From archive at ubuntu.com Wed Jan 5 14:05:08 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 05 Jan 2011 14:05:08 -0000 Subject: [ubuntu/karmic-security] evince_2.28.1-0ubuntu1.3_powerpc_translations.tar.gz, evince_2.28.1-0ubuntu1.3_amd64_translations.tar.gz, evince_2.28.1-0ubuntu1.3_sparc_translations.tar.gz, evince_2.28.1-0ubuntu1.3_ia64_translations.tar.gz, evince_2.28.1-0ubuntu1.3_static_translations.tar.gz, evince, evince_2.28.1-0ubuntu1.3_lpia_translations.tar.gz, evince_2.28.1-0ubuntu1.3_i386_translations.tar.gz, evince_2.28.1-0ubuntu1.3_static_translations.tar.gz (delayed), evince_2.28.1-0ubuntu1.3_armel_translations.tar.gz 2.28.1-0ubuntu1.3 (Accepted) Message-ID: <20110105140508.12758.35576.launchpad@cocoplum.canonical.com> evince (2.28.1-0ubuntu1.3) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via multiple dvi backend overflows - debian/patches/91_CVE-2010-264x.patch: add bounds checking in backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c. - CVE-2010-2640 - CVE-2010-2641 - CVE-2010-2642 - CVE-2010-2643 Date: Mon, 03 Jan 2011 13:19:09 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/karmic/+source/evince/2.28.1-0ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Mon, 03 Jan 2011 13:19:09 -0500 Source: evince Binary: evince evince-dbg libevview-dev libevview1 libevdocument-dev libevdocument1 Architecture: source Version: 2.28.1-0ubuntu1.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Marc Deslauriers Description: evince - Document (postscript, pdf) viewer evince-dbg - Document (postscript, pdf) viewer - debugging symbols libevdocument-dev - GNOME document viewer backend library - development headers libevdocument1 - GNOME document viewer backend library libevview-dev - GNOME document viewer view library - development headers libevview1 - GNOME document viewer view library Changes: evince (2.28.1-0ubuntu1.3) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via multiple dvi backend overflows - debian/patches/91_CVE-2010-264x.patch: add bounds checking in backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c. - CVE-2010-2640 - CVE-2010-2641 - CVE-2010-2642 - CVE-2010-2643 Checksums-Sha1: 822ee7cb5067bc8628660ef7af103a9808bf1589 2541 evince_2.28.1-0ubuntu1.3.dsc bd7c818c197af0ba7cb7bca5a4364dbd34038bdb 33951 evince_2.28.1-0ubuntu1.3.diff.gz Checksums-Sha256: ded48c403601b5877ce077c904a830d43e12d6d4f715ac005be5804fe659b334 2541 evince_2.28.1-0ubuntu1.3.dsc eadcb1b2c13b1112d4c021732cdf677311385a186b4419d932451146d84a7b58 33951 evince_2.28.1-0ubuntu1.3.diff.gz Files: a38c6142b25cdce42b1c970f9957bb97 2541 gnome optional evince_2.28.1-0ubuntu1.3.dsc 30aff6ff144366bd546d12c902e41ee3 33951 gnome optional evince_2.28.1-0ubuntu1.3.diff.gz Original-Maintainer: Marc 'HE' Brockschmidt From archive at ubuntu.com Wed Jan 5 19:05:45 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 05 Jan 2011 19:05:45 -0000 Subject: [ubuntu/karmic-security] git-core_1.6.3.3-2ubuntu0.1_lpia_translations.tar.gz, git-core_1.6.3.3-2ubuntu0.1_powerpc_translations.tar.gz, git-core_1.6.3.3-2ubuntu0.1_armel_translations.tar.gz, git-core_1.6.3.3-2ubuntu0.1_sparc_translations.tar.gz (delayed), git-core_1.6.3.3-2ubuntu0.1_i386_translations.tar.gz, git-core_1.6.3.3-2ubuntu0.1_amd64_translations.tar.gz, git-core 1:1.6.3.3-2ubuntu0.1 (Accepted) Message-ID: <20110105190545.21703.34894.launchpad@cocoplum.canonical.com> git-core (1:1.6.3.3-2ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: gitweb cross-site scripting vulnerability - debian/diff/0034-gitweb-Introduce-esc_attr...diff: from upstream: gitweb: do not parrot filenames or other arguments given in a request without proper quoting - CVE-2010-3906 Date: Fri, 17 Dec 2010 14:43:15 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/git-core/1:1.6.3.3-2ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Fri, 17 Dec 2010 14:43:15 -0800 Source: git-core Binary: git-core git-doc git-arch git-cvs git-svn git-email git-daemon-run git-gui gitk gitweb Architecture: source Version: 1:1.6.3.3-2ubuntu0.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Steve Beattie Description: git-arch - fast, scalable, distributed revision control system (arch interop git-core - fast, scalable, distributed revision control system git-cvs - fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-doc - fast, scalable, distributed revision control system (documentatio git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git-core (1:1.6.3.3-2ubuntu0.1) karmic-security; urgency=low . * SECURITY UPDATE: gitweb cross-site scripting vulnerability - debian/diff/0034-gitweb-Introduce-esc_attr...diff: from upstream: gitweb: do not parrot filenames or other arguments given in a request without proper quoting - CVE-2010-3906 Checksums-Sha1: f4da64dd8fc2f71c70e7ac7e520583fc88d1d413 2064 git-core_1.6.3.3-2ubuntu0.1.dsc 2b97ef60f3bb3e5decdc277f962114363e601fde 296198 git-core_1.6.3.3-2ubuntu0.1.diff.gz Checksums-Sha256: e7de427588dab01e983c303e940d99a618ef8b3a3820bd26e85619ae9249190d 2064 git-core_1.6.3.3-2ubuntu0.1.dsc e8066aa68762e83bf83962a309fc82910c9041c430281cf19fce5d0ce744b52e 296198 git-core_1.6.3.3-2ubuntu0.1.diff.gz Files: 4944dafc4f6cf0505eacb5f840c30e18 2064 vcs optional git-core_1.6.3.3-2ubuntu0.1.dsc da65c817dc15168b3681adc3b66ffe68 296198 vcs optional git-core_1.6.3.3-2ubuntu0.1.diff.gz Original-Maintainer: Gerrit Pape From archive at ubuntu.com Thu Jan 6 21:08:06 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 06 Jan 2011 21:08:06 -0000 Subject: [ubuntu/karmic-security] dpkg_1.15.4ubuntu2.3_amd64_translations.tar.gz, dpkg_1.15.4ubuntu2.3_i386_translations.tar.gz, dpkg_1.15.4ubuntu2.3_ia64_translations.tar.gz, dpkg_1.15.4ubuntu2.3_lpia_translations.tar.gz, dpkg_1.15.4ubuntu2.3_sparc_translations.tar.gz (delayed), dpkg_1.15.4ubuntu2.3_armel_translations.tar.gz, dpkg_1.15.4ubuntu2.3_powerpc_translations.tar.gz, dpkg 1.15.4ubuntu2.3 (Accepted) Message-ID: <20110106210806.16473.65647.launchpad@cocoplum.canonical.com> dpkg (1.15.4ubuntu2.3) karmic-security; urgency=low * SECURITY UPDATE: relative directory and symlink following in source pkgs. - scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm, scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog, thanks to Raphael Geissert. - CVE-2010-1679 Date: Thu, 06 Jan 2011 10:28:01 -0800 Changed-By: Kees Cook Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/dpkg/1.15.4ubuntu2.3 -------------- next part -------------- Format: 1.8 Date: Thu, 06 Jan 2011 10:28:01 -0800 Source: dpkg Binary: dpkg dpkg-dev dselect Architecture: source Version: 1.15.4ubuntu2.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Kees Cook Description: dpkg - Debian package management system dpkg-dev - Debian package development tools dselect - Debian package management front-end Changes: dpkg (1.15.4ubuntu2.3) karmic-security; urgency=low . * SECURITY UPDATE: relative directory and symlink following in source pkgs. - scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm, scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog, thanks to Raphael Geissert. - CVE-2010-1679 Checksums-Sha1: 8e5a4c29da340f5f1bd0ceebd9549f185aa78c45 1369 dpkg_1.15.4ubuntu2.3.dsc 4cc37ad3cb5eae95ce4978db2e89415797f13e1d 7046765 dpkg_1.15.4ubuntu2.3.tar.gz Checksums-Sha256: b2c53211655d20456466fd2df41691d6996a0fdb7786787fe75076461d9f6930 1369 dpkg_1.15.4ubuntu2.3.dsc 795cb757d8fad663e2c88b15336e34088202a8e3094f668dbdf3e3552fde3f39 7046765 dpkg_1.15.4ubuntu2.3.tar.gz Files: df5975398ec1f8fa00617dba2a855090 1369 admin required dpkg_1.15.4ubuntu2.3.dsc 7bd73bcbd5ff74a2083f51b068c3f071 7046765 admin required dpkg_1.15.4ubuntu2.3.tar.gz Original-Maintainer: Dpkg Developers From archive at ubuntu.com Fri Jan 7 00:06:13 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 07 Jan 2011 00:06:13 -0000 Subject: [ubuntu/karmic-security] apparmor_2.3.1+1403-0ubuntu27.4_ia64_translations.tar.gz, apparmor_2.3.1+1403-0ubuntu27.4_armel_translations.tar.gz, apparmor_2.3.1+1403-0ubuntu27.4_powerpc_translations.tar.gz, apparmor_2.3.1+1403-0ubuntu27.4_sparc_translations.tar.gz (delayed), apparmor_2.3.1+1403-0ubuntu27.4_lpia_translations.tar.gz, apparmor, apparmor_2.3.1+1403-0ubuntu27.4_i386_translations.tar.gz, apparmor_2.3.1+1403-0ubuntu27.4_amd64_translations.tar.gz 2.3.1+1403-0ubuntu27.4 (Accepted) Message-ID: <20110107000613.23964.70745.launchpad@cocoplum.canonical.com> apparmor (2.3.1+1403-0ubuntu27.4) karmic-security; urgency=low * Fix for apparmor_parser not generating correct policy when mixing exec transitions with and without unconfined fallback transitions. - parser/immunix.h, parser/libapparmor_re/regexp.y: adjust dfa match flag table size and fix index calculation for pux and cux. - parser/tst/Makefile, parser/tst/gen-xtrans.pl, parser/tst/simple_tests/generated_x/readme: add comprehensive test cases - LP: #693082 * debian/control: Build-Depends on libpam0g-dev Date: Wed, 05 Jan 2011 12:25:20 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/apparmor/2.3.1+1403-0ubuntu27.4 -------------- next part -------------- Format: 1.8 Date: Wed, 05 Jan 2011 12:25:20 -0600 Source: apparmor Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor Architecture: source Version: 2.3.1+1403-0ubuntu27.4 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jamie Strandboge Description: apparmor - User-space parser utility for AppArmor apparmor-docs - Documentation for AppArmor apparmor-profiles - Profiles for AppArmor Security policies apparmor-utils - Utilities for controlling AppArmor libapache2-mod-apparmor - changehat AppArmor library as an Apache module libapparmor-dev - AppArmor development libraries and header files libapparmor-perl - AppArmor library Perl bindings libapparmor1 - changehat AppArmor library libpam-apparmor - changehat AppArmor library as a PAM module Changes: apparmor (2.3.1+1403-0ubuntu27.4) karmic-security; urgency=low . * Fix for apparmor_parser not generating correct policy when mixing exec transitions with and without unconfined fallback transitions. - parser/immunix.h, parser/libapparmor_re/regexp.y: adjust dfa match flag table size and fix index calculation for pux and cux. - parser/tst/Makefile, parser/tst/gen-xtrans.pl, parser/tst/simple_tests/generated_x/readme: add comprehensive test cases - LP: #693082 * debian/control: Build-Depends on libpam0g-dev Checksums-Sha1: f531a6041cfec728721b46e07b79e5db898256da 2192 apparmor_2.3.1+1403-0ubuntu27.4.dsc 2511fad281179214fb9a00e187be04677823e3fc 72721 apparmor_2.3.1+1403-0ubuntu27.4.diff.gz Checksums-Sha256: e78622c4ef9abea25e0008a41cd1e56b17f7eee25ee737ee263c4caa58ba328d 2192 apparmor_2.3.1+1403-0ubuntu27.4.dsc 72b82dc402fc4142853ea33638d6dce151eb5dbcb329c4dc1cf208fdd1a08d19 72721 apparmor_2.3.1+1403-0ubuntu27.4.diff.gz Files: 256fdf26642614a41492fe07aaa4e28e 2192 admin extra apparmor_2.3.1+1403-0ubuntu27.4.dsc 11f7b1149bc17914705883c4e49654e0 72721 admin extra apparmor_2.3.1+1403-0ubuntu27.4.diff.gz Launchpad-Bugs-Fixed: 693082 Original-Maintainer: Magnus Runesson From archive at ubuntu.com Fri Jan 7 01:05:05 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 07 Jan 2011 01:05:05 -0000 Subject: [ubuntu/karmic-security] python-django_1.1.1-1ubuntu1.1_i386_translations.tar.gz (delayed), python-django 1.1.1-1ubuntu1.1 (Accepted) Message-ID: <20110107010505.14469.34377.launchpad@cocoplum.canonical.com> python-django (1.1.1-1ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: information leak in admin interface - debian/patches/21_security_admin_infoleak.diff: validate querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly whitelisted. - CVE-2010-4534 * SECURITY UPDATE: - debian/patches/22_security_pasword_reset_dos.diff: adjust base36_to_int() function in django.utils.http will now validate the length of its input; on input longer than 13 digits (sufficient to base36-encode any 64-bit integer), it will now raise ValueError. Additionally, the default URL patterns for django.contrib.auth will now enforce a maximum length on the relevant parameters. - CVE-2010-4535 * add patch from Lucid to fix FTBFS in November by applying patch from upstream bug #12125 - debian/patches/23_ftbfs_in_november.diff Date: Mon, 03 Jan 2011 11:36:34 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/python-django/1.1.1-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Mon, 03 Jan 2011 11:36:34 -0600 Source: python-django Binary: python-django python-django-doc Architecture: source Version: 1.1.1-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Changes: python-django (1.1.1-1ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: information leak in admin interface - debian/patches/21_security_admin_infoleak.diff: validate querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly whitelisted. - CVE-2010-4534 * SECURITY UPDATE: - debian/patches/22_security_pasword_reset_dos.diff: adjust base36_to_int() function in django.utils.http will now validate the length of its input; on input longer than 13 digits (sufficient to base36-encode any 64-bit integer), it will now raise ValueError. Additionally, the default URL patterns for django.contrib.auth will now enforce a maximum length on the relevant parameters. - CVE-2010-4535 * add patch from Lucid to fix FTBFS in November by applying patch from upstream bug #12125 - debian/patches/23_ftbfs_in_november.diff Checksums-Sha1: b0cabea28fc7d13b772e337c63c84e7529116ff3 2215 python-django_1.1.1-1ubuntu1.1.dsc 07ea7e6486c943da8237801209559009057c2819 20554 python-django_1.1.1-1ubuntu1.1.diff.gz Checksums-Sha256: 5f476d3e1d959fae6593feabfa5b39a8e45d7ab51849fe90ae25cceb2c8e05bc 2215 python-django_1.1.1-1ubuntu1.1.dsc 56aba3a14b329893ed54ee288f6913daf31c69e68045b517a767b02458a79cc5 20554 python-django_1.1.1-1ubuntu1.1.diff.gz Files: 80222eacb212cce9d95bd988313f1f72 2215 python optional python-django_1.1.1-1ubuntu1.1.dsc 69008b0041f74d261d2dfd833f0cbc71 20554 python optional python-django_1.1.1-1ubuntu1.1.diff.gz Original-Maintainer: Chris Lamb From staff.rm at openbravo.com Sat Jan 8 00:40:55 2011 From: staff.rm at openbravo.com (Openbravo Release Management Team) Date: Sat, 08 Jan 2011 00:40:55 -0000 Subject: [ubuntu/karmic] openbravo-erp 2.50MP-25EU1-1karmic1 (Accepted) Message-ID: <20110108004055.30541.69590.launchpad@cocoplum.canonical.com> openbravo-erp (2.50MP-25EU1-1karmic1) karmic; urgency=low * New upstream release: 2.50MP25EU1 for karmic Date: Tue, 04 Jan 2011 00:02:20 +0200 Changed-By: Openbravo Release Management Team Maintainer: Brian Thomason Signed-By: Brian Thomason https://launchpad.net/ubuntu/karmic/+source/openbravo-erp/2.50MP-25EU1-1karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 04 Jan 2011 00:02:20 +0200 Source: openbravo-erp Binary: openbravo-erp Architecture: source Version: 2.50MP-25EU1-1karmic1 Distribution: karmic Urgency: low Maintainer: Brian Thomason Changed-By: Openbravo Release Management Team Description: openbravo-erp - Enterprise Resource Planning solution Changes: openbravo-erp (2.50MP-25EU1-1karmic1) karmic; urgency=low . * New upstream release: 2.50MP25EU1 for karmic Checksums-Sha1: eb4e354f7e4656870ba578f3586fca686ff03acb 1146 openbravo-erp_2.50MP-25EU1-1karmic1.dsc d488d56212f207129dcf9e0cc7cd8b3e09a0eca0 121343263 openbravo-erp_2.50MP-25EU1.orig.tar.gz 6b79ff8cf52989957a18cd4cf6a225c5f4dfff21 9088 openbravo-erp_2.50MP-25EU1-1karmic1.diff.gz Checksums-Sha256: b45a999fc3b5d136cad09f4378d3bb4797e1fa572eb80e318da8790d03da1402 1146 openbravo-erp_2.50MP-25EU1-1karmic1.dsc 8b9ff3d731eddde20e9248998cb03cb38e782daf6e644581643e9932f91a88b4 121343263 openbravo-erp_2.50MP-25EU1.orig.tar.gz b9169d5200881e3e5982ea13c6d33133b7113ef4e96594e7b7003ace0d140332 9088 openbravo-erp_2.50MP-25EU1-1karmic1.diff.gz Files: 2751c39dd27b571dd3b751025dfb770c 1146 partner/web extra openbravo-erp_2.50MP-25EU1-1karmic1.dsc 7eba9d59a9e50fcde00cc3ad420a9e5e 121343263 partner/web extra openbravo-erp_2.50MP-25EU1.orig.tar.gz 9cccf5def4eff9179aa627402252bb4e 9088 partner/web extra openbravo-erp_2.50MP-25EU1-1karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0nsZEACgkQOb4zNfJqN5fMWQCeN6tcJfKjw2+jZOo6YnxmCCvA X5wAoJv5r0bhUfFRY/vcvRhp9CwQ/N/P =OtTq -----END PGP SIGNATURE----- From archive at ubuntu.com Mon Jan 10 06:03:39 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 10 Jan 2011 06:03:39 -0000 Subject: [ubuntu/karmic-security] libapache2-mod-fcgid (delayed), libapache2-mod-fcgid 1:2.2-1ubuntu0.9.10.1 (Accepted) Message-ID: <20110110060339.1475.82506.launchpad@cocoplum.canonical.com> libapache2-mod-fcgid (1:2.2-1ubuntu0.9.10.1) karmic-security; urgency=low * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060) - fcgid_bucket.c: patch from upstream - CVE-2010-3872 Date: Thu, 06 Jan 2011 12:57:47 +0100 Changed-By: Felix Geyer Maintainer: Ubuntu MOTU Developers https://launchpad.net/ubuntu/karmic/+source/libapache2-mod-fcgid/1:2.2-1ubuntu0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 06 Jan 2011 12:57:47 +0100 Source: libapache2-mod-fcgid Binary: libapache2-mod-fcgid Architecture: source Version: 1:2.2-1ubuntu0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu MOTU Developers Changed-By: Felix Geyer Description: libapache2-mod-fcgid - an alternative module compat with mod_fastcgi Changes: libapache2-mod-fcgid (1:2.2-1ubuntu0.9.10.1) karmic-security; urgency=low . * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060) - fcgid_bucket.c: patch from upstream - CVE-2010-3872 Checksums-Sha1: 397f184358b94ab9f25cd52861c047d55ada4b01 1922 libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.dsc 2d30fde956e23df31789951f45c3e0e3f9fb12bf 7064 libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.diff.gz Checksums-Sha256: 22830d40e8f60c3a7840cb69ae3b8cc6cd501205a49a1801d5b9a5fd174b0768 1922 libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.dsc f2ea153bde9c1da08243d29fbbcde6ac0df8a61e6e7c3ecb075839d08a2154a7 7064 libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.diff.gz Files: ee1168eb96465e5d88ff724b2ab974a2 1922 net optional libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.dsc f246daaca3b52e3b7e58d14cb17c846d 7064 net optional libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.diff.gz Launchpad-Bugs-Fixed: 698060 Original-Maintainer: Tatsuki Sugiura From bogus@does.not.exist.com Tue Jan 11 18:31:10 2011 From: bogus@does.not.exist.com () Date: Tue, 11 Jan 2011 18:31:10 -0000 Subject: [ubuntu/karmic] uex 1.2.0.13-1karmic1 (Accepted) Message-ID: <20110111183110.20067.78640.launchpad@cocoplum.canonical.com> uex (1.2.0.13-1karmic1) karmic; urgency=low * Karmic Koala package Date: Thu, 06 Jan 2011 16:36:12 -0400 Changed-By: IDM Computer Solutions, Inc. Signed-By: Brian Thomason https://launchpad.net/ubuntu/karmic/+source/uex/1.2.0.13-1karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 06 Jan 2011 16:36:12 -0400 Source: uex Binary: uex Architecture: source Version: 1.2.0.13-1karmic1 Distribution: karmic Urgency: low Maintainer: IDM Computer Solutions, Inc. Changed-By: IDM Computer Solutions, Inc. Description: uex - UltraEdit is a text, hex, and programming language editor Changes: uex (1.2.0.13-1karmic1) karmic; urgency=low . * Karmic Koala package Checksums-Sha1: ca92b22abe8ae5f185a31bce4ba981f6be077700 1026 uex_1.2.0.13-1karmic1.dsc 5923eb13d4b33b2a48bae469afcc16d19aa12785 15910 uex_1.2.0.13-1karmic1.diff.gz Checksums-Sha256: 84f425ee99938d10474bb38615010195d04f8f42ed2d394d3016ef697bc22f1f 1026 uex_1.2.0.13-1karmic1.dsc 7b64d5e826047a7d819c40eacf616d6c7eca7c22707195b6ad25c070a2ef8e44 15910 uex_1.2.0.13-1karmic1.diff.gz Files: caecc9432b6be1db7e5b1e339a32f6b5 1026 partner/editors extra uex_1.2.0.13-1karmic1.dsc 083616a257c0fa35bf0121c1349c6591 15910 partner/editors extra uex_1.2.0.13-1karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0sm9sACgkQOb4zNfJqN5d/aACePs6CHn4OaIo4n2gveNv2v6Ci ImUAoJaUj9fNdmHocgcbrObRmiDMe+8Y =c3tp -----END PGP SIGNATURE----- From archive at ubuntu.com Tue Jan 11 21:04:53 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 11 Jan 2011 21:04:53 -0000 Subject: [ubuntu/karmic-security] eglibc_2.10.1-0ubuntu19_armel_translations.tar.gz, eglibc_2.10.1-0ubuntu19_i386_translations.tar.gz, eglibc_2.10.1-0ubuntu19_amd64_translations.tar.gz, eglibc_2.10.1-0ubuntu19_powerpc_translations.tar.gz (delayed), eglibc, eglibc_2.10.1-0ubuntu19_lpia_translations.tar.gz, eglibc_2.10.1-0ubuntu19_ia64_translations.tar.gz 2.10.1-0ubuntu19 (Accepted) Message-ID: <20110111210453.9135.34554.launchpad@cocoplum.canonical.com> eglibc (2.10.1-0ubuntu19) karmic-security; urgency=low * SECURITY UPDATE: setuid iconv users could load arbitrary libraries. - debian/patches/any/dst-expansion-fix.diff: refresh with new proposed solution, avoiding iconv issues. - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856, which was already had a work-around in 2.10.1-0ubuntu18. Date: Mon, 10 Jan 2011 20:51:08 -0800 Changed-By: Kees Cook Maintainer: Ubuntu Core developers https://launchpad.net/ubuntu/karmic/+source/eglibc/2.10.1-0ubuntu19 -------------- next part -------------- Format: 1.8 Date: Mon, 10 Jan 2011 20:51:08 -0800 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-sparcv9v libc6-sparcv9v2 libc6-sparc64b libc6-sparc64v libc6-sparc64v2 libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source Version: 2.10.1-0ubuntu19 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core developers Changed-By: Kees Cook Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - GNU C Library: Documentation libc-bin - GNU C Library: Binaries libc-dev-bin - GNU C Library: Development binaries libc0.1 - GNU C Library: Shared libraries libc0.1-dbg - GNU C Library: detached debugging symbols libc0.1-dev - GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - GNU C Library: PIC archive library libc0.1-prof - GNU C Library: Profiling Libraries libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3 - GNU C Library: Shared libraries libc0.3-dbg - GNU C Library: detached debugging symbols libc0.3-dev - GNU C Library: Development Libraries and Header Files libc0.3-pic - GNU C Library: PIC archive library libc0.3-prof - GNU C Library: Profiling Libraries libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6 - GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - GNU C Library: detached debugging symbols libc6-dev - GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - GNU C Library: Profiling Libraries libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparc64b - GNU C Library: 64bit Shared libraries for UltraSPARC [v9b optimiz libc6-sparc64v - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v optimiz libc6-sparc64v2 - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v2 optimi libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized] libc6-sparcv9v - GNU C Library: Shared libraries [v9v optimized] libc6-sparcv9v2 - GNU C Library: Shared libraries [v9v2 optimized] libc6-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6-xen - GNU C Library: Shared libraries [Xen version] libc6.1 - GNU C Library: Shared libraries libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - GNU C Library: detached debugging symbols libc6.1-dev - GNU C Library: Development Libraries and Header Files libc6.1-pic - GNU C Library: PIC archive library libc6.1-prof - GNU C Library: Profiling Libraries libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb) locales - GNU C Library: National Language (locale) data [support] locales-all - GNU C Library: Precompiled locale data nscd - GNU C Library: Name Service Cache Daemon Changes: eglibc (2.10.1-0ubuntu19) karmic-security; urgency=low . * SECURITY UPDATE: setuid iconv users could load arbitrary libraries. - debian/patches/any/dst-expansion-fix.diff: refresh with new proposed solution, avoiding iconv issues. - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856, which was already had a work-around in 2.10.1-0ubuntu18. Checksums-Sha1: a2d5ddb1c353edf47c7ff9f1b4416c302e1abd94 3023 eglibc_2.10.1-0ubuntu19.dsc 9387d190d72cadc7336d98a406dbab6bed77f3d6 2768022 eglibc_2.10.1-0ubuntu19.diff.gz Checksums-Sha256: 9de41578d1b91dd82bf03e6cb08c3c6bbdc03d910a22d39a4e17fa2b57da648a 3023 eglibc_2.10.1-0ubuntu19.dsc eb9dd3da0dd89fd022e9d6ad198a27ab6f1669f300dd0517a6e62251fca13be7 2768022 eglibc_2.10.1-0ubuntu19.diff.gz Files: 0c07e3d2b5ffc5bf70b46233ef967257 3023 libs required eglibc_2.10.1-0ubuntu19.dsc 671860dddf63c01d23d794956fe6598e 2768022 libs required eglibc_2.10.1-0ubuntu19.diff.gz Original-Maintainer: GNU Libc Maintainers From archive at ubuntu.com Wed Jan 12 06:03:39 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 12 Jan 2011 06:03:39 -0000 Subject: [ubuntu/karmic-security] lcms (delayed), lcms 1.18.dfsg-1ubuntu1.1 (Accepted) Message-ID: <20110112060339.21553.78464.launchpad@cocoplum.canonical.com> lcms (1.18.dfsg-1ubuntu1.1) karmic-security; urgency=low * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198) - Fix DoS via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." - CVE-2009-0073 Date: Sat, 08 Jan 2011 04:42:32 +0100 Changed-By: Artur Rona Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/lcms/1.18.dfsg-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Sat, 08 Jan 2011 04:42:32 +0100 Source: lcms Binary: liblcms1 liblcms-utils liblcms1-dev python-liblcms Architecture: source Version: 1.18.dfsg-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Artur Rona Description: liblcms-utils - Color management library (Additional utilities) liblcms1 - Color management library liblcms1-dev - Color management library (Development headers) python-liblcms - Python bindings for liblcms color management library Changes: lcms (1.18.dfsg-1ubuntu1.1) karmic-security; urgency=low . * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198) - Fix DoS via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." - CVE-2009-0073 Checksums-Sha1: 3305661687b6fdfb59dc2a94cf2c08f0f46f7b77 2024 lcms_1.18.dfsg-1ubuntu1.1.dsc 539bbca968a9a28be84af825366047a6156040f3 9795 lcms_1.18.dfsg-1ubuntu1.1.diff.gz Checksums-Sha256: 660aa28834d289968b48ad955f19711e0ca220548117c8e9df24abbd14f229a0 2024 lcms_1.18.dfsg-1ubuntu1.1.dsc 8046c8bcc975fb8316f1bac1f5cc72fdc6d6547172eb1be4f2cfe535f9ced88f 9795 lcms_1.18.dfsg-1ubuntu1.1.diff.gz Files: cf857a038ae254d4b107c5d81d6cf64b 2024 libs optional lcms_1.18.dfsg-1ubuntu1.1.dsc 2a5bc68b26b8727643fbb5ea97a74b3b 9795 libs optional lcms_1.18.dfsg-1ubuntu1.1.diff.gz Launchpad-Bugs-Fixed: 700198 Original-Maintainer: Oleksandr Moskalenko From archive at ubuntu.com Thu Jan 13 06:05:43 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 13 Jan 2011 06:05:43 -0000 Subject: [ubuntu/karmic-security] php5_5.2.10.dfsg.1-2ubuntu6.7_sparc_translations.tar.gz (delayed), php5_5.2.10.dfsg.1-2ubuntu6.7_i386_translations.tar.gz, php5_5.2.10.dfsg.1-2ubuntu6.7_ia64_translations.tar.gz, php5_5.2.10.dfsg.1-2ubuntu6.7_lpia_translations.tar.gz, php5_5.2.10.dfsg.1-2ubuntu6.7_powerpc_translations.tar.gz, php5_5.2.10.dfsg.1-2ubuntu6.7_amd64_translations.tar.gz, php5, php5_5.2.10.dfsg.1-2ubuntu6.7_armel_translations.tar.gz 5.2.10.dfsg.1-2ubuntu6.7 (Accepted) Message-ID: <20110113060543.13853.24226.launchpad@cocoplum.canonical.com> php5 (5.2.10.dfsg.1-2ubuntu6.7) karmic-security; urgency=low * debian/patches/php5-CVE-2010-3436-regression.patch: update main/fopen_wrappers.c to include fix for open_basedir restriction regression (LP: #701896) Date: Wed, 12 Jan 2011 07:51:41 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/php5/5.2.10.dfsg.1-2ubuntu6.7 -------------- next part -------------- Format: 1.8 Date: Wed, 12 Jan 2011 07:51:41 -0800 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.2.10.dfsg.1-2ubuntu6.7 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Steve Beattie Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.2.10.dfsg.1-2ubuntu6.7) karmic-security; urgency=low . * debian/patches/php5-CVE-2010-3436-regression.patch: update main/fopen_wrappers.c to include fix for open_basedir restriction regression (LP: #701896) Checksums-Sha1: 5e0d624df5d8e906976cfd223a700cdaf76e2ce3 3170 php5_5.2.10.dfsg.1-2ubuntu6.7.dsc 66e834cd11ba0988718946a5b7b968b4ce7f9f05 978153 php5_5.2.10.dfsg.1-2ubuntu6.7.diff.gz Checksums-Sha256: 45e178042c623082309e0ae2f580ef27935a0edba1df83bd5cf94626b0a69e4a 3170 php5_5.2.10.dfsg.1-2ubuntu6.7.dsc 9b86d06d7aa3a850190876c0cb7a1deb234c1f9bba6d35b0821cb53c4ff1def8 978153 php5_5.2.10.dfsg.1-2ubuntu6.7.diff.gz Files: 59ba2464b2bc893dbf1c9a8ec7eb1643 3170 php optional php5_5.2.10.dfsg.1-2ubuntu6.7.dsc 63af6de4601a8537fe10af14f36ac22a 978153 php optional php5_5.2.10.dfsg.1-2ubuntu6.7.diff.gz Launchpad-Bugs-Fixed: 701896 Original-Maintainer: Debian PHP Maintainers From archive at ubuntu.com Tue Jan 18 17:03:42 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 18 Jan 2011 17:03:42 -0000 Subject: [ubuntu/karmic-security] dbus, dbus (delayed) 1.2.16-0ubuntu9.1 (Accepted) Message-ID: <20110118170342.16434.54444.launchpad@cocoplum.canonical.com> dbus (1.2.16-0ubuntu9.1) karmic-security; urgency=low * SECURITY UPDATE: fix DoS with too deeply nested messages - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic message variants. Backported from upstream. - CVE-2010-4352 - LP: #688992 * debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev Date: Tue, 04 Jan 2011 14:37:19 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/dbus/1.2.16-0ubuntu9.1 -------------- next part -------------- Format: 1.8 Date: Tue, 04 Jan 2011 14:37:19 -0600 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev Architecture: source Version: 1.2.16-0ubuntu9.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jamie Strandboge Description: dbus - simple interprocess messaging system dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.2.16-0ubuntu9.1) karmic-security; urgency=low . * SECURITY UPDATE: fix DoS with too deeply nested messages - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic message variants. Backported from upstream. - CVE-2010-4352 - LP: #688992 * debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev Checksums-Sha1: 11fcd1cf58a1c342df1e6be64d4c8b567d792ce8 2126 dbus_1.2.16-0ubuntu9.1.dsc 5fad7a5733cdb97a9bb6eb0df97b40a8c72c6d06 1538983 dbus_1.2.16-0ubuntu9.1.tar.gz Checksums-Sha256: c99f09c4032e79753cb7849ccab270442940aedf6dcc2943deebe9f00d1e5d4e 2126 dbus_1.2.16-0ubuntu9.1.dsc ab11595bf23d48812c3f536b8ace0d69d8d1baba0d1f2e53d5109643163df9e8 1538983 dbus_1.2.16-0ubuntu9.1.tar.gz Files: 67a2122d18da6e374ef6d0bf60cfa622 2126 devel optional dbus_1.2.16-0ubuntu9.1.dsc af74c79fd8c46912f6f04aebd100a55f 1538983 devel optional dbus_1.2.16-0ubuntu9.1.tar.gz Launchpad-Bugs-Fixed: 688992 Original-Maintainer: Utopia Maintenance Team From archive at ubuntu.com Thu Jan 20 15:03:27 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 20 Jan 2011 15:03:27 -0000 Subject: [ubuntu/karmic-security] xpdf, xpdf (delayed) 3.02-1.4ubuntu2.9.10.2 (Accepted) Message-ID: <20110120150327.3324.51739.launchpad@cocoplum.canonical.com> xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3702 - LP: #701220 * SECURITY UPDATE: FoFiType1::parse function allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3704 Date: Mon, 10 Jan 2011 15:32:39 -0500 Changed-By: Brian Thomason Maintainer: Ubuntu MOTU Developers https://launchpad.net/ubuntu/karmic/+source/xpdf/3.02-1.4ubuntu2.9.10.2 -------------- next part -------------- Format: 1.8 Date: Mon, 10 Jan 2011 15:32:39 -0500 Source: xpdf Binary: xpdf xpdf-common xpdf-reader xpdf-utils Architecture: source Version: 3.02-1.4ubuntu2.9.10.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu MOTU Developers Changed-By: Brian Thomason Description: xpdf - Portable Document Format (PDF) suite xpdf-common - Portable Document Format (PDF) suite -- common files xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11 xpdf-utils - Portable Document Format (PDF) suite -- utilities Changes: xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low . * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3702 - LP: #701220 * SECURITY UPDATE: FoFiType1::parse function allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3704 Checksums-Sha1: 8b0a5b120ca323994ef21ca66fa82db50b936e5e 2030 xpdf_3.02-1.4ubuntu2.9.10.2.dsc 1f43d6226e16910203d839aed435945b127d09e6 47441 xpdf_3.02-1.4ubuntu2.9.10.2.diff.gz Checksums-Sha256: 05c2c5bd12397ed799725d951b6163d4f1242af4c6a4d883fee9aac7a9a8cdea 2030 xpdf_3.02-1.4ubuntu2.9.10.2.dsc ac29583d298b31df88e2844a1e906060b70c737a2406acee9492716bff4ea6d2 47441 xpdf_3.02-1.4ubuntu2.9.10.2.diff.gz Files: 27475dbc3bab453da175223f8031e2c7 2030 text optional xpdf_3.02-1.4ubuntu2.9.10.2.dsc a570cd14cbf1beb5bca65e3bf6cd438a 47441 text optional xpdf_3.02-1.4ubuntu2.9.10.2.diff.gz Launchpad-Bugs-Fixed: 701220 Original-Maintainer: Hamish Moffatt From archive at ubuntu.com Thu Jan 20 15:11:04 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 20 Jan 2011 15:11:04 -0000 Subject: [ubuntu/karmic-security] sudo, sudo (delayed) 1.7.0-1ubuntu2.6 (Accepted) Message-ID: <20110120151104.7637.96907.launchpad@cocoplum.canonical.com> sudo (1.7.0-1ubuntu2.6) karmic-security; urgency=low * SECURITY UPDATE: privilege escalation via -g when using group Runas_List - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits 48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used only with check.c to fix CVE-2011-0010 instead of doing the refactoring. Going forward, will need to look at this code also if a flaw is found in this refactored code. If needed, the refactoring work is in 48ca8c2eddf8 and 6ebc55d4716b. - check.c: prompt for password when the user is running sudo as himself but as a different group. Based on fe8a94f96542. - CVE-2011-0010 Date: Wed, 19 Jan 2011 10:46:05 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/sudo/1.7.0-1ubuntu2.6 -------------- next part -------------- Format: 1.8 Date: Wed, 19 Jan 2011 10:46:05 -0600 Source: sudo Binary: sudo sudo-ldap Architecture: source Version: 1.7.0-1ubuntu2.6 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jamie Strandboge Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Changes: sudo (1.7.0-1ubuntu2.6) karmic-security; urgency=low . * SECURITY UPDATE: privilege escalation via -g when using group Runas_List - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits 48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used only with check.c to fix CVE-2011-0010 instead of doing the refactoring. Going forward, will need to look at this code also if a flaw is found in this refactored code. If needed, the refactoring work is in 48ca8c2eddf8 and 6ebc55d4716b. - check.c: prompt for password when the user is running sudo as himself but as a different group. Based on fe8a94f96542. - CVE-2011-0010 Checksums-Sha1: 968202b78a8ee08ed8668abb93279ed3bbf6fa9c 1757 sudo_1.7.0-1ubuntu2.6.dsc 9c5f6aba2845fa9308b6081dcb2c3898bb40b49f 26877 sudo_1.7.0-1ubuntu2.6.diff.gz Checksums-Sha256: 8fed3d27452d841a94445c4213fee5425e9b2736a1d3e54a8aec998488f7c87f 1757 sudo_1.7.0-1ubuntu2.6.dsc 3914634dff3c68f94082303340f7b7bef27b166ff493ad91256ff06830533a18 26877 sudo_1.7.0-1ubuntu2.6.diff.gz Files: 41c6991abbfea6b7cbe6708ab07d2186 1757 admin optional sudo_1.7.0-1ubuntu2.6.dsc 0a131d32d3d6cb4810b95ba5421346b6 26877 admin optional sudo_1.7.0-1ubuntu2.6.diff.gz Original-Maintainer: Bdale Garbee From archive at ubuntu.com Fri Jan 21 20:05:15 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 21 Jan 2011 20:05:15 -0000 Subject: [ubuntu/karmic-security] mumble_1.1.8-3ubuntu0.1_amd64_translations.tar.gz, mumble_1.1.8-3ubuntu0.1_ia64_translations.tar.gz, mumble_1.1.8-3ubuntu0.1_lpia_translations.tar.gz, mumble_1.1.8-3ubuntu0.1_i386_translations.tar.gz, mumble_1.1.8-3ubuntu0.1_sparc_translations.tar.gz (delayed), mumble, mumble_1.1.8-3ubuntu0.1_powerpc_translations.tar.gz 1.1.8-3ubuntu0.1 (Accepted) Message-ID: <20110121200515.25791.42918.launchpad@cocoplum.canonical.com> mumble (1.1.8-3ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674) - debian/mumble-server.postinst: Set permissions of mumble-server.ini to 0640 and the owner to root:mumble-server. Date: Thu, 20 Jan 2011 13:02:46 +0100 Changed-By: Felix Geyer Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/mumble/1.1.8-3ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Thu, 20 Jan 2011 13:02:46 +0100 Source: mumble Binary: mumble mumble-server mumble-dbg mumble-server-web Architecture: source Version: 1.1.8-3ubuntu0.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Felix Geyer Description: mumble - Low latency VoIP client mumble-dbg - Low latency VoIP client (debugging symbols) mumble-server - Low latency VoIP server mumble-server-web - Web scripts for mumble-server Changes: mumble (1.1.8-3ubuntu0.1) karmic-security; urgency=low . * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674) - debian/mumble-server.postinst: Set permissions of mumble-server.ini to 0640 and the owner to root:mumble-server. Checksums-Sha1: cd9a6c65ffd82a42775175c43d280cf5b43b0910 2447 mumble_1.1.8-3ubuntu0.1.dsc 4f21cc9f706dcca6fa844074a0f4e7e8a8ba9012 26915 mumble_1.1.8-3ubuntu0.1.diff.gz Checksums-Sha256: 140e3fd26c56e2ad6046c7420d13852facb29d1db4ac05f495f95ba836e7a9f8 2447 mumble_1.1.8-3ubuntu0.1.dsc 99c19f1a8ad884d9992232bc8a05b72533aad774b5deb046fdb4c515e71831f2 26915 mumble_1.1.8-3ubuntu0.1.diff.gz Files: 2d515c6af2e3552dd9b92b78a4688076 2447 sound optional mumble_1.1.8-3ubuntu0.1.dsc 185c639d17d5a4c5340abf8643fa36d3 26915 sound optional mumble_1.1.8-3ubuntu0.1.diff.gz Launchpad-Bugs-Fixed: 704674 Original-Maintainer: Debian VoIP Team From archive at ubuntu.com Mon Jan 24 14:03:46 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 24 Jan 2011 14:03:46 -0000 Subject: [ubuntu/karmic-security] tomcat6, tomcat6 (delayed) 6.0.20-2ubuntu2.3 (Accepted) Message-ID: <20110124140346.7742.5731.launchpad@cocoplum.canonical.com> tomcat6 (6.0.20-2ubuntu2.3) karmic-security; urgency=low * SECURITY UPDATE: cross-site scripting in Manager application - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to java/org/apache/catalina/manager/JspHelper.java, webapps/manager/{sessionDetail,sessionsList}.jsp. - patch backported from Debian 6.0.28-9 package - CVE-2010-4172 Date: Thu, 13 Jan 2011 15:52:00 -0600 Changed-By: Marc Deslauriers Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/tomcat6/6.0.20-2ubuntu2.3 -------------- next part -------------- Format: 1.8 Date: Thu, 13 Jan 2011 15:52:00 -0600 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: source Version: 6.0.20-2ubuntu2.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Marc Deslauriers Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6 - Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- example web applications tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat6 (6.0.20-2ubuntu2.3) karmic-security; urgency=low . * SECURITY UPDATE: cross-site scripting in Manager application - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to java/org/apache/catalina/manager/JspHelper.java, webapps/manager/{sessionDetail,sessionsList}.jsp. - patch backported from Debian 6.0.28-9 package - CVE-2010-4172 Checksums-Sha1: 3a920855131f90cce39537c72a7b4db6186bf284 2204 tomcat6_6.0.20-2ubuntu2.3.dsc b8ebc014b5c4c9bf21447af37d347c78b5a88099 27239 tomcat6_6.0.20-2ubuntu2.3.diff.gz Checksums-Sha256: 545162175cd7fd0f67a00bafd8ce078752f9aea213d2d2d18abe1b8f024b829e 2204 tomcat6_6.0.20-2ubuntu2.3.dsc 13f4160edca0136e4ba3d7546400145ce2291330c9c1e19650c97823a3b36016 27239 tomcat6_6.0.20-2ubuntu2.3.diff.gz Files: 34fb37d15fe193f6def5becb76b0dbaf 2204 java optional tomcat6_6.0.20-2ubuntu2.3.dsc 0cc20bab1a9b311bdebf30b7906a19a7 27239 java optional tomcat6_6.0.20-2ubuntu2.3.diff.gz Original-Maintainer: Debian Java Maintainers From archive at ubuntu.com Mon Jan 24 14:04:01 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 24 Jan 2011 14:04:01 -0000 Subject: [ubuntu/karmic-security] awstats, awstats (delayed) 6.9~dfsg-1ubuntu3.9.10.1 (Accepted) Message-ID: <20110124140401.7742.97098.launchpad@cocoplum.canonical.com> awstats (6.9~dfsg-1ubuntu3.9.10.1) karmic-security; urgency=low * SECURITY UPDATE: directory traversal via crafted LoadPlugin directory - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin name in wwwroot/cgi-bin/awstats.pl. - CVE-2010-4369 Date: Tue, 11 Jan 2011 17:08:05 -0600 Changed-By: Marc Deslauriers Maintainer: Ubuntu Core Develoers https://launchpad.net/ubuntu/karmic/+source/awstats/6.9~dfsg-1ubuntu3.9.10.1 -------------- next part -------------- Format: 1.8 Date: Tue, 11 Jan 2011 17:08:05 -0600 Source: awstats Binary: awstats Architecture: source Version: 6.9~dfsg-1ubuntu3.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Develoers Changed-By: Marc Deslauriers Description: awstats - powerful and featureful web server log analyzer Changes: awstats (6.9~dfsg-1ubuntu3.9.10.1) karmic-security; urgency=low . * SECURITY UPDATE: directory traversal via crafted LoadPlugin directory - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin name in wwwroot/cgi-bin/awstats.pl. - CVE-2010-4369 Checksums-Sha1: 84105221dcb89d51f52ce98dd9d207fe75e60e07 2198 awstats_6.9~dfsg-1ubuntu3.9.10.1.dsc ba5cb3cd696e484d699e6b240426e7e3967e2440 45789 awstats_6.9~dfsg-1ubuntu3.9.10.1.diff.gz Checksums-Sha256: 92324c36030cdcc70b38e4cb10da3cda0c9485e18bdb6e75d41cba728d13ef77 2198 awstats_6.9~dfsg-1ubuntu3.9.10.1.dsc d0f0385be0cdf84c769ecfe15ab18dea576a48bac73655591d7c5d1257975dbf 45789 awstats_6.9~dfsg-1ubuntu3.9.10.1.diff.gz Files: 82f778a33dc5bc99d38e270902caf233 2198 web optional awstats_6.9~dfsg-1ubuntu3.9.10.1.dsc b44d3b7fcf2d4bc5a0eeda3dec3fc412 45789 web optional awstats_6.9~dfsg-1ubuntu3.9.10.1.diff.gz Original-Maintainer: Debian AWStats Team From archive at ubuntu.com Tue Jan 25 21:06:34 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 25 Jan 2011 21:06:34 -0000 Subject: [ubuntu/karmic-security] hplip_3.9.8-1ubuntu2.1_ia64_translations.tar.gz, hplip, hplip_3.9.8-1ubuntu2.1_i386_translations.tar.gz, hplip_3.9.8-1ubuntu2.1_amd64_translations.tar.gz, hplip_3.9.8-1ubuntu2.1_armel_translations.tar.gz, hplip_3.9.8-1ubuntu2.1_sparc_translations.tar.gz (delayed), hplip_3.9.8-1ubuntu2.1_powerpc_translations.tar.gz, hplip_3.9.8-1ubuntu2.1_lpia_translations.tar.gz 3.9.8-1ubuntu2.1 (Accepted) Message-ID: <20110125210634.29082.86029.launchpad@cocoplum.canonical.com> hplip (3.9.8-1ubuntu2.1) karmic-security; urgency=low * SECURITY UPDATE: denial of service and possible arbitrary code execution via long SNMP response - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c. - CVE-2010-4267 Date: Mon, 24 Jan 2011 11:26:42 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/hplip/3.9.8-1ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Mon, 24 Jan 2011 11:26:42 -0500 Source: hplip Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs hplip-cups Architecture: source Version: 3.9.8-1ubuntu2.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Marc Deslauriers Description: hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs) hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files hplip - HP Linux Printing and Imaging System (HPLIP) hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups) hplip-data - HP Linux Printing and Imaging - data files hplip-dbg - HP Linux Printing and Imaging - debugging information hplip-doc - HP Linux Printing and Imaging - documentation hplip-gui - HP Linux Printing and Imaging - GUI utilities Changes: hplip (3.9.8-1ubuntu2.1) karmic-security; urgency=low . * SECURITY UPDATE: denial of service and possible arbitrary code execution via long SNMP response - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c. - CVE-2010-4267 Checksums-Sha1: d40e9339f0ec359f4ae6ae9d2b0aa6bd999c94e8 2521 hplip_3.9.8-1ubuntu2.1.dsc ce015435037913a0200da49f72a4d60676349fcd 91802 hplip_3.9.8-1ubuntu2.1.diff.gz Checksums-Sha256: 081ae0fb4f50d4660207ee4461b660454735ebe1a5296c62a76bec8576043a9c 2521 hplip_3.9.8-1ubuntu2.1.dsc dfb76e25b4c0091e633a1945dc28e6ecacc60604ead3ed934a66023ce21c694b 91802 hplip_3.9.8-1ubuntu2.1.diff.gz Files: ac59f7004536feb2d8d2d30f2c74e44e 2521 utils optional hplip_3.9.8-1ubuntu2.1.dsc 5c588019ec33661ddeaa748c9b2a00d7 91802 utils optional hplip_3.9.8-1ubuntu2.1.diff.gz Original-Maintainer: Debian HPIJS and HPLIP maintainers From archive at ubuntu.com Wed Jan 26 22:06:58 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 26 Jan 2011 22:06:58 -0000 Subject: [ubuntu/karmic-security] openjdk-6b18 (delayed), openjdk-6b18 6b18-1.8.4-0ubuntu1~9.10.1 (Accepted) Message-ID: <20110126220658.17319.40774.launchpad@cocoplum.canonical.com> openjdk-6b18 (6b18-1.8.4-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.8.4 release. - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Date: Fri, 07 Jan 2011 11:40:12 +0100 Changed-By: Matthias Klose Maintainer: OpenJDK Team https://launchpad.net/ubuntu/karmic/+source/openjdk-6b18/6b18-1.8.4-0ubuntu1~9.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 07 Jan 2011 11:40:12 +0100 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.4-0ubuntu1~9.10.1 Distribution: karmic-security Urgency: low Maintainer: OpenJDK Team Changed-By: Matthias Klose Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Changes: openjdk-6b18 (6b18-1.8.4-0ubuntu1~9.10.1) karmic-security; urgency=low . * IcedTea6 1.8.4 release. - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Checksums-Sha1: 3c02ffcdce522a492a7da5837adf1da340df00d4 2997 openjdk-6b18_6b18-1.8.4-0ubuntu1~9.10.1.dsc 1ae7f2e13c8c5e94006407e8d837835a8386abaf 71375187 openjdk-6b18_6b18-1.8.4.orig.tar.gz 017fae6ef031788c4bafb821f77b1602a450eb07 145537 openjdk-6b18_6b18-1.8.4-0ubuntu1~9.10.1.diff.gz Checksums-Sha256: 4a41201cecf7590e62f8c76fe880f5e744ce9c37facdce0dcf1d0229709f3c2d 2997 openjdk-6b18_6b18-1.8.4-0ubuntu1~9.10.1.dsc ee12559a7ece35b62fdfe35ec34ee4e6b31f8e503967fb5313da7198fdd25091 71375187 openjdk-6b18_6b18-1.8.4.orig.tar.gz 83a23b9c35762cdbf49de7ae7706414fe5a01b7f9d4bb256c0099054168ebd4b 145537 openjdk-6b18_6b18-1.8.4-0ubuntu1~9.10.1.diff.gz Files: dfa9f1ba1c76ff9792ce88f8176aadd4 2997 java optional openjdk-6b18_6b18-1.8.4-0ubuntu1~9.10.1.dsc 36e126c797818b9385d8ac48136782de 71375187 java optional openjdk-6b18_6b18-1.8.4.orig.tar.gz 250716e800eb500cc236ef9e3d6ddfe8 145537 java optional openjdk-6b18_6b18-1.8.4-0ubuntu1~9.10.1.diff.gz From archive at ubuntu.com Wed Jan 26 22:07:36 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 26 Jan 2011 22:07:36 -0000 Subject: [ubuntu/karmic-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.4-0ubuntu1~9.10.1 (Accepted) Message-ID: <20110126220736.17319.66727.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.4-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.9.4 release. - CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Date: Thu, 06 Jan 2011 23:39:28 +0100 Changed-By: Matthias Klose Maintainer: OpenJDK Team https://launchpad.net/ubuntu/karmic/+source/openjdk-6/6b20-1.9.4-0ubuntu1~9.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 06 Jan 2011 23:39:28 +0100 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.4-0ubuntu1~9.10.1 Distribution: karmic-security Urgency: low Maintainer: OpenJDK Team Changed-By: Matthias Klose Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.4-0ubuntu1~9.10.1) karmic-security; urgency=low . * IcedTea6 1.9.4 release. - CVE-2010-4351: IcedTea JNLP SecurityManager bypass. Checksums-Sha1: cbec353499390d187fd31bc8930fddac6b1326ff 3018 openjdk-6_6b20-1.9.4-0ubuntu1~9.10.1.dsc efc457659270ef7b4da1bddfbbb59cc774352365 73205024 openjdk-6_6b20-1.9.4.orig.tar.gz 71711d5f74a36549c5366ddade87000a6fe8e57e 130597 openjdk-6_6b20-1.9.4-0ubuntu1~9.10.1.diff.gz Checksums-Sha256: 4a2c5b25ea7ad2b480236f32d149ab69c07b6f81a6c6ffacd76b0c63a92af91c 3018 openjdk-6_6b20-1.9.4-0ubuntu1~9.10.1.dsc 41a411e45d069ea02937182ab6ee0dbb6bfd4c3a8802b429a9786d77227038b2 73205024 openjdk-6_6b20-1.9.4.orig.tar.gz b839dce1e4f665bd133b7a43c0af201e42081ba2380c86fae5e17e636d59a0e8 130597 openjdk-6_6b20-1.9.4-0ubuntu1~9.10.1.diff.gz Files: 3a15ba89ac3d8ec43057f1b4ee263084 3018 java optional openjdk-6_6b20-1.9.4-0ubuntu1~9.10.1.dsc b8a99377ee01bc543e73c21caba0e16d 73205024 java optional openjdk-6_6b20-1.9.4.orig.tar.gz b695702ffabdff2b295120905ba07780 130597 java optional openjdk-6_6b20-1.9.4-0ubuntu1~9.10.1.diff.gz