From simon.deziel at gmail.com Mon Dec 5 06:19:45 2011 From: simon.deziel at gmail.com (Simon Deziel) Date: Mon, 05 Dec 2011 06:19:45 -0000 Subject: [ubuntu/lucid-proposed] libvirt 0.7.5-5ubuntu27.20 (Accepted) Message-ID: <20111205061945.12780.34877.launchpad@wampee.canonical.com> libvirt (0.7.5-5ubuntu27.20) lucid-proposed; urgency=low * Fix parsing of 'info migration' from upstream git. (LP: #869590) Date: Thu, 06 Oct 2011 23:14:08 +0000 Changed-By: Simon Deziel Maintainer: Ubuntu Developers Signed-By: Serge Hallyn https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu27.20 -------------- next part -------------- Format: 1.8 Date: Thu, 06 Oct 2011 23:14:08 +0000 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.7.5-5ubuntu27.20 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Simon Deziel Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Launchpad-Bugs-Fixed: 869590 Changes: libvirt (0.7.5-5ubuntu27.20) lucid-proposed; urgency=low . * Fix parsing of 'info migration' from upstream git. (LP: #869590) Checksums-Sha1: 8a236f36f5711ee47e892a880967c8128d08d40a 2292 libvirt_0.7.5-5ubuntu27.20.dsc a5a66408754d8f8f1e8742e6db16bbd3b5f50828 92431 libvirt_0.7.5-5ubuntu27.20.diff.gz Checksums-Sha256: 85ac172f7d28e1d38aee89bb20e736f08d23524b1311d1fac01c09f5bc1aff38 2292 libvirt_0.7.5-5ubuntu27.20.dsc f0813649996ba7b82e4d38b4afc35b11ddb920353b98c89ca0af6981937c6c2f 92431 libvirt_0.7.5-5ubuntu27.20.diff.gz Files: 74ec0cc7bbb2f4365e3909dbc70d7ab4 2292 libs optional libvirt_0.7.5-5ubuntu27.20.dsc c91d0d96fcb58ff785d9ad6bc1071bdf 92431 libs optional libvirt_0.7.5-5ubuntu27.20.diff.gz Original-Maintainer: Debian Libvirt Maintainers From clint at ubuntu.com Mon Dec 5 06:20:24 2011 From: clint at ubuntu.com (Clint Byrum) Date: Mon, 05 Dec 2011 06:20:24 -0000 Subject: [ubuntu/lucid-proposed] memcached 1.4.2-1ubuntu4 (Accepted) Message-ID: <20111205062024.32027.69639.launchpad@gac.canonical.com> memcached (1.4.2-1ubuntu4) lucid-proposed; urgency=low * debian/patches/fix-issue-102-segfault.patch: use strncmp the way the upstream code does. Prevents multigets from failing. (LP: #637114) * debian/patchex/fix-ubuntu-ftbfs.patch: dropped Date: Tue, 29 Nov 2011 22:57:21 -0800 Changed-By: Clint Byrum Maintainer: Ubuntu MOTU Developers https://launchpad.net/ubuntu/lucid/+source/memcached/1.4.2-1ubuntu4 -------------- next part -------------- Format: 1.8 Date: Tue, 29 Nov 2011 22:57:21 -0800 Source: memcached Binary: memcached Architecture: source Version: 1.4.2-1ubuntu4 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu MOTU Developers Changed-By: Clint Byrum Description: memcached - A high-performance memory object caching system Launchpad-Bugs-Fixed: 637114 Changes: memcached (1.4.2-1ubuntu4) lucid-proposed; urgency=low . * debian/patches/fix-issue-102-segfault.patch: use strncmp the way the upstream code does. Prevents multigets from failing. (LP: #637114) * debian/patchex/fix-ubuntu-ftbfs.patch: dropped Checksums-Sha1: 4d49bca192799af1618cbe9229ebc1854a2b0158 1482 memcached_1.4.2-1ubuntu4.dsc 60be6194bda6d6132c7fda43d5d23c4bfc88d6d7 10875 memcached_1.4.2-1ubuntu4.diff.gz Checksums-Sha256: feb136cfa0a9357e927ec8403f8f5348923be25623ef4b65251f0bf12186ce0e 1482 memcached_1.4.2-1ubuntu4.dsc 9af16a474b0fdb32eb182ebea239beb610fe71bea71b998039f02e416c521c01 10875 memcached_1.4.2-1ubuntu4.diff.gz Files: 67c2f1d9f4be674c67dc557461c3642f 1482 web optional memcached_1.4.2-1ubuntu4.dsc 87b69a81e1ffe5e370f14cfd8103b23e 10875 web optional memcached_1.4.2-1ubuntu4.diff.gz Original-Maintainer: David Martínez Moreno From michael.vogt at ubuntu.com Mon Dec 5 06:20:50 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Mon, 05 Dec 2011 06:20:50 -0000 Subject: [ubuntu/lucid-proposed] unattended-upgrades 0.55ubuntu7 (Accepted) Message-ID: <20111205062050.31929.5537.launchpad@gac.canonical.com> unattended-upgrades (0.55ubuntu7) lucid-proposed; urgency=low * backport lp:~mvo/unattended-upgrades/unshadow-versions to fix versions in -updates shadowing versions in -security (LP: #891747) * print conffile hold-backs to stdout to ensure its part of the cron mail (LP: #773007), thanks to Jean-Baptiste Lallement Date: Wed, 30 Nov 2011 09:34:06 +0100 Changed-By: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/unattended-upgrades/0.55ubuntu7 -------------- next part -------------- Format: 1.8 Date: Wed, 30 Nov 2011 09:34:06 +0100 Source: unattended-upgrades Binary: unattended-upgrades Architecture: source Version: 0.55ubuntu7 Distribution: lucid-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Michael Vogt Description: unattended-upgrades - automatic installation of security upgrades Launchpad-Bugs-Fixed: 773007 891747 Changes: unattended-upgrades (0.55ubuntu7) lucid-proposed; urgency=low . * backport lp:~mvo/unattended-upgrades/unshadow-versions to fix versions in -updates shadowing versions in -security (LP: #891747) * print conffile hold-backs to stdout to ensure its part of the cron mail (LP: #773007), thanks to Jean-Baptiste Lallement Checksums-Sha1: 037d747fa228af9010d9e9734113bebbba67b68b 988 unattended-upgrades_0.55ubuntu7.dsc 4b55ede28bae5253068f71d3907b8d45489d4938 38152 unattended-upgrades_0.55ubuntu7.tar.gz Checksums-Sha256: cdcf1e3e59230aad3c1ea6c8391a261e34ba97bd885dfeb32a6b4c19c0e246dd 988 unattended-upgrades_0.55ubuntu7.dsc 63d585bc0f6cece207689d6f3f6142b307fbf1bf10564a2336d2fba0b92a34d1 38152 unattended-upgrades_0.55ubuntu7.tar.gz Files: fc94125ac28e6dc58d2764e9d906cea5 988 admin optional unattended-upgrades_0.55ubuntu7.dsc 4c71495fe7ee61350befeb6002b2244d 38152 admin optional unattended-upgrades_0.55ubuntu7.tar.gz From serge.hallyn at ubuntu.com Mon Dec 5 06:22:29 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Mon, 05 Dec 2011 06:22:29 -0000 Subject: [ubuntu/lucid-proposed] ii 1.4-3ubuntu0.10.04.1 (Accepted) Message-ID: <20111205062229.32326.72067.launchpad@gac.canonical.com> ii (1.4-3ubuntu0.10.04.1) lucid-proposed; urgency=low * create 'in' FIFO on receiving privmsg. Otherwise, if in gets created as a regular file by another tool or by the user, ii can end up crashing. (LP: #899494) Date: Fri, 02 Dec 2011 22:38:44 -0600 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers Signed-By: Evan Broder https://launchpad.net/ubuntu/lucid/+source/ii/1.4-3ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Fri, 02 Dec 2011 22:38:44 -0600 Source: ii Binary: ii Architecture: source Version: 1.4-3ubuntu0.10.04.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: ii - minimalist FIFO and filesystem-based IRC client Launchpad-Bugs-Fixed: 899494 Changes: ii (1.4-3ubuntu0.10.04.1) lucid-proposed; urgency=low . * create 'in' FIFO on receiving privmsg. Otherwise, if in gets created as a regular file by another tool or by the user, ii can end up crashing. (LP: #899494) Checksums-Sha1: 26b57995ac0b740d013b2bd5e74b9c9a7ea4275a 1707 ii_1.4-3ubuntu0.10.04.1.dsc 9689befe4168f1be85b1f29cb4f2085262b9214f 3430 ii_1.4-3ubuntu0.10.04.1.diff.gz Checksums-Sha256: 51b59ba8230adb5790af62c8cc255fb5fef9d9409638fba94593e8e3a018936c 1707 ii_1.4-3ubuntu0.10.04.1.dsc 83e309df775cba7b088fd40134232313a366f8b5437a0f138b1ac28ee0b03feb 3430 ii_1.4-3ubuntu0.10.04.1.diff.gz Files: 8c401174910a00eff151ef33373343a3 1707 net optional ii_1.4-3ubuntu0.10.04.1.dsc bd2785f34d56c584d7aad93bd906a219 3430 net optional ii_1.4-3ubuntu0.10.04.1.diff.gz Original-Maintainer: Nico Golde From jamie at ubuntu.com Wed Dec 7 00:09:46 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 07 Dec 2011 00:09:46 -0000 Subject: [ubuntu/lucid-security] vsftpd_2.2.2-3ubuntu6.3_i386_translations.tar.gz, vsftpd_2.2.2-3ubuntu6.3_powerpc_translations.tar.gz, vsftpd_2.2.2-3ubuntu6.3_ia64_translations.tar.gz, vsftpd_2.2.2-3ubuntu6.3_armel_translations.tar.gz, vsftpd, vsftpd_2.2.2-3ubuntu6.3_sparc_translations.tar.gz, vsftpd_2.2.2-3ubuntu6.3_amd64_translations.tar.gz 2.2.2-3ubuntu6.3 (Accepted) Message-ID: <20111207000946.23344.59214.launchpad@cocoplum.canonical.com> vsftpd (2.2.2-3ubuntu6.3) lucid-security; urgency=low * SECURITY UPDATE: remote DoS via network namespaces - debian/patches/12-CVE-2011-2189.patch: only use network namespaces on 2.6.36 and higher kernels - patch based on Debian's patch - CVE-2011-2189 Date: Thu, 01 Dec 2011 13:59:04 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/vsftpd/2.2.2-3ubuntu6.3 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Dec 2011 13:59:04 -0600 Source: vsftpd Binary: vsftpd Architecture: source Version: 2.2.2-3ubuntu6.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: vsftpd - lightweight, efficient FTP server written for security Changes: vsftpd (2.2.2-3ubuntu6.3) lucid-security; urgency=low . * SECURITY UPDATE: remote DoS via network namespaces - debian/patches/12-CVE-2011-2189.patch: only use network namespaces on 2.6.36 and higher kernels - patch based on Debian's patch - CVE-2011-2189 Checksums-Sha1: 384bbbe5dd2169e70365ade93d47c62be42e8121 1994 vsftpd_2.2.2-3ubuntu6.3.dsc 8f4b63ec508642e35cc5aa249fe25f3e922877ad 25881 vsftpd_2.2.2-3ubuntu6.3.diff.gz Checksums-Sha256: 90ae4896d94bfa87e6c4b07b5fbecb2972a73c59721bce0c2b9f0c3f4f89bf4a 1994 vsftpd_2.2.2-3ubuntu6.3.dsc 5d6730686e111c5bee6b9667df044a09d35b49aa9d175dc7772879bdcf842e97 25881 vsftpd_2.2.2-3ubuntu6.3.diff.gz Files: 28a337b81d6d20ae0250b9a9f118d3f8 1994 net extra vsftpd_2.2.2-3ubuntu6.3.dsc a53e2421bf889a5ee26718c1d419b7a9 25881 net extra vsftpd_2.2.2-3ubuntu6.3.diff.gz Original-Maintainer: Daniel Baumann From michael.vogt at ubuntu.com Thu Dec 8 15:17:02 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Thu, 08 Dec 2011 15:17:02 -0000 Subject: [ubuntu/lucid-proposed] release-upgrader-python-apt 0.8.0ubuntu9~upgrader1 (Accepted) Message-ID: <20111208151702.27652.60995.launchpad@wampee.canonical.com> release-upgrader-python-apt (0.8.0ubuntu9~upgrader1) lucid-proposed; urgency=low * backport of the multiarch enabled python-apt from oneiric to allow multiarch lucid->precise upgrades. This builds a release-upgrader-python-apt package that can be co-installed with the regular python-apt and provides its libs in the private /usr/share/release-upgrader-python-apt PYTHONPATH. Its used by the release upgrader only. Date: Thu, 08 Dec 2011 15:51:45 +0100 Changed-By: Michael Vogt Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/release-upgrader-python-apt/0.8.0ubuntu9~upgrader1 -------------- next part -------------- Format: 1.8 Date: Thu, 08 Dec 2011 15:51:45 +0100 Source: release-upgrader-python-apt Binary: release-upgrader-python-apt Architecture: source Version: 0.8.0ubuntu9~upgrader1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Michael Vogt Description: release-upgrader-python-apt - Release upgrader version of python interface to libapt-pkg Changes: release-upgrader-python-apt (0.8.0ubuntu9~upgrader1) lucid-proposed; urgency=low . * backport of the multiarch enabled python-apt from oneiric to allow multiarch lucid->precise upgrades. This builds a release-upgrader-python-apt package that can be co-installed with the regular python-apt and provides its libs in the private /usr/share/release-upgrader-python-apt PYTHONPATH. . Its used by the release upgrader only. Checksums-Sha1: 6cb7af66519f6de21b688f933b8eea176d757afe 1463 release-upgrader-python-apt_0.8.0ubuntu9~upgrader1.dsc 105b667303558e3c197c5e25154817f7a68ae973 356809 release-upgrader-python-apt_0.8.0ubuntu9~upgrader1.tar.gz Checksums-Sha256: bd840282508e2487dcae78137b18597233b95601cb9c5db207d9936172600532 1463 release-upgrader-python-apt_0.8.0ubuntu9~upgrader1.dsc e1e790b7cc71cc2686d4ffa0fd07b957f1f9e64f2e437a8c1428f19f96eadb3f 356809 release-upgrader-python-apt_0.8.0ubuntu9~upgrader1.tar.gz Files: e99e9dc99d4a118d1fc4c497b5585797 1463 python standard release-upgrader-python-apt_0.8.0ubuntu9~upgrader1.dsc c56fdaed68fa10bcf728b95596a89308 356809 python standard release-upgrader-python-apt_0.8.0ubuntu9~upgrader1.tar.gz Original-Maintainer: APT Development Team From michael.vogt at ubuntu.com Thu Dec 8 15:17:04 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Thu, 08 Dec 2011 15:17:04 -0000 Subject: [ubuntu/lucid-proposed] release-upgrader-apt 0.8.16~exp5ubuntu13~upgrader1 (Accepted) Message-ID: <20111208151704.27652.45016.launchpad@wampee.canonical.com> release-upgrader-apt (0.8.16~exp5ubuntu13~upgrader1) lucid-proposed; urgency=low * backport selected libs of "apt" from oneiric to make multiarch enabled upgrades from lucid to precise work. This includes: libapt-pkg4.11, libapt-inst1.3, release-upgrader-libapt-pkg-dev Note that no "apt" or "apt-utils" package is build Date: Thu, 08 Dec 2011 15:50:00 +0100 Changed-By: Michael Vogt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/release-upgrader-apt/0.8.16~exp5ubuntu13~upgrader1 -------------- next part -------------- Format: 1.8 Date: Thu, 08 Dec 2011 15:50:00 +0100 Source: release-upgrader-apt Binary: libapt-pkg4.11 libapt-inst1.3 release-upgrader-libapt-pkg-dev Architecture: source Version: 0.8.16~exp5ubuntu13~upgrader1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Michael Vogt Description: libapt-inst1.3 - APT's deb package format runtime library libapt-pkg4.11 - APT's package managment runtime library release-upgrader-libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst Changes: release-upgrader-apt (0.8.16~exp5ubuntu13~upgrader1) lucid-proposed; urgency=low . * backport selected libs of "apt" from oneiric to make multiarch enabled upgrades from lucid to precise work. This includes: libapt-pkg4.11, libapt-inst1.3, release-upgrader-libapt-pkg-dev . Note that no "apt" or "apt-utils" package is build Checksums-Sha1: 19e58de84aba14cb6d007d48687b3b27325bb2f5 1687 release-upgrader-apt_0.8.16~exp5ubuntu13~upgrader1.dsc 40b824ded06b87898f19dfd1a5712044c3ebfa99 3452157 release-upgrader-apt_0.8.16~exp5ubuntu13~upgrader1.tar.gz Checksums-Sha256: 130534d19c5f1ce1e65bd5bef178775b146ae27ff45f38de5bdc1c8ac8af9f87 1687 release-upgrader-apt_0.8.16~exp5ubuntu13~upgrader1.dsc c306d6af64675b3e79c7269fbc36093643dd2dfe6292662843ba87b456be5700 3452157 release-upgrader-apt_0.8.16~exp5ubuntu13~upgrader1.tar.gz Files: c5d9bb4eee900b5ae0eaa13221719519 1687 admin important release-upgrader-apt_0.8.16~exp5ubuntu13~upgrader1.dsc 8d8414b5c33a5e75ab23506812dc8a7d 3452157 admin important release-upgrader-apt_0.8.16~exp5ubuntu13~upgrader1.tar.gz Original-Maintainer: APT Development Team From tyhicks at canonical.com Thu Dec 8 23:05:20 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Thu, 08 Dec 2011 23:05:20 -0000 Subject: [ubuntu/lucid-security] acpid 1.0.10-5ubuntu2.5 (Accepted) Message-ID: <20111208230520.27477.68731.launchpad@cocoplum.canonical.com> acpid (1.0.10-5ubuntu2.5) lucid-security; urgency=low * SECURITY UPDATE: Arbitrary code execution in the power button handling script (LP: #893821) - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment variable is only read from a process owned by the user that will be evaluating the variable. - CVE-2011-2777 * SECURITY UPDATE: Unprivileged users may be able to write to directories and read files created by event handler scripts - event.c: Set a restrictive umask of 0077 before running an event handler script. Based on upstream patch. - CVE-2011-4578 Date: Wed, 07 Dec 2011 16:35:39 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/acpid/1.0.10-5ubuntu2.5 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 16:35:39 -0600 Source: acpid Binary: acpid Architecture: source Version: 1.0.10-5ubuntu2.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: acpid - Advanced Configuration and Power Interface event daemon Launchpad-Bugs-Fixed: 893821 Changes: acpid (1.0.10-5ubuntu2.5) lucid-security; urgency=low . * SECURITY UPDATE: Arbitrary code execution in the power button handling script (LP: #893821) - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment variable is only read from a process owned by the user that will be evaluating the variable. - CVE-2011-2777 * SECURITY UPDATE: Unprivileged users may be able to write to directories and read files created by event handler scripts - event.c: Set a restrictive umask of 0077 before running an event handler script. Based on upstream patch. - CVE-2011-4578 Checksums-Sha1: 03ba65fb0a4987caa82a0d019307a42df316c7ac 2048 acpid_1.0.10-5ubuntu2.5.dsc e97ca8511cc166ee149e66ea7cbd9c11d5a1736c 41940 acpid_1.0.10-5ubuntu2.5.diff.gz Checksums-Sha256: 17bee724444944174ad1b967704a9055d479e130ee86f2333199a9e3754f0d13 2048 acpid_1.0.10-5ubuntu2.5.dsc ca31b99d6cf669f1c8ae7fa82cec3244ba33faeae8e09099646415be8a65c56e 41940 acpid_1.0.10-5ubuntu2.5.diff.gz Files: a8d419b90ff82e591e25b2cdfc3633ce 2048 admin optional acpid_1.0.10-5ubuntu2.5.dsc c07690f771c602e135b3bed640756134 41940 admin optional acpid_1.0.10-5ubuntu2.5.diff.gz Original-Maintainer: Debian Acpi Team From jamie at ubuntu.com Fri Dec 9 00:08:05 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 09 Dec 2011 00:08:05 -0000 Subject: [ubuntu/lucid-security] python-django_1.1.1-2ubuntu1.4_i386_translations.tar.gz, python-django 1.1.1-2ubuntu1.4 (Accepted) Message-ID: <20111209000805.16122.47740.launchpad@cocoplum.canonical.com> python-django (1.1.1-2ubuntu1.4) lucid-security; urgency=low * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ Date: Wed, 07 Dec 2011 16:02:57 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.4 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 16:02:57 -0600 Source: python-django Binary: python-django python-django-doc Architecture: source Version: 1.1.1-2ubuntu1.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Changes: python-django (1.1.1-2ubuntu1.4) lucid-security; urgency=low . * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ Checksums-Sha1: 781ceb00bec9431c24fc1da8f8e12099d9784716 2215 python-django_1.1.1-2ubuntu1.4.dsc b5f37ab933a36efc87d519c03a5e35fd4bea4b2e 50152 python-django_1.1.1-2ubuntu1.4.diff.gz Checksums-Sha256: 46156f4761e5922c0165439d805613e9334064eb1a3f026750c344f2962e5356 2215 python-django_1.1.1-2ubuntu1.4.dsc 26f2a02f00de6879554d8cf7f09470719531771bc5c4ce5a04ef8fbc51ab30f5 50152 python-django_1.1.1-2ubuntu1.4.diff.gz Files: da57d6e7c19a409861d1ebe14b2b4ad8 2215 python optional python-django_1.1.1-2ubuntu1.4.dsc 3f08a38065b0eaa8784a8311b92e8eca 50152 python optional python-django_1.1.1-2ubuntu1.4.diff.gz Original-Maintainer: Chris Lamb From michael.vogt at ubuntu.com Fri Dec 9 11:51:05 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Fri, 09 Dec 2011 11:51:05 -0000 Subject: [ubuntu/lucid-proposed] release-upgrader-python-apt 0.8.0ubuntu9~upgrader2 (Accepted) Message-ID: <20111209115105.26491.72640.launchpad@soybean.canonical.com> release-upgrader-python-apt (0.8.0ubuntu9~upgrader2) lucid-proposed; urgency=low * use /usr/lib/release-upgrader-python-apt as the private PYTHONPATH as there are arch-dependant parts in it. Thanks to Martin Pitt Date: Fri, 09 Dec 2011 11:19:49 +0100 Changed-By: Michael Vogt Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/release-upgrader-python-apt/0.8.0ubuntu9~upgrader2 -------------- next part -------------- Format: 1.8 Date: Fri, 09 Dec 2011 11:19:49 +0100 Source: release-upgrader-python-apt Binary: release-upgrader-python-apt Architecture: source Version: 0.8.0ubuntu9~upgrader2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Michael Vogt Description: release-upgrader-python-apt - Release upgrader version of python interface to libapt-pkg Changes: release-upgrader-python-apt (0.8.0ubuntu9~upgrader2) lucid-proposed; urgency=low . * use /usr/lib/release-upgrader-python-apt as the private PYTHONPATH as there are arch-dependant parts in it. Thanks to Martin Pitt Checksums-Sha1: 1e3183c3d08885470fed5abcbe3bab0d34873b19 1463 release-upgrader-python-apt_0.8.0ubuntu9~upgrader2.dsc bfb1481c3f3a17e9c1a6ab891729b700ff321567 356944 release-upgrader-python-apt_0.8.0ubuntu9~upgrader2.tar.gz Checksums-Sha256: 56c00139b246100b2f3de3eb2e73c407e582f8e8ebf356f837c0ae11c178e8c9 1463 release-upgrader-python-apt_0.8.0ubuntu9~upgrader2.dsc 3c10d5cf17a721c8c931ec51c7ceba13210ff30f1cd2049b45280a34c0343628 356944 release-upgrader-python-apt_0.8.0ubuntu9~upgrader2.tar.gz Files: 4f5438a6a58d36bb086d30c3dc65a90f 1463 python standard release-upgrader-python-apt_0.8.0ubuntu9~upgrader2.dsc b8897876266686a869c5d32f4cb1ec43 356944 python standard release-upgrader-python-apt_0.8.0ubuntu9~upgrader2.tar.gz Original-Maintainer: APT Development Team From mrpouit at ubuntu.com Wed Dec 14 00:11:16 2011 From: mrpouit at ubuntu.com (Lionel Le Folgoc) Date: Wed, 14 Dec 2011 00:11:16 -0000 Subject: [ubuntu/lucid-proposed] xfce4-weather-plugin 0.7.3-2ubuntu0.1 (Accepted) Message-ID: <20111214001116.7147.86504.launchpad@gac.canonical.com> xfce4-weather-plugin (0.7.3-2ubuntu0.1) lucid-proposed; urgency=low * debian/patches: - 00_license added, change the license key for the one from CTW since it seems to work and brings back the feature. Temporary fix until a real solution is found. lp: #888285 Date: Sun, 11 Dec 2011 16:14:39 +0100 Changed-By: Lionel Le Folgoc Maintainer: Xubuntu Developers https://launchpad.net/ubuntu/lucid/+source/xfce4-weather-plugin/0.7.3-2ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Sun, 11 Dec 2011 16:14:39 +0100 Source: xfce4-weather-plugin Binary: xfce4-weather-plugin Architecture: source Version: 0.7.3-2ubuntu0.1 Distribution: lucid-proposed Urgency: low Maintainer: Xubuntu Developers Changed-By: Lionel Le Folgoc Description: xfce4-weather-plugin - weather information plugin for the Xfce4 panel Launchpad-Bugs-Fixed: 888285 Changes: xfce4-weather-plugin (0.7.3-2ubuntu0.1) lucid-proposed; urgency=low . * debian/patches: - 00_license added, change the license key for the one from CTW since it seems to work and brings back the feature. Temporary fix until a real solution is found. lp: #888285 Checksums-Sha1: 35edf03b3322a68193d1e38a9dfb65909e8c441c 2274 xfce4-weather-plugin_0.7.3-2ubuntu0.1.dsc 812dfcdfa2959c397f3dbc8b8b8b09ab471509e7 3734 xfce4-weather-plugin_0.7.3-2ubuntu0.1.diff.gz Checksums-Sha256: 551597cd48bab628f9a812f3424d33d5392f72317cb0e0f8590cdb27cbaa88f9 2274 xfce4-weather-plugin_0.7.3-2ubuntu0.1.dsc eda3e7ec52a34aaf85c106f2779fa8526051c8dbc9b1434df4972b73ca8f9b9c 3734 xfce4-weather-plugin_0.7.3-2ubuntu0.1.diff.gz Files: 4a89521bc2caa818a88b17f5c6674aeb 2274 xfce optional xfce4-weather-plugin_0.7.3-2ubuntu0.1.dsc 92e55b3dfb4fb63dfd710ef7952c8b24 3734 xfce optional xfce4-weather-plugin_0.7.3-2ubuntu0.1.diff.gz Original-Maintainer: Debian Xfce Maintainers From evan at ebroder.net Wed Dec 14 00:48:01 2011 From: evan at ebroder.net (Evan Broder) Date: Wed, 14 Dec 2011 00:48:01 -0000 Subject: [ubuntu/lucid-proposed] libgweather 2.30.0-0ubuntu1.1 (Accepted) Message-ID: <20111214004801.4760.70974.launchpad@soybean.canonical.com> libgweather (2.30.0-0ubuntu1.1) lucid-proposed; urgency=low * debian/patches/50_fix_bom.gov.au_part1.patch, debian/patches/51_fix_bom.gov.au_part2.patch: - Cherry-pick upstream commits a80552f5 and 73829e64 to fix fetching weather data from bom.gov.au (LP: #629646) Date: Sun, 27 Nov 2011 12:13:10 -0800 Changed-By: Evan Broder Maintainer: Ubuntu Desktop Team Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/libgweather/2.30.0-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Sun, 27 Nov 2011 12:13:10 -0800 Source: libgweather Binary: libgweather-dev libgweather1 libgweather-common python-gweather Architecture: source Version: 2.30.0-0ubuntu1.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Evan Broder Description: libgweather-common - GWeather common files libgweather-dev - GWeather development files libgweather1 - GWeather shared library python-gweather - Python bindings for GWeather Launchpad-Bugs-Fixed: 629646 Changes: libgweather (2.30.0-0ubuntu1.1) lucid-proposed; urgency=low . * debian/patches/50_fix_bom.gov.au_part1.patch, debian/patches/51_fix_bom.gov.au_part2.patch: - Cherry-pick upstream commits a80552f5 and 73829e64 to fix fetching weather data from bom.gov.au (LP: #629646) Checksums-Sha1: 9b8f76903b0f4b56f46c8b49161c8874dffa398b 2499 libgweather_2.30.0-0ubuntu1.1.dsc 6fd9ffffb309295944b9d0339fff166738538a14 70883 libgweather_2.30.0-0ubuntu1.1.diff.gz Checksums-Sha256: f4873e4d00d1892d840d2d55f7bcf3f403f8e05b29cff9635c5a98c5eb80f58f 2499 libgweather_2.30.0-0ubuntu1.1.dsc 734c5920771fcea986f9d259fca96927d363500a986eccfa4eb12477216723a6 70883 libgweather_2.30.0-0ubuntu1.1.diff.gz Files: 53e29a034d7c446cb6de6aef7af778d1 2499 libs optional libgweather_2.30.0-0ubuntu1.1.dsc 8cc39b13f7440e0ee71ca7da04c661ca 70883 libs optional libgweather_2.30.0-0ubuntu1.1.diff.gz Original-Maintainer: Debian GNOME Maintainers From adamg at canonical.com Wed Dec 14 00:55:42 2011 From: adamg at canonical.com (Adam Gandelman) Date: Wed, 14 Dec 2011 00:55:42 -0000 Subject: [ubuntu/lucid-proposed] cluster-agents 1:1.0.3-2ubuntu1.1 (Accepted) Message-ID: <20111214005542.30759.60998.launchpad@wampee.canonical.com> cluster-agents (1:1.0.3-2ubuntu1.1) lucid-proposed; urgency=low * debian/patches/mysql_move_writable_test.patch: Cherry-pick upstream commit (95a6eb8a). In mysql OCF, properly create $pid_dir before testing permissions on it. (LP: #893352) Date: Tue, 22 Nov 2011 11:20:06 -0800 Changed-By: Adam Gandelman Maintainer: Ubuntu Developers Signed-By: James Page https://launchpad.net/ubuntu/lucid/+source/cluster-agents/1:1.0.3-2ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Tue, 22 Nov 2011 11:20:06 -0800 Source: cluster-agents Binary: cluster-agents ldirectord Architecture: source Version: 1:1.0.3-2ubuntu1.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Adam Gandelman Description: cluster-agents - The reusable cluster components for Linux HA ldirectord - Monitors virtual services provided by LVS Launchpad-Bugs-Fixed: 893352 Changes: cluster-agents (1:1.0.3-2ubuntu1.1) lucid-proposed; urgency=low . * debian/patches/mysql_move_writable_test.patch: Cherry-pick upstream commit (95a6eb8a). In mysql OCF, properly create $pid_dir before testing permissions on it. (LP: #893352) Checksums-Sha1: 762ed5928c6dfa612b91afce4d1245d15a8cbc42 2191 cluster-agents_1.0.3-2ubuntu1.1.dsc 9faf6ee40370b865c90fbcbfca60aba5480a2c38 11123 cluster-agents_1.0.3-2ubuntu1.1.debian.tar.gz Checksums-Sha256: dd40a419d4670c673d22c08095023c3653cc224f80fb4b73369c4f84c2e56424 2191 cluster-agents_1.0.3-2ubuntu1.1.dsc 7998094ee5a18b7f90251de5384a2e03a282ce890ed6a48d191c4e0bc51d4613 11123 cluster-agents_1.0.3-2ubuntu1.1.debian.tar.gz Files: 02acafc7fbb59a1358e2e0c31cd772f5 2191 admin optional cluster-agents_1.0.3-2ubuntu1.1.dsc c92582debf16496c6190fdd119d97f12 11123 admin optional cluster-agents_1.0.3-2ubuntu1.1.debian.tar.gz Original-Maintainer: Debian HA Maintainers From simon.deziel at gmail.com Wed Dec 14 01:05:16 2011 From: simon.deziel at gmail.com (Simon Deziel) Date: Wed, 14 Dec 2011 01:05:16 -0000 Subject: [ubuntu/lucid-proposed] nsd3 3.2.4-1ubuntu0.1 (Accepted) Message-ID: <20111214010516.6636.67168.launchpad@gac.canonical.com> nsd3 (3.2.4-1ubuntu0.1) lucid-proposed; urgency=low * Apply patch from Debian bug #570160 to fix installation failure caused by missing /etc/nsd3/nsd.conf. (LP: #534643) Date: Sun, 11 Dec 2011 23:34:47 -0800 Changed-By: Simon Deziel Maintainer: Ubuntu Developers Signed-By: Evan Broder https://launchpad.net/ubuntu/lucid/+source/nsd3/3.2.4-1ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Sun, 11 Dec 2011 23:34:47 -0800 Source: nsd3 Binary: nsd3 Architecture: source Version: 3.2.4-1ubuntu0.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Simon Deziel Description: nsd3 - authoritative domain name server (3.x series) Launchpad-Bugs-Fixed: 534643 Changes: nsd3 (3.2.4-1ubuntu0.1) lucid-proposed; urgency=low . * Apply patch from Debian bug #570160 to fix installation failure caused by missing /etc/nsd3/nsd.conf. (LP: #534643) Checksums-Sha1: 1e753e7f0da010b231c3e6076e2edfba0fa87ee4 1889 nsd3_3.2.4-1ubuntu0.1.dsc 0280c5a791d2cce74c8ba89712ef59eb6d0266f6 9138 nsd3_3.2.4-1ubuntu0.1.debian.tar.gz Checksums-Sha256: 10b9a4025627a67349c6a415a5712546516474350f53cf45f2d8146a38e6d74d 1889 nsd3_3.2.4-1ubuntu0.1.dsc 7ce10b3c79415c657ea4f03ff269bb3e200cb76a614ec31d943898eabaae290b 9138 nsd3_3.2.4-1ubuntu0.1.debian.tar.gz Files: f27c881da32632cd22921199130fbf05 1889 net extra nsd3_3.2.4-1ubuntu0.1.dsc e573a769124dba10fb38e727eb35da44 9138 net extra nsd3_3.2.4-1ubuntu0.1.debian.tar.gz Original-Maintainer: Ondřej Surý From tyhicks at canonical.com Wed Dec 14 22:04:38 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Wed, 14 Dec 2011 22:04:38 -0000 Subject: [ubuntu/lucid-security] bzip2 1.0.5-4ubuntu0.2 (Accepted) Message-ID: <20111214220438.29394.19307.launchpad@cocoplum.canonical.com> bzip2 (1.0.5-4ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: Fix temporary file creation race condition - bzexe: Ensure link target is a regular file. Patch from vladz. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862#5 - CVE-2011-4089 Date: Mon, 12 Dec 2011 11:32:00 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/bzip2/1.0.5-4ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Mon, 12 Dec 2011 11:32:00 -0600 Source: bzip2 Binary: libbz2-1.0 libbz2-dev bzip2 lib64bz2-1.0 lib64bz2-dev lib32bz2-1.0 lib32bz2-dev bzip2-doc Architecture: source Version: 1.0.5-4ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: bzip2 - high-quality block-sorting file compressor - utilities bzip2-doc - high-quality block-sorting file compressor - documentation lib32bz2-1.0 - high-quality block-sorting file compressor library - 32bit runtim lib32bz2-dev - high-quality block-sorting file compressor library - 32bit develo lib64bz2-1.0 - high-quality block-sorting file compressor library - 64bit runtim lib64bz2-dev - high-quality block-sorting file compressor library - 64bit develo libbz2-1.0 - high-quality block-sorting file compressor library - runtime libbz2-dev - high-quality block-sorting file compressor library - development Changes: bzip2 (1.0.5-4ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: Fix temporary file creation race condition - bzexe: Ensure link target is a regular file. Patch from vladz. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862#5 - CVE-2011-4089 Checksums-Sha1: c739726e4d30213f410d96c5382887e03a35d26f 2178 bzip2_1.0.5-4ubuntu0.2.dsc 73f63ff8ce1e4a2ac6ad53f6efac7c25c818d540 76570 bzip2_1.0.5-4ubuntu0.2.diff.gz Checksums-Sha256: 2098420c12a7320a646d8d9880284a8a733361b5d9467b665c7b8500d18704b4 2178 bzip2_1.0.5-4ubuntu0.2.dsc abc7c4def21fe0ae559235e715a04248342d7e4d9ef47312afb08cdb425725ae 76570 bzip2_1.0.5-4ubuntu0.2.diff.gz Files: 2ff386d733da3117260214b1f7dfefe8 2178 utils important bzip2_1.0.5-4ubuntu0.2.dsc 8680d0face536f06113e806061ead1d8 76570 utils important bzip2_1.0.5-4ubuntu0.2.diff.gz Original-Maintainer: Anibal Monsalve Salazar From martin.pitt at ubuntu.com Thu Dec 15 09:56:35 2011 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 15 Dec 2011 09:56:35 -0000 Subject: [ubuntu/lucid-proposed] postgresql-8.4 8.4.10-0ubuntu0.10.04 (Accepted) Message-ID: <20111215095635.7147.50199.launchpad@gac.canonical.com> postgresql-8.4 (8.4.10-0ubuntu0.10.04) lucid-proposed; urgency=low * New upstream release: (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Date: Sat, 03 Dec 2011 17:38:40 +0100 Changed-By: Martin Pitt Maintainer: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.10-0ubuntu0.10.04 -------------- next part -------------- Format: 1.8 Date: Sat, 03 Dec 2011 17:38:40 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.10-0ubuntu0.10.04 Distribution: lucid-proposed Urgency: low Maintainer: Martin Pitt Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 904631 Changes: postgresql-8.4 (8.4.10-0ubuntu0.10.04) lucid-proposed; urgency=low . * New upstream release: (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Checksums-Sha1: c647d7142b25d941ce1f47ebc2267b1c2c8429db 3257 postgresql-8.4_8.4.10-0ubuntu0.10.04.dsc 1ae736d90cc84feb8b604f58fa7aa4e3fa415778 18157949 postgresql-8.4_8.4.10.orig.tar.gz 9c4350b89e2cc139e830870f0dbf421c3b8041cf 45527 postgresql-8.4_8.4.10-0ubuntu0.10.04.diff.gz Checksums-Sha256: b5cad1c1d5a69ec627b26784353ccdc8fdda70f5df19cf72063a1b7c0bc01d77 3257 postgresql-8.4_8.4.10-0ubuntu0.10.04.dsc 8da06d33a08004293d70eac1d006c8af3d8aec6e13b509fdcf0ff800e48c4cd7 18157949 postgresql-8.4_8.4.10.orig.tar.gz 6fd680d757c1121696c802eb9b1f937a4655314ea3c74425f698c6cf2a36a43b 45527 postgresql-8.4_8.4.10-0ubuntu0.10.04.diff.gz Files: b2338bb9b4347dfe48c6261720b957ac 3257 database optional postgresql-8.4_8.4.10-0ubuntu0.10.04.dsc c2776cf3da7923ac4af0ca5c164016ea 18157949 database optional postgresql-8.4_8.4.10.orig.tar.gz 2d6ecfe5e4abeae941d2003420f2ef73 45527 database optional postgresql-8.4_8.4.10-0ubuntu0.10.04.diff.gz From james.westby at canonical.com Thu Dec 15 18:40:34 2011 From: james.westby at canonical.com (James Westby) Date: Thu, 15 Dec 2011 18:40:34 -0000 Subject: [ubuntu/lucid] sun-java6 6.26-2lucid1 (Accepted) Message-ID: <20111215184034.28016.72970.launchpad@cocoplum.canonical.com> sun-java6 (6.26-2lucid1) lucid; urgency=low * Disable the browser plugin due to security issues. - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html Date: Sat, 10 Dec 2011 13:55:02 -0500 Changed-By: James Westby Maintainer: Debian Java Maintainers Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/sun-java6/6.26-2lucid1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Dec 2011 13:55:02 -0500 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb Architecture: source Version: 6.26-2lucid1 Distribution: lucid Urgency: low Maintainer: Debian Java Maintainers Changed-By: James Westby Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Changes: sun-java6 (6.26-2lucid1) lucid; urgency=low . * Disable the browser plugin due to security issues. - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html Checksums-Sha1: 0209d1d07ec8643c48b607d1c534d907414d0a0c 2314 sun-java6_6.26-2lucid1.dsc c7f15162920859cc5aae1c4a701d4551aff6044e 168156091 sun-java6_6.26.orig.tar.gz 130567fe444a32c042ac208d0ce61868f86cde20 89103 sun-java6_6.26-2lucid1.debian.tar.gz Checksums-Sha256: a7325b6eff685cd657fba51f0ae428ccce278b4fb17c7d3065b59cb82d8b1430 2314 sun-java6_6.26-2lucid1.dsc 117b14d15630a41b08885f97d1ff1086ff216a945e23b6784d926cd05f50e7cf 168156091 sun-java6_6.26.orig.tar.gz 708febb7ec56c61ce9f65f2bec0582693f48b645481036b33fc70f0621d73d2e 89103 sun-java6_6.26-2lucid1.debian.tar.gz Files: b5bf20f320791510faa0d6b4efbfd344 2314 partner/java optional sun-java6_6.26-2lucid1.dsc 3555fae69a9abdba8fe3b5a25475a181 168156091 partner/java optional sun-java6_6.26.orig.tar.gz 11793014b635f10f5f9ee8f28de8ee4f 89103 partner/java optional sun-java6_6.26-2lucid1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJO59JdAAoJEFHb3FjMVZVzOS0P/iAwFI81XR1bq6RMImheIuY8 R5MAfxokX6C8Z5FYPiYRz8y9k2Ro5CeCoowg6O7B6nh8eGXeclVY107bnWcLBhIc XlqjBH+YAiD7CIrMV3kqcJ9+uYTT1A+Yv+jmsGW7wr5HBjlKXfuFEC/F2OtAmDc/ x6uD5C5kXkj5APmKoxnt+s/ZQTsxxu76Z5byLhWc5vnOqL8Qaco9HUOpCU0R4bse rQ6Bdh/IHJPv0DbMPVOX5x24naD+YL4iS87q5/XOUoRgPHLKUhjJsjxgVU91ifPI dI6rT4M+j9V9o7uHsIytJfR5G7rMGofnh+CpfTkPAix7KpgfwYIZkLouSvJqkyvC 6EtlyZhuflOtCvVlPWgEV/JyNh1acHkO8m45LQ7e/hL0kdljPRvktsQHUi8xqEs9 JfxQot78T2y8bk4oMEmYmvDc424JhjpFTcTPiHgQCAwhBB86YfrSyWFNnT8/YHL+ ztbkqVpzaw64OmswKRRD361jGFW1l6e5lQ+VsFfXvxFNg6dp3BNLjGQNZzu4vXvh BSxSxrIEDQdSbJeQkctnwHqP5528qwu8O+e1XldKeJMoXWZZaqiicqzjyY/iJKe7 sxlFcoiYs0hB9JIsE0pSQbPho74R5o0muxuBkl25vnGNmHuwFA9ozDDlGCs74EYe NAvuCnMfwyZpD8wtuqOU =BSSV -----END PGP SIGNATURE----- From bhavi at ubuntu.com Fri Dec 16 21:12:08 2011 From: bhavi at ubuntu.com (Bhavani Shankar) Date: Fri, 16 Dec 2011 21:12:08 -0000 Subject: [ubuntu/lucid-proposed] mobile-broadband-provider-info 20111113-1ubuntu0.10.04 (Accepted) Message-ID: <20111216211208.20774.65503.launchpad@soybean.canonical.com> mobile-broadband-provider-info (20111113-1ubuntu0.10.04) lucid-proposed; urgency=low * SRU exception upload to support various updated networks (LP: #856700), (LP: #709049) Date: Mon, 05 Dec 2011 21:23:17 +0530 Changed-By: Bhavani Shankar Signed-By: Mathieu Trudel-Lapierre https://launchpad.net/ubuntu/lucid/+source/mobile-broadband-provider-info/20111113-1ubuntu0.10.04 -------------- next part -------------- Format: 1.8 Date: Mon, 05 Dec 2011 21:23:17 +0530 Source: mobile-broadband-provider-info Binary: mobile-broadband-provider-info Architecture: source Version: 20111113-1ubuntu0.10.04 Distribution: lucid-proposed Urgency: low Maintainer: Bhavani Shankar Changed-By: Bhavani Shankar Description: mobile-broadband-provider-info - database of mobile broadband service providers Launchpad-Bugs-Fixed: 709049 856700 Changes: mobile-broadband-provider-info (20111113-1ubuntu0.10.04) lucid-proposed; urgency=low . * SRU exception upload to support various updated networks (LP: #856700), (LP: #709049) Checksums-Sha1: 995f41749fde78b303874135c964e3c2f8b6afe5 2154 mobile-broadband-provider-info_20111113-1ubuntu0.10.04.dsc 25c679be525dbf7c9e4d25b546bf412c6458ca85 6034 mobile-broadband-provider-info_20111113-1ubuntu0.10.04.debian.tar.gz Checksums-Sha256: a986b1bfce92d743949759251f4272238d393ad0b3cd23415a56cbb75f55fb07 2154 mobile-broadband-provider-info_20111113-1ubuntu0.10.04.dsc 98f500902b2188a1867f076521fd23ff06a7e83d3304e2139a9f2c14ab3b3a11 6034 mobile-broadband-provider-info_20111113-1ubuntu0.10.04.debian.tar.gz Files: d104fb426a7cf3b7ad1ef4d9c2df85c5 2154 admin optional mobile-broadband-provider-info_20111113-1ubuntu0.10.04.dsc 78cd326df93fe6e96bc3be931d22c737 6034 admin optional mobile-broadband-provider-info_20111113-1ubuntu0.10.04.debian.tar.gz From marc.deslauriers at ubuntu.com Mon Dec 19 14:03:43 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 19 Dec 2011 14:03:43 -0000 Subject: [ubuntu/lucid-security] libarchive 2.8.0-2ubuntu0.1 (Accepted) Message-ID: <20111219140343.7426.31349.launchpad@cocoplum.canonical.com> libarchive (2.8.0-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via iso9660 overflows - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_iso9660.c. - CVE-2011-1777 * SECURITY UPDATE: arbitrary code execution via tar overflows - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_tar.c - CVE-2011-1778 Date: Fri, 09 Dec 2011 15:25:53 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libarchive/2.8.0-2ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Fri, 09 Dec 2011 15:25:53 -0500 Source: libarchive Binary: libarchive-dev libarchive1 bsdtar bsdcpio Architecture: source Version: 2.8.0-2ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: bsdcpio - cpio(1) from FreeBSD, using libarchive bsdtar - tar(1) from FreeBSD, using libarchive libarchive-dev - Single library to read/write tar, cpio, pax, zip, iso9660, etc. libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc. Changes: libarchive (2.8.0-2ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via iso9660 overflows - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_iso9660.c. - CVE-2011-1777 * SECURITY UPDATE: arbitrary code execution via tar overflows - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_tar.c - CVE-2011-1778 Checksums-Sha1: 723f2d6ea6403a950e55dd8fc5d1ecf35cf210bd 2107 libarchive_2.8.0-2ubuntu0.1.dsc 99a6b8f555918d7ff3ab5f36aaa5e115bebf4ce2 14009 libarchive_2.8.0-2ubuntu0.1.debian.tar.gz Checksums-Sha256: 25a146f192da9c0fede8715c8678ae79bf633f37b26c969f56a962aba2f955d9 2107 libarchive_2.8.0-2ubuntu0.1.dsc 55655ec63fe54fb9411bb2a4e352503c867c2b762e02016fe7cf10aab346a2a8 14009 libarchive_2.8.0-2ubuntu0.1.debian.tar.gz Files: 61e2bd47a593ad83daf703bee6418f8e 2107 libs optional libarchive_2.8.0-2ubuntu0.1.dsc 4790b8144abad4d167e571bf56a767b9 14009 libs optional libarchive_2.8.0-2ubuntu0.1.debian.tar.gz Original-Maintainer: Andreas Henriksson From jose.plans at canonical.com Mon Dec 19 15:07:00 2011 From: jose.plans at canonical.com (Jose Plans) Date: Mon, 19 Dec 2011 15:07:00 -0000 Subject: [ubuntu/lucid-proposed] libsmbios 2.2.13-0ubuntu4.2 (Accepted) Message-ID: <20111219150700.8011.22833.launchpad@wampee.canonical.com> libsmbios (2.2.13-0ubuntu4.2) lucid-proposed; urgency=low * Fixes the BIOS version parsing issue in LP: #813210. - fixup bios versioning for new-style versioning with 0's in ver - ver=unknown if rbu version=1 and not alpha chars - fixup typo Date: Wed, 07 Dec 2011 12:41:11 +0000 Changed-By: Jose Plans Maintainer: Ubuntu Core Developers Signed-By: Brian Murray https://launchpad.net/ubuntu/lucid/+source/libsmbios/2.2.13-0ubuntu4.2 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 12:41:11 +0000 Source: libsmbios Binary: libsmbios2 libsmbios-dev smbios-utils python-libsmbios libsmbios-doc Architecture: source Version: 2.2.13-0ubuntu4.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jose Plans Description: libsmbios-dev - Provide access to (SM)BIOS information - development files libsmbios-doc - Access to (SM)BIOS information in an OS-indepent way (docs) libsmbios2 - Provide access to (SM)BIOS information -- dynamic library python-libsmbios - Provide access to (SM)BIOS information -- python libraries smbios-utils - Provide access to (SM)BIOS information -- utility binaries Launchpad-Bugs-Fixed: 813210 Changes: libsmbios (2.2.13-0ubuntu4.2) lucid-proposed; urgency=low . * Fixes the BIOS version parsing issue in LP: #813210. - fixup bios versioning for new-style versioning with 0's in ver - ver=unknown if rbu version=1 and not alpha chars - fixup typo Checksums-Sha1: 9a228b6ae8a33b9bf273a48663ec9a43a80cbd6b 1355 libsmbios_2.2.13-0ubuntu4.2.dsc 1da561fc355803c94cd1f6f636e9325d2d1a879f 14878 libsmbios_2.2.13-0ubuntu4.2.diff.gz Checksums-Sha256: 37d6426e7e94d84e2fa624ef310d424113bc0a06b57f722a63164974823298d0 1355 libsmbios_2.2.13-0ubuntu4.2.dsc 1735455b5e2be71d592fdd71eafc0a8a55a35b7e63e90205d28e1b5d94bfe222 14878 libsmbios_2.2.13-0ubuntu4.2.diff.gz Files: 535a5f54a7093f32e9ceb18dbd3dfa67 1355 libs optional libsmbios_2.2.13-0ubuntu4.2.dsc 4f8301fb06abaa18f56112a91b2b8c37 14878 libs optional libsmbios_2.2.13-0ubuntu4.2.diff.gz Original-Maintainer: Jose Luis Tallon From clint at ubuntu.com Mon Dec 19 15:07:38 2011 From: clint at ubuntu.com (Clint Byrum) Date: Mon, 19 Dec 2011 15:07:38 -0000 Subject: [ubuntu/lucid-proposed] squid 2.7.STABLE7-1ubuntu12.5 (Accepted) Message-ID: <20111219150738.9450.38633.launchpad@wampee.canonical.com> squid (2.7.STABLE7-1ubuntu12.5) lucid-proposed; urgency=low * Simplify postinst script and use invoke-rc.d per policy. Also use stop/start to make sure new job file is reloaded. (LP: #726348). Date: Fri, 09 Dec 2011 10:40:09 -0800 Changed-By: Clint Byrum Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/squid/2.7.STABLE7-1ubuntu12.5 -------------- next part -------------- Format: 1.8 Date: Fri, 09 Dec 2011 10:40:09 -0800 Source: squid Binary: squid squid-common squid-cgi Architecture: source Version: 2.7.STABLE7-1ubuntu12.5 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Clint Byrum Description: squid - Internet object cache (WWW proxy cache) squid-cgi - Squid cache manager CGI program squid-common - Internet object cache (WWW proxy cache) - common files Launchpad-Bugs-Fixed: 726348 Changes: squid (2.7.STABLE7-1ubuntu12.5) lucid-proposed; urgency=low . * Simplify postinst script and use invoke-rc.d per policy. Also use stop/start to make sure new job file is reloaded. (LP: #726348). Checksums-Sha1: 8f600b134e08c5bbf027cfd0b41417f1cf2c0bff 1700 squid_2.7.STABLE7-1ubuntu12.5.dsc 397554112e757c0bcc4c17fc7a857d27b8127e9a 307638 squid_2.7.STABLE7-1ubuntu12.5.diff.gz Checksums-Sha256: adb373f9aabed18a05a249a5da6297b871f8305229509ad83544ecc6dcd3835a 1700 squid_2.7.STABLE7-1ubuntu12.5.dsc ad5cc87bb1ea738a0d2077eaea9b68d3cef7c3bcd0d57beae950fcc068cf0d3a 307638 squid_2.7.STABLE7-1ubuntu12.5.diff.gz Files: f9cffa65a4511e6358d4b5245a938f7a 1700 web optional squid_2.7.STABLE7-1ubuntu12.5.dsc 577d9cc5fd06dd6fbd710eedc7ccc39b 307638 web optional squid_2.7.STABLE7-1ubuntu12.5.diff.gz Original-Maintainer: Luigi Gangitano From serge.hallyn at ubuntu.com Mon Dec 19 15:08:07 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Mon, 19 Dec 2011 15:08:07 -0000 Subject: [ubuntu/lucid-proposed] libvirt 0.7.5-5ubuntu27.21 (Accepted) Message-ID: <20111219150807.32439.71112.launchpad@gac.canonical.com> libvirt (0.7.5-5ubuntu27.21) lucid-proposed; urgency=low * add parted to build-depends (LP: #697046) Date: Wed, 14 Dec 2011 09:24:00 -0600 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu27.21 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Dec 2011 09:24:00 -0600 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.7.5-5ubuntu27.21 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Launchpad-Bugs-Fixed: 697046 Changes: libvirt (0.7.5-5ubuntu27.21) lucid-proposed; urgency=low . * add parted to build-depends (LP: #697046) Checksums-Sha1: 69508a273de780f390aa642801fe1d4fb422695c 2300 libvirt_0.7.5-5ubuntu27.21.dsc 69e826c9a996000533834dbf6b00b85f6662d0c1 92342 libvirt_0.7.5-5ubuntu27.21.diff.gz Checksums-Sha256: 38fd9b73e3129dfc4c7691471173eca672de5e09b3294714ca8d71b643ba5625 2300 libvirt_0.7.5-5ubuntu27.21.dsc fc5e6486d88f408808b803b8e3586f4b7db2475c6acf72c57cf7d0fa1e96d42c 92342 libvirt_0.7.5-5ubuntu27.21.diff.gz Files: 7a67e36ca70b997c79896065ab23a332 2300 libs optional libvirt_0.7.5-5ubuntu27.21.dsc 2bbb7464454fb88fc14b9c5f8d24fbc3 92342 libs optional libvirt_0.7.5-5ubuntu27.21.diff.gz Original-Maintainer: Debian Libvirt Maintainers From smoser at ubuntu.com Mon Dec 19 15:08:38 2011 From: smoser at ubuntu.com (Scott Moser) Date: Mon, 19 Dec 2011 15:08:38 -0000 Subject: [ubuntu/lucid-proposed] cloud-init 0.5.10-0ubuntu1.6 (Accepted) Message-ID: <20111219150838.32548.85780.launchpad@gac.canonical.com> cloud-init (0.5.10-0ubuntu1.6) lucid-proposed; urgency=low * If an instance is running in a VPC (virtual private cloud) of EC2, then do not use ec2 specific ubuntu archive (LP: #615545) Date: Mon, 05 Dec 2011 14:26:16 -0500 Changed-By: Scott Moser https://launchpad.net/ubuntu/lucid/+source/cloud-init/0.5.10-0ubuntu1.6 -------------- next part -------------- Format: 1.8 Date: Mon, 05 Dec 2011 14:26:16 -0500 Source: cloud-init Binary: cloud-init ec2-init grub-legacy-ec2 Architecture: source Version: 0.5.10-0ubuntu1.6 Distribution: lucid-proposed Urgency: low Maintainer: Scott Moser Changed-By: Scott Moser Description: cloud-init - Init scripts for cloud instances ec2-init - package renamed -> cloud-init grub-legacy-ec2 - Handles update-grub for ec2 instances Launchpad-Bugs-Fixed: 615545 Changes: cloud-init (0.5.10-0ubuntu1.6) lucid-proposed; urgency=low . * If an instance is running in a VPC (virtual private cloud) of EC2, then do not use ec2 specific ubuntu archive (LP: #615545) Checksums-Sha1: 80b5b1518f68ce16d488847e5310edb0d5d09f34 1842 cloud-init_0.5.10-0ubuntu1.6.dsc d708dfdbcd0704ff62ce10c916489feff5d65e70 34275 cloud-init_0.5.10-0ubuntu1.6.diff.gz Checksums-Sha256: 5590254268c6aa2de60bb29348b50c81bdaa48123156070559dc870b959661d0 1842 cloud-init_0.5.10-0ubuntu1.6.dsc 6f1ee8723a8eecba62984b7bbe5e536da0ec3e3046e0e1a06f46a36007499706 34275 cloud-init_0.5.10-0ubuntu1.6.diff.gz Files: 1dd01d7a96ae6b7eed399b55948dd3f6 1842 admin extra cloud-init_0.5.10-0ubuntu1.6.dsc afb78c18dd649e10f346f08e9ede63d1 34275 admin extra cloud-init_0.5.10-0ubuntu1.6.diff.gz From robie.basak at ubuntu.com Mon Dec 19 15:09:09 2011 From: robie.basak at ubuntu.com (Robie Basak) Date: Mon, 19 Dec 2011 15:09:09 -0000 Subject: [ubuntu/lucid-proposed] openldap 2.4.21-0ubuntu5.7 (Accepted) Message-ID: <20111219150909.29743.72483.launchpad@soybean.canonical.com> openldap (2.4.21-0ubuntu5.7) lucid-proposed; urgency=low * Fix replication when attr has no matching rule (LP: #903901): - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule.patch: backport fix from upstream - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule-test.patch: backport test from upstream Date: Wed, 14 Dec 2011 14:05:18 +0000 Changed-By: Robie Basak Maintainer: Ubuntu Developers Signed-By: Scott Moser https://launchpad.net/ubuntu/lucid/+source/openldap/2.4.21-0ubuntu5.7 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Dec 2011 14:05:18 +0000 Source: openldap Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source Version: 2.4.21-0ubuntu5.7 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Robie Basak Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) Launchpad-Bugs-Fixed: 903901 Changes: openldap (2.4.21-0ubuntu5.7) lucid-proposed; urgency=low . * Fix replication when attr has no matching rule (LP: #903901): - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule.patch: backport fix from upstream - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule-test.patch: backport test from upstream Checksums-Sha1: e72cc3ac6b659e38a962b322568998c0598e5945 2604 openldap_2.4.21-0ubuntu5.7.dsc 9dc1efd729f51ea4b402a8bfb851243c5eee9ec4 161176 openldap_2.4.21-0ubuntu5.7.diff.gz Checksums-Sha256: ae6ae5666c5889d2ad742ae6158b389fc956b7b5e66ce8146e64c633dbb3112a 2604 openldap_2.4.21-0ubuntu5.7.dsc 32b4fcd2c45c2c0a88f574e0a18d3e5d730aab3827aa3e4dcb17413f691f4c53 161176 openldap_2.4.21-0ubuntu5.7.diff.gz Files: 9cb4b13f1d6ad4ae167ab869096a1157 2604 net optional openldap_2.4.21-0ubuntu5.7.dsc 2caf57da63438da88fbec2f38e8d153b 161176 net optional openldap_2.4.21-0ubuntu5.7.diff.gz Original-Maintainer: Debian OpenLDAP Maintainers From james.hunt at ubuntu.com Mon Dec 19 15:10:19 2011 From: james.hunt at ubuntu.com (James Hunt) Date: Mon, 19 Dec 2011 15:10:19 -0000 Subject: [ubuntu/lucid-proposed] procps 1:3.2.8-1ubuntu4.2 (Accepted) Message-ID: <20111219151019.3447.20541.launchpad@chaenomeles.canonical.com> procps (1:3.2.8-1ubuntu4.2) lucid-proposed; urgency=low * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). procps (1:3.2.8-1ubuntu4.1) lucid-proposed; urgency=low [ James Hunt ] * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). Date: Wed, 07 Dec 2011 14:53:24 +0000 Changed-By: James Hunt Maintainer: Ubuntu Core Developers Signed-By: Steve Langasek https://launchpad.net/ubuntu/lucid/+source/procps/1:3.2.8-1ubuntu4.2 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 14:53:24 +0000 Source: procps Binary: procps libproc-dev Architecture: source Version: 1:3.2.8-1ubuntu4.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: James Hunt Description: libproc-dev - library for accessing process information from /proc procps - /proc file system utilities Launchpad-Bugs-Fixed: 771372 Changes: procps (1:3.2.8-1ubuntu4.2) lucid-proposed; urgency=low . * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). . procps (1:3.2.8-1ubuntu4.1) lucid-proposed; urgency=low . [ James Hunt ] * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). Checksums-Sha1: 4dbe889feba59baa3d989a24c4f39ca48058f5f0 1836 procps_3.2.8-1ubuntu4.2.dsc 2394bb5bf7365dfdba956fa75870ae42bda84aaf 67279 procps_3.2.8-1ubuntu4.2.diff.gz Checksums-Sha256: fce00ea08f87a7460b94b86c483fcf28651af1d9991b3968496fbf7df3741e57 1836 procps_3.2.8-1ubuntu4.2.dsc 4474e812089da6b51156dc9d64389fa11925df11bfeee901fc3b20dce73727d0 67279 procps_3.2.8-1ubuntu4.2.diff.gz Files: 10da14829fee19da16eaf9ae5e1dc0b2 1836 admin required procps_3.2.8-1ubuntu4.2.dsc 8c8749791c9e3d5ba746033b7aff1bd5 67279 admin required procps_3.2.8-1ubuntu4.2.diff.gz Original-Maintainer: Craig Small From jamie at ubuntu.com Tue Dec 20 00:34:32 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Tue, 20 Dec 2011 00:34:32 -0000 Subject: [ubuntu/lucid-security] python3.1 3.1.2-0ubuntu3.1 (Accepted) Message-ID: <20111220003432.24332.76784.launchpad@cocoplum.canonical.com> python3.1 (3.1.2-0ubuntu3.1) lucid-security; urgency=low * SECURITY UPDATE: only process Location headers for http, https, and ftp - http://bugs.python.org/issue11662 - CVE-2011-1521 * SECURITY UPDATE: adds proper error handling on accept() when smtpd accepts new incoming connections - http://bugs.python.org/issue9129 - CVE-2010-3493 Date: Fri, 09 Dec 2011 09:33:22 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/python3.1/3.1.2-0ubuntu3.1 -------------- next part -------------- Format: 1.8 Date: Fri, 09 Dec 2011 09:33:22 -0600 Source: python3.1 Binary: python3.1 python3.1-minimal libpython3.1 python3.1-examples python3.1-dev idle-python3.1 python3.1-doc python3.1-dbg Architecture: source Version: 3.1.2-0ubuntu3.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jamie Strandboge Description: idle-python3.1 - An IDE for Python (v3.1) using Tkinter libpython3.1 - Shared Python runtime library (version 3.1) python3.1 - An interactive high-level object-oriented language (version 3.1) python3.1-dbg - Debug Build of the Python Interpreter (version 3.1) python3.1-dev - Header files and a static library for Python (v3.1) python3.1-doc - Documentation for the high-level object-oriented language Python python3.1-examples - Examples for the Python language (v3.1) python3.1-minimal - A minimal subset of the Python language (version 3.1) Changes: python3.1 (3.1.2-0ubuntu3.1) lucid-security; urgency=low . * SECURITY UPDATE: only process Location headers for http, https, and ftp - http://bugs.python.org/issue11662 - CVE-2011-1521 * SECURITY UPDATE: adds proper error handling on accept() when smtpd accepts new incoming connections - http://bugs.python.org/issue9129 - CVE-2010-3493 Checksums-Sha1: 6f8d189b0cd6734239fb54c5e7b95c68086136f5 2436 python3.1_3.1.2-0ubuntu3.1.dsc e4a71c06dd107752bca536a6a7185126ef943268 235238 python3.1_3.1.2-0ubuntu3.1.diff.gz Checksums-Sha256: eff2aa8326be4c6ab543efb474d90827d122809f6c99e5bba63255dc945fde92 2436 python3.1_3.1.2-0ubuntu3.1.dsc 26090f2854e70a3e7661f6219a5f0d321f3f08efe037903584a6e563c9ff7065 235238 python3.1_3.1.2-0ubuntu3.1.diff.gz Files: 9397d50ce48ab34f10988784aefdea38 2436 python optional python3.1_3.1.2-0ubuntu3.1.dsc 7e229b631c4381f665e437182fc20e30 235238 python optional python3.1_3.1.2-0ubuntu3.1.diff.gz Original-Maintainer: Matthias Klose From michael.vogt at ubuntu.com Tue Dec 20 07:56:46 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Tue, 20 Dec 2011 07:56:46 -0000 Subject: [ubuntu/lucid-proposed] app-install-data-partner 12.10.04.5 (Accepted) Message-ID: <20111220075646.31691.90632.launchpad@gac.canonical.com> app-install-data-partner (12.10.04.5) lucid-proposed; urgency=low * add vmware-view-client (LP: #905413) Date: Fri, 16 Dec 2011 22:57:12 +0100 Changed-By: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/app-install-data-partner/12.10.04.5 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Dec 2011 22:57:12 +0100 Source: app-install-data-partner Binary: app-install-data-partner app-install-data-commercial Architecture: source Version: 12.10.04.5 Distribution: lucid-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Michael Vogt Description: app-install-data-commercial - Transitional package app-install-data-partner - Application Installer (data files for partner applications/reposi Launchpad-Bugs-Fixed: 905413 Changes: app-install-data-partner (12.10.04.5) lucid-proposed; urgency=low . * add vmware-view-client (LP: #905413) Checksums-Sha1: fce9326f99c92be781343e7156446145700be5f8 1031 app-install-data-partner_12.10.04.5.dsc 3d28fb89a73a15837e6077bcc9c773f6be5dd633 44573 app-install-data-partner_12.10.04.5.tar.gz Checksums-Sha256: b9ab1fd99eca5dc6e8469846422cb19175ee73ef6da12da3327eb47780fc2215 1031 app-install-data-partner_12.10.04.5.dsc a5762cb2a9b45f081d9cd054f9d7a73763ae2c628ba50c1a9c399c28a2fc6490 44573 app-install-data-partner_12.10.04.5.tar.gz Files: a85e5c80aad6db30ab5b850294914e3d 1031 x11 optional app-install-data-partner_12.10.04.5.dsc 3159996ef2d0a3059932a631a5245f7a 44573 x11 optional app-install-data-partner_12.10.04.5.tar.gz From michael.vogt at ubuntu.com Tue Dec 20 09:05:27 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Tue, 20 Dec 2011 09:05:27 -0000 Subject: [ubuntu/lucid] vmware-view-client 1.3.0-0ubuntu1+lucid2 (Accepted) Message-ID: <20111220090527.8409.95412.launchpad@wampee.canonical.com> vmware-view-client (1.3.0-0ubuntu1+lucid2) lucid; urgency=low * debian/copyright: - fix license to "Proprietary" * debian/vmware-view.wrapper: - show question after license text so that the user explicitely has to accept it because lucid, maverick, natty does not support "yes", "no" for --text-info yet Date: Tue, 20 Dec 2011 09:43:11 +0100 Changed-By: Michael Vogt Maintainer: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/vmware-view-client/1.3.0-0ubuntu1+lucid2 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 09:43:11 +0100 Source: vmware-view-client Binary: vmware-view-client Architecture: source Version: 1.3.0-0ubuntu1+lucid2 Distribution: lucid Urgency: low Maintainer: Michael Vogt Changed-By: Michael Vogt Description: vmware-view-client - Deliver rich, personalized virtual desktops with VMware View 5 Changes: vmware-view-client (1.3.0-0ubuntu1+lucid2) lucid; urgency=low . * debian/copyright: - fix license to "Proprietary" * debian/vmware-view.wrapper: - show question after license text so that the user explicitely has to accept it because lucid, maverick, natty does not support "yes", "no" for --text-info yet Checksums-Sha1: ffd2ff9ac0e8559a3bec0fe08d25874ca63bfd58 1408 vmware-view-client_1.3.0-0ubuntu1+lucid2.dsc 9783d19d6e32b76613fb90fe36eedbc596e66cae 16749 vmware-view-client_1.3.0-0ubuntu1+lucid2.debian.tar.gz Checksums-Sha256: 495e13ff3a274297c83517cf2ab8a27ec105f351401530f0ac741804e888fa3b 1408 vmware-view-client_1.3.0-0ubuntu1+lucid2.dsc dab9f77a6f776bcd53c0dc977a167162579c972c17209e596d881e74a38749fe 16749 vmware-view-client_1.3.0-0ubuntu1+lucid2.debian.tar.gz Files: b7fb8d66f02c4b4b9174846d4da483fe 1408 partner/net extra vmware-view-client_1.3.0-0ubuntu1+lucid2.dsc 427706ecb961e9c71e20bd69260ff25c 16749 partner/net extra vmware-view-client_1.3.0-0ubuntu1+lucid2.debian.tar.gz From marc.deslauriers at ubuntu.com Tue Dec 20 15:03:44 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 20 Dec 2011 15:03:44 -0000 Subject: [ubuntu/lucid-security] jasper 1.900.1-7ubuntu0.10.04.1 (Accepted) Message-ID: <20111220150344.30928.79820.launchpad@cocoplum.canonical.com> jasper (1.900.1-7ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate proper size in src/libjasper/jpc/jpc_cs.c. - Thanks to Red Hat for the patch - CVE-2011-4516 - CVE-2011-4517 Date: Mon, 19 Dec 2011 10:48:41 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/jasper/1.900.1-7ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Mon, 19 Dec 2011 10:48:41 -0500 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source Version: 1.900.1-7ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - The JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-7ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate proper size in src/libjasper/jpc/jpc_cs.c. - Thanks to Red Hat for the patch - CVE-2011-4516 - CVE-2011-4517 Checksums-Sha1: a12b0f779008925c5d9163f3c74e0f5b247e0586 1834 jasper_1.900.1-7ubuntu0.10.04.1.dsc ee479b9911782476f29217ebbae4e8ce25d14938 52653 jasper_1.900.1-7ubuntu0.10.04.1.diff.gz Checksums-Sha256: 9e7da7392eaeced3e13c31c005ad6449b6b13ffb6cbdc082e1b12139c9f490e5 1834 jasper_1.900.1-7ubuntu0.10.04.1.dsc a4b493378ec39b6ebbfe24f65bd07f21616fe567ef959f6134e8c8813ad9e584 52653 jasper_1.900.1-7ubuntu0.10.04.1.diff.gz Files: f1f7595f7a2c567ab600190dcde8684a 1834 graphics optional jasper_1.900.1-7ubuntu0.10.04.1.dsc 50023bf647b6e8fc94c21fbaf0106acb 52653 graphics optional jasper_1.900.1-7ubuntu0.10.04.1.diff.gz Original-Maintainer: Roland Stigge From udienz at ubuntu.com Tue Dec 20 16:04:04 2011 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Tue, 20 Dec 2011 16:04:04 -0000 Subject: [ubuntu/lucid-security] lighttpd 1.4.26-1.1ubuntu3.1 (Accepted) Message-ID: <20111220160404.20835.87875.launchpad@cocoplum.canonical.com> lighttpd (1.4.26-1.1ubuntu3.1) lucid-security; urgency=low * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67 (LP: #906792) - debian/patches/CVE-2011-4362.patch: patch derived from upstream - CVE-2011-4362 Date: Tue, 20 Dec 2011 17:34:44 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/lighttpd/1.4.26-1.1ubuntu3.1 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 17:34:44 +0700 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-dev Architecture: source Version: 1.4.26-1.1ubuntu3.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-dev - Development files for lighttpd lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Launchpad-Bugs-Fixed: 906792 Changes: lighttpd (1.4.26-1.1ubuntu3.1) lucid-security; urgency=low . * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67 (LP: #906792) - debian/patches/CVE-2011-4362.patch: patch derived from upstream - CVE-2011-4362 Checksums-Sha1: f7d69b84837c7f7b9d1274a321ba9df667b283fc 2460 lighttpd_1.4.26-1.1ubuntu3.1.dsc 78d4859cd087d9cb8a203a81c735eb8e09a0e35f 30579 lighttpd_1.4.26-1.1ubuntu3.1.diff.gz Checksums-Sha256: d9ac7224d82742e9ff704f204919f0ac461e9bf6d78331e0a0ffa4ec3a58eb8f 2460 lighttpd_1.4.26-1.1ubuntu3.1.dsc 7c107b1d28bcf38df327c7b0ae2bdc39ebb81cd2529d4a598dd0f824c4bd58da 30579 lighttpd_1.4.26-1.1ubuntu3.1.diff.gz Files: 9ad2d7c85378d84be70dbfdfc27f47f1 2460 web optional lighttpd_1.4.26-1.1ubuntu3.1.dsc 9206604b43f72ac23d8bc5e4f8768208 30579 web optional lighttpd_1.4.26-1.1ubuntu3.1.diff.gz Original-Maintainer: Debian lighttpd maintainers From udienz at ubuntu.com Tue Dec 20 22:33:55 2011 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Tue, 20 Dec 2011 22:33:55 -0000 Subject: [ubuntu/lucid-security] cacti_0.8.7e-2ubuntu0.2_i386_translations.tar.gz, cacti 0.8.7e-2ubuntu0.2 (Accepted) Message-ID: <20111220223355.10467.33939.launchpad@cocoplum.canonical.com> cacti (0.8.7e-2ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 Date: Tue, 20 Dec 2011 22:39:36 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/cacti/0.8.7e-2ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 22:39:36 +0700 Source: cacti Binary: cacti Architecture: source Version: 0.8.7e-2ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: cacti - Frontend to rrdtool for monitoring systems and services Launchpad-Bugs-Fixed: 906773 Changes: cacti (0.8.7e-2ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 Checksums-Sha1: f47feffd43d2c9a2cbdbc0f2e7d8757004c14b69 1868 cacti_0.8.7e-2ubuntu0.2.dsc b205b473eb9bbbc82ca6f7a05e6d538fe1a031c8 65978 cacti_0.8.7e-2ubuntu0.2.diff.gz Checksums-Sha256: da32e5267f1f05259e9fc02e3889394b6d47bf5898ef592cec3b7553ab84780c 1868 cacti_0.8.7e-2ubuntu0.2.dsc 5d44eb7a7442b95868975d3de015e9f8d3e6257b27fd3962235d5c8217a78943 65978 cacti_0.8.7e-2ubuntu0.2.diff.gz Files: bb3c45c5fbcf080a7de7667ac49f637c 1868 web extra cacti_0.8.7e-2ubuntu0.2.dsc e6f9d97b2d62259c41ca0927d74dbfb9 65978 web extra cacti_0.8.7e-2ubuntu0.2.diff.gz Original-Maintainer: Sean Finney From tyhicks at canonical.com Wed Dec 21 17:03:44 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Wed, 21 Dec 2011 17:03:44 -0000 Subject: [ubuntu/lucid-security] t1lib 5.1.2-3ubuntu0.10.04.1 (Accepted) Message-ID: <20111221170344.8274.47256.launchpad@cocoplum.canonical.com> t1lib (5.1.2-3ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font - lib/type1/type1.c: Only use ppoints when it is a valid pointer - CVE-2011-0764 Date: Mon, 19 Dec 2011 11:24:27 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/t1lib/5.1.2-3ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Mon, 19 Dec 2011 11:24:27 -0600 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: source Version: 5.1.2-3ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Changes: t1lib (5.1.2-3ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font - lib/type1/type1.c: Only use ppoints when it is a valid pointer - CVE-2011-0764 Checksums-Sha1: 8149005d4bc6831dd2fa5aa7f522c3b400882291 1906 t1lib_5.1.2-3ubuntu0.10.04.1.dsc dada4aee6a80a8f57fa14c461464003e207c1567 18111 t1lib_5.1.2-3ubuntu0.10.04.1.diff.gz Checksums-Sha256: a308b13a650c1ad8def9ac346cb9c1344f614bb44ed2b8791740cbbbd278f474 1906 t1lib_5.1.2-3ubuntu0.10.04.1.dsc c8349b266aa07c3fe45892a36d277ac24bd0db45b195d62e1d306073829cd722 18111 t1lib_5.1.2-3ubuntu0.10.04.1.diff.gz Files: d6ff2263fbe900d541039d8c222836b5 1906 libs optional t1lib_5.1.2-3ubuntu0.10.04.1.dsc 4f23d0328d24d6c4f27460c125273395 18111 libs optional t1lib_5.1.2-3ubuntu0.10.04.1.diff.gz Original-Maintainer: Ruben Molina From marc.deslauriers at ubuntu.com Fri Dec 23 15:03:41 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Fri, 23 Dec 2011 15:03:41 -0000 Subject: [ubuntu/lucid-security] unbound 1.4.1-2ubuntu0.2 (Accepted) Message-ID: <20111223150341.5859.62183.launchpad@cocoplum.canonical.com> unbound (1.4.1-2ubuntu0.2) lucid-security; urgency=high [ Scott Kitterman ] * SECURITY UPDATE: * References: CVE 2011-4528, 2011-4869 (LP: #907983) * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC - Patch from Debian security update [ Marc Deslauriers ] * SECURITY UPDATE: denial of service via crafted query - debian/patches/CVE-2009-4008.patch: add checks to util/data/dname.c. - CVE-2009-4008 * SECURITY UPDATE: denial of service via improperly aligned structures - debian/patches/CVE-2010-0969.patch: properly calculate sizes in util/net_help.c. - CVE-2010-0969 Date: Fri, 23 Dec 2011 08:07:43 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/unbound/1.4.1-2ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Fri, 23 Dec 2011 08:07:43 -0500 Source: unbound Binary: unbound unbound-host libunbound2 libunbound-dev Architecture: source Version: 1.4.1-2ubuntu0.2 Distribution: lucid-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libunbound-dev - static library, header files, and docs for libunbound libunbound2 - library implementing DNS resolution and validation unbound - validating, recursive, caching DNS resolver unbound-host - reimplementation of the 'host' command Launchpad-Bugs-Fixed: 907983 Changes: unbound (1.4.1-2ubuntu0.2) lucid-security; urgency=high . [ Scott Kitterman ] * SECURITY UPDATE: * References: CVE 2011-4528, 2011-4869 (LP: #907983) * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC - Patch from Debian security update . [ Marc Deslauriers ] * SECURITY UPDATE: denial of service via crafted query - debian/patches/CVE-2009-4008.patch: add checks to util/data/dname.c. - CVE-2009-4008 * SECURITY UPDATE: denial of service via improperly aligned structures - debian/patches/CVE-2010-0969.patch: properly calculate sizes in util/net_help.c. - CVE-2010-0969 Checksums-Sha1: b4ad90a35f4afafd50e332fbd00fbad387825fde 2005 unbound_1.4.1-2ubuntu0.2.dsc 522688f708b6e027aac398d3ae7432933d57a6c7 8931 unbound_1.4.1-2ubuntu0.2.diff.gz Checksums-Sha256: 90fe607a687c47d8d17a66e4cec9ba30ed894fe3f19856203abe37512c4e33cd 2005 unbound_1.4.1-2ubuntu0.2.dsc c3be8e058c3e9b14e2642648725e2f243d243c7deb5677ad3047e6af1db9d1a3 8931 unbound_1.4.1-2ubuntu0.2.diff.gz Files: c5e25659bfdacbe30288988c1990b815 2005 net optional unbound_1.4.1-2ubuntu0.2.dsc 5a9995fab187bc005d523410aa460a71 8931 net optional unbound_1.4.1-2ubuntu0.2.diff.gz Original-Maintainer: Robert S. Edmonds