[ubuntu/lucid-security] oprofile 0.9.6-1ubuntu4.4 (Accepted)

[Jamie Strandboge]

oprofile (0.9.6-1ubuntu4.4) lucid-security; urgency=low

  * SECURITY UPDATE: shell metacharacter injection via -e argument
    - 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e
    - CVE-2011-1760
  * SECURITY UDPATE: shell metacharacter injection via --vmlinux,
    --session-dir and --xen
    - 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands
      in $SETUP_FILE
    - 0004-Do-additional-checks-on-user-supplied-arguments.patch: input
      validation on user supplied values
    - CVE-2011-2471
  * SECURITY UPDATE: directory traversal vulnerability via --save and
    --session-dir
    - 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch
    - 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename()
      which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch
    - CVE-2011-2472

Date: Thu, 07 Jul 2011 11:00:26 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/oprofile/0.9.6-1ubuntu4.4
-------------- next part --------------
Format: 1.8
Date: Thu, 07 Jul 2011 11:00:26 -0500
Source: oprofile
Binary: oprofile libopagent1 oprofile-gui
Architecture: source
Version: 0.9.6-1ubuntu4.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libopagent1 - system-wide profiler for Linux systems (opagent runtime library)
 oprofile   - system-wide profiler for Linux systems
 oprofile-gui - system-wide profiler for Linux systems (GUI components)
Changes: 
 oprofile (0.9.6-1ubuntu4.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: shell metacharacter injection via -e argument
     - 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e
     - CVE-2011-1760
   * SECURITY UDPATE: shell metacharacter injection via --vmlinux,
     --session-dir and --xen
     - 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands
       in $SETUP_FILE
     - 0004-Do-additional-checks-on-user-supplied-arguments.patch: input
       validation on user supplied values
     - CVE-2011-2471
   * SECURITY UPDATE: directory traversal vulnerability via --save and
     --session-dir
     - 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch
     - 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename()
       which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch
     - CVE-2011-2472
Checksums-Sha1: 
 3c288c0ea91f1cbc55feefa091c32681ad64f226 2192 oprofile_0.9.6-1ubuntu4.4.dsc
 0a9708a7d27bd8d811863c3f8d4b359b15516802 19077 oprofile_0.9.6-1ubuntu4.4.diff.gz
Checksums-Sha256: 
 5f4686c4143857dfe3b7ea15c19e80fa9739183aaccf2002a96b5d95b2a74284 2192 oprofile_0.9.6-1ubuntu4.4.dsc
 253215a8aca7fe46915c413448bc84f1bd088f8f66fbfe7c72e899d231d0d9cd 19077 oprofile_0.9.6-1ubuntu4.4.diff.gz
Files: 
 ca88a20eb6e676a330e9f0bb88241bd1 2192 devel optional oprofile_0.9.6-1ubuntu4.4.dsc
 c230b777d62fd3d3d26667cd08890596 19077 devel optional oprofile_0.9.6-1ubuntu4.4.diff.gz
Original-Maintainer: LIU Qi <liuqi82 at gmail.com>