From cjwatson at ubuntu.com Fri Feb 3 08:58:34 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Fri, 03 Feb 2012 08:58:34 -0000 Subject: [ubuntu/lucid-proposed] debian-installer 20081029ubuntu102.14 (Accepted) Message-ID: <20120203085834.13647.43456.launchpad@chaenomeles.canonical.com> debian-installer (20081029ubuntu102.14) lucid-proposed; urgency=low * Rebuild against current lts-backport-oneiric kernel. * Move Dove images to 2.6.32-219 kernels. Date: Mon, 30 Jan 2012 17:41:07 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/lucid/+source/debian-installer/20081029ubuntu102.14 -------------- next part -------------- Format: 1.8 Date: Mon, 30 Jan 2012 17:41:07 +0000 Source: debian-installer Binary: debian-installer Architecture: source Version: 20081029ubuntu102.14 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: debian-installer - Debian installer Changes: debian-installer (20081029ubuntu102.14) lucid-proposed; urgency=low . * Rebuild against current lts-backport-oneiric kernel. * Move Dove images to 2.6.32-219 kernels. Checksums-Sha1: 46bf8c5a94ab89ef7b58134cae8b169c71a25768 3446 debian-installer_20081029ubuntu102.14.dsc dfbbdf06c6dd9d74549387fc8fbd3cab4eec2a70 1800211 debian-installer_20081029ubuntu102.14.tar.gz Checksums-Sha256: 9e20878866249dec55905dc5c1a7c38d7a1d954974618e620d1a12f5296626f9 3446 debian-installer_20081029ubuntu102.14.dsc d6c6f84684bf34d650c9b0aeef7919cd36ba04d26b05e4fcd0e5c07148749670 1800211 debian-installer_20081029ubuntu102.14.tar.gz Files: 8ee62ecf724065a2e6a1ecd8cd74711b 3446 devel optional debian-installer_20081029ubuntu102.14.dsc 20cdb2a5b7ae5a4224af374fdc075ab6 1800211 devel optional debian-installer_20081029ubuntu102.14.tar.gz Original-Maintainer: Debian Install System Team From cjwatson at ubuntu.com Fri Feb 3 08:58:56 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Fri, 03 Feb 2012 08:58:56 -0000 Subject: [ubuntu/lucid-proposed] base-files 5.0.0ubuntu20.10.04.5 (Accepted) Message-ID: <20120203085856.13755.58014.launchpad@chaenomeles.canonical.com> base-files (5.0.0ubuntu20.10.04.5) lucid-proposed; urgency=low * /etc/lsb-release, /etc/issue, /etc/issue.net: Bump version number to 10.04.4 in preparation for the point release. Date: Mon, 30 Jan 2012 17:30:35 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/base-files/5.0.0ubuntu20.10.04.5 -------------- next part -------------- Format: 1.8 Date: Mon, 30 Jan 2012 17:30:35 +0000 Source: base-files Binary: base-files lsb-release-udeb Architecture: source Version: 5.0.0ubuntu20.10.04.5 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Colin Watson Description: base-files - Debian base system miscellaneous files lsb-release-udeb - LSB release information Changes: base-files (5.0.0ubuntu20.10.04.5) lucid-proposed; urgency=low . * /etc/lsb-release, /etc/issue, /etc/issue.net: Bump version number to 10.04.4 in preparation for the point release. Checksums-Sha1: 2ff4a7817697946f2a4ed8d769aceb4ca530b75f 1629 base-files_5.0.0ubuntu20.10.04.5.dsc 836c45f28f80b475f9ad5206daf235f4ea5f7e24 81467 base-files_5.0.0ubuntu20.10.04.5.tar.gz Checksums-Sha256: 8ccf0b5740e19fe3a6b84414f52526a63851c8caf90ecc3b1f77603214277457 1629 base-files_5.0.0ubuntu20.10.04.5.dsc fd88595019c761948826b27f906db514c399a34035d84bffce6b9356064b51cf 81467 base-files_5.0.0ubuntu20.10.04.5.tar.gz Files: 617be79ed259e111c93af30054ab942e 1629 admin required base-files_5.0.0ubuntu20.10.04.5.dsc 4187b98a02380958acec1f662bfd5aed 81467 admin required base-files_5.0.0ubuntu20.10.04.5.tar.gz Original-Maintainer: Santiago Vila From cjwatson at ubuntu.com Fri Feb 3 08:59:33 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Fri, 03 Feb 2012 08:59:33 -0000 Subject: [ubuntu/lucid-proposed] apt 0.7.25.3ubuntu9.10 (Accepted) Message-ID: <20120203085933.8746.4102.launchpad@gac.canonical.com> apt (0.7.25.3ubuntu9.10) lucid-proposed; urgency=low * apt-pkg/algorithms.cc: Iterate Breaks the same way as Conflicts, so that we resolve virtual package Breaks more effectively (LP: #922485). * apt-pkg/algorithms.{cc,h}: Use an int to represent resolver scores, not a signed short, because large upgrades can result in an overflow for core packages (LP: #917173). Date: Mon, 30 Jan 2012 13:35:04 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/apt/0.7.25.3ubuntu9.10 -------------- next part -------------- Format: 1.8 Date: Mon, 30 Jan 2012 13:35:04 +0000 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 0.7.25.3ubuntu9.10 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Colin Watson Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Launchpad-Bugs-Fixed: 917173 922485 Changes: apt (0.7.25.3ubuntu9.10) lucid-proposed; urgency=low . * apt-pkg/algorithms.cc: Iterate Breaks the same way as Conflicts, so that we resolve virtual package Breaks more effectively (LP: #922485). * apt-pkg/algorithms.{cc,h}: Use an int to represent resolver scores, not a signed short, because large upgrades can result in an overflow for core packages (LP: #917173). Checksums-Sha1: e6ff914069bd07081cadb70ebb358550b5e34158 2266 apt_0.7.25.3ubuntu9.10.dsc c0acea3a09c1b8c261cd9d02ea92260fde1b5385 2786924 apt_0.7.25.3ubuntu9.10.tar.gz Checksums-Sha256: 74f48948313bcad98ddd8a9a980c6febdc5b2360090c1201fb3aedb331d428c4 2266 apt_0.7.25.3ubuntu9.10.dsc 915a7cf70975450e17cd54f68b68014f8d768ed82f85434128ca293e9f37dfb2 2786924 apt_0.7.25.3ubuntu9.10.tar.gz Files: 896fef5d93e4b13a4a85297d8d922cb7 2266 admin important apt_0.7.25.3ubuntu9.10.dsc 3092f7209b796ff5ea0c1e628552aaaf 2786924 admin important apt_0.7.25.3ubuntu9.10.tar.gz Original-Maintainer: APT Development Team From jamie at ubuntu.com Fri Feb 3 20:58:13 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 03 Feb 2012 20:58:13 -0000 Subject: [ubuntu/lucid-updates] mozvoikko 2.0.1-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120203205813.3793.89772.launchpad@ackee.canonical.com> mozvoikko (2.0.1-0ubuntu0.10.04.1) lucid-security; urgency=low * Update to the 2.0 rewrite - Now uses js-ctypes (yay, good riddance evil binary extension) - Fixes LP: #914706 - can't select any other spell-check language in Firefox with mozvoikko installed - see LP: #923319 for USN information * Drop firefox-dev, libvoikko-dev, pkg-config and lsb-release build-depends - update debian/control * Make xul-ext-mozvoikko Arch: all - update debian/control * Drop debian/patches/fix_sdk_build.patch * Drop debian/patches/port_to_latest_firefox.patch * Drop everything related to the old build system from debian/rules * Add patch to enable compatibility with libvoikko 2.2.2 in Lucid - add debian/patches/lucid_compat.patch - update debian/patches/series Date: 2012-01-29 14:40:40.287800+00:00 Changed-By: Chris Coulson Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/mozvoikko/2.0.1-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Fri Feb 3 20:58:15 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 03 Feb 2012 20:58:15 -0000 Subject: [ubuntu/lucid-security] mozvoikko 2.0.1-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120203205815.3793.60241.launchpad@ackee.canonical.com> mozvoikko (2.0.1-0ubuntu0.10.04.1) lucid-security; urgency=low * Update to the 2.0 rewrite - Now uses js-ctypes (yay, good riddance evil binary extension) - Fixes LP: #914706 - can't select any other spell-check language in Firefox with mozvoikko installed - see LP: #923319 for USN information * Drop firefox-dev, libvoikko-dev, pkg-config and lsb-release build-depends - update debian/control * Make xul-ext-mozvoikko Arch: all - update debian/control * Drop debian/patches/fix_sdk_build.patch * Drop debian/patches/port_to_latest_firefox.patch * Drop everything related to the old build system from debian/rules * Add patch to enable compatibility with libvoikko 2.2.2 in Lucid - add debian/patches/lucid_compat.patch - update debian/patches/series Date: 2012-01-29 14:40:40.287800+00:00 Changed-By: Chris Coulson Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/mozvoikko/2.0.1-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Fri Feb 3 20:59:48 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 03 Feb 2012 20:59:48 -0000 Subject: [ubuntu/lucid-updates] firefox 10.0+build1-0ubuntu0.10.04.2 (Accepted) Message-ID: <20120203205948.3793.10757.launchpad@ackee.canonical.com> firefox (10.0+build1-0ubuntu0.10.04.2) lucid-security; urgency=low * New upstream stable release (FIREFOX_10_0_BUILD1) - see LP: #923319 for USN information [ Chris Coulson ] * Update patches for PRBool -> bool transition - refresh debian/patches/firefox-kde.patch - refresh debian/patches/mozilla-kde.patch - refresh debian/patches/ubuntu-ua-string-changes.patch * Drop some more hanging IPC xpcshell tests - update debian/build/testsuite.mk * Remove prerm hook for cleaning up pyc files in the apport package-hooks folder. Nothing creates these - update debian/firefox.prerm.in * Set up alternatives in the postinst script on abort-remove too - update debian/firefox.postinst.in * Imporove maintainer script magic for removing obsolete conffiles when upgrading from 3.6, by doing what dpkg-maintscripts-helper does - update debian/firefox.postinst.in - update debian/firefox.postrm.in - update debian/firefox.preinst.in * Only run the Apparmor stuff in the postinst script on configure, and in the preinst script on install or upgrade, so it handles upgrade failures gracefully - update debian/firefox.postinst.in - update debian/firefox.preinst.in * Drop the Ubuntuzilla workarounds now - update debian/firefox.postinst.in * Refresh patches - update debian/patches/allow-lockPref-everywhere.patch - update debian/patches/ubuntu_bookmarks.patch * Turn off Network Manager integration for now, as it causes Firefox to always start in offline mode. In any case, probing Network Manager isn't the most reliable way to test if there is a connection - update debian/vendor.js * Update after landing of bmo: #701875 - Rename omni.jar to omni.ja - update debian/firefox.install.in * Disable the tests on powerpc, because it sucks too much to run them - update debian/rules * "Fix" LP: #897794 - some websites expect "X11" to be the first token of the platform component in the UA string - update debian/patches/ubuntu-ua-string-changes.patch * Defuzz ubuntu-codes-google.patch * Refresh shipped locales (adds Assamese and Kashubian) - refresh debian/config/locales.shipped - refresh debian/control * Update KDE patches for removal of nsCStringArray - update debian/firefox-kde.patch - update debian/mozilla-kde.patch * Backport changes to allow per-release/per-arch patches - add debian/build/enable-dist-patches.pl - update debian/rules * Fix LP: #908508 - Add patch from upstream to fix powerpc build failure. Only apply this patch on powerpc to avoid compromising the quality of the architectures that we care about - add debian/patches/fix-build-failure-without-yarr-jit2.patch - update debian/patches/series * Also make the previous powerpc build fix apply on ppc only - update debian/patches/series * Fix LP: #923461 - Broken Apparmor profile with Firefox 9.0.1 - update debian/usr.bin.firefox.apparmor.10.04 [ Micah Gersten ] * Rebase patches for PRBool -> bool transition (bmo: 675553) - update debian/patches/allow-lockPref-everywhere.patch - update debian/patches/mozilla-kde.patch * Drop patch after upstream landing of (bmo: 690432) aka Logging.h passes a string directly to printf - drop debian/patches/printf-fix.patch - update debian/patches/series [ Adam Conrad ] * Add missing build-dep on non-essential locales, since we use it. - update debian/control{,.in} Date: 2012-01-29 20:16:12.083160+00:00 Changed-By: Chris Coulson Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/firefox/10.0+build1-0ubuntu0.10.04.2 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Fri Feb 3 21:01:00 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 03 Feb 2012 21:01:00 -0000 Subject: [ubuntu/lucid-security] firefox 10.0+build1-0ubuntu0.10.04.2 (Accepted) Message-ID: <20120203210100.3793.6493.launchpad@ackee.canonical.com> firefox (10.0+build1-0ubuntu0.10.04.2) lucid-security; urgency=low * New upstream stable release (FIREFOX_10_0_BUILD1) - see LP: #923319 for USN information [ Chris Coulson ] * Update patches for PRBool -> bool transition - refresh debian/patches/firefox-kde.patch - refresh debian/patches/mozilla-kde.patch - refresh debian/patches/ubuntu-ua-string-changes.patch * Drop some more hanging IPC xpcshell tests - update debian/build/testsuite.mk * Remove prerm hook for cleaning up pyc files in the apport package-hooks folder. Nothing creates these - update debian/firefox.prerm.in * Set up alternatives in the postinst script on abort-remove too - update debian/firefox.postinst.in * Imporove maintainer script magic for removing obsolete conffiles when upgrading from 3.6, by doing what dpkg-maintscripts-helper does - update debian/firefox.postinst.in - update debian/firefox.postrm.in - update debian/firefox.preinst.in * Only run the Apparmor stuff in the postinst script on configure, and in the preinst script on install or upgrade, so it handles upgrade failures gracefully - update debian/firefox.postinst.in - update debian/firefox.preinst.in * Drop the Ubuntuzilla workarounds now - update debian/firefox.postinst.in * Refresh patches - update debian/patches/allow-lockPref-everywhere.patch - update debian/patches/ubuntu_bookmarks.patch * Turn off Network Manager integration for now, as it causes Firefox to always start in offline mode. In any case, probing Network Manager isn't the most reliable way to test if there is a connection - update debian/vendor.js * Update after landing of bmo: #701875 - Rename omni.jar to omni.ja - update debian/firefox.install.in * Disable the tests on powerpc, because it sucks too much to run them - update debian/rules * "Fix" LP: #897794 - some websites expect "X11" to be the first token of the platform component in the UA string - update debian/patches/ubuntu-ua-string-changes.patch * Defuzz ubuntu-codes-google.patch * Refresh shipped locales (adds Assamese and Kashubian) - refresh debian/config/locales.shipped - refresh debian/control * Update KDE patches for removal of nsCStringArray - update debian/firefox-kde.patch - update debian/mozilla-kde.patch * Backport changes to allow per-release/per-arch patches - add debian/build/enable-dist-patches.pl - update debian/rules * Fix LP: #908508 - Add patch from upstream to fix powerpc build failure. Only apply this patch on powerpc to avoid compromising the quality of the architectures that we care about - add debian/patches/fix-build-failure-without-yarr-jit2.patch - update debian/patches/series * Also make the previous powerpc build fix apply on ppc only - update debian/patches/series * Fix LP: #923461 - Broken Apparmor profile with Firefox 9.0.1 - update debian/usr.bin.firefox.apparmor.10.04 [ Micah Gersten ] * Rebase patches for PRBool -> bool transition (bmo: 675553) - update debian/patches/allow-lockPref-everywhere.patch - update debian/patches/mozilla-kde.patch * Drop patch after upstream landing of (bmo: 690432) aka Logging.h passes a string directly to printf - drop debian/patches/printf-fix.patch - update debian/patches/series [ Adam Conrad ] * Add missing build-dep on non-essential locales, since we use it. - update debian/control{,.in} firefox (9.0.1+build1-0ubuntu0.10.04.2) lucid-proposed; urgency=low [ Chris Coulson ] * Fix LP: #907666 - readd missing kubuntu-firefox-installer Replaces - update debian/control [ Micah Gersten ] * Fix LP: #917529 - Make sure new transitional packages have a versioned dependency on Firefox so as to not break Firefox during partial upgrades - update debian/control{,.in} firefox (9.0.1+build1-0ubuntu0.10.04.1) lucid-proposed; urgency=low * New upstream stable release (FIREFOX_9_0_1_BUILD1) (LP: #904594) firefox (9.0+build1-0ubuntu0.10.04.1) lucid-proposed; urgency=low * New upstream stable release (FIREFOX_9_0_BUILD1) [ Chris Coulson ] * Install the Apport hook as a source package hook - rename debian/apport/firefox.py.in => debian/apport/source_firefox.py.in - update debian/firefox.install.in - update debian/rules * Don't unconditionally overwrite SourcePackage when reporting bugs with the nightly apport hook - update debian/apport/source_firefox.py.in * Set "Channel = Unavailable" if channel-prefs.js doesn't contain a channel name - update debian/apport/source_firefox.py.in * Ensure that create-tarball can handle there not being a locale blacklist - update debian/build/create-tarball.py * Drop xpt.py and xpidl from $LIBDIR. xpidl is gone, and xpt.py isn't included there in the upstream SDK - update debian/firefox-dev.links.in * Fix LP: #901838 - Ugly busy pointer, due to libxcursor no longer matching the cursor bitmap to a nice themed pointer - add debian/patches/fix-cursor-handling.patch - update debian/patches/series * Don't disable our bundled addons on upgrade - update debian/vendor.js * Modify the UA string to add "Ubuntu" to the platform component - add debian/patches/ubuntu-ua-string-changes.patch - update debian/patches/series - update debian/rules * Move custom scripts to debian/build - move debian/get-xpi-id.py to debian/build/get-xpi-id.py - move debian/refresh-supported-locales.pl to debian/build/refresh-supported-locales.pl - move debian/extract-file.py to debian/build/extract-file.py - update debian/rules - move debian/testsuite.mk to debian/build/testsuite.mk * Dropped patches that are obsolete or fixed upstream: - remove debian/patches/lp512615_cairo_lcd_filter.patch - remove debian/patches/lp185622_system_path_default_browser.patch - remove debian/patches/bz386904_config_rules_install_dist_files.patch - remove debian/patches/bz532198_lp488354_ns_invokebyindex_not_thumb2_safe.patch - remove debian/patches/bzXXX_libxul_sdk_nspr.patch - remove debian/patches/drop_bz418016.patch - remove debian/patches/firefox-fsh - remove debian/patches/firefox-profilename - remove debian/patches/ubuntu_no_app_updates.patch - update debian/patches/series * Refresh patches: - update debian/patches/firefox-kde.patch - update debian/patches/mozilla-kde.patch - update debian/patches/ubuntu-codes-google.patch - update debian/patches/reload-new-plugins.patch - update debian/patches/plugin-for-mimetype-pref.patch - update debian/patches/add-syspref-dir.patch - update debian/patches/allow-lockPref-everywhere.patch - update debian/patches/distro-locale-searchplugins.patch - update debian/patches/ubuntu-bookmarks.patch * Shrink the default mozconfig right down so that we use mostly upstream defaults, rather than overriding them with our own options. It is still possible to override them though. We also drop the pkg-config checks in debian/rules which allowed a fallback build configuration when dependencies aren't satisfied. Really, the build should just fail here rather than continuing in some undesirable fallback mode - update debian/firefox-dev.install.in - update debian/firefox-dev.links.in - update debian/mozconfig.in - update debian/pkgconfig/libxul.pc.in - update debian/control.in - update debian/rules * Refresh build-depends, as this hasn't been done for a while: - Drop patchutils, libxft-dev, libxinerama-dev, libgnome2-dev and bzip2. These aren't needed - Drop liborbit2-dev - only required if there is no libidl - Add libglib2.0-dev, libext-dev, libfontconfig1-dev and libpango1.0-dev, as the configure script checks for these directly - Add minimum versions to libgconf2-dev, libgnomevfs2-dev, yasm and libgnomeui-dev - Specify minimum versions for libnspr4-dev, libcairo2-dev, libsqlite3-dev and libnss3-dev when using system versions of those libs * Introduce a branch config file (debian/config/branch.mk) which holds settings which shouldn't be merged between branches (eg, whether the crash reporter should be enabled) - add debian/config/branch.mk - update debian/rules * Move debian/locales.* to debian/config - move debian/locales.shipped => debian/config/locales.shipped - move debian/locales.unavail => debian/config/locales.unavail - move debian/locales.blacklist => debian/config/locales.blacklist - update debian/rules - update debian/build/refresh-supported-locales.pl * Don't open about:blank from the New Window quicklist entry - update debian/firefox.desktop.in * Touch debian/control.in during clean to force a refresh of debian/control, so we can check if it is out-of-date and fail if it is - update debian/rules * Drop the mozilla-devscripts dependency. We were only using this for creating tarballs anyway. Instead, implement our own get-orig-source target, which also fixes some problems we were having - update debian/control.in - remove debian/moz-rev.sh - update debian/rules - remove debian/mozclient/firefox.mk - remove debian/mozclient/firefox.conf - update debian/config/branch.mk - add debian/build/create-source - add debian/build/get-orig-source.mk * Lots of workflow improvements for dealing with language packs: - update debian/rules - add debian/build/extract-file.py - add debian/build/dump-langpack-control-entries.pl - update debian/build/refresh-supported-locales.pl - add debian/config/locales.all - update debian/config/locales.shipped - remove debian/config/locales.unavailable - update debian/control - update debian/build/create-tarball.py * Turn off the one-time addon selection dialog (LP: #888307) - update debian/vendor.js * Add Mongolian and Swahili to locale blacklist. These aren't meant to be built on the release channel, but they still appear in the upstream shipped-locales - update debian/locales.blacklist * Rewrite the apport hook to be more useful - update debian/apport/firefox.py.in * Ship a file in /etc/apport/native-origins.d to enable bug reporting on PPA branches - add debian/apport/native-origins.in - rename debian/apport/firefox.in => debian/apport/blacklist.in - update debian/rules - update debian/firefox.install.in - update debian/firefox.dirs.in * Update the apport blacklist file now that the binary name has changed - update debian/apport/firefox.in * Look in the correct location for the staged langpack xpi's. They moved from dist/install to dist/linux-$(DEB_HOST_GNU_CPU) - update debian/rules * Simplify firefox-dev.install a bit by installing everything in /usr/include - update debian/firefox-dev.install.in * Handle video/webm mimetypes - update debian/firefox.desktop.in * Fix check-sync-dirs.py test failure - ensure config/system-headers and js/src/config/system-headers are kept in sync - update debian/patches/unity-globalmenu-build-support-patch * Fix browserGlue_distribution.js and browserGlue_smartBookmarks.js xpcshell test failures. Update DEFAULT_BOOKMARKS_ON_MENU with the correct number of default bookmarks - update debian/patches/ubuntu-bookmarks.patch * Fix jsreftest failures by setting the correct timezone and locale - update debian/testsuite.mk * Switch off debian/patches/fix-selection-drag-autoscroll.patch for now. It doesn't apply and needs a rethink - update debian/patches/series * Fix "format not a string literal and no format arguments" error - add debian/patches/printf-fix.patch - update debian/patches/series * Update for the binary name change - update debian/firefox.install.in - update debian/firefox.sh.in * Ensure we install dependentlibs.list so that Firefox knows which libs to dlopen before libxul - update debian/firefox.install.in * Get rid of some more hanging IPC xpcshell tests - update debian/testsuite.mk * Now Firefox lazy loads libxul, drop the LD_LIBRARY_PATH hack from the shell wrapper (LP: #561124) - update debian/firefox.sh.in * Only install channel-prefs.js on aurora/beta, where we need it for Test Pilot. We don't set a channel name on other branches anyway, so we just end up with a nonsense channel name ("default") appearing in the About dialog - update debian/rules - update debian/firefox.install.in - update debian/apport/firefox.py.in * Don't error out whilst creating the source package if mozilla-devscripts or cdbs aren't installed. This enables us to create source packages on machines which don't have these available - update debian/rules - update debian/mozclient/firefox.mk * Unconditionally build with --disable-elf-hack. It's basically a noop on Ubuntu, as we don't get any of the nice space saving and startup time improvements that upstream builds get with it. Enabling it is problematic (it fails to build on all architectures in Ubuntu from Firefox 7 onwards, and is problematic on armel when building on older Ubuntu versions) - update debian/rules - update debian/mozconfig.in * Don't unconditionally set -fshort-wchar in the libxul.pc pkgconfig file. It's no longer needed with newer toolchains which support gnu++0x, and defining it breaks the mozvoikko build - update debian/pkgconfig/libxul.pc.in - update debian/rules * Drop the profile migrator, as it doesn't really make any sense with the new release cycle. In Firefox 7, we want to drop the shell wrapper script anyway - remove debian/migrator/xulapp-profilemigrator - update debian/firefox.sh.in - update debian/firefox.install.in - update debian/rules - update debian/control.in * xpt_link and xpt_dump have been replaced by xpt.py - update debian/firefox-dev.install.in - update debian/firefox-dev.links.in * Add support for the system provided hyphenation patterns, by linking @MOZ_LIBDIR@/hyphenation to /usr/share/hyphen - update debian/firefox.links.in * Drop the special "kde.js" file handling from the pref service. It hasn't had the desired effect since Firefox 4, as the specialfile handling doesn't apply to pref files inside the omni.jar. Moving kde.js back in to defaults/pref isn't an option, as these are always read after the prefs in the omni.jar, which would mean that all users would get the KDE specific prefs. Note, we only override one pref in kde.js anyway, it can go elsewhere if really required - update debian/patches/mozilla-kde.patch - update debian/patches/firefox-kde.patch - note, this doesn't change any behaviour from Firefox 4 and 5, but the code this patch touched was rewritten in Firefox 6, so it makes more sense to just remove it now rather than refactor it and it stil not work * Drop abrowser. The abrowser branding doesn't work since Firefox 4, and is going to be difficult to maintain going forwards. The Firefox logo is freely licensed now, which was the main reason for the existance of abrowser. Current abrowser users will be migrated to Firefox - remove debian/abrowser.desktop - update debian/control - update debian/rules - remove debian/ubuntu-abrowser.js.tmpl - remove debian/patches/awesome_browser_branding_install.patch - update debian/patches/series - remove debian/patches/browser_branding.patch - remove debian/patches/abrowser_run_mozilla.patch * Auto-generate debhelper and other files at build-time - rename debian/firefox.dirs => debian/firefox.dirs.in - rename debian/firefox.install => debian/firefox.install.in - rename debian/firefox.links => debian/firefox.links.in - rename debian/firefox.menu => debian/firefox.menu.in - rename debian/firefox.xml => debian/firefox.xml.in - rename debian/firefox-gnome-support.install => debian/firefox-gnome-support.install.in - rename debian/apport/firefox.py => debian/apport/firefox.py.in - rename debian/firefox-restart-required.update-notifier => debian/firefox-restart-required.update-notifier.in - add debian/firefox-mozsymbols.in - update debian/firefox.dirs.in - update debian/firefox.install.in - update debian/firefox.links.in - update debian/firefox.menu.in - update debian/firefox-gnome-support.install.in - update debian/apport/firefox.py.in - update debian/firefox-restart-required.update-notifier.in * Update apport hook to work with packed extensions - update debian/apport/firefox.py.in * Drop firefox-gnome-support maintainer scripts, as they aren't needed now. Touching .autoreg on install doesn't do anything, and registering the gnome-www-browser alternative has moved to firefox - remove debian/firefox-gnome-support.postinst.in - remove debian/firefox-gnome-support.prerm.in - update debian/firefox.postinst.in - update debian/firefox.prerm.in * Tidy up the branding selection to auto-select based on the channel. Also drop obsolete desktop files - update debian/rules - remove debian/firefox-minefield.desktop - remove debian/firefox-namoroka.desktop * Build language packs directly from the firefox source + Fixes LP: #294187 - Firefox Locales should install locale specific search plugins + Rip out the bits to create a en-US.xpi - update debian/rules - remove debian/translation-support/install.rdf.in + Include compare-locales FIREFOX_5_0b1_BUILD1 from http://hg.mozilla.org/build/compare-locales. It's needed for merging en-US strings with incomplete locales + Pull l10n data in to tarball from bzr - update debian/mozclient/firefox.conf + Configure build for creating language packs by configuring with "--with-l10n-base=" - update debian/mozconfig.in + Store the list of locales to ship, and provide a way of automatically generating that list and the control file entries from the upstream source. Also provide a way to blacklist languages. We map languages to package names using langpack-o-matic (and also get descriptions from there too) - update debian/rules - add debian/locales.shipped - add debian/control.langpacks - update debian/control.in - add debian/locale.blacklist - add debian/refresh-supported-locales.pl + Add common-build-indep hook to build the translation xpi's - update debian/rules + Add common-binary-post-install-indep to install the xpi's and searchplugins in to the correct debian packages - update debian/rules - add debian/get-xpi-id.py + When rebuilding debian/control in the clean target, fail the build if the control file was out-of-date. This ensures that we don't accidentally drop language packs, and forces me to maintain an up-to-date control file in bzr - update debian/rules + Apply vendor patches to localized searchplugins too - update debian/patches/ubuntu-codes-amazon.patch - add debian/patches/ubuntu-codes-baidu.patch - update debian/patches/ubuntu-codes-google.patch + Add languages that are currently dropped in FF5 (compared with FF3.6) to locales.unavailable. Having transitional packages now will make transitioning easier later on if they come back - add debian/locales.unavailable * Build with "make -f client.mk" and using a mozconfig, rather than the autoconf/configure/make steps used previously. The client.mk contains the sequencing for doing PGO builds - add debian/mozconfig.in - update debian/rules * Prevent LP: #643899 - Firefox sending header "Accept-Language: chrome://global/locale/intl.properties" because the intl.accept_languages preference is messed up. Drop a patch which causes the preferences system to save a user preference when changing a preference value to equal the system default value (and revert to the original behaviour where the preference is just discarded). This should hopefully stop Firefox Sync from breaking localized preferences where they haven't been modified by the user, but does regress LP: #548866 - update debian/patches/series * Prevent LP: #744580 - Firefox doesn't autoscroll when selecting content downwards - add debian/patches/fix-selection-drag-autoscroll.patch - update debian/patches/series * Run the Mozilla test suite at build time. Test-suite failures won't break the build just yet - add debian/testsuite.mk - update debian/rules - update debian/control.in * Build using the versioned yasm-1 binary backported to Lucid - add debian/patches/use-new-yasm-in-lucid.patch - update debian/patches/series - update debian/control.in - refresh debian/control * Add a firefox-dev package. We need this for mozvoikko - update debian/control.in - add debian/firefox-dev.install.in - add debian/firefox-dev.links.in - add debian/pkgconfig/libxul.pc.in - add debian/pkgconfig/mozilla-nspr.pc.in - add debian/pkgconfig/mozilla-plugin.pc.in - update debian/rules - refresh debian/control - update debian/patches/series [ Brian Murray ] * Fix LP: #758111 - update ubuntulinux.org bookmark - thanks to Jonathan Rothwell for the patch [ Micah Gersten ] * Add patch from upstream to fix PowerPC FTBFS (bmo: 703534) aka Build failure on platforms without YARR JIT - add debian/patches/fix-build-failure-without-yarr-jit.patch - update debian/patches/series Date: 2012-01-29 20:16:12.083160+00:00 Changed-By: Chris Coulson Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/firefox/10.0+build1-0ubuntu0.10.04.2 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Fri Feb 3 23:47:34 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 03 Feb 2012 23:47:34 -0000 Subject: [ubuntu/lucid-updates] chromium-browser 16.0.912.77~r118311-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120203234734.1110.74585.launchpad@ackee.canonical.com> chromium-browser (16.0.912.77~r118311-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #923602) This release fixes the following security issues: - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415). - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz. - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis. chromium-browser (16.0.912.75~r116452-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #914648, #889711) This release fixes the following security issues: - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). This upload also includes the following security fixes from 16.0.912.63: - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security. - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team. - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek. - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG. - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). - [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz. This upload also includes the following security fixes from 15.0.874.121: - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. This upload also includes the following security fixes from 15.0.874.120: - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). [ Brandon Snider ] * Refresh patch - update debian/patches/chromium_useragent.patch.in Date: 2012-01-30 06:05:28.536143+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/chromium-browser/16.0.912.77~r118311-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Fri Feb 3 23:47:39 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 03 Feb 2012 23:47:39 -0000 Subject: [ubuntu/lucid-security] chromium-browser 16.0.912.77~r118311-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120203234739.1110.2866.launchpad@ackee.canonical.com> chromium-browser (16.0.912.77~r118311-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #923602) This release fixes the following security issues: - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415). - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz. - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis. chromium-browser (16.0.912.75~r116452-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #914648, #889711) This release fixes the following security issues: - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). This upload also includes the following security fixes from 16.0.912.63: - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security. - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team. - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek. - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG. - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). - [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz. This upload also includes the following security fixes from 15.0.874.121: - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. This upload also includes the following security fixes from 15.0.874.120: - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). [ Brandon Snider ] * Refresh patch - update debian/patches/chromium_useragent.patch.in Date: 2012-01-30 06:05:28.536143+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/chromium-browser/16.0.912.77~r118311-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Mon Feb 6 09:27:16 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Mon, 06 Feb 2012 09:27:16 -0000 Subject: [ubuntu/lucid-updates] release-upgrader-apt 0.8.16~exp12ubuntu1~upgrader1 (Accepted) Message-ID: <20120206092716.4391.70469.launchpad@ackee.canonical.com> release-upgrader-apt (0.8.16~exp12ubuntu1~upgrader1) lucid-proposed; urgency=low * Backport apt libraries from precise to lucid to make multiarch-enabled upgrades work. apt (0.8.16~exp12ubuntu1) precise; urgency=low [ Michael Vogt ] * merge from debian/experimental: - new ABI [ Steve Langasek ] * apt-pkg/algorithms.cc: iterate Breaks the same way as Conflicts, so that we resolve virtual package Breaks more effectively. Thanks to Colin Watson for the patch. Closes: #657695, LP: #922485. * apt-pkg/algorithms.{cc,h}: use an int to represent resolver scores, not a signed short, because large upgrades can result in an overflow for core packages. Thanks again to Colin Watson. Closes: #657732, LP: #917173. * Multi-Arch: none build-deps should be DEB_HOST_ARCH, not DEB_BUILD_ARCH. Closes: #646288. apt (0.8.16~exp12) experimental; urgency=low [ Michael Vogt ] * apt-pkg/deb/dpkgpm.cc: - fix segfault on pkg removal [ David Kalnischkies ] * apt-pkg/cacheiterators.h: - return the correct version arch for all+foreign, too * apt-pkg/packagemanager.cc: - ignore breaks on not-installed versions while searching for breakage loops as we don't have to avoid them * debian/control: - remove APT from the short descriptions as lintian doesn't like it and it doesn't transport any information for a reader anyway - apply typofixes by Pascal De Vuyst, thanks! (Closes: #652834, #652835) * debian/rules: - apply patch to enable usage of hardning CPPFLAGS and LDFLAGS by Moritz Muehlenhoff, thanks! (Closes: #653504) * methods/https.cc: - use curls list append instead of appending Range and If-Range by hand which generates malformed requests, thanks Mel Collins for the hint! (Closes: #646381) * test/libapt/run-tests: - hurd doesn't have dmesg yet and we don't really need it either, so use with $0 a more stable data source for hashsumming [ Pino Toscano ] * test/libapt/globalerror_test.cc: - errno 0 has a different strerror on hurd, so generate the expected message dynamically instead of hardcoding 'Success' (Closes: #656530) apt (0.8.16~exp11) experimental; urgency=low [ David Kalnischkies ] * apt-pkg/deb/dpkgpm.cc: - redirect out/input of dpkg --assert-multi-arch to /dev/null - if multi-arch is detected ensure that pkg:all is reported as pkg:all apt (0.8.16~exp10) experimental; urgency=low [ David Kalnischkies ] * apt-pkg/depcache.cc: - implicit conflicts (for multiarch) are supposed to conflict only with real packages, not with virtual providers * apt-pkg/pkgcache.cc: - ignore implicit conflicts on providers in AllTarget, too * apt-pkg/deb/dpkgpm.cc: - check if dpkg supports multiarch with --assert-multi-arch and if it does be always explicit about the architecture * apt-pkg/contrib/fileutl.h: - store the offset in the internal fd before calculate size of the zlib-handled file to jump back to this place again [ Michael Vogt ] * apt-pkg/contrib/fileutl.h: - fix segfault triggered by the python-apt testsuite apt (0.8.16~exp9) experimental; urgency=low [ Julian Andres Klode ] * apt-pkg/cdrom.cc: - Accept .bz2, .xz files in addition to .gz files (Closes: #649451) [ Michael Vogt ] * apt-pkg/cdrom.cc: - use aptconfiguration to get the supported compression types * debian/control: - bump debhelper build-dep to debhelper (>= 8.1.3~) - set libapt-pkg-dev to multi-arch: same too * g++ 4.7 fixes [ Colin Watson ] * Convert libapt-pkg4.12 and libapt-inst1.4 to Multi-Arch: same. [ David Kalnischkies ] * apt-pkg/cacheset.cc: - make the cachesets real containers which can embedding any container to be able to use the same interface regardless of set or list usage - provide a {Package,Version}List similar to {Package,Version}Set * cmdline/apt-{get,cache,mark}.cc: - use Lists instead of Sets if input order should be preserved for commands accepting lists of packages, e.g. policy (Closes: #625960) * apt-pkg/depcache.cc: - prefer native providers over foreigns even if the chain is foreign. LP: #850264. * cmdline/apt-get.cc: - ignore foreign architectures if we check if a provides has only one resolver as it's basically the same for the user, so no need to choose * cmdline/apt-config.cc: - dump the APT::Compressor settings correctly and completely * apt-pkg/contrib/fileutl.{h,cc}: - implement a ModificationTime method for FileFd - add a ReadLine method - drop the explicit export of gz-compression handling * apt-pkg/cdrom.cc: - support InRelease files on cdrom apt (0.8.16~exp8) experimental; urgency=low [ David Kalnischkies ] * algorithms.cc: - show a debug why a package was kept by ResolveByKeep() * apt-pkg/packagemanager.cc: - do not fail on unpacked packages in SmartUnPack, just don't shedule them for unpack, but do all checks and configure them - do not enter an endless loop for (essential) pre-dependency loops * apt-pkg/contrib/sha2_internal.cc: - use a pointer-union to peace gcc strict-aliasing warning * apt-pkg/deb/deblistparser.cc: - M-A: foreign packages provide for other archs, too apt (0.8.16~exp7) experimental; urgency=low [ David Kalnischkies ] * do not pollute namespace in the headers with using (Closes: #500198) * use forward declaration in headers if possible instead of includes * remove old APT_COMPATIBILITY ifdef's * apt-pkg/deb/dpkgpm.cc: - use std::vector instead of fixed size arrays to store args and multiarch-packagename strings - load the dpkg base arguments only one time and reuse them later * cmdline/apt-get.cc: - follow Provides in the evaluation of saving candidates, too, for statisfying garbage package dependencies (Closes: #640590) * apt-pkg/algorithms.cc: - if a package is garbage, don't try to save it with FixByInstall * apt-pkg/deb/debsrcrecords.cc: - remove the limit of 400 Binaries for a source package (Closes: #622110) * apt-pkg/deb/deblistparser.cc: - fix crash when the dynamic mmap needs to be grown in LoadReleaseInfo (LP: #854090) * apt-pkg/deb/debmetaindex.cc: - none is a separator, not a language: no need for Index (Closes: #624218) * apt-pkg/aptconfiguration.cc: - do not builtin languages only if none is forced (Closes: #643787) * apt-pkg/pkgcachegen.cc: - refactor MergeList by creating -Group, -Package and -Version specialist - share description list between "same" versions (LP: #868977) This also means that descriptions are shared across archives now. - add implicit dependencies needed for Multi-Arch at the time a Version struct is created and not at the end of the cache generation * apt-pkg/pkgcache.cc: - always prefer "en" over "" for "en"-language regardless of cache-order [ Michael Vogt ] * apt-pkg/contrib/configuration.cc: - fix double delete (LP: #848907) - ignore only the invalid regexp instead of all options * apt-pkg/acquire-item.h, apt-pkg/deb/debmetaindex.cc: - fix fetching language information by adding OptionalSubIndexTarget * methods/https.cc: - cleanup broken downloads properly [ Colin Watson ] * ftparchive/cachedb.cc: - fix buffersize in bytes2hex apt (0.8.16~exp6) experimental; urgency=low [ Christopher Baines ] * enable APT in unpack/configure ordering to handle loops as well as tight dependencies between immediate packages better enabling also the possibility to mark all packages as immediate (at least Closes: #353290, #540227, #559733, #621836, #639290) [ David Kalnischkies ] * [abi-break] Support large files in the complete toolset. Indexes of this size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895) * merged the debian-sid branch [ Michael Vogt ] * bump ABI version apt (0.8.16~exp5ubuntu14.2.1) UNRELEASED; urgency=low [ Daniel Hahler ] * doc/apt-key.8.xml: Ubuntu specific documentation changes (LP: #445903) apt (0.8.16~exp5ubuntu14.2) precise; urgency=low * Call update-apt-xapian-index with -u on all arches in cron.daily to make it behave slightly more pleasantly. apt (0.8.16~exp5ubuntu14.1) precise; urgency=low * apt-pkg/edsp.cc: - fix FTBFS apt (0.8.16~exp5ubuntu14) precise; urgency=low [ David Kalnischkies ] * apt-pkg/pkgcachegen.cc: - refactor MergeList by creating -Group, -Package and -Version specialist - share description list between "same" versions (LP: #868977) This also means that descriptions are shared across archives now. * apt-pkg/pkgcache.cc: - always prefer "en" over "" for "en"-language regardless of cache-order (LP: #868977) apt (0.8.16~exp5ubuntu13) oneiric; urgency=low [ Adam Conrad ] * On armel, call update-apt-xapian-index with '-u' to keep the CPU and I/O usage low. We would do this on all arches, but there's a regression risk here, but that's better than killing slow systems. [ Michael Vogt ] * cmdline/apt-key: - fix apt-key net-update, thanks to Marc Deslauriers and Adam Conrad for the code review (LP: #857472) Date: 2012-01-30 13:10:13.104139+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/release-upgrader-apt/0.8.16~exp12ubuntu1~upgrader1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Mon Feb 6 09:27:22 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Mon, 06 Feb 2012 09:27:22 -0000 Subject: [ubuntu/lucid-updates] release-upgrader-python-apt 0.8.0ubuntu9~upgrader3 (Accepted) Message-ID: <20120206092722.4391.53983.launchpad@ackee.canonical.com> release-upgrader-python-apt (0.8.0ubuntu9~upgrader3) lucid-proposed; urgency=low * Rebuild against latest release-upgrader-apt (LP: #917173, #922485). Date: 2012-01-30 13:10:23.388023+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/release-upgrader-python-apt/0.8.0ubuntu9~upgrader3 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Wed Feb 8 11:07:14 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Wed, 08 Feb 2012 11:07:14 -0000 Subject: [ubuntu/lucid-updates] unattended-upgrades 0.55ubuntu7 (Accepted) Message-ID: <20120208110714.30562.21334.launchpad@ackee.canonical.com> unattended-upgrades (0.55ubuntu7) lucid-proposed; urgency=low * backport lp:~mvo/unattended-upgrades/unshadow-versions to fix versions in -updates shadowing versions in -security (LP: #891747) * print conffile hold-backs to stdout to ensure its part of the cron mail (LP: #773007), thanks to Jean-Baptiste Lallement Date: 2011-11-30 08:35:12.389956+00:00 Changed-By: Michael Vogt Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/unattended-upgrades/0.55ubuntu7 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Wed Feb 8 15:38:13 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Wed, 08 Feb 2012 15:38:13 -0000 Subject: [ubuntu/lucid-updates] debian-installer 20081029ubuntu102.14 (Accepted) Message-ID: <20120208153813.1022.43102.launchpad@ackee.canonical.com> debian-installer (20081029ubuntu102.14) lucid-proposed; urgency=low * Rebuild against current lts-backport-oneiric kernel. * Move Dove images to 2.6.32-219 kernels. debian-installer (20081029ubuntu102.13) lucid-proposed; urgency=low * Add natty and oneiric images for amd64 and i386, built with the respective backported kernels (LP: #881529). * Move to 2.6.32-38 kernels. * Move maverick-* images to 2.6.35-32 kernels. Date: 2012-01-30 17:45:13.433232+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/debian-installer/20081029ubuntu102.14 -------------- next part -------------- Sorry, changesfile not available. From marc.deslauriers at ubuntu.com Wed Feb 8 18:47:55 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 08 Feb 2012 18:47:55 -0000 Subject: [ubuntu/lucid] acroread 9.4.7-1lucid1 (Accepted) Message-ID: <20120208184755.1284.92321.launchpad@cocoplum.canonical.com> acroread (9.4.7-1lucid1) lucid; urgency=low * New upstream release, addresses security issues: - http://www.adobe.com/support/security/bulletins/apsb11-30.html - CVE-2011-2462 - CVE-2011-4369 * This is an English only release. The -deu, -fra, -jpn packages still contain 9.4.2, as more recent versions are not available for those languages. Date: Tue, 07 Feb 2012 14:14:37 -0500 Changed-By: Marc Deslauriers Maintainer: Brian Thomason https://launchpad.net/ubuntu/lucid/+source/acroread/9.4.7-1lucid1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 Feb 2012 14:14:37 -0500 Source: acroread Binary: acroread adobereader-deu adobereader-fra adobereader-jpn acroread-common Architecture: source Version: 9.4.7-1lucid1 Distribution: lucid Urgency: low Maintainer: Brian Thomason Changed-By: Marc Deslauriers Description: acroread - Adobe Reader acroread-common - Adobe Reader - Common Files adobereader-deu - Adobe Reader adobereader-fra - Adobe Reader adobereader-jpn - Adobe Reader Changes: acroread (9.4.7-1lucid1) lucid; urgency=low . * New upstream release, addresses security issues: - http://www.adobe.com/support/security/bulletins/apsb11-30.html - CVE-2011-2462 - CVE-2011-4369 * This is an English only release. The -deu, -fra, -jpn packages still contain 9.4.2, as more recent versions are not available for those languages. Checksums-Sha1: 76a2f8911d72053e2dc4bd1959ac5024e71d90fe 1943 acroread_9.4.7-1lucid1.dsc e141c98897b71185fc27077fab99285ecfc52763 267218579 acroread_9.4.7.orig.tar.gz 00220136d6e209d64fcdb509bd83bbc69e1c2980 20467 acroread_9.4.7-1lucid1.debian.tar.gz Checksums-Sha256: 22b36bec45765adb562c5bbb9e32d76ed0fdb050607b66ea671288d0c13675c1 1943 acroread_9.4.7-1lucid1.dsc 7ae0879748f81f06ebdc217098bbebf0af2ab8530174720626d34069be3006b3 267218579 acroread_9.4.7.orig.tar.gz 9e6964a4b42f27d81f3d6299cce53ff915f850ffd92ab5009b2e9f3068ae59ba 20467 acroread_9.4.7-1lucid1.debian.tar.gz Files: 6c44f34974592b065c051ba2aeb619d3 1943 partner/text extra acroread_9.4.7-1lucid1.dsc d81ca67801f1cff258655797a554aed2 267218579 partner/text extra acroread_9.4.7.orig.tar.gz 4853360bf975e97a1064d73aa97f94b0 20467 partner/text extra acroread_9.4.7-1lucid1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJPMrz2AAoJEGVp2FWnRL6TIkoP+wQffrfTRGqB/+P4gswqNnhr x/QHQjHJbEDt9CU7Ol3Nd9xLTqQobO3oYb9/kaKgXp77lQ9F6R/rh2ZMMU04fcyX T2iW8uTRuU1tx9PBkL2TqzlQDPr6SL8snrxoePMkVNhQ3jcrTOWxXuAOJ4VnjwM3 gKDgFLSa/PjG/howFxuj9QkQ8caVJCpVNqEG1K1aBJoi1BM579bdb00QdTkZZRjo oIKFcdIixc7Ws2Pi5FqPgwaHQMglgi6bY9WbU7tG/Xq9rl4N9jeYJSymTvPQhvUN uGEcxJXn+jmZ+CwkkVDL5RAFZlSCDbvmiedC0b6Lo3lyQ4ay4aGlxSizks3IeRFz xDIcWNrFv8WV/vNz9Dd86R0/jYRyXaN7fRanRRWdfj8rz7AITpB7wcPyK/TWCThW bCTUOenc/TKZ8STFkQ8CV3rR3CCSQs5FgGzh0v0VmAThbSs52rZg5TDvmNHA/opq 8SrcUMl7GTiDodOwGyIhwzAo15qsVX3Mgb45SGCoET7FxiHuCwl9RE7u7M9PMrsM Uye24KCYF5pbAVRH/aKebzl++k2i7OW1jPfLq9CaJVpZeluh2z24WO+B3P5cXUed LRxmrnyHz1MIxonRa2eaxzpwRkBEZBiMAYsTxwyoVHsPYQ8EbhO7zdv0u05C2+ZB /99mfzv83RO/RDxLYAXd =C3Oq -----END PGP SIGNATURE----- From martin.pitt at ubuntu.com Thu Feb 9 05:15:50 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 09 Feb 2012 05:15:50 -0000 Subject: [ubuntu/lucid-updates] apt 0.7.25.3ubuntu9.10 (Accepted) Message-ID: <20120209051550.13248.37815.launchpad@ackee.canonical.com> apt (0.7.25.3ubuntu9.10) lucid-proposed; urgency=low * apt-pkg/algorithms.cc: Iterate Breaks the same way as Conflicts, so that we resolve virtual package Breaks more effectively (LP: #922485). * apt-pkg/algorithms.{cc,h}: Use an int to represent resolver scores, not a signed short, because large upgrades can result in an overflow for core packages (LP: #917173). Date: 2012-01-30 13:50:27.228600+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/apt/0.7.25.3ubuntu9.10 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Thu Feb 9 14:59:15 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 09 Feb 2012 14:59:15 -0000 Subject: [ubuntu/lucid-updates] debian-installer-utils 1.72ubuntu5.2 (Accepted) Message-ID: <20120209145915.31977.20329.launchpad@ackee.canonical.com> debian-installer-utils (1.72ubuntu5.2) lucid-proposed; urgency=low [ Scott Moser ] * Add --quiet to dpkg-divert calls in chroot_setup. Date: 2012-01-06 12:30:12.326210+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/debian-installer-utils/1.72ubuntu5.2 -------------- next part -------------- Sorry, changesfile not available. From sbeattie at ubuntu.com Thu Feb 9 21:37:27 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Thu, 09 Feb 2012 21:37:27 -0000 Subject: [ubuntu/lucid-security] openssl_0.9.8k-7ubuntu8.8_amd64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.8_ia64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.8_i386_translations.tar.gz, openssl_0.9.8k-7ubuntu8.8_armel_translations.tar.gz, openssl, openssl_0.9.8k-7ubuntu8.8_powerpc_translations.tar.gz, openssl_0.9.8k-7ubuntu8.8_sparc_translations.tar.gz 0.9.8k-7ubuntu8.8 (Accepted) Message-ID: <20120209213727.1766.15150.launchpad@cocoplum.canonical.com> openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests * debian/libssl0.9.8.postinst: Only issue the reboot notification for servers by testing that the X server is not running (LP: #244250) Date: Tue, 31 Jan 2012 01:41:34 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.8 -------------- next part -------------- Format: 1.8 Date: Tue, 31 Jan 2012 01:41:34 -0800 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: source Version: 0.9.8k-7ubuntu8.8 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Launchpad-Bugs-Fixed: 244250 Changes: openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low . * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests * debian/libssl0.9.8.postinst: Only issue the reboot notification for servers by testing that the X server is not running (LP: #244250) Checksums-Sha1: 458b1a3bbd610d75f927e6927f3c691743aa149d 2097 openssl_0.9.8k-7ubuntu8.8.dsc c2ed1e91d5fe68524d35dd26addff3bc7f1940fc 122447 openssl_0.9.8k-7ubuntu8.8.diff.gz Checksums-Sha256: 67e7ad9f98c5300bef0941f92823e5a8d81597ad556df1860285c8f50702ca6d 2097 openssl_0.9.8k-7ubuntu8.8.dsc 86c5a07f999898a0fd87eed5f4d655a85de09dcd4d7d5c2d4ca27194668ede68 122447 openssl_0.9.8k-7ubuntu8.8.diff.gz Files: 1b5686eed1f8f266c076c4d253676624 2097 utils optional openssl_0.9.8k-7ubuntu8.8.dsc 84ce65610995b1a06c37867a7c3919e2 122447 utils optional openssl_0.9.8k-7ubuntu8.8.diff.gz Original-Maintainer: Debian OpenSSL Team From sbeattie at ubuntu.com Thu Feb 9 22:34:21 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Thu, 09 Feb 2012 22:34:21 -0000 Subject: [ubuntu/lucid-security] php5_5.3.2-1ubuntu4.13_sparc_translations.tar.gz, php5_5.3.2-1ubuntu4.13_amd64_translations.tar.gz, php5_5.3.2-1ubuntu4.13_powerpc_translations.tar.gz, php5_5.3.2-1ubuntu4.13_armel_translations.tar.gz, php5_5.3.2-1ubuntu4.13_i386_translations.tar.gz, php5, php5_5.3.2-1ubuntu4.13_ia64_translations.tar.gz 5.3.2-1ubuntu4.13 (Accepted) Message-ID: <20120209223421.25901.41780.launchpad@cocoplum.canonical.com> php5 (5.3.2-1ubuntu4.13) lucid-security; urgency=low * SECURITY UPDATE: memory allocation failure denial of service - debian/patches/php5-CVE-2011-4153.patch: check result of zend_strdup() and calloc() for failed allocations - CVE-2011-4153 * SECURITY UPDATE: predictable hash collision denial of service (LP: #910296) - debian/patches/php5-CVE-2011-4885.patch: add max_input_vars directive with default limit of 1000 - ATTENTION: this update changes previous php5 behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. - CVE-2011-4885 * SECURITY UPDATE: remote code execution vulnerability introduced by the fix for CVE-2011-4885 (LP: #925772) - debian/patches/php5-CVE-2012-0830.patch: return rather than continuing if max_input_vars limit is reached - CVE-2012-0830 * SECURITY UPDATE: XSLT arbitrary file overwrite attack - debian/patches/php5-CVE-2012-0057.patch: add xsl.security_prefs ini option to define forbidden operations within XSLT stylesheets - CVE-2012-0057 * SECURITY UPDATE: PDORow session denial of service - debian/patches/php5-CVE-2012-0788.patch: fail gracefully when attempting to serialize PDORow instances - CVE-2012-0788 * SECURITY UPDATE: magic_quotes_gpc remote disable vulnerability - debian/patches/php5-CVE-2012-0831.patch: always restore magic_quote_gpc on request shutdown - CVE-2012-0831 * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files (overlooked in a previous update). - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 Date: Wed, 08 Feb 2012 20:55:57 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.13 -------------- next part -------------- Format: 1.8 Date: Wed, 08 Feb 2012 20:55:57 -0800 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.2-1ubuntu4.13 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 910296 925772 Changes: php5 (5.3.2-1ubuntu4.13) lucid-security; urgency=low . * SECURITY UPDATE: memory allocation failure denial of service - debian/patches/php5-CVE-2011-4153.patch: check result of zend_strdup() and calloc() for failed allocations - CVE-2011-4153 * SECURITY UPDATE: predictable hash collision denial of service (LP: #910296) - debian/patches/php5-CVE-2011-4885.patch: add max_input_vars directive with default limit of 1000 - ATTENTION: this update changes previous php5 behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. - CVE-2011-4885 * SECURITY UPDATE: remote code execution vulnerability introduced by the fix for CVE-2011-4885 (LP: #925772) - debian/patches/php5-CVE-2012-0830.patch: return rather than continuing if max_input_vars limit is reached - CVE-2012-0830 * SECURITY UPDATE: XSLT arbitrary file overwrite attack - debian/patches/php5-CVE-2012-0057.patch: add xsl.security_prefs ini option to define forbidden operations within XSLT stylesheets - CVE-2012-0057 * SECURITY UPDATE: PDORow session denial of service - debian/patches/php5-CVE-2012-0788.patch: fail gracefully when attempting to serialize PDORow instances - CVE-2012-0788 * SECURITY UPDATE: magic_quotes_gpc remote disable vulnerability - debian/patches/php5-CVE-2012-0831.patch: always restore magic_quote_gpc on request shutdown - CVE-2012-0831 * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files (overlooked in a previous update). - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 Checksums-Sha1: d1278dd3c33e4e105e6624c5fd747d83a98379c0 3170 php5_5.3.2-1ubuntu4.13.dsc 29b0b0c036f3ecc66cbaf355a707c60982c77b83 245380 php5_5.3.2-1ubuntu4.13.diff.gz Checksums-Sha256: cab3eb0cc1523b0a738ba1670809ddcc292a1376619bffb2699730f725533cbd 3170 php5_5.3.2-1ubuntu4.13.dsc c8728c24d71d415eed090c02cdb48cf5459159048afb5e83792338ef5f66e662 245380 php5_5.3.2-1ubuntu4.13.diff.gz Files: 7d88526c295b1e4a712f6a8b08b36258 3170 php optional php5_5.3.2-1ubuntu4.13.dsc c6afe83b22ac9587df870b89c4ab1bab 245380 php optional php5_5.3.2-1ubuntu4.13.diff.gz Original-Maintainer: Debian PHP Maintainers From martin.pitt at ubuntu.com Fri Feb 10 06:39:21 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Fri, 10 Feb 2012 06:39:21 -0000 Subject: [ubuntu/lucid-updates] fglrx-installer 2:8.723.1-0ubuntu6 (Accepted) Message-ID: <20120210063921.10831.68611.launchpad@ackee.canonical.com> fglrx-installer (2:8.723.1-0ubuntu6) lucid-proposed; urgency=low * debian/fglrx.postrm: - Do not remove diversions. Those diversions were likely installed by older releases of the driver (since we don't use diversions any more). Any diversion should be removed in fglrx.preinst, as it's exactly where we remove all other diversions (LP: #566437). * debian/fglrx.prerm: - Call dpkg-trigger with --by-package=$PACKAGE_NAME. Date: 2012-01-20 12:50:12.526953+00:00 Changed-By: Alberto Milone Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/fglrx-installer/2:8.723.1-0ubuntu6 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Fri Feb 10 06:39:28 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Fri, 10 Feb 2012 06:39:28 -0000 Subject: [ubuntu/lucid-updates] kickseed 0.54ubuntu1.10.04.2 (Accepted) Message-ID: <20120210063928.10831.83784.launchpad@ackee.canonical.com> kickseed (0.54ubuntu1.10.04.2) lucid-proposed; urgency=low * Fix iSCSI ks_preseed calls to include a type field (LP: #810068). Date: 2012-01-20 17:00:12.081558+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/kickseed/0.54ubuntu1.10.04.2 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Fri Feb 10 06:39:32 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Fri, 10 Feb 2012 06:39:32 -0000 Subject: [ubuntu/lucid-updates] partman-iscsi 14.1 (Accepted) Message-ID: <20120210063932.10831.20136.launchpad@ackee.canonical.com> partman-iscsi (14.1) lucid-proposed; urgency=low * Don't fail if debconf questions are preseeded (LP: #810068). Date: 2012-01-20 16:50:27.206839+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/partman-iscsi/14.1 -------------- next part -------------- Sorry, changesfile not available. From gimre at narancs.net Fri Feb 10 20:34:18 2012 From: gimre at narancs.net (Imre Gergely) Date: Fri, 10 Feb 2012 20:34:18 -0000 Subject: [ubuntu/lucid-security] pdns, pdns_2.9.22-3ubuntu0.1_powerpc_translations.tar.gz, pdns_2.9.22-3ubuntu0.1_ia64_translations.tar.gz, pdns_2.9.22-3ubuntu0.1_i386_translations.tar.gz, pdns_2.9.22-3ubuntu0.1_sparc_translations.tar.gz, pdns_2.9.22-3ubuntu0.1_amd64_translations.tar.gz, pdns_2.9.22-3ubuntu0.1_armel_translations.tar.gz 2.9.22-3ubuntu0.1 (Accepted) Message-ID: <20120210203418.2189.29706.launchpad@cocoplum.canonical.com> pdns (2.9.22-3ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: temporary DoS with specially crafted packets (LP: #918588) - debian/patches/CVE-2012-0206: prevent the auth servers from entering a packet loop. Based on upstream suggestion. - CVE-2012-0206 Date: Wed, 08 Feb 2012 23:33:27 +0200 Changed-By: Imre Gergely Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/pdns/2.9.22-3ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Wed, 08 Feb 2012 23:33:27 +0200 Source: pdns Binary: pdns-server pdns-doc pdns-backend-pipe pdns-backend-ldap pdns-backend-geo pdns-backend-mysql pdns-backend-pgsql pdns-backend-sqlite pdns-backend-sqlite3 Architecture: source Version: 2.9.22-3ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Imre Gergely Description: pdns-backend-geo - geo backend for PowerDNS pdns-backend-ldap - LDAP backend for PowerDNS pdns-backend-mysql - generic MySQL backend for PowerDNS pdns-backend-pgsql - generic PostgreSQL backend for PowerDNS pdns-backend-pipe - pipe/coprocess backend for PowerDNS pdns-backend-sqlite - sqlite backend for PowerDNS pdns-backend-sqlite3 - sqlite backend for PowerDNS pdns-doc - PowerDNS manual pdns-server - extremely powerful and versatile nameserver Launchpad-Bugs-Fixed: 918588 Changes: pdns (2.9.22-3ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: temporary DoS with specially crafted packets (LP: #918588) - debian/patches/CVE-2012-0206: prevent the auth servers from entering a packet loop. Based on upstream suggestion. - CVE-2012-0206 Checksums-Sha1: 857862fcd2a80004a432f9e135c5136a1f651829 2288 pdns_2.9.22-3ubuntu0.1.dsc 481651ea443f7a3c60ac1e565d6e260ba539ffc3 33068 pdns_2.9.22-3ubuntu0.1.diff.gz Checksums-Sha256: 62c7833a8fc8aa060fa51797b737f8ba9e3e13b30e17c2cdb2f77f80c4a0c5f7 2288 pdns_2.9.22-3ubuntu0.1.dsc a31e4953e64f0b49ad240ca1bc11e2fae215d7734c42616880ee66353ac0b8cb 33068 pdns_2.9.22-3ubuntu0.1.diff.gz Files: b38ed757745474461a511ac086293ac0 2288 net extra pdns_2.9.22-3ubuntu0.1.dsc be66e4ff8a01dcac4944b2011ef0805e 33068 net extra pdns_2.9.22-3ubuntu0.1.diff.gz Original-Maintainer: Debian PowerDNS Maintainers From tyhicks at canonical.com Fri Feb 10 20:34:29 2012 From: tyhicks at canonical.com (Tyler Hicks) Date: Fri, 10 Feb 2012 20:34:29 -0000 Subject: [ubuntu/lucid-security] atop 1.23-1+squeeze1build0.10.04.1 (Accepted) Message-ID: <20120210203429.2189.4559.launchpad@cocoplum.canonical.com> atop (1.23-1+squeeze1build0.10.04.1) lucid-security; urgency=low * fake sync from Debian atop (1.23-1+squeeze1) stable; urgency=high * Non-maintainer upload. * Fix CVE-2011-XXXX: Insecure use of temporary files in rawlog.c and acctproc.c (Closes: #622794) Date: Fri, 10 Feb 2012 12:59:05 -0600 Changed-By: Tyler Hicks Maintainer: Edelhard Becker https://launchpad.net/ubuntu/lucid/+source/atop/1.23-1+squeeze1build0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Fri, 10 Feb 2012 12:59:05 -0600 Source: atop Binary: atop Architecture: source Version: 1.23-1+squeeze1build0.10.04.1 Distribution: lucid-security Urgency: high Maintainer: Edelhard Becker Changed-By: Tyler Hicks Description: atop - Monitor for system resources and process activity Closes: 622794 Changes: atop (1.23-1+squeeze1build0.10.04.1) lucid-security; urgency=low . * fake sync from Debian . atop (1.23-1+squeeze1) stable; urgency=high . * Non-maintainer upload. * Fix CVE-2011-XXXX: Insecure use of temporary files in rawlog.c and acctproc.c (Closes: #622794) Checksums-Sha1: d893f0eb96b8f2d17e14cdd3e4f05af8035535f6 1729 atop_1.23-1+squeeze1build0.10.04.1.dsc 2f35dc31425732b028239eae9948ed7f0ebb6fd6 7129 atop_1.23-1+squeeze1build0.10.04.1.diff.gz Checksums-Sha256: cfb4fd22ed5e3d520272a0551b7284e3b0d29751adb7d39297f31d52339c3276 1729 atop_1.23-1+squeeze1build0.10.04.1.dsc 56eb2abcadf05e6bc0541bac2790e1278dbca09d9c691b2c18ec5282c274c8e1 7129 atop_1.23-1+squeeze1build0.10.04.1.diff.gz Files: a11f715f18666f42218e38abf0f0d138 1729 admin optional atop_1.23-1+squeeze1build0.10.04.1.dsc 88842d8ea6ce60cd45cc0ef1bd179882 7129 admin optional atop_1.23-1+squeeze1build0.10.04.1.diff.gz From martin.pitt at ubuntu.com Mon Feb 13 14:02:41 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Mon, 13 Feb 2012 14:02:41 -0000 Subject: [ubuntu/lucid-updates] openldap 2.4.21-0ubuntu5.7 (Accepted) Message-ID: <20120213140241.22050.13977.launchpad@ackee.canonical.com> openldap (2.4.21-0ubuntu5.7) lucid-proposed; urgency=low * Fix replication when attr has no matching rule (LP: #903901): - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule.patch: backport fix from upstream - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule-test.patch: backport test from upstream Date: 2011-12-16 01:00:11.570071+00:00 Changed-By: Robie Basak Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/openldap/2.4.21-0ubuntu5.7 -------------- next part -------------- Sorry, changesfile not available. From tim.gardner at canonical.com Mon Feb 13 14:09:02 2012 From: tim.gardner at canonical.com (Tim Gardner) Date: Mon, 13 Feb 2012 14:09:02 -0000 Subject: [ubuntu/lucid-proposed] linux-firmware 1.34.14 (Accepted) Message-ID: <20120213140902.27719.39748.launchpad@soybean.canonical.com> linux-firmware (1.34.14) lucid-proposed; urgency=low * Add new iwlwifi ucode files iwlwifi: add new firmware for 6000g2b devices iwlwifi: add new firmware for 2030 devices iwlwifi: add new firmware for 2000 devices iwlwifi: add new firmware for 135 devcies iwlwifi: add new firmware for 105 devices -LP: #918351 linux-firmware (1.34.13) lucid-proposed; urgency=low * ath3k-fw: Fix EEPROM radio table issue. LP: #882685 linux-firmware (1.34.12) lucid-proposed; urgency=low * Added firmware files to support Oneiric LTS backport linux-firmware: Add a new FW 7.0.20.0 bnx2x: Adding FW 7.0.23.0 -LP: #808884 linux-firmware (1.34.11) lucid-proposed; urgency=low * Added firmware files to support compat-wireless linux-firmware: add new firmware for RTL8168E-VL linux-firmware: update firmware for RTL8111E linux-firmware: Add firmware for RTL8168/8111E linux-firmware: Add firmware for RTL8105E rtl_nic: Add firmware for RTL8111D(L) -LP: #804671 linux-firmware (1.34.10) lucid-proposed; urgency=low * Added carl9170.fw for Atheros wireless AR9170 based devices. -LP: #713987 linux-firmware (1.34.9) lucid-proposed; urgency=low * Add Firmware for Atheros HTC devices (ath9k) -LP: #653854 linux-firmware (1.34.8) lucid-proposed; urgency=low * Added iwlwifi-1000-5.ucode -LP: #752829 Date: Tue, 24 Jan 2012 11:20:22 -0700 Changed-By: Tim Gardner Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/lucid/+source/linux-firmware/1.34.14 -------------- next part -------------- Format: 1.8 Date: Tue, 24 Jan 2012 11:20:22 -0700 Source: linux-firmware Binary: linux-firmware nic-firmware scsi-firmware Architecture: source Version: 1.34.14 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Tim Gardner Description: linux-firmware - Firmware for Linux kernel drivers nic-firmware - Firmware for NICs (udeb) scsi-firmware - Firmware for SCSI controllers (udeb) Launchpad-Bugs-Fixed: 653854 713987 752829 804671 808884 882685 918351 Changes: linux-firmware (1.34.14) lucid-proposed; urgency=low . * Add new iwlwifi ucode files iwlwifi: add new firmware for 6000g2b devices iwlwifi: add new firmware for 2030 devices iwlwifi: add new firmware for 2000 devices iwlwifi: add new firmware for 135 devcies iwlwifi: add new firmware for 105 devices -LP: #918351 . linux-firmware (1.34.13) lucid-proposed; urgency=low . * ath3k-fw: Fix EEPROM radio table issue. LP: #882685 . linux-firmware (1.34.12) lucid-proposed; urgency=low . * Added firmware files to support Oneiric LTS backport linux-firmware: Add a new FW 7.0.20.0 bnx2x: Adding FW 7.0.23.0 -LP: #808884 . linux-firmware (1.34.11) lucid-proposed; urgency=low . * Added firmware files to support compat-wireless linux-firmware: add new firmware for RTL8168E-VL linux-firmware: update firmware for RTL8111E linux-firmware: Add firmware for RTL8168/8111E linux-firmware: Add firmware for RTL8105E rtl_nic: Add firmware for RTL8111D(L) -LP: #804671 . linux-firmware (1.34.10) lucid-proposed; urgency=low . * Added carl9170.fw for Atheros wireless AR9170 based devices. -LP: #713987 . linux-firmware (1.34.9) lucid-proposed; urgency=low . * Add Firmware for Atheros HTC devices (ath9k) -LP: #653854 . linux-firmware (1.34.8) lucid-proposed; urgency=low . * Added iwlwifi-1000-5.ucode -LP: #752829 Checksums-Sha1: 62c4fa7d0018cd3e5a26c17c7dc0e99659639e95 1645 linux-firmware_1.34.14.dsc 0009c1409d3cfd38f99591ae9575763a79fee30a 13976226 linux-firmware_1.34.14.tar.gz Checksums-Sha256: 519bfbefe0bc525b67eec335af44b2f4fe5137f928646e6c8f1eddda19a1aecc 1645 linux-firmware_1.34.14.dsc 4019572f24d6f17d419475e52d469354eba239651d38475cc0763a9e47a02337 13976226 linux-firmware_1.34.14.tar.gz Files: 4ba6fd0f2d8ac871874a118c865edf47 1645 misc optional linux-firmware_1.34.14.dsc 242f45f060e2bbbb31d3592b70ccd81d 13976226 misc optional linux-firmware_1.34.14.tar.gz From james.westby at canonical.com Mon Feb 13 14:10:12 2012 From: james.westby at canonical.com (James Westby) Date: Mon, 13 Feb 2012 14:10:12 -0000 Subject: [ubuntu/lucid-proposed] lazr.restfulclient 0.9.11-1ubuntu1.3 (Accepted) Message-ID: <20120213141012.2906.17199.launchpad@wampee.canonical.com> lazr.restfulclient (0.9.11-1ubuntu1.3) lucid-proposed; urgency=low * Move test dependencies to extras_require so that setuptools doesn't think they are needed for the code to work. (LP: #918307) . Having them listed in requires, but not in the package dependencies leads to having a package installed that setuptools thinks is broken. This breaks any code that relies on lazr.restfulclient (or launchpadlib) and uses setuptools/pkg_resources. Date: Wed, 18 Jan 2012 12:16:35 -0500 Changed-By: James Westby Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/lazr.restfulclient/0.9.11-1ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Wed, 18 Jan 2012 12:16:35 -0500 Source: lazr.restfulclient Binary: python-lazr.restfulclient Architecture: source Version: 0.9.11-1ubuntu1.3 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: James Westby Description: python-lazr.restfulclient - client for lazr.restful-based web services Launchpad-Bugs-Fixed: 918307 Changes: lazr.restfulclient (0.9.11-1ubuntu1.3) lucid-proposed; urgency=low . * Move test dependencies to extras_require so that setuptools doesn't think they are needed for the code to work. (LP: #918307) . Having them listed in requires, but not in the package dependencies leads to having a package installed that setuptools thinks is broken. This breaks any code that relies on lazr.restfulclient (or launchpadlib) and uses setuptools/pkg_resources. Checksums-Sha1: af2d105c95d28fba903efbc83fb03b55cc949ebc 2261 lazr.restfulclient_0.9.11-1ubuntu1.3.dsc d191bb442bb5e007a170761f1c9a42c40293d68e 13016 lazr.restfulclient_0.9.11-1ubuntu1.3.debian.tar.gz Checksums-Sha256: dd0a4f9ee7c04829057fd710b59da0fee95b03cb8fedfebe6d95a6a076a1a823 2261 lazr.restfulclient_0.9.11-1ubuntu1.3.dsc 30bda815d16e0e07da3222c29d3491c6268bb372759ea64385698a1309003562 13016 lazr.restfulclient_0.9.11-1ubuntu1.3.debian.tar.gz Files: 10716f740539db04744db9c0d4cb50e3 2261 python optional lazr.restfulclient_0.9.11-1ubuntu1.3.dsc 880a1bb60b5a8b81a75e67c1a8953d8b 13016 python optional lazr.restfulclient_0.9.11-1ubuntu1.3.debian.tar.gz Original-Maintainer: Debian Python Modules Team From jtaylor at ubuntu.com Mon Feb 13 14:11:40 2012 From: jtaylor at ubuntu.com (Julian Taylor) Date: Mon, 13 Feb 2012 14:11:40 -0000 Subject: [ubuntu/lucid-proposed] python-networkx 0.99-2ubuntu1.1 (Accepted) Message-ID: <20120213141140.26691.86397.launchpad@soybean.canonical.com> python-networkx (0.99-2ubuntu1.1) lucid-proposed; urgency=low * debian/patches/20_no_setuptools_in_requires.txt - don't add setuptools to requires.txt; allows import with pkg_resources.require('networkx') like e.g. epigrass does (LP: #925744) Date: Fri, 03 Feb 2012 19:58:28 +0100 Changed-By: Julian Taylor Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/python-networkx/0.99-2ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Fri, 03 Feb 2012 19:58:28 +0100 Source: python-networkx Binary: python-networkx Architecture: source Version: 0.99-2ubuntu1.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Julian Taylor Description: python-networkx - tool to manipulate and study more than complex networks Launchpad-Bugs-Fixed: 925744 Changes: python-networkx (0.99-2ubuntu1.1) lucid-proposed; urgency=low . * debian/patches/20_no_setuptools_in_requires.txt - don't add setuptools to requires.txt; allows import with pkg_resources.require('networkx') like e.g. epigrass does (LP: #925744) Checksums-Sha1: 0f1470fc6971c8fb89d5d312749ce511d6eba926 2051 python-networkx_0.99-2ubuntu1.1.dsc 4c5bec3d8e3e7edffcab23ab5793c441b3b2b0b0 7167 python-networkx_0.99-2ubuntu1.1.diff.gz Checksums-Sha256: 706dd6dc636f573c7658dc59012ac33aed4008a8cbabc0a8b74ae2fc03e907c8 2051 python-networkx_0.99-2ubuntu1.1.dsc 65134e9805c16d5f207e6d9d307dcdf330846d349d62451d760d2a574ba312d4 7167 python-networkx_0.99-2ubuntu1.1.diff.gz Files: b074bdfd104a8e6643f2a7b78d963067 2051 python optional python-networkx_0.99-2ubuntu1.1.dsc eb5d319115b6fd8146152c196a37fb67 7167 python optional python-networkx_0.99-2ubuntu1.1.diff.gz Original-Maintainer: Cyril Brulebois From stefanor at ubuntu.com Mon Feb 13 14:11:58 2012 From: stefanor at ubuntu.com (Stefano Rivera) Date: Mon, 13 Feb 2012 14:11:58 -0000 Subject: [ubuntu/lucid-proposed] ddclient 3.8.0-9ubuntu2.1 (Accepted) Message-ID: <20120213141158.2806.2297.launchpad@wampee.canonical.com> ddclient (3.8.0-9ubuntu2.1) lucid-proposed; urgency=low * checkip-hang.diff: Cherry-pick upstream patch to prevent hang if IP address check blocks. LP: #928277 Date: Tue, 07 Feb 2012 16:43:40 +0200 Changed-By: Stefano Rivera Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ddclient/3.8.0-9ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Tue, 07 Feb 2012 16:43:40 +0200 Source: ddclient Binary: ddclient Architecture: source Version: 3.8.0-9ubuntu2.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Stefano Rivera Description: ddclient - address updating utility for dynamic DNS services Launchpad-Bugs-Fixed: 928277 Changes: ddclient (3.8.0-9ubuntu2.1) lucid-proposed; urgency=low . * checkip-hang.diff: Cherry-pick upstream patch to prevent hang if IP address check blocks. LP: #928277 Checksums-Sha1: c12fb529c07a2b668055f3ae2fab004c5832f368 2001 ddclient_3.8.0-9ubuntu2.1.dsc 9f954a176173b26232bc0d118ad09a0a146710d5 54663 ddclient_3.8.0-9ubuntu2.1.debian.tar.gz Checksums-Sha256: 5c1fe27538991b2c69d8eac0a2a13488bdf6602b7c3f230f714f4fc9319ba53a 2001 ddclient_3.8.0-9ubuntu2.1.dsc 21dae3bdb2dcb9321bac1701a3678a44ad24a494c296e18644c55083c864fae2 54663 ddclient_3.8.0-9ubuntu2.1.debian.tar.gz Files: c0c107f1c32b424647c6e54bb64a5fcd 2001 net extra ddclient_3.8.0-9ubuntu2.1.dsc 5ba871f28e20d9d1cf9b4e84a4a50cb2 54663 net extra ddclient_3.8.0-9ubuntu2.1.debian.tar.gz Original-Maintainer: Torsten Landschoff From martin.pitt at ubuntu.com Tue Feb 14 06:16:11 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 14 Feb 2012 06:16:11 -0000 Subject: [ubuntu/lucid-updates] media-player-info 16-1~lucid1 (Accepted) Message-ID: <20120214061611.16556.68559.launchpad@ackee.canonical.com> media-player-info (16-1~lucid1) lucid-proposed; urgency=low * Backport current release to Lucid as per MicroReleaseException. media-player-info (16-1) unstable; urgency=low * New upstream release: - Add various Sony Walkman models (LP: #670066) - Add Archos Key (LP: #902518) media-player-info (15-1) unstable; urgency=low * New upstream release: - Add TrekStor i.Beat rock (LP: #764141) - Add more Sansa Clip+ players (LP: #793799) - Add Creative ZEN Style 300 (LP: #835568) - Add Sony Xperia Mini Pro (LP: #840903) - Lots of more added music players. - Add playlist path to all Android devices. - Define "FolderSeparator" and "LineEnding" properties (Not being used by any music player software yet). media-player-info (14-1) unstable; urgency=low * New upstream release. - Add Sandisk Sansa Fuze+. - HTC legend uses same ID as desire/hero/evo-4g in debug mode - Add Pantech SIRIUS alpha - Add Sharp IS01 - Add Sony Ericsson C905 - Fix product ID of Sandisk Sansa Fuze (LP: #759668) - Add Creative Zen X-Fi Style media-player-info (13) unstable; urgency=low * New upstream release - Add Sony Ericsson K800i. (LP: #722629) - Add Sony NWZ-E355. (LP: #696705) - See NEWS for other additions. media-player-info (12-2) unstable; urgency=low * Add debian/media-player-info.docs: Install NEWS. (Closes: #609429) media-player-info (12-1) unstable; urgency=low * New upstream release - Add Samsung YP-T7 (LP: #252457) - Add iRiver T60 (LP: #311520) - Add Cowon j3 (LP: #652967) - Add HTC Desire (LP: #655185) - And more, see NEWS for details. Date: 2012-01-24 09:00:12.279059+00:00 Changed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/media-player-info/16-1~lucid1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Feb 14 08:27:12 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 14 Feb 2012 08:27:12 -0000 Subject: [ubuntu/lucid-updates] base-files 5.0.0ubuntu20.10.04.5 (Accepted) Message-ID: <20120214082712.23341.17332.launchpad@ackee.canonical.com> base-files (5.0.0ubuntu20.10.04.5) lucid-proposed; urgency=low * /etc/lsb-release, /etc/issue, /etc/issue.net: Bump version number to 10.04.4 in preparation for the point release. Date: 2012-01-30 17:35:12.601859+00:00 Changed-By: Colin Watson Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/base-files/5.0.0ubuntu20.10.04.5 -------------- next part -------------- Sorry, changesfile not available. From zubin.mithra at gmail.com Wed Feb 15 16:04:22 2012 From: zubin.mithra at gmail.com (Zubin Mithra) Date: Wed, 15 Feb 2012 16:04:22 -0000 Subject: [ubuntu/lucid-security] dhcpcd 1:3.2.3-5ubuntu0.1 (Accepted) Message-ID: <20120215160422.7396.13797.launchpad@cocoplum.canonical.com> dhcpcd (1:3.2.3-5ubuntu0.1) lucid-security; urgency=high * SECURITY UPDATE: dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. (LP: #931036) - https://build.opensuse.org/package/view_file?file=dhcpcd-3.2.3-option-checks.diff&package=dhcpcd&project=network%3Adhcp&rev=52442e5c1d803d7c1818a920a0bae7f1 - above linked patch(without the additional support for NETBIOS type messages) has been added. - CVE-2011-0996 Date: Mon, 13 Feb 2012 14:27:54 +0530 Changed-By: Zubin Mithra Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/dhcpcd/1:3.2.3-5ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Mon, 13 Feb 2012 14:27:54 +0530 Source: dhcpcd Binary: dhcpcd Architecture: source Version: 1:3.2.3-5ubuntu0.1 Distribution: lucid-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Zubin Mithra Description: dhcpcd - DHCP client for automatically configuring IPv4 networking Launchpad-Bugs-Fixed: 931036 Changes: dhcpcd (1:3.2.3-5ubuntu0.1) lucid-security; urgency=high . * SECURITY UPDATE: dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. (LP: #931036) - https://build.opensuse.org/package/view_file?file=dhcpcd-3.2.3-option-checks.diff&package=dhcpcd&project=network%3Adhcp&rev=52442e5c1d803d7c1818a920a0bae7f1 - above linked patch(without the additional support for NETBIOS type messages) has been added. - CVE-2011-0996 Checksums-Sha1: b764d78c66ac71626821f7cf7f89c900f7192580 1700 dhcpcd_3.2.3-5ubuntu0.1.dsc a0ce9f51a02f0f99064016bd2a184c9d3084a1bd 18462 dhcpcd_3.2.3-5ubuntu0.1.diff.gz Checksums-Sha256: 439a95f2e70392dad5b847ad7d6669b2b1a8944449a7e0a7a49334e79cd0bff9 1700 dhcpcd_3.2.3-5ubuntu0.1.dsc d2465c9a401fa2b54b9fad8a286a70cd53bdb553fb419d97f874fa23937b4579 18462 dhcpcd_3.2.3-5ubuntu0.1.diff.gz Files: e4b1609bc5de826087f4b88b6e734feb 1700 net optional dhcpcd_3.2.3-5ubuntu0.1.dsc c3b205ed52d0bcaa57bf6427cbd59c30 18462 net optional dhcpcd_3.2.3-5ubuntu0.1.diff.gz Original-Maintainer: Simon Kelley From tyhicks at canonical.com Wed Feb 15 17:03:51 2012 From: tyhicks at canonical.com (Tyler Hicks) Date: Wed, 15 Feb 2012 17:03:51 -0000 Subject: [ubuntu/lucid-security] devscripts_2.10.61ubuntu5.1_i386_translations.tar.gz, devscripts_2.10.61ubuntu5.1_amd64_translations.tar.gz, devscripts_2.10.61ubuntu5.1_ia64_translations.tar.gz, devscripts_2.10.61ubuntu5.1_sparc_translations.tar.gz, devscripts_2.10.61ubuntu5.1_armel_translations.tar.gz, devscripts_2.10.61ubuntu5.1_powerpc_translations.tar.gz, devscripts 2.10.61ubuntu5.1 (Accepted) Message-ID: <20120215170351.29188.18352.launchpad@cocoplum.canonical.com> devscripts (2.10.61ubuntu5.1) lucid-security; urgency=low * SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc and .changes files - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to Raphael Geissert for the original patch. - CVE-2012-0210 * SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top level directory of the original upstream source tarball - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to Adam D. Barratt for the original patch. - CVE-2012-0211 * SECURITY UPDATE: Arbritray code execution via crafted filenames in arguments passed to debdiff - scripts/debdiff.pl: Perform input sanitization on filenames. Based on upstream patches. - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739 - CVE-2012-0212 * scripts/debdiff.pl: Remove undocumented functionality which treated files with extentionless filenames as packages. Thanks to Adam D. Barratt for the original patch. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559 Date: Wed, 15 Feb 2012 03:33:39 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/devscripts/2.10.61ubuntu5.1 -------------- next part -------------- Format: 1.8 Date: Wed, 15 Feb 2012 03:33:39 -0600 Source: devscripts Binary: devscripts Architecture: source Version: 2.10.61ubuntu5.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: devscripts - scripts to make the life of a Debian Package maintainer easier Changes: devscripts (2.10.61ubuntu5.1) lucid-security; urgency=low . * SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc and .changes files - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to Raphael Geissert for the original patch. - CVE-2012-0210 * SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top level directory of the original upstream source tarball - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to Adam D. Barratt for the original patch. - CVE-2012-0211 * SECURITY UPDATE: Arbritray code execution via crafted filenames in arguments passed to debdiff - scripts/debdiff.pl: Perform input sanitization on filenames. Based on upstream patches. - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739 - CVE-2012-0212 * scripts/debdiff.pl: Remove undocumented functionality which treated files with extentionless filenames as packages. Thanks to Adam D. Barratt for the original patch. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559 Checksums-Sha1: a6e9c9dff78052debe3f0c90ff80ce0417e7b312 2168 devscripts_2.10.61ubuntu5.1.dsc 0e388c2640770b6794110e013fbade1980bee075 703733 devscripts_2.10.61ubuntu5.1.tar.gz Checksums-Sha256: 80fdaa5f0d0a78c676f492d37945ca44bb5897cd9852b82a82a7577bfce43cc2 2168 devscripts_2.10.61ubuntu5.1.dsc f0bc2a92f5eb527ea72b488bc7bc13b69693e719fe86d3ada8d5c34e1145ebaa 703733 devscripts_2.10.61ubuntu5.1.tar.gz Files: 270f38ccdcb7fc4fe24b193a57941554 2168 devel optional devscripts_2.10.61ubuntu5.1.dsc 4d10233d1b1a2ea10a97a3f10c3d05d0 703733 devel optional devscripts_2.10.61ubuntu5.1.tar.gz Original-Maintainer: Devscripts Devel Team From chris.coulson at canonical.com Wed Feb 15 22:00:30 2012 From: chris.coulson at canonical.com (Chris Coulson) Date: Wed, 15 Feb 2012 22:00:30 -0000 Subject: [ubuntu/lucid] adobe-flashplugin 11.1.102.62-0lucid1 (Accepted) Message-ID: <20120215220030.11200.94472.launchpad@cocoplum.canonical.com> adobe-flashplugin (11.1.102.62-0lucid1) lucid; urgency=low * New upstream release Date: Wed, 15 Feb 2012 21:25:26 +0000 Changed-By: Chris Coulson Maintainer: DL-Flash Player Ubuntu https://launchpad.net/ubuntu/lucid/+source/adobe-flashplugin/11.1.102.62-0lucid1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 15 Feb 2012 21:25:26 +0000 Source: adobe-flashplugin Binary: adobe-flashplugin adobe-flash-properties-gtk adobe-flash-properties-kde Architecture: source Version: 11.1.102.62-0lucid1 Distribution: lucid Urgency: low Maintainer: DL-Flash Player Ubuntu Changed-By: Chris Coulson Description: adobe-flash-properties-gtk - GTK+ control panel for Adobe Flash Player plugin version 11 adobe-flash-properties-kde - KDE control panel Adobe Flash Player plugin version 11 adobe-flashplugin - Adobe Flash Player plugin version 11 Changes: adobe-flashplugin (11.1.102.62-0lucid1) lucid; urgency=low . * New upstream release Checksums-Sha1: ad0c52c5ac5ccb8808ca71dff48c535c52f26fdb 1724 adobe-flashplugin_11.1.102.62-0lucid1.dsc 8b123b825bd6f4475073ae6c0d78117ea660170a 13785778 adobe-flashplugin_11.1.102.62.orig.tar.gz 603726cb32fa33647482b45a11b7146bab419e8d 4601 adobe-flashplugin_11.1.102.62-0lucid1.diff.gz Checksums-Sha256: e530013b44a5a1e8af22b63daf10911aeab3442ec5be482126043c032694d7d9 1724 adobe-flashplugin_11.1.102.62-0lucid1.dsc d0945ed14c66d4118373b4dbb204dffe7ca731685b15467fc57b8262e265fa16 13785778 adobe-flashplugin_11.1.102.62.orig.tar.gz 51fd2600a738fe45ee036a7b3ef509377f2d9fd8bd105db33147e40828981805 4601 adobe-flashplugin_11.1.102.62-0lucid1.diff.gz Files: ad446cb0296cf30791cdb2ed67905bdf 1724 partner/web optional adobe-flashplugin_11.1.102.62-0lucid1.dsc 1d8c9e42332b59da2acc6cfa46e185b3 13785778 partner/web optional adobe-flashplugin_11.1.102.62.orig.tar.gz bc0f4a28ab9945fcbd943f892fecca0d 4601 partner/web optional adobe-flashplugin_11.1.102.62-0lucid1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJPPCMSAAoJEGEfvezVlG4Pqg4H/3qEqpa9Ssiek17TPqBL5kei VOzDBlfnuy4sB8y6CAJpEZu1CdSdmMwrpkIcH6gkMPrUSvzkRr48K8MmqUTDccmq Ph+IdbESVrIwfO+aOSynUh42/on6df9GBYvjDtXKPH0uT6JNdzTpbYl+BGlwDl6R yibKjieKbb3glNU18JUjspAj05OHxSvLTfQahZNbN4z6MjvNhWhZn1JssAO52uhc SJzOE0Cn4aqXNSDvOsUfUSMcM+arj3S6JqPEpQwJwYUFWJfJ4qCoR916xUP16xos NKy2Bts1zR+Kk2Sj8WkQU3z6OayhUnSsgzLLzTN2Bu9oWu1Ibzbvwoqx/QMwubY= =lWr0 -----END PGP SIGNATURE----- From marc.deslauriers at ubuntu.com Thu Feb 16 01:34:03 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 16 Feb 2012 01:34:03 -0000 Subject: [ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1_amd64_translations.tar.gz, flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1_i386_translations.tar.gz 11.1.102.62ubuntu0.10.04.1 (Accepted) Message-ID: <20120216013403.28932.35804.launchpad@cocoplum.canonical.com> flashplugin-nonfree (11.1.102.62ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release 11.1.102.62 - debian/{config,postinst}: Updated version and sha256sums. - CVE-2012-0752 - CVE-2012-0753 - CVE-2012-0754 - CVE-2012-0755 - CVE-2012-0756 - CVE-2012-0757 * Add native amd64 support (LP: #870835): - debian/control: clean up depends, remove lpia, update description. Adjust Homepage. - debian/postinst: use $DPKG_MAINTSCRIPT_ARCH to copy the right binary, remove old nspluginwrapper alternatives. - debian/rules: remove nspluginwrapper files. - debian/{config,postinst,prerm}: remove flashplugin-installer-unpackdir directory migration, this was before hardy. Date: Wed, 15 Feb 2012 17:49:55 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/11.1.102.62ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Wed, 15 Feb 2012 17:49:55 -0500 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 11.1.102.62ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Launchpad-Bugs-Fixed: 870835 Changes: flashplugin-nonfree (11.1.102.62ubuntu0.10.04.1) lucid-security; urgency=low . * New upstream release 11.1.102.62 - debian/{config,postinst}: Updated version and sha256sums. - CVE-2012-0752 - CVE-2012-0753 - CVE-2012-0754 - CVE-2012-0755 - CVE-2012-0756 - CVE-2012-0757 * Add native amd64 support (LP: #870835): - debian/control: clean up depends, remove lpia, update description. Adjust Homepage. - debian/postinst: use $DPKG_MAINTSCRIPT_ARCH to copy the right binary, remove old nspluginwrapper alternatives. - debian/rules: remove nspluginwrapper files. - debian/{config,postinst,prerm}: remove flashplugin-installer-unpackdir directory migration, this was before hardy. Checksums-Sha1: fd3ae6e1f4bd98abbff48d9ffd3407ee8011724a 1645 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1.dsc 339d142dada3390d6210bdfd3694ba3feaf6b5d7 27177 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1.tar.gz Checksums-Sha256: dbf27a837af93bfe1965c20410604e79b407a797c5a8c1fe4f3b2fc280356a6a 1645 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1.dsc ad489867a86eaa4e9a38537ba1a80d80406e86575eddb36e648952473fa4ad72 27177 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1.tar.gz Files: 4c4a9b4d0d22c15df77e1d61f6c63129 1645 contrib/web optional flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1.dsc eccd270f0b68b4d13e76b5bdd4c01008 27177 contrib/web optional flashplugin-nonfree_11.1.102.62ubuntu0.10.04.1.tar.gz Original-Maintainer: Bart Martens From jamie at ubuntu.com Thu Feb 16 18:35:37 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 16 Feb 2012 18:35:37 -0000 Subject: [ubuntu/lucid-security] libpng 1.2.42-1ubuntu2.3 (Accepted) Message-ID: <20120216183537.23778.1852.launchpad@cocoplum.canonical.com> libpng (1.2.42-1ubuntu2.3) lucid-security; urgency=low * SECURITY UPDATE: fix integer overflow / truncation - debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size when allocating memory in png_decompress_chunk() - CVE-2011-3026 Date: Wed, 15 Feb 2012 21:22:27 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libpng/1.2.42-1ubuntu2.3 -------------- next part -------------- Format: 1.8 Date: Wed, 15 Feb 2012 21:22:27 -0600 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source Version: 1.2.42-1ubuntu2.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Changes: libpng (1.2.42-1ubuntu2.3) lucid-security; urgency=low . * SECURITY UPDATE: fix integer overflow / truncation - debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size when allocating memory in png_decompress_chunk() - CVE-2011-3026 Checksums-Sha1: ef9d11686a895191f144732d79d5ddc5be0b1560 1939 libpng_1.2.42-1ubuntu2.3.dsc 2affb83b8de9aa85e27f8e143d5ff03dbb8aa831 20857 libpng_1.2.42-1ubuntu2.3.debian.tar.bz2 Checksums-Sha256: 1aae5905428802dc447c58b9410609d061ad6d02957bfbae472734e7d8357546 1939 libpng_1.2.42-1ubuntu2.3.dsc 03a3d3d0061d1a427c145f640942344c7553bbce5f9bbe81003bf337db80cd43 20857 libpng_1.2.42-1ubuntu2.3.debian.tar.bz2 Files: 9ca5008bb19deeabe9a7e8b403080a4b 1939 libs optional libpng_1.2.42-1ubuntu2.3.dsc c8cd074da3e06b4ddfb623d98e551724 20857 libs optional libpng_1.2.42-1ubuntu2.3.debian.tar.bz2 Original-Maintainer: Anibal Monsalve Salazar From marc.deslauriers at ubuntu.com Thu Feb 16 18:36:36 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 16 Feb 2012 18:36:36 -0000 Subject: [ubuntu/lucid-security] update-manager_0.134.11.2_amd64_translations.tar.gz, update-manager_0.134.11.2_ia64_translations.tar.gz, update-manager_0.134.11.2_i386_translations.tar.gz, update-manager, dist-upgrader_0.134.11.2_all.tar.gz, update-manager_0.134.11.2_armel_translations.tar.gz, update-manager_0.134.11.2_powerpc_translations.tar.gz, update-manager_0.134.11.2_sparc_translations.tar.gz 1:0.134.11.2 (Accepted) Message-ID: <20120216183636.23778.15576.launchpad@cocoplum.canonical.com> update-manager (1:0.134.11.2) lucid-security; urgency=low * REGRESSION FIX: - DistUpgrade/DistUpgradeViewKDE.py: fix regression caused by improper return value handling. (LP: #933225) Date: Wed, 15 Feb 2012 22:47:06 -0500 Changed-By: Marc Deslauriers Maintainer: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/update-manager/1:0.134.11.2 -------------- next part -------------- Format: 1.8 Date: Wed, 15 Feb 2012 22:47:06 -0500 Source: update-manager Binary: update-manager-core update-manager update-manager-hildon update-manager-text update-manager-kde auto-upgrade-tester Architecture: source Version: 1:0.134.11.2 Distribution: lucid-security Urgency: low Maintainer: Michael Vogt Changed-By: Marc Deslauriers Description: auto-upgrade-tester - Test release upgrades in a virtual environement update-manager - GNOME application that manages apt updates update-manager-core - manage release upgrades update-manager-hildon - Hildon application that manages apt updates update-manager-kde - Support modules for Update Notifier KDE update-manager-text - Text application that manages apt updates Launchpad-Bugs-Fixed: 933225 Changes: update-manager (1:0.134.11.2) lucid-security; urgency=low . * REGRESSION FIX: - DistUpgrade/DistUpgradeViewKDE.py: fix regression caused by improper return value handling. (LP: #933225) Checksums-Sha1: cc076d4af5bfd92e31bb20548b0b8ce6adeabad2 1855 update-manager_0.134.11.2.dsc 9464246f3c978ae69105113b1ffe8dd91d2e01ff 2728817 update-manager_0.134.11.2.tar.gz Checksums-Sha256: e9b067d20eb8e2348abc280ac6616b9384f62ea470d87ca00ec0968c75233227 1855 update-manager_0.134.11.2.dsc 7a149b4dd0aed3df912cbb4ea8ff8ad01ed4a964819cc000512b647ccda7293f 2728817 update-manager_0.134.11.2.tar.gz Files: 6ca167e2908c4edb6ff6e2d586925caf 1855 gnome optional update-manager_0.134.11.2.dsc 2c6273a49acf956968890abec2cf78dd 2728817 gnome optional update-manager_0.134.11.2.tar.gz From marc.deslauriers at ubuntu.com Thu Feb 16 19:34:57 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 16 Feb 2012 19:34:57 -0000 Subject: [ubuntu/lucid-security] apache2 2.2.14-5ubuntu8.8 (Accepted) Message-ID: <20120216193457.14530.26682.launchpad@cocoplum.canonical.com> apache2 (2.2.14-5ubuntu8.8) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/215_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/218_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/219_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 Date: Tue, 14 Feb 2012 10:36:43 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-5ubuntu8.8 -------------- next part -------------- Format: 1.8 Date: Tue, 14 Feb 2012 10:36:43 -0500 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source Version: 2.2.14-5ubuntu8.8 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Launchpad-Bugs-Fixed: 811422 Changes: apache2 (2.2.14-5ubuntu8.8) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/215_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/218_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/219_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 Checksums-Sha1: 502e9ec370806bf2ca0cd4fbc7afd58d9e5d4b74 2697 apache2_2.2.14-5ubuntu8.8.dsc 6d22fc281eb2bbd4b9c27885e81138beaf7c13d6 228964 apache2_2.2.14-5ubuntu8.8.diff.gz Checksums-Sha256: ba2fcecf2bdf44e0903d62b21091680618a5ddd5530263a7ec8f8fb9a29cc945 2697 apache2_2.2.14-5ubuntu8.8.dsc 31e87d879943c8436e16cfe800ca8f84c1da839411af5384d5ac19311f6e8e95 228964 apache2_2.2.14-5ubuntu8.8.diff.gz Files: e6d576e4f6915096d3de56b9efc5dcaa 2697 httpd optional apache2_2.2.14-5ubuntu8.8.dsc fabdeb4ad85478f8511164f935b919f8 228964 httpd optional apache2_2.2.14-5ubuntu8.8.diff.gz Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2 From marc.deslauriers at ubuntu.com Fri Feb 17 02:33:45 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Fri, 17 Feb 2012 02:33:45 -0000 Subject: [ubuntu/lucid-security] flashplugin-nonfree, flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2_i386_translations.tar.gz, flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2_amd64_translations.tar.gz 11.1.102.62ubuntu0.10.04.2 (Accepted) Message-ID: <20120217023345.32154.4889.launchpad@cocoplum.canonical.com> flashplugin-nonfree (11.1.102.62ubuntu0.10.04.2) lucid-security; urgency=low * Fix use of dpkg-reconfigure by not using $DPKG_MAINTSCRIPT_ARCH (LP: #933484) - debian/postinst.in: renamed from postinst and replaced $DPKG_MAINTSCRIPT_ARCH with #ARCH#. - debian/rules: replace #ARCH# in postinst.in with $DEB_HOST_ARCH during build. - debian/prerm: also clean out subdirectories in /var/cache/flashplugin-installer. * postinst.in: use "mega" style by default so we stop filling up log files. (LP: #872723) Date: Thu, 16 Feb 2012 19:04:29 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/flashplugin-nonfree/11.1.102.62ubuntu0.10.04.2 -------------- next part -------------- Format: 1.8 Date: Thu, 16 Feb 2012 19:04:29 -0500 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 11.1.102.62ubuntu0.10.04.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Launchpad-Bugs-Fixed: 872723 933484 Changes: flashplugin-nonfree (11.1.102.62ubuntu0.10.04.2) lucid-security; urgency=low . * Fix use of dpkg-reconfigure by not using $DPKG_MAINTSCRIPT_ARCH (LP: #933484) - debian/postinst.in: renamed from postinst and replaced $DPKG_MAINTSCRIPT_ARCH with #ARCH#. - debian/rules: replace #ARCH# in postinst.in with $DEB_HOST_ARCH during build. - debian/prerm: also clean out subdirectories in /var/cache/flashplugin-installer. * postinst.in: use "mega" style by default so we stop filling up log files. (LP: #872723) Checksums-Sha1: 1018e4def0822aa068f8b567a74dca4e5ebb5cc4 1645 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2.dsc 31585a7802438f7e125228c6f35f250229b768be 27090 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2.tar.gz Checksums-Sha256: 5bebb0af4f4aeec11ba656816288079a3217a639050b56dec55272ca12b51c86 1645 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2.dsc 8f78b9da983a4e7d27749d44ae619ee92a0a02c144dc19ac149ccf513da92b33 27090 flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2.tar.gz Files: 2d2050913eedba3351cced3973cc7451 1645 contrib/web optional flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2.dsc 313acddb8d5a688201c7f4e80d6c9375 27090 contrib/web optional flashplugin-nonfree_11.1.102.62ubuntu0.10.04.2.tar.gz Original-Maintainer: Bart Martens From james.westby at canonical.com Fri Feb 17 09:42:05 2012 From: james.westby at canonical.com (James Westby) Date: Fri, 17 Feb 2012 09:42:05 -0000 Subject: [ubuntu/lucid-proposed] python-wadllib 1.1.4-1ubuntu1.1 (Accepted) Message-ID: <20120217094205.21180.71251.launchpad@wampee.canonical.com> python-wadllib (1.1.4-1ubuntu1.1) lucid-proposed; urgency=low * Removed dependency on elementtree from the egg-info dir as it is part of python from 2.6 onwards. The package doesn't depend on it anyway, so it won't make a difference to what is installed. (LP: #681394) . Having it listed in requires.txt meant that pkg_resources would error out when used with anything that depends on python-wadllib, breaking other software without cause. Date: Wed, 18 Jan 2012 11:18:05 -0500 Changed-By: James Westby Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/python-wadllib/1.1.4-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Wed, 18 Jan 2012 11:18:05 -0500 Source: python-wadllib Binary: python-wadllib Architecture: source Version: 1.1.4-1ubuntu1.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: James Westby Description: python-wadllib - Python library for navigating WADL files Launchpad-Bugs-Fixed: 681394 Changes: python-wadllib (1.1.4-1ubuntu1.1) lucid-proposed; urgency=low . * Removed dependency on elementtree from the egg-info dir as it is part of python from 2.6 onwards. The package doesn't depend on it anyway, so it won't make a difference to what is installed. (LP: #681394) . Having it listed in requires.txt meant that pkg_resources would error out when used with anything that depends on python-wadllib, breaking other software without cause. Checksums-Sha1: 5ff0d878bf68e16bbfacb163ff063da2d2c5e93b 2158 python-wadllib_1.1.4-1ubuntu1.1.dsc 73cdda6dfd2b04129fc9322bf92df5bed5318d07 2950 python-wadllib_1.1.4-1ubuntu1.1.diff.gz Checksums-Sha256: 2f51972c7232d36f1cb245ad99e7c7ff8b19808e8623aa17c1d5d17528654380 2158 python-wadllib_1.1.4-1ubuntu1.1.dsc fa2a82a7669884ea25ea0bf3d8aff0c8e4c315b2a1331831489604256022041f 2950 python-wadllib_1.1.4-1ubuntu1.1.diff.gz Files: 65ec6122f2e259262987163865758691 2158 python optional python-wadllib_1.1.4-1ubuntu1.1.dsc fa5f5cb60926a31e31dd30ac68d92f0b 2950 python optional python-wadllib_1.1.4-1ubuntu1.1.diff.gz Original-Maintainer: Debian Python Modules Team From serge.hallyn at ubuntu.com Fri Feb 17 09:43:00 2012 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Fri, 17 Feb 2012 09:43:00 -0000 Subject: [ubuntu/lucid-proposed] qemu-kvm 0.12.3+noroms-0ubuntu9.18 (Accepted) Message-ID: <20120217094300.2379.47084.launchpad@chaenomeles.canonical.com> qemu-kvm (0.12.3+noroms-0ubuntu9.18) lucid-proposed; urgency=low [ Michael Tokarev ] * QEMUFileBuffered:-indicate-that-were-ready-when-the-underlying-file-is-ready.diff (patch from upstream to speed up migration dramatically) (closes: #597517) (LP: #524447) [ Serge Hallyn ] * debian/control: make qemu-common replace qemu (<< 0.12.3+noroms-0ubuntu9.17) (LP: #592010) Date: Mon, 13 Feb 2012 11:24:18 -0600 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.18 -------------- next part -------------- Format: 1.8 Date: Mon, 13 Feb 2012 11:24:18 -0600 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.3+noroms-0ubuntu9.18 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Closes: 597517 Launchpad-Bugs-Fixed: 524447 592010 Changes: qemu-kvm (0.12.3+noroms-0ubuntu9.18) lucid-proposed; urgency=low . [ Michael Tokarev ] * QEMUFileBuffered:-indicate-that-were-ready-when-the-underlying-file-is-ready.diff (patch from upstream to speed up migration dramatically) (closes: #597517) (LP: #524447) . [ Serge Hallyn ] * debian/control: make qemu-common replace qemu (<< 0.12.3+noroms-0ubuntu9.17) (LP: #592010) Checksums-Sha1: b2b8f579ed23ceb40f4194d4ff279c724bd9daa3 2062 qemu-kvm_0.12.3+noroms-0ubuntu9.18.dsc d50f760a0a5bb1117392c185c35572d2a7c555aa 70367 qemu-kvm_0.12.3+noroms-0ubuntu9.18.diff.gz Checksums-Sha256: f982376a7dd8fd17aab2a16f24ef2e50521fd718272dfdc387ea617ea4607dae 2062 qemu-kvm_0.12.3+noroms-0ubuntu9.18.dsc f0e6ea42c7ad72d7096b16b919fdde4361c31bafa39d0361e41a9c250f5af1a1 70367 qemu-kvm_0.12.3+noroms-0ubuntu9.18.diff.gz Files: 7f530b7efc45ff996b0ea45f0a3ff9a9 2062 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.18.dsc a550a2cc1402a13608cc8045318687b5 70367 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.18.diff.gz From brian at ubuntu.com Fri Feb 17 09:43:31 2012 From: brian at ubuntu.com (Brian Murray) Date: Fri, 17 Feb 2012 09:43:31 -0000 Subject: [ubuntu/lucid-proposed] update-manager 1:0.134.12 (Accepted) Message-ID: <20120217094331.7746.79379.launchpad@gac.canonical.com> update-manager (1:0.134.12) lucid-proposed; urgency=low * Add in an apport source package hook to ensure that bugs reported about update-manager include details regarding the upgrade process (LP: #927979) Date: Mon, 06 Feb 2012 16:30:14 -0800 Changed-By: Brian Murray Maintainer: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/update-manager/1:0.134.12 -------------- next part -------------- Format: 1.8 Date: Mon, 06 Feb 2012 16:30:14 -0800 Source: update-manager Binary: update-manager-core update-manager update-manager-hildon update-manager-text update-manager-kde auto-upgrade-tester Architecture: source Version: 1:0.134.12 Distribution: lucid-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Brian Murray Description: auto-upgrade-tester - Test release upgrades in a virtual environement update-manager - GNOME application that manages apt updates update-manager-core - manage release upgrades update-manager-hildon - Hildon application that manages apt updates update-manager-kde - Support modules for Update Notifier KDE update-manager-text - Text application that manages apt updates Launchpad-Bugs-Fixed: 927979 Changes: update-manager (1:0.134.12) lucid-proposed; urgency=low . * Add in an apport source package hook to ensure that bugs reported about update-manager include details regarding the upgrade process (LP: #927979) Checksums-Sha1: 4fef48c888f00c4d3922e1d64846c464839a4f3a 1462 update-manager_0.134.12.dsc e68f78abbe68067c6f37e100f2f709df9c52307e 2735454 update-manager_0.134.12.tar.gz Checksums-Sha256: a14e95d89554499df55e439795a4f9c68b19fdbd178f789b3abb10100c240682 1462 update-manager_0.134.12.dsc 3732105fe0edd932ff2dbf34879b340c73d83de7fd83f05d1daa379bba9224f7 2735454 update-manager_0.134.12.tar.gz Files: 8916c2e8f38a5141a03dedac7706bfd3 1462 gnome optional update-manager_0.134.12.dsc 3726670a7b0f62925fe6f940155abbef 2735454 gnome optional update-manager_0.134.12.tar.gz From marc.deslauriers at ubuntu.com Mon Feb 20 01:04:40 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 20 Feb 2012 01:04:40 -0000 Subject: [ubuntu/lucid-security] mumble_1.2.2-1ubuntu1.2_powerpc_translations.tar.gz, mumble_1.2.2-1ubuntu1.2_ia64_translations.tar.gz, mumble_1.2.2-1ubuntu1.2_sparc_translations.tar.gz, mumble_1.2.2-1ubuntu1.2_amd64_translations.tar.gz, mumble_1.2.2-1ubuntu1.2_armel_translations.tar.gz, mumble, mumble_1.2.2-1ubuntu1.2_i386_translations.tar.gz 1.2.2-1ubuntu1.2 (Accepted) Message-ID: <20120220010440.17368.27600.launchpad@cocoplum.canonical.com> mumble (1.2.2-1ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: credential disclosure via incorrect permissions (LP: #783405) - debian/patches/0004-set-file-permissions.patch: Set restrictive permissions on data files. - CVE-2012-0863 Date: Fri, 17 Feb 2012 10:17:50 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/mumble/1.2.2-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Fri, 17 Feb 2012 10:17:50 -0500 Source: mumble Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web Architecture: source Version: 1.2.2-1ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: mumble - Low latency VoIP client mumble-11x - Low latency VoIP client (1.1.x) mumble-dbg - Low latency VoIP client (debugging symbols) mumble-server - Low latency VoIP server mumble-server-web - Web scripts for mumble-server Launchpad-Bugs-Fixed: 783405 Changes: mumble (1.2.2-1ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: credential disclosure via incorrect permissions (LP: #783405) - debian/patches/0004-set-file-permissions.patch: Set restrictive permissions on data files. - CVE-2012-0863 Checksums-Sha1: 3003cad799a6ac40975de83b120e63af2aeffb62 2657 mumble_1.2.2-1ubuntu1.2.dsc 11c8d86f5f4bacd357fdf5cbcedea25d74043074 28071 mumble_1.2.2-1ubuntu1.2.debian.tar.gz Checksums-Sha256: b8243b83fa2ca2e44b22fa89e5fdcfeba95444e7559e3af6a79182d365c72842 2657 mumble_1.2.2-1ubuntu1.2.dsc 0d5582ed879e4d6d5fddb6b7d2ff2c9d54e0628b2bd170254bc1396464fe7337 28071 mumble_1.2.2-1ubuntu1.2.debian.tar.gz Files: bbd3f573ac08d584818e964fdfdf6d9a 2657 sound optional mumble_1.2.2-1ubuntu1.2.dsc ca19b4ad0ccd472b871ee8dc2cbc7aff 28071 sound optional mumble_1.2.2-1ubuntu1.2.debian.tar.gz Original-Maintainer: Debian VoIP Team From marc.deslauriers at ubuntu.com Mon Feb 20 18:04:25 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 20 Feb 2012 18:04:25 -0000 Subject: [ubuntu/lucid-security] libvorbis 1.2.3-3ubuntu1.1 (Accepted) Message-ID: <20120220180425.12145.35346.launchpad@cocoplum.canonical.com> libvorbis (1.2.3-3ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution - debian/patches/CVE-2012-0444.patch: validate count in lib/floor1.c. - CVE-2012-0444 Date: Fri, 17 Feb 2012 15:33:12 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libvorbis/1.2.3-3ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Fri, 17 Feb 2012 15:33:12 -0500 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg Architecture: source Version: 1.2.3-3ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libvorbis-dbg - The Vorbis General Audio Compression Codec (debug files) libvorbis-dev - The Vorbis General Audio Compression Codec (development files) libvorbis0a - The Vorbis General Audio Compression Codec (Decoder library) libvorbisenc2 - The Vorbis General Audio Compression Codec (Encoder library) libvorbisfile3 - The Vorbis General Audio Compression Codec (High Level API) Changes: libvorbis (1.2.3-3ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution - debian/patches/CVE-2012-0444.patch: validate count in lib/floor1.c. - CVE-2012-0444 Checksums-Sha1: 6717d3c4e3490d4a6a60fb7a8c7697fcfa750244 1994 libvorbis_1.2.3-3ubuntu1.1.dsc 744c4c4d2dcf2ae6c94eb32106712c33ef58949d 8555 libvorbis_1.2.3-3ubuntu1.1.diff.gz Checksums-Sha256: 4cfac5c8821dac65624197298eedf72096b3564b20a114677607d4b5638da717 1994 libvorbis_1.2.3-3ubuntu1.1.dsc ead9226f9485cf4c1d66fa62dbe5140bc1ba9b8fa056729751c75a20442c451f 8555 libvorbis_1.2.3-3ubuntu1.1.diff.gz Files: 3be5ddd33f3e40b51e03d4fb0950178a 1994 libs optional libvorbis_1.2.3-3ubuntu1.1.dsc 066c52fabc6bf35594cdc3bdb29b1a62 8555 libs optional libvorbis_1.2.3-3ubuntu1.1.diff.gz Original-Maintainer: Debian Xiph.org Maintainers From martin.pitt at ubuntu.com Tue Feb 21 11:36:12 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 21 Feb 2012 11:36:12 -0000 Subject: [ubuntu/lucid-updates] lazr.restfulclient 0.9.11-1ubuntu1.3 (Accepted) Message-ID: <20120221113612.17866.74145.launchpad@ackee.canonical.com> lazr.restfulclient (0.9.11-1ubuntu1.3) lucid-proposed; urgency=low * Move test dependencies to extras_require so that setuptools doesn't think they are needed for the code to work. (LP: #918307) . Having them listed in requires, but not in the package dependencies leads to having a package installed that setuptools thinks is broken. This breaks any code that relies on lazr.restfulclient (or launchpadlib) and uses setuptools/pkg_resources. Date: 2012-01-24 22:30:13.099917+00:00 Changed-By: James Westby Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/lazr.restfulclient/0.9.11-1ubuntu1.3 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Feb 21 11:36:15 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 21 Feb 2012 11:36:15 -0000 Subject: [ubuntu/lucid-updates] ddclient 3.8.0-9ubuntu2.1 (Accepted) Message-ID: <20120221113615.17866.99344.launchpad@ackee.canonical.com> ddclient (3.8.0-9ubuntu2.1) lucid-proposed; urgency=low * checkip-hang.diff: Cherry-pick upstream patch to prevent hang if IP address check blocks. LP: #928277 Date: 2012-02-07 14:50:17.663054+00:00 Changed-By: Stefano Rivera Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/ddclient/3.8.0-9ubuntu2.1 -------------- next part -------------- Sorry, changesfile not available. From brian at ubuntu.com Tue Feb 21 11:40:01 2012 From: brian at ubuntu.com (Brian Murray) Date: Tue, 21 Feb 2012 11:40:01 -0000 Subject: [ubuntu/lucid-proposed] update-manager 1:0.134.12.1 (Accepted) Message-ID: <20120221114001.4056.67491.launchpad@wampee.canonical.com> update-manager (1:0.134.12.1) lucid-proposed; urgency=low * Add in an apport source package hook to ensure that bugs reported about update-manager include details regarding the upgrade process (LP: #927979) Date: Fri, 17 Feb 2012 10:23:31 -0800 Changed-By: Brian Murray Maintainer: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/update-manager/1:0.134.12.1 -------------- next part -------------- Format: 1.8 Date: Fri, 17 Feb 2012 10:23:31 -0800 Source: update-manager Binary: update-manager-core update-manager update-manager-hildon update-manager-text update-manager-kde auto-upgrade-tester Architecture: source Version: 1:0.134.12.1 Distribution: lucid-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Brian Murray Description: auto-upgrade-tester - Test release upgrades in a virtual environement update-manager - GNOME application that manages apt updates update-manager-core - manage release upgrades update-manager-hildon - Hildon application that manages apt updates update-manager-kde - Support modules for Update Notifier KDE update-manager-text - Text application that manages apt updates Launchpad-Bugs-Fixed: 927979 Changes: update-manager (1:0.134.12.1) lucid-proposed; urgency=low . * Add in an apport source package hook to ensure that bugs reported about update-manager include details regarding the upgrade process (LP: #927979) Checksums-Sha1: 6883042feb504c3c38c9b2a1506c682de9aca6f5 1470 update-manager_0.134.12.1.dsc e8fa15060486f24c9e4d10c983198070efcc918c 2735468 update-manager_0.134.12.1.tar.gz Checksums-Sha256: 1be21bc41f7b67c967f6943367b3bb683566a0c3bb32d25138989980a3c31f2e 1470 update-manager_0.134.12.1.dsc 6319d90a146cf1e69ba32afc38682b077c6cb090d4812cb200337abe8439a494 2735468 update-manager_0.134.12.1.tar.gz Files: ac30c80713418d70db51c3a7936f9170 1470 gnome optional update-manager_0.134.12.1.dsc 8be6acd6f95f85a90986381bf2b16905 2735468 gnome optional update-manager_0.134.12.1.tar.gz From marc.deslauriers at ubuntu.com Wed Feb 22 15:33:45 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 22 Feb 2012 15:33:45 -0000 Subject: [ubuntu/lucid-security] cvs_1.12.13-12ubuntu1.10.04.1_sparc_translations.tar.gz, cvs_1.12.13-12ubuntu1.10.04.1_i386_translations.tar.gz, cvs, cvs_1.12.13-12ubuntu1.10.04.1_ia64_translations.tar.gz, cvs_1.12.13-12ubuntu1.10.04.1_amd64_translations.tar.gz, cvs_1.12.13-12ubuntu1.10.04.1_armel_translations.tar.gz, cvs_1.12.13-12ubuntu1.10.04.1_powerpc_translations.tar.gz 1:1.12.13-12ubuntu1.10.04.1 (Accepted) Message-ID: <20120222153345.16482.82840.launchpad@cocoplum.canonical.com> cvs (1:1.12.13-12ubuntu1.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via heap overflow - debian/patches/99ubuntu002-CVE-2012-0804.diff: remove use of write_buf in src/client.c. - CVE-2012-0804 Date: Mon, 13 Feb 2012 11:41:02 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/cvs/1:1.12.13-12ubuntu1.10.04.1 -------------- next part -------------- Format: 1.8 Date: Mon, 13 Feb 2012 11:41:02 -0500 Source: cvs Binary: cvs Architecture: source Version: 1:1.12.13-12ubuntu1.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: cvs - Concurrent Versions System Changes: cvs (1:1.12.13-12ubuntu1.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via heap overflow - debian/patches/99ubuntu002-CVE-2012-0804.diff: remove use of write_buf in src/client.c. - CVE-2012-0804 Checksums-Sha1: 25ee0d76aef099f8c5c0901e95e95f009348f4a8 1912 cvs_1.12.13-12ubuntu1.10.04.1.dsc 8555346ba7471ff714bf2eb045d86260760fab11 106658 cvs_1.12.13-12ubuntu1.10.04.1.diff.gz Checksums-Sha256: a0820fd3568c79ec27249bcdb20567b600c613c133d285da9ea002313887bdf2 1912 cvs_1.12.13-12ubuntu1.10.04.1.dsc ff130cc98e84705c59755e7445a5436b2eacbd9d37cee8cd62e240535725cfef 106658 cvs_1.12.13-12ubuntu1.10.04.1.diff.gz Files: 0533071196b8010e58cc21a7af25488e 1912 devel optional cvs_1.12.13-12ubuntu1.10.04.1.dsc c3d030beb42b8475d07d573b4c482726 106658 devel optional cvs_1.12.13-12ubuntu1.10.04.1.diff.gz Original-Maintainer: Steve McIntyre <93sam at debian.org> From serge.hallyn at ubuntu.com Wed Feb 22 20:19:13 2012 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Wed, 22 Feb 2012 20:19:13 -0000 Subject: [ubuntu/lucid-proposed] libvirt 0.7.5-5ubuntu27.22 (Accepted) Message-ID: <20120222201913.18698.41238.launchpad@soybean.canonical.com> libvirt (0.7.5-5ubuntu27.22) lucid-proposed; urgency=low * Don't override local removal of default network autostart on upgrades (LP: #372001) - re-enable debian/Don-t-enable-default-network-on-boot.patch - debian/libvirt-bin.preinst: note if the symlink exists - debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading from one of the broken versions, then recreate the symlink. (Continue to create the symlink on new installs.) Date: Mon, 23 Jan 2012 10:15:56 -0600 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu27.22 -------------- next part -------------- Format: 1.8 Date: Mon, 23 Jan 2012 10:15:56 -0600 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.7.5-5ubuntu27.22 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Launchpad-Bugs-Fixed: 372001 Changes: libvirt (0.7.5-5ubuntu27.22) lucid-proposed; urgency=low . * Don't override local removal of default network autostart on upgrades (LP: #372001) - re-enable debian/Don-t-enable-default-network-on-boot.patch - debian/libvirt-bin.preinst: note if the symlink exists - debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading from one of the broken versions, then recreate the symlink. (Continue to create the symlink on new installs.) Checksums-Sha1: 4e17374dc3b4586c588c98a011b4810815bcd303 2510 libvirt_0.7.5-5ubuntu27.22.dsc a2b8e8e667ea39ad7dc26f71248b4b2f40cec40c 92022 libvirt_0.7.5-5ubuntu27.22.diff.gz Checksums-Sha256: 48b0ca96299fc80d38276d507da8dd9dcd3864697242a1bf6aa0ba81d5215fbb 2510 libvirt_0.7.5-5ubuntu27.22.dsc cbb25626cf04c39265d1c3129db13a2034709de47c3d6212da44933c17da7c20 92022 libvirt_0.7.5-5ubuntu27.22.diff.gz Files: f0be87e74e5e929f12cee5ad2720e27f 2510 libs optional libvirt_0.7.5-5ubuntu27.22.dsc 03ed37d45d43be86759aef64c6b471c0 92022 libs optional libvirt_0.7.5-5ubuntu27.22.diff.gz Original-Maintainer: Debian Libvirt Maintainers From jamie at ubuntu.com Thu Feb 23 13:03:53 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 23 Feb 2012 13:03:53 -0000 Subject: [ubuntu/lucid-security] puppet 0.25.4-2ubuntu6.6 (Accepted) Message-ID: <20120223130353.19506.28538.launchpad@cocoplum.canonical.com> puppet (0.25.4-2ubuntu6.6) lucid-security; urgency=low * SECURITY UPDATE: correctly drop group privileges and properly handle symlinks with Klogin. Based on following upstream patches: - 7df0533f93f229de72694148da0ebfd9e1e831c9 - 4ec03b81041c25428a32bc2b83d606ae381e0d53 - f47dd4d3e0aaaa8ebd75b71ef02ce441df663f04 - d702377a00988c3ca458fc48adbc63c4bfcf3164 - ea10b0c487c343d6924951f2da522f3078093a98 - CVE-2012-1053 - CVE-2012-1054 * debian/rules: update unit tests to remove tc_suidmanager.rb (part of fix for the above) - ed0bc14c54018691013fdf6eaa989bc5e49f1a66 Date: Tue, 21 Feb 2012 10:36:05 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/puppet/0.25.4-2ubuntu6.6 -------------- next part -------------- Format: 1.8 Date: Tue, 21 Feb 2012 10:36:05 -0600 Source: puppet Binary: puppet puppetmaster puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source Version: 0.25.4-2ubuntu6.6 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: puppet - centralised configuration management for networks puppet-common - common files for puppet and puppetmaster puppet-el - Emacs syntax highlighting for puppet manifests puppet-testsuite - centralized configuration management control for networks puppetmaster - centralised configuration management control daemon vim-puppet - Vim syntax highlighting for puppet manifests Changes: puppet (0.25.4-2ubuntu6.6) lucid-security; urgency=low . * SECURITY UPDATE: correctly drop group privileges and properly handle symlinks with Klogin. Based on following upstream patches: - 7df0533f93f229de72694148da0ebfd9e1e831c9 - 4ec03b81041c25428a32bc2b83d606ae381e0d53 - f47dd4d3e0aaaa8ebd75b71ef02ce441df663f04 - d702377a00988c3ca458fc48adbc63c4bfcf3164 - ea10b0c487c343d6924951f2da522f3078093a98 - CVE-2012-1053 - CVE-2012-1054 * debian/rules: update unit tests to remove tc_suidmanager.rb (part of fix for the above) - ed0bc14c54018691013fdf6eaa989bc5e49f1a66 Checksums-Sha1: dda7e9c3a0aa487c0a5c0bf601cd2381a2f0c211 2209 puppet_0.25.4-2ubuntu6.6.dsc fd412a404db00fb6641ae50f7ad08e48cf8c4884 57551 puppet_0.25.4-2ubuntu6.6.diff.gz Checksums-Sha256: 22272afd2c58b7e14a31098b12c2284f0e64d0ebab6b948dd3213ce6f245ad8e 2209 puppet_0.25.4-2ubuntu6.6.dsc 6ffe87d6af64a76530a1ca7f756638606740cd82956fe4daaca2c60ff3b7d5f5 57551 puppet_0.25.4-2ubuntu6.6.diff.gz Files: e8a36217d8c6aa94786f4b9bcd2535c9 2209 admin optional puppet_0.25.4-2ubuntu6.6.dsc 60f966ca0be02e27e96dd926cb0d9543 57551 admin optional puppet_0.25.4-2ubuntu6.6.diff.gz Original-Maintainer: Puppet Package Maintainers From sbeattie at ubuntu.com Thu Feb 23 22:37:58 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Thu, 23 Feb 2012 22:37:58 -0000 Subject: [ubuntu/lucid-security] openjdk-6 6b20-1.9.13-0ubuntu1~10.04.1 (Accepted) Message-ID: <20120223223758.24934.2907.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.13-0ubuntu1~10.04.1) lucid-security; urgency=low * SECURITY UPDATE: update to IcedTea 6 1.9.13 - Security fixes: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server - Bug fixes: - S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl - S7094468, RH751203: rmiregistry clean up - S6851973, PR830: ignore incoming channel binding if acceptor does not set one * drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as it's included in the upstream release. Date: Wed, 15 Feb 2012 14:53:15 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.04.1 -------------- next part -------------- Format: 1.8 Date: Wed, 15 Feb 2012 14:53:15 -0800 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.13-0ubuntu1~10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.13-0ubuntu1~10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: update to IcedTea 6 1.9.13 - Security fixes: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server - Bug fixes: - S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl - S7094468, RH751203: rmiregistry clean up - S6851973, PR830: ignore incoming channel binding if acceptor does not set one * drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as it's included in the upstream release. Checksums-Sha1: 2edaf52b462989022b409af5dec3097820efaf59 3163 openjdk-6_6b20-1.9.13-0ubuntu1~10.04.1.dsc 2d66ac45635ab374bef46c710877bdf23078389c 73935529 openjdk-6_6b20-1.9.13.orig.tar.gz 7c2d96ff0d9ee9212321593c077a8bb1696a88ab 135256 openjdk-6_6b20-1.9.13-0ubuntu1~10.04.1.diff.gz Checksums-Sha256: 76b997f984dbdeb7a77d43a7e9624e33970c926f43006c37fbc9b4af3d9b6750 3163 openjdk-6_6b20-1.9.13-0ubuntu1~10.04.1.dsc 41e4e8573b6e66774810f43e1e2f01a09a22b13b66135fa8e892c5eb0fa75e76 73935529 openjdk-6_6b20-1.9.13.orig.tar.gz e89496437c976518321917dfd3ea0678799fcc7c1fb12d740b373a5d7a00343b 135256 openjdk-6_6b20-1.9.13-0ubuntu1~10.04.1.diff.gz Files: e7e0478fe89d5aa9afe46628431c35ba 3163 java optional openjdk-6_6b20-1.9.13-0ubuntu1~10.04.1.dsc 377eace2085d523080c1607496f5f363 73935529 java optional openjdk-6_6b20-1.9.13.orig.tar.gz 0d59429a32c9fbd1e97cb24423acc2c7 135256 java optional openjdk-6_6b20-1.9.13-0ubuntu1~10.04.1.diff.gz Original-Maintainer: OpenJDK Team From jose.plans at canonical.com Sat Feb 25 06:56:09 2012 From: jose.plans at canonical.com (Jose Plans) Date: Sat, 25 Feb 2012 06:56:09 -0000 Subject: [ubuntu/lucid-proposed] xorg-server 2:1.7.6-2ubuntu7.11 (Accepted) Message-ID: <20120225065609.12780.53717.launchpad@cocoplum.canonical.com> xorg-server (2:1.7.6-2ubuntu7.11) lucid-proposed; urgency=low * Add 209_fixes-crash-XIQueryDevice.patch fixing a crash in XIQueryDevice which calls strlen on a NULL pointer. (LP #933745) Date: Wed, 22 Feb 2012 23:15:47 +0000 Changed-By: Jose Plans Maintainer: Ubuntu X-SWAT Signed-By: Bryce Harrington https://launchpad.net/ubuntu/lucid/+source/xorg-server/2:1.7.6-2ubuntu7.11 -------------- next part -------------- Format: 1.8 Date: Wed, 22 Feb 2012 23:15:47 +0000 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source Version: 2:1.7.6-2ubuntu7.11 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu X-SWAT Changed-By: Jose Plans Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:1.7.6-2ubuntu7.11) lucid-proposed; urgency=low . * Add 209_fixes-crash-XIQueryDevice.patch fixing a crash in XIQueryDevice which calls strlen on a NULL pointer. (LP #933745) Checksums-Sha1: 91c182858db34ee610c5519a97313a2acd84d6c7 3810 xorg-server_1.7.6-2ubuntu7.11.dsc b4f63b1eb2eb038492956a9373c05632624c0257 431123 xorg-server_1.7.6-2ubuntu7.11.diff.gz Checksums-Sha256: d449c835aab07d01139dda58b5edd99dd8b91fadf8835010475b516d32a85fd4 3810 xorg-server_1.7.6-2ubuntu7.11.dsc f305979627f19c95af253f9a6aa42753f4742200a963fb0d95d6ee57691911f9 431123 xorg-server_1.7.6-2ubuntu7.11.diff.gz Files: 461ad03eacb31888b28c529d73badb4a 3810 x11 optional xorg-server_1.7.6-2ubuntu7.11.dsc b088c4c7a6a02c3364b5f1e7b843795b 431123 x11 optional xorg-server_1.7.6-2ubuntu7.11.diff.gz Original-Maintainer: Debian X Strike Force From evan at ebroder.net Sat Feb 25 07:08:13 2012 From: evan at ebroder.net (Evan Broder) Date: Sat, 25 Feb 2012 07:08:13 -0000 Subject: [ubuntu/lucid-proposed] insserv 1.12.0-14ubuntu0.1 (Accepted) Message-ID: <20120225070813.18526.62623.launchpad@cocoplum.canonical.com> insserv (1.12.0-14ubuntu0.1) lucid-proposed; urgency=low [ Adam Stokes ] * Add 200_hide_insserv_on_ubuntu.patch: Move insserv out of system path to disuade package maintainers from invoking it directly. (LP: #897390) [ Evan Broder ] * Fix the shutdown sequence if it was broken by insserv being run at some point in the past. Date: Thu, 23 Feb 2012 17:03:58 -0800 Changed-By: Evan Broder Maintainer: Petter Reinholdtsen https://launchpad.net/ubuntu/lucid/+source/insserv/1.12.0-14ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Thu, 23 Feb 2012 17:03:58 -0800 Source: insserv Binary: insserv Architecture: source Version: 1.12.0-14ubuntu0.1 Distribution: lucid-proposed Urgency: low Maintainer: Petter Reinholdtsen Changed-By: Evan Broder Description: insserv - Tool to organize boot sequence using LSB init.d script dependenci Launchpad-Bugs-Fixed: 897390 Changes: insserv (1.12.0-14ubuntu0.1) lucid-proposed; urgency=low . [ Adam Stokes ] * Add 200_hide_insserv_on_ubuntu.patch: Move insserv out of system path to disuade package maintainers from invoking it directly. (LP: #897390) . [ Evan Broder ] * Fix the shutdown sequence if it was broken by insserv being run at some point in the past. Checksums-Sha1: 0e7ccb22460d87e3cb84681e2c548cb4c07a1248 1921 insserv_1.12.0-14ubuntu0.1.dsc 980bd53236c106fb86ae2bfa1b47d919666de3bd 63069 insserv_1.12.0-14ubuntu0.1.diff.gz Checksums-Sha256: cf4a63eea1e4519c4f8cd6ffcfb674c189a23194ae6d01d953345e1a84679ad8 1921 insserv_1.12.0-14ubuntu0.1.dsc 1055bfa1370ac2c0791d18035e93695e92a93cb6e40a1a40a3c7bfe1bb7349d1 63069 insserv_1.12.0-14ubuntu0.1.diff.gz Files: b85504eaf65a51350f270f9f40e03a27 1921 misc optional insserv_1.12.0-14ubuntu0.1.dsc fe7d9a8f2bd1aa093396e0e320bb456c 63069 misc optional insserv_1.12.0-14ubuntu0.1.diff.gz Debian-Vcs-Browser: http://svn.debian.org/wsvn/initscripts-ng/trunk/src/insserv/ Debian-Vcs-Svn: svn://svn.debian.org/initscripts-ng/trunk/src/insserv From martin.pitt at ubuntu.com Sat Feb 25 07:28:33 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Sat, 25 Feb 2012 07:28:33 -0000 Subject: [ubuntu/lucid-proposed] consolekit 0.4.1-3ubuntu3 (Accepted) Message-ID: <20120225072833.25840.94179.launchpad@cocoplum.canonical.com> consolekit (0.4.1-3ubuntu3) lucid-proposed; urgency=low * Add 00git_truncate_frequent.patch: ck-history: don't truncate --frequent output to 8 chars. (Closes: #660171, LP: #476811) Date: Fri, 24 Feb 2012 09:13:03 +0000 Changed-By: Martin Pitt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/consolekit/0.4.1-3ubuntu3 -------------- next part -------------- Format: 1.8 Date: Fri, 24 Feb 2012 09:13:03 +0000 Source: consolekit Binary: consolekit libck-connector0 libck-connector-dev libpam-ck-connector Architecture: source Version: 0.4.1-3ubuntu3 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Martin Pitt Description: consolekit - framework for defining and tracking users, sessions and seats libck-connector-dev - ConsoleKit development files libck-connector0 - ConsoleKit libraries libpam-ck-connector - ConsoleKit PAM module Closes: 660171 Launchpad-Bugs-Fixed: 476811 Changes: consolekit (0.4.1-3ubuntu3) lucid-proposed; urgency=low . * Add 00git_truncate_frequent.patch: ck-history: don't truncate --frequent output to 8 chars. (Closes: #660171, LP: #476811) Checksums-Sha1: 50aac3f5cf72662967f38b11abf0b5be30523322 2451 consolekit_0.4.1-3ubuntu3.dsc 4b9c0a0f1ff40f3b75b10d42aacc7ebea798d14f 19645 consolekit_0.4.1-3ubuntu3.diff.gz Checksums-Sha256: e074bacc90505ae74594aac6a72639ef50d2bb35e8dc394cc0534654f6410e1d 2451 consolekit_0.4.1-3ubuntu3.dsc 432324c8d259cc89938e4b5bd481eac0dc5413568da838b4c20c7d8ff2197930 19645 consolekit_0.4.1-3ubuntu3.diff.gz Files: a86e0f848fa634f49a4e99c91ad00db7 2451 admin optional consolekit_0.4.1-3ubuntu3.dsc 2210728810d0057458a5046308bac6ab 19645 admin optional consolekit_0.4.1-3ubuntu3.diff.gz Original-Maintainer: Utopia Maintenance Team From jamie at ubuntu.com Sun Feb 26 03:29:58 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Sun, 26 Feb 2012 03:29:58 -0000 Subject: [ubuntu/lucid-updates] chromium-browser 17.0.963.56~r121963-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120226032958.904.34492.launchpad@ackee.canonical.com> chromium-browser (17.0.963.56~r121963-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #931905, #933262) This release fixes the following security issues from 17.0.963.56: - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. - [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. - [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz. This release fixes the following security issues from 17.0.963.46: - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG. - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. - [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG. - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek. - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno). * Rebase patch - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch * Update .install file to just install all .pak files instead of listing them by name - update debian/chromium-browser.install Date: 2012-02-21 07:25:26.025547+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/chromium-browser/17.0.963.56~r121963-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Sun Feb 26 03:30:55 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Sun, 26 Feb 2012 03:30:55 -0000 Subject: [ubuntu/lucid-security] chromium-browser 17.0.963.56~r121963-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120226033055.904.59737.launchpad@ackee.canonical.com> chromium-browser (17.0.963.56~r121963-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #931905, #933262) This release fixes the following security issues from 17.0.963.56: - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. - [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. - [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz. This release fixes the following security issues from 17.0.963.46: - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG. - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. - [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG. - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek. - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno). * Rebase patch - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch * Update .install file to just install all .pak files instead of listing them by name - update debian/chromium-browser.install Date: 2012-02-21 07:25:26.025547+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/lucid/+source/chromium-browser/17.0.963.56~r121963-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From jamie at ubuntu.com Mon Feb 27 23:34:08 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Mon, 27 Feb 2012 23:34:08 -0000 Subject: [ubuntu/lucid-security] libxml2 2.7.6.dfsg-1ubuntu1.4 (Accepted) Message-ID: <20120227233408.18460.83926.launchpad@cocoplum.canonical.com> libxml2 (2.7.6.dfsg-1ubuntu1.4) lucid-security; urgency=low * SECURITY UPDATE: add randomization to dictionaries with hash tables help prevent denial of service via hash algorithm collision - configure.in: lookup for rand, srand and time - dict.c: add randomization to dictionaries hash tables - hash.c: add randomization to normal hash tables - 8973d58b7498fa5100a876815476b81fd1a2412a - CVE-2012-0841 Date: Fri, 24 Feb 2012 15:17:42 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libxml2/2.7.6.dfsg-1ubuntu1.4 -------------- next part -------------- Format: 1.8 Date: Fri, 24 Feb 2012 15:17:42 -0600 Source: libxml2 Binary: libxml2 libxml2-udeb libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source Version: 2.7.6.dfsg-1ubuntu1.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-udeb - GNOME XML library (udeb) libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.7.6.dfsg-1ubuntu1.4) lucid-security; urgency=low . * SECURITY UPDATE: add randomization to dictionaries with hash tables help prevent denial of service via hash algorithm collision - configure.in: lookup for rand, srand and time - dict.c: add randomization to dictionaries hash tables - hash.c: add randomization to normal hash tables - 8973d58b7498fa5100a876815476b81fd1a2412a - CVE-2012-0841 Checksums-Sha1: 5c5bd62d03d82b92e5b4bb6966cd0e85bea6aa69 2280 libxml2_2.7.6.dfsg-1ubuntu1.4.dsc fe24d9638d1d78a6761417af97a1640e77083c83 116743 libxml2_2.7.6.dfsg-1ubuntu1.4.diff.gz Checksums-Sha256: f4734fa1f05e93624c350fe756df68463cbec02affb7ac04958217fcc7058660 2280 libxml2_2.7.6.dfsg-1ubuntu1.4.dsc a1bfcde914f3b0d4fc012f6b7eb8248f4cf6e75c9b14db787ebc871891f36396 116743 libxml2_2.7.6.dfsg-1ubuntu1.4.diff.gz Files: 28cb45bda0c77ee134a5d93a21159094 2280 libs optional libxml2_2.7.6.dfsg-1ubuntu1.4.dsc 63bf1c54f507173066fa5a73ff7a49c0 116743 libs optional libxml2_2.7.6.dfsg-1ubuntu1.4.diff.gz Original-Maintainer: Debian XML/SGML Group From tyhicks at canonical.com Tue Feb 28 02:34:10 2012 From: tyhicks at canonical.com (Tyler Hicks) Date: Tue, 28 Feb 2012 02:34:10 -0000 Subject: [ubuntu/lucid-security] ruby1.8 1.8.7.249-2ubuntu0.1 (Accepted) Message-ID: <20120228023410.14816.42878.launchpad@cocoplum.canonical.com> ruby1.8 (1.8.7.249-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: Cross-site scripting via HTTP error responses - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character set for HTTP error responses. Based on upstream patch. - CVE-2010-0541 * SECURITY UPDATE: Arbitrary code execution and denial of service - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory corruption during allocation. Based on upstream patch. - CVE-2011-0188 * SECURITY UPDATE: Arbitrary file deletion due to symlink race - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather than recursively removing everything underneath the symlink destination. Based on upstream patch. - CVE-2011-1004 * SECURITY UPDATE: Safe level bypass - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * SECURITY UPDATE: Predictable random number generation - debian/patches/CVE-2011-2686.patch: Reseed the random number generator each time a child process is created. Based on upstream patch. - CVE-2011-2686 * SECURITY UPDATE: Predicatable random number generation - debian/patches/CVE-2011-2705.patch: Reseed the random number generator with the pid number and the current time to prevent predictable random numbers in the case of pid number rollover. Based on upstream patch. - CVE-2011-2705 * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 Date: Tue, 21 Feb 2012 16:28:51 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ruby1.8/1.8.7.249-2ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Tue, 21 Feb 2012 16:28:51 -0600 Source: ruby1.8 Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8 libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8 Architecture: source Version: 1.8.7.249-2ubuntu0.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: irb1.8 - Interactive Ruby (for Ruby 1.8) libdbm-ruby1.8 - DBM interface for Ruby 1.8 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libreadline-ruby1.8 - Readline interface for Ruby 1.8 libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8) ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.7.249-2ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: Cross-site scripting via HTTP error responses - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character set for HTTP error responses. Based on upstream patch. - CVE-2010-0541 * SECURITY UPDATE: Arbitrary code execution and denial of service - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory corruption during allocation. Based on upstream patch. - CVE-2011-0188 * SECURITY UPDATE: Arbitrary file deletion due to symlink race - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather than recursively removing everything underneath the symlink destination. Based on upstream patch. - CVE-2011-1004 * SECURITY UPDATE: Safe level bypass - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * SECURITY UPDATE: Predictable random number generation - debian/patches/CVE-2011-2686.patch: Reseed the random number generator each time a child process is created. Based on upstream patch. - CVE-2011-2686 * SECURITY UPDATE: Predicatable random number generation - debian/patches/CVE-2011-2705.patch: Reseed the random number generator with the pid number and the current time to prevent predictable random numbers in the case of pid number rollover. Based on upstream patch. - CVE-2011-2705 * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 Checksums-Sha1: ed44cbc2532c14d1e4e42b93638a22cb5ae664bf 2358 ruby1.8_1.8.7.249-2ubuntu0.1.dsc 5cd2c70508a709f6876bd8ac214d21547bd53c04 52665 ruby1.8_1.8.7.249-2ubuntu0.1.diff.gz Checksums-Sha256: 867e47c646861f430f0896f4f5f477cc5cd19d1c0c51f9d9b9c23e3670d333cf 2358 ruby1.8_1.8.7.249-2ubuntu0.1.dsc ea450ea5d89a6c2bde311ddbeb5e5e061d691a981b2543bb0c9675dd880675df 52665 ruby1.8_1.8.7.249-2ubuntu0.1.diff.gz Files: ae5f189a05f2f4d17406e01ec74aa732 2358 ruby optional ruby1.8_1.8.7.249-2ubuntu0.1.dsc 7d83832094b05ae3e0e2a2699a0c82b3 52665 ruby optional ruby1.8_1.8.7.249-2ubuntu0.1.diff.gz Original-Maintainer: akira yamada From martin.pitt at ubuntu.com Tue Feb 28 13:39:12 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 28 Feb 2012 13:39:12 -0000 Subject: [ubuntu/lucid-updates] update-manager 1:0.134.12.1 (Accepted) Message-ID: <20120228133912.29877.41497.launchpad@ackee.canonical.com> update-manager (1:0.134.12.1) lucid-proposed; urgency=low * Add in an apport source package hook to ensure that bugs reported about update-manager include details regarding the upgrade process (LP: #927979) Date: 2012-02-17 20:25:12.484110+00:00 Changed-By: Brian Murray Maintainer: Michael Vogt Signed-By: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/update-manager/1:0.134.12.1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Feb 28 16:41:07 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 28 Feb 2012 16:41:07 -0000 Subject: [ubuntu/lucid-security] postgresql-8.4, postgresql-8.4_8.4.11-0ubuntu0.10.04_sparc_translations.tar.gz, postgresql-8.4_8.4.11-0ubuntu0.10.04_powerpc_translations.tar.gz, postgresql-8.4_8.4.11-0ubuntu0.10.04_i386_translations.tar.gz, postgresql-8.4_8.4.11-0ubuntu0.10.04_amd64_translations.tar.gz, postgresql-8.4_8.4.11-0ubuntu0.10.04_armel_translations.tar.gz, postgresql-8.4_8.4.11-0ubuntu0.10.04_ia64_translations.tar.gz 8.4.11-0ubuntu0.10.04 (Accepted) Message-ID: <20120228164107.32011.90010.launchpad@cocoplum.canonical.com> postgresql-8.4 (8.4.11-0ubuntu0.10.04) lucid-security; urgency=low * New upstream bug fix/security release: (LP: #941912) - Require execute permission on the trigger function for "CREATE TRIGGER". This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. (CVE-2012-0866) - Remove arbitrary limitation on length of common name in SSL certificates. Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867) - Convert newlines to spaces in names written in pg_dump comments. pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868) - Fix btree index corruption from insertions concurrent with vacuuming. An index page split caused by an insertion could sometimes cause a concurrently-running "VACUUM" to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as "could not read block N in file ...") or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things. - Update per-column permissions, not only per-table permissions, when changing table owner. Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions. - Allow non-existent values for some settings in "ALTER USER/DATABASE SET". Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one. - Avoid crashing when we have problems deleting table files post-commit. Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database. - Track the OID counter correctly during WAL replay, even when it wraps around. Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed. - Fix regular expression back-references with - attached. Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol. A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release. - Fix recently-introduced memory leak in processing of inet/cidr values. - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a SQL-language function. In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible. - Fix I/O-conversion-related memory leaks in plpgsql. - Improve pg_dump's handling of inherited table columns. pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly. - Fix pg_restore's direct-to-database mode for INSERT-style table data. Direct-to-database restores from archive files made with "--inserts" or "--column-inserts" options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay. - Allow AT option in ecpg DEALLOCATE statements. The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case. - Fix error in "contrib/intarray"'s int[] & int[] operator. If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result. - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and decrypt_iv(). These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input. - Fix one-byte buffer overrun in "contrib/test_parser". The code would try to read one more byte than it should, which would crash in corner cases. Since "contrib/test_parser" is only example code, this is not a security issue in itself, but bad example code is still bad. - Use __sync_lock_test_and_set() for spinlocks on ARM, if available. This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation. - Use "-fexcess-precision=standard" option when building with gcc versions that accept it. This prevents assorted scenarios wherein recent versions of gcc will produce creative results. - Allow use of threaded Python on FreeBSD. Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check. * Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch: applied upstream. Date: Mon, 27 Feb 2012 15:15:19 +0100 Changed-By: Martin Pitt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.11-0ubuntu0.10.04 -------------- next part -------------- Format: 1.8 Date: Mon, 27 Feb 2012 15:15:19 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.11-0ubuntu0.10.04 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 941912 Changes: postgresql-8.4 (8.4.11-0ubuntu0.10.04) lucid-security; urgency=low . * New upstream bug fix/security release: (LP: #941912) - Require execute permission on the trigger function for "CREATE TRIGGER". This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. (CVE-2012-0866) - Remove arbitrary limitation on length of common name in SSL certificates. Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867) - Convert newlines to spaces in names written in pg_dump comments. pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868) - Fix btree index corruption from insertions concurrent with vacuuming. An index page split caused by an insertion could sometimes cause a concurrently-running "VACUUM" to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as "could not read block N in file ...") or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things. - Update per-column permissions, not only per-table permissions, when changing table owner. Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions. - Allow non-existent values for some settings in "ALTER USER/DATABASE SET". Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one. - Avoid crashing when we have problems deleting table files post-commit. Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database. - Track the OID counter correctly during WAL replay, even when it wraps around. Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed. - Fix regular expression back-references with - attached. Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol. A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release. - Fix recently-introduced memory leak in processing of inet/cidr values. - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a SQL-language function. In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible. - Fix I/O-conversion-related memory leaks in plpgsql. - Improve pg_dump's handling of inherited table columns. pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly. - Fix pg_restore's direct-to-database mode for INSERT-style table data. Direct-to-database restores from archive files made with "--inserts" or "--column-inserts" options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay. - Allow AT option in ecpg DEALLOCATE statements. The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case. - Fix error in "contrib/intarray"'s int[] & int[] operator. If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result. - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and decrypt_iv(). These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input. - Fix one-byte buffer overrun in "contrib/test_parser". The code would try to read one more byte than it should, which would crash in corner cases. Since "contrib/test_parser" is only example code, this is not a security issue in itself, but bad example code is still bad. - Use __sync_lock_test_and_set() for spinlocks on ARM, if available. This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation. - Use "-fexcess-precision=standard" option when building with gcc versions that accept it. This prevents assorted scenarios wherein recent versions of gcc will produce creative results. - Allow use of threaded Python on FreeBSD. Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check. * Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch: applied upstream. Checksums-Sha1: cf4f6b0bf01427f38eb907ec33d93a59b99bd87b 2628 postgresql-8.4_8.4.11-0ubuntu0.10.04.dsc b12084003937d8ed59287b6db2508e098ac52953 18178451 postgresql-8.4_8.4.11.orig.tar.gz f0a1815e48c69748f819707732c9b47111f1dd7a 48512 postgresql-8.4_8.4.11-0ubuntu0.10.04.diff.gz Checksums-Sha256: bd2d636e69e4e93b15951881468ec8791fef517ac8dc3b5636a8e3e0e922920f 2628 postgresql-8.4_8.4.11-0ubuntu0.10.04.dsc 5d430fe7b72ad466d477867bad8ee428b25eeefbd161560dc13ac73d77b3541d 18178451 postgresql-8.4_8.4.11.orig.tar.gz 02035b900d99333d7d89d3f634378b4347419158d1bb3159907c0f657cee95ed 48512 postgresql-8.4_8.4.11-0ubuntu0.10.04.diff.gz Files: 86595e04f3722dc5e48225bd85725254 2628 database optional postgresql-8.4_8.4.11-0ubuntu0.10.04.dsc 413b8ae9ae6e7f053e2a992e068af63e 18178451 database optional postgresql-8.4_8.4.11.orig.tar.gz a1d123ab24f608c227e5b6b29e52208e 48512 database optional postgresql-8.4_8.4.11-0ubuntu0.10.04.diff.gz Original-Maintainer: Martin Pitt From chris.j.arges at canonical.com Wed Feb 29 16:58:25 2012 From: chris.j.arges at canonical.com (Chris J Arges) Date: Wed, 29 Feb 2012 16:58:25 -0000 Subject: [ubuntu/lucid-proposed] kexec-tools 1:2.0.1-1ubuntu4 (Accepted) Message-ID: <20120229165825.27730.59353.launchpad@cocoplum.canonical.com> kexec-tools (1:2.0.1-1ubuntu4) lucid-proposed; urgency=low * Backport changes to fix kdump functionality. LP: #828731. - debian/kdump.initramfs: call /usr/bin/makedumpfile via a chroot command, so that if makedumpfile is statically linked, we get proper library resolution. Thanks to Louis Bouchard for the patch. LP: #785425. - debian/kdump.initramfs: handle the possibility that /usr, /boot, or /var is on a separate filesystem and needs to be manually mounted before calling makedumpfile. LP: #828731. - Depend on makedumpfile, without which the initramfs script doesn't work. - Fix an unnecessary bashism. - Only install the kdump initramfs script and depend on makedumpfile on architectures that makedumpfile supports. Date: Wed, 18 Jan 2012 14:52:58 -0600 Changed-By: Chris J Arges Maintainer: Ubuntu Core Developers Signed-By: Barry Warsaw https://launchpad.net/ubuntu/lucid/+source/kexec-tools/1:2.0.1-1ubuntu4 -------------- next part -------------- Format: 1.8 Date: Wed, 18 Jan 2012 14:52:58 -0600 Source: kexec-tools Binary: kexec-tools Architecture: source Version: 1:2.0.1-1ubuntu4 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Chris J Arges Description: kexec-tools - kexec tool for kexec reboots Launchpad-Bugs-Fixed: 785425 828731 828731 Changes: kexec-tools (1:2.0.1-1ubuntu4) lucid-proposed; urgency=low . * Backport changes to fix kdump functionality. LP: #828731. - debian/kdump.initramfs: call /usr/bin/makedumpfile via a chroot command, so that if makedumpfile is statically linked, we get proper library resolution. Thanks to Louis Bouchard for the patch. LP: #785425. - debian/kdump.initramfs: handle the possibility that /usr, /boot, or /var is on a separate filesystem and needs to be manually mounted before calling makedumpfile. LP: #828731. - Depend on makedumpfile, without which the initramfs script doesn't work. - Fix an unnecessary bashism. - Only install the kdump initramfs script and depend on makedumpfile on architectures that makedumpfile supports. Checksums-Sha1: 6cb0b939478fe20d36c0f8b824cb20999a9f0204 1859 kexec-tools_2.0.1-1ubuntu4.dsc f67535c1a867f20b169e3d9e48f027ca3c432d26 18345 kexec-tools_2.0.1-1ubuntu4.diff.gz Checksums-Sha256: a58c2058edb14b5fd3fb7001d443da41984bc179290737b40b8bf26969a9f76e 1859 kexec-tools_2.0.1-1ubuntu4.dsc 39f577c1d287396b2d1e7b38fb648cc11c2716ccf1783d44ad8833a899eab01a 18345 kexec-tools_2.0.1-1ubuntu4.diff.gz Files: d22af62004fab8226856fc7f0f356a6a 1859 admin optional kexec-tools_2.0.1-1ubuntu4.dsc 7fd1c547d0d74fe67c5abe7902bd1458 18345 admin optional kexec-tools_2.0.1-1ubuntu4.diff.gz Original-Maintainer: Khalid Aziz