From marc.deslauriers at canonical.com Tue Oct 1 14:52:49 2013 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Tue, 01 Oct 2013 14:52:49 -0000 Subject: [ubuntu/lucid-security] python2.6 2.6.5-1ubuntu6.2 (Accepted) Message-ID: <20131001145249.10152.51421.launchpad@ackee.canonical.com> python2.6 (2.6.5-1ubuntu6.2) lucid-security; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4238.dpatch: correctly handle NULL bytes in the subjectAltName in Modules/_ssl.c, add test to Lib/test/test_ssl.py, Lib/test/nullbytecert.pem. - CVE-2013-4238 * debian/patches/fix_expired_certs.dpatch: update expired ssl certs to fix ssl tests. Date: 2013-09-26 18:37:14.921713+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/lucid/+source/python2.6/2.6.5-1ubuntu6.2 -------------- next part -------------- Sorry, changesfile not available. From cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk Tue Oct 1 15:28:24 2013 From: cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk (Ubuntu Archive Robot) Date: Tue, 01 Oct 2013 15:28:24 -0000 Subject: [ubuntu/lucid-updates] python2.6 2.6.5-1ubuntu6.2 (Accepted) Message-ID: <20131001152824.10153.49124.launchpad@ackee.canonical.com> python2.6 (2.6.5-1ubuntu6.2) lucid-security; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4238.dpatch: correctly handle NULL bytes in the subjectAltName in Modules/_ssl.c, add test to Lib/test/test_ssl.py, Lib/test/nullbytecert.pem. - CVE-2013-4238 * debian/patches/fix_expired_certs.dpatch: update expired ssl certs to fix ssl tests. Date: 2013-09-26 18:37:14.921713+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/lucid/+source/python2.6/2.6.5-1ubuntu6.2 -------------- next part -------------- Sorry, changesfile not available. From iain.lane at canonical.com Tue Oct 8 10:19:31 2013 From: iain.lane at canonical.com (Iain Lane) Date: Tue, 08 Oct 2013 10:19:31 -0000 Subject: [ubuntu/lucid-proposed] tzdata 2013g-0ubuntu0.10.04 (Accepted) Message-ID: <20131008101931.15568.73223.launchpad@soybean.canonical.com> tzdata (2013g-0ubuntu0.10.04) lucid; urgency=low * New upstream release - Fixes DST dates for Morocco (LP: #1233054) Date: Tue, 08 Oct 2013 10:32:05 +0100 Changed-By: Iain Lane Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/tzdata/2013g-0ubuntu0.10.04 -------------- next part -------------- Format: 1.8 Date: Tue, 08 Oct 2013 10:32:05 +0100 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2013g-0ubuntu0.10.04 Distribution: lucid Urgency: low Maintainer: Ubuntu Developers Changed-By: Iain Lane Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 1233054 Changes: tzdata (2013g-0ubuntu0.10.04) lucid; urgency=low . * New upstream release - Fixes DST dates for Morocco (LP: #1233054) Checksums-Sha1: b1536b8703d2030e2d79d60959cc42019454cfd6 1981 tzdata_2013g-0ubuntu0.10.04.dsc be5ec909a9ee363a80dc88b2d1ae9690cacac4b2 226943 tzdata_2013g.orig.tar.gz db8b80d9b8df168b666511bfbf998cdd5734b42c 253443 tzdata_2013g-0ubuntu0.10.04.debian.tar.gz Checksums-Sha256: 00eb014ffe4d1c5ae6e83f4b1e607300044d78a14766a8b8fc84f98077c8035e 1981 tzdata_2013g-0ubuntu0.10.04.dsc b6cdd3998dcc732a6ae5e101e1394f9d4d6dff68bd48a8fb78c44c2b997d3a4f 226943 tzdata_2013g.orig.tar.gz 8aa2c5f58ce941d31b02e28538a7be136e63977628128b28563db37e96960a2a 253443 tzdata_2013g-0ubuntu0.10.04.debian.tar.gz Files: b73affa912b3ee827fc020e89f78b7e8 1981 libs required tzdata_2013g-0ubuntu0.10.04.dsc 76dbc3b5a81913fc0d824376c44a5d15 226943 libs required tzdata_2013g.orig.tar.gz 429f289b7d4e2f3f2a2889dad348f7ce 253443 libs required tzdata_2013g-0ubuntu0.10.04.debian.tar.gz Original-Maintainer: GNU Libc Maintainers From marc.deslauriers at canonical.com Wed Oct 9 16:28:35 2013 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Wed, 09 Oct 2013 16:28:35 -0000 Subject: [ubuntu/lucid-security] gnupg 1.4.10-2ubuntu1.4 (Accepted) Message-ID: <20131009162835.19867.32445.launchpad@ackee.canonical.com> gnupg (1.4.10-2ubuntu1.4) lucid-security; urgency=low * SECURITY UPDATE: incorrect no-usage-permitted flag handling - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags in g10/getkey.c, g10/keygen.c, include/cipher.h. - CVE-2013-4351 * SECURITY UPDATE: denial of service via infinite recursion - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters and nested packets in util/iobuf.c, g10/mainproc.c. - CVE-2013-4402 Date: 2013-10-08 12:17:19.207702+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/lucid/+source/gnupg/1.4.10-2ubuntu1.4 -------------- next part -------------- Sorry, changesfile not available. From marc.deslauriers at canonical.com Wed Oct 9 16:28:41 2013 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Wed, 09 Oct 2013 16:28:41 -0000 Subject: [ubuntu/lucid-security] gnupg2 2.0.14-1ubuntu1.6 (Accepted) Message-ID: <20131009162841.19866.8438.launchpad@ackee.canonical.com> gnupg2 (2.0.14-1ubuntu1.6) lucid-security; urgency=low * SECURITY UPDATE: incorrect no-usage-permitted flag handling - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags in g10/getkey.c, g10/keygen.c, include/cipher.h. - CVE-2013-4351 * SECURITY UPDATE: denial of service via infinite recursion - debian/patches/CVE-2013-4402.patch: set limits on number of filters and nested packets in common/iobuf.c, g10/mainproc.c. - CVE-2013-4402 Date: 2013-10-07 20:19:14.407555+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/lucid/+source/gnupg2/2.0.14-1ubuntu1.6 -------------- next part -------------- Sorry, changesfile not available. From cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk Wed Oct 9 16:58:29 2013 From: cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk (Ubuntu Archive Robot) Date: Wed, 09 Oct 2013 16:58:29 -0000 Subject: [ubuntu/lucid-updates] gnupg 1.4.10-2ubuntu1.4 (Accepted) Message-ID: <20131009165829.19867.86997.launchpad@ackee.canonical.com> gnupg (1.4.10-2ubuntu1.4) lucid-security; urgency=low * SECURITY UPDATE: incorrect no-usage-permitted flag handling - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags in g10/getkey.c, g10/keygen.c, include/cipher.h. - CVE-2013-4351 * SECURITY UPDATE: denial of service via infinite recursion - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters and nested packets in util/iobuf.c, g10/mainproc.c. - CVE-2013-4402 Date: 2013-10-08 12:17:19.207702+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/lucid/+source/gnupg/1.4.10-2ubuntu1.4 -------------- next part -------------- Sorry, changesfile not available. From cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk Wed Oct 9 16:58:30 2013 From: cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk (Ubuntu Archive Robot) Date: Wed, 09 Oct 2013 16:58:30 -0000 Subject: [ubuntu/lucid-updates] gnupg2 2.0.14-1ubuntu1.6 (Accepted) Message-ID: <20131009165830.19865.88127.launchpad@ackee.canonical.com> gnupg2 (2.0.14-1ubuntu1.6) lucid-security; urgency=low * SECURITY UPDATE: incorrect no-usage-permitted flag handling - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags in g10/getkey.c, g10/keygen.c, include/cipher.h. - CVE-2013-4351 * SECURITY UPDATE: denial of service via infinite recursion - debian/patches/CVE-2013-4402.patch: set limits on number of filters and nested packets in common/iobuf.c, g10/mainproc.c. - CVE-2013-4402 Date: 2013-10-07 20:19:14.407555+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/lucid/+source/gnupg2/2.0.14-1ubuntu1.6 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Fri Oct 11 10:11:53 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Fri, 11 Oct 2013 10:11:53 -0000 Subject: [ubuntu/lucid-updates] tzdata 2013g-0ubuntu0.10.04 (Accepted) Message-ID: <20131011101153.19866.57671.launchpad@ackee.canonical.com> tzdata (2013g-0ubuntu0.10.04) lucid; urgency=low * New upstream release - Fixes DST dates for Morocco (LP: #1233054) Date: 2013-10-08 09:37:18.639584+00:00 Changed-By: Iain Lane Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/tzdata/2013g-0ubuntu0.10.04 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Oct 15 04:24:24 2013 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 15 Oct 2013 04:24:24 -0000 Subject: [ubuntu/lucid-proposed] postgresql-8.4 8.4.18-0ubuntu10.04 (Accepted) Message-ID: <20131015042424.11560.64566.launchpad@gac.canonical.com> postgresql-8.4 (8.4.18-0ubuntu10.04) lucid-proposed; urgency=low * New upstream bug fix release (LP: #1237248). No security issues or critical issues this time; see HISTORY/changelog.gz for details about bug fixes. Date: Wed, 09 Oct 2013 10:28:08 +0200 Changed-By: Martin Pitt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.18-0ubuntu10.04 -------------- next part -------------- Format: 1.8 Date: Wed, 09 Oct 2013 10:28:08 +0200 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.18-0ubuntu10.04 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 1237248 Changes: postgresql-8.4 (8.4.18-0ubuntu10.04) lucid-proposed; urgency=low . * New upstream bug fix release (LP: #1237248). No security issues or critical issues this time; see HISTORY/changelog.gz for details about bug fixes. Checksums-Sha1: 92121c155051850cce1e8c53629dfb9008efce13 3328 postgresql-8.4_8.4.18-0ubuntu10.04.dsc 3781e363cb6f9392ff98bd9b3cec252a6f96056d 18609883 postgresql-8.4_8.4.18.orig.tar.gz bc48447a45feffa44fe3afe503087c81f8abf02c 53399 postgresql-8.4_8.4.18-0ubuntu10.04.diff.gz Checksums-Sha256: 77896053e198d540ff16ed746131c2795e3b67708e750915637195fcbaa0341d 3328 postgresql-8.4_8.4.18-0ubuntu10.04.dsc f8530023cc3d650c486461435a0602f4c0ad6a504bd3186fe4a8d6c0fc6bfd7f 18609883 postgresql-8.4_8.4.18.orig.tar.gz dc6ad00dca72291afd1bc85dbc3801b85a4c833f20faede55da91303198ef908 53399 postgresql-8.4_8.4.18-0ubuntu10.04.diff.gz Files: d30c963cc3218c990ebb97d03630df39 3328 database optional postgresql-8.4_8.4.18-0ubuntu10.04.dsc 2fa850ea2e83e390efceedb60eaf6537 18609883 database optional postgresql-8.4_8.4.18.orig.tar.gz 4648a7f2505a40dad0fbf36c481cf000 53399 database optional postgresql-8.4_8.4.18-0ubuntu10.04.diff.gz Original-Maintainer: Martin Pitt From serge.hallyn at ubuntu.com Fri Oct 18 20:44:30 2013 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Fri, 18 Oct 2013 20:44:30 -0000 Subject: [ubuntu/lucid-proposed] vm-builder 0.12.4-0ubuntu0.4 (Accepted) Message-ID: <20131018204430.24894.70576.launchpad@wampee.canonical.com> vm-builder (0.12.4-0ubuntu0.4) lucid-proposed; urgency=low * Incorporate fix to specify macaddr when using bridge (LP: #392097) Date: Mon, 24 Jun 2013 14:45:45 -0500 Changed-By: Serge Hallyn Maintainer: Soren Hansen https://launchpad.net/ubuntu/lucid/+source/vm-builder/0.12.4-0ubuntu0.4 -------------- next part -------------- Format: 1.8 Date: Mon, 24 Jun 2013 14:45:45 -0500 Source: vm-builder Binary: python-vm-builder ubuntu-vm-builder python-vm-builder-ec2 Architecture: source Version: 0.12.4-0ubuntu0.4 Distribution: lucid-proposed Urgency: low Maintainer: Soren Hansen Changed-By: Serge Hallyn Description: python-vm-builder - VM builder python-vm-builder-ec2 - EC2 Ubuntu VM builder ubuntu-vm-builder - Ubuntu VM builder Launchpad-Bugs-Fixed: 392097 Changes: vm-builder (0.12.4-0ubuntu0.4) lucid-proposed; urgency=low . * Incorporate fix to specify macaddr when using bridge (LP: #392097) Checksums-Sha1: 3fc3c7832af6b851cb6cebfbf97004c6900e8566 1665 vm-builder_0.12.4-0ubuntu0.4.dsc 9cebd994f319eb5d695b498ca7ea1985a2dd12b8 11007 vm-builder_0.12.4-0ubuntu0.4.diff.gz Checksums-Sha256: 2ae13430b3234389bf47ad843044cbfe12f3fe634b978b133d755068e4be8e7d 1665 vm-builder_0.12.4-0ubuntu0.4.dsc 15eb62897b11e1776909c8831fcc8ce8692cc7066f4e5a6f8ad7a971b4b0bf2e 11007 vm-builder_0.12.4-0ubuntu0.4.diff.gz Files: 1aab1c1af57c0a3e8aaea93717ac4a7a 1665 utils optional vm-builder_0.12.4-0ubuntu0.4.dsc 1786edae16a97fa3e64d0ebf11341659 11007 utils optional vm-builder_0.12.4-0ubuntu0.4.diff.gz From christopher.glass at canonical.com Fri Oct 18 21:02:16 2013 From: christopher.glass at canonical.com (Christopher Glass (Canonical)) Date: Fri, 18 Oct 2013 21:02:16 -0000 Subject: [ubuntu/lucid-proposed] landscape-client 13.07.3-0ubuntu0.10.04 (Accepted) Message-ID: <20131018210216.24521.80320.launchpad@wampee.canonical.com> landscape-client (13.07.3-0ubuntu0.10.04) lucid; urgency=low * New upstream version (LP: #1190510) - New annotations exchange mechanism allows clients to send any key-value data to the landscape server (LP: #1123932) - Network devices now report their maximum theoretical speeds, and duplex status to landscape-server (LP: #1126330, LP: #1130733) - Landscape.client is now HA aware when HA is implemented using juju charms (LP: #1122508) - The landscape client will now trigger a reboot if server sends a reboot-required message. (LP: #1133005) - Big AMP code cleanup and refactoring in order to improve testing, improve performance and ease future maintainability (LP: #1165047, LP: #1169102, LP: #1170669) - Added logic to detect cloned (virtual) computers (LP: #1161856) - The landscape-client and landscape-common packages do not use or depend on dbus code anymore, and the dependencies to python-gi and gudev are dropped. The hardware info plugin now looks at /proc instead of querying DBus (LP: #1175553, LP: #1180691) - The ceph manager plugin is now a monitor plugin and thus does not require root privileges anymore. (LP: #1186973) - The detection logic for virtual machine was changed to account for the different semantics between Openstack Folsom and Grizzly, and was expanded to detect more hypervisors (LP: #1191843) - Removed legacy upgrader code from postinst since support for it was dropped. - The /etc/dbus-1/system.d/landscape.conf file was moved from the landscape-common package to the landscape-client-uii as part of LP: #1175553, LP: #1180691. No "Breaks" rule was added since the landscape-client-ui package requires the exact same version of landscape-common, which avoids the case outlined in http://www.debian.org/doc/debian-policy/footnotes.html#f53 . The Replaces rule of landscape-client was updated accordingly. * Removed the hardwareinfo patch since the changes were merged upstream * Changed dh_clean -K to dh_prep (dh_clean -K is deprecated) * Removed the packages arguments to dh_installman since all packages have manpages now. * While the debconf config file still has registration_password as a variable, the newest code expects a registration_key. Made the necessary changes for that to work. Date: Wed, 16 Oct 2013 11:30:47 +0200 Changed-By: Christopher Glass (Canonical) Maintainer: Ubuntu Developers Signed-By: Andreas Hasenack https://launchpad.net/ubuntu/lucid/+source/landscape-client/13.07.3-0ubuntu0.10.04 -------------- next part -------------- Format: 1.8 Date: Wed, 16 Oct 2013 11:30:47 +0200 Source: landscape-client Binary: landscape-common landscape-client landscape-client-ui landscape-client-ui-install Architecture: source Version: 13.07.3-0ubuntu0.10.04 Distribution: lucid Urgency: low Maintainer: Ubuntu Developers Changed-By: Christopher Glass (Canonical) Description: landscape-client - The Landscape administration system client landscape-client-ui - The Landscape administration system client - UI configuration landscape-client-ui-install - The Landscape administration system client - UI installer landscape-common - The Landscape administration system client - Common files Launchpad-Bugs-Fixed: 1122508 1123932 1126330 1130733 1133005 1161856 1165047 1169102 1170669 1175553 1180691 1186973 1190510 1191843 Changes: landscape-client (13.07.3-0ubuntu0.10.04) lucid; urgency=low . * New upstream version (LP: #1190510) - New annotations exchange mechanism allows clients to send any key-value data to the landscape server (LP: #1123932) - Network devices now report their maximum theoretical speeds, and duplex status to landscape-server (LP: #1126330, LP: #1130733) - Landscape.client is now HA aware when HA is implemented using juju charms (LP: #1122508) - The landscape client will now trigger a reboot if server sends a reboot-required message. (LP: #1133005) - Big AMP code cleanup and refactoring in order to improve testing, improve performance and ease future maintainability (LP: #1165047, LP: #1169102, LP: #1170669) - Added logic to detect cloned (virtual) computers (LP: #1161856) - The landscape-client and landscape-common packages do not use or depend on dbus code anymore, and the dependencies to python-gi and gudev are dropped. The hardware info plugin now looks at /proc instead of querying DBus (LP: #1175553, LP: #1180691) - The ceph manager plugin is now a monitor plugin and thus does not require root privileges anymore. (LP: #1186973) - The detection logic for virtual machine was changed to account for the different semantics between Openstack Folsom and Grizzly, and was expanded to detect more hypervisors (LP: #1191843) - Removed legacy upgrader code from postinst since support for it was dropped. - The /etc/dbus-1/system.d/landscape.conf file was moved from the landscape-common package to the landscape-client-uii as part of LP: #1175553, LP: #1180691. No "Breaks" rule was added since the landscape-client-ui package requires the exact same version of landscape-common, which avoids the case outlined in http://www.debian.org/doc/debian-policy/footnotes.html#f53 . The Replaces rule of landscape-client was updated accordingly. * Removed the hardwareinfo patch since the changes were merged upstream * Changed dh_clean -K to dh_prep (dh_clean -K is deprecated) * Removed the packages arguments to dh_installman since all packages have manpages now. * While the debconf config file still has registration_password as a variable, the newest code expects a registration_key. Made the necessary changes for that to work. Checksums-Sha1: 7dda1528e87cb6cf9a4a87c643d0d85c02f779d9 1597 landscape-client_13.07.3-0ubuntu0.10.04.dsc 578109a2898c1d9b8acb09c5108ebeb3b1de8a5b 499311 landscape-client_13.07.3.orig.tar.gz a913f020978556dac77eda4ed0c88ed565d614c1 27838 landscape-client_13.07.3-0ubuntu0.10.04.debian.tar.gz Checksums-Sha256: 17ec4181779f945f6594ec4207d679e4898f7d0fea4c130c37a000ba89ff5329 1597 landscape-client_13.07.3-0ubuntu0.10.04.dsc 7b7a866d1e3503a60a8f483030e882dda1098f7ee10c1ca2937685d7fc366ec2 499311 landscape-client_13.07.3.orig.tar.gz 7f774a6a1247d4db0630c9ec6cd2155f7e1924c1f67a1b6cdeb2754b3a8221ff 27838 landscape-client_13.07.3-0ubuntu0.10.04.debian.tar.gz Files: c3315c196e9360659a565837fdd98be7 1597 admin optional landscape-client_13.07.3-0ubuntu0.10.04.dsc 24363bb2c5244dc0bde5827e2cec5bae 499311 admin optional landscape-client_13.07.3.orig.tar.gz d92b507a9962fcd2d595e4069a8018a8 27838 admin optional landscape-client_13.07.3-0ubuntu0.10.04.debian.tar.gz Original-Maintainer: Landscape Team From marc.deslauriers at canonical.com Mon Oct 21 16:08:40 2013 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Mon, 21 Oct 2013 16:08:40 -0000 Subject: [ubuntu/lucid-security] eglibc 2.11.1-0ubuntu7.13 (Accepted) Message-ID: <20131021160840.18500.81924.launchpad@ackee.canonical.com> eglibc (2.11.1-0ubuntu7.13) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for __libc_alloca_cutoff in include/alloca.h, nptl/Versions, nptl/alloca_cutoff.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h, sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332 eglibc (2.11.1-0ubuntu7.12) lucid; urgency=low * Pull three interdependent patches from Debian to fix AVX detection problems on kernels or CPUs that lack support for it (LP: #979003): - amd64/cvs-avx-detection.diff: Improved detection on old kernels. - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code. - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support. * Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to skip tests if AVX extensions are not available on the build host. * Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option. Date: 2013-10-02 01:07:13.499499+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/lucid/+source/eglibc/2.11.1-0ubuntu7.13 -------------- next part -------------- Sorry, changesfile not available. From cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk Mon Oct 21 16:59:37 2013 From: cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk (Ubuntu Archive Robot) Date: Mon, 21 Oct 2013 16:59:37 -0000 Subject: [ubuntu/lucid-updates] eglibc 2.11.1-0ubuntu7.13 (Accepted) Message-ID: <20131021165937.18502.28244.launchpad@ackee.canonical.com> eglibc (2.11.1-0ubuntu7.13) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for __libc_alloca_cutoff in include/alloca.h, nptl/Versions, nptl/alloca_cutoff.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h, sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332 Date: 2013-10-02 01:07:13.499499+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/lucid/+source/eglibc/2.11.1-0ubuntu7.13 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Thu Oct 24 02:42:57 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Thu, 24 Oct 2013 02:42:57 -0000 Subject: [ubuntu/lucid-proposed] linux-backports-modules-2.6.32 2.6.32-53.55 (Accepted) Message-ID: <20131024024257.5163.32432.launchpad@ackee.canonical.com> linux-backports-modules-2.6.32 (2.6.32-53.55) lucid; urgency=low * Start new release (and bump ABI) Date: 2013-10-21 19:42:17.522039+00:00 Changed-By: Steve Conklin Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/linux-backports-modules-2.6.32/2.6.32-53.55 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Thu Oct 24 02:42:57 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Thu, 24 Oct 2013 02:42:57 -0000 Subject: [ubuntu/lucid-proposed] linux 2.6.32-53.115 (Accepted) Message-ID: <20131024024257.5164.82564.launchpad@ackee.canonical.com> linux (2.6.32-53.115) lucid; urgency=low [Steve Conklin] * Release Tracking Bug - LP: #1242800 [ Upstream Kernel Changes ] * HID: provide a helper for validating hid reports - LP: #1220190 - CVE-2013-2889 * HID: zeroplus: validate output report details - LP: #1220190 - CVE-2013-2889 * HID: LG: validate HID output report details - LP: #1220190 - CVE-2013-2893 * cciss: fix info leak in cciss_ioctl32_passthru() - LP: #1188355 - CVE-2013-2147 * cpqarray: fix info leak in ida_locked_ioctl() - LP: #1188355 - CVE-2013-2147 * HID: add usage_index in struct hid_usage. - LP: #1220205 - CVE-CVE-2013-2897 * HID: validate feature and input report details - LP: #1220205 - CVE-2013-2897 * dm snapshot: fix data corruption - LP: #1241769 - CVE-2013-4299 Date: 2013-10-21 19:38:16.413431+00:00 Changed-By: Steve Conklin Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/linux/2.6.32-53.115 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Thu Oct 24 03:05:26 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Thu, 24 Oct 2013 03:05:26 -0000 Subject: [ubuntu/lucid-proposed] linux-meta 2.6.32.53.60 (Accepted) Message-ID: <20131024030526.5164.2634.launchpad@ackee.canonical.com> linux-meta (2.6.32.53.60) lucid; urgency=low [ Steve Conklin ] * Bump ABI Date: 2013-10-21 19:43:19.941466+00:00 Changed-By: Steve Conklin Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/linux-meta/2.6.32.53.60 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Thu Oct 24 03:05:29 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Thu, 24 Oct 2013 03:05:29 -0000 Subject: [ubuntu/lucid-proposed] linux-ports-meta 2.6.32.53.45 (Accepted) Message-ID: <20131024030529.5163.38593.launchpad@ackee.canonical.com> linux-ports-meta (2.6.32.53.45) lucid; urgency=low * Bump ABI Date: 2013-10-21 19:50:13.945103+00:00 Changed-By: Steve Conklin Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/linux-ports-meta/2.6.32.53.45 -------------- next part -------------- Sorry, changesfile not available. From marc.deslauriers at canonical.com Thu Oct 24 16:32:32 2013 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Thu, 24 Oct 2013 16:32:32 -0000 Subject: [ubuntu/lucid-security] mysql-dfsg-5.1 5.1.72-0ubuntu0.10.04.1 (Accepted) Message-ID: <20131024163232.24455.27943.launchpad@ackee.canonical.com> mysql-dfsg-5.1 (5.1.72-0ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: Update to 5.1.72 to fix security issues (LP: #1243253) - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html - CVE-2013-3839 Date: 2013-10-23 11:28:13.905857+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/lucid/+source/mysql-dfsg-5.1/5.1.72-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk Thu Oct 24 17:28:31 2013 From: cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk (Ubuntu Archive Robot) Date: Thu, 24 Oct 2013 17:28:31 -0000 Subject: [ubuntu/lucid-updates] mysql-dfsg-5.1 5.1.72-0ubuntu0.10.04.1 (Accepted) Message-ID: <20131024172831.5163.19795.launchpad@ackee.canonical.com> mysql-dfsg-5.1 (5.1.72-0ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: Update to 5.1.72 to fix security issues (LP: #1243253) - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html - CVE-2013-3839 Date: 2013-10-23 11:28:13.905857+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/lucid/+source/mysql-dfsg-5.1/5.1.72-0ubuntu0.10.04.1 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Thu Oct 24 17:45:59 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Thu, 24 Oct 2013 17:45:59 -0000 Subject: [ubuntu/lucid-proposed] linux-ec2 2.6.32-358.71 (Accepted) Message-ID: <20131024174559.5165.35527.launchpad@ackee.canonical.com> linux-ec2 (2.6.32-358.71) lucid-proposed; urgency=low [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-53.115 * Release Tracking Bug - LP: #1243918 [ Ubuntu: 2.6.32-53.115 ] * HID: provide a helper for validating hid reports - LP: #1220190 - CVE-2013-2889 * HID: zeroplus: validate output report details - LP: #1220190 - CVE-2013-2889 * HID: LG: validate HID output report details - LP: #1220190 - CVE-2013-2893 * cciss: fix info leak in cciss_ioctl32_passthru() - LP: #1188355 - CVE-2013-2147 * cpqarray: fix info leak in ida_locked_ioctl() - LP: #1188355 - CVE-2013-2147 * HID: add usage_index in struct hid_usage. - LP: #1220205 - CVE-CVE-2013-2897 * HID: validate feature and input report details - LP: #1220205 - CVE-2013-2897 * dm snapshot: fix data corruption - LP: #1241769 - CVE-2013-4299 Date: 2013-10-24 08:43:12.536862+00:00 Changed-By: Stefan Bader Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/linux-ec2/2.6.32-358.71 -------------- next part -------------- Sorry, changesfile not available. From adconrad at 0c3.net Thu Oct 24 17:46:04 2013 From: adconrad at 0c3.net (Adam Conrad) Date: Thu, 24 Oct 2013 17:46:04 -0000 Subject: [ubuntu/lucid-proposed] linux-meta-ec2 2.6.32.358.39 (Accepted) Message-ID: <20131024174604.5163.39017.launchpad@ackee.canonical.com> linux-meta-ec2 (2.6.32.358.39) lucid-proposed; urgency=low * Bump linux-ec2 ABI to 358 for proposed release Date: 2013-10-24 08:45:15.011040+00:00 Changed-By: Stefan Bader Signed-By: Adam Conrad https://launchpad.net/ubuntu/lucid/+source/linux-meta-ec2/2.6.32.358.39 -------------- next part -------------- Sorry, changesfile not available. From brian at ubuntu.com Thu Oct 24 18:36:18 2013 From: brian at ubuntu.com (Brian Murray) Date: Thu, 24 Oct 2013 18:36:18 -0000 Subject: [ubuntu/lucid-updates] postgresql-8.4 8.4.18-0ubuntu10.04 (Accepted) Message-ID: <20131024183618.5164.41453.launchpad@ackee.canonical.com> postgresql-8.4 (8.4.18-0ubuntu10.04) lucid-proposed; urgency=low * New upstream bug fix release (LP: #1237248). No security issues or critical issues this time; see HISTORY/changelog.gz for details about bug fixes. Date: 2013-10-10 13:22:11.141071+00:00 Changed-By: Martin Pitt Signed-By: Brian Murray https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.18-0ubuntu10.04 -------------- next part -------------- Sorry, changesfile not available. From cjwatson at canonical.com Thu Oct 31 19:04:02 2013 From: cjwatson at canonical.com (Colin Watson) Date: Thu, 31 Oct 2013 19:04:02 -0000 Subject: [ubuntu/lucid-updates] vgabios 0.6c-2ubuntu1.10.04.1 (Accepted) Message-ID: <20131031190402.12179.50061.launchpad@ackee.canonical.com> vgabios (0.6c-2ubuntu1.10.04.1) lucid-proposed; urgency=low * debian/patches/add-stdvga.patch: build vgabios-stdvga.bin (LP: #1095301) Date: 2013-01-03 16:35:26.635785+00:00 Changed-By: Serge Hallyn Signed-By: Colin Watson https://launchpad.net/ubuntu/lucid/+source/vgabios/0.6c-2ubuntu1.10.04.1 -------------- next part -------------- Sorry, changesfile not available.