S6664509, CVE-2013-0425: Add logging context.
  :
      - S6664528, CVE-2013-0426: Find log level matching its name or value given
  :
        at construction time.
  :
      - S6776941: CVE-2013-0427: Improve thread pool shutdown.
  :
      - S7141694, CVE-2013-0429: Improving CORBA internals.
  :
      - S7173145: Improve in-memory representation of splashscreens.
  :
      - S7186945: Unpack200 improvement.
  :
      - S7186946: Refine unpacker resource usage.
  :
      - S7186948: Improve Swing data validation.
  :
      - S7186952, CVE-2013-0432: Improve clipboard access.
  :
      - S7186954: Improve connection performance.
  :
      - S7186957: Improve Pack200 data validation.
  :
      - S7192392, CVE-2013-0443: Better validation of client keys.
  :
      - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages.
  :
      - S7192977, CVE-2013-0442: Issue in toolkit thread.
  :
      - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies :
  .
  :
      - S7200491: Tighten up JTable layout code.
  :
      - S7200500: Launcher better input validation.
  :
      - S7201064: Better dialogue checking.
  :
      - S7201066, CVE-2013-0441: Change modifiers on unused fields.
  :
      - S7201068, CVE-2013-0435: Better handling of UI elements.
  :
      - S7201070: Serialization to conform to protocol.
  :
      - S7201071, CVE-2013-0433: InetSocketAddress serialization issue.
  :
      - S8000210: Improve JarFile code quality.
  :
      - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class.
  :
      - S8000540, CVE-2013-1475: Improve IIOP type reuse management.
  :
      - S8000631, CVE-2013-1476: Restrict access to class constructor.
  :
      - S8001235, CVE-2013-0434: Improve JAXP HTTP handling.
  :
      - S8001242: Improve RMI HTTP conformance.
  :
      - S8001307: Modify ACC_SUPER behavior.
  :
      - S8001972, CVE-2013-1478: Improve image processing.
  :
      - S8002325, CVE-2013-1480: Improve management of images.
  :
    * Fix font suggestion for indic fonts in wheezy.
  :
    * Fix fontconfig definitions for japanese and korean fonts, fixing
  :
      compilation of the fontconfig file.
  :
    * Add Built-Using: rhino attribute for the -lib package.
  :
    * Don't use concurrent features to rewrite the rhino jar file.
  :
    * Enable class data sharing for the hotspot server VM.
  :
  :
   -- Matthias Klose <doko at ubuntu.com>  Tue, 12 Feb 2013 20:59:48 +0100
  :
  :
  Get:1 Changelog for libssl-doc (http://changelogs.ubuntu.com/changelogs/pool/mai :
  n/o/openssl/openssl_1.0.1c-3ubuntu2.2/changelog) [102 kB]
  :
  openssl (1.0.1c-3ubuntu2.2) quantal-security; urgency=low
  :
  :
    * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
  :
      LP: #1133333)
  :
      - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
  :
        available from upstream.
  :
  :
   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Thu, 28 Feb 2013 10:56:42 -0 :
  500
  :
  :
  openssl (1.0.1c-3ubuntu2.1) quantal-security; urgency=low
  :
  :
    * SECURITY UPDATE: denial of service via invalid OCSP key
  :
      - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
  :
        crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  :
      - CVE-2013-0166
  :
    * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  :
      - debian/patches/CVE-2013-0169.patch: massive code changes
  :
      - CVE-2013-0169
  :
    * SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
  :
      - Fix included in CVE-2013-0169 patch
  :
      - CVE-2012-2686
  :
  :
   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Mon, 18 Feb 2013 13:13:42 -0 :
  500
  :
  :
  Get:1 Changelog for libruby1.9.1 (http://changelogs.ubuntu.com/changelogs/pool/m :
  ain/r/ruby1.9.1/ruby1.9.1_1.9.3.194-1ubuntu1.3/changelog) [44.6 kB]
  :
  ruby1.9.1 (1.9.3.194-1ubuntu1.3) quantal-security; urgency=low
  :
  :
    * SECURITY UPDATE: denial of service via hash collisions
  :
      - debian/patches/20121120-cve-2012-5371.diff: replace hash
  :
        implementation in common.mk, random.c, siphash.*, string.c.
  :
      - CVE-2012-5371
  :
    * SECURITY UPDATE: xss in documents generated by rdoc
  :
      - debian/patches/CVE-2013-0256.patch: fix xss in
  :
        lib/rdoc/generator/template/darkfish/js/darkfish.js.
  :
      - CVE-2013-0256
  :
    * SECURITY UPDATE: DoS and unsafe object creation via JSON
  :
      - debian/patches/CVE-2013-0269.patch: fix JSON parsing in
  :
        ext/json/lib/json/add/core.rb, ext/json/lib/json/common.rb,
  :
        ext/json/parser/parser.c, ext/json/parser/parser.rl,
  :
        test/json/test_json.rb, test/json/test_json_addition.rb,
  :
        test/json/test_json_string_matching.rb.
  :
      - CVE-2013-0269
  :
    * Patches taken from Debian 1.9.3.194-7 package.
  :
  :
   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 15 Feb 2013 09:30:35 -0 :
  500
  :
  :
  Get:1 Changelog for sudo (http://changelogs.ubuntu.com/changelogs/pool/main/s/su :
  do/sudo_1.8.5p2-1ubuntu1.1/changelog) [52.1 kB]
  :
  sudo (1.8.5p2-1ubuntu1.1) quantal-security; urgency=low
  :
  :
    * SECURITY UPDATE: authentication bypass via clock set to epoch
  :
      - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
  :
        set to epoch in plugins/sudoers/check.c.
  :
      - CVE-2013-1775
  :
  :
   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 27 Feb 2013 13:31:24 -0 :
  500
  :
  :
  Get:1 Changelog for thunderbird (http://changelogs.ubuntu.com/changelogs/pool/ma :
  in/t/thunderbird/thunderbird_17.0.3+build1-0ubuntu0.12.10.1/changelog) [283 kB]
  :
  thunderbird (17.0.3+build1-0ubuntu0.12.10.1) quantal-security; urgency=low
  :
  :
    * New upstream stable release (THUNDERBIRD_17_0_3_BUILD1)
  :
      - see LP: #1131110 for USN information
  :
  :
   -- Chris Coulson <chris.coulson at canonical.com>  Thu, 21 Feb 2013 09:26:58 +0000
  :
  :
  Get:1 Changelog for transmission-common (http://changelogs.ubuntu.com/changelogs :
  /pool/main/t/transmission/transmission_2.61-0ubuntu2.2/changelog) [28.7 kB]
  :
  transmission (2.61-0ubuntu2.2) quantal-security; urgency=low
  :
  :
    * SECURITY UPDATE: denial of service and possible code execution in libutp
  :
      - debian/patches/CVE-2012-6129.patch: properly calculate lengths in
  :
        third-party/libutp/utp.cpp.
  :
      - CVE-2012-6129
  :
  :
   -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 22 Feb 2013 08:27:17 -0 :
  500
  :

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1137946/+subscriptions