From archive at ubuntu.com Tue Mar 1 00:03:46 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 01 Mar 2011 00:03:46 -0000 Subject: [ubuntu/karmic-security] logwatch, logwatch (delayed) 7.3.6.cvs20090906-1ubuntu1.1 (Accepted) Message-ID: <20110301000346.1233.82275.launchpad@cocoplum.canonical.com> logwatch (7.3.6.cvs20090906-1ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 - CVE-2011-1018 Date: Sat, 26 Feb 2011 01:17:19 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/logwatch/7.3.6.cvs20090906-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Sat, 26 Feb 2011 01:17:19 -0800 Source: logwatch Binary: logwatch Architecture: source Version: 7.3.6.cvs20090906-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: logwatch - log analyser with nice output written in Perl Changes: logwatch (7.3.6.cvs20090906-1ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 - CVE-2011-1018 Checksums-Sha1: 27cb35d097328370550da05979a56b1dd10053ce 1932 logwatch_7.3.6.cvs20090906-1ubuntu1.1.dsc d7d7febaa2f91f9ed2cda661ef4945ac133b470a 87133 logwatch_7.3.6.cvs20090906-1ubuntu1.1.diff.gz Checksums-Sha256: f36b153b0cc9a2170e289522199c51c8e52ec348e91e8e4bac62b1ad7f561a38 1932 logwatch_7.3.6.cvs20090906-1ubuntu1.1.dsc c4fd8ce2f1ea02ff4e0f4148c6594db7dfb48630b8b87e0eec7f66af896d93d2 87133 logwatch_7.3.6.cvs20090906-1ubuntu1.1.diff.gz Files: b32ef1d8ada8a539c73a6e8da732a7c8 1932 admin optional logwatch_7.3.6.cvs20090906-1ubuntu1.1.dsc eb1efb5614967c87dcee5a0627db91a2 87133 admin optional logwatch_7.3.6.cvs20090906-1ubuntu1.1.diff.gz Original-Maintainer: Willi Mann From archive at ubuntu.com Tue Mar 1 06:08:50 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 01 Mar 2011 06:08:50 -0000 Subject: [ubuntu/karmic-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.7-0ubuntu1~9.10.1 (Accepted) Message-ID: <20110301060850.9982.24149.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.7-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.9.7 release. - SECURITY UPDATE: + S4421494, CVE-2010-4476: infinite loop while parsing double literal. + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption + S6907662, CVE-2010-4465: Swing timer-based security manager bypass + S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets + S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries + S6985453, CVE-2010-4471: Java2D font-related system property leak + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation + RH677332, CVE-2011-0706: Multiple signers privilege escalation - Bug fixes + RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken + G344659: Fix issue when building on SPARC + Fix latent JAXP bug caused by missing import * dropped patch due to different fix applied upstream: - debian/patches/hotspot-sparc-fix.diff * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap zerovm instead to compensate for http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631 Date: Wed, 23 Feb 2011 09:41:17 -0800 Changed-By: Steve Beattie Maintainer: OpenJDK Team https://launchpad.net/ubuntu/karmic/+source/openjdk-6/6b20-1.9.7-0ubuntu1~9.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 23 Feb 2011 09:41:17 -0800 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.7-0ubuntu1~9.10.1 Distribution: karmic-security Urgency: low Maintainer: OpenJDK Team Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.7-0ubuntu1~9.10.1) karmic-security; urgency=low . * IcedTea6 1.9.7 release. - SECURITY UPDATE: + S4421494, CVE-2010-4476: infinite loop while parsing double literal. + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption + S6907662, CVE-2010-4465: Swing timer-based security manager bypass + S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets + S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries + S6985453, CVE-2010-4471: Java2D font-related system property leak + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation + RH677332, CVE-2011-0706: Multiple signers privilege escalation - Bug fixes + RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken + G344659: Fix issue when building on SPARC + Fix latent JAXP bug caused by missing import * dropped patch due to different fix applied upstream: - debian/patches/hotspot-sparc-fix.diff * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap zerovm instead to compensate for http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631 Checksums-Sha1: 2e93775ce2415f20de161e6c23b61e198d499323 3018 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc 150395cb29650662384afe0dab4fc16d7ed4c44d 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz bd919fd8545c75be17e82d7d1929c91623648e67 132023 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz Checksums-Sha256: f859b482e25a0f2e6e5ac5ad8d12d5b60463d1231ebe2bb706a35f32242d7024 3018 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc fb7e696f7b8019c2a8ac78b4823bb4c91efa62ddde9ff9ed799e62b886d79785 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz 6ce0a626511f387028d45b24abcc54703457e7bffe59dc3b5f837d36d91a5ef2 132023 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz Files: 9a6f0f82ce6e6963199fa5f1e0da963a 3018 java optional openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc c7367808152f71091603546acca43633 73265927 java optional openjdk-6_6b20-1.9.7.orig.tar.gz 8f8f9a8e3c033dbb852547dcfaa9213b 132023 java optional openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz From archive at ubuntu.com Wed Mar 2 15:03:57 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 02 Mar 2011 15:03:57 -0000 Subject: [ubuntu/karmic-security] pango1.0, pango1.0 (delayed) 1.26.0-1ubuntu0.1 (Accepted) Message-ID: <20110302150357.3511.51951.launchpad@cocoplum.canonical.com> pango1.0 (1.26.0-1ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: denial of service via crafted font file - debian/patches/20_CVE-2010-0421.patch: initialize memory and properly calculate size in pango/opentype/hb-ot-layout.cc. - CVE-2010-0421 * SECURITY UPDATE: denial of service and possible code execution via crafted font file (LP: #696616) - debian/patches/21_CVE-2011-0020.patch: check for overflow in pango/pangoft2-render.c. - CVE-2011-0020 * SECURITY UPDATE: denial of service and possible code execution via unchecked realloc failures - debian/patches/22_CVE-2011-0064.patch: check for realloc failures in pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h. - CVE-2011-0064 Date: Tue, 01 Mar 2011 10:49:46 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/pango1.0/1.26.0-1ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Tue, 01 Mar 2011 10:49:46 -0500 Source: pango1.0 Binary: libpango1.0-0 libpango1.0-udeb libpango1.0-common libpango1.0-dev libpango1.0-0-dbg libpango1.0-doc Architecture: source Version: 1.26.0-1ubuntu0.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libpango1.0-0 - Layout and rendering of internationalized text libpango1.0-0-dbg - The Pango library and debugging symbols libpango1.0-common - Modules and configuration files for the Pango libpango1.0-dev - Development files for the Pango libpango1.0-doc - Documentation files for the Pango libpango1.0-udeb - Layout and rendering of internationalized text - minimal runtime (udeb) Changes: pango1.0 (1.26.0-1ubuntu0.1) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via crafted font file - debian/patches/20_CVE-2010-0421.patch: initialize memory and properly calculate size in pango/opentype/hb-ot-layout.cc. - CVE-2010-0421 * SECURITY UPDATE: denial of service and possible code execution via crafted font file (LP: #696616) - debian/patches/21_CVE-2011-0020.patch: check for overflow in pango/pangoft2-render.c. - CVE-2011-0020 * SECURITY UPDATE: denial of service and possible code execution via unchecked realloc failures - debian/patches/22_CVE-2011-0064.patch: check for realloc failures in pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h. - CVE-2011-0064 Checksums-Sha1: c860c9228057e2eca2e35eaab69ebef1c9e2dc93 2378 pango1.0_1.26.0-1ubuntu0.1.dsc f83d7a004e650298d05be1c88f1b779b19df2625 37892 pango1.0_1.26.0-1ubuntu0.1.diff.gz Checksums-Sha256: 7a59fc401618e275593ecb059a1322462ac7035f5cf2df47301096894a0128cf 2378 pango1.0_1.26.0-1ubuntu0.1.dsc aa28dcde12d63836d58d6cfeffb58583b31573b9686c8e4f56dda46f7b66a023 37892 pango1.0_1.26.0-1ubuntu0.1.diff.gz Files: bee4e7d537321edd41480b81b113a83e 2378 libs optional pango1.0_1.26.0-1ubuntu0.1.dsc f85297d4cc9b591c621db6f7fc9b8985 37892 libs optional pango1.0_1.26.0-1ubuntu0.1.diff.gz Launchpad-Bugs-Fixed: 696616 Original-Maintainer: Sebastien Bacher From archive at ubuntu.com Mon Mar 7 15:08:10 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 07 Mar 2011 15:08:10 -0000 Subject: [ubuntu/karmic-security] tiff (delayed), tiff 3.8.2-13ubuntu0.4 (Accepted) Message-ID: <20110307150810.18547.65027.launchpad@cocoplum.canonical.com> tiff (3.8.2-13ubuntu0.4) karmic-security; urgency=low * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite values - debian/patches/CVE-2010-2595.patch: validate values in libtiff/tif_color.c. - CVE-2010-2595 * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067) - debian/patches/CVE-2010-2597.patch: properly initialize fields in libtiff/tif_strip.c. - CVE-2010-2597 - CVE-2010-2598 * SECURITY UPDATE: denial of service via out-of-order tags - debian/patches/CVE-2010-2630.patch: correctly handle order in libtiff/tif_dirread.c. - CVE-2010-2630 * SECURITY UPDATE: denial of service and possible code exection via YCBCRSUBSAMPLING tag - debian/patches/CVE-2011-0191.patch: validate td_ycbcrsubsampling in libtiff/tif_dir.c. - CVE-2011-0191 * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in Fax4Decode - debian/patches/CVE-2011-0192.patch: check length in libtiff/tif_fax3.h. - CVE-2011-0192 Date: Fri, 04 Mar 2011 10:07:56 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/tiff/3.8.2-13ubuntu0.4 -------------- next part -------------- Format: 1.8 Date: Fri, 04 Mar 2011 10:07:56 -0500 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.8.2-13ubuntu0.4 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.8.2-13ubuntu0.4) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite values - debian/patches/CVE-2010-2595.patch: validate values in libtiff/tif_color.c. - CVE-2010-2595 * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067) - debian/patches/CVE-2010-2597.patch: properly initialize fields in libtiff/tif_strip.c. - CVE-2010-2597 - CVE-2010-2598 * SECURITY UPDATE: denial of service via out-of-order tags - debian/patches/CVE-2010-2630.patch: correctly handle order in libtiff/tif_dirread.c. - CVE-2010-2630 * SECURITY UPDATE: denial of service and possible code exection via YCBCRSUBSAMPLING tag - debian/patches/CVE-2011-0191.patch: validate td_ycbcrsubsampling in libtiff/tif_dir.c. - CVE-2011-0191 * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in Fax4Decode - debian/patches/CVE-2011-0192.patch: check length in libtiff/tif_fax3.h. - CVE-2011-0192 Checksums-Sha1: f740068cb5c9dce0432099cf0387ae4936f86a76 1940 tiff_3.8.2-13ubuntu0.4.dsc a647025b100f6ccbca16652858b837603e89f1b3 42777 tiff_3.8.2-13ubuntu0.4.diff.gz Checksums-Sha256: aced7756b585f1acb40a2bcfed8c3a2b23c41ee604f156751aa2ee7860e820ab 1940 tiff_3.8.2-13ubuntu0.4.dsc 2fefe055d5e4112f65d655b00ae2bc6bdcc2a8bc433145191f27c004ad816793 42777 tiff_3.8.2-13ubuntu0.4.diff.gz Files: 8a581866d181276aff6a4008b8f3cedd 1940 libs optional tiff_3.8.2-13ubuntu0.4.dsc cc2e665d2bd883b94440b317611f54ec 42777 libs optional tiff_3.8.2-13ubuntu0.4.diff.gz Launchpad-Bugs-Fixed: 593067 Original-Maintainer: Jay Berkenbilt From archive at ubuntu.com Mon Mar 7 15:08:39 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 07 Mar 2011 15:08:39 -0000 Subject: [ubuntu/karmic-security] avahi_0.6.25-1ubuntu5.3_amd64_translations.tar.gz, avahi_0.6.25-1ubuntu5.3_sparc_translations.tar.gz (delayed), avahi_0.6.25-1ubuntu5.3_powerpc_translations.tar.gz, avahi_0.6.25-1ubuntu5.3_armel_translations.tar.gz, avahi_0.6.25-1ubuntu5.3_ia64_translations.tar.gz, avahi_0.6.25-1ubuntu5.3_lpia_translations.tar.gz, avahi, avahi_0.6.25-1ubuntu5.3_i386_translations.tar.gz 0.6.25-1ubuntu5.3 (Accepted) Message-ID: <20110307150839.18547.61534.launchpad@cocoplum.canonical.com> avahi (0.6.25-1ubuntu5.3) karmic-security; urgency=low * SECURITY UPDATE: denial of service via NULL packet - debian/patches/CVE-2011-1002.patch: still read corrupt packets from sockets in avahi-core/socket.c. - CVE-2011-1002 Date: Fri, 04 Mar 2011 14:13:34 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/avahi/0.6.25-1ubuntu5.3 -------------- next part -------------- Format: 1.8 Date: Fri, 04 Mar 2011 14:13:34 -0500 Source: avahi Binary: avahi-daemon avahi-dnsconfd avahi-autoipd python-avahi avahi-utils avahi-discover libavahi-common3 libavahi-common-data libavahi-common-dev libavahi-common3-udeb libavahi-core6 libavahi-core-dev libavahi-core6-udeb libavahi-client3 libavahi-client-dev libavahi-glib1 libavahi-glib-dev libavahi-gobject0 libavahi-gobject-dev libavahi-qt3-1 libavahi-qt3-dev libavahi-qt4-1 libavahi-qt4-dev libavahi-compat-howl0 libavahi-compat-howl-dev libavahi-compat-libdnssd1 libavahi-compat-libdnssd-dev libavahi-ui0 libavahi-ui-dev avahi-ui-utils avahi-dbg Architecture: source Version: 0.6.25-1ubuntu5.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: avahi-autoipd - Avahi IPv4LL network address configuration daemon avahi-daemon - Avahi mDNS/DNS-SD daemon avahi-dbg - Avahi - debugging symbols avahi-discover - Service discover user interface for avahi avahi-dnsconfd - Avahi DNS configuration tool avahi-ui-utils - Avahi GTK+ utilities avahi-utils - Avahi browsing, publishing and discovery utilities libavahi-client-dev - Development files for the Avahi client library libavahi-client3 - Avahi client library libavahi-common-data - Avahi common data files libavahi-common-dev - Development files for the Avahi common library libavahi-common3 - Avahi common library libavahi-common3-udeb - Avahi common library (debian-installer) (udeb) libavahi-compat-howl-dev - Development headers for the Avahi Howl compatibility library libavahi-compat-howl0 - Avahi Howl compatibility library libavahi-compat-libdnssd-dev - Development headers for the Avahi Apple Bonjour compatibility lib libavahi-compat-libdnssd1 - Avahi Apple Bonjour compatibility library libavahi-core-dev - Development files for Avahi's embeddable mDNS/DNS-SD library libavahi-core6 - Avahi's embeddable mDNS/DNS-SD library libavahi-core6-udeb - Avahi's embeddable mDNS/DNS-SD library (debian-installer) (udeb) libavahi-glib-dev - Development headers for the Avahi glib integration library libavahi-glib1 - Avahi glib integration library libavahi-gobject-dev - Development headers for the Avahi GObject library libavahi-gobject0 - Avahi GObject library libavahi-qt3-1 - Avahi Qt 3 integration library libavahi-qt3-dev - Development headers for the Avahi Qt 3 integration library libavahi-qt4-1 - Avahi Qt 4 integration library libavahi-qt4-dev - Development headers for the Avahi Qt 4 integration library libavahi-ui-dev - Development headers for the Avahi GTK+ User interface library libavahi-ui0 - Avahi GTK+ User interface library python-avahi - Python utility package for Avahi Changes: avahi (0.6.25-1ubuntu5.3) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via NULL packet - debian/patches/CVE-2011-1002.patch: still read corrupt packets from sockets in avahi-core/socket.c. - CVE-2011-1002 Checksums-Sha1: 1e14ccb2ec1891b66c587b3cf8517fda45f5631a 3107 avahi_0.6.25-1ubuntu5.3.dsc a8958079cbfcbf8644f985350714730ce3e03ae0 32929 avahi_0.6.25-1ubuntu5.3.diff.gz Checksums-Sha256: cb8f1f3666251d5a1e97f93f16ce4a5cfc3eb63f0537f888c0e1c1e654d25e4f 3107 avahi_0.6.25-1ubuntu5.3.dsc 1a59c7bd1e3bf2a7d8e4af19dbf01e03de830704a16b58f060fae1d6c923c3da 32929 avahi_0.6.25-1ubuntu5.3.diff.gz Files: 3169f2c0dba0e11b76ce9b918b81b99f 3107 net optional avahi_0.6.25-1ubuntu5.3.dsc bd739b81a9070fcf9d3e4201c61034db 32929 net optional avahi_0.6.25-1ubuntu5.3.diff.gz Original-Maintainer: Utopia Maintenance Team From bogus@does.not.exist.com Mon Mar 7 16:50:53 2011 From: bogus@does.not.exist.com () Date: Mon, 07 Mar 2011 16:50:53 -0000 Subject: [ubuntu/karmic] uex 2.1.0.3-0karmic1 (Accepted) Message-ID: <20110307165053.28436.41790.launchpad@cocoplum.canonical.com> uex (2.1.0.3-0karmic1) karmic; urgency=low * Karmic Koala package Date: Wed, 02 Mar 2011 01:21:09 -0400 Changed-By: IDM Computer Solutions, Inc. Signed-By: Brian Thomason https://launchpad.net/ubuntu/karmic/+source/uex/2.1.0.3-0karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 02 Mar 2011 01:21:09 -0400 Source: uex Binary: uex Architecture: source Version: 2.1.0.3-0karmic1 Distribution: karmic Urgency: low Maintainer: IDM Computer Solutions, Inc. Changed-By: IDM Computer Solutions, Inc. Description: uex - UltraEdit is a text, hex, and programming language editor Changes: uex (2.1.0.3-0karmic1) karmic; urgency=low . * Karmic Koala package Checksums-Sha1: a8f248f15da94538a2ee71d2f424304585bdf494 1019 uex_2.1.0.3-0karmic1.dsc 56bc2f77fe82769429b2dee80315d0eb79aed80e 173711838 uex_2.1.0.3.orig.tar.gz d780c97e61fb8274dd51f6ab8de0bf283007760f 16839 uex_2.1.0.3-0karmic1.diff.gz Checksums-Sha256: c600c8ca9d47a2ea044d2b11124b11c714cae2517df29713c93057b89dc57b66 1019 uex_2.1.0.3-0karmic1.dsc 693fe6931fcbf37f001568d9ef3809155b939de2ba8e1da52c6177c345a3789f 173711838 uex_2.1.0.3.orig.tar.gz 52b0d228249719743f580dc89b165f611a5a48fe65b286e4b89b5bff55c0a86f 16839 uex_2.1.0.3-0karmic1.diff.gz Files: 0a41e8f536183ab9314684ae09b8da68 1019 partner/editors extra uex_2.1.0.3-0karmic1.dsc b995c7123236003dd9949f67c822af11 173711838 partner/editors extra uex_2.1.0.3.orig.tar.gz 472139561d6bb552dd56651999f75f6b 16839 partner/editors extra uex_2.1.0.3-0karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1xdYoACgkQOb4zNfJqN5fLbACfesHUEyTeThYrRGI4l57FlFnN EU4AnibI7jeHPlcOqCWh55cXEgOuGpHA =Wx1X -----END PGP SIGNATURE----- From gary.lasker at canonical.com Tue Mar 8 09:02:25 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Tue, 08 Mar 2011 09:02:25 -0000 Subject: [ubuntu/karmic-proposed] tzdata 2011c-0ubuntu0.9.10 (Accepted) Message-ID: <20110308090225.16859.83851.launchpad@gandwana.canonical.com> tzdata (2011c-0ubuntu0.9.10) karmic-proposed; urgency=low * New upstream release 2011c: (LP: #730873) - leapseconds: Update notice from IERS (change to commentary only) - northamerica, zone.tab: Replace Juneau with Juneau, Sitka, and Metlakatla - southamerica: For Chile, delay end of DST in 2011 from March 12th to April 2nd Date: Mon, 07 Mar 2011 17:00:18 -0500 Changed-By: Gary Lasker Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/karmic/+source/tzdata/2011c-0ubuntu0.9.10 -------------- next part -------------- Format: 1.8 Date: Mon, 07 Mar 2011 17:00:18 -0500 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011c-0ubuntu0.9.10 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 730873 Changes: tzdata (2011c-0ubuntu0.9.10) karmic-proposed; urgency=low . * New upstream release 2011c: (LP: #730873) - leapseconds: Update notice from IERS (change to commentary only) - northamerica, zone.tab: Replace Juneau with Juneau, Sitka, and Metlakatla - southamerica: For Chile, delay end of DST in 2011 from March 12th to April 2nd Checksums-Sha1: 7e1372b7b9fa72192e3cea2e112d2774af10ab9d 1886 tzdata_2011c-0ubuntu0.9.10.dsc 59c9f5a1a0872eb5057f1095f24afd4dfa0a9f47 194151 tzdata_2011c.orig.tar.gz dcd2ea90e249e6757e26fcfe2c1f12664eba4377 245704 tzdata_2011c-0ubuntu0.9.10.diff.gz Checksums-Sha256: 138b9fc932d87b77f4c4399695f23875bc9e5282bbab1450df23486930299f16 1886 tzdata_2011c-0ubuntu0.9.10.dsc c08fbf767280a6f6dc450306a39d3b5818a0a9792a0991320e00a1bb91e91a3b 194151 tzdata_2011c.orig.tar.gz 50cfcc1a250fea3079c6e41aef0107faddaee28edbbbae2c9d3fc72086bb2721 245704 tzdata_2011c-0ubuntu0.9.10.diff.gz Files: b09e41ce65b46d76ad5146682b1fa914 1886 libs required tzdata_2011c-0ubuntu0.9.10.dsc 1a01b1a3346c1531daab4970d0a2cd14 194151 libs required tzdata_2011c.orig.tar.gz 72af2dc8fbdcc444a95c998efb7298c5 245704 libs required tzdata_2011c-0ubuntu0.9.10.diff.gz Original-Maintainer: GNU Libc Maintainers From kirkland at ubuntu.com Tue Mar 8 09:03:33 2011 From: kirkland at ubuntu.com (Dustin Kirkland) Date: Tue, 08 Mar 2011 09:03:33 -0000 Subject: [ubuntu/karmic-proposed] ecryptfs-utils 81-0ubuntu3.1 (Accepted) Message-ID: <20110308090333.31574.80876.launchpad@wampee.canonical.com> ecryptfs-utils (81-0ubuntu3.1) karmic-proposed; urgency=low * Cherry-pick upstream commit bzr r520 * src/utils/mount.ecryptfs_private.c: - fix bug LP: #313812, clear used keys on unmount - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from umount.ecryptfs behave similarly - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek Date: Fri, 11 Feb 2011 17:19:37 -0600 Changed-By: Dustin Kirkland Maintainer: Ubuntu Developers Signed-By: Dustin Kirkland https://launchpad.net/ubuntu/karmic/+source/ecryptfs-utils/81-0ubuntu3.1 -------------- next part -------------- Format: 1.8 Date: Fri, 11 Feb 2011 17:19:37 -0600 Source: ecryptfs-utils Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev Architecture: source Version: 81-0ubuntu3.1 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Dustin Kirkland Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) Launchpad-Bugs-Fixed: 313812 Changes: ecryptfs-utils (81-0ubuntu3.1) karmic-proposed; urgency=low . * Cherry-pick upstream commit bzr r520 * src/utils/mount.ecryptfs_private.c: - fix bug LP: #313812, clear used keys on unmount - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from umount.ecryptfs behave similarly - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek Checksums-Sha1: da4f7cfba5fc0246fea4f4dd823e69448524ba40 2308 ecryptfs-utils_81-0ubuntu3.1.dsc e8d7e38da2f5626008017fcb5bca7c31fe2ab63b 18190 ecryptfs-utils_81-0ubuntu3.1.diff.gz Checksums-Sha256: 864256bbbd90d4c194aa4faf38f43390debd8c583deeda05f32c71f21b9407b0 2308 ecryptfs-utils_81-0ubuntu3.1.dsc a29fbcd784a0d4a0897eb547650958a940884fb53ca6e49c5dd5dc01488bfa44 18190 ecryptfs-utils_81-0ubuntu3.1.diff.gz Files: 8d9856e399136870a97d0913db398877 2308 misc optional ecryptfs-utils_81-0ubuntu3.1.dsc 467cd53b9dbd4baa1f59aaa9dc4c7317 18190 misc optional ecryptfs-utils_81-0ubuntu3.1.diff.gz Original-Maintainer: Daniel Baumann From archive at ubuntu.com Fri Mar 11 00:04:18 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 11 Mar 2011 00:04:18 -0000 Subject: [ubuntu/karmic-security] dtc, dtc_0.29.17-1+lenny1build0.9.10.1_i386_translations.tar.gz (delayed) 0.29.17-1+lenny1build0.9.10.1 (Accepted) Message-ID: <20110311000418.11298.98570.launchpad@cocoplum.canonical.com> dtc (0.29.17-1+lenny1build0.9.10.1) karmic-security; urgency=low * fake sync from Debian dtc (0.29.17-1+lenny1) lenny-security; urgency=low * Fixes: CVE-2011-0434: SQL injection in bw_per_month.php graph * Fixes: CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php graph. * Fixes: CVE-2011-0436: Passwords being emailed to the admin in clear text (Closes: #614302). * Fixes: CVE-2011-0437: Removed dangerous SQL old unused code for ssh accounts management. Date: Thu, 10 Mar 2011 12:28:34 -0800 Changed-By: Kees Cook Maintainer: Thomas Goirand https://launchpad.net/ubuntu/karmic/+source/dtc/0.29.17-1+lenny1build0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 10 Mar 2011 12:28:34 -0800 Source: dtc Binary: dtc-common dtc-core dtc-cyrus dtc-postfix-courier dtc-stats-daemon dtc-toaster Architecture: source Version: 0.29.17-1+lenny1build0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Thomas Goirand Changed-By: Kees Cook Description: dtc-common - web control panel for admin and accounting hosting services (comm dtc-core - web control panel for admin and accounting hosting services (fewe dtc-cyrus - web control panel for admin and accounting hosting services (cyru dtc-postfix-courier - web control panel for admin and accounting hosting services (more dtc-stats-daemon - dtc-xen VM statistics for the dtc web control panel dtc-toaster - web control panel for admin and accounting hosting services (meta Closes: 614302 Changes: dtc (0.29.17-1+lenny1build0.9.10.1) karmic-security; urgency=low . * fake sync from Debian . dtc (0.29.17-1+lenny1) lenny-security; urgency=low . * Fixes: CVE-2011-0434: SQL injection in bw_per_month.php graph * Fixes: CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php graph. * Fixes: CVE-2011-0436: Passwords being emailed to the admin in clear text (Closes: #614302). * Fixes: CVE-2011-0437: Removed dangerous SQL old unused code for ssh accounts management. Checksums-Sha1: 81e3ef7c86c2a9ecabb9f0fae297ff1409e28d39 1981 dtc_0.29.17-1+lenny1build0.9.10.1.dsc 46381d692bf3aa059d1450539e309d5108e6015c 83529 dtc_0.29.17-1+lenny1build0.9.10.1.diff.gz Checksums-Sha256: 3a1520b12c846475280a871a26646506806d5e7e6c45b164419de9461449c832 1981 dtc_0.29.17-1+lenny1build0.9.10.1.dsc 60aa4939907c2e912a86188f8414ab357aef07bed8397705cd744eba55b92b08 83529 dtc_0.29.17-1+lenny1build0.9.10.1.diff.gz Files: 3c83a5a87a79b20977f417f7e91e8dde 1981 admin extra dtc_0.29.17-1+lenny1build0.9.10.1.dsc b5f4d92e1e46f474dd4debbeedc61a56 83529 admin extra dtc_0.29.17-1+lenny1build0.9.10.1.diff.gz From archive at ubuntu.com Tue Mar 15 02:04:16 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 15 Mar 2011 02:04:16 -0000 Subject: [ubuntu/karmic-security] tiff (delayed), tiff 3.8.2-13ubuntu0.5 (Accepted) Message-ID: <20110315020416.15171.44728.launchpad@cocoplum.canonical.com> tiff (3.8.2-13ubuntu0.5) karmic-security; urgency=low * debian/patches/CVE-2011-0192.patch: update for regression in processing of certain CCITTFAX4 files (LP: #731540). - http://bugzilla.maptools.org/show_bug.cgi?id=2297 Date: Mon, 14 Mar 2011 10:53:22 -0700 Changed-By: Kees Cook Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/tiff/3.8.2-13ubuntu0.5 -------------- next part -------------- Format: 1.8 Date: Mon, 14 Mar 2011 10:53:22 -0700 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.8.2-13ubuntu0.5 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Kees Cook Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.8.2-13ubuntu0.5) karmic-security; urgency=low . * debian/patches/CVE-2011-0192.patch: update for regression in processing of certain CCITTFAX4 files (LP: #731540). - http://bugzilla.maptools.org/show_bug.cgi?id=2297 Checksums-Sha1: c7d591ddbbbf86e4a028db0efa5801ca3fece3d0 1978 tiff_3.8.2-13ubuntu0.5.dsc fc5e0fbb4c2c0acbaa0d2982c0b08ef3184905ca 43070 tiff_3.8.2-13ubuntu0.5.diff.gz Checksums-Sha256: d9cbf2a58cb305a5b06266893f84d4a36b6cc47473ed817622ffab8a9c6667cd 1978 tiff_3.8.2-13ubuntu0.5.dsc 410a09cdcd604ee87418b0b3d1777e6dc24af0274e60de12ad215068e931e56a 43070 tiff_3.8.2-13ubuntu0.5.diff.gz Files: d8a8180b56ba05c422d4b443afb1d44e 1978 libs optional tiff_3.8.2-13ubuntu0.5.dsc e8b35ecf046a7c3619e1d9929de8b830 43070 libs optional tiff_3.8.2-13ubuntu0.5.diff.gz Launchpad-Bugs-Fixed: 731540 Original-Maintainer: Jay Berkenbilt From archive at ubuntu.com Tue Mar 15 19:06:26 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 15 Mar 2011 19:06:26 -0000 Subject: [ubuntu/karmic-security] krb5, krb5_1.7dfsg~beta3-1ubuntu0.12_i386_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.12_powerpc_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.12_ia64_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.12_armel_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.12_amd64_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.12_lpia_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.12_sparc_translations.tar.gz (delayed) 1.7dfsg~beta3-1ubuntu0.12 (Accepted) Message-ID: <20110315190626.2247.94261.launchpad@cocoplum.canonical.com> krb5 (1.7dfsg~beta3-1ubuntu0.12) karmic-security; urgency=low * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 Date: Mon, 14 Mar 2011 15:38:57 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/krb5/1.7dfsg~beta3-1ubuntu0.12 -------------- next part -------------- Format: 1.8 Date: Mon, 14 Mar 2011 15:38:57 -0700 Source: krb5 Binary: krb5-user krb5-clients krb5-rsh-server krb5-ftpd krb5-telnetd krb5-kdc krb5-kdc-ldap krb5-admin-server libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv6 libkadm5clnt6 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.7dfsg~beta3-1ubuntu0.12 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-clients - Secure replacements for ftp, telnet and rsh using MIT Kerberos krb5-doc - Documentation for MIT Kerberos krb5-ftpd - Secure FTP server supporting MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-rsh-server - Secure replacements for rshd and rlogind using MIT Kerberos krb5-telnetd - Secure telnet server supporting MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt6 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv6 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.7dfsg~beta3-1ubuntu0.12) karmic-security; urgency=low . * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 Checksums-Sha1: 2a60691ae8f1aeeacd12326e2ae4c39a1bbce864 2381 krb5_1.7dfsg~beta3-1ubuntu0.12.dsc 09bced485af2d9d998db0abec1845b1c758c91dd 118084 krb5_1.7dfsg~beta3-1ubuntu0.12.diff.gz Checksums-Sha256: 6c933ce88aad2797fae2c1c77611731407e81cfef9dd1e642859d42a828eb8cb 2381 krb5_1.7dfsg~beta3-1ubuntu0.12.dsc cfe05ec0570f19f217f01af500702867ffa08075ed74b7f751cc9eba902f14ca 118084 krb5_1.7dfsg~beta3-1ubuntu0.12.diff.gz Files: 6c91e7d011baa054e524da73ede3ff6d 2381 net standard krb5_1.7dfsg~beta3-1ubuntu0.12.dsc 1fefaa6377231431facb204859a43ccf 118084 net standard krb5_1.7dfsg~beta3-1ubuntu0.12.diff.gz Original-Maintainer: Sam Hartman From gary.lasker at canonical.com Wed Mar 16 09:11:43 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Wed, 16 Mar 2011 09:11:43 -0000 Subject: [ubuntu/karmic-proposed] tzdata 2011d-0ubuntu0.9.10 (Accepted) Message-ID: <20110316091143.30761.46418.launchpad@soybean.canonical.com> tzdata (2011d-0ubuntu0.9.10) karmic-proposed; urgency=low * New upstream release 2011d: (LP: #735058) - Samoa: Update DST rules (effective April 2nd, 2011) - Cuba: Update DST rules (effective March 13th, 2011) - Turkey: Update DST rules (effective March 27th, 2011) Date: Mon, 14 Mar 2011 17:09:15 -0400 Changed-By: Gary Lasker Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/karmic/+source/tzdata/2011d-0ubuntu0.9.10 -------------- next part -------------- Format: 1.8 Date: Mon, 14 Mar 2011 17:09:15 -0400 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011d-0ubuntu0.9.10 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 735058 Changes: tzdata (2011d-0ubuntu0.9.10) karmic-proposed; urgency=low . * New upstream release 2011d: (LP: #735058) - Samoa: Update DST rules (effective April 2nd, 2011) - Cuba: Update DST rules (effective March 13th, 2011) - Turkey: Update DST rules (effective March 27th, 2011) Checksums-Sha1: dca6bb5d882f4e102899b1f887310cc0aab94da4 1886 tzdata_2011d-0ubuntu0.9.10.dsc fea322d23b90be3b7c4d025fb9c86fc47c703ca2 245861 tzdata_2011d-0ubuntu0.9.10.diff.gz Checksums-Sha256: 42a1ee5b2f20d6059ac33aa753652a17315a87b511d52368f66130e9d7f0622f 1886 tzdata_2011d-0ubuntu0.9.10.dsc 5af49c550984016feb6fcb17a1a9e9e4aff0ae25b38f48c12970bf73d50fcf55 245861 tzdata_2011d-0ubuntu0.9.10.diff.gz Files: 82d0c1386b628d87b780cb8530cf5d19 1886 libs required tzdata_2011d-0ubuntu0.9.10.dsc 0ad9c7b5b83a982858895f3b762314ac 245861 libs required tzdata_2011d-0ubuntu0.9.10.diff.gz Original-Maintainer: GNU Libc Maintainers From brian.thomason at canonical.com Tue Mar 22 16:40:38 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Tue, 22 Mar 2011 16:40:38 -0000 Subject: [ubuntu/karmic] adobe-flashplugin 10.2.153.1-0karmic1 (Accepted) Message-ID: <20110322164038.999.79146.launchpad@cocoplum.canonical.com> adobe-flashplugin (10.2.153.1-0karmic1) karmic; urgency=low * Initial release of 10.2.153.1 for Karmic Date: Tue, 22 Mar 2011 12:37:07 -0400 Changed-By: Brian Thomason Maintainer: DL-Flash Player Ubuntu https://launchpad.net/ubuntu/karmic/+source/adobe-flashplugin/10.2.153.1-0karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 22 Mar 2011 12:37:07 -0400 Source: adobe-flashplugin Binary: adobe-flashplugin Architecture: source Version: 10.2.153.1-0karmic1 Distribution: karmic Urgency: low Maintainer: DL-Flash Player Ubuntu Changed-By: Brian Thomason Description: adobe-flashplugin - Adobe Flash Player plugin version 10 Changes: adobe-flashplugin (10.2.153.1-0karmic1) karmic; urgency=low . * Initial release of 10.2.153.1 for Karmic Checksums-Sha1: d41b606fd12af28c2eb4037327ca5e5f52ca1964 1157 adobe-flashplugin_10.2.153.1-0karmic1.dsc 7462be3e6f432ee57b9ca83b23aac0bb7e2df3b3 3609 adobe-flashplugin_10.2.153.1-0karmic1.diff.gz Checksums-Sha256: 90723fd5eca343e5af1d7b19b5b17cf27e236e51b99475c9f65b56f46936ed36 1157 adobe-flashplugin_10.2.153.1-0karmic1.dsc 011d59481473fba947d9946a70ca71ecde8e549e5c399de0ef2d5e2ba0714f11 3609 adobe-flashplugin_10.2.153.1-0karmic1.diff.gz Files: 7719bb12b6b514091d104be1f55a2dfd 1157 partner/web optional adobe-flashplugin_10.2.153.1-0karmic1.dsc 3a1aad9a4f4442cc6e6491c08ee7493e 3609 partner/web optional adobe-flashplugin_10.2.153.1-0karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2I0EIACgkQOb4zNfJqN5cIowCeJKMxdTSsiDa0cfdGJQiMqKJR MawAn2GfRhCUZp9hsNCTLILPKxPbpkQi =I6rY -----END PGP SIGNATURE----- From archive at ubuntu.com Wed Mar 23 17:04:02 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 23 Mar 2011 17:04:02 -0000 Subject: [ubuntu/karmic-security] flashplugin-nonfree, flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1_i386_translations.tar.gz, flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1_lpia_translations.tar.gz (delayed) 10.2.153.1ubuntu0.9.10.1 (Accepted) Message-ID: <20110323170402.3709.52107.launchpad@cocoplum.canonical.com> flashplugin-nonfree (10.2.153.1ubuntu0.9.10.1) karmic-security; urgency=low * SECURITY UPDATE: New upstream release 10.2.153.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0609 * debian/postinst: make wget use the proxy defined for apt and decrease number of tries to a reasonable amount. (LP: #580523) Date: Wed, 23 Mar 2011 08:55:34 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/flashplugin-nonfree/10.2.153.1ubuntu0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 23 Mar 2011 08:55:34 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.2.153.1ubuntu0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.2.153.1ubuntu0.9.10.1) karmic-security; urgency=low . * SECURITY UPDATE: New upstream release 10.2.153.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0609 * debian/postinst: make wget use the proxy defined for apt and decrease number of tries to a reasonable amount. (LP: #580523) Checksums-Sha1: b1636b755fa8f6455ea89ff03b8e3bbaa7d9100c 1631 flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1.dsc e7e05a374daafba3394493e471f9baa529f4a0bd 26532 flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1.tar.gz Checksums-Sha256: 266f52b21447fba971688ec7b5b35c18f568b246388f9e7400d9bcefd8056c2a 1631 flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1.dsc 36e1f6c6a712ee80c2c81087133442c65aa658945ed3ea0099e20cd7759c6987 26532 flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1.tar.gz Files: 6493d17a2619703f2c66e5322cf1135b 1631 contrib/web optional flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1.dsc cc2ac1cf4d94e60396f75148608fe1b6 26532 contrib/web optional flashplugin-nonfree_10.2.153.1ubuntu0.9.10.1.tar.gz Launchpad-Bugs-Fixed: 580523 Original-Maintainer: Bart Martens From archive at ubuntu.com Fri Mar 25 06:04:32 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 25 Mar 2011 06:04:32 -0000 Subject: [ubuntu/karmic-security] loggerhead, loggerhead (delayed) 1.17-0ubuntu1.1 (Accepted) Message-ID: <20110325060432.648.16025.launchpad@cocoplum.canonical.com> loggerhead (1.17-0ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch contents. (LP: #740142) - debian/patches/bug-740142.diff: improve escaping of filenames. - CVE-2011-0728 Date: Thu, 24 Mar 2011 14:01:44 +1100 Changed-By: William Grant Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/loggerhead/1.17-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Thu, 24 Mar 2011 14:01:44 +1100 Source: loggerhead Binary: loggerhead Architecture: source Version: 1.17-0ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: William Grant Description: loggerhead - Web viewer for Bazaar Changes: loggerhead (1.17-0ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch contents. (LP: #740142) - debian/patches/bug-740142.diff: improve escaping of filenames. - CVE-2011-0728 Checksums-Sha1: a3876114e4e6bd674dbe9a61d9e0e47d0d4a48fb 2066 loggerhead_1.17-0ubuntu1.1.dsc a1dc051d09b1d5a1a053eb55b471e031c3cfa55f 6213 loggerhead_1.17-0ubuntu1.1.diff.gz Checksums-Sha256: 440c9e41a7453005bef78154e0b159406e23ef76d926cbf406975923967a0f2c 2066 loggerhead_1.17-0ubuntu1.1.dsc b39e199e3bdab575d045f77f1a9b4c757f74dc7b759bd7535eb88a14d090e90a 6213 loggerhead_1.17-0ubuntu1.1.diff.gz Files: 9113d70efa37636d9a9337cea6e03867 2066 devel optional loggerhead_1.17-0ubuntu1.1.dsc 745fee0fb9914d26eec9a0326a579555 6213 devel optional loggerhead_1.17-0ubuntu1.1.diff.gz Launchpad-Bugs-Fixed: 740142 Original-Maintainer: Debian Bazaar Maintainers From archive at ubuntu.com Tue Mar 29 14:05:40 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 29 Mar 2011 14:05:40 -0000 Subject: [ubuntu/karmic-security] libvirt_0.7.0-1ubuntu13.3_armel_translations.tar.gz, libvirt_0.7.0-1ubuntu13.3_lpia_translations.tar.gz, libvirt, libvirt_0.7.0-1ubuntu13.3_ia64_translations.tar.gz, libvirt_0.7.0-1ubuntu13.3_i386_translations.tar.gz, libvirt_0.7.0-1ubuntu13.3_powerpc_translations.tar.gz, libvirt_0.7.0-1ubuntu13.3_amd64_translations.tar.gz, libvirt_0.7.0-1ubuntu13.3_sparc_translations.tar.gz (delayed) 0.7.0-1ubuntu13.3 (Accepted) Message-ID: <20110329140540.10296.6794.launchpad@cocoplum.canonical.com> libvirt (0.7.0-1ubuntu13.3) karmic-security; urgency=low * SECURITY UPDATE: debian/patches/9902-CVE-2011-1146.patch: Add missing checks for read only connections. - CVE-2011-1146 Date: Tue, 15 Mar 2011 16:23:44 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/libvirt/0.7.0-1ubuntu13.3 -------------- next part -------------- Format: 1.8 Date: Tue, 15 Mar 2011 16:23:44 -0500 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.7.0-1ubuntu13.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Changes: libvirt (0.7.0-1ubuntu13.3) karmic-security; urgency=low . * SECURITY UPDATE: debian/patches/9902-CVE-2011-1146.patch: Add missing checks for read only connections. - CVE-2011-1146 Checksums-Sha1: 3bb943a005bd4ff80224baf53650cf49ff0251f7 2484 libvirt_0.7.0-1ubuntu13.3.dsc d0c1ca935de8d35ddc56112c601d3f0d1d27875b 745434 libvirt_0.7.0-1ubuntu13.3.diff.gz Checksums-Sha256: 3aa034e3d17ccb2bc2b5374286907c7bd6317d44b50c5cdefaa114eb708c7c4f 2484 libvirt_0.7.0-1ubuntu13.3.dsc 017bf7d3548c557c3c05560a4d60c40b4b4d6dd92a24bb213831b038674eb84c 745434 libvirt_0.7.0-1ubuntu13.3.diff.gz Files: 81391a8821631250e9ab258d89267770 2484 libs optional libvirt_0.7.0-1ubuntu13.3.dsc 18fdae17991560abb61812be87dc69ee 745434 libs optional libvirt_0.7.0-1ubuntu13.3.diff.gz Original-Maintainer: Debian Libvirt Maintainers From archive at ubuntu.com Tue Mar 29 17:04:48 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 29 Mar 2011 17:04:48 -0000 Subject: [ubuntu/karmic-security] tomcat6, tomcat6 (delayed) 6.0.20-2ubuntu2.4 (Accepted) Message-ID: <20110329170448.17044.2908.launchpad@cocoplum.canonical.com> tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 Date: Thu, 24 Mar 2011 13:58:06 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/tomcat6/6.0.20-2ubuntu2.4 -------------- next part -------------- Format: 1.8 Date: Thu, 24 Mar 2011 13:58:06 -0400 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: source Version: 6.0.20-2ubuntu2.4 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6 - Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- example web applications tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low . * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 Checksums-Sha1: 2f74bcbdfdbda800c52a5b15e91dad8999aff0eb 2199 tomcat6_6.0.20-2ubuntu2.4.dsc 38da0705b7631c553415a00de5a1e48428fa6a6a 30146 tomcat6_6.0.20-2ubuntu2.4.diff.gz Checksums-Sha256: 139e4c20a13efca33ec6e8186c695a25b71fbd937e4d3788c4ef18b12a520d53 2199 tomcat6_6.0.20-2ubuntu2.4.dsc 65bf256c884ec18a78dbb19d3c00a5f80dcf50e452aee39d13a66e4cb52bc9d3 30146 tomcat6_6.0.20-2ubuntu2.4.diff.gz Files: 24aa6255ebff7bd1eb07dfa60724e814 2199 java optional tomcat6_6.0.20-2ubuntu2.4.dsc 368440fa70bc0db3761dabf5f2709dda 30146 java optional tomcat6_6.0.20-2ubuntu2.4.diff.gz Launchpad-Bugs-Fixed: 714239 717396 717396 Original-Maintainer: Debian Java Maintainers From archive at ubuntu.com Tue Mar 29 17:05:12 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 29 Mar 2011 17:05:12 -0000 Subject: [ubuntu/karmic-security] subversion_1.6.5dfsg-1ubuntu1.2_i386_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.2_amd64_translations.tar.gz, subversion, subversion_1.6.5dfsg-1ubuntu1.2_powerpc_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.2_sparc_translations.tar.gz (delayed), subversion_1.6.5dfsg-1ubuntu1.2_lpia_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.2_ia64_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.2_armel_translations.tar.gz 1.6.5dfsg-1ubuntu1.2 (Accepted) Message-ID: <20110329170512.17044.85785.launchpad@cocoplum.canonical.com> subversion (1.6.5dfsg-1ubuntu1.2) karmic-security; urgency=low * SECURITY UPDATE: denial of service via request containing lock token - debian/patches/CVE-2011-0715.patch: correctly handle locks being passed when authn isn't enabled in subversion/mod_dav_svn/repos.c, subversion/mod_dav_svn/version.c. - CVE-2011-0715 Date: Mon, 21 Mar 2011 16:55:09 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/subversion/1.6.5dfsg-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Mon, 21 Mar 2011 16:55:09 -0400 Source: subversion Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby Architecture: source Version: 1.6.5dfsg-1ubuntu1.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1 - Shared libraries used by Subversion python-subversion - Python bindings for Subversion python-subversion-dbg - Python bindings for Subversion (debug extension) subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion Changes: subversion (1.6.5dfsg-1ubuntu1.2) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via request containing lock token - debian/patches/CVE-2011-0715.patch: correctly handle locks being passed when authn isn't enabled in subversion/mod_dav_svn/repos.c, subversion/mod_dav_svn/version.c. - CVE-2011-0715 Checksums-Sha1: 3cb575a58cd690eb5560a717aab2d27d25fe313e 2667 subversion_1.6.5dfsg-1ubuntu1.2.dsc c9b5ec3507eae2ccc4e4f5c5c75ddd82b2bdc250 96776 subversion_1.6.5dfsg-1ubuntu1.2.diff.gz Checksums-Sha256: abbeb5846b341c6d2227afb942b1c81c2f5a17a757324ae057dae884e22adba5 2667 subversion_1.6.5dfsg-1ubuntu1.2.dsc f5adf1570fc2aabad194ca41fcbe05a2b959f5245a1178dca033e7769b12ea0a 96776 subversion_1.6.5dfsg-1ubuntu1.2.diff.gz Files: f17b0e219167efa2dbbbec4e1b7971ea 2667 vcs optional subversion_1.6.5dfsg-1ubuntu1.2.dsc 9f334ecddc824d700bb54cde251c4d6c 96776 vcs optional subversion_1.6.5dfsg-1ubuntu1.2.diff.gz Original-Maintainer: Peter Samuelson From archive at ubuntu.com Tue Mar 29 17:05:39 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 29 Mar 2011 17:05:39 -0000 Subject: [ubuntu/karmic-security] quagga_0.99.13-1ubuntu0.2_amd64_translations.tar.gz, quagga_0.99.13-1ubuntu0.2_ia64_translations.tar.gz, quagga_0.99.13-1ubuntu0.2_i386_translations.tar.gz, quagga_0.99.13-1ubuntu0.2_armel_translations.tar.gz, quagga_0.99.13-1ubuntu0.2_powerpc_translations.tar.gz, quagga, quagga_0.99.13-1ubuntu0.2_sparc_translations.tar.gz (delayed), quagga_0.99.13-1ubuntu0.2_lpia_translations.tar.gz 0.99.13-1ubuntu0.2 (Accepted) Message-ID: <20110329170539.17044.34891.launchpad@cocoplum.canonical.com> quagga (0.99.13-1ubuntu0.2) karmic-security; urgency=low * SECURITY UPDATE: denial of service via malformed extended communities - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended communities in bgpd/bgp_attr.c. - CVE-2010-1674 * SECURITY UPDATE: denial of service via AS_PATHLIMIT - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support in bgpd/bgp_attr.c. - CVE-2010-1675 Date: Wed, 23 Mar 2011 14:16:30 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/quagga/0.99.13-1ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Wed, 23 Mar 2011 14:16:30 -0400 Source: quagga Binary: quagga quagga-doc Architecture: source Version: 0.99.13-1ubuntu0.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: quagga - BGP/OSPF/RIP routing daemon quagga-doc - documentation files for quagga Changes: quagga (0.99.13-1ubuntu0.2) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via malformed extended communities - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended communities in bgpd/bgp_attr.c. - CVE-2010-1674 * SECURITY UPDATE: denial of service via AS_PATHLIMIT - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support in bgpd/bgp_attr.c. - CVE-2010-1675 Checksums-Sha1: 94143bac443fd3627912d3b91eb4bfc514678e6b 2062 quagga_0.99.13-1ubuntu0.2.dsc 30b1a2812ccfe399ead5cb1d23d40f4f459a8e0d 36744 quagga_0.99.13-1ubuntu0.2.diff.gz Checksums-Sha256: bf57027d67eca3c2edef80718cc66e534b11654456ed9f2d12b558568bc0028b 2062 quagga_0.99.13-1ubuntu0.2.dsc 7050e4f5ebe125cfa42cd1b03e0d45fc6169e5cdb75f1c46f244fa05cf309612 36744 quagga_0.99.13-1ubuntu0.2.diff.gz Files: f56ce9074d4b944d1ac402917751c8d2 2062 net optional quagga_0.99.13-1ubuntu0.2.dsc ca2b7bc99044a0cd3a9dca3074092d7e 36744 net optional quagga_0.99.13-1ubuntu0.2.diff.gz Original-Maintainer: Christian Hammers From archive at ubuntu.com Tue Mar 29 17:20:16 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 29 Mar 2011 17:20:16 -0000 Subject: [ubuntu/karmic-security] vsftpd_2.2.0-1ubuntu2.1_lpia_translations.tar.gz, vsftpd_2.2.0-1ubuntu2.1_armel_translations.tar.gz, vsftpd_2.2.0-1ubuntu2.1_amd64_translations.tar.gz, vsftpd, vsftpd_2.2.0-1ubuntu2.1_i386_translations.tar.gz, vsftpd_2.2.0-1ubuntu2.1_ia64_translations.tar.gz, vsftpd_2.2.0-1ubuntu2.1_sparc_translations.tar.gz (delayed), vsftpd_2.2.0-1ubuntu2.1_powerpc_translations.tar.gz 2.2.0-1ubuntu2.1 (Accepted) Message-ID: <20110329172016.24364.44667.launchpad@cocoplum.canonical.com> vsftpd (2.2.0-1ubuntu2.1) karmic-security; urgency=low * SECURITY UPDATE: denial of service via crafted glob expressions - debian/patches/11-CVE-2011-0762.patch: limit number of iterations in access.c, defs.h, ls.*. - CVE-2011-0762 Date: Fri, 25 Mar 2011 14:52:24 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/vsftpd/2.2.0-1ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Fri, 25 Mar 2011 14:52:24 -0400 Source: vsftpd Binary: vsftpd Architecture: source Version: 2.2.0-1ubuntu2.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: vsftpd - lightweight, efficient FTP server written for security Changes: vsftpd (2.2.0-1ubuntu2.1) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via crafted glob expressions - debian/patches/11-CVE-2011-0762.patch: limit number of iterations in access.c, defs.h, ls.*. - CVE-2011-0762 Checksums-Sha1: b1d5e401de273c365fb53a40a64080b9035e8140 1953 vsftpd_2.2.0-1ubuntu2.1.dsc 727bce6f66c4d9fd75e9f4d4ccbffdf6a83905a7 21979 vsftpd_2.2.0-1ubuntu2.1.diff.gz Checksums-Sha256: e2ee1eabfece91726b0491c6f21d3b79ca887fa9cad0d6eecd6a836d49c56bc5 1953 vsftpd_2.2.0-1ubuntu2.1.dsc 8c512eb49711795db5650737c4a6e4b8e2e8a4369a665071b2d56bb77c8a09b9 21979 vsftpd_2.2.0-1ubuntu2.1.diff.gz Files: d2e3c06692c03cfbc97c6d154ebd804c 1953 net extra vsftpd_2.2.0-1ubuntu2.1.dsc 313708203c8a095a998ddaf8f835050b 21979 net extra vsftpd_2.2.0-1ubuntu2.1.diff.gz Original-Maintainer: Daniel Baumann From andreas at canonical.com Wed Mar 30 21:09:27 2011 From: andreas at canonical.com (Andreas Hasenack) Date: Wed, 30 Mar 2011 21:09:27 -0000 Subject: [ubuntu/karmic-proposed] landscape-client 11.02-0ubuntu0.9.10.0 (Accepted) Message-ID: <20110330210927.17648.6538.launchpad@wampee.canonical.com> landscape-client (11.02-0ubuntu0.9.10.0) karmic-proposed; urgency=low * New upstream version (LP: #727324) - Exit gracefully instead of crashing when the filesystem is read-only (LP: #649997). - Drop hal requirement (LP: #708502). - Enable HTTP compression in Curl (LP: #297623). - Explicitly name log files that need to be rotated (LP: #634236). - Assorted test suite fixes. - Use a better load check for the sysinfo wrapper, taking into account the number of cores (LP: #643565). - Add an option to bootstrap cloud instances using cloud-init (LP: #701972). - Fix packaging for Natty (LP: #688115). - Force deletion of all the persist data for the monitoring plugins at resynchronization, instead of relying each one of them to do (LP: #688161). - Don't send the mount-activity message to the server anymore (LP: #688514). - Workaround a new behavior in NetworkManager where getfqdn would report localhost instead of useful hostname (LP: #649142). Date: Tue, 01 Mar 2011 15:38:11 -0300 Changed-By: Andreas Hasenack Maintainer: Ubuntu Developers Signed-By: Chuck Short https://launchpad.net/ubuntu/karmic/+source/landscape-client/11.02-0ubuntu0.9.10.0 -------------- next part -------------- Format: 1.8 Date: Tue, 01 Mar 2011 15:38:11 -0300 Source: landscape-client Binary: landscape-common landscape-client Architecture: source Version: 11.02-0ubuntu0.9.10.0 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Andreas Hasenack Description: landscape-client - The Landscape administration system client landscape-common - The Landscape administration system client Launchpad-Bugs-Fixed: 297623 634236 643565 649142 649997 688115 688161 688514 701972 708502 727324 Changes: landscape-client (11.02-0ubuntu0.9.10.0) karmic-proposed; urgency=low . * New upstream version (LP: #727324) . - Exit gracefully instead of crashing when the filesystem is read-only (LP: #649997). . - Drop hal requirement (LP: #708502). . - Enable HTTP compression in Curl (LP: #297623). . - Explicitly name log files that need to be rotated (LP: #634236). . - Assorted test suite fixes. . - Use a better load check for the sysinfo wrapper, taking into account the number of cores (LP: #643565). . - Add an option to bootstrap cloud instances using cloud-init (LP: #701972). . - Fix packaging for Natty (LP: #688115). . - Force deletion of all the persist data for the monitoring plugins at resynchronization, instead of relying each one of them to do (LP: #688161). . - Don't send the mount-activity message to the server anymore (LP: #688514). . - Workaround a new behavior in NetworkManager where getfqdn would report localhost instead of useful hostname (LP: #649142). Checksums-Sha1: 42bcc3130244c16f990b4df3c029aa7110f96fe0 1310 landscape-client_11.02-0ubuntu0.9.10.0.dsc 65fc7d94c5092f3802924c56a7a4e92b87f136ec 442480 landscape-client_11.02.orig.tar.gz 631386bc52180fb2ec31edb051d326f51b571fc6 22464 landscape-client_11.02-0ubuntu0.9.10.0.diff.gz Checksums-Sha256: e0586d22a796f5f9282c28952554752a7dad40b13ff55d0f584cafe5baea6f2c 1310 landscape-client_11.02-0ubuntu0.9.10.0.dsc e68e025f066b19d8825b3b907f86a17182595d741796c4889ba2c808cc689561 442480 landscape-client_11.02.orig.tar.gz 557c0660ac5fb26944d6a3f774ba37f90c97106d49b1134b35da7f7ba7a1b106 22464 landscape-client_11.02-0ubuntu0.9.10.0.diff.gz Files: 1e3984bb51b7040e4fb2b3d9e2249866 1310 admin optional landscape-client_11.02-0ubuntu0.9.10.0.dsc 776cb0227f3a0205776907f976e28513 442480 admin optional landscape-client_11.02.orig.tar.gz e1c9daa8b26d280fc338ec98739187ab 22464 admin optional landscape-client_11.02-0ubuntu0.9.10.0.diff.gz Original-Maintainer: Landscape Team From archive at ubuntu.com Wed Mar 30 22:07:24 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 30 Mar 2011 22:07:24 -0000 Subject: [ubuntu/karmic-security] gdm_2.28.1-0ubuntu2.3_amd64_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_sparc_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_ia64_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_static_translations.tar.gz (delayed), gdm_2.28.1-0ubuntu2.3_lpia_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_i386_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_armel_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_powerpc_translations.tar.gz, gdm_2.28.1-0ubuntu2.3_static_translations.tar.gz, gdm 2.28.1-0ubuntu2.3 (Accepted) Message-ID: <20110330220724.1715.48899.launchpad@cocoplum.canonical.com> gdm (2.28.1-0ubuntu2.3) karmic-security; urgency=low * SECURITY UPDATE: race condition allowing privilege escalation - debian/patches/27_CVE-2011-0727.patch: fix daemon/gdm-session-worker.c to copy files as session user rather than root followed by a subsequent chown. - CVE-2011-0727 Date: Tue, 29 Mar 2011 00:22:45 -0700 Changed-By: Steve Beattie Maintainer: Sebastien Bacher https://launchpad.net/ubuntu/karmic/+source/gdm/2.28.1-0ubuntu2.3 -------------- next part -------------- Format: 1.8 Date: Tue, 29 Mar 2011 00:22:45 -0700 Source: gdm Binary: gdm Architecture: source Version: 2.28.1-0ubuntu2.3 Distribution: karmic-security Urgency: low Maintainer: Sebastien Bacher Changed-By: Steve Beattie Description: gdm - GNOME Display Manager Changes: gdm (2.28.1-0ubuntu2.3) karmic-security; urgency=low . * SECURITY UPDATE: race condition allowing privilege escalation - debian/patches/27_CVE-2011-0727.patch: fix daemon/gdm-session-worker.c to copy files as session user rather than root followed by a subsequent chown. - CVE-2011-0727 Checksums-Sha1: 5bcdbc6e44fa3cd0145bddf15f6843b977a3928f 2168 gdm_2.28.1-0ubuntu2.3.dsc 6aef5d3be95e18fe649efc27b5bdb417c14f6201 769588 gdm_2.28.1-0ubuntu2.3.diff.gz Checksums-Sha256: 014253d8b36a767e5735ccb1b40e808c8353163c6da6d72bac4abee91afd04c4 2168 gdm_2.28.1-0ubuntu2.3.dsc 7114b406a521cee2103a0bf50282965bcd9274dee66d51bf6e9826270173970a 769588 gdm_2.28.1-0ubuntu2.3.diff.gz Files: 09c46d7f6f577daa95f47643025ea67c 2168 gnome optional gdm_2.28.1-0ubuntu2.3.dsc 17bc09f417591f1913940d47cec9cc35 769588 gnome optional gdm_2.28.1-0ubuntu2.3.diff.gz From archive at ubuntu.com Thu Mar 31 13:04:02 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 31 Mar 2011 13:04:02 -0000 Subject: [ubuntu/karmic-security] openldap_2.4.18-0ubuntu1.2_lpia_translations.tar.gz, openldap_2.4.18-0ubuntu1.2_armel_translations.tar.gz, openldap_2.4.18-0ubuntu1.2_amd64_translations.tar.gz, openldap_2.4.18-0ubuntu1.2_sparc_translations.tar.gz (delayed), openldap_2.4.18-0ubuntu1.2_i386_translations.tar.gz, openldap, openldap_2.4.18-0ubuntu1.2_ia64_translations.tar.gz, openldap_2.4.18-0ubuntu1.2_powerpc_translations.tar.gz 2.4.18-0ubuntu1.2 (Accepted) Message-ID: <20110331130402.10056.95238.launchpad@cocoplum.canonical.com> openldap (2.4.18-0ubuntu1.2) karmic-security; urgency=low * SECURITY UPDATE: fix successful anonymous bind via chain overlay when using forwarded authentication failures - debian/patches/CVE-2011-1024 - CVE-2011-1024 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb backend. Note: Ubuntu is not compiled with --enable-ndb by default - debian/patches/CVE-2011-1025 - CVE-2011-1025 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests and requestDN is empty - debian/patches/CVE-2011-1081 - CVE-2011-1081 Date: Wed, 16 Mar 2011 10:17:57 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/openldap/2.4.18-0ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Wed, 16 Mar 2011 10:17:57 -0500 Source: openldap Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source Version: 2.4.18-0ubuntu1.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) Changes: openldap (2.4.18-0ubuntu1.2) karmic-security; urgency=low . * SECURITY UPDATE: fix successful anonymous bind via chain overlay when using forwarded authentication failures - debian/patches/CVE-2011-1024 - CVE-2011-1024 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb backend. Note: Ubuntu is not compiled with --enable-ndb by default - debian/patches/CVE-2011-1025 - CVE-2011-1025 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests and requestDN is empty - debian/patches/CVE-2011-1081 - CVE-2011-1081 Checksums-Sha1: 765f44c97b509615bbfcbcce3f67220a502f4c41 2591 openldap_2.4.18-0ubuntu1.2.dsc 23cf43eb17199624c25318a6339d7d7dcffb1568 150185 openldap_2.4.18-0ubuntu1.2.diff.gz Checksums-Sha256: d3991b2f6965999d98d1a2bbf17070303e36e5ba4f33f4f2818c79316ae160d2 2591 openldap_2.4.18-0ubuntu1.2.dsc 5098cc4407d32a30c3d292755876c150f5fdc3e3eea2f03c99b45b92de95e3a8 150185 openldap_2.4.18-0ubuntu1.2.diff.gz Files: 446cb476a72e73e9fcae9a56996349aa 2591 net optional openldap_2.4.18-0ubuntu1.2.dsc 8b9f99d1ab9523b3eead801e0b92f23f 150185 net optional openldap_2.4.18-0ubuntu1.2.diff.gz Original-Maintainer: Debian OpenLDAP Maintainers