From jamie at ubuntu.com Wed Dec 7 00:09:41 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 07 Dec 2011 00:09:41 -0000 Subject: [ubuntu/maverick-security] vsftpd_2.3.0~pre2-4ubuntu2.3_powerpc_translations.tar.gz, vsftpd, vsftpd_2.3.0~pre2-4ubuntu2.3_armel_translations.tar.gz, vsftpd_2.3.0~pre2-4ubuntu2.3_i386_translations.tar.gz, vsftpd_2.3.0~pre2-4ubuntu2.3_amd64_translations.tar.gz 2.3.0~pre2-4ubuntu2.3 (Accepted) Message-ID: <20111207000941.23344.3484.launchpad@cocoplum.canonical.com> vsftpd (2.3.0~pre2-4ubuntu2.3) maverick-security; urgency=low * SECURITY UPDATE: remote DoS via network namespaces - debian/patches/12-CVE-2011-2189.patch: only use network namespaces on 2.6.36 and higher kernels - patch based on Debian's patch - CVE-2011-2189 Date: Thu, 01 Dec 2011 14:06:25 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/vsftpd/2.3.0~pre2-4ubuntu2.3 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Dec 2011 14:06:25 -0600 Source: vsftpd Binary: vsftpd Architecture: source Version: 2.3.0~pre2-4ubuntu2.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: vsftpd - lightweight, efficient FTP server written for security Changes: vsftpd (2.3.0~pre2-4ubuntu2.3) maverick-security; urgency=low . * SECURITY UPDATE: remote DoS via network namespaces - debian/patches/12-CVE-2011-2189.patch: only use network namespaces on 2.6.36 and higher kernels - patch based on Debian's patch - CVE-2011-2189 Checksums-Sha1: bf29bcfcc2fe9b67d7fc025465aa622a99759fde 2093 vsftpd_2.3.0~pre2-4ubuntu2.3.dsc 30d59448fdb9ec1e876fc7b027d1e107594d8161 28589 vsftpd_2.3.0~pre2-4ubuntu2.3.diff.gz Checksums-Sha256: dd018c866e509f348484746f92bc688c237594f21f395c83bb6be0dd3e513b91 2093 vsftpd_2.3.0~pre2-4ubuntu2.3.dsc 113a99c2bd1ee6163ce100186d8e0f310a8b38299618de93fb436105a3154a33 28589 vsftpd_2.3.0~pre2-4ubuntu2.3.diff.gz Files: f276eecde8d1bd30fb18c8126996176f 2093 net extra vsftpd_2.3.0~pre2-4ubuntu2.3.dsc 8c090a9732ff988fe0ce3921687a4d80 28589 net extra vsftpd_2.3.0~pre2-4ubuntu2.3.diff.gz Original-Maintainer: Daniel Baumann From marc.deslauriers at ubuntu.com Wed Dec 7 17:04:06 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 07 Dec 2011 17:04:06 -0000 Subject: [ubuntu/maverick-security] clearsilver 0.10.5-1+squeeze1build0.10.10.1 (Accepted) Message-ID: <20111207170406.23848.18654.launchpad@cocoplum.canonical.com> clearsilver (0.10.5-1+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian clearsilver (0.10.5-1+squeeze1) stable-security; urgency=high * CVE-2011-4357 Date: Mon, 05 Dec 2011 11:23:18 -0500 Changed-By: Marc Deslauriers Maintainer: Jesus Climent https://launchpad.net/ubuntu/maverick/+source/clearsilver/0.10.5-1+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Mon, 05 Dec 2011 11:23:18 -0500 Source: clearsilver Binary: clearsilver-dev python-clearsilver libclearsilver-perl Architecture: source Version: 0.10.5-1+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Jesus Climent Changed-By: Marc Deslauriers Description: clearsilver-dev - headers and static library for clearsilver libclearsilver-perl - Perl bindings for clearsilver python-clearsilver - Python bindings for clearsilver Changes: clearsilver (0.10.5-1+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . clearsilver (0.10.5-1+squeeze1) stable-security; urgency=high . * CVE-2011-4357 Checksums-Sha1: 059117b50e78c06c8ae8c18c9fbb415887947d8d 2025 clearsilver_0.10.5-1+squeeze1build0.10.10.1.dsc 3f60f26121676161103fffb71ce2fa418f2d5822 29327 clearsilver_0.10.5-1+squeeze1build0.10.10.1.debian.tar.gz Checksums-Sha256: 804e2e419385d436226fd797e0551f5412b3a92199e0def10eace196c50d020c 2025 clearsilver_0.10.5-1+squeeze1build0.10.10.1.dsc 796a8c1bedf0d7c39238a01bdd63d998327cd46dcbc3d4513690753bb78c012d 29327 clearsilver_0.10.5-1+squeeze1build0.10.10.1.debian.tar.gz Files: 4fba4cbbc254032d7dc04f6d79fbaa8b 2025 devel optional clearsilver_0.10.5-1+squeeze1build0.10.10.1.dsc 0d7df0e64af891151a54346f5a1d6168 29327 devel optional clearsilver_0.10.5-1+squeeze1build0.10.10.1.debian.tar.gz From tyhicks at canonical.com Thu Dec 8 23:05:15 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Thu, 08 Dec 2011 23:05:15 -0000 Subject: [ubuntu/maverick-security] acpid 1.0.10-5ubuntu4.4 (Accepted) Message-ID: <20111208230515.27477.52155.launchpad@cocoplum.canonical.com> acpid (1.0.10-5ubuntu4.4) maverick-security; urgency=low * SECURITY UPDATE: Arbitrary code execution in the power button handling script (LP: #893821) - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment variable is only read from a process owned by the user that will be evaluating the variable. - CVE-2011-2777 * SECURITY UPDATE: Unprivileged users may be able to write to directories and read files created by event handler scripts - event.c: Set a restrictive umask of 0077 before running an event handler script. Based on upstream patch. - CVE-2011-4578 Date: Wed, 07 Dec 2011 16:35:34 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/acpid/1.0.10-5ubuntu4.4 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 16:35:34 -0600 Source: acpid Binary: acpid Architecture: source Version: 1.0.10-5ubuntu4.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: acpid - Advanced Configuration and Power Interface event daemon Launchpad-Bugs-Fixed: 893821 Changes: acpid (1.0.10-5ubuntu4.4) maverick-security; urgency=low . * SECURITY UPDATE: Arbitrary code execution in the power button handling script (LP: #893821) - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment variable is only read from a process owned by the user that will be evaluating the variable. - CVE-2011-2777 * SECURITY UPDATE: Unprivileged users may be able to write to directories and read files created by event handler scripts - event.c: Set a restrictive umask of 0077 before running an event handler script. Based on upstream patch. - CVE-2011-4578 Checksums-Sha1: 7e44512532f04cdfaabc8d594f58109d26fb309d 2048 acpid_1.0.10-5ubuntu4.4.dsc 7968e37b5a71f4f56a437eed61375453e51037e7 43079 acpid_1.0.10-5ubuntu4.4.diff.gz Checksums-Sha256: 398b734956946146c779d058edb5322cb45f431d0f4bf0fb07f24d97a787867d 2048 acpid_1.0.10-5ubuntu4.4.dsc 31705fb1ce9a5fb2ada3e9cbb1003ca0c04e458c3974c9e499b4c33e6f4d54ba 43079 acpid_1.0.10-5ubuntu4.4.diff.gz Files: 3804af730e7f6617b15153becf0e5942 2048 admin optional acpid_1.0.10-5ubuntu4.4.dsc 5c24026adf8e185bf07f518f025f141a 43079 admin optional acpid_1.0.10-5ubuntu4.4.diff.gz Original-Maintainer: Debian Acpi Team From jamie at ubuntu.com Fri Dec 9 00:07:33 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 09 Dec 2011 00:07:33 -0000 Subject: [ubuntu/maverick-security] python-django_1.2.3-1ubuntu0.2.10.10.3_i386_translations.tar.gz, python-django 1.2.3-1ubuntu0.2.10.10.3 (Accepted) Message-ID: <20111209000733.16122.97667.launchpad@cocoplum.canonical.com> python-django (1.2.3-1ubuntu0.2.10.10.3) maverick-security; urgency=low * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * debian/patches/01_disable_url_verify_regression_tests.diff: remove the test_correct_url_but_nonexisting_gives_404() test from the modeltests/validation/tests.py too. Not sure how it passed before, but this makes the CVE-2011-4137+4138.patch consistent with our other releases since the upstream fix for CVE-2011-4137+4138.patch removed this test too. * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ Date: Wed, 07 Dec 2011 15:52:55 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/python-django/1.2.3-1ubuntu0.2.10.10.3 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 15:52:55 -0600 Source: python-django Binary: python-django python-django-doc Architecture: source Version: 1.2.3-1ubuntu0.2.10.10.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Changes: python-django (1.2.3-1ubuntu0.2.10.10.3) maverick-security; urgency=low . * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * debian/patches/01_disable_url_verify_regression_tests.diff: remove the test_correct_url_but_nonexisting_gives_404() test from the modeltests/validation/tests.py too. Not sure how it passed before, but this makes the CVE-2011-4137+4138.patch consistent with our other releases since the upstream fix for CVE-2011-4137+4138.patch removed this test too. * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ Checksums-Sha1: 50d688f1893507945b60a2f1dc3e6debd09cc9f5 2276 python-django_1.2.3-1ubuntu0.2.10.10.3.dsc 6aef5f5d8c71083f0c3080e3fd3617758f6e1f55 32315 python-django_1.2.3-1ubuntu0.2.10.10.3.debian.tar.gz Checksums-Sha256: 6a6e320dc361b713f2b758150d0fdc6fda0e6c1535b7dad8f8ac23154be9e0fe 2276 python-django_1.2.3-1ubuntu0.2.10.10.3.dsc b30545f312eba6117bb997d5f8c334fdd834fc0441de38a7bc8d82629ce0f9b0 32315 python-django_1.2.3-1ubuntu0.2.10.10.3.debian.tar.gz Files: b92e4393be0023d080432da5589c22c1 2276 python optional python-django_1.2.3-1ubuntu0.2.10.10.3.dsc bc3bbb61466bcc5e12e65b624eccd98a 32315 python optional python-django_1.2.3-1ubuntu0.2.10.10.3.debian.tar.gz Original-Maintainer: Chris Lamb From mrpouit at ubuntu.com Wed Dec 14 00:09:04 2011 From: mrpouit at ubuntu.com (Lionel Le Folgoc) Date: Wed, 14 Dec 2011 00:09:04 -0000 Subject: [ubuntu/maverick-proposed] xfce4-weather-plugin 0.7.3-3ubuntu0.1 (Accepted) Message-ID: <20111214000904.8175.32100.launchpad@chaenomeles.canonical.com> xfce4-weather-plugin (0.7.3-3ubuntu0.1) maverick-proposed; urgency=low * debian/patches: - 00_license added, change the license key for the one from CTW since it seems to work and brings back the feature. Temporary fix until a real solution is found. lp: #888285 Date: Sun, 11 Dec 2011 12:33:58 +0100 Changed-By: Lionel Le Folgoc Maintainer: Xubuntu Developers https://launchpad.net/ubuntu/maverick/+source/xfce4-weather-plugin/0.7.3-3ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Sun, 11 Dec 2011 12:33:58 +0100 Source: xfce4-weather-plugin Binary: xfce4-weather-plugin Architecture: source Version: 0.7.3-3ubuntu0.1 Distribution: maverick-proposed Urgency: low Maintainer: Xubuntu Developers Changed-By: Lionel Le Folgoc Description: xfce4-weather-plugin - weather information plugin for the Xfce4 panel Launchpad-Bugs-Fixed: 888285 Changes: xfce4-weather-plugin (0.7.3-3ubuntu0.1) maverick-proposed; urgency=low . * debian/patches: - 00_license added, change the license key for the one from CTW since it seems to work and brings back the feature. Temporary fix until a real solution is found. lp: #888285 Checksums-Sha1: 712a1d2861ad30420556083c1298174d9154d970 2274 xfce4-weather-plugin_0.7.3-3ubuntu0.1.dsc 115e3719427a873dbb762d03a0b5d0c2b6e98ce9 4043 xfce4-weather-plugin_0.7.3-3ubuntu0.1.diff.gz Checksums-Sha256: 892a4128c3b4d55e65254f0bf1498d82abc32509adae5af82928b4f1bead727c 2274 xfce4-weather-plugin_0.7.3-3ubuntu0.1.dsc 0fbbb96a677c11916ab573cc138b77581ccd8d2651e1ffaf533cd1cb044d35c6 4043 xfce4-weather-plugin_0.7.3-3ubuntu0.1.diff.gz Files: c92484fda2301bfe4ac211e55d59a75a 2274 xfce optional xfce4-weather-plugin_0.7.3-3ubuntu0.1.dsc 7242806c3696bff7362e7691fc1be0c1 4043 xfce optional xfce4-weather-plugin_0.7.3-3ubuntu0.1.diff.gz Original-Maintainer: Debian Xfce Maintainers From evan at ebroder.net Wed Dec 14 00:44:22 2011 From: evan at ebroder.net (Evan Broder) Date: Wed, 14 Dec 2011 00:44:22 -0000 Subject: [ubuntu/maverick-proposed] libgweather 2.30.3-0ubuntu1.1 (Accepted) Message-ID: <20111214004422.30009.97040.launchpad@wampee.canonical.com> libgweather (2.30.3-0ubuntu1.1) maverick-proposed; urgency=low * debian/patches/50_fix_bom.gov.au_part1.patch, debian/patches/51_fix_bom.gov.au_part2.patch: - Cherry-pick upstream commits a80552f5 and 73829e64 to fix fetching weather data from bom.gov.au (LP: #629646) Date: Sun, 27 Nov 2011 12:24:25 -0800 Changed-By: Evan Broder Maintainer: Ubuntu Desktop Team Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/libgweather/2.30.3-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Sun, 27 Nov 2011 12:24:25 -0800 Source: libgweather Binary: libgweather-dev libgweather1 libgweather-common python-gweather Architecture: source Version: 2.30.3-0ubuntu1.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Evan Broder Description: libgweather-common - GWeather common files libgweather-dev - GWeather development files libgweather1 - GWeather shared library python-gweather - Python bindings for GWeather Launchpad-Bugs-Fixed: 629646 Changes: libgweather (2.30.3-0ubuntu1.1) maverick-proposed; urgency=low . * debian/patches/50_fix_bom.gov.au_part1.patch, debian/patches/51_fix_bom.gov.au_part2.patch: - Cherry-pick upstream commits a80552f5 and 73829e64 to fix fetching weather data from bom.gov.au (LP: #629646) Checksums-Sha1: 316fd3ec1ada0388509bba3b7b2f985f752ba75a 2716 libgweather_2.30.3-0ubuntu1.1.dsc d546472f14a9e82faca0c1578e80a625fedf297c 12142 libgweather_2.30.3-0ubuntu1.1.debian.tar.gz Checksums-Sha256: c71e75887cfcb235eedb39a3ec9ae08225b50fc35a25b450f275e8ff7f17f6fb 2716 libgweather_2.30.3-0ubuntu1.1.dsc 10f9eb2ad7148401ccc8f842683ad48b9af25753890eb9ec4e74b94c662bec2b 12142 libgweather_2.30.3-0ubuntu1.1.debian.tar.gz Files: 4c16d9913570face33d51dd2e2a3b0b5 2716 libs optional libgweather_2.30.3-0ubuntu1.1.dsc 7581f637e9dc1844e077d1f5eb445357 12142 libs optional libgweather_2.30.3-0ubuntu1.1.debian.tar.gz Original-Maintainer: Debian GNOME Maintainers From bhavi at ubuntu.com Wed Dec 14 00:45:25 2011 From: bhavi at ubuntu.com (Bhavani Shankar) Date: Wed, 14 Dec 2011 00:45:25 -0000 Subject: [ubuntu/maverick-proposed] mobile-broadband-provider-info 20111113-1ubuntu0.10.10 (Accepted) Message-ID: <20111214004525.7734.2965.launchpad@chaenomeles.canonical.com> mobile-broadband-provider-info (20111113-1ubuntu0.10.10) maverick-proposed; urgency=low * SRU exception upload to support various updated networks (LP: #856700), (LP: #709049) Date: Mon, 05 Dec 2011 21:23:17 +0530 Changed-By: Bhavani Shankar Signed-By: Mathieu Trudel-Lapierre https://launchpad.net/ubuntu/maverick/+source/mobile-broadband-provider-info/20111113-1ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Mon, 05 Dec 2011 21:23:17 +0530 Source: mobile-broadband-provider-info Binary: mobile-broadband-provider-info Architecture: source Version: 20111113-1ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: Bhavani Shankar Changed-By: Bhavani Shankar Description: mobile-broadband-provider-info - database of mobile broadband service providers Launchpad-Bugs-Fixed: 709049 856700 Changes: mobile-broadband-provider-info (20111113-1ubuntu0.10.10) maverick-proposed; urgency=low . * SRU exception upload to support various updated networks (LP: #856700), (LP: #709049) Checksums-Sha1: 209e97d1095f017003d9fcd06c51b332c600a329 2154 mobile-broadband-provider-info_20111113-1ubuntu0.10.10.dsc 0eb2d97c9e4c34dd369b7708399277a652445141 6089 mobile-broadband-provider-info_20111113-1ubuntu0.10.10.debian.tar.gz Checksums-Sha256: 1bef7d5641aa6d8d620765d3bc701e50bf8add5fd90e9d1f4002aac3765b4b63 2154 mobile-broadband-provider-info_20111113-1ubuntu0.10.10.dsc 4f087d0f68d82d541bab807338ab8fcc3d0d87cbd0c16909256c52fcaa95f2cf 6089 mobile-broadband-provider-info_20111113-1ubuntu0.10.10.debian.tar.gz Files: 136fde869b7575e291e481b907190129 2154 admin optional mobile-broadband-provider-info_20111113-1ubuntu0.10.10.dsc aad5ae266a34679529ce62af08bc65a0 6089 admin optional mobile-broadband-provider-info_20111113-1ubuntu0.10.10.debian.tar.gz From marc.deslauriers at ubuntu.com Wed Dec 14 16:06:11 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 14 Dec 2011 16:06:11 -0000 Subject: [ubuntu/maverick-security] php5_5.3.3-1ubuntu9.7_armel_translations.tar.gz, php5, php5_5.3.3-1ubuntu9.7_i386_translations.tar.gz, php5_5.3.3-1ubuntu9.7_powerpc_translations.tar.gz, php5_5.3.3-1ubuntu9.7_amd64_translations.tar.gz 5.3.3-1ubuntu9.7 (Accepted) Message-ID: <20111214160611.32279.26613.launchpad@cocoplum.canonical.com> php5 (5.3.3-1ubuntu9.7) maverick-security; urgency=low * SECURITY UPDATE: Denial of service and possible information disclosure via exif integer overflow - debian/patches/php5-CVE-2011-4566.patch: fix count checks in ext/exif/exif.c. - CVE-2011-4566 Date: Tue, 13 Dec 2011 09:13:19 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/php5/5.3.3-1ubuntu9.7 -------------- next part -------------- Format: 1.8 Date: Tue, 13 Dec 2011 09:13:19 -0500 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.3-1ubuntu9.7 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.3.3-1ubuntu9.7) maverick-security; urgency=low . * SECURITY UPDATE: Denial of service and possible information disclosure via exif integer overflow - debian/patches/php5-CVE-2011-4566.patch: fix count checks in ext/exif/exif.c. - CVE-2011-4566 Checksums-Sha1: 2c2117d56dcd9dc61b06efcb463e8982f3c7d40e 3268 php5_5.3.3-1ubuntu9.7.dsc 1a9e19d2a679342b965c894fc653932d8517acec 242129 php5_5.3.3-1ubuntu9.7.diff.gz Checksums-Sha256: ac4338f34b33ad6ca60046d0451f2d366bc72b440a41f37f14a25bc5c412d027 3268 php5_5.3.3-1ubuntu9.7.dsc 20a8562de583a8e2bf3a74f03715f217b553134725644eaf8b43527978f5f3bb 242129 php5_5.3.3-1ubuntu9.7.diff.gz Files: ab2a714130517e7c00c12e9c5b4c77a2 3268 php optional php5_5.3.3-1ubuntu9.7.dsc 6af65dbe7ba68f723915e11ba45af1da 242129 php optional php5_5.3.3-1ubuntu9.7.diff.gz Original-Maintainer: Debian PHP Maintainers From tyhicks at canonical.com Wed Dec 14 22:04:18 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Wed, 14 Dec 2011 22:04:18 -0000 Subject: [ubuntu/maverick-security] bzip2 1.0.5-4ubuntu1.1 (Accepted) Message-ID: <20111214220418.29394.26923.launchpad@cocoplum.canonical.com> bzip2 (1.0.5-4ubuntu1.1) maverick-security; urgency=low * SECURITY UPDATE: Fix temporary file creation race condition - bzexe: Ensure link target is a regular file. Patch from vladz. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862#5 - CVE-2011-4089 Date: Mon, 12 Dec 2011 11:32:00 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/bzip2/1.0.5-4ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Mon, 12 Dec 2011 11:32:00 -0600 Source: bzip2 Binary: libbz2-1.0 libbz2-dev bzip2 lib64bz2-1.0 lib64bz2-dev lib32bz2-1.0 lib32bz2-dev bzip2-doc Architecture: source Version: 1.0.5-4ubuntu1.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: bzip2 - high-quality block-sorting file compressor - utilities bzip2-doc - high-quality block-sorting file compressor - documentation lib32bz2-1.0 - high-quality block-sorting file compressor library - 32bit runtim lib32bz2-dev - high-quality block-sorting file compressor library - 32bit develo lib64bz2-1.0 - high-quality block-sorting file compressor library - 64bit runtim lib64bz2-dev - high-quality block-sorting file compressor library - 64bit develo libbz2-1.0 - high-quality block-sorting file compressor library - runtime libbz2-dev - high-quality block-sorting file compressor library - development Changes: bzip2 (1.0.5-4ubuntu1.1) maverick-security; urgency=low . * SECURITY UPDATE: Fix temporary file creation race condition - bzexe: Ensure link target is a regular file. Patch from vladz. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862#5 - CVE-2011-4089 Checksums-Sha1: 5385c0695fb5d158befafdc96e492e3ee71ceb1a 2178 bzip2_1.0.5-4ubuntu1.1.dsc 41f273b463d3f70bf6b87ecd720e7ffeb941eb26 77683 bzip2_1.0.5-4ubuntu1.1.diff.gz Checksums-Sha256: 0a20ad51e2134bddaed9170df4eef82ffa02341f1a2dbe466312ccbe1747e276 2178 bzip2_1.0.5-4ubuntu1.1.dsc 52134ce614516bbf1ec5751c1702d64a7eec6c87619cd03c0129cf37b8f01edd 77683 bzip2_1.0.5-4ubuntu1.1.diff.gz Files: bbd0fa2bb5ba058dd9d04654b587f81b 2178 utils important bzip2_1.0.5-4ubuntu1.1.dsc c420dad43af36627a7d5e6d7378462c4 77683 utils important bzip2_1.0.5-4ubuntu1.1.diff.gz Original-Maintainer: Anibal Monsalve Salazar From martin.pitt at ubuntu.com Thu Dec 15 10:02:04 2011 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 15 Dec 2011 10:02:04 -0000 Subject: [ubuntu/maverick-proposed] postgresql-8.4 8.4.10-0ubuntu0.10.10 (Accepted) Message-ID: <20111215100204.4983.86848.launchpad@soybean.canonical.com> postgresql-8.4 (8.4.10-0ubuntu0.10.10) maverick-proposed; urgency=low * New upstream release (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Date: Thu, 15 Dec 2011 10:47:04 +0100 Changed-By: Martin Pitt Maintainer: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/postgresql-8.4/8.4.10-0ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Thu, 15 Dec 2011 10:47:04 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.10-0ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: Martin Pitt Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 904631 Changes: postgresql-8.4 (8.4.10-0ubuntu0.10.10) maverick-proposed; urgency=low . * New upstream release (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Checksums-Sha1: 8759e1d64ff87c94269f667aa1d63a4465a5cb6c 3257 postgresql-8.4_8.4.10-0ubuntu0.10.10.dsc b57e7ccab0481a5415010bf27b0fb0d0b0c59f17 45812 postgresql-8.4_8.4.10-0ubuntu0.10.10.diff.gz Checksums-Sha256: df4f297a7fd756efe1b5a5b1f10ece1022463f9095aa2f1b737afc20da10b2ba 3257 postgresql-8.4_8.4.10-0ubuntu0.10.10.dsc 55426ba5e51004d0c03ab6f4ad44b1f972f0fce84945759ace3ee5164574d8de 45812 postgresql-8.4_8.4.10-0ubuntu0.10.10.diff.gz Files: 244be6030b0887f59fa18f0921e9690f 3257 database optional postgresql-8.4_8.4.10-0ubuntu0.10.10.dsc 18f25257d3cdce79299d6e50177f9a73 45812 database optional postgresql-8.4_8.4.10-0ubuntu0.10.10.diff.gz From james.westby at canonical.com Thu Dec 15 18:25:48 2011 From: james.westby at canonical.com (James Westby) Date: Thu, 15 Dec 2011 18:25:48 -0000 Subject: [ubuntu/maverick] sun-java6 6.26-2maverick1 (Accepted) Message-ID: <20111215182548.17454.8654.launchpad@cocoplum.canonical.com> sun-java6 (6.26-2maverick1) maverick; urgency=low * Disable the browser plugin due to security issues. - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html Date: Sat, 10 Dec 2011 13:55:02 -0500 Changed-By: James Westby Maintainer: Debian Java Maintainers Signed-By: Jamie Strandboge https://launchpad.net/ubuntu/maverick/+source/sun-java6/6.26-2maverick1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Dec 2011 13:55:02 -0500 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb Architecture: source Version: 6.26-2maverick1 Distribution: maverick Urgency: low Maintainer: Debian Java Maintainers Changed-By: James Westby Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Changes: sun-java6 (6.26-2maverick1) maverick; urgency=low . * Disable the browser plugin due to security issues. - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html Checksums-Sha1: 7191c48eade903b4a70e23b48ff44fa74c6acbe9 2326 sun-java6_6.26-2maverick1.dsc 780d7f93f45589f13172a9524cc396720ea0443c 90360 sun-java6_6.26-2maverick1.debian.tar.gz Checksums-Sha256: 35abdf62bc02cc75cb9c6442ec8f02ed6d18b91ad9ca9c08890a44daca636094 2326 sun-java6_6.26-2maverick1.dsc 8fb72718e53a8e29a14a4b01dd59e5356b3f35160e8877a9c4a173c501c21f9c 90360 sun-java6_6.26-2maverick1.debian.tar.gz Files: 0e04fd64efee558702e77bd8c666ef0a 2326 partner/java optional sun-java6_6.26-2maverick1.dsc f1c584a00402dd25100a3019b7ed054f 90360 partner/java optional sun-java6_6.26-2maverick1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJO6jXMAAoJEFHb3FjMVZVzfmoP/3/DPlL7sD7uickAedjO8CsA otH/OwALeFMU6uyTXHZqnhADBFL8qKPqjGvccbSS5nRmv+w0q44y4uR750B+jifC Cx9K804SZMjG5P0P0fQyvgdxt+awMooYe2JmLnNmxXblXBS4N1T+qqeF3E/h/IKx R8qUKvyVTQJsIKxkigSjodKTeVfwRjnZhr27xo3OYXHRGa/9IdFTiFiaGCm0Jk7X Id80tToQzrdhGk2oXUNG8FgOAdyYigCYJDOuChRMlGxGAAXpkeobLS/uvt5lM3/p ZUL9JFdutzo7NhbjkwA6Le/itcOnareFeGfNSgqNHC4TBvMwr4vFeFhjdeowRsXS GK3DagvhuC9UaGT5igXZe5VLKuHWmYnmCuctbX3m7G5gDfa1/C1jFXxBKjAtvcAX qNUsWNPI0eLJFqupL4l1ojp4p2ZyADypPrusA7e8ZsV91ElqFyB4uFSwBGzYzxaZ 3qvJHqtOyQafgUzg+ZDtpMy2AR+Yjfk599ZScgvPE6WUmHRZKdLz4INPt+ss2Vpt pPl2PBtBV0UO4G/5GEJqGd4Pd1B2/KYfnlT3ILVspvDtw8MFw+gHMnldqubS77rX 9tcKTE6umI6Mqde/+5xABflD5LUpXKzjM02h1h0tOUr2b0jDY+Si7osI0kCo2hwe 2It7phTDVQVWCrzr7qZY =G0ei -----END PGP SIGNATURE----- From marc.deslauriers at ubuntu.com Mon Dec 19 14:03:36 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 19 Dec 2011 14:03:36 -0000 Subject: [ubuntu/maverick-security] libarchive 2.8.4-1ubuntu0.10.10.1 (Accepted) Message-ID: <20111219140336.7426.52768.launchpad@cocoplum.canonical.com> libarchive (2.8.4-1ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: arbitrary code execution via iso9660 overflows - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_iso9660.c. - CVE-2011-1777 * SECURITY UPDATE: arbitrary code execution via tar overflows - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_tar.c - CVE-2011-1778 Date: Fri, 09 Dec 2011 12:34:05 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libarchive/2.8.4-1ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 09 Dec 2011 12:34:05 -0500 Source: libarchive Binary: libarchive-dev libarchive1 bsdtar bsdcpio Architecture: source Version: 2.8.4-1ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: bsdcpio - cpio(1) from FreeBSD, using libarchive bsdtar - tar(1) from FreeBSD, using libarchive libarchive-dev - Single library to read/write tar, cpio, pax, zip, iso9660, etc. libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc. Changes: libarchive (2.8.4-1ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via iso9660 overflows - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_iso9660.c. - CVE-2011-1777 * SECURITY UPDATE: arbitrary code execution via tar overflows - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_tar.c - CVE-2011-1778 Checksums-Sha1: a221f0205ae97d393a50c21eaad4b98e854cf90c 2131 libarchive_2.8.4-1ubuntu0.10.10.1.dsc 67d1c4744ee4d4562a9a3e42b38679254e676e1d 15923 libarchive_2.8.4-1ubuntu0.10.10.1.debian.tar.gz Checksums-Sha256: 907579321ae2b4048afcd7e410e667a16e566b34158ec7be49b2051d11108bce 2131 libarchive_2.8.4-1ubuntu0.10.10.1.dsc 5d600254a083ace59f27fc0b354a8aab895c3e2034ec590f31ef58d5f4e10a7e 15923 libarchive_2.8.4-1ubuntu0.10.10.1.debian.tar.gz Files: 7dc37c51556e05b00f344769b85fb373 2131 libs optional libarchive_2.8.4-1ubuntu0.10.10.1.dsc bcdaf4f554c7f2274856cf500e28c563 15923 libs optional libarchive_2.8.4-1ubuntu0.10.10.1.debian.tar.gz Original-Maintainer: Andreas Henriksson From sbeattie at ubuntu.com Mon Dec 19 17:03:41 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 19 Dec 2011 17:03:41 -0000 Subject: [ubuntu/maverick-security] chasen 2.4.4-11+squeeze2build0.10.10.1 (Accepted) Message-ID: <20111219170341.14143.6949.launchpad@cocoplum.canonical.com> chasen (2.4.4-11+squeeze2build0.10.10.1) maverick-security; urgency=low * fake sync from Debian chasen (2.4.4-11+squeeze2) stable-security; urgency=high * Fix buffer overflow in chasen_sparse_main (CVE-2011-4000) Date: Fri, 16 Dec 2011 11:12:46 -0800 Changed-By: Steve Beattie Maintainer: NOKUBI Takatsugu https://launchpad.net/ubuntu/maverick/+source/chasen/2.4.4-11+squeeze2build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Dec 2011 11:12:46 -0800 Source: chasen Binary: libchasen-dev libchasen2 chasen chasen-dictutils Architecture: source Version: 2.4.4-11+squeeze2build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: NOKUBI Takatsugu Changed-By: Steve Beattie Description: chasen - a Japanese Morphological Analysis System chasen-dictutils - a Japanese Morphological Analysis System - utilities for dictiona libchasen-dev - a Japanese Morphological Analysis System (libraries and headers) libchasen2 - a Japanese Morphological Analysis System (shared libraries) Changes: chasen (2.4.4-11+squeeze2build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . chasen (2.4.4-11+squeeze2) stable-security; urgency=high . * Fix buffer overflow in chasen_sparse_main (CVE-2011-4000) Checksums-Sha1: 6c977d9f58cbfa4b0f54923a39f02ffef1c165a6 1875 chasen_2.4.4-11+squeeze2build0.10.10.1.dsc b32a74fb43c4ca4a9b681b37730ee1382501144c 8793 chasen_2.4.4-11+squeeze2build0.10.10.1.diff.gz Checksums-Sha256: d9f52660d2e3fd60a62e5cb9c75995f0a8ecd253ace40244663e89bb0941d1e4 1875 chasen_2.4.4-11+squeeze2build0.10.10.1.dsc 27aa3b76d06875ff639c00e3d6b2abff8cbb7c66e9d6210529b1c129ec57c853 8793 chasen_2.4.4-11+squeeze2build0.10.10.1.diff.gz Files: 90f5455d986aff5bf695e51373f6f49b 1875 misc optional chasen_2.4.4-11+squeeze2build0.10.10.1.dsc 832199766afec47b08062e4709b5c6ab 8793 misc optional chasen_2.4.4-11+squeeze2build0.10.10.1.diff.gz From sbeattie at ubuntu.com Mon Dec 19 17:03:48 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 19 Dec 2011 17:03:48 -0000 Subject: [ubuntu/maverick-security] mojarra 2.0.3-1+squeeze1build0.10.10.1 (Accepted) Message-ID: <20111219170348.14143.50621.launchpad@cocoplum.canonical.com> mojarra (2.0.3-1+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian mojarra (2.0.3-1+squeeze1) stable-security; urgency=high * Fixed critical bug by not allowing the value of UIViewParam to be an EL Expression: CVE-2011-4358. (Closes: #650430). Date: Wed, 14 Dec 2011 23:51:51 -0800 Changed-By: Steve Beattie Maintainer: Debian Java Maintainers https://launchpad.net/ubuntu/maverick/+source/mojarra/2.0.3-1+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Dec 2011 23:51:51 -0800 Source: mojarra Binary: libjsf-api-java libjsf-impl-java libjsf-java-doc Architecture: source Version: 2.0.3-1+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Steve Beattie Description: libjsf-api-java - JavaServer Faces 2.0 Java EE web framework - API libjsf-impl-java - JavaServer Faces 2.0 Java EE web framework - Implementation libjsf-java-doc - Documentation for libjsf-api-java Closes: 650430 Changes: mojarra (2.0.3-1+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . mojarra (2.0.3-1+squeeze1) stable-security; urgency=high . * Fixed critical bug by not allowing the value of UIViewParam to be an EL Expression: CVE-2011-4358. (Closes: #650430). Checksums-Sha1: b0615a7d05a6d2fc8c44ee54f90387c95e58bff4 2305 mojarra_2.0.3-1+squeeze1build0.10.10.1.dsc d4f21f300ac85b4a27d007b8eb7a6277191f2684 17681 mojarra_2.0.3-1+squeeze1build0.10.10.1.debian.tar.gz Checksums-Sha256: e49d0832b5df2b3ae415ce8971260cd96daa52efe127a83d632c9c17e106acaa 2305 mojarra_2.0.3-1+squeeze1build0.10.10.1.dsc b969edef29bc2aaed97cb6ff25e5c49d7550e9342c28f7c4f252f9a5bfd74969 17681 mojarra_2.0.3-1+squeeze1build0.10.10.1.debian.tar.gz Files: 4f6037400b6a0bfb8564bd00be828b89 2305 java optional mojarra_2.0.3-1+squeeze1build0.10.10.1.dsc 87a6107b9e228c698913c1ed1a000337 17681 java optional mojarra_2.0.3-1+squeeze1build0.10.10.1.debian.tar.gz From jamie at ubuntu.com Tue Dec 20 00:34:08 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Tue, 20 Dec 2011 00:34:08 -0000 Subject: [ubuntu/maverick-security] python3.1 3.1.2+20100915-0ubuntu4.1 (Accepted) Message-ID: <20111220003408.24332.68312.launchpad@cocoplum.canonical.com> python3.1 (3.1.2+20100915-0ubuntu4.1) maverick-security; urgency=low * SECURITY UPDATE: only process Location headers for http, https, and ftp - http://bugs.python.org/issue11662 - CVE-2011-1521 Date: Fri, 09 Dec 2011 09:05:43 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/maverick/+source/python3.1/3.1.2+20100915-0ubuntu4.1 -------------- next part -------------- Format: 1.8 Date: Fri, 09 Dec 2011 09:05:43 -0600 Source: python3.1 Binary: python3.1 python3.1-minimal libpython3.1 python3.1-examples python3.1-dev idle-python3.1 python3.1-doc python3.1-dbg Architecture: source Version: 3.1.2+20100915-0ubuntu4.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jamie Strandboge Description: idle-python3.1 - An IDE for Python (v3.1) using Tkinter libpython3.1 - Shared Python runtime library (version 3.1) python3.1 - An interactive high-level object-oriented language (version 3.1) python3.1-dbg - Debug Build of the Python Interpreter (version 3.1) python3.1-dev - Header files and a static library for Python (v3.1) python3.1-doc - Documentation for the high-level object-oriented language Python python3.1-examples - Examples for the Python language (v3.1) python3.1-minimal - A minimal subset of the Python language (version 3.1) Changes: python3.1 (3.1.2+20100915-0ubuntu4.1) maverick-security; urgency=low . * SECURITY UPDATE: only process Location headers for http, https, and ftp - http://bugs.python.org/issue11662 - CVE-2011-1521 Checksums-Sha1: e980b291c2d5595997211766d07a82dd4ad208e4 2536 python3.1_3.1.2+20100915-0ubuntu4.1.dsc 737b4dd33f488c3fbe776e2e76c3c219b0ad23d9 250453 python3.1_3.1.2+20100915-0ubuntu4.1.diff.gz Checksums-Sha256: 6d1ae8e6f60fb979f75552572ca04b54214de7afebaec5636837dcaabe98335a 2536 python3.1_3.1.2+20100915-0ubuntu4.1.dsc 0890c86319c4b478b7169ed38cec2c05d3e59a73361b6e840aae7f172a3efd5c 250453 python3.1_3.1.2+20100915-0ubuntu4.1.diff.gz Files: 9612f31ae1ed22988564817e8674595d 2536 python optional python3.1_3.1.2+20100915-0ubuntu4.1.dsc e6024a11af4e16c8df234f9475eb16a7 250453 python optional python3.1_3.1.2+20100915-0ubuntu4.1.diff.gz Original-Maintainer: Matthias Klose From michael.vogt at ubuntu.com Tue Dec 20 07:55:58 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Tue, 20 Dec 2011 07:55:58 -0000 Subject: [ubuntu/maverick-proposed] app-install-data-partner 12.10.10.4 (Accepted) Message-ID: <20111220075558.32333.58095.launchpad@gac.canonical.com> app-install-data-partner (12.10.10.4) maverick-proposed; urgency=low * add vmware-view-client (LP: #905413) Date: Fri, 16 Dec 2011 23:02:22 +0100 Changed-By: Michael Vogt https://launchpad.net/ubuntu/maverick/+source/app-install-data-partner/12.10.10.4 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Dec 2011 23:02:22 +0100 Source: app-install-data-partner Binary: app-install-data-partner app-install-data-commercial Architecture: source Version: 12.10.10.4 Distribution: maverick-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Michael Vogt Description: app-install-data-commercial - Transitional package app-install-data-partner - Application Installer (data files for partner applications/reposi Launchpad-Bugs-Fixed: 905413 Changes: app-install-data-partner (12.10.10.4) maverick-proposed; urgency=low . * add vmware-view-client (LP: #905413) Checksums-Sha1: 65fc83147c7f7815ac1fed69b5f5b8622fef4e2a 1031 app-install-data-partner_12.10.10.4.dsc 5544feb4334bed2ea2bb5559aa4fa9064b4a0619 44507 app-install-data-partner_12.10.10.4.tar.gz Checksums-Sha256: 395f4f632e52a7fb2371f8246c949c6a107b1fe883b54040b632a23b5fbc2d3c 1031 app-install-data-partner_12.10.10.4.dsc fd2b728916cfe5526c6882b43aff18708ff52978a9c40497ab9c93777f5522ae 44507 app-install-data-partner_12.10.10.4.tar.gz Files: d36548f67f1f2b2ef01f4e3d9ab2863e 1031 x11 optional app-install-data-partner_12.10.10.4.dsc 15c6db39a15270fd53181fdd392467bd 44507 x11 optional app-install-data-partner_12.10.10.4.tar.gz From michael.vogt at ubuntu.com Tue Dec 20 10:50:21 2011 From: michael.vogt at ubuntu.com (Michael Vogt) Date: Tue, 20 Dec 2011 10:50:21 -0000 Subject: [ubuntu/maverick] vmware-view-client 1.3.0-0ubuntu1+maverick2 (Accepted) Message-ID: <20111220105021.31495.67409.launchpad@gac.canonical.com> vmware-view-client (1.3.0-0ubuntu1+maverick2) maverick; urgency=low * debian/copyright: - fix license to "Proprietary" * debian/vmware-view.wrapper: - show question after license text so that the user explicitely has to accept it because lucid, maverick, natty does not support "yes", "no" for --text-info yet Date: Tue, 20 Dec 2011 09:43:11 +0100 Changed-By: Michael Vogt Maintainer: Michael Vogt https://launchpad.net/ubuntu/maverick/+source/vmware-view-client/1.3.0-0ubuntu1+maverick2 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 09:43:11 +0100 Source: vmware-view-client Binary: vmware-view-client Architecture: source Version: 1.3.0-0ubuntu1+maverick2 Distribution: maverick Urgency: low Maintainer: Michael Vogt Changed-By: Michael Vogt Description: vmware-view-client - Deliver rich, personalized virtual desktops with VMware View 5 Changes: vmware-view-client (1.3.0-0ubuntu1+maverick2) maverick; urgency=low . * debian/copyright: - fix license to "Proprietary" * debian/vmware-view.wrapper: - show question after license text so that the user explicitely has to accept it because lucid, maverick, natty does not support "yes", "no" for --text-info yet Checksums-Sha1: d07509d21d72e8df7c61a6352edb46efb5c3370f 1420 vmware-view-client_1.3.0-0ubuntu1+maverick2.dsc 6b89a6692d675280d7975d34e4dfaa1ede5191b8 16755 vmware-view-client_1.3.0-0ubuntu1+maverick2.debian.tar.gz Checksums-Sha256: 7047e31cda3f80f32dae0b6e22255fbe478f1a51511097c6fed349477aac4343 1420 vmware-view-client_1.3.0-0ubuntu1+maverick2.dsc 38e0f37852bdf5b3de616e2b0017247c5f9a1174f911a55546169681dc5c5602 16755 vmware-view-client_1.3.0-0ubuntu1+maverick2.debian.tar.gz Files: e126029b250d7443977007047adc93fa 1420 partner/net extra vmware-view-client_1.3.0-0ubuntu1+maverick2.dsc 0083fc0c672d8496c871a64d5dc3b897 16755 partner/net extra vmware-view-client_1.3.0-0ubuntu1+maverick2.debian.tar.gz From marc.deslauriers at ubuntu.com Tue Dec 20 15:03:37 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 20 Dec 2011 15:03:37 -0000 Subject: [ubuntu/maverick-security] jasper 1.900.1-7ubuntu0.10.10.1 (Accepted) Message-ID: <20111220150337.30928.33061.launchpad@cocoplum.canonical.com> jasper (1.900.1-7ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate proper size in src/libjasper/jpc/jpc_cs.c. - Thanks to Red Hat for the patch - CVE-2011-4516 - CVE-2011-4517 Date: Mon, 19 Dec 2011 10:47:35 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/jasper/1.900.1-7ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Mon, 19 Dec 2011 10:47:35 -0500 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source Version: 1.900.1-7ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - The JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-7ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate proper size in src/libjasper/jpc/jpc_cs.c. - Thanks to Red Hat for the patch - CVE-2011-4516 - CVE-2011-4517 Checksums-Sha1: cc8c5352e6920f67e60bc5c759d97b3e4972b2d8 1834 jasper_1.900.1-7ubuntu0.10.10.1.dsc ec9b5c3da6bef49e887e9128f50464a9486ab0cd 53438 jasper_1.900.1-7ubuntu0.10.10.1.diff.gz Checksums-Sha256: a67e4ddf943f9c554cff0acae905a9944cffa106ed2a750e51c533d0570433d2 1834 jasper_1.900.1-7ubuntu0.10.10.1.dsc b105cf7697c046ad830bcbb76cf761aee77fa42ae02f9f79b33b7f113f5246b7 53438 jasper_1.900.1-7ubuntu0.10.10.1.diff.gz Files: 2aa176daded8821164c73e9c4c33e584 1834 graphics optional jasper_1.900.1-7ubuntu0.10.10.1.dsc dff55ad732e41d302fae8e6290198c8f 53438 graphics optional jasper_1.900.1-7ubuntu0.10.10.1.diff.gz Original-Maintainer: Roland Stigge From udienz at ubuntu.com Tue Dec 20 16:03:51 2011 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Tue, 20 Dec 2011 16:03:51 -0000 Subject: [ubuntu/maverick-security] lighttpd 1.4.26-3ubuntu2.1 (Accepted) Message-ID: <20111220160351.20835.3794.launchpad@cocoplum.canonical.com> lighttpd (1.4.26-3ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67 (LP: #906792) - debian/patches/CVE-2011-4362.patch: patch derived from upstream - CVE-2011-4362 Date: Tue, 20 Dec 2011 17:35:38 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/lighttpd/1.4.26-3ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 17:35:38 +0700 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-dev Architecture: source Version: 1.4.26-3ubuntu2.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-dev - Development files for lighttpd lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Launchpad-Bugs-Fixed: 906792 Changes: lighttpd (1.4.26-3ubuntu2.1) maverick-security; urgency=low . * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67 (LP: #906792) - debian/patches/CVE-2011-4362.patch: patch derived from upstream - CVE-2011-4362 Checksums-Sha1: b832271ae936cfae1d723efc20183e000a04f17f 2433 lighttpd_1.4.26-3ubuntu2.1.dsc 96eb3ce100d3d21739e391dabd6ddf410920f7c7 33732 lighttpd_1.4.26-3ubuntu2.1.debian.tar.gz Checksums-Sha256: a38cf861137f131ff08d2c6fd6926debbe9c3fde3ef335d8cfabc43014eca511 2433 lighttpd_1.4.26-3ubuntu2.1.dsc 16a16666f54aa0909a53c73d2d23051ffb0a3af3fd74f32abfe438780f229fe1 33732 lighttpd_1.4.26-3ubuntu2.1.debian.tar.gz Files: 47244ebb04979a4e80cfd2b10c3fcb7c 2433 httpd optional lighttpd_1.4.26-3ubuntu2.1.dsc c556e20df95feb879e4f06e9e9a7b028 33732 httpd optional lighttpd_1.4.26-3ubuntu2.1.debian.tar.gz Original-Maintainer: Debian lighttpd maintainers From udienz at ubuntu.com Tue Dec 20 22:33:50 2011 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Tue, 20 Dec 2011 22:33:50 -0000 Subject: [ubuntu/maverick-security] cacti_0.8.7g-1ubuntu0.10.10.1_i386_translations.tar.gz, cacti 0.8.7g-1ubuntu0.10.10.1 (Accepted) Message-ID: <20111220223350.10467.57853.launchpad@cocoplum.canonical.com> cacti (0.8.7g-1ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 Date: Tue, 20 Dec 2011 15:46:56 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/cacti/0.8.7g-1ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 15:46:56 +0700 Source: cacti Binary: cacti Architecture: source Version: 0.8.7g-1ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: cacti - Frontend to rrdtool for monitoring systems and services Launchpad-Bugs-Fixed: 906773 Changes: cacti (0.8.7g-1ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 Checksums-Sha1: d173de8a726d45f0cf0f17d5c59ce832b3d6dff2 1892 cacti_0.8.7g-1ubuntu0.10.10.1.dsc 3d76a185ce48468f979ae5e40e672d1520738b9d 42283 cacti_0.8.7g-1ubuntu0.10.10.1.diff.gz Checksums-Sha256: fa9f7780594a216c6c3bcc56b7de7e682da66cefc5263fcd470659875e3fd674 1892 cacti_0.8.7g-1ubuntu0.10.10.1.dsc d188c781a868be235f44b7e5c2b4043b8ade8d752f51ec948ba22b701aac39c9 42283 cacti_0.8.7g-1ubuntu0.10.10.1.diff.gz Files: d7a521257b0005c5fc0399df4774305f 1892 web extra cacti_0.8.7g-1ubuntu0.10.10.1.dsc 525f245980bb7d6652e2fb0a532dc8d9 42283 web extra cacti_0.8.7g-1ubuntu0.10.10.1.diff.gz Original-Maintainer: Sean Finney From tyhicks at canonical.com Wed Dec 21 17:03:37 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Wed, 21 Dec 2011 17:03:37 -0000 Subject: [ubuntu/maverick-security] t1lib 5.1.2-3ubuntu0.10.10.1 (Accepted) Message-ID: <20111221170337.8274.46419.launchpad@cocoplum.canonical.com> t1lib (5.1.2-3ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font - lib/type1/type1.c: Only use ppoints when it is a valid pointer - CVE-2011-0764 Date: Mon, 19 Dec 2011 11:24:25 -0600 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/t1lib/5.1.2-3ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Mon, 19 Dec 2011 11:24:25 -0600 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: source Version: 5.1.2-3ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Changes: t1lib (5.1.2-3ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font - lib/type1/type1.c: Only use ppoints when it is a valid pointer - CVE-2011-0764 Checksums-Sha1: fdd7de202f1cf456e8ac2c8ef5a03b0b73e428ad 1906 t1lib_5.1.2-3ubuntu0.10.10.1.dsc 7b0ed2aa5fb75f08fa9d956417e5ad829d99d20c 18295 t1lib_5.1.2-3ubuntu0.10.10.1.diff.gz Checksums-Sha256: 104f9ff7992bed744789850803edecd42f742f5f6e1c50d8781eb127cab012b7 1906 t1lib_5.1.2-3ubuntu0.10.10.1.dsc 56d7e194fed329f5e15daa33812cab11ecc7284475412957a0cf553050c75aa6 18295 t1lib_5.1.2-3ubuntu0.10.10.1.diff.gz Files: cbf6d9aec10d63985aa3429fa9132a48 1906 libs optional t1lib_5.1.2-3ubuntu0.10.10.1.dsc 88ae3d15a23cbdf471baea9e1e016db9 18295 libs optional t1lib_5.1.2-3ubuntu0.10.10.1.diff.gz Original-Maintainer: Ruben Molina From scott at kitterman.com Fri Dec 23 15:03:30 2011 From: scott at kitterman.com (Scott Kitterman) Date: Fri, 23 Dec 2011 15:03:30 -0000 Subject: [ubuntu/maverick-security] unbound 1.4.5-1ubuntu1.2 (Accepted) Message-ID: <20111223150330.5859.46095.launchpad@cocoplum.canonical.com> unbound (1.4.5-1ubuntu1.2) maverick-security; urgency=high * SECURITY UPDATE: * References: CVE 2011-4528, 2011-4869 (LP: #907983) * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC - Patch from Debian security update Date: Fri, 23 Dec 2011 00:09:35 -0500 Changed-By: Scott Kitterman Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/unbound/1.4.5-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Fri, 23 Dec 2011 00:09:35 -0500 Source: unbound Binary: unbound unbound-host libunbound2 libunbound-dev Architecture: source Version: 1.4.5-1ubuntu1.2 Distribution: maverick-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Scott Kitterman Description: libunbound-dev - static library, header files, and docs for libunbound libunbound2 - library implementing DNS resolution and validation unbound - validating, recursive, caching DNS resolver unbound-host - reimplementation of the 'host' command Launchpad-Bugs-Fixed: 907983 Changes: unbound (1.4.5-1ubuntu1.2) maverick-security; urgency=high . * SECURITY UPDATE: * References: CVE 2011-4528, 2011-4869 (LP: #907983) * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC - Patch from Debian security update Checksums-Sha1: e1ec615a782afa380789fc58fd6c02c2174b9585 2005 unbound_1.4.5-1ubuntu1.2.dsc 4440d7d1275371c49e88d2f653804da759d5c722 8434 unbound_1.4.5-1ubuntu1.2.diff.gz Checksums-Sha256: 825f68ba30450a839c5993637c385a4721ea85ceedc9ef2214117be8d03df066 2005 unbound_1.4.5-1ubuntu1.2.dsc c7a6f02899162ca8b024bdb595b20ff65418afa3155efe3e18e9fd45462488a6 8434 unbound_1.4.5-1ubuntu1.2.diff.gz Files: aeba039b5f701f58d01536391b741941 2005 net optional unbound_1.4.5-1ubuntu1.2.dsc 63ef0a1f1d1f13961cf82f8de71b7c26 8434 net optional unbound_1.4.5-1ubuntu1.2.diff.gz Original-Maintainer: Robert S. Edmonds