From sbeattie at ubuntu.com Thu Sep 1 21:04:15 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Thu, 01 Sep 2011 21:04:15 -0000 Subject: [ubuntu/lucid-security] apache2 2.2.14-5ubuntu8.6 (Accepted) Message-ID: <20110901210415.22310.20342.launchpad@cocoplum.canonical.com> apache2 (2.2.14-5ubuntu8.6) lucid-security; urgency=low * SECURITY UPDATE: Range header DoS vulnerability - debian/patches/207_CVE-2011-3192.dpatch: filter out large byte ranges and improve memory efficiency in handling buckets. (thanks to Debian and upstream) - CVE-2011-3192 * Include fix for regressions introduced by above patch: - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206 and 416 response codes where appropriate (see deban bug 639825) Date: Thu, 01 Sep 2011 01:52:17 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-5ubuntu8.6 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Sep 2011 01:52:17 -0700 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source Version: 2.2.14-5ubuntu8.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.14-5ubuntu8.6) lucid-security; urgency=low . * SECURITY UPDATE: Range header DoS vulnerability - debian/patches/207_CVE-2011-3192.dpatch: filter out large byte ranges and improve memory efficiency in handling buckets. (thanks to Debian and upstream) - CVE-2011-3192 * Include fix for regressions introduced by above patch: - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206 and 416 response codes where appropriate (see deban bug 639825) Checksums-Sha1: f5885d1d9ffa536eb3eb484c2eeb1ba17b34dded 2697 apache2_2.2.14-5ubuntu8.6.dsc 5a5114de188956bee62b5e250a1d98d48ca24c8d 221516 apache2_2.2.14-5ubuntu8.6.diff.gz Checksums-Sha256: 8b46d689ec66eb19fce488c23ceaffc640b66b90e4f102c78dfd2898bcdd5aeb 2697 apache2_2.2.14-5ubuntu8.6.dsc 3388d6613739c83dd017e682c844b515adca2d88bf06079b9dc3cebfbfc5b668 221516 apache2_2.2.14-5ubuntu8.6.diff.gz Files: 3974d9737d281c0acb00c0f931fbb77e 2697 httpd optional apache2_2.2.14-5ubuntu8.6.dsc 25be3320d327f8a91b874c1f0675df77 221516 httpd optional apache2_2.2.14-5ubuntu8.6.diff.gz Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2 From kirkland at ubuntu.com Tue Sep 6 16:47:18 2011 From: kirkland at ubuntu.com (Dustin Kirkland) Date: Tue, 06 Sep 2011 16:47:18 -0000 Subject: [ubuntu/lucid-proposed] ecryptfs-utils 83-0ubuntu3.2.10.04.3 (Accepted) Message-ID: <20110906164718.28580.29243.launchpad@chaenomeles.canonical.com> ecryptfs-utils (83-0ubuntu3.2.10.04.3) lucid-proposed; urgency=low * src/libecryptfs/key_management.c: LP: #725862 - fix nasty bug affecting users who do *not* encrypt filenames; the first login works, but on logout, only one key gets cleaned out; subsequent logins do not insert the necessary key due to an early "goto out" Date: Fri, 02 Sep 2011 17:47:02 -0500 Changed-By: Dustin Kirkland Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.3 -------------- next part -------------- Format: 1.8 Date: Fri, 02 Sep 2011 17:47:02 -0500 Source: ecryptfs-utils Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev Architecture: source Version: 83-0ubuntu3.2.10.04.3 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Dustin Kirkland Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) Launchpad-Bugs-Fixed: 725862 Changes: ecryptfs-utils (83-0ubuntu3.2.10.04.3) lucid-proposed; urgency=low . * src/libecryptfs/key_management.c: LP: #725862 - fix nasty bug affecting users who do *not* encrypt filenames; the first login works, but on logout, only one key gets cleaned out; subsequent logins do not insert the necessary key due to an early "goto out" Checksums-Sha1: 9d910ac705793c9ff73818649edde590bc6ef472 2227 ecryptfs-utils_83-0ubuntu3.2.10.04.3.dsc ab82032679c60bfc702dc339b2c9d506ace0dc34 548235 ecryptfs-utils_83.orig.tar.gz 9f950382e2618f0e1a5aae453695f1b85c9f6b58 20156 ecryptfs-utils_83-0ubuntu3.2.10.04.3.diff.gz Checksums-Sha256: 44af0a3f92b25e8e168146a4255c2cf1a6cf216e70cca2d9f88d877ee94335cb 2227 ecryptfs-utils_83-0ubuntu3.2.10.04.3.dsc ede721fa2dba9cb3dadf89e5a21c555be35fa031abd841073fcc6f92e3b29dee 548235 ecryptfs-utils_83.orig.tar.gz 89f9268e870fb9ff4feaa626a235f09f803f6a3ae75c478b54439a8a0f07bd92 20156 ecryptfs-utils_83-0ubuntu3.2.10.04.3.diff.gz Files: f14ca08ead7327e3923aba2bba3faed2 2227 misc optional ecryptfs-utils_83-0ubuntu3.2.10.04.3.dsc 1c97d96437d62921744647d4157a8f3e 548235 misc optional ecryptfs-utils_83.orig.tar.gz d6fbe6f349fc526dc169eaa2719de44d 20156 misc optional ecryptfs-utils_83-0ubuntu3.2.10.04.3.diff.gz Original-Maintainer: Daniel Baumann From jtaylor.debian at googlemail.com Fri Sep 9 03:03:30 2011 From: jtaylor.debian at googlemail.com (Julian Taylor) Date: Fri, 09 Sep 2011 03:03:30 -0000 Subject: [ubuntu/lucid-security] bcfg2 0.9.6-0ubuntu2.1.10.04.1 (Accepted) Message-ID: <20110909030330.15425.76262.launchpad@cocoplum.canonical.com> bcfg2 (0.9.6-0ubuntu2.1.10.04.1) lucid-security; urgency=high * SECURITY UPDATE: missing input sanitization allowing execution of arbitrary commands (LP: #844743) - backported fix from upstream by Chris St. Pierre - https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1 - CVE-2011-3211 Date: Thu, 08 Sep 2011 15:17:00 +0200 Changed-By: Julian Taylor Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/bcfg2/0.9.6-0ubuntu2.1.10.04.1 -------------- next part -------------- Format: 1.8 Date: Thu, 08 Sep 2011 15:17:00 +0200 Source: bcfg2 Binary: bcfg2 bcfg2-server Architecture: source Version: 0.9.6-0ubuntu2.1.10.04.1 Distribution: lucid-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Julian Taylor Description: bcfg2 - Configuration management client bcfg2-server - Configuration management server Launchpad-Bugs-Fixed: 844743 Changes: bcfg2 (0.9.6-0ubuntu2.1.10.04.1) lucid-security; urgency=high . * SECURITY UPDATE: missing input sanitization allowing execution of arbitrary commands (LP: #844743) - backported fix from upstream by Chris St. Pierre - https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1 - CVE-2011-3211 Checksums-Sha1: 5a7546c61eb415f909a519414733eb66ea4d7063 1866 bcfg2_0.9.6-0ubuntu2.1.10.04.1.dsc da0b5cdada46cf953dd7aada3207a26aa66e9376 12687 bcfg2_0.9.6-0ubuntu2.1.10.04.1.diff.gz Checksums-Sha256: 4316f6ab9b0a864534735a6f66087b3e04fc0c93dca2bae3e99a32446aa12cd6 1866 bcfg2_0.9.6-0ubuntu2.1.10.04.1.dsc cb4ad5a7ec26d8f5073c6dffda9ce789eb9c415b7e5e312e211c99acf4c21c90 12687 bcfg2_0.9.6-0ubuntu2.1.10.04.1.diff.gz Files: 8dc1bdd46ad7a74481f1b792a2ea21cb 1866 admin optional bcfg2_0.9.6-0ubuntu2.1.10.04.1.dsc 77a9168c33210cb030c6455c3a2c6842 12687 admin optional bcfg2_0.9.6-0ubuntu2.1.10.04.1.diff.gz Original-Maintainer: Sami Haahtinen From tim.gardner at canonical.com Mon Sep 12 21:23:04 2011 From: tim.gardner at canonical.com (Tim Gardner) Date: Mon, 12 Sep 2011 21:23:04 -0000 Subject: [ubuntu/lucid-proposed] linux-firmware 1.34.12 (Accepted) Message-ID: <20110912212304.19674.17464.launchpad@soybean.canonical.com> linux-firmware (1.34.12) lucid-proposed; urgency=low * Added firmware files to support Oneiric LTS backport linux-firmware: Add a new FW 7.0.20.0 bnx2x: Adding FW 7.0.23.0 -LP: #808884 linux-firmware (1.34.11) lucid-proposed; urgency=low * Added firmware files to support compat-wireless linux-firmware: add new firmware for RTL8168E-VL linux-firmware: update firmware for RTL8111E linux-firmware: Add firmware for RTL8168/8111E linux-firmware: Add firmware for RTL8105E rtl_nic: Add firmware for RTL8111D(L) -LP: #804671 linux-firmware (1.34.10) lucid-proposed; urgency=low * Added carl9170.fw for Atheros wireless AR9170 based devices. -LP: #713987 linux-firmware (1.34.9) lucid-proposed; urgency=low * Add Firmware for Atheros HTC devices (ath9k) -LP: #653854 linux-firmware (1.34.8) lucid-proposed; urgency=low * Added iwlwifi-1000-5.ucode -LP: #752829 Date: Mon, 11 Jul 2011 11:11:45 -0600 Changed-By: Tim Gardner Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/lucid/+source/linux-firmware/1.34.12 -------------- next part -------------- Format: 1.8 Date: Mon, 11 Jul 2011 11:11:45 -0600 Source: linux-firmware Binary: linux-firmware nic-firmware scsi-firmware Architecture: source Version: 1.34.12 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Tim Gardner Description: linux-firmware - Firmware for Linux kernel drivers nic-firmware - Firmware for NICs (udeb) scsi-firmware - Firmware for SCSI controllers (udeb) Launchpad-Bugs-Fixed: 653854 713987 752829 804671 808884 Changes: linux-firmware (1.34.12) lucid-proposed; urgency=low . * Added firmware files to support Oneiric LTS backport linux-firmware: Add a new FW 7.0.20.0 bnx2x: Adding FW 7.0.23.0 -LP: #808884 . linux-firmware (1.34.11) lucid-proposed; urgency=low . * Added firmware files to support compat-wireless linux-firmware: add new firmware for RTL8168E-VL linux-firmware: update firmware for RTL8111E linux-firmware: Add firmware for RTL8168/8111E linux-firmware: Add firmware for RTL8105E rtl_nic: Add firmware for RTL8111D(L) -LP: #804671 . linux-firmware (1.34.10) lucid-proposed; urgency=low . * Added carl9170.fw for Atheros wireless AR9170 based devices. -LP: #713987 . linux-firmware (1.34.9) lucid-proposed; urgency=low . * Add Firmware for Atheros HTC devices (ath9k) -LP: #653854 . linux-firmware (1.34.8) lucid-proposed; urgency=low . * Added iwlwifi-1000-5.ucode -LP: #752829 Checksums-Sha1: 54f16b594fff4323045eb559470af331be7fc6e3 865 linux-firmware_1.34.12.dsc 99d055dc56efaa4c752f5afa7d1e5a500189dc97 12244311 linux-firmware_1.34.12.tar.gz Checksums-Sha256: 374b80c9cb13bd29ddd190de8d2c405e5b6c52227a0b71835dcf458b8209367d 865 linux-firmware_1.34.12.dsc 10281be439c9eac2934d661fe6954bbc41ffc23ac6331c458db61f1be9624dce 12244311 linux-firmware_1.34.12.tar.gz Files: f11244f8bdcb3869e2489c5a9aa715c5 865 misc optional linux-firmware_1.34.12.dsc 19e393a913862265f116c8d335fa9df0 12244311 misc optional linux-firmware_1.34.12.tar.gz From kees at ubuntu.com Tue Sep 13 21:03:37 2011 From: kees at ubuntu.com (Kees Cook) Date: Tue, 13 Sep 2011 21:03:37 -0000 Subject: [ubuntu/lucid-security] librsvg 2.26.3-0ubuntu1.1 (Accepted) Message-ID: <20110913210337.19352.90808.launchpad@cocoplum.canonical.com> librsvg (2.26.3-0ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: fix arbitrary execution of fake node types. - debian/patches/store-node-type-separately.patch: add upstream fix, thanks to Christian Persch. - CVE-2011-3146 Date: Thu, 01 Sep 2011 16:28:24 -0700 Changed-By: Kees Cook Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/lucid/+source/librsvg/2.26.3-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Sep 2011 16:28:24 -0700 Source: librsvg Binary: librsvg2-dev librsvg2-2 librsvg2-common librsvg2-dbg librsvg2-bin Architecture: source Version: 2.26.3-0ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Kees Cook Description: librsvg2-2 - SAX-based renderer library for SVG files (runtime) librsvg2-bin - command-line and graphical viewers for SVG files librsvg2-common - SAX-based renderer library for SVG files (extra runtime) librsvg2-dbg - SAX-based renderer library for SVG files (debug) librsvg2-dev - SAX-based renderer library for SVG files (development) Changes: librsvg (2.26.3-0ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: fix arbitrary execution of fake node types. - debian/patches/store-node-type-separately.patch: add upstream fix, thanks to Christian Persch. - CVE-2011-3146 Checksums-Sha1: 0829affed7fbeb1ab62b513ec7e541c3df92d75b 2425 librsvg_2.26.3-0ubuntu1.1.dsc edd299aeb5b7b68158e88fc981feffaaaf26abab 19228 librsvg_2.26.3-0ubuntu1.1.diff.gz Checksums-Sha256: f946cafd50751cab0bb9dc99ac19b69642bb7169dec060b7be8a1a0f8edb6986 2425 librsvg_2.26.3-0ubuntu1.1.dsc 8ba04ec7cfd99b0e4a845b7a8d588e7be4ba8d694c5df6dd136af8a5854b1f8c 19228 librsvg_2.26.3-0ubuntu1.1.diff.gz Files: c1c68478a05ab2a5e17e426418f06148 2425 libdevel optional librsvg_2.26.3-0ubuntu1.1.dsc 0231476342a90ea6dffccd5e2127a37c 19228 libdevel optional librsvg_2.26.3-0ubuntu1.1.diff.gz Original-Maintainer: Josselin Mouette From marc.deslauriers at ubuntu.com Wed Sep 14 16:04:41 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 14 Sep 2011 16:04:41 -0000 Subject: [ubuntu/lucid-security] cups_1.4.3-1ubuntu1.5_armel_translations.tar.gz, cups_1.4.3-1ubuntu1.5_ia64_translations.tar.gz, cups_1.4.3-1ubuntu1.5_sparc_translations.tar.gz, cups_1.4.3-1ubuntu1.5_powerpc_translations.tar.gz, cups, cups_1.4.3-1ubuntu1.5_amd64_translations.tar.gz, cups_1.4.3-1ubuntu1.5_i386_translations.tar.gz 1.4.3-1ubuntu1.5 (Accepted) Message-ID: <20110914160441.31580.93410.launchpad@cocoplum.canonical.com> cups (1.4.3-1ubuntu1.5) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via missing code words - debian/patches/CVE-2011-2896.dpatch: improve logic in filter/image-gif.c. - CVE-2011-2896 * SECURITY UPDATE: arbitrary code execution via incorrect code word handling - debian/patches/CVE-2011-3170.dpatch: don't overflow in filter/image-gif.c. - CVE-2011-3170 * This update does _not_ contain the changes from the 1.4.3-1ubuntu1.4 package that was in -proposed. Date: Mon, 12 Sep 2011 09:25:57 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/cups/1.4.3-1ubuntu1.5 -------------- next part -------------- Format: 1.8 Date: Mon, 12 Sep 2011 09:25:57 -0400 Source: cups Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg cupsddk Architecture: source Version: 1.4.3-1ubuntu1.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities cupsddk - Common UNIX Printing System (transitional package) cupsys - Common UNIX Printing System (transitional package) cupsys-bsd - Common UNIX Printing System (transitional package) cupsys-client - Common UNIX Printing System (transitional package) cupsys-common - Common UNIX Printing System (transitional package) cupsys-dbg - Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - Core library libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library libcupscgi1 - Common UNIX Printing System(tm) - CGI library libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra libcupsdriver1 - Common UNIX Printing System(tm) - Driver library libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar libcupsimage2 - Common UNIX Printing System(tm) - Raster image library libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li libcupsmime1 - Common UNIX Printing System(tm) - MIME library libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library Changes: cups (1.4.3-1ubuntu1.5) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via missing code words - debian/patches/CVE-2011-2896.dpatch: improve logic in filter/image-gif.c. - CVE-2011-2896 * SECURITY UPDATE: arbitrary code execution via incorrect code word handling - debian/patches/CVE-2011-3170.dpatch: don't overflow in filter/image-gif.c. - CVE-2011-3170 * This update does _not_ contain the changes from the 1.4.3-1ubuntu1.4 package that was in -proposed. Checksums-Sha1: fe33735b0074e1c45954b7f3355b0f1761a747f1 2908 cups_1.4.3-1ubuntu1.5.dsc d46853a55fb6aeda72c2cc55de814c56206621b4 497099 cups_1.4.3-1ubuntu1.5.diff.gz Checksums-Sha256: b2f28fa459e0fd350ec34836f6e9aa8567179c3624691be8eb9a478405373b7b 2908 cups_1.4.3-1ubuntu1.5.dsc 17d0793e2ffae1b8ed53a646ddb50c6552ebef03a7e99d55e61162da3d546e68 497099 cups_1.4.3-1ubuntu1.5.diff.gz Files: 184c549611c70a3916271cfc71dfff17 2908 net optional cups_1.4.3-1ubuntu1.5.dsc c8a3db1c45b85c18987b2664f7490678 497099 net optional cups_1.4.3-1ubuntu1.5.diff.gz Original-Maintainer: Debian CUPS Maintainers From jtaylor.debian at googlemail.com Thu Sep 15 19:03:56 2011 From: jtaylor.debian at googlemail.com (Julian Taylor) Date: Thu, 15 Sep 2011 19:03:56 -0000 Subject: [ubuntu/lucid-security] tahoe-lafs 1.6.1-0ubuntu2.1 (Accepted) Message-ID: <20110915190356.6741.25195.launchpad@cocoplum.canonical.com> tahoe-lafs (1.6.1-0ubuntu2.1) lucid-security; urgency=high * SECURITY UPDATE: fix unauthorized deletion (LP: #848476) a person who knows the "storage index" that identifies an immutable file can cause the server to delete its shares of that file. - backported from upstream version 1.8.3 * http://tahoe-lafs.org/source/tahoe-lafs/snapshots/allmydata-tahoe-1.8.3.zip Date: Tue, 13 Sep 2011 22:37:02 +0200 Changed-By: Julian Taylor Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/tahoe-lafs/1.6.1-0ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Tue, 13 Sep 2011 22:37:02 +0200 Source: tahoe-lafs Binary: tahoe-lafs Architecture: source Version: 1.6.1-0ubuntu2.1 Distribution: lucid-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Julian Taylor Description: tahoe-lafs - Secure distributed filesystem Launchpad-Bugs-Fixed: 848476 Changes: tahoe-lafs (1.6.1-0ubuntu2.1) lucid-security; urgency=high . * SECURITY UPDATE: fix unauthorized deletion (LP: #848476) a person who knows the "storage index" that identifies an immutable file can cause the server to delete its shares of that file. - backported from upstream version 1.8.3 * http://tahoe-lafs.org/source/tahoe-lafs/snapshots/allmydata-tahoe-1.8.3.zip Checksums-Sha1: ddc236a08df93d3465e995a2024d71396445638c 1869 tahoe-lafs_1.6.1-0ubuntu2.1.dsc 6e95e2e6b90d2dfcedeab27b9adafaac70439e59 17205 tahoe-lafs_1.6.1-0ubuntu2.1.debian.tar.gz Checksums-Sha256: 2233674935c64e64665b82e63fc14c13d0e56ba48cb2dce698b6fae9a4c40a27 1869 tahoe-lafs_1.6.1-0ubuntu2.1.dsc 2f16e51f00549c108cad1b407b25848bbdfdc979cfcd26b2d04190c4b8828020 17205 tahoe-lafs_1.6.1-0ubuntu2.1.debian.tar.gz Files: a72959a6a80918874fcbaad95724b393 1869 utils optional tahoe-lafs_1.6.1-0ubuntu2.1.dsc 552fbb0b342418125cb6bf9cf6500cca 17205 utils optional tahoe-lafs_1.6.1-0ubuntu2.1.debian.tar.gz Original-Maintainer: Brian Warner From gary.lasker at canonical.com Mon Sep 19 05:05:41 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Mon, 19 Sep 2011 05:05:41 -0000 Subject: [ubuntu/lucid-proposed] tzdata 2011j-0ubuntu0.10.04 (Accepted) Message-ID: <20110919050541.21148.55123.launchpad@wampee.canonical.com> tzdata (2011j-0ubuntu0.10.04) lucid-proposed; urgency=low * New upstream release 2011j: (LP: #802778) Date: Fri, 16 Sep 2011 00:23:40 -0400 Changed-By: Gary Lasker Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/tzdata/2011j-0ubuntu0.10.04 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Sep 2011 00:23:40 -0400 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011j-0ubuntu0.10.04 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 802778 Changes: tzdata (2011j-0ubuntu0.10.04) lucid-proposed; urgency=low . * New upstream release 2011j: (LP: #802778) Checksums-Sha1: 07822d6f0550d58768d2986af82e0fcfd2715efa 1909 tzdata_2011j-0ubuntu0.10.04.dsc f0be74619b61a7a000116c33022a9256bbda4e53 198820 tzdata_2011j.orig.tar.gz 6f3c7526ebfed9c94d62f53abb70ab003a7dbc00 248701 tzdata_2011j-0ubuntu0.10.04.debian.tar.gz Checksums-Sha256: 3deec26cb915387e608554447eea35d6f2bf97ff0e8896aca4810a4e2a53ccfd 1909 tzdata_2011j-0ubuntu0.10.04.dsc 7e8540a85f1b474df1b40b403bea5748311ca7731b3038e51d6abc7f2d223c2a 198820 tzdata_2011j.orig.tar.gz a05b3c1c4f0e7a5bc9033e07d2f7423e1642063fd432479526fea3c453946c60 248701 tzdata_2011j-0ubuntu0.10.04.debian.tar.gz Files: 71ca9d58be50fdbbbff23ef29c7d08b0 1909 libs required tzdata_2011j-0ubuntu0.10.04.dsc 30a6bebdbdd03c5bd29241c15f569d50 198820 libs required tzdata_2011j.orig.tar.gz 4c5f00cdba305fa0059d54c4224add5e 248701 libs required tzdata_2011j-0ubuntu0.10.04.debian.tar.gz Original-Maintainer: GNU Libc Maintainers From marc.deslauriers at ubuntu.com Mon Sep 19 18:05:24 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 19 Sep 2011 18:05:24 -0000 Subject: [ubuntu/lucid-security] ffmpeg 4:0.5.1-1ubuntu1.2 (Accepted) Message-ID: <20110919180524.18243.51919.launchpad@cocoplum.canonical.com> ffmpeg (4:0.5.1-1ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Date: Fri, 16 Sep 2011 09:45:12 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ffmpeg/4:0.5.1-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Sep 2011 09:45:12 -0400 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: source Version: 4:0.5.1-1ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: ffmpeg - multimedia player, server and encoder ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API libavcodec-dev - development files for libavcodec libavcodec52 - ffmpeg codec library libavdevice-dev - development files for libavdevice libavdevice52 - ffmpeg device handling library libavfilter-dev - development files for libavfilter libavfilter0 - ffmpeg video filtering library libavformat-dev - development files for libavformat libavformat52 - ffmpeg file format library libavutil-dev - development files for libavutil libavutil49 - ffmpeg utility library libpostproc-dev - development files for libpostproc libpostproc51 - ffmpeg video postprocessing library libswscale-dev - development files for libswscale libswscale0 - ffmpeg video scaling library Changes: ffmpeg (4:0.5.1-1ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Checksums-Sha1: da816b02e0247efbb365a65dea4681b62941c023 2898 ffmpeg_0.5.1-1ubuntu1.2.dsc f1ab463ec4fe7b9c6ed97b3f8af462035698e2b0 65795 ffmpeg_0.5.1-1ubuntu1.2.diff.gz Checksums-Sha256: 04cfa88c20a1ecca81b691c7f6037033ef7481ce16c7b1b6c87e62a298b95b04 2898 ffmpeg_0.5.1-1ubuntu1.2.dsc 60df44c57312e533e99819f5624bffe3c0dfe42920480d12ccda738ac0e9d274 65795 ffmpeg_0.5.1-1ubuntu1.2.diff.gz Files: 12af093bf1919b1cdf9a55b14b708702 2898 libs optional ffmpeg_0.5.1-1ubuntu1.2.dsc 2a48a0e0113d5f695ca701bcd82048ca 65795 libs optional ffmpeg_0.5.1-1ubuntu1.2.diff.gz Original-Maintainer: Debian multimedia packages maintainers From marc.deslauriers at ubuntu.com Mon Sep 19 18:05:51 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 19 Sep 2011 18:05:51 -0000 Subject: [ubuntu/lucid-security] ffmpeg-extra 4:0.5.1-1ubuntu1.2 (Accepted) Message-ID: <20110919180551.18243.63225.launchpad@cocoplum.canonical.com> ffmpeg-extra (4:0.5.1-1ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Date: Mon, 19 Sep 2011 09:27:11 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ffmpeg-extra/4:0.5.1-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Mon, 19 Sep 2011 09:27:11 -0400 Source: ffmpeg-extra Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0 Architecture: source Version: 4:0.5.1-1ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libavcodec-extra-52 - ffmpeg codec library libavcodec-unstripped-52 - ffmpeg utility library - transitional package libavdevice-extra-52 - ffmpeg device handling library libavdevice-unstripped-52 - ffmpeg utility library - transitional package libavfilter-extra-0 - ffmpeg video filtering library libavfilter-unstripped-0 - ffmpeg utility library - transitional package libavformat-extra-52 - ffmpeg file format library libavformat-unstripped-52 - ffmpeg utility library - transitional package libavutil-extra-49 - ffmpeg utility library libavutil-unstripped-49 - ffmpeg utility library - transitional package libpostproc-extra-51 - ffmpeg video postprocessing library libpostproc-unstripped-51 - ffmpeg utility library - transitional package libswscale-extra-0 - ffmpeg video scaling library libswscale-unstripped-0 - ffmpeg utility library - transitional package Changes: ffmpeg-extra (4:0.5.1-1ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Checksums-Sha1: e8476017d92f40897bb02bae2ba5e3e7b4d2d4e7 3262 ffmpeg-extra_0.5.1-1ubuntu1.2.dsc abd6ea9b6a62dfd07e9bf28ddd698903112f73c8 66314 ffmpeg-extra_0.5.1-1ubuntu1.2.diff.gz Checksums-Sha256: 7e6d55c233b03bf76685e3c6542398d94ae86a51d83367dff8d58e91dcf3e92d 3262 ffmpeg-extra_0.5.1-1ubuntu1.2.dsc a17bf06f43b636d53ccf2aac761564b4dc79b9a35c1c49ba91f56fe68bc2f37f 66314 ffmpeg-extra_0.5.1-1ubuntu1.2.diff.gz Files: 671a557069aee59e83f999b3df469333 3262 libs optional ffmpeg-extra_0.5.1-1ubuntu1.2.dsc bbcd029e423030a1f402baa618e43ae9 66314 libs optional ffmpeg-extra_0.5.1-1ubuntu1.2.diff.gz Original-Maintainer: Debian multimedia packages maintainers From stefanor at ubuntu.com Mon Sep 19 23:13:57 2011 From: stefanor at ubuntu.com (Stefano Rivera) Date: Mon, 19 Sep 2011 23:13:57 -0000 Subject: [ubuntu/lucid-proposed] ubuntu-dev-tools 0.99.1 (Accepted) Message-ID: <20110919231357.23726.90561.launchpad@chaenomeles.canonical.com> ubuntu-dev-tools (0.99.1) lucid-proposed; urgency=low * Debian source publication records are all Published now, not pending (LP: #845487) Date: Wed, 14 Sep 2011 13:46:06 +0200 Changed-By: Stefano Rivera Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ubuntu-dev-tools/0.99.1 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Sep 2011 13:46:06 +0200 Source: ubuntu-dev-tools Binary: ubuntu-dev-tools Architecture: source Version: 0.99.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Stefano Rivera Description: ubuntu-dev-tools - useful tools for Ubuntu developers Launchpad-Bugs-Fixed: 845487 Changes: ubuntu-dev-tools (0.99.1) lucid-proposed; urgency=low . * Debian source publication records are all Published now, not pending (LP: #845487) Checksums-Sha1: 22b63b3c6e60e9c395f0282b705e829a3486f3c5 1722 ubuntu-dev-tools_0.99.1.dsc cb3911319605bd99afe7307a1994079a48bcf3f1 122544 ubuntu-dev-tools_0.99.1.tar.gz Checksums-Sha256: f11317d53505c7dbcb7652bae7507e7be084c0fd811f1f98ee7393a807fa93c5 1722 ubuntu-dev-tools_0.99.1.dsc bd11be75e48e4ae2f90b780607079400e2b14eb364e731ab79d01105a6086e5e 122544 ubuntu-dev-tools_0.99.1.tar.gz Files: 98f2d9927b0e93545c7e89ccfaa78bbd 1722 devel optional ubuntu-dev-tools_0.99.1.dsc 1dbf9c6953d31e7d9f5eae20bae06ef9 122544 devel optional ubuntu-dev-tools_0.99.1.tar.gz From torsten at canonical.com Tue Sep 20 17:37:08 2011 From: torsten at canonical.com (Torsten Spindler (Canonical)) Date: Tue, 20 Sep 2011 17:37:08 -0000 Subject: [ubuntu/lucid-proposed] libgksu 2.0.13~pre1-1ubuntu4.2 (Accepted) Message-ID: <20110920173708.22614.33464.launchpad@chaenomeles.canonical.com> libgksu (2.0.13~pre1-1ubuntu4.2) lucid-proposed; urgency=low * debian/patches/29_check-newline.patch: - check if an empty line is really received before ignoring it (LP: #298217) Date: Wed, 14 Sep 2011 11:46:48 +0200 Changed-By: Torsten Spindler (Canonical) Maintainer: Ubuntu Core Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/libgksu/2.0.13~pre1-1ubuntu4.2 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Sep 2011 11:46:48 +0200 Source: libgksu Binary: libgksu2-0 libgksu2-dev Architecture: source Version: 2.0.13~pre1-1ubuntu4.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Torsten Spindler (Canonical) Description: libgksu2-0 - library providing su and sudo functionality libgksu2-dev - library providing su and sudo functionality (development files) Launchpad-Bugs-Fixed: 298217 Changes: libgksu (2.0.13~pre1-1ubuntu4.2) lucid-proposed; urgency=low . * debian/patches/29_check-newline.patch: - check if an empty line is really received before ignoring it (LP: #298217) Checksums-Sha1: 829687f7a832fbb0706d181dca94f519dcad6463 2297 libgksu_2.0.13~pre1-1ubuntu4.2.dsc da8c10cb30a4072db2a566fa884a21f842de8c11 27472 libgksu_2.0.13~pre1-1ubuntu4.2.diff.gz Checksums-Sha256: 2d3af7ab51217e9223519c22c3b8462b86c87bf0c29c8c1a21a206215dcc4c83 2297 libgksu_2.0.13~pre1-1ubuntu4.2.dsc f7365c2e45861f7306d55ff8b03345e9d3715bf9e225e227d6ff3e9adb565639 27472 libgksu_2.0.13~pre1-1ubuntu4.2.diff.gz Files: 4845c814e567483c38ae05c9520da438 2297 admin optional libgksu_2.0.13~pre1-1ubuntu4.2.dsc 03fc65a7ad7ffd35f5ece3f043905a2a 27472 admin optional libgksu_2.0.13~pre1-1ubuntu4.2.diff.gz Original-Maintainer: Gustavo Noronha Silva From andreas at canonical.com Tue Sep 20 22:41:19 2011 From: andreas at canonical.com (Andreas Hasenack) Date: Tue, 20 Sep 2011 22:41:19 -0000 Subject: [ubuntu/lucid-proposed] smart 1.2-5ubuntu0.2 (Accepted) Message-ID: <20110920224119.28678.12527.launchpad@gac.canonical.com> smart (1.2-5ubuntu0.2) lucid-proposed; urgency=low * Handle authentication errors when using pycurl, giving a meaningful error message. (LP: #244453) Date: Wed, 07 Sep 2011 11:12:42 -0300 Changed-By: Andreas Hasenack Maintainer: Ubuntu Developers Signed-By: Chuck Short https://launchpad.net/ubuntu/lucid/+source/smart/1.2-5ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Sep 2011 11:12:42 -0300 Source: smart Binary: smartpm smartpm-core python-smartpm Architecture: source Version: 1.2-5ubuntu0.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Andreas Hasenack Description: python-smartpm - Python library of the Smart Package Manager smartpm - An alternative package manager that works with dpkg/rpm smartpm-core - An alternative package manager that works with dpkg/rpm Launchpad-Bugs-Fixed: 244453 Changes: smart (1.2-5ubuntu0.2) lucid-proposed; urgency=low . * Handle authentication errors when using pycurl, giving a meaningful error message. (LP: #244453) Checksums-Sha1: 6e8a0e32900285c4269e30a3e085d07f333c4c73 1186 smart_1.2-5ubuntu0.2.dsc ccc190c7a654177f6fb7c15bf126069c9537f669 12321 smart_1.2-5ubuntu0.2.diff.gz Checksums-Sha256: 57ca2cc371047d86811659c585067edbb6953b8cddf414755d0d6ad3e31ec6d7 1186 smart_1.2-5ubuntu0.2.dsc 11133308ba887644f63fa4185572d8e86b1e7eb46f14ec40f804aca0bd8cfb54 12321 smart_1.2-5ubuntu0.2.diff.gz Files: 9eb7c04d6c9897f22571152bea074d63 1186 admin optional smart_1.2-5ubuntu0.2.dsc 6183bde381f5e150ec3824f0b70a3964 12321 admin optional smart_1.2-5ubuntu0.2.diff.gz Original-Maintainer: Michael Vogt From brian.thomason at canonical.com Wed Sep 21 19:20:19 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Wed, 21 Sep 2011 19:20:19 -0000 Subject: [ubuntu/lucid] adobe-flashplugin 10.3.183.10-0lucid1 (Accepted) Message-ID: <20110921192019.16058.10085.launchpad@cocoplum.canonical.com> adobe-flashplugin (10.3.183.10-0lucid1) lucid; urgency=low * New upstream release Date: Mon, 19 Sep 2011 19:28:17 -0400 Changed-By: Brian Thomason Maintainer: DL-Flash Player Ubuntu https://launchpad.net/ubuntu/lucid/+source/adobe-flashplugin/10.3.183.10-0lucid1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 19 Sep 2011 19:28:17 -0400 Source: adobe-flashplugin Binary: adobe-flashplugin adobe-flash-properties-gtk adobe-flash-properties-kde Architecture: source Version: 10.3.183.10-0lucid1 Distribution: lucid Urgency: low Maintainer: DL-Flash Player Ubuntu Changed-By: Brian Thomason Description: adobe-flash-properties-gtk - GTK+ control panel for Adobe Flash Player plugin version 10 adobe-flash-properties-kde - KDE control panel Adobe Flash Player plugin version 10 adobe-flashplugin - Adobe Flash Player plugin version 10 Changes: adobe-flashplugin (10.3.183.10-0lucid1) lucid; urgency=low . * New upstream release Checksums-Sha1: b810113aefdb07b192fe750265d773c9158a8a27 1255 adobe-flashplugin_10.3.183.10-0lucid1.dsc 4e756abfc60aaa255162d52ab829196d35e298e1 5524172 adobe-flashplugin_10.3.183.10.orig.tar.gz 5458453b594bae0a4244f1b82f93a16d5a8a35ec 251 adobe-flashplugin_10.3.183.10-0lucid1.diff.gz Checksums-Sha256: 4eaea1344dbb219f8836172cfa95610fab0f1c721b7c6af1b995150b6e13bcd1 1255 adobe-flashplugin_10.3.183.10-0lucid1.dsc e1cf707796f2d42bec0e076bebde2ac3c9e266d4fa46f327820f228cd9771935 5524172 adobe-flashplugin_10.3.183.10.orig.tar.gz e8e3a8488b4f93ee1589dc0c6436e572ab34a5095d3ef2261c8764e97a415fe0 251 adobe-flashplugin_10.3.183.10-0lucid1.diff.gz Files: ba997681ba6754f578102d3e72423fd6 1255 partner/web optional adobe-flashplugin_10.3.183.10-0lucid1.dsc 9c6de8bcc7fc4d43a5099530bea1747d 5524172 partner/web optional adobe-flashplugin_10.3.183.10.orig.tar.gz d92eda44a1afc3afdaf4525354b5ec10 251 partner/web optional adobe-flashplugin_10.3.183.10-0lucid1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk532NAACgkQOb4zNfJqN5fE3QCfQ7PU+PBPTCTJ2whntf9PnOND K1IAoIutt+8L7yYdlqXJRXMOM3+E4YMT =3z+Y -----END PGP SIGNATURE----- From marc.deslauriers at ubuntu.com Wed Sep 21 22:03:39 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 21 Sep 2011 22:03:39 -0000 Subject: [ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1_i386_translations.tar.gz, flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1_amd64_translations.tar.gz 10.3.183.10ubuntu0.10.04.1 (Accepted) Message-ID: <20110921220339.28322.54765.launchpad@cocoplum.canonical.com> flashplugin-nonfree (10.3.183.10ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release 10.3.183.10 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-2426 - CVE-2011-2427 - CVE-2011-2428 - CVE-2011-2429 - CVE-2011-2430 - CVE-2011-2444 Date: Wed, 21 Sep 2011 15:54:41 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/10.3.183.10ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Sep 2011 15:54:41 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.3.183.10ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.3.183.10ubuntu0.10.04.1) lucid-security; urgency=low . * New upstream release 10.3.183.10 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-2426 - CVE-2011-2427 - CVE-2011-2428 - CVE-2011-2429 - CVE-2011-2430 - CVE-2011-2444 Checksums-Sha1: fa99c71995241a7e6939543ac7db25fd3afed90d 1639 flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1.dsc 81910ecae174a3d1a42c740c3e6696398747faa2 27314 flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1.tar.gz Checksums-Sha256: 0eed7893770b8415277153f341cb477efbebaed8af38705e41f8c1e215a2430e 1639 flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1.dsc 7606ea2289d99a0d0a1e3824efe44f78d571582f6105aaba9d6a5e114c9b8dc2 27314 flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1.tar.gz Files: 2b688af7ffff9efe4c2dafb2610a9f5a 1639 contrib/web optional flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1.dsc 15de5022aab87f0547bd9917a672ba76 27314 contrib/web optional flashplugin-nonfree_10.3.183.10ubuntu0.10.04.1.tar.gz Original-Maintainer: Bart Martens From mterry at ubuntu.com Thu Sep 22 04:53:56 2011 From: mterry at ubuntu.com (Michael Terry) Date: Thu, 22 Sep 2011 04:53:56 -0000 Subject: [ubuntu/lucid-proposed] gnome-power-manager 2.30.0-0ubuntu1.1 (Accepted) Message-ID: <20110922045356.28553.27123.launchpad@wampee.canonical.com> gnome-power-manager (2.30.0-0ubuntu1.1) lucid-proposed; urgency=low * debian/patches/13-lock-on-blank.patch: - When we blank due to a timeout, make sure to lock (in case we've blanked before the screensaver is active). LP: #620693 Date: Wed, 21 Sep 2011 15:28:15 -0400 Changed-By: Michael Terry Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/gnome-power-manager/2.30.0-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Sep 2011 15:28:15 -0400 Source: gnome-power-manager Binary: gnome-power-manager Architecture: source Version: 2.30.0-0ubuntu1.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Michael Terry Description: gnome-power-manager - power management tool for the GNOME desktop Launchpad-Bugs-Fixed: 620693 Changes: gnome-power-manager (2.30.0-0ubuntu1.1) lucid-proposed; urgency=low . * debian/patches/13-lock-on-blank.patch: - When we blank due to a timeout, make sure to lock (in case we've blanked before the screensaver is active). LP: #620693 Checksums-Sha1: 6649b9eeb0edc03a1f3f8b60c645a05da9c001c0 1988 gnome-power-manager_2.30.0-0ubuntu1.1.dsc cb7f30316e70a344900eb683f34d9c651e017935 43598 gnome-power-manager_2.30.0-0ubuntu1.1.diff.gz Checksums-Sha256: dbc6024cde1e5323b7828db1c534750fa3c6233eb8f96279542f49ccb16ff08f 1988 gnome-power-manager_2.30.0-0ubuntu1.1.dsc ee50eda708c08254953256468ef5183acca33deef6511d7061b46e938ae6fd3b 43598 gnome-power-manager_2.30.0-0ubuntu1.1.diff.gz Files: 87564b97d1d12200550f27f8b0359774 1988 gnome optional gnome-power-manager_2.30.0-0ubuntu1.1.dsc ba265dea691760182e0db9ad0996ab3e 43598 gnome optional gnome-power-manager_2.30.0-0ubuntu1.1.diff.gz Original-Maintainer: Debian GNOME Maintainers Original-Uploaders: Debian GNOME Maintainers From serge.hallyn at ubuntu.com Thu Sep 22 04:54:52 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Thu, 22 Sep 2011 04:54:52 -0000 Subject: [ubuntu/lucid-proposed] seabios 0.5.1-0ubuntu2.1 (Accepted) Message-ID: <20110922045452.29459.38947.launchpad@wampee.canonical.com> seabios (0.5.1-0ubuntu2.1) lucid-proposed; urgency=low * Pull in 0001-fix-PkgLength-calculation-for-the-SSDT.patch, found by Nigel Jones, to fix windows smp boots.(LP: #589063) Date: Fri, 16 Sep 2011 14:09:37 -0500 Changed-By: Serge Hallyn Maintainer: Dustin Kirkland https://launchpad.net/ubuntu/lucid/+source/seabios/0.5.1-0ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Sep 2011 14:09:37 -0500 Source: seabios Binary: seabios Architecture: source Version: 0.5.1-0ubuntu2.1 Distribution: lucid-proposed Urgency: low Maintainer: Dustin Kirkland Changed-By: Serge Hallyn Description: seabios - legacy BIOS implementation which can be used as a coreboot payloa Launchpad-Bugs-Fixed: 589063 Changes: seabios (0.5.1-0ubuntu2.1) lucid-proposed; urgency=low . * Pull in 0001-fix-PkgLength-calculation-for-the-SSDT.patch, found by Nigel Jones, to fix windows smp boots.(LP: #589063) Checksums-Sha1: f0c57ecaba10462272f0bc898576de762c7d63f3 1342 seabios_0.5.1-0ubuntu2.1.dsc 38165ffd6b73fdb01f3de7eef8a54dfd6ae9c51f 229903 seabios_0.5.1.orig.tar.gz 95fe0e7f4443c60e9184b5c42cfe3ef8f3334d61 2730 seabios_0.5.1-0ubuntu2.1.debian.tar.gz Checksums-Sha256: 8dbe57fa8f25334cc690a7e4f109f91adc75bb18a8f8b6fa0f29968ebf30032b 1342 seabios_0.5.1-0ubuntu2.1.dsc eec81b9e2af9a8311437465aa9b15962e21ad747ae43e7878b21230f5f58c3c7 229903 seabios_0.5.1.orig.tar.gz cfab9e37f596239b01899dafca3976c56b024c5014c58ca87d9a1942fff463cf 2730 seabios_0.5.1-0ubuntu2.1.debian.tar.gz Files: defe7a373a303eedb2339578d9721388 1342 misc optional seabios_0.5.1-0ubuntu2.1.dsc f62dfb05200141ea71ff69e794078744 229903 misc optional seabios_0.5.1.orig.tar.gz 7b2af719900345eefcb053e68a2ee641 2730 misc optional seabios_0.5.1-0ubuntu2.1.debian.tar.gz From marc.deslauriers at ubuntu.com Thu Sep 22 15:10:09 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 22 Sep 2011 15:10:09 -0000 Subject: [ubuntu/lucid-security] gimp_2.6.8-2ubuntu1.4_ia64_translations.tar.gz, gimp_2.6.8-2ubuntu1.4_sparc_translations.tar.gz, gimp_2.6.8-2ubuntu1.4_amd64_translations.tar.gz, gimp_2.6.8-2ubuntu1.4_powerpc_translations.tar.gz, gimp_2.6.8-2ubuntu1.4_i386_translations.tar.gz, gimp_2.6.8-2ubuntu1.4_armel_translations.tar.gz, gimp 2.6.8-2ubuntu1.4 (Accepted) Message-ID: <20110922151009.31490.87994.launchpad@cocoplum.canonical.com> gimp (2.6.8-2ubuntu1.4) lucid-security; urgency=low * SECURITY UPDATE: possible arbitrary code execution via malformed GIF - debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in plug-ins/common/file-gif-load.c. - CVE-2011-2896 Date: Wed, 21 Sep 2011 11:42:59 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/lucid/+source/gimp/2.6.8-2ubuntu1.4 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Sep 2011 11:42:59 -0400 Source: gimp Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg Architecture: source Version: 2.6.8-2ubuntu1.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Marc Deslauriers Description: gimp - The GNU Image Manipulation Program gimp-data - Data files for GIMP gimp-dbg - Debugging symbols for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Changes: gimp (2.6.8-2ubuntu1.4) lucid-security; urgency=low . * SECURITY UPDATE: possible arbitrary code execution via malformed GIF - debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in plug-ins/common/file-gif-load.c. - CVE-2011-2896 Checksums-Sha1: 90bfcd4fdb346b823bb07c813d8eb559c02073ad 2783 gimp_2.6.8-2ubuntu1.4.dsc 7d7300187636eff79fd20fd769dbdee3134f200e 46846 gimp_2.6.8-2ubuntu1.4.debian.tar.gz Checksums-Sha256: cba09da7729f6294aafdd5a69675c81bf901d84e675073707d76c3bd4dbd7f17 2783 gimp_2.6.8-2ubuntu1.4.dsc 39acc89e5ddeef71b859aee89dbec8f66546052aa493d3e5c80a6efc06472920 46846 gimp_2.6.8-2ubuntu1.4.debian.tar.gz Files: a4d2d45b0633a16fc8afc22f17e19fe0 2783 graphics optional gimp_2.6.8-2ubuntu1.4.dsc d39959849276979f2bab64c9149818ae 46846 graphics optional gimp_2.6.8-2ubuntu1.4.debian.tar.gz Original-Maintainer: Ari Pollak From marc.deslauriers at ubuntu.com Thu Sep 22 18:06:47 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 22 Sep 2011 18:06:47 -0000 Subject: [ubuntu/lucid-security] apt_0.7.25.3ubuntu9.7_armel_translations.tar.gz, apt_0.7.25.3ubuntu9.7_powerpc_translations.tar.gz, apt_0.7.25.3ubuntu9.7_amd64_translations.tar.gz, apt_0.7.25.3ubuntu9.7_sparc_translations.tar.gz, apt, apt_0.7.25.3ubuntu9.7_ia64_translations.tar.gz, apt_0.7.25.3ubuntu9.7_i386_translations.tar.gz 0.7.25.3ubuntu9.7 (Accepted) Message-ID: <20110922180647.24284.60985.launchpad@cocoplum.canonical.com> apt (0.7.25.3ubuntu9.7) lucid-security; urgency=low * SECURITY UPDATE: Disable apt-key net-update for now, as validation code is insecure. (LP: #856489) - cmdline/apt-key: exit immediately out of net_update(). - CVE number pending Date: Thu, 22 Sep 2011 11:24:50 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/apt/0.7.25.3ubuntu9.7 -------------- next part -------------- Format: 1.8 Date: Thu, 22 Sep 2011 11:24:50 -0400 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 0.7.25.3ubuntu9.7 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Launchpad-Bugs-Fixed: 856489 Changes: apt (0.7.25.3ubuntu9.7) lucid-security; urgency=low . * SECURITY UPDATE: Disable apt-key net-update for now, as validation code is insecure. (LP: #856489) - cmdline/apt-key: exit immediately out of net_update(). - CVE number pending Checksums-Sha1: 2963a57744ac692564790d9e2e6f8306fd7377b6 1994 apt_0.7.25.3ubuntu9.7.dsc 93b7eaf4e7a508ad1deac171c2e943f32c7d1f9b 2744357 apt_0.7.25.3ubuntu9.7.tar.gz Checksums-Sha256: c3b80107a382096ddfb2a9b272f42c9b1b18a161094cfd8b633d53598eabf433 1994 apt_0.7.25.3ubuntu9.7.dsc 65f9d87d547f46815c16666372556cb0d89a53ccf202805b775e5bdd86e7dd0b 2744357 apt_0.7.25.3ubuntu9.7.tar.gz Files: 87e263ffcc4e4f27868079725b70e165 1994 admin important apt_0.7.25.3ubuntu9.7.dsc bdf4d8eaa9b3f9f0b9dcf5953cab20cb 2744357 admin important apt_0.7.25.3ubuntu9.7.tar.gz Original-Maintainer: APT Development Team From cjwatson at ubuntu.com Mon Sep 26 15:48:15 2011 From: cjwatson at ubuntu.com (Colin Watson) Date: Mon, 26 Sep 2011 15:48:15 -0000 Subject: [ubuntu/lucid-proposed] grub 0.97-29ubuntu60.10.04.1 (Accepted) Message-ID: <20110926154815.19116.30966.launchpad@wampee.canonical.com> grub (0.97-29ubuntu60.10.04.1) lucid-proposed; urgency=low * Backport from Debian 0.97-39 (LP: #720558): - Support for Xen style xvd[a-z] devices. Thanks Ian Campbell. (Closes: #456776) * Don't use UUIDs for expressing xvd* devices as GRUB drives, as PV-GRUB can't handle it. Date: Fri, 23 Sep 2011 21:58:06 +0100 Changed-By: Colin Watson Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/lucid/+source/grub/0.97-29ubuntu60.10.04.1 -------------- next part -------------- Format: 1.8 Date: Fri, 23 Sep 2011 21:58:06 +0100 Source: grub Binary: grub grub-disk grub-doc grub-legacy-doc multiboot-doc Architecture: source Version: 0.97-29ubuntu60.10.04.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Colin Watson Description: grub - GRand Unified Bootloader (Legacy version) grub-disk - GRUB bootable disk image (dummy package) grub-doc - Documentation for GRand Unified Bootloader (dummy package) grub-legacy-doc - Documentation for GRUB Legacy multiboot-doc - The Multiboot specification Closes: 456776 Launchpad-Bugs-Fixed: 720558 Changes: grub (0.97-29ubuntu60.10.04.1) lucid-proposed; urgency=low . * Backport from Debian 0.97-39 (LP: #720558): - Support for Xen style xvd[a-z] devices. Thanks Ian Campbell. (Closes: #456776) * Don't use UUIDs for expressing xvd* devices as GRUB drives, as PV-GRUB can't handle it. Checksums-Sha1: a10490434ae3981a4b9bedb31a5510aba1a9e9aa 2267 grub_0.97-29ubuntu60.10.04.1.dsc ff444c513385cd6609ff0067f0493e02629d4b15 148450 grub_0.97-29ubuntu60.10.04.1.diff.gz Checksums-Sha256: ccca236a18e1247d08d7ad4bccd583fc6c205ba8f1c6e23f4b4f99917d775381 2267 grub_0.97-29ubuntu60.10.04.1.dsc 04e72a31cad9c7ddc63d04fce0dbef75e9d4998ee663247efc6175bbb0814121 148450 grub_0.97-29ubuntu60.10.04.1.diff.gz Files: 45801a1a4a7a16222ae1d9e00e3f3bc2 2267 admin optional grub_0.97-29ubuntu60.10.04.1.dsc f25d675596e283bcb9c87387a8f58e9e 148450 admin optional grub_0.97-29ubuntu60.10.04.1.diff.gz Original-Maintainer: Grub Maintainers From jamie at ubuntu.com Thu Sep 29 02:03:48 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 29 Sep 2011 02:03:48 -0000 Subject: [ubuntu/lucid-security] puppet 0.25.4-2ubuntu6.2 (Accepted) Message-ID: <20110929020348.9048.53690.launchpad@cocoplum.canonical.com> puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low * SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master (LP: #861182) - update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. Patch from upstream (Daniel Pittman ) 6e5a821cbf94b220dfc021ff7ebad0831c60e207 - CVE-2011-3848 - LP: #861182 Date: Wed, 28 Sep 2011 08:30:14 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/puppet/0.25.4-2ubuntu6.2 -------------- next part -------------- Format: 1.8 Date: Wed, 28 Sep 2011 08:30:14 -0500 Source: puppet Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source Version: 0.25.4-2ubuntu6.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: puppet - centralised configuration management for networks puppet-common - common files for puppet and puppetmaster puppet-el - Emacs syntax highlighting for puppet manifests puppet-testsuite - centralized configuration management control for networks puppetmaster - centralised configuration management control daemon vim-puppet - Vim syntax highlighting for puppet manifests Launchpad-Bugs-Fixed: 861182 861182 Changes: puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low . * SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master (LP: #861182) - update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. Patch from upstream (Daniel Pittman ) 6e5a821cbf94b220dfc021ff7ebad0831c60e207 - CVE-2011-3848 - LP: #861182 Checksums-Sha1: 1c357bb66d88abb61e6fa12f608ef64f928e6921 2209 puppet_0.25.4-2ubuntu6.2.dsc a0e015d48a18380d4d7b932ce80d5f0b06f90bb8 42860 puppet_0.25.4-2ubuntu6.2.diff.gz Checksums-Sha256: b1bbd9e8873990376347db3266d9f39082c206cacfb9cdb520f50087c080058b 2209 puppet_0.25.4-2ubuntu6.2.dsc bd869516941eb8b2ee304d1bb241d453ae7875f131d06f79100c8bb77a405342 42860 puppet_0.25.4-2ubuntu6.2.diff.gz Files: 43b62d8de44afbf9d6e0a6fb559dafda 2209 admin optional puppet_0.25.4-2ubuntu6.2.dsc 5ffa201a78e590cb57835cba3f4662e7 42860 admin optional puppet_0.25.4-2ubuntu6.2.diff.gz Original-Maintainer: Puppet Package Maintainers From tyhicks at canonical.com Thu Sep 29 22:04:03 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Thu, 29 Sep 2011 22:04:03 -0000 Subject: [ubuntu/lucid-security] mutt_1.5.20-7ubuntu1.1_ia64_translations.tar.gz, mutt_1.5.20-7ubuntu1.1_i386_translations.tar.gz, mutt_1.5.20-7ubuntu1.1_amd64_translations.tar.gz, mutt_1.5.20-7ubuntu1.1_armel_translations.tar.gz, mutt, mutt_1.5.20-7ubuntu1.1_powerpc_translations.tar.gz, mutt_1.5.20-7ubuntu1.1_sparc_translations.tar.gz 1.5.20-7ubuntu1.1 (Accepted) Message-ID: <20110929220403.22400.51987.launchpad@cocoplum.canonical.com> mutt (1.5.20-7ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: Failure to verify that a server's hostname matches the Common Name listed in a certificate when setting up a TLS connection. - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate. - CVE-2011-1429 Date: Thu, 22 Sep 2011 00:59:35 -0500 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/mutt/1.5.20-7ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Thu, 22 Sep 2011 00:59:35 -0500 Source: mutt Binary: mutt mutt-patched mutt-dbg Architecture: source Version: 1.5.20-7ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: mutt - text-based mailreader supporting MIME, GPG, PGP and threading mutt-dbg - debugging symbols for mutt mutt-patched - the Mutt Mail User Agent with extra patches Changes: mutt (1.5.20-7ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: Failure to verify that a server's hostname matches the Common Name listed in a certificate when setting up a TLS connection. - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate. - CVE-2011-1429 Checksums-Sha1: aac87913068cfba0dd9084000b153f4b7c596de5 2136 mutt_1.5.20-7ubuntu1.1.dsc 6f11857744c650cd40d3781a1c503095af834fbb 163135 mutt_1.5.20-7ubuntu1.1.diff.gz Checksums-Sha256: 70d4a6b74058a319cf87a4ff403910f685a3bb8b55dfbf64f9e81770259de32b 2136 mutt_1.5.20-7ubuntu1.1.dsc 5f9e5c7065d2dd92e42a4b2fe6e85a330d7c5551baff79d7aba716e7f0060b46 163135 mutt_1.5.20-7ubuntu1.1.diff.gz Files: 423c251e1e286c59e8ad5ebd3dca666f 2136 mail standard mutt_1.5.20-7ubuntu1.1.dsc 11c0db6effa8a51944a90a262bd03eda 163135 mail standard mutt_1.5.20-7ubuntu1.1.diff.gz Original-Maintainer: Christoph Berg From john.lenton at canonical.com Fri Sep 30 21:40:03 2011 From: john.lenton at canonical.com (John Lenton) Date: Fri, 30 Sep 2011 21:40:03 -0000 Subject: [ubuntu/lucid-proposed] desktopcouch 0.6.4-0ubuntu3.3 (Accepted) Message-ID: <20110930214003.24843.84518.launchpad@soybean.canonical.com> desktopcouch (0.6.4-0ubuntu3.3) lucid-proposed; urgency=low * Preserve Ubuntu One service through longer replication period, 10 minutes changed to 60 minutes. (LP: #834857) Date: Wed, 28 Sep 2011 07:40:03 +0200 Changed-By: John Lenton Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/desktopcouch/0.6.4-0ubuntu3.3 -------------- next part -------------- Format: 1.8 Date: Wed, 28 Sep 2011 07:40:03 +0200 Source: desktopcouch Binary: desktopcouch desktopcouch-tools python-desktopcouch python-desktopcouch-records Architecture: source Version: 0.6.4-0ubuntu3.3 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: John Lenton Description: desktopcouch - A Desktop CouchDB instance desktopcouch-tools - Desktop CouchDB tools python-desktopcouch - Python Desktop CouchDB python-desktopcouch-records - Desktop CouchDB Records API Launchpad-Bugs-Fixed: 834857 Changes: desktopcouch (0.6.4-0ubuntu3.3) lucid-proposed; urgency=low . * Preserve Ubuntu One service through longer replication period, 10 minutes changed to 60 minutes. (LP: #834857) Checksums-Sha1: bfd282347f3a3183cadbe9fdebb8d5514681a365 2118 desktopcouch_0.6.4-0ubuntu3.3.dsc d2a987c924dd610a4a1559d18e19409cb2bf8c25 11287 desktopcouch_0.6.4-0ubuntu3.3.diff.gz Checksums-Sha256: c2ba41ae84f2e558ccdd60901f81b3e1348c049484d832a448065ba236b53c08 2118 desktopcouch_0.6.4-0ubuntu3.3.dsc c2e54d46b6b18e018c43367a6a624e6c0fef52430d3cf8a42a0a72cb392312d7 11287 desktopcouch_0.6.4-0ubuntu3.3.diff.gz Files: 6ce3620545844c1789fafccc17a5fae1 2118 python optional desktopcouch_0.6.4-0ubuntu3.3.dsc 8d4db19226fc3d8c6ebd581a5cce14dd 11287 python optional desktopcouch_0.6.4-0ubuntu3.3.diff.gz From jamie at ubuntu.com Fri Sep 30 23:03:31 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 30 Sep 2011 23:03:31 -0000 Subject: [ubuntu/lucid-security] puppet 0.25.4-2ubuntu6.3 (Accepted) Message-ID: <20110930230331.10804.79502.launchpad@cocoplum.canonical.com> puppet (0.25.4-2ubuntu6.3) lucid-security; urgency=low * SECURITY UPDATE: k5login can overwrite arbitrary files as root - adjust type/k5login.rb to securely open the file before writing to it as root. Patch from upstream: a4333c110ad084f205605708eaab52ad243d6c86 - CVE-2011-3869 * SECURITY UPDATE: didn't drop privileges before creating and changing permissions on SSH keys - adjust ssh_authorized_key/parsed.rb to drop privileges before creating the ssh directory and setting permissions. Patches based on upstream: ce233aa2a511bf6818f28c226144ec5b05a468ee (required for security fix) e2c1cd5c957a236f89b9e8cb7b4e4f8769079e8c (security fix) 8d9575775737c08c6cbfdf7f9a22f2ea4ab21b20 (backported rspec test case) 0aae5a71a8e3b38cd8d7041f5c40091887c924a8 (fix test when run as root) - CVE-2011-3870 * SECURITY UPDATE: fix predictable temporary filename in ralsh - adjust application/resource.rb to use an unpredictable filename. Patch from upstream: 21b7192320dbb79a8cfe1fd3e06d0d399c964c0f - CVE-2011-3871 Date: Fri, 30 Sep 2011 09:18:51 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/puppet/0.25.4-2ubuntu6.3 -------------- next part -------------- Format: 1.8 Date: Fri, 30 Sep 2011 09:18:51 -0500 Source: puppet Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source Version: 0.25.4-2ubuntu6.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: puppet - centralised configuration management for networks puppet-common - common files for puppet and puppetmaster puppet-el - Emacs syntax highlighting for puppet manifests puppet-testsuite - centralized configuration management control for networks puppetmaster - centralised configuration management control daemon vim-puppet - Vim syntax highlighting for puppet manifests Changes: puppet (0.25.4-2ubuntu6.3) lucid-security; urgency=low . * SECURITY UPDATE: k5login can overwrite arbitrary files as root - adjust type/k5login.rb to securely open the file before writing to it as root. Patch from upstream: a4333c110ad084f205605708eaab52ad243d6c86 - CVE-2011-3869 * SECURITY UPDATE: didn't drop privileges before creating and changing permissions on SSH keys - adjust ssh_authorized_key/parsed.rb to drop privileges before creating the ssh directory and setting permissions. Patches based on upstream: ce233aa2a511bf6818f28c226144ec5b05a468ee (required for security fix) e2c1cd5c957a236f89b9e8cb7b4e4f8769079e8c (security fix) 8d9575775737c08c6cbfdf7f9a22f2ea4ab21b20 (backported rspec test case) 0aae5a71a8e3b38cd8d7041f5c40091887c924a8 (fix test when run as root) - CVE-2011-3870 * SECURITY UPDATE: fix predictable temporary filename in ralsh - adjust application/resource.rb to use an unpredictable filename. Patch from upstream: 21b7192320dbb79a8cfe1fd3e06d0d399c964c0f - CVE-2011-3871 Checksums-Sha1: 539d856528a175a612c5760c136c0ab0be834785 2209 puppet_0.25.4-2ubuntu6.3.dsc 7ca2c416390357ddf646a319d7904708b4c1f88b 45224 puppet_0.25.4-2ubuntu6.3.diff.gz Checksums-Sha256: 5dd176d615ca6eeab100bd2d8260b73dc880dc4f5566461769073ef878f19d40 2209 puppet_0.25.4-2ubuntu6.3.dsc 35aa7dcc566ea5de82801f35f4be0108644edae4b4fe9c0ab726130acb0ed67e 45224 puppet_0.25.4-2ubuntu6.3.diff.gz Files: f260404c34d57a0c1c1c0c2b9d1d4aee 2209 admin optional puppet_0.25.4-2ubuntu6.3.dsc c9723aa14a1cf5734f26d49596f312bb 45224 admin optional puppet_0.25.4-2ubuntu6.3.diff.gz Original-Maintainer: Puppet Package Maintainers