From stgraber at ubuntu.com Mon Jan 2 17:17:18 2012 From: stgraber at ubuntu.com (Stephane Graber) Date: Mon, 02 Jan 2012 17:17:18 -0000 Subject: [ubuntu/lucid-proposed] opencryptoki 2.2.8+dfsg-4ubuntu0.10.04.1 (Accepted) Message-ID: <20120102171718.26464.25016.launchpad@soybean.canonical.com> opencryptoki (2.2.8+dfsg-4ubuntu0.10.04.1) lucid-proposed; urgency=low * Cherry-pick patch from Deibna to reset TPM datastructures on init and not just logout, fixes TPM token reinitialization failure on reload. Thanks to David Smith for the patch (LP: #645576) Date: Wed, 07 Dec 2011 11:25:22 -0500 Changed-By: Stéphane Graber Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/opencryptoki/2.2.8+dfsg-4ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 11:25:22 -0500 Source: opencryptoki Binary: opencryptoki opencryptoki-dbg libopencryptoki0 libopencryptoki-dev Architecture: source Version: 2.2.8+dfsg-4ubuntu0.10.04.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Stéphane Graber Description: libopencryptoki-dev - PKCS#11 implementation for Linux (development) libopencryptoki0 - PKCS#11 implementation for Linux (library) opencryptoki - PKCS#11 implementation for Linux (daemon) opencryptoki-dbg - PKCS#11 implementation for Linux (debug) Launchpad-Bugs-Fixed: 645576 Changes: opencryptoki (2.2.8+dfsg-4ubuntu0.10.04.1) lucid-proposed; urgency=low . * Cherry-pick patch from Deibna to reset TPM datastructures on init and not just logout, fixes TPM token reinitialization failure on reload. Thanks to David Smith for the patch (LP: #645576) Checksums-Sha1: fcfa3e23692158fd32e0a776896d7fa2f91cca21 2109 opencryptoki_2.2.8+dfsg-4ubuntu0.10.04.1.dsc c7ee1376ed6a35d7d2558cc8c549a6397a8d11e5 13927 opencryptoki_2.2.8+dfsg-4ubuntu0.10.04.1.diff.gz Checksums-Sha256: 6c1fd3b3501fd7157813cdeef14f77ef006d15439758e73285ce7973c16a2c69 2109 opencryptoki_2.2.8+dfsg-4ubuntu0.10.04.1.dsc 40a2013e55561e692ac9f40c2af59a8bb26f912bb8140259acc0d79cdda132bc 13927 opencryptoki_2.2.8+dfsg-4ubuntu0.10.04.1.diff.gz Files: 99fe1bb7b1a2fc886586c83e6db708c1 2109 admin optional opencryptoki_2.2.8+dfsg-4ubuntu0.10.04.1.dsc 1ed50dc11278d5395f63797798f50c1a 13927 admin optional opencryptoki_2.2.8+dfsg-4ubuntu0.10.04.1.diff.gz Original-Maintainer: Debian QA Group From jamie at ubuntu.com Wed Jan 4 00:03:30 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 04 Jan 2012 00:03:30 -0000 Subject: [ubuntu/lucid-security] selinux 1:0.10~10.04.1 (Accepted) Message-ID: <20120104000330.6684.10726.launchpad@cocoplum.canonical.com> selinux (1:0.10~10.04.1) lucid-security; urgency=low * SECURITY UPDATE: fix unsafe lockfile creation. The scope of this is limited by when this script is run, but it is still worthwhile to get this cleaned up (LP: #876994) Date: Wed, 21 Dec 2011 11:27:22 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Hardened Developers https://launchpad.net/ubuntu/lucid/+source/selinux/1:0.10~10.04.1 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Dec 2011 11:27:22 -0600 Source: selinux Binary: selinux Architecture: source Version: 1:0.10~10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Hardened Developers Changed-By: Jamie Strandboge Description: selinux - Security-Enhanced Linux runtime support Launchpad-Bugs-Fixed: 876994 Changes: selinux (1:0.10~10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: fix unsafe lockfile creation. The scope of this is limited by when this script is run, but it is still worthwhile to get this cleaned up (LP: #876994) Checksums-Sha1: 6e785a8f943f5b01b465c68a35fdab7921af3a71 1442 selinux_0.10~10.04.1.dsc 3975e417f240a165378e49fd9c2781bf4e0fb028 9846 selinux_0.10~10.04.1.tar.gz Checksums-Sha256: 64c5aa64e0a1d55f5f58d6242e9ee5b3e052b046cff62542b39335856b495fc5 1442 selinux_0.10~10.04.1.dsc b8cf0a26c7f8503e71d4bb6090c32866db698e6fd51ca50ef4d9118a97d917e9 9846 selinux_0.10~10.04.1.tar.gz Files: 8a0dfa91d7ef4b1d89c13a8467fb7791 1442 admin optional selinux_0.10~10.04.1.dsc 3b50ae6e90e6905f3de425b1baeec6c0 9846 admin optional selinux_0.10~10.04.1.tar.gz Original-Maintainer: J. Tang From marc.deslauriers at ubuntu.com Wed Jan 4 14:33:40 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 04 Jan 2012 14:33:40 -0000 Subject: [ubuntu/lucid-security] ghostscript 8.71.dfsg.1-0ubuntu5.4 (Accepted) Message-ID: <20120104143340.16275.91853.launchpad@cocoplum.canonical.com> ghostscript (8.71.dfsg.1-0ubuntu5.4) lucid-security; urgency=low * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Date: Tue, 20 Dec 2011 15:44:19 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ghostscript/8.71.dfsg.1-0ubuntu5.4 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 15:44:19 -0500 Source: ghostscript Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-cups ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev Architecture: source Version: 8.71.dfsg.1-0ubuntu5.4 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: ghostscript - The GPL Ghostscript PostScript/PDF interpreter ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS filters ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor gs - Transitional package gs-aladdin - Transitional package gs-common - Dummy package depending on ghostscript gs-esp - Transitional package gs-esp-x - Transitional package gs-gpl - Transitional package libgs-dev - The Ghostscript PostScript Library - Development Files libgs-esp-dev - Transitional package libgs8 - The Ghostscript PostScript/PDF interpreter Library Changes: ghostscript (8.71.dfsg.1-0ubuntu5.4) lucid-security; urgency=low . * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Checksums-Sha1: 83fd5ae28443fde7b6de59960a690d4aeab8d931 2476 ghostscript_8.71.dfsg.1-0ubuntu5.4.dsc b14dbf3af224759d549eb2ac900185cb2d16fe87 72722 ghostscript_8.71.dfsg.1-0ubuntu5.4.diff.gz Checksums-Sha256: 9298bd2ab2fe94fc4805a0d20adc48586d60069aad4a8f0e283840c2bb367f3c 2476 ghostscript_8.71.dfsg.1-0ubuntu5.4.dsc aef08938e8800451c7cbbbae17e511e2259aa17de55052171bc1bdaf2d60d846 72722 ghostscript_8.71.dfsg.1-0ubuntu5.4.diff.gz Files: edcdcb71f956a345e5f9a8cbcfed9048 2476 text optional ghostscript_8.71.dfsg.1-0ubuntu5.4.dsc 6048c04445f3a6e59fab227a05794492 72722 text optional ghostscript_8.71.dfsg.1-0ubuntu5.4.diff.gz Original-Maintainer: Masayuki Hatta (mhatta) From martin.pitt at ubuntu.com Thu Jan 5 12:50:52 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 05 Jan 2012 12:50:52 -0000 Subject: [ubuntu/lucid-proposed] postgresql-8.4 8.4.10-0ubuntu0.10.04.1 (Accepted) Message-ID: <20120105125052.28495.43587.launchpad@gac.canonical.com> postgresql-8.4 (8.4.10-0ubuntu0.10.04.1) lucid-proposed; urgency=low * Add 00git_inet_cidr_unpack.patch: Revert the behavior of inet/cidr functions to not unpack the arguments. This fixes the memory leak when sorting inet values. Patch taken from upstream git HEAD. Spotted during testing in LP #904631. * 01-armel-tas.patch: Turn slock_t datatype into an int, and define S_UNLOCK() to call __sync_lock_release() instead of using the default implementation. This complies to the gcc built-in atomic operations specifiction more strictly and now also works on the Panda boards. (LP: #904828) postgresql-8.4 (8.4.10-0ubuntu0.10.04) lucid-proposed; urgency=low * New upstream release: (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Date: Thu, 05 Jan 2012 13:34:33 +0100 Changed-By: Martin Pitt Maintainer: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.10-0ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Thu, 05 Jan 2012 13:34:33 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.10-0ubuntu0.10.04.1 Distribution: lucid-proposed Urgency: low Maintainer: Martin Pitt Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 904631 904828 Changes: postgresql-8.4 (8.4.10-0ubuntu0.10.04.1) lucid-proposed; urgency=low . * Add 00git_inet_cidr_unpack.patch: Revert the behavior of inet/cidr functions to not unpack the arguments. This fixes the memory leak when sorting inet values. Patch taken from upstream git HEAD. Spotted during testing in LP #904631. * 01-armel-tas.patch: Turn slock_t datatype into an int, and define S_UNLOCK() to call __sync_lock_release() instead of using the default implementation. This complies to the gcc built-in atomic operations specifiction more strictly and now also works on the Panda boards. (LP: #904828) . postgresql-8.4 (8.4.10-0ubuntu0.10.04) lucid-proposed; urgency=low . * New upstream release: (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Checksums-Sha1: cd7b7d6d12403647bf87f978a3b69978437f37e3 3265 postgresql-8.4_8.4.10-0ubuntu0.10.04.1.dsc 3c2bb2eaab0f76ffd5f0f1688d19e0548da8ca0b 47956 postgresql-8.4_8.4.10-0ubuntu0.10.04.1.diff.gz Checksums-Sha256: 9cbb92dc1697e321f44da0728d60bee1885e72516f3ad9d084266980c326743d 3265 postgresql-8.4_8.4.10-0ubuntu0.10.04.1.dsc 06508f46b1ac778a821a7d4b1f18aa5c3eb0e5da6ebbc7c4284ae74f72d212f2 47956 postgresql-8.4_8.4.10-0ubuntu0.10.04.1.diff.gz Files: 034afa39610825346ccf744ff3a755fd 3265 database optional postgresql-8.4_8.4.10-0ubuntu0.10.04.1.dsc fc3c2c5f9e1e280e45540a9cb01fd736 47956 database optional postgresql-8.4_8.4.10-0ubuntu0.10.04.1.diff.gz From marc.deslauriers at ubuntu.com Thu Jan 5 15:04:35 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 05 Jan 2012 15:04:35 -0000 Subject: [ubuntu/lucid-security] ffmpeg 4:0.5.1-1ubuntu1.3 (Accepted) Message-ID: <20120105150435.12747.55585.launchpad@cocoplum.canonical.com> ffmpeg (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Date: Wed, 21 Dec 2011 11:30:09 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ffmpeg/4:0.5.1-1ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Dec 2011 11:30:09 -0500 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: source Version: 4:0.5.1-1ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: ffmpeg - multimedia player, server and encoder ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API libavcodec-dev - development files for libavcodec libavcodec52 - ffmpeg codec library libavdevice-dev - development files for libavdevice libavdevice52 - ffmpeg device handling library libavfilter-dev - development files for libavfilter libavfilter0 - ffmpeg video filtering library libavformat-dev - development files for libavformat libavformat52 - ffmpeg file format library libavutil-dev - development files for libavutil libavutil49 - ffmpeg utility library libpostproc-dev - development files for libpostproc libpostproc51 - ffmpeg video postprocessing library libswscale-dev - development files for libswscale libswscale0 - ffmpeg video scaling library Changes: ffmpeg (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Checksums-Sha1: c0a3ed08d06372719abb2d9312b4c97e18868c89 2898 ffmpeg_0.5.1-1ubuntu1.3.dsc e6118677f557eb855703528c5ddd098eca6c16bf 70977 ffmpeg_0.5.1-1ubuntu1.3.diff.gz Checksums-Sha256: 32738e2429f40cef0ef3f2e23d3f00eabe1756f369bd049ebb0507ebe41cf7a7 2898 ffmpeg_0.5.1-1ubuntu1.3.dsc a91b5df26d166be42a528f99ff91642ba09dc4fe92456f24f766041fb542f7e1 70977 ffmpeg_0.5.1-1ubuntu1.3.diff.gz Files: 0722dc31852410bafd9ce31afd169f7f 2898 libs optional ffmpeg_0.5.1-1ubuntu1.3.dsc 542e08c05f480c382702b59bb69ce920 70977 libs optional ffmpeg_0.5.1-1ubuntu1.3.diff.gz Original-Maintainer: Debian multimedia packages maintainers From marc.deslauriers at ubuntu.com Thu Jan 5 16:04:50 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 05 Jan 2012 16:04:50 -0000 Subject: [ubuntu/lucid-security] ffmpeg-extra 4:0.5.1-1ubuntu1.3 (Accepted) Message-ID: <20120105160450.4159.51444.launchpad@cocoplum.canonical.com> ffmpeg-extra (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Date: Wed, 21 Dec 2011 13:21:39 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/ffmpeg-extra/4:0.5.1-1ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Dec 2011 13:21:39 -0500 Source: ffmpeg-extra Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0 Architecture: source Version: 4:0.5.1-1ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libavcodec-extra-52 - ffmpeg codec library libavcodec-unstripped-52 - ffmpeg utility library - transitional package libavdevice-extra-52 - ffmpeg device handling library libavdevice-unstripped-52 - ffmpeg utility library - transitional package libavfilter-extra-0 - ffmpeg video filtering library libavfilter-unstripped-0 - ffmpeg utility library - transitional package libavformat-extra-52 - ffmpeg file format library libavformat-unstripped-52 - ffmpeg utility library - transitional package libavutil-extra-49 - ffmpeg utility library libavutil-unstripped-49 - ffmpeg utility library - transitional package libpostproc-extra-51 - ffmpeg video postprocessing library libpostproc-unstripped-51 - ffmpeg utility library - transitional package libswscale-extra-0 - ffmpeg video scaling library libswscale-unstripped-0 - ffmpeg utility library - transitional package Changes: ffmpeg-extra (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Checksums-Sha1: c823d33858a741fd8313fa0ed4d454473630d4af 3262 ffmpeg-extra_0.5.1-1ubuntu1.3.dsc db4ffdae9207626737c7a2e4e3b336494d34594c 71493 ffmpeg-extra_0.5.1-1ubuntu1.3.diff.gz Checksums-Sha256: ee412ec3c0ff246b74ce30eea20c2786de797a565cc62b4895e63e2d81b7a188 3262 ffmpeg-extra_0.5.1-1ubuntu1.3.dsc c7fbcebbee931735f247b55ddf6fd146ab57c52d3820cb88419030a1fa99b063 71493 ffmpeg-extra_0.5.1-1ubuntu1.3.diff.gz Files: aa39573f5a1719eaba404bdaa24fe167 3262 libs optional ffmpeg-extra_0.5.1-1ubuntu1.3.dsc 1fa1f4fffd3a74e886fe07592d4d6113 71493 libs optional ffmpeg-extra_0.5.1-1ubuntu1.3.diff.gz Original-Maintainer: Debian multimedia packages maintainers From cjwatson at ubuntu.com Tue Jan 10 10:49:08 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Tue, 10 Jan 2012 10:49:08 -0000 Subject: [ubuntu/lucid-proposed] debian-installer-utils 1.72ubuntu5.2 (Accepted) Message-ID: <20120110104908.31865.40822.launchpad@chaenomeles.canonical.com> debian-installer-utils (1.72ubuntu5.2) lucid-proposed; urgency=low [ Scott Moser ] * Add --quiet to dpkg-divert calls in chroot_setup. debian-installer-utils (1.72ubuntu5.1) lucid-proposed; urgency=low * chroot_setup.sh: Divert start-stop-daemon and initctl rather than simply moving them aside (LP: #900526). Date: Fri, 06 Jan 2012 12:25:41 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/lucid/+source/debian-installer-utils/1.72ubuntu5.2 -------------- next part -------------- Format: 1.8 Date: Fri, 06 Jan 2012 12:25:41 +0000 Source: debian-installer-utils Binary: di-utils-shell di-utils-reboot di-utils-exit-installer di-utils di-utils-mapdevfs di-utils-terminfo Architecture: source Version: 1.72ubuntu5.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: di-utils - Miscellaneous utilities for the debian installer (udeb) di-utils-exit-installer - Exit installer (udeb) di-utils-mapdevfs - mapdevfs utility for the debian installer (udeb) di-utils-reboot - Reboot (udeb) di-utils-shell - Execute a shell (udeb) di-utils-terminfo - Terminfo entries needed by newt/slang in debian installer (udeb) Launchpad-Bugs-Fixed: 900526 Changes: debian-installer-utils (1.72ubuntu5.2) lucid-proposed; urgency=low . [ Scott Moser ] * Add --quiet to dpkg-divert calls in chroot_setup. . debian-installer-utils (1.72ubuntu5.1) lucid-proposed; urgency=low . * chroot_setup.sh: Divert start-stop-daemon and initctl rather than simply moving them aside (LP: #900526). Checksums-Sha1: 5c6316fff4b01b7ddf1bbe9a766940432283f3e4 2355 debian-installer-utils_1.72ubuntu5.2.dsc c0985f89203d83898e60d0aeb55451e14a102045 99727 debian-installer-utils_1.72ubuntu5.2.tar.gz Checksums-Sha256: 0b0d0e056f2f59272e6897bc3533c368a50a51e95766c6371665013544cfce62 2355 debian-installer-utils_1.72ubuntu5.2.dsc 1108b7c3a0d1f05b8fd5b00bf054b88d47e3b327c7109f6c0ed7885a8c148134 99727 debian-installer-utils_1.72ubuntu5.2.tar.gz Files: 5067e0cef8d4d5b89ccd30b5e4aecb5d 2355 debian-installer standard debian-installer-utils_1.72ubuntu5.2.dsc 7f964712b3ea490e6ff1841249e69679 99727 debian-installer standard debian-installer-utils_1.72ubuntu5.2.tar.gz Original-Maintainer: Debian Install System Team From cjwatson at ubuntu.com Tue Jan 10 15:58:07 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Tue, 10 Jan 2012 15:58:07 -0000 Subject: [ubuntu/lucid-proposed] debian-installer 20081029ubuntu102.13 (Accepted) Message-ID: <20120110155807.28403.30303.launchpad@gac.canonical.com> debian-installer (20081029ubuntu102.13) lucid-proposed; urgency=low * Add natty and oneiric images for amd64 and i386, built with the respective backported kernels (LP: #881529). * Move to 2.6.32-38 kernels. * Move maverick-* images to 2.6.35-32 kernels. Date: Tue, 10 Jan 2012 15:32:11 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/lucid/+source/debian-installer/20081029ubuntu102.13 -------------- next part -------------- Format: 1.8 Date: Tue, 10 Jan 2012 15:32:11 +0000 Source: debian-installer Binary: debian-installer Architecture: source Version: 20081029ubuntu102.13 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: debian-installer - Debian installer Launchpad-Bugs-Fixed: 881529 Changes: debian-installer (20081029ubuntu102.13) lucid-proposed; urgency=low . * Add natty and oneiric images for amd64 and i386, built with the respective backported kernels (LP: #881529). * Move to 2.6.32-38 kernels. * Move maverick-* images to 2.6.35-32 kernels. Checksums-Sha1: 96c4ca59cafef1a7338496be9fe22f91217ae933 3446 debian-installer_20081029ubuntu102.13.dsc bc6faa199d237a4cb62939915025f1bebc42a05c 1800195 debian-installer_20081029ubuntu102.13.tar.gz Checksums-Sha256: 04b999d58b689433d55f8b3f1e8aba8a4379158d3ecb588feed5508cea26c466 3446 debian-installer_20081029ubuntu102.13.dsc 87487f0f549ee070d0d73b8458a31c67d2843fdd92fa182c208d3d171aeff3b0 1800195 debian-installer_20081029ubuntu102.13.tar.gz Files: fdf6520433f15f32cf54e6e9d53a3b89 3446 devel optional debian-installer_20081029ubuntu102.13.dsc 2cc9e1355a306c02dfe6f770eaab3631 1800195 devel optional debian-installer_20081029ubuntu102.13.tar.gz Original-Maintainer: Debian Install System Team From andreas at canonical.com Thu Jan 12 16:27:46 2012 From: andreas at canonical.com (Andreas Hasenack) Date: Thu, 12 Jan 2012 16:27:46 -0000 Subject: [ubuntu/lucid-proposed] python-tz 2010b-1ubuntu0.10.04.1 (Accepted) Message-ID: <20120112162746.21452.13410.launchpad@soybean.canonical.com> python-tz (2010b-1ubuntu0.10.04.1) lucid-proposed; urgency=low [ Forest Bond ] * Add patch samoa-idl (LP: #885163). Date: Mon, 09 Jan 2012 21:45:33 +0200 Changed-By: Andreas Hasenack Maintainer: Ubuntu Developers Signed-By: Stefano Rivera https://launchpad.net/ubuntu/lucid/+source/python-tz/2010b-1ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Mon, 09 Jan 2012 21:45:33 +0200 Source: python-tz Binary: python-tz Architecture: source Version: 2010b-1ubuntu0.10.04.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Andreas Hasenack Description: python-tz - Python version of the Olson timezone database Launchpad-Bugs-Fixed: 885163 Changes: python-tz (2010b-1ubuntu0.10.04.1) lucid-proposed; urgency=low . [ Forest Bond ] * Add patch samoa-idl (LP: #885163). Checksums-Sha1: fb187635bbb558212a50247f1c3b36cd5ff7b7ba 2177 python-tz_2010b-1ubuntu0.10.04.1.dsc 8292cd8f8d5393e091217a6775d69203d3aa223a 5124 python-tz_2010b-1ubuntu0.10.04.1.diff.gz Checksums-Sha256: 4a5c00c413abce6e70abafad5c5e0ded187686c5228fba1c1f8d53f7dd41ac41 2177 python-tz_2010b-1ubuntu0.10.04.1.dsc 9c738d3ffa8f87a0a6e29e13257c6068b42367065f98c5b8f740904327fda013 5124 python-tz_2010b-1ubuntu0.10.04.1.diff.gz Files: ba58eb69aa7ee5e9de53f66e62e00e3b 2177 python optional python-tz_2010b-1ubuntu0.10.04.1.dsc c7fdb92c4d01a9b7826b136a944c4f14 5124 python optional python-tz_2010b-1ubuntu0.10.04.1.diff.gz Original-Maintainer: Debian/Ubuntu Zope Team From evan at ebroder.net Fri Jan 13 17:13:20 2012 From: evan at ebroder.net (Evan Broder) Date: Fri, 13 Jan 2012 17:13:20 -0000 Subject: [ubuntu/lucid-proposed] youtube-dl 2011.08.04-1~lucid0.1 (Accepted) Message-ID: <20120113171320.18346.4675.launchpad@chaenomeles.canonical.com> youtube-dl (2011.08.04-1~lucid0.1) lucid-proposed; urgency=low * Backport new upstream release to Lucid to fix changes in Youtube. (LP: #915029) Date: Wed, 11 Jan 2012 16:07:15 -0500 Changed-By: Evan Broder Maintainer: Rogério Brito https://launchpad.net/ubuntu/lucid/+source/youtube-dl/2011.08.04-1~lucid0.1 -------------- next part -------------- Format: 1.8 Date: Wed, 11 Jan 2012 16:07:15 -0500 Source: youtube-dl Binary: youtube-dl Architecture: source Version: 2011.08.04-1~lucid0.1 Distribution: lucid-proposed Urgency: low Maintainer: Rogério Brito Changed-By: Evan Broder Description: youtube-dl - download videos from youtube Launchpad-Bugs-Fixed: 915029 Changes: youtube-dl (2011.08.04-1~lucid0.1) lucid-proposed; urgency=low . * Backport new upstream release to Lucid to fix changes in Youtube. (LP: #915029) Checksums-Sha1: 90bcccd5360a38a286dde41f95ecd94624d93499 1803 youtube-dl_2011.08.04-1~lucid0.1.dsc 7bf5ccae6a4cc26fcc07f5392dc381576ffc2646 12673 youtube-dl_2011.08.04-1~lucid0.1.debian.tar.gz Checksums-Sha256: d5fc3f1ac813d33bd86942a5a5fb4f49d195bb7326c7fe71350723343c36abf6 1803 youtube-dl_2011.08.04-1~lucid0.1.dsc 3e14303795402a2dca89e91f1d30f3fb74f92db3cb97905cdf10512260d768b9 12673 youtube-dl_2011.08.04-1~lucid0.1.debian.tar.gz Files: 5e42bf9bdccef2c92ec06db017fc9252 1803 web extra youtube-dl_2011.08.04-1~lucid0.1.dsc 3ae825fd4b59bb678bdb2d229df17c85 12673 web extra youtube-dl_2011.08.04-1~lucid0.1.debian.tar.gz From udienz at ubuntu.com Fri Jan 13 17:13:46 2012 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Fri, 13 Jan 2012 17:13:46 -0000 Subject: [ubuntu/lucid-proposed] nginx 0.7.65-1ubuntu2.2 (Accepted) Message-ID: <20120113171346.10721.16284.launchpad@wampee.canonical.com> nginx (0.7.65-1ubuntu2.2) lucid-proposed; urgency=low * debian/patches/LP-902223.patch: Patch to fix reloading IPv6 addresses, patch derived from Debian. (LP: #902223) Date: Thu, 12 Jan 2012 14:45:20 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/nginx/0.7.65-1ubuntu2.2 -------------- next part -------------- Format: 1.8 Date: Thu, 12 Jan 2012 14:45:20 +0700 Source: nginx Binary: nginx nginx-dbg Architecture: source Version: 0.7.65-1ubuntu2.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: nginx - small, but very powerful and efficient web server and mail proxy nginx-dbg - Debugging symbols for nginx Launchpad-Bugs-Fixed: 902223 Changes: nginx (0.7.65-1ubuntu2.2) lucid-proposed; urgency=low . * debian/patches/LP-902223.patch: Patch to fix reloading IPv6 addresses, patch derived from Debian. (LP: #902223) Checksums-Sha1: 1f94815639a48d0dd5d1415d36f0d2aaa5ee5721 2106 nginx_0.7.65-1ubuntu2.2.dsc b098422b3fd2320cbf25cb24fa010e8befef0611 27252 nginx_0.7.65-1ubuntu2.2.debian.tar.gz Checksums-Sha256: 7c2c6a4788c8b614186362eecb6fc382f3bc1ce89ee52c16566ebb1ce1eab0ef 2106 nginx_0.7.65-1ubuntu2.2.dsc 5c4d84917aba76db42c4b8d82f480cbf20f79d61378e9a5b9ada556d0be06637 27252 nginx_0.7.65-1ubuntu2.2.debian.tar.gz Files: 7dc9c520d34a8b94d700f9945b210e7e 2106 httpd optional nginx_0.7.65-1ubuntu2.2.dsc 754431273a41f56bcce51a57e4a586c5 27252 httpd optional nginx_0.7.65-1ubuntu2.2.debian.tar.gz Original-Maintainer: Jose Parrella From ivoks at ubuntu.com Mon Jan 16 15:03:20 2012 From: ivoks at ubuntu.com (Ante Karamatic) Date: Mon, 16 Jan 2012 15:03:20 -0000 Subject: [ubuntu/lucid-security] phpmyadmin, phpmyadmin_3.3.2-1ubuntu1_i386_translations.tar.gz 4:3.3.2-1ubuntu1 (Accepted) Message-ID: <20120116150320.5674.39550.launchpad@cocoplum.canonical.com> phpmyadmin (4:3.3.2-1ubuntu1) lucid-security; urgency=low * debian/patches/CVE-2010-4480.patch: - CVE-2010-4480 - prevents remote XSS attacks via a crafted BBcode tag containing "@" characters Date: Mon, 09 Jan 2012 16:29:00 +0100 Changed-By: Ante Karamatic Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/phpmyadmin/4:3.3.2-1ubuntu1 -------------- next part -------------- Format: 1.8 Date: Mon, 09 Jan 2012 16:29:00 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source Version: 4:3.3.2-1ubuntu1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Ante Karamatic Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:3.3.2-1ubuntu1) lucid-security; urgency=low . * debian/patches/CVE-2010-4480.patch: - CVE-2010-4480 - prevents remote XSS attacks via a crafted BBcode tag containing "@" characters Checksums-Sha1: b4a94842bd199d262463aab422907c2896fa95ec 1972 phpmyadmin_3.3.2-1ubuntu1.dsc 12f4865b7d524a8cdf0794c219baccfecb598b98 43192 phpmyadmin_3.3.2-1ubuntu1.debian.tar.gz Checksums-Sha256: c5257d67402393bf05f900bb27fe2656ffbda4bbf0b0542bcc1d4ecee76addd6 1972 phpmyadmin_3.3.2-1ubuntu1.dsc ebcd1e457ddfa4d72405725761931d6f317a86a2428c80abf822688dc8631035 43192 phpmyadmin_3.3.2-1ubuntu1.debian.tar.gz Files: ddc833aeccd52f776c0c4e2ae6b73023 1972 web extra phpmyadmin_3.3.2-1ubuntu1.dsc 5669e9fe73f59b6abdaec1009d5df71b 43192 web extra phpmyadmin_3.3.2-1ubuntu1.debian.tar.gz Original-Maintainer: Thijs Kinkhorst From jamie at ubuntu.com Thu Jan 19 17:34:32 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 19 Jan 2012 17:34:32 -0000 Subject: [ubuntu/lucid-security] libxml2 2.7.6.dfsg-1ubuntu1.3 (Accepted) Message-ID: <20120119173432.5507.48647.launchpad@cocoplum.canonical.com> libxml2 (2.7.6.dfsg-1ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: fix off-by-one leading to denial of service - encoding.c: adjust calculation of space available - 69f04562f75212bfcabecd190ea8b06ace28ece2 - CVE-2011-0216 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when entering a function or a scoped evaluation - f5048b3e71fc30ad096970b8df6e7af073bae4cb - CVE-2011-2821 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.c: fix missing error status in XPath evaluation - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd - CVE-2011-2834 * SECURITY UPDATE: fix out of bounds read - parser.c: make sure the parser returns when getting a Stop order - 77404b8b69bc122d12231807abf1a837d121b551 - CVE-2011-3905 * SECURITY UPDATE: fix heap overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Date: Wed, 18 Jan 2012 13:48:59 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/libxml2/2.7.6.dfsg-1ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Wed, 18 Jan 2012 13:48:59 -0600 Source: libxml2 Binary: libxml2 libxml2-udeb libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source Version: 2.7.6.dfsg-1ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-udeb - GNOME XML library (udeb) libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.7.6.dfsg-1ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: fix off-by-one leading to denial of service - encoding.c: adjust calculation of space available - 69f04562f75212bfcabecd190ea8b06ace28ece2 - CVE-2011-0216 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when entering a function or a scoped evaluation - f5048b3e71fc30ad096970b8df6e7af073bae4cb - CVE-2011-2821 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.c: fix missing error status in XPath evaluation - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd - CVE-2011-2834 * SECURITY UPDATE: fix out of bounds read - parser.c: make sure the parser returns when getting a Stop order - 77404b8b69bc122d12231807abf1a837d121b551 - CVE-2011-3905 * SECURITY UPDATE: fix heap overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Checksums-Sha1: aa2b7b438e7870f68f6d423abe93c692a2717761 2280 libxml2_2.7.6.dfsg-1ubuntu1.3.dsc 8a1be52553a9e07b783bb9530eed1e3e7cfd2e02 114159 libxml2_2.7.6.dfsg-1ubuntu1.3.diff.gz Checksums-Sha256: 07ed56f1a002c310ec0b263fb392ac0da3a163a09601aa71e6dda6eb8bbe1249 2280 libxml2_2.7.6.dfsg-1ubuntu1.3.dsc bb30e005bbbbc5087f72e08073cffbb7f752d43a90e0dd793e6b7004ec7f7e6d 114159 libxml2_2.7.6.dfsg-1ubuntu1.3.diff.gz Files: 02b054c8c28784262f0eb53d82dd45ec 2280 libs optional libxml2_2.7.6.dfsg-1ubuntu1.3.dsc ae0bd75705b7bd7ca73cf97c8558a730 114159 libs optional libxml2_2.7.6.dfsg-1ubuntu1.3.diff.gz Original-Maintainer: Debian XML/SGML Group From jamie at ubuntu.com Thu Jan 19 17:34:48 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 19 Jan 2012 17:34:48 -0000 Subject: [ubuntu/lucid-security] t1lib 5.1.2-3ubuntu0.10.04.2 (Accepted) Message-ID: <20120119173448.5507.20858.launchpad@cocoplum.canonical.com> t1lib (5.1.2-3ubuntu0.10.04.2) lucid-security; urgency=low * SECURITY UPDATE: fix denial of service via oversized fonts - debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to address remaining crashes - CVE-2011-1552 - CVE-2011-1553 - CVE-2011-1554 * SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser - debian/patches/CVE-2010-2642_2011-0433.patch: verify array boundaries in lib/t1lib/parseAFM.c - CVE-2010-2642 - CVE-2011-0433 Date: Tue, 17 Jan 2012 14:38:43 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/t1lib/5.1.2-3ubuntu0.10.04.2 -------------- next part -------------- Format: 1.8 Date: Tue, 17 Jan 2012 14:38:43 -0600 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: source Version: 5.1.2-3ubuntu0.10.04.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Changes: t1lib (5.1.2-3ubuntu0.10.04.2) lucid-security; urgency=low . * SECURITY UPDATE: fix denial of service via oversized fonts - debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to address remaining crashes - CVE-2011-1552 - CVE-2011-1553 - CVE-2011-1554 * SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser - debian/patches/CVE-2010-2642_2011-0433.patch: verify array boundaries in lib/t1lib/parseAFM.c - CVE-2010-2642 - CVE-2011-0433 Checksums-Sha1: 6066d38f92d0e8f575db9e1d6da68817986b2a98 1906 t1lib_5.1.2-3ubuntu0.10.04.2.dsc 7cd940a93d498e74fc565db0ae17850760aaa962 20215 t1lib_5.1.2-3ubuntu0.10.04.2.diff.gz Checksums-Sha256: 39d04c775f2b00ae53bb336516694f6ad1d0a0f4a80d49611260985cded29349 1906 t1lib_5.1.2-3ubuntu0.10.04.2.dsc 1183a248cab10dfa7d9aca7d8668cfcb53c0af5956c4247385969af072e6069f 20215 t1lib_5.1.2-3ubuntu0.10.04.2.diff.gz Files: 3c6d6b9bcc600b56d9c458e5ee7dbdaf 1906 libs optional t1lib_5.1.2-3ubuntu0.10.04.2.dsc e6d011c3c445c373c2942dbc54076a74 20215 libs optional t1lib_5.1.2-3ubuntu0.10.04.2.diff.gz Original-Maintainer: Ruben Molina From clint at ubuntu.com Fri Jan 20 10:02:03 2012 From: clint at ubuntu.com (Clint Byrum) Date: Fri, 20 Jan 2012 10:02:03 -0000 Subject: [ubuntu/lucid-proposed] sysvinit 2.87dsf-4ubuntu17.5 (Accepted) Message-ID: <20120120100203.29095.38687.launchpad@chaenomeles.canonical.com> sysvinit (2.87dsf-4ubuntu17.5) lucid-proposed; urgency=low * debian/initscripts/etc/init.d/umountnfs.sh: emit a new event, unmounted-remote-filesystems, to allow stopping portmap and others. (LP: #711425) Date: Fri, 20 Jan 2012 01:15:42 -0800 Changed-By: Clint Byrum Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/sysvinit/2.87dsf-4ubuntu17.5 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 01:15:42 -0800 Source: sysvinit Binary: sysvinit-utils sysv-rc initscripts sysvutils Architecture: source Version: 2.87dsf-4ubuntu17.5 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Clint Byrum Description: initscripts - scripts for initializing and shutting down the system sysv-rc - System-V-like runlevel change mechanism sysvinit-utils - System-V-like utilities sysvutils - System-V-like utilities (transitional package) Launchpad-Bugs-Fixed: 711425 Changes: sysvinit (2.87dsf-4ubuntu17.5) lucid-proposed; urgency=low . * debian/initscripts/etc/init.d/umountnfs.sh: emit a new event, unmounted-remote-filesystems, to allow stopping portmap and others. (LP: #711425) Checksums-Sha1: 53d472a2876cba2ac18aaa3f245e9b339da4c063 1817 sysvinit_2.87dsf-4ubuntu17.5.dsc 7e84165b0c1e73db8c7fc593f4d4845c0261e84f 259446 sysvinit_2.87dsf-4ubuntu17.5.tar.gz Checksums-Sha256: 74dd7ba7d9da9fa11f30caf23f7dd208b5fa7880393eae5b174a81185968bee2 1817 sysvinit_2.87dsf-4ubuntu17.5.dsc 595f5babecdce77bfa8f37d09bddb2ac85afb7fbb5abb9cff01ba586562451b2 259446 sysvinit_2.87dsf-4ubuntu17.5.tar.gz Files: a166711baf9503438d93860c55de4cb8 1817 admin required sysvinit_2.87dsf-4ubuntu17.5.dsc fb8185e226d8a4c2a1c4871e8fdd121b 259446 admin required sysvinit_2.87dsf-4ubuntu17.5.tar.gz Original-Maintainer: Debian sysvinit maintainers From clint at ubuntu.com Fri Jan 20 10:02:32 2012 From: clint at ubuntu.com (Clint Byrum) Date: Fri, 20 Jan 2012 10:02:32 -0000 Subject: [ubuntu/lucid-proposed] portmap 6.0.0-1ubuntu2.2 (Accepted) Message-ID: <20120120100232.32373.2004.launchpad@soybean.canonical.com> portmap (6.0.0-1ubuntu2.2) lucid-proposed; urgency=low * debian/portmap.upstart: stop on unmounted-remote-filesystems, a new event emitted by umountnfs.sh. (LP: #711425) * d/control: Use versioned dep on initscripts to ensure portmap is stopped at the appropriate moment. Date: Fri, 20 Jan 2012 01:37:05 -0800 Changed-By: Clint Byrum Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/portmap/6.0.0-1ubuntu2.2 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 01:37:05 -0800 Source: portmap Binary: portmap Architecture: source Version: 6.0.0-1ubuntu2.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Clint Byrum Description: portmap - RPC port mapper Launchpad-Bugs-Fixed: 711425 Changes: portmap (6.0.0-1ubuntu2.2) lucid-proposed; urgency=low . * debian/portmap.upstart: stop on unmounted-remote-filesystems, a new event emitted by umountnfs.sh. (LP: #711425) * d/control: Use versioned dep on initscripts to ensure portmap is stopped at the appropriate moment. Checksums-Sha1: 30d7ba9c78da044773bd370b9d423212c6257f74 1517 portmap_6.0.0-1ubuntu2.2.dsc 1d200ece1294787794c3ce10063200a1e3a9b608 28169 portmap_6.0.0-1ubuntu2.2.diff.gz Checksums-Sha256: afbc6d209f0b863c2f2a6873bd5d8974b2b0016c25d7e128e549077270bbdc96 1517 portmap_6.0.0-1ubuntu2.2.dsc 05faeb9eb10015b2284f9d6c77abe0e9297c53ab06379fb355d9a146db179d85 28169 portmap_6.0.0-1ubuntu2.2.diff.gz Files: 704e1c851d9a775c1590d783d276f3c2 1517 net standard portmap_6.0.0-1ubuntu2.2.dsc 6fbac4cf638afb5722bc921f4728ce23 28169 net standard portmap_6.0.0-1ubuntu2.2.diff.gz Original-Maintainer: Anibal Monsalve Salazar From cjwatson at ubuntu.com Fri Jan 20 14:21:53 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Fri, 20 Jan 2012 14:21:53 -0000 Subject: [ubuntu/lucid-proposed] grub2 1.98-1ubuntu13 (Accepted) Message-ID: <20120120142153.27439.89158.launchpad@chaenomeles.canonical.com> grub2 (1.98-1ubuntu13) lucid-proposed; urgency=low [ Colin Watson ] * Handle partition devices without corresponding disk devices (LP: #623609). [ Ken Stailey ] * Backport upstream patch to skip LVM snapshots (LP: #563895). Date: Fri, 20 Jan 2012 12:08:36 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/grub2/1.98-1ubuntu13 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 12:08:36 +0000 Source: grub2 Binary: grub2 grub-linuxbios grub-efi grub-common grub-emu grub-pc grub-rescue-pc grub-coreboot grub-efi-ia32 grub-efi-amd64 grub-ieee1275 grub-firmware-qemu grub-yeeloong Architecture: source Version: 1.98-1ubuntu13 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Colin Watson Description: grub-common - GRand Unified Bootloader, version 2 (common files) grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version) grub-efi - GRand Unified Bootloader, version 2 (dummy package) grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version) grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version) grub-emu - GRand Unified Bootloader, version 2 (emulated version) grub-firmware-qemu - GRUB firmware image for QEMU grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version) grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package) grub-pc - GRand Unified Bootloader, version 2 (PC/BIOS version) grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version) grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version) grub2 - GRand Unified Bootloader, version 2 (dummy package) Launchpad-Bugs-Fixed: 563895 623609 Changes: grub2 (1.98-1ubuntu13) lucid-proposed; urgency=low . [ Colin Watson ] * Handle partition devices without corresponding disk devices (LP: #623609). . [ Ken Stailey ] * Backport upstream patch to skip LVM snapshots (LP: #563895). Checksums-Sha1: cacf06d9eea123675f0ac191dd757cc341a0a2f1 3155 grub2_1.98-1ubuntu13.dsc 0845fd3bdf823264bbeaeebefd5931e7f1f2cdf1 259071 grub2_1.98-1ubuntu13.diff.gz Checksums-Sha256: d53387b4d4260fb53a73bf676ae1afaa1c1f1c7a74dbceb90182588b07431db8 3155 grub2_1.98-1ubuntu13.dsc 0db8c45e8333ed666a5d57b81e872100e2e7eda4b5f75c51efde145dfceebef6 259071 grub2_1.98-1ubuntu13.diff.gz Files: 2cd7d4e7537292e33d18b0ee9f759582 3155 admin optional grub2_1.98-1ubuntu13.dsc 6b83d89ac46fa9e30c4c9166f2626ea6 259071 admin optional grub2_1.98-1ubuntu13.diff.gz Original-Maintainer: GRUB Maintainers From alberto.milone at canonical.com Fri Jan 20 14:21:02 2012 From: alberto.milone at canonical.com (Alberto Milone) Date: Fri, 20 Jan 2012 14:21:02 -0000 Subject: [ubuntu/lucid-proposed] fglrx-installer 2:8.723.1-0ubuntu6 (Accepted) Message-ID: <20120120142102.24488.62151.launchpad@wampee.canonical.com> fglrx-installer (2:8.723.1-0ubuntu6) lucid-proposed; urgency=low * debian/fglrx.postrm: - Do not remove diversions. Those diversions were likely installed by older releases of the driver (since we don't use diversions any more). Any diversion should be removed in fglrx.preinst, as it's exactly where we remove all other diversions (LP: #566437). * debian/fglrx.prerm: - Call dpkg-trigger with --by-package=$PACKAGE_NAME. Date: Fri, 20 Jan 2012 12:01:17 +0100 Changed-By: Alberto Milone Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/fglrx-installer/2:8.723.1-0ubuntu6 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 12:01:17 +0100 Source: fglrx-installer Binary: fglrx fglrx-dev fglrx-amdcccle fglrx-modaliases xorg-driver-fglrx fglrx-kernel-source Architecture: source Version: 2:8.723.1-0ubuntu6 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Alberto Milone Description: fglrx - Video driver for the ATI graphics accelerators fglrx-amdcccle - Catalyst Control Center for the ATI graphics accelerators fglrx-dev - Video driver for the ATI graphics accelerators (devel files) fglrx-kernel-source - Transitional package for fglrx-kernel-source fglrx-modaliases - Identifiers supported by the ATI graphics driver xorg-driver-fglrx - Transitional package for xorg-driver-fglrx Launchpad-Bugs-Fixed: 566437 Changes: fglrx-installer (2:8.723.1-0ubuntu6) lucid-proposed; urgency=low . * debian/fglrx.postrm: - Do not remove diversions. Those diversions were likely installed by older releases of the driver (since we don't use diversions any more). Any diversion should be removed in fglrx.preinst, as it's exactly where we remove all other diversions (LP: #566437). * debian/fglrx.prerm: - Call dpkg-trigger with --by-package=$PACKAGE_NAME. Checksums-Sha1: 14f0fd10a0ba3eecc822c23a461a37a8fe5ac822 1458 fglrx-installer_8.723.1-0ubuntu6.dsc 97968817d86c2ab03c3607e8593f99848fb6d251 25608 fglrx-installer_8.723.1-0ubuntu6.diff.gz Checksums-Sha256: bc2dd6984732db50f1514d8e81802aaa7ed12140c7084ff8debabc2b3ed4bcaf 1458 fglrx-installer_8.723.1-0ubuntu6.dsc 2164b764622df34b964a173bb9b8d828b3a2af59defff65eae3dffcc20eb0f39 25608 fglrx-installer_8.723.1-0ubuntu6.diff.gz Files: 5ad2e1c98cf36c3ed13b50932a384745 1458 restricted/misc extra fglrx-installer_8.723.1-0ubuntu6.dsc b16be336c41e047c09e962ad8e38e760 25608 restricted/misc extra fglrx-installer_8.723.1-0ubuntu6.diff.gz From udienz at ubuntu.com Mon Jan 23 16:03:56 2012 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Mon, 23 Jan 2012 16:03:56 -0000 Subject: [ubuntu/lucid-security] squid3 3.0.STABLE19-1ubuntu0.2 (Accepted) Message-ID: <20120123160356.11686.15650.launchpad@cocoplum.canonical.com> squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet that only contains header. (LP: #907686) - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream. - CVE-2010-0308 * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. (LP: #907690) - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream. - CVE-2010-0639 * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response by remote Gopher servers. (LP: #907687) - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream. - CVE-2011-3205 Date: Wed, 18 Jan 2012 12:46:59 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/squid3/3.0.STABLE19-1ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Wed, 18 Jan 2012 12:46:59 +0700 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid3-cgi Architecture: source Version: 3.0.STABLE19-1ubuntu0.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: squid3 - A full featured Web Proxy cache (HTTP proxy) squid3-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility Launchpad-Bugs-Fixed: 907686 907687 907690 Changes: squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low . * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet that only contains header. (LP: #907686) - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream. - CVE-2010-0308 * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. (LP: #907690) - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream. - CVE-2010-0639 * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response by remote Gopher servers. (LP: #907687) - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream. - CVE-2011-3205 Checksums-Sha1: 27bd2f97048ec958a1068a2d58ddb0d8b3882d48 1964 squid3_3.0.STABLE19-1ubuntu0.2.dsc 0e7496162f03a20ae9d593d684e7989f9e0f77fc 18919 squid3_3.0.STABLE19-1ubuntu0.2.diff.gz Checksums-Sha256: 05e75ae7ba05a6b6b5f51eae1664d55b53af9dd07172f58193c20b83284f1306 1964 squid3_3.0.STABLE19-1ubuntu0.2.dsc d924417d6035049c86f57325e1cd6340ae4b6406d8f2f01e287e90e19daa5b7e 18919 squid3_3.0.STABLE19-1ubuntu0.2.diff.gz Files: ba8625073d68cf9aa429d3624c8e352a 1964 web optional squid3_3.0.STABLE19-1ubuntu0.2.dsc 5c9e112157a4147506177b2066881173 18919 web optional squid3_3.0.STABLE19-1ubuntu0.2.diff.gz Original-Maintainer: Luigi Gangitano From jamie at ubuntu.com Mon Jan 23 22:34:14 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Mon, 23 Jan 2012 22:34:14 -0000 Subject: [ubuntu/lucid-security] qemu-kvm 0.12.3+noroms-0ubuntu9.17 (Accepted) Message-ID: <20120123223414.3627.59997.launchpad@cocoplum.canonical.com> qemu-kvm (0.12.3+noroms-0ubuntu9.17) lucid-security; urgency=low * SECURITY UPDATE: fix heap overflow in e1000 driver with crafted legacy mode packets - debian/patches/CVE-2012-0029.patch: check for overflow whenever issuing PCI dma reads - CVE-2012-0029 Date: Tue, 17 Jan 2012 13:43:45 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.17 -------------- next part -------------- Format: 1.8 Date: Tue, 17 Jan 2012 13:43:45 -0600 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.3+noroms-0ubuntu9.17 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Changes: qemu-kvm (0.12.3+noroms-0ubuntu9.17) lucid-security; urgency=low . * SECURITY UPDATE: fix heap overflow in e1000 driver with crafted legacy mode packets - debian/patches/CVE-2012-0029.patch: check for overflow whenever issuing PCI dma reads - CVE-2012-0029 Checksums-Sha1: ca466bcd9c49acc3c2dc59584f3a6363d8f5a161 2161 qemu-kvm_0.12.3+noroms-0ubuntu9.17.dsc 9987a2f0f700ea6973af55922800f889b3a328f0 68881 qemu-kvm_0.12.3+noroms-0ubuntu9.17.diff.gz Checksums-Sha256: cb4c880ee61556b0bab48784538e0966ea82a879b49935b8669b251a724e4dce 2161 qemu-kvm_0.12.3+noroms-0ubuntu9.17.dsc 8daaa3a4b1bbe293b747a3f275ec35ebcb07b7e8b5f817cba91b86e087563cc2 68881 qemu-kvm_0.12.3+noroms-0ubuntu9.17.diff.gz Files: 8569d2dc26d7173e3809141241c08856 2161 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.17.dsc 2ceda5b40886d7f15cd88573cd09bcf5 68881 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.17.diff.gz From martin.pitt at ubuntu.com Tue Jan 24 05:37:42 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 24 Jan 2012 05:37:42 -0000 Subject: [ubuntu/lucid-proposed] xdg-utils 1.0.2-6.1ubuntu3.2 (Accepted) Message-ID: <20120124053742.2769.17264.launchpad@wampee.canonical.com> xdg-utils (1.0.2-6.1ubuntu3.2) lucid-proposed; urgency=low [ Kenneth Solbø Andersen ] * debian/patches/xdg-email-thunderbird.patch: Change "TOqul=" to "TO=" (LP: #778464) Date: Mon, 23 Jan 2012 15:43:56 +0100 Changed-By: Martin Pitt Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/lucid/+source/xdg-utils/1.0.2-6.1ubuntu3.2 -------------- next part -------------- Format: 1.8 Date: Mon, 23 Jan 2012 15:43:56 +0100 Source: xdg-utils Binary: xdg-utils Architecture: source Version: 1.0.2-6.1ubuntu3.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Martin Pitt Description: xdg-utils - desktop integration utilities from freedesktop.org Launchpad-Bugs-Fixed: 778464 Changes: xdg-utils (1.0.2-6.1ubuntu3.2) lucid-proposed; urgency=low . [ Kenneth Solbø Andersen ] * debian/patches/xdg-email-thunderbird.patch: Change "TOqul=" to "TO=" (LP: #778464) Checksums-Sha1: f1f98a864090c07ad4f94861ab2015c11840d47e 1889 xdg-utils_1.0.2-6.1ubuntu3.2.dsc 93443d963ee40cbe5b48d62bc2b48203c4109f93 7626 xdg-utils_1.0.2-6.1ubuntu3.2.diff.gz Checksums-Sha256: 0cbea0312a8f8a15ff2254366cc7ff21654b3560fd533364cc9305b6bedbe661 1889 xdg-utils_1.0.2-6.1ubuntu3.2.dsc 38268d329768c85c215f487f7c9eea14e7d9071a5f7139e9935c5c854761c467 7626 xdg-utils_1.0.2-6.1ubuntu3.2.diff.gz Files: ce168f273d0b49cbded0913ee2e0234e 1889 utils optional xdg-utils_1.0.2-6.1ubuntu3.2.dsc 3fb9e4fd77e4575216028d6d39fe5231 7626 utils optional xdg-utils_1.0.2-6.1ubuntu3.2.diff.gz Original-Maintainer: Per Olofsson From cjwatson at ubuntu.com Tue Jan 24 05:38:38 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Tue, 24 Jan 2012 05:38:38 -0000 Subject: [ubuntu/lucid-proposed] kickseed 0.54ubuntu1.10.04.2 (Accepted) Message-ID: <20120124053838.2448.78609.launchpad@wampee.canonical.com> kickseed (0.54ubuntu1.10.04.2) lucid-proposed; urgency=low * Fix iSCSI ks_preseed calls to include a type field (LP: #810068). kickseed (0.54ubuntu1.10.04.1) lucid-proposed; urgency=low * Preseed partman-lvm/confirm_overwrite as well as partman-lvm/confirm. * Preseed partman-lvm/device_remove_lvm when confirming logvol results, since Kickstart doesn't have a separate control with a one-to-one correspondence to this (LP: #708548). Date: Fri, 20 Jan 2012 16:51:53 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/lucid/+source/kickseed/0.54ubuntu1.10.04.2 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 16:51:53 +0000 Source: kickseed Binary: kickseed-common initrd-kickseed Architecture: source Version: 0.54ubuntu1.10.04.2 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: initrd-kickseed - Load Kickstart file from the initrd (udeb) kickseed-common - Common files for Kickstart compatibility (udeb) Launchpad-Bugs-Fixed: 708548 810068 Changes: kickseed (0.54ubuntu1.10.04.2) lucid-proposed; urgency=low . * Fix iSCSI ks_preseed calls to include a type field (LP: #810068). . kickseed (0.54ubuntu1.10.04.1) lucid-proposed; urgency=low . * Preseed partman-lvm/confirm_overwrite as well as partman-lvm/confirm. * Preseed partman-lvm/device_remove_lvm when confirming logvol results, since Kickstart doesn't have a separate control with a one-to-one correspondence to this (LP: #708548). Checksums-Sha1: 6c7b2e7931af17ad624f2946eb94114a67aa095c 1867 kickseed_0.54ubuntu1.10.04.2.dsc 15e5b98db07e14e5c117859263bb156cd68f5521 25134 kickseed_0.54ubuntu1.10.04.2.tar.gz Checksums-Sha256: ffd3266a87aedb66ea9e03dda30d0bdb64fda6d3309af720f07ed1aa6eeb069b 1867 kickseed_0.54ubuntu1.10.04.2.dsc 5a4b130ba75f4ab51236902badcc93721451ce3c5c72d9ca2a0f0481f73d7c10 25134 kickseed_0.54ubuntu1.10.04.2.tar.gz Files: ae5116f8079936389731eb6203b242b5 1867 debian-installer optional kickseed_0.54ubuntu1.10.04.2.dsc 29465812569fa9323f31a3975589c67a 25134 debian-installer optional kickseed_0.54ubuntu1.10.04.2.tar.gz Original-Maintainer: Debian Install System Team From cjwatson at ubuntu.com Tue Jan 24 05:39:12 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Tue, 24 Jan 2012 05:39:12 -0000 Subject: [ubuntu/lucid-proposed] partman-iscsi 14.1 (Accepted) Message-ID: <20120124053912.1946.92581.launchpad@chaenomeles.canonical.com> partman-iscsi (14.1) lucid-proposed; urgency=low * Don't fail if debconf questions are preseeded (LP: #810068). Date: Fri, 20 Jan 2012 16:44:33 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/lucid/+source/partman-iscsi/14.1 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 16:44:33 +0000 Source: partman-iscsi Binary: partman-iscsi Architecture: source Version: 14.1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: partman-iscsi - Adds support for iSCSI to partman (udeb) Launchpad-Bugs-Fixed: 810068 Changes: partman-iscsi (14.1) lucid-proposed; urgency=low . * Don't fail if debconf questions are preseeded (LP: #810068). Checksums-Sha1: b5fc290ee73fe3822e46e348a611fe4d9ba7c453 1584 partman-iscsi_14.1.dsc 4ac5162616a0578113359e74ec623f4f6b999421 14397 partman-iscsi_14.1.tar.gz Checksums-Sha256: 4a22078092f425c555dfab4628ac46a0271d8f22375098318f2d3d6f407420ae 1584 partman-iscsi_14.1.dsc 658fed25fed9bc3f4ffd7a1876d88e307da01ca0c57d82fcfee3ffcee7d2008e 14397 partman-iscsi_14.1.tar.gz Files: 92ff92dfa35954df17a829e4efe4df7e 1584 debian-installer standard partman-iscsi_14.1.dsc d73827eb3aca2d0cefa0d205d18fc71e 14397 debian-installer standard partman-iscsi_14.1.tar.gz From martin.pitt at ubuntu.com Tue Jan 24 09:20:58 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 24 Jan 2012 09:20:58 -0000 Subject: [ubuntu/lucid-proposed] media-player-info 16-1~lucid1 (Accepted) Message-ID: <20120124092058.2043.2049.launchpad@soybean.canonical.com> media-player-info (16-1~lucid1) lucid-proposed; urgency=low * Backport current release to Lucid as per MicroReleaseException. media-player-info (16-1) unstable; urgency=low * New upstream release: - Add various Sony Walkman models (LP: #670066) - Add Archos Key (LP: #902518) media-player-info (15-1) unstable; urgency=low * New upstream release: - Add TrekStor i.Beat rock (LP: #764141) - Add more Sansa Clip+ players (LP: #793799) - Add Creative ZEN Style 300 (LP: #835568) - Add Sony Xperia Mini Pro (LP: #840903) - Lots of more added music players. - Add playlist path to all Android devices. - Define "FolderSeparator" and "LineEnding" properties (Not being used by any music player software yet). media-player-info (14-1) unstable; urgency=low * New upstream release. - Add Sandisk Sansa Fuze+. - HTC legend uses same ID as desire/hero/evo-4g in debug mode - Add Pantech SIRIUS alpha - Add Sharp IS01 - Add Sony Ericsson C905 - Fix product ID of Sandisk Sansa Fuze (LP: #759668) - Add Creative Zen X-Fi Style media-player-info (13) unstable; urgency=low * New upstream release - Add Sony Ericsson K800i. (LP: #722629) - Add Sony NWZ-E355. (LP: #696705) - See NEWS for other additions. media-player-info (12-2) unstable; urgency=low * Add debian/media-player-info.docs: Install NEWS. (Closes: #609429) Date: Tue, 24 Jan 2012 09:47:41 +0100 Changed-By: Martin Pitt Maintainer: Martin Pitt https://launchpad.net/ubuntu/lucid/+source/media-player-info/16-1~lucid1 -------------- next part -------------- Format: 1.8 Date: Tue, 24 Jan 2012 09:47:41 +0100 Source: media-player-info Binary: media-player-info Architecture: source Version: 16-1~lucid1 Distribution: lucid-proposed Urgency: low Maintainer: Martin Pitt Changed-By: Martin Pitt Description: media-player-info - Media player identification files Closes: 609429 Launchpad-Bugs-Fixed: 670066 696705 722629 759668 764141 793799 835568 840903 902518 Changes: media-player-info (16-1~lucid1) lucid-proposed; urgency=low . * Backport current release to Lucid as per MicroReleaseException. . media-player-info (16-1) unstable; urgency=low . * New upstream release: - Add various Sony Walkman models (LP: #670066) - Add Archos Key (LP: #902518) . media-player-info (15-1) unstable; urgency=low . * New upstream release: - Add TrekStor i.Beat rock (LP: #764141) - Add more Sansa Clip+ players (LP: #793799) - Add Creative ZEN Style 300 (LP: #835568) - Add Sony Xperia Mini Pro (LP: #840903) - Lots of more added music players. - Add playlist path to all Android devices. - Define "FolderSeparator" and "LineEnding" properties (Not being used by any music player software yet). . media-player-info (14-1) unstable; urgency=low . * New upstream release. - Add Sandisk Sansa Fuze+. - HTC legend uses same ID as desire/hero/evo-4g in debug mode - Add Pantech SIRIUS alpha - Add Sharp IS01 - Add Sony Ericsson C905 - Fix product ID of Sandisk Sansa Fuze (LP: #759668) - Add Creative Zen X-Fi Style . media-player-info (13) unstable; urgency=low . * New upstream release - Add Sony Ericsson K800i. (LP: #722629) - Add Sony NWZ-E355. (LP: #696705) - See NEWS for other additions. . media-player-info (12-2) unstable; urgency=low . * Add debian/media-player-info.docs: Install NEWS. (Closes: #609429) Checksums-Sha1: 88f979f34f65ac50e0c0aac0d9d7891db404e8d2 1784 media-player-info_16-1~lucid1.dsc 552b8011766c4929ba930d0b573b570cd35771dc 3870 media-player-info_16-1~lucid1.debian.tar.gz Checksums-Sha256: 1970f4b7a6397f4ba96b2ff7400a9d8887360ec346511c48cae4a47626b4fd2c 1784 media-player-info_16-1~lucid1.dsc 82c26a1fd0e29e80cb68c7d297b92170521e198620e9139d1c4f0eb0ca88c3a0 3870 media-player-info_16-1~lucid1.debian.tar.gz Files: 8d34501cb2e5d4e751eff003c8a3f81c 1784 admin optional media-player-info_16-1~lucid1.dsc 48c37b17c150cebf6ea6659a3663eeb0 3870 admin optional media-player-info_16-1~lucid1.debian.tar.gz From sbeattie at ubuntu.com Tue Jan 24 21:04:16 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Tue, 24 Jan 2012 21:04:16 -0000 Subject: [ubuntu/lucid-security] openjdk-6b18 6b18-1.8.10-0ubuntu1~10.04.3 (Accepted) Message-ID: <20120124210416.19846.83679.launchpad@cocoplum.canonical.com> openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.3) lucid-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Date: Fri, 20 Jan 2012 16:40:50 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.3 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 16:40:50 -0800 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.10-0ubuntu1~10.04.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Launchpad-Bugs-Fixed: 891761 Changes: openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.3) lucid-security; urgency=low . * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Checksums-Sha1: 75bdfdfe5168ae04241367f56d03c752b8b4299e 3148 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.3.dsc 08942ae407686767707a1aa45562414906fc540a 139323 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.3.diff.gz Checksums-Sha256: 275505c270e9dd1aab85de0c91ef3cb1d6fd9eb07a57f26e5e29bb924db60849 3148 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.3.dsc 614065030be57dcaa354cc1c45364144422552fd5ed35046ed4b8e1edc09bfb1 139323 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.3.diff.gz Files: 3fe5016ec1be7dd2a14af06367352ca2 3148 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.3.dsc 8f00843fcedd3427f92df961c41faf99 139323 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.3.diff.gz Original-Maintainer: OpenJDK Team From sbeattie at ubuntu.com Tue Jan 24 21:04:50 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Tue, 24 Jan 2012 21:04:50 -0000 Subject: [ubuntu/lucid-security] openjdk-6 6b20-1.9.10-0ubuntu1~10.04.3 (Accepted) Message-ID: <20120124210450.19846.19795.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.10-0ubuntu1~10.04.3) lucid-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Date: Fri, 20 Jan 2012 10:36:28 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.3 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 10:36:28 -0800 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.10-0ubuntu1~10.04.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Launchpad-Bugs-Fixed: 891761 Changes: openjdk-6 (6b20-1.9.10-0ubuntu1~10.04.3) lucid-security; urgency=low . * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Checksums-Sha1: a992fd1b2eec4a9bc3537faf2184cdd52a498e52 3163 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.3.dsc 086e402c234ea489766734598dca175264a59c13 136552 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.3.diff.gz Checksums-Sha256: b11f24cdf8addcb10a687e65d7f913d2dae48bcd7a7909ba6864ade7e0cb2ffc 3163 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.3.dsc 38ec206bf423fb4ce5f793d25b1e7002b9ad50baaa72d1d4f6d630b5878057e1 136552 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.3.diff.gz Files: 3ae063db331d59f625b8f4a403f66399 3163 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.04.3.dsc 26d0a86072bd562a4e1d637479657459 136552 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.04.3.diff.gz Original-Maintainer: OpenJDK Team From jamie at ubuntu.com Wed Jan 25 19:35:54 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 25 Jan 2012 19:35:54 -0000 Subject: [ubuntu/lucid-security] evince_2.30.3-0ubuntu1.3_sparc_translations.tar.gz, evince_2.30.3-0ubuntu1.3_i386_translations.tar.gz, evince_2.30.3-0ubuntu1.3_amd64_translations.tar.gz, evince_2.30.3-0ubuntu1.3_ia64_translations.tar.gz, evince_2.30.3-0ubuntu1.3_armel_translations.tar.gz, evince, evince_2.30.3-0ubuntu1.3_powerpc_translations.tar.gz, evince_2.30.3-0ubuntu1.3_static_translations.tar.gz 2.30.3-0ubuntu1.3 (Accepted) Message-ID: <20120125193554.26373.84503.launchpad@cocoplum.canonical.com> evince (2.30.3-0ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: fix heap-based buffer overflow - debian/patches/03_CVE-2011-0433.patch: add more bounds checking in backend/dvi/mdvi-lib/afmparse.c - CVE-2011-0433 Date: Thu, 19 Jan 2012 09:27:12 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/lucid/+source/evince/2.30.3-0ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Thu, 19 Jan 2012 09:27:12 -0600 Source: evince Binary: evince evince-dbg libevview-dev libevview2 libevdocument-dev libevdocument2 Architecture: source Version: 2.30.3-0ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Jamie Strandboge Description: evince - Document (postscript, pdf) viewer evince-dbg - Document (postscript, pdf) viewer - debugging symbols libevdocument-dev - GNOME document viewer backend library - development headers libevdocument2 - GNOME document viewer backend library libevview-dev - GNOME document viewer view library - development headers libevview2 - GNOME document viewer view library Changes: evince (2.30.3-0ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: fix heap-based buffer overflow - debian/patches/03_CVE-2011-0433.patch: add more bounds checking in backend/dvi/mdvi-lib/afmparse.c - CVE-2011-0433 Checksums-Sha1: 45d5e18dc3e34fc42ec22b53f2699a8df4c9bdc6 2573 evince_2.30.3-0ubuntu1.3.dsc 67b73cd6e3535f91264bf9c0e15141f428bc890c 37107 evince_2.30.3-0ubuntu1.3.diff.gz Checksums-Sha256: 3adaaf8900d2c46906a69661a9d54859fddae31a81c4226c78dbc83aba7278ee 2573 evince_2.30.3-0ubuntu1.3.dsc b7ad25d1da39739e550d297434bb8decd4d7451f37cac4f6ecd125d99361735d 37107 evince_2.30.3-0ubuntu1.3.diff.gz Files: 16b675c319444cb79049b3dd36c7ddc8 2573 gnome optional evince_2.30.3-0ubuntu1.3.dsc 4aa4fe04d7362a92efdc01821b0e65a2 37107 gnome optional evince_2.30.3-0ubuntu1.3.diff.gz Original-Maintainer: Marc 'HE' Brockschmidt From apw at canonical.com Wed Jan 25 23:03:35 2012 From: apw at canonical.com (Andy Whitcroft) Date: Wed, 25 Jan 2012 23:03:35 -0000 Subject: [ubuntu/lucid-security] linux-lts-backport-oneiric 3.0.0-15.26~lucid1 (Accepted) Message-ID: <20120125230335.9021.86135.launchpad@cocoplum.canonical.com> linux-lts-backport-oneiric (3.0.0-15.26~lucid1) lucid-security; urgency=low [ Upstream Kernel Changes ] * Revert "proc: enable writing to /proc/pid/mem" - LP: #919115 - CVE-2012-0056 Date: Fri, 20 Jan 2012 10:19:07 +0000 Changed-By: Andy Whitcroft Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/lucid/+source/linux-lts-backport-oneiric/3.0.0-15.26~lucid1 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 10:19:07 +0000 Source: linux-lts-backport-oneiric Binary: linux-headers-3.0.0-15 linux-image-3.0.0-15-generic linux-headers-3.0.0-15-generic linux-image-3.0.0-15-generic-dbgsym linux-image-3.0.0-15-generic-pae linux-headers-3.0.0-15-generic-pae linux-image-3.0.0-15-generic-pae-dbgsym linux-image-3.0.0-15-server linux-headers-3.0.0-15-server linux-image-3.0.0-15-server-dbgsym linux-image-3.0.0-15-virtual linux-headers-3.0.0-15-virtual linux-image-3.0.0-15-virtual-dbgsym kernel-image-3.0.0-15-generic-di nic-modules-3.0.0-15-generic-di nic-shared-modules-3.0.0-15-generic-di serial-modules-3.0.0-15-generic-di ppp-modules-3.0.0-15-generic-di pata-modules-3.0.0-15-generic-di scsi-modules-3.0.0-15-generic-di plip-modules-3.0.0-15-generic-di floppy-modules-3.0.0-15-generic-di fat-modules-3.0.0-15-generic-di nfs-modules-3.0.0-15-generic-di md-modules-3.0.0-15-generic-di usb-modules-3.0.0-15-generic-di pcmcia-storage-modules-3.0.0-15-generic-di fb-modules-3.0.0-15-generic-di input-modules-3.0.0-15-generic-di mouse-modules-3.0.0-15-generic-di irda-modules-3.0.0-15-generic-di parport-modules-3.0.0-15-generic-di nic-pcmcia-modules-3.0.0-15-generic-di pcmcia-modules-3.0.0-15-generic-di nic-usb-modules-3.0.0-15-generic-di sata-modules-3.0.0-15-generic-di crypto-modules-3.0.0-15-generic-di squashfs-modules-3.0.0-15-generic-di virtio-modules-3.0.0-15-generic-di fs-core-modules-3.0.0-15-generic-di fs-secondary-modules-3.0.0-15-generic-di storage-core-modules-3.0.0-15-generic-di block-modules-3.0.0-15-generic-di message-modules-3.0.0-15-generic-di vlan-modules-3.0.0-15-generic-di kernel-image-3.0.0-15-virtual-di nic-modules-3.0.0-15-virtual-di nic-shared-modules-3.0.0-15-virtual-di ppp-modules-3.0.0-15-virtual-di scsi-modules-3.0.0-15-virtual-di floppy-modules-3.0.0-15-virtual-di fat-modules-3.0.0-15-virtual-di md-modules-3.0.0-15-virtual-di fb-modules-3.0.0-15-virtual-di mouse-modules-3.0.0-15-virtual-di irda-modules-3.0.0-15-virtual-di parport-modules-3.0.0-15-virtual-di sata-modules-3.0.0-15-virtual-di crypto-modules-3.0.0-15-virtual-di squashfs-modules-3.0.0-15-virtual-di virtio-modules-3.0.0-15-virtual-di fs-core-modules-3.0.0-15-virtual-di fs-secondary-modules-3.0.0-15-virtual-di storage-core-modules-3.0.0-15-virtual-di block-modules-3.0.0-15-virtual-di message-modules-3.0.0-15-virtual-di vlan-modules-3.0.0-15-virtual-di Architecture: source Version: 3.0.0-15.26~lucid1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Andy Whitcroft Description: block-modules-3.0.0-15-generic-di - Block storage devices (udeb) block-modules-3.0.0-15-virtual-di - Block storage devices (udeb) crypto-modules-3.0.0-15-generic-di - crypto modules (udeb) crypto-modules-3.0.0-15-virtual-di - crypto modules (udeb) fat-modules-3.0.0-15-generic-di - FAT filesystem support (udeb) fat-modules-3.0.0-15-virtual-di - FAT filesystem support (udeb) fb-modules-3.0.0-15-generic-di - Framebuffer modules (udeb) fb-modules-3.0.0-15-virtual-di - Framebuffer modules (udeb) floppy-modules-3.0.0-15-generic-di - Floppy driver support (udeb) floppy-modules-3.0.0-15-virtual-di - Floppy driver support (udeb) fs-core-modules-3.0.0-15-generic-di - Base filesystem modules (udeb) fs-core-modules-3.0.0-15-virtual-di - Base filesystem modules (udeb) fs-secondary-modules-3.0.0-15-generic-di - Extra filesystem modules (udeb) fs-secondary-modules-3.0.0-15-virtual-di - Extra filesystem modules (udeb) input-modules-3.0.0-15-generic-di - Support for various input methods (udeb) irda-modules-3.0.0-15-generic-di - Support for Infrared protocols (udeb) irda-modules-3.0.0-15-virtual-di - Support for Infrared protocols (udeb) kernel-image-3.0.0-15-generic-di - Linux kernel binary image for the Debian installer (udeb) kernel-image-3.0.0-15-virtual-di - Linux kernel binary image for the Debian installer (udeb) linux-headers-3.0.0-15 - Header files related to Linux kernel version 3.0.0 linux-headers-3.0.0-15-generic - Linux kernel headers for version 3.0.0 on x86/x86_64 linux-headers-3.0.0-15-generic-pae - Linux kernel headers for version 3.0.0 on x86 linux-headers-3.0.0-15-server - Linux kernel headers for version 3.0.0 on x86_64 linux-headers-3.0.0-15-virtual - Linux kernel headers for version 3.0.0 on x86/x86_64 linux-image-3.0.0-15-generic - Linux kernel image for version 3.0.0 on x86/x86_64 linux-image-3.0.0-15-generic-dbgsym - Linux kernel debug image for version 3.0.0 on x86/x86_64 linux-image-3.0.0-15-generic-pae - Linux kernel image for version 3.0.0 on x86 linux-image-3.0.0-15-generic-pae-dbgsym - Linux kernel debug image for version 3.0.0 on x86 linux-image-3.0.0-15-server - Linux kernel image for version 3.0.0 on x86_64 linux-image-3.0.0-15-server-dbgsym - Linux kernel debug image for version 3.0.0 on x86_64 linux-image-3.0.0-15-virtual - Linux kernel image for version 3.0.0 on x86/x86_64 linux-image-3.0.0-15-virtual-dbgsym - Linux kernel debug image for version 3.0.0 on x86/x86_64 md-modules-3.0.0-15-generic-di - Multi-device support (raid, device-mapper, lvm) (udeb) md-modules-3.0.0-15-virtual-di - Multi-device support (raid, device-mapper, lvm) (udeb) message-modules-3.0.0-15-generic-di - Fusion and i2o storage modules (udeb) message-modules-3.0.0-15-virtual-di - Fusion and i2o storage modules (udeb) mouse-modules-3.0.0-15-generic-di - Mouse support (udeb) mouse-modules-3.0.0-15-virtual-di - Mouse support (udeb) nfs-modules-3.0.0-15-generic-di - NFS filesystem drivers (udeb) nic-modules-3.0.0-15-generic-di - Network interface support (udeb) nic-modules-3.0.0-15-virtual-di - Network interface support (udeb) nic-pcmcia-modules-3.0.0-15-generic-di - PCMCIA network interface support (udeb) nic-shared-modules-3.0.0-15-generic-di - nic shared modules (udeb) nic-shared-modules-3.0.0-15-virtual-di - nic shared modules (udeb) nic-usb-modules-3.0.0-15-generic-di - USB network interface support (udeb) parport-modules-3.0.0-15-generic-di - Parallel port support (udeb) parport-modules-3.0.0-15-virtual-di - Parallel port support (udeb) pata-modules-3.0.0-15-generic-di - PATA support modules (udeb) pcmcia-modules-3.0.0-15-generic-di - PCMCIA Modules (udeb) pcmcia-storage-modules-3.0.0-15-generic-di - PCMCIA storage support (udeb) plip-modules-3.0.0-15-generic-di - PLIP (parallel port) networking support (udeb) ppp-modules-3.0.0-15-generic-di - PPP (serial port) networking support (udeb) ppp-modules-3.0.0-15-virtual-di - PPP (serial port) networking support (udeb) sata-modules-3.0.0-15-generic-di - SATA storage support (udeb) sata-modules-3.0.0-15-virtual-di - SATA storage support (udeb) scsi-modules-3.0.0-15-generic-di - SCSI storage support (udeb) scsi-modules-3.0.0-15-virtual-di - SCSI storage support (udeb) serial-modules-3.0.0-15-generic-di - Serial port support (udeb) squashfs-modules-3.0.0-15-generic-di - squashfs modules (udeb) squashfs-modules-3.0.0-15-virtual-di - squashfs modules (udeb) storage-core-modules-3.0.0-15-generic-di - Core storage support (udeb) storage-core-modules-3.0.0-15-virtual-di - Core storage support (udeb) usb-modules-3.0.0-15-generic-di - Core USB support (udeb) virtio-modules-3.0.0-15-generic-di - VirtIO Modules (udeb) virtio-modules-3.0.0-15-virtual-di - VirtIO Modules (udeb) vlan-modules-3.0.0-15-generic-di - vlan modules (udeb) vlan-modules-3.0.0-15-virtual-di - vlan modules (udeb) Launchpad-Bugs-Fixed: 919115 Changes: linux-lts-backport-oneiric (3.0.0-15.26~lucid1) lucid-security; urgency=low . [ Upstream Kernel Changes ] . * Revert "proc: enable writing to /proc/pid/mem" - LP: #919115 - CVE-2012-0056 Checksums-Sha1: edce340857fbaaad83f3bf4ff2c2d09258491ea0 4210 linux-lts-backport-oneiric_3.0.0-15.26~lucid1.dsc 8fcde6df26fd31df671b1a1742155a2126aaf7e9 105478383 linux-lts-backport-oneiric_3.0.0-15.26~lucid1.tar.gz Checksums-Sha256: 8fdadfcbaa7922d55be9ed65b782a16c894ac61174d0dcd3947fd7b870c796cb 4210 linux-lts-backport-oneiric_3.0.0-15.26~lucid1.dsc 63d802a6cfa11a64d6ef29590cd4ae211a810e01e6631a428873b8b7003b3446 105478383 linux-lts-backport-oneiric_3.0.0-15.26~lucid1.tar.gz Files: 59d4d295a6e336b780c4fe53951081fc 4210 devel optional linux-lts-backport-oneiric_3.0.0-15.26~lucid1.dsc 6a2325b983768343040577c8b5d57155 105478383 devel optional linux-lts-backport-oneiric_3.0.0-15.26~lucid1.tar.gz From marc.deslauriers at ubuntu.com Thu Jan 26 14:34:25 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 26 Jan 2012 14:34:25 -0000 Subject: [ubuntu/lucid-security] icu 4.2.1-3ubuntu0.10.04.1 (Accepted) Message-ID: <20120126143425.16958.30295.launchpad@cocoplum.canonical.com> icu (4.2.1-3ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via out of bounds access - debian/patches/CVE-2011-4599.patch: add bounds checks in source/common/uloc.c. - CVE-2011-4599 Date: Wed, 25 Jan 2012 15:13:36 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/icu/4.2.1-3ubuntu0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Wed, 25 Jan 2012 15:13:36 -0500 Source: icu Binary: libicu42 libicu42-dbg libicu-dev lib32icu42 lib32icu-dev icu-doc Architecture: source Version: 4.2.1-3ubuntu0.10.04.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: icu-doc - API documentation for ICU classes and functions lib32icu-dev - Development files for International Components for Unicode (32-bi lib32icu42 - International Components for Unicode (32-bit) libicu-dev - Development files for International Components for Unicode libicu42 - International Components for Unicode libicu42-dbg - International Components for Unicode Changes: icu (4.2.1-3ubuntu0.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via out of bounds access - debian/patches/CVE-2011-4599.patch: add bounds checks in source/common/uloc.c. - CVE-2011-4599 Checksums-Sha1: a305684c7bb664383350d4d697c2611fba8edde7 2093 icu_4.2.1-3ubuntu0.10.04.1.dsc 228fcb7c9f7767d50e016613a42ca3e0e601dadf 14201 icu_4.2.1-3ubuntu0.10.04.1.diff.gz Checksums-Sha256: 0c93ce0fd769040b45b530e9b71a44feb673ad30fee3cf1542e58577b4b2f6b6 2093 icu_4.2.1-3ubuntu0.10.04.1.dsc 5fe010cf7e76dbf453f5c7804121afaf91410f993046100aaad32c2d880d34e6 14201 icu_4.2.1-3ubuntu0.10.04.1.diff.gz Files: f31e85fa39060b91b1886fd30b89979c 2093 libs optional icu_4.2.1-3ubuntu0.10.04.1.dsc 6e8602f86502de8210b34463d2214938 14201 libs optional icu_4.2.1-3ubuntu0.10.04.1.diff.gz Original-Maintainer: Jay Berkenbilt From sbeattie at ubuntu.com Mon Jan 30 08:03:49 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 30 Jan 2012 08:03:49 -0000 Subject: [ubuntu/lucid-security] bip 0.8.2-1squeeze4build0.10.04.1 (Accepted) Message-ID: <20120130080349.13968.48653.launchpad@cocoplum.canonical.com> bip (0.8.2-1squeeze4build0.10.04.1) lucid-security; urgency=low * fake sync from Debian bip (0.8.2-1squeeze4) stable-security; urgency=high * add Buffer-Overflow-check-against-the-implicit-size-of-select-arrays.patch Thanks to Julien Tinnes for reporting it. bip (0.8.2-1squeeze3) testing-proposed-updates; urgency=low * add fix_DOS.patch, backported from 0.8.7. bip (0.8.2-1squeeze2) testing-proposed-updates; urgency=low * New maintainer (with Nohar's blessing). * Fix CVE-2010-3071: null pointer deference (remote DoS). (Closes: #595409) Date: Fri, 27 Jan 2012 16:06:00 -0800 Changed-By: Steve Beattie Maintainer: Pierre-Louis Bonicoli https://launchpad.net/ubuntu/lucid/+source/bip/0.8.2-1squeeze4build0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Fri, 27 Jan 2012 16:06:00 -0800 Source: bip Binary: bip Architecture: source Version: 0.8.2-1squeeze4build0.10.04.1 Distribution: lucid-security Urgency: high Maintainer: Pierre-Louis Bonicoli Changed-By: Steve Beattie Description: bip - multiuser irc proxy with conversation replay and more Closes: 595409 Changes: bip (0.8.2-1squeeze4build0.10.04.1) lucid-security; urgency=low . * fake sync from Debian . bip (0.8.2-1squeeze4) stable-security; urgency=high . * add Buffer-Overflow-check-against-the-implicit-size-of-select-arrays.patch Thanks to Julien Tinnes for reporting it. . bip (0.8.2-1squeeze3) testing-proposed-updates; urgency=low . * add fix_DOS.patch, backported from 0.8.7. . bip (0.8.2-1squeeze2) testing-proposed-updates; urgency=low . * New maintainer (with Nohar's blessing). * Fix CVE-2010-3071: null pointer deference (remote DoS). (Closes: #595409) Checksums-Sha1: f6d4814af7c4e774e4fadf8017322e9ad72fb6d7 1770 bip_0.8.2-1squeeze4build0.10.04.1.dsc fcbd874a025df5710720026dfdc36c106ffc0ad9 9323 bip_0.8.2-1squeeze4build0.10.04.1.diff.gz Checksums-Sha256: 5f5ae8c2b4a5b9d0fd129b6509958b377753995aa4659e737270bfa6482fc76d 1770 bip_0.8.2-1squeeze4build0.10.04.1.dsc 98329b3865e5866a5a939c8b52356b0e3e5177cb72440f6ab75a2237375402e0 9323 bip_0.8.2-1squeeze4build0.10.04.1.diff.gz Files: 43c7b4ab936ec01fe2bd25b3ec473ecf 1770 net optional bip_0.8.2-1squeeze4build0.10.04.1.dsc 2c8f0c006a9041c9643f9ce0d650b3ec 9323 net optional bip_0.8.2-1squeeze4build0.10.04.1.diff.gz From sbeattie at ubuntu.com Mon Jan 30 09:36:06 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 30 Jan 2012 09:36:06 -0000 Subject: [ubuntu/lucid-security] super 3.30.0-3+squeeze1build0.10.04.1 (Accepted) Message-ID: <20120130093606.19855.16642.launchpad@cocoplum.canonical.com> super (3.30.0-3+squeeze1build0.10.04.1) lucid-security; urgency=low * fake sync from Debian super (3.30.0-3+squeeze1) stable-security; urgency=high * Add 12-Use-vsnprintf.patch to fix buffer overflow error occurring when logging via syslog is enabled (CVE-2011-2776). * Add 13-Potential-format-string-vulnerability.patch to fix a vulnerability that might occur if the user of file name or file name used in the tag contains a '%' character. Date: Fri, 27 Jan 2012 16:18:33 -0800 Changed-By: Steve Beattie Maintainer: Robert Luberda https://launchpad.net/ubuntu/lucid/+source/super/3.30.0-3+squeeze1build0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Fri, 27 Jan 2012 16:18:33 -0800 Source: super Binary: super Architecture: source Version: 3.30.0-3+squeeze1build0.10.04.1 Distribution: lucid-security Urgency: high Maintainer: Robert Luberda Changed-By: Steve Beattie Description: super - Execute commands setuid root Changes: super (3.30.0-3+squeeze1build0.10.04.1) lucid-security; urgency=low . * fake sync from Debian . super (3.30.0-3+squeeze1) stable-security; urgency=high . * Add 12-Use-vsnprintf.patch to fix buffer overflow error occurring when logging via syslog is enabled (CVE-2011-2776). * Add 13-Potential-format-string-vulnerability.patch to fix a vulnerability that might occur if the user of file name or file name used in the tag contains a '%' character. Checksums-Sha1: aac6de71b991e3a211bcac1199408c880591ae7f 1762 super_3.30.0-3+squeeze1build0.10.04.1.dsc bde4b931b3285f62e84ef6217d6a6ec0a2ad7665 13226 super_3.30.0-3+squeeze1build0.10.04.1.diff.gz Checksums-Sha256: 66b095fb8b49309a37adaa6b574c83ea60ed5780d986b78ede8262e013f55ce3 1762 super_3.30.0-3+squeeze1build0.10.04.1.dsc eb1e1706f328f3ca6ab91fcce9b4a15efa98e8a3f198a8c63a834c1bdee0da6e 13226 super_3.30.0-3+squeeze1build0.10.04.1.diff.gz Files: 74fe744fac82f7a77f1df9e0b0373595 1762 admin optional super_3.30.0-3+squeeze1build0.10.04.1.dsc efcbc01f37dc882908a0738cedaddff1 13226 admin optional super_3.30.0-3+squeeze1build0.10.04.1.diff.gz From sbeattie at ubuntu.com Mon Jan 30 10:34:02 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 30 Jan 2012 10:34:02 -0000 Subject: [ubuntu/lucid-security] cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1_amd64_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1_powerpc_translations.tar.gz, cyrus-imapd-2.2, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1_ia64_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1_i386_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1_armel_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1_sparc_translations.tar.gz 2.2.13-19squeeze3build0.10.04.1 (Accepted) Message-ID: <20120130103402.9712.5381.launchpad@cocoplum.canonical.com> cyrus-imapd-2.2 (2.2.13-19squeeze3build0.10.04.1) lucid-security; urgency=low * fake sync from Debian cyrus-imapd-2.2 (2.2.13-19+squeeze3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Fix possible NULL pointer dereference via crafted message reference id caused by a missing sanitizing of the mail headers. This can be exploited from a client making use of the IMAP threading feature (CVE-2011-3481). Date: Fri, 27 Jan 2012 16:58:07 -0800 Changed-By: Steve Beattie Maintainer: Debian Cyrus Team https://launchpad.net/ubuntu/lucid/+source/cyrus-imapd-2.2/2.2.13-19squeeze3build0.10.04.1 -------------- next part -------------- Format: 1.8 Date: Fri, 27 Jan 2012 16:58:07 -0800 Source: cyrus-imapd-2.2 Binary: cyrus-common-2.2 cyrus-doc-2.2 cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-admin-2.2 cyrus-murder-2.2 cyrus-nntpd-2.2 cyrus-clients-2.2 cyrus-dev-2.2 libcyrus-imap-perl22 Architecture: source Version: 2.2.13-19squeeze3build0.10.04.1 Distribution: lucid-security Urgency: high Maintainer: Debian Cyrus Team Changed-By: Steve Beattie Description: cyrus-admin-2.2 - Cyrus mail system - administration tools cyrus-clients-2.2 - Cyrus mail system (test clients) cyrus-common-2.2 - Cyrus mail system - common files cyrus-dev-2.2 - Cyrus mail system (developer files) cyrus-doc-2.2 - Cyrus mail system - documentation files cyrus-imapd-2.2 - Cyrus mail system - IMAP support cyrus-murder-2.2 - Cyrus mail system (proxies and aggregator) cyrus-nntpd-2.2 - Cyrus mail system (NNTP support) cyrus-pop3d-2.2 - Cyrus mail system - POP3 support libcyrus-imap-perl22 - Interface to Cyrus imap client imclient library Changes: cyrus-imapd-2.2 (2.2.13-19squeeze3build0.10.04.1) lucid-security; urgency=low . * fake sync from Debian . cyrus-imapd-2.2 (2.2.13-19+squeeze3) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix possible NULL pointer dereference via crafted message reference id caused by a missing sanitizing of the mail headers. This can be exploited from a client making use of the IMAP threading feature (CVE-2011-3481). Checksums-Sha1: 199a1abf74ad665f7639515ce9e4c1a22ce4aca9 2666 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1.dsc 3e5433b100ba77b6eaf7a92e932ba6841d03fde5 268449 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1.diff.gz Checksums-Sha256: ba0daff0be2c6867030caea0ef2498067a1f96f859247eeabb256abba10f3902 2666 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1.dsc 7a147813a5ed886809860086875fb546520dfe0984cb9cbead7bb5d0b76573e5 268449 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1.diff.gz Files: c678bf6e4fa7869e57b3a62ddacde739 2666 mail extra cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1.dsc 123888e4496182b16827b4b11492da05 268449 mail extra cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.04.1.diff.gz From cjwatson at ubuntu.com Mon Jan 30 13:36:10 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Mon, 30 Jan 2012 13:36:10 -0000 Subject: [ubuntu/lucid-proposed] release-upgrader-apt 0.8.16~exp12ubuntu1~upgrader1 (Accepted) Message-ID: <20120130133610.21303.74422.launchpad@gac.canonical.com> release-upgrader-apt (0.8.16~exp12ubuntu1~upgrader1) lucid-proposed; urgency=low * Backport apt libraries from precise to lucid to make multiarch-enabled upgrades work. apt (0.8.16~exp12ubuntu1) precise; urgency=low [ Michael Vogt ] * merge from debian/experimental: - new ABI [ Steve Langasek ] * apt-pkg/algorithms.cc: iterate Breaks the same way as Conflicts, so that we resolve virtual package Breaks more effectively. Thanks to Colin Watson for the patch. Closes: #657695, LP: #922485. * apt-pkg/algorithms.{cc,h}: use an int to represent resolver scores, not a signed short, because large upgrades can result in an overflow for core packages. Thanks again to Colin Watson. Closes: #657732, LP: #917173. * Multi-Arch: none build-deps should be DEB_HOST_ARCH, not DEB_BUILD_ARCH. Closes: #646288. Date: Mon, 30 Jan 2012 10:21:37 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/release-upgrader-apt/0.8.16~exp12ubuntu1~upgrader1 -------------- next part -------------- Format: 1.8 Date: Mon, 30 Jan 2012 10:21:37 +0000 Source: release-upgrader-apt Binary: libapt-pkg4.12 libapt-inst1.4 release-upgrader-libapt-pkg-dev Architecture: source Version: 0.8.16~exp12ubuntu1~upgrader1 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Colin Watson Description: libapt-inst1.4 - deb package format runtime library libapt-pkg4.12 - package managment runtime library release-upgrader-libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst Closes: 646288 657695 657732 Launchpad-Bugs-Fixed: 917173 922485 Changes: release-upgrader-apt (0.8.16~exp12ubuntu1~upgrader1) lucid-proposed; urgency=low . * Backport apt libraries from precise to lucid to make multiarch-enabled upgrades work. . apt (0.8.16~exp12ubuntu1) precise; urgency=low . [ Michael Vogt ] * merge from debian/experimental: - new ABI . [ Steve Langasek ] * apt-pkg/algorithms.cc: iterate Breaks the same way as Conflicts, so that we resolve virtual package Breaks more effectively. Thanks to Colin Watson for the patch. Closes: #657695, LP: #922485. * apt-pkg/algorithms.{cc,h}: use an int to represent resolver scores, not a signed short, because large upgrades can result in an overflow for core packages. Thanks again to Colin Watson. Closes: #657732, LP: #917173. * Multi-Arch: none build-deps should be DEB_HOST_ARCH, not DEB_BUILD_ARCH. Closes: #646288. Checksums-Sha1: 2cb9b0057f86f4f1e34159c6d6b151416c304f0d 2383 release-upgrader-apt_0.8.16~exp12ubuntu1~upgrader1.dsc 79ebbb865343185c39b0eed0c53dfa48adf12d42 3427733 release-upgrader-apt_0.8.16~exp12ubuntu1~upgrader1.tar.gz Checksums-Sha256: bc7137941333588d0c105ccb1849872a104b8e99e255176438d862ba5ef84f0b 2383 release-upgrader-apt_0.8.16~exp12ubuntu1~upgrader1.dsc 37e303a04e79547198918a0957ad3cf572002ed26b65684bc8d2814488c27701 3427733 release-upgrader-apt_0.8.16~exp12ubuntu1~upgrader1.tar.gz Files: 6e49daa4a896311c9669dc93b9b655c4 2383 admin important release-upgrader-apt_0.8.16~exp12ubuntu1~upgrader1.dsc 1dbc28634543990a7bb3c38e4c929c57 3427733 admin important release-upgrader-apt_0.8.16~exp12ubuntu1~upgrader1.tar.gz Original-Maintainer: APT Development Team From cjwatson at ubuntu.com Mon Jan 30 13:36:41 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Mon, 30 Jan 2012 13:36:41 -0000 Subject: [ubuntu/lucid-proposed] release-upgrader-python-apt 0.8.0ubuntu9~upgrader3 (Accepted) Message-ID: <20120130133641.6455.89847.launchpad@soybean.canonical.com> release-upgrader-python-apt (0.8.0ubuntu9~upgrader3) lucid-proposed; urgency=low * Rebuild against latest release-upgrader-apt (LP: #917173, #922485). Date: Mon, 30 Jan 2012 13:09:09 +0000 Changed-By: Colin Watson Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/lucid/+source/release-upgrader-python-apt/0.8.0ubuntu9~upgrader3 -------------- next part -------------- Format: 1.8 Date: Mon, 30 Jan 2012 13:09:09 +0000 Source: release-upgrader-python-apt Binary: release-upgrader-python-apt Architecture: source Version: 0.8.0ubuntu9~upgrader3 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Colin Watson Description: release-upgrader-python-apt - Release upgrader version of python interface to libapt-pkg Launchpad-Bugs-Fixed: 917173 922485 Changes: release-upgrader-python-apt (0.8.0ubuntu9~upgrader3) lucid-proposed; urgency=low . * Rebuild against latest release-upgrader-apt (LP: #917173, #922485). Checksums-Sha1: 05913fec27d5de14311564778379cd34501febd0 2194 release-upgrader-python-apt_0.8.0ubuntu9~upgrader3.dsc e61dc30634d68b2f8652546e855a30361edcd2d1 357030 release-upgrader-python-apt_0.8.0ubuntu9~upgrader3.tar.gz Checksums-Sha256: f9a366d05a16132b1855486773e297ee4af61e4b2603c93375f48bb812fd52a4 2194 release-upgrader-python-apt_0.8.0ubuntu9~upgrader3.dsc a0579a4c3f8cda99f3287ff93497ba058f952451658ae98349909dec2f239cfc 357030 release-upgrader-python-apt_0.8.0ubuntu9~upgrader3.tar.gz Files: 8765012fa60fa098a8b837444498740f 2194 python standard release-upgrader-python-apt_0.8.0ubuntu9~upgrader3.dsc 636ba8b603a703eb7b231d8feba8891f 357030 python standard release-upgrader-python-apt_0.8.0ubuntu9~upgrader3.tar.gz Original-Maintainer: APT Development Team From marc.deslauriers at ubuntu.com Tue Jan 31 13:34:28 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 31 Jan 2012 13:34:28 -0000 Subject: [ubuntu/lucid-security] software-properties_0.75.10.2_i386_translations.tar.gz, software-properties 0.75.10.2 (Accepted) Message-ID: <20120131133428.15196.58103.launchpad@cocoplum.canonical.com> software-properties (0.75.10.2) lucid-security; urgency=low * SECURITY UPDATE: incorrect ssl certificate validation (LP: #915210) - softwareproperties/ppa.py: use pycurl to download the signing key fingerprint. - debian/control: add python-pycurl dependency. - CVE-2011-4407 Date: Thu, 26 Jan 2012 11:20:28 -0500 Changed-By: Marc Deslauriers Maintainer: Michael Vogt https://launchpad.net/ubuntu/lucid/+source/software-properties/0.75.10.2 -------------- next part -------------- Format: 1.8 Date: Thu, 26 Jan 2012 11:20:28 -0500 Source: software-properties Binary: python-software-properties software-properties-gtk software-properties-kde Architecture: source Version: 0.75.10.2 Distribution: lucid-security Urgency: low Maintainer: Michael Vogt Changed-By: Marc Deslauriers Description: python-software-properties - manage the repositories that you install software from software-properties-gtk - manage the repositories that you install software from software-properties-kde - manage the repositories that you install software from Launchpad-Bugs-Fixed: 915210 Changes: software-properties (0.75.10.2) lucid-security; urgency=low . * SECURITY UPDATE: incorrect ssl certificate validation (LP: #915210) - softwareproperties/ppa.py: use pycurl to download the signing key fingerprint. - debian/control: add python-pycurl dependency. - CVE-2011-4407 Checksums-Sha1: e2f695ca75f9550f73dccc556e3d584ad31a9d6d 1714 software-properties_0.75.10.2.dsc ac048f44f042f6c1bb83e806ee5e22f4106ab0b3 1386399 software-properties_0.75.10.2.tar.gz Checksums-Sha256: 3090f851d80548d54db6c2b0444cda676c564981ba2e589588f37fae12742a4a 1714 software-properties_0.75.10.2.dsc a51eafc0f50b7a708f834d4027d69be65ef583df1f53ec30143cd7bc62a01db3 1386399 software-properties_0.75.10.2.tar.gz Files: f3f9755ddee49d97f75b560fb8ae1a3e 1714 admin optional software-properties_0.75.10.2.dsc 54b862755486288022b3c1ac4b595937 1386399 admin optional software-properties_0.75.10.2.tar.gz