From evan at ebroder.net Tue Jul 5 13:56:08 2011 From: evan at ebroder.net (Evan Broder) Date: Tue, 05 Jul 2011 13:56:08 -0000 Subject: [ubuntu/maverick-proposed] initramfs-tools 0.98.1ubuntu6.1 (Accepted) Message-ID: <20110705135608.22830.26617.launchpad@chaenomeles.canonical.com> initramfs-tools (0.98.1ubuntu6.1) maverick-proposed; urgency=low * Rename xhci to xhci-hcd to fix booting from USB 3.0 devices (cherry-picked fix from Debian bug #625224). (LP: #565047) Date: Wed, 08 Jun 2011 09:49:46 -0700 Changed-By: Evan Broder Maintainer: Ubuntu Kernel Team Signed-By: =?utf-8?q?St=C3=A9phane_Graber?= https://launchpad.net/ubuntu/maverick/+source/initramfs-tools/0.98.1ubuntu6.1 -------------- next part -------------- Format: 1.8 Date: Wed, 08 Jun 2011 09:49:46 -0700 Source: initramfs-tools Binary: initramfs-tools initramfs-tools-bin Architecture: source Version: 0.98.1ubuntu6.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Evan Broder Description: initramfs-tools - tools for generating an initramfs initramfs-tools-bin - binaries used by initramfs-tools Launchpad-Bugs-Fixed: 565047 Changes: initramfs-tools (0.98.1ubuntu6.1) maverick-proposed; urgency=low . * Rename xhci to xhci-hcd to fix booting from USB 3.0 devices (cherry-picked fix from Debian bug #625224). (LP: #565047) Checksums-Sha1: 8d774d5c3b85f65213fb0bd33957a638654cd11d 1773 initramfs-tools_0.98.1ubuntu6.1.dsc d5c3c9dcf42d5ecef607de5bd706cfc2b94e1345 107961 initramfs-tools_0.98.1ubuntu6.1.tar.gz Checksums-Sha256: e6ceb68f15709094434f4e71ac6442ed546d35992619a37f5ca1e63f322fea01 1773 initramfs-tools_0.98.1ubuntu6.1.dsc 30b87b8fed256b9619b39cd112fa008b78e40db56b2a353a4537dbcc11998073 107961 initramfs-tools_0.98.1ubuntu6.1.tar.gz Files: a90532be49912d61a7b9d993a3afdfcc 1773 utils optional initramfs-tools_0.98.1ubuntu6.1.dsc 74da8306e13873c2c1b701ed8eed5636 107961 utils optional initramfs-tools_0.98.1ubuntu6.1.tar.gz Original-Maintainer: Debian kernel team From serge.hallyn at ubuntu.com Tue Jul 5 13:57:37 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Tue, 05 Jul 2011 13:57:37 -0000 Subject: [ubuntu/maverick-proposed] qemu-kvm 0.12.5+noroms-0ubuntu7.6 (Accepted) Message-ID: <20110705135737.31302.73829.launchpad@gac.canonical.com> qemu-kvm (0.12.5+noroms-0ubuntu7.6) maverick-proposed; urgency=low * Add usb-linux-increase-buffer-for-usb-ctrl-req.patch from upstream to increase the usb control buffer. (LP: #790145) Date: Mon, 20 Jun 2011 13:24:04 -0500 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.6 -------------- next part -------------- Format: 1.8 Date: Mon, 20 Jun 2011 13:24:04 -0500 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.5+noroms-0ubuntu7.6 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Launchpad-Bugs-Fixed: 790145 Changes: qemu-kvm (0.12.5+noroms-0ubuntu7.6) maverick-proposed; urgency=low . * Add usb-linux-increase-buffer-for-usb-ctrl-req.patch from upstream to increase the usb control buffer. (LP: #790145) Checksums-Sha1: 13f22328124abb8bb9f0af3704e5c01cdc367193 1835 qemu-kvm_0.12.5+noroms-0ubuntu7.6.dsc c316ac8a1b040e28275bf34911fbce14209c1563 4722351 qemu-kvm_0.12.5+noroms.orig.tar.gz e7b6f96498b7f3261ce0f607d08831de0c7a6441 64796 qemu-kvm_0.12.5+noroms-0ubuntu7.6.diff.gz Checksums-Sha256: 953d5b993fc1026efdfcb6292a5209493c44fb4749221a5e5839a992277023f3 1835 qemu-kvm_0.12.5+noroms-0ubuntu7.6.dsc 24c085aecbc784ea8b4837ca02bfe5086c7f91c8a88a0f607826692234af583f 4722351 qemu-kvm_0.12.5+noroms.orig.tar.gz 6a0dbcc9aaff6166745bd1578450ee1f36b2059af0021f0420a2c975e2c4817d 64796 qemu-kvm_0.12.5+noroms-0ubuntu7.6.diff.gz Files: 26eacc28f030ab23ad01cfa20dbe731a 1835 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.6.dsc c7303c30432dc4eb0a39bb85a9d15cc9 4722351 misc optional qemu-kvm_0.12.5+noroms.orig.tar.gz 87ab4284a919200196477118522ac5d3 64796 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.6.diff.gz From marc.deslauriers at ubuntu.com Tue Jul 5 19:03:52 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 05 Jul 2011 19:03:52 -0000 Subject: [ubuntu/maverick-security] bind9_9.7.1.dfsg.P2-2ubuntu0.4_amd64_translations.tar.gz, bind9, bind9_9.7.1.dfsg.P2-2ubuntu0.4_i386_translations.tar.gz, bind9_9.7.1.dfsg.P2-2ubuntu0.4_armel_translations.tar.gz, bind9_9.7.1.dfsg.P2-2ubuntu0.4_powerpc_translations.tar.gz 1:9.7.1.dfsg.P2-2ubuntu0.4 (Accepted) Message-ID: <20110705190352.4857.62745.launchpad@cocoplum.canonical.com> bind9 (1:9.7.1.dfsg.P2-2ubuntu0.4) maverick-security; urgency=low * SECURITY UPDATE: denial of service via specially crafted packet - debian/patches/CVE-2011-2464.patch: Use an rdataset attribute flag to indicate negative-cache records rather than using rrtype 0 in lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache, nsec3,rbtdb,rdataset,resolver,validator}.c. - CVE-2011-2464 Date: Tue, 05 Jul 2011 09:07:19 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/bind9/1:9.7.1.dfsg.P2-2ubuntu0.4 -------------- next part -------------- Format: 1.8 Date: Tue, 05 Jul 2011 09:07:19 -0400 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-60 libdns66 libisc60 liblwres60 libisccc60 libisccfg60 dnsutils lwresd Architecture: source Version: 1:9.7.1.dfsg.P2-2ubuntu0.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind9-60 - BIND9 Shared Library used by BIND libdns66 - DNS Shared Library used by BIND libisc60 - ISC Shared Library used by BIND libisccc60 - Command Channel Library used by BIND libisccfg60 - Config File Handling Library used by BIND liblwres60 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.7.1.dfsg.P2-2ubuntu0.4) maverick-security; urgency=low . * SECURITY UPDATE: denial of service via specially crafted packet - debian/patches/CVE-2011-2464.patch: Use an rdataset attribute flag to indicate negative-cache records rather than using rrtype 0 in lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache, nsec3,rbtdb,rdataset,resolver,validator}.c. - CVE-2011-2464 Checksums-Sha1: a1f4834fad21ad4e136a454cc4ffd6a94ef52cb2 2292 bind9_9.7.1.dfsg.P2-2ubuntu0.4.dsc 4c74dba24a31e993afa316382656743873f50e7b 637114 bind9_9.7.1.dfsg.P2-2ubuntu0.4.debian.tar.gz Checksums-Sha256: b8ccf13a9d4b860e626845150e4ad3bc11aa57ac3dc3246f5bb8dd2505634684 2292 bind9_9.7.1.dfsg.P2-2ubuntu0.4.dsc 424883dbc531422b8e32f8cf881f0f458a457ea905d8d0a9e5c36077b182670a 637114 bind9_9.7.1.dfsg.P2-2ubuntu0.4.debian.tar.gz Files: 19d01b69e270523b31269ad364d690a3 2292 net optional bind9_9.7.1.dfsg.P2-2ubuntu0.4.dsc e3cee971a575add0d2bd9a0484473da0 637114 net optional bind9_9.7.1.dfsg.P2-2ubuntu0.4.debian.tar.gz Original-Maintainer: LaMont Jones From jamie at ubuntu.com Wed Jul 6 21:04:02 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 06 Jul 2011 21:04:02 -0000 Subject: [ubuntu/maverick-security] qemu-kvm 0.12.5+noroms-0ubuntu7.8 (Accepted) Message-ID: <20110706210402.13809.27402.launchpad@cocoplum.canonical.com> qemu-kvm (0.12.5+noroms-0ubuntu7.8) maverick-security; urgency=low * SECURITY UPDATE: fix to validate virtqueue in and out requests from the guests - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update hw/virtio.c to verify the length of indirect descriptors in virtqueue_pop() and virtqueue_avail_bytes() - CVE-2011-2212 * SECURITY UPDATE: validate virtio_queue_notify() is non-negative - debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update to move comparison out to syborg_virtio_writel(), virtio_ioport_write() and virtio_queue_notify_vq() and don't call common virtio code if virtqueue number is invalid. Patch from Debian. - CVE-2011-2512 Date: Tue, 05 Jul 2011 14:41:30 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.8 -------------- next part -------------- Format: 1.8 Date: Tue, 05 Jul 2011 14:41:30 -0500 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.5+noroms-0ubuntu7.8 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Changes: qemu-kvm (0.12.5+noroms-0ubuntu7.8) maverick-security; urgency=low . * SECURITY UPDATE: fix to validate virtqueue in and out requests from the guests - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update hw/virtio.c to verify the length of indirect descriptors in virtqueue_pop() and virtqueue_avail_bytes() - CVE-2011-2212 * SECURITY UPDATE: validate virtio_queue_notify() is non-negative - debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update to move comparison out to syborg_virtio_writel(), virtio_ioport_write() and virtio_queue_notify_vq() and don't call common virtio code if virtqueue number is invalid. Patch from Debian. - CVE-2011-2512 Checksums-Sha1: 185755bb11fc38e70245a25759e49fc2c1b2fecb 2183 qemu-kvm_0.12.5+noroms-0ubuntu7.8.dsc bed4d2151789169626ba8b962e6cef0c91058ffd 66016 qemu-kvm_0.12.5+noroms-0ubuntu7.8.diff.gz Checksums-Sha256: adbb31c75a1de7bb81fd3f9a6174804df54e9fa11d4a95764fbd704d9fc2cf0f 2183 qemu-kvm_0.12.5+noroms-0ubuntu7.8.dsc 75e9c423593eb15717012a8fb94e80ff440ab2586ad3e107cc3f17da47976c23 66016 qemu-kvm_0.12.5+noroms-0ubuntu7.8.diff.gz Files: dd68a41c097a5502967766df56fd2cae 2183 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.8.dsc 80ec7c7c20109897968a08377018827c 66016 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.8.diff.gz From jamie at ubuntu.com Thu Jul 7 18:03:35 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 07 Jul 2011 18:03:35 -0000 Subject: [ubuntu/maverick-security] oprofile 0.9.6-1.1ubuntu1.1 (Accepted) Message-ID: <20110707180335.13947.1512.launchpad@cocoplum.canonical.com> oprofile (0.9.6-1.1ubuntu1.1) maverick-security; urgency=low * SECURITY UPDATE: shell metacharacter injection -e argument and arbitrary file overwrite - 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e - 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch: ensure that --save only saves things in $SESSION_DIR - 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands in $SETUP_FILE - 0004-Do-additional-checks-on-user-supplied-arguments.patch: input validation on user supplied values - 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename() which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch - CVE-2011-1760 Date: Thu, 07 Jul 2011 11:04:29 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/oprofile/0.9.6-1.1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Thu, 07 Jul 2011 11:04:29 -0500 Source: oprofile Binary: oprofile libopagent1 oprofile-gui Architecture: source Version: 0.9.6-1.1ubuntu1.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libopagent1 - system-wide profiler for Linux systems (opagent runtime library) oprofile - system-wide profiler for Linux systems oprofile-gui - system-wide profiler for Linux systems (GUI components) Changes: oprofile (0.9.6-1.1ubuntu1.1) maverick-security; urgency=low . * SECURITY UPDATE: shell metacharacter injection -e argument and arbitrary file overwrite - 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e - 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch: ensure that --save only saves things in $SESSION_DIR - 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands in $SETUP_FILE - 0004-Do-additional-checks-on-user-supplied-arguments.patch: input validation on user supplied values - 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename() which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch - CVE-2011-1760 Checksums-Sha1: 0b748fde349e73d3f0012fb3a94f25b2d35b3313 2193 oprofile_0.9.6-1.1ubuntu1.1.dsc d584b864be277c6af132c30cd5c8c39d6feba492 24551 oprofile_0.9.6-1.1ubuntu1.1.diff.gz Checksums-Sha256: e897771da94a824477b5206cc5353c3ed53fa0bf706b67186a1f336458dff6cb 2193 oprofile_0.9.6-1.1ubuntu1.1.dsc 569856452f5542d513f2da251bc75fde7b875b5aec59e10884b79ad62ce31a7b 24551 oprofile_0.9.6-1.1ubuntu1.1.diff.gz Files: d4ed4f07b836063106def114221c5930 2193 devel optional oprofile_0.9.6-1.1ubuntu1.1.dsc f9bed573eac92f30d5618e574f65552f 24551 devel optional oprofile_0.9.6-1.1ubuntu1.1.diff.gz Original-Maintainer: LIU Qi From jamie at ubuntu.com Thu Jul 7 23:03:35 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 07 Jul 2011 23:03:35 -0000 Subject: [ubuntu/maverick-security] jabberd2 2.2.8-2ubuntu4.0.10.10.1 (Accepted) Message-ID: <20110707230335.20664.8210.launchpad@cocoplum.canonical.com> jabberd2 (2.2.8-2ubuntu4.0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: Prevent entity expansion in order to prevent the billion laughs DoS attack - Patch thanks to Nico Golde from Debian - CVE-2011-1755.dpatch Date: Thu, 02 Jun 2011 06:47:26 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/jabberd2/2.2.8-2ubuntu4.0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 02 Jun 2011 06:47:26 -0500 Source: jabberd2 Binary: jabberd2 Architecture: source Version: 2.2.8-2ubuntu4.0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: jabberd2 - Jabber instant messenger server Changes: jabberd2 (2.2.8-2ubuntu4.0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: Prevent entity expansion in order to prevent the billion laughs DoS attack - Patch thanks to Nico Golde from Debian - CVE-2011-1755.dpatch Checksums-Sha1: 1b38c1933a7d2c91cc198b8609542d4e23d8713c 2134 jabberd2_2.2.8-2ubuntu4.0.10.10.1.dsc fbdd971f74b7f65489f69b4a0ef5ea87a90bf0c6 10736 jabberd2_2.2.8-2ubuntu4.0.10.10.1.diff.gz Checksums-Sha256: f129c7f03f6c7269bff3c4939a2e956e8a1d0c7147cb83a2e33d18b99cd7b832 2134 jabberd2_2.2.8-2ubuntu4.0.10.10.1.dsc 62e0cb53eae5a3dfd77672757da19f80ac0ee942a4b30180b8816ae6aa5b9474 10736 jabberd2_2.2.8-2ubuntu4.0.10.10.1.diff.gz Files: f675663031099b7f010b0e0ffa76d011 2134 net optional jabberd2_2.2.8-2ubuntu4.0.10.10.1.dsc 54a7b2baec6c50830256929dbfd83e57 10736 net optional jabberd2_2.2.8-2ubuntu4.0.10.10.1.diff.gz Original-Maintainer: Debian XMPP Maintainers From cjwatson at ubuntu.com Mon Jul 11 04:52:26 2011 From: cjwatson at ubuntu.com (Colin Watson) Date: Mon, 11 Jul 2011 04:52:26 -0000 Subject: [ubuntu/maverick-proposed] ubiquity 2.4.9 (Accepted) Message-ID: <20110711045226.13877.55293.launchpad@chaenomeles.canonical.com> ubiquity (2.4.9) maverick-proposed; urgency=low * Add --config=Mode:0644 to debconf-copydb call, as otherwise we leave /var/cache/debconf/config.dat mode 0600 in the installed system, breaking the first run of some package management frontends (LP: #442941). Date: Thu, 07 Jul 2011 23:43:11 +0100 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/maverick/+source/ubiquity/2.4.9 -------------- next part -------------- Format: 1.8 Date: Thu, 07 Jul 2011 23:43:11 +0100 Source: ubiquity Binary: ubiquity ubiquity-ubuntu-artwork ubiquity-frontend-gtk ubiquity-frontend-kde ubiquity-frontend-debconf oem-config oem-config-gtk oem-config-kde oem-config-debconf oem-config-check oem-config-udeb oem-config-remaster Architecture: source Version: 2.4.9 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: oem-config - Perform end-user configuration after initial OEM installation oem-config-check - enter OEM mode if requested (udeb) oem-config-debconf - debconf frontend for end-user post-OEM-install configuration oem-config-gtk - GTK+ frontend for end-user post-OEM-install configuration oem-config-kde - KDE frontend for end-user post-OEM-install configuration oem-config-remaster - Remaster a CD with additional oem-config functionality oem-config-udeb - Prepare for OEM configuration (udeb) ubiquity - Ubuntu live CD installer ubiquity-frontend-debconf - debconf frontend for the Ubiquity live installer ubiquity-frontend-gtk - GTK+ frontend for Ubiquity live installer ubiquity-frontend-kde - KDE frontend for Ubiquity live installer ubiquity-ubuntu-artwork - Ubuntu artwork for Ubiquity live installer Launchpad-Bugs-Fixed: 442941 Changes: ubiquity (2.4.9) maverick-proposed; urgency=low . * Add --config=Mode:0644 to debconf-copydb call, as otherwise we leave /var/cache/debconf/config.dat mode 0600 in the installed system, breaking the first run of some package management frontends (LP: #442941). Checksums-Sha1: 794dc3facf5d768f9e84526aee329b289d988788 2502 ubiquity_2.4.9.dsc d2d55cd94440236addc6b8b09b5cbd922d327e02 5824126 ubiquity_2.4.9.tar.bz2 Checksums-Sha256: afe401260e762720f5466b24ea16b77872a01130583a4656df03ab55a5b77882 2502 ubiquity_2.4.9.dsc ca77ae451fc18ce559edec67e4671e1b3146cabed22a51d4c4ca5c9687dac941 5824126 ubiquity_2.4.9.tar.bz2 Files: 7d078b32b918902007e0c5bffe8ababd 2502 admin optional ubiquity_2.4.9.dsc d3e82749e017d3a0f1be7e5c0aba48d3 5824126 admin optional ubiquity_2.4.9.tar.bz2 From lfaraone at ubuntu.com Mon Jul 11 05:02:10 2011 From: lfaraone at ubuntu.com (Luke Faraone) Date: Mon, 11 Jul 2011 05:02:10 -0000 Subject: [ubuntu/maverick-proposed] pianobar 2010.10.07-1ubuntu0.3 (Accepted) Message-ID: <20110711050210.19456.15286.launchpad@wampee.canonical.com> pianobar (2010.10.07-1ubuntu0.3) maverick-proposed; urgency=low * Support new XMLRPC api (v31) (LP: #807860) Date: Sat, 09 Jul 2011 10:53:27 -0400 Changed-By: Luke Faraone https://launchpad.net/ubuntu/maverick/+source/pianobar/2010.10.07-1ubuntu0.3 -------------- next part -------------- Format: 1.8 Date: Sat, 09 Jul 2011 10:53:27 -0400 Source: pianobar Binary: pianobar Architecture: source Version: 2010.10.07-1ubuntu0.3 Distribution: maverick-proposed Urgency: low Maintainer: Luke Faraone Changed-By: Luke Faraone Description: pianobar - console based player for Pandora radio Launchpad-Bugs-Fixed: 807860 Changes: pianobar (2010.10.07-1ubuntu0.3) maverick-proposed; urgency=low . * Support new XMLRPC api (v31) (LP: #807860) Checksums-Sha1: 94b536fb8f2ab47dbc724a0efb33625f767cbdef 1863 pianobar_2010.10.07-1ubuntu0.3.dsc d6fe282b90cd9267310437b75d40cc4f25016aba 56370 pianobar_2010.10.07-1ubuntu0.3.debian.tar.gz Checksums-Sha256: 32d0b5a9789259c0cc0a388194f79326224f81b14ed34dd6a154bfdb779d98f0 1863 pianobar_2010.10.07-1ubuntu0.3.dsc 91faf9b08f418b7664e20039bbf2b08f7b7db6c4359c2cdd08c9927a857bd015 56370 pianobar_2010.10.07-1ubuntu0.3.debian.tar.gz Files: feb73f1acb1bad216df1e0e68626f1d2 1863 sound optional pianobar_2010.10.07-1ubuntu0.3.dsc a8f6ff1b3eb4ed901a52f4a9155ee1d4 56370 sound optional pianobar_2010.10.07-1ubuntu0.3.debian.tar.gz From serge.hallyn at ubuntu.com Mon Jul 11 05:04:31 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Mon, 11 Jul 2011 05:04:31 -0000 Subject: [ubuntu/maverick-proposed] qemu-kvm 0.12.5+noroms-0ubuntu7.9 (Accepted) Message-ID: <20110711050431.19062.2337.launchpad@wampee.canonical.com> qemu-kvm (0.12.5+noroms-0ubuntu7.9) maverick-proposed; urgency=low * Add usb-linux-increase-buffer-for-usb-ctrl-req.patch from upstream to increase the usb control buffer. (LP: #790145) Date: Thu, 07 Jul 2011 09:29:43 -0500 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.9 -------------- next part -------------- Format: 1.8 Date: Thu, 07 Jul 2011 09:29:43 -0500 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.5+noroms-0ubuntu7.9 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Launchpad-Bugs-Fixed: 790145 Changes: qemu-kvm (0.12.5+noroms-0ubuntu7.9) maverick-proposed; urgency=low . * Add usb-linux-increase-buffer-for-usb-ctrl-req.patch from upstream to increase the usb control buffer. (LP: #790145) Checksums-Sha1: e4c7928c32f4ad3907197d19db997c1b9766a710 1835 qemu-kvm_0.12.5+noroms-0ubuntu7.9.dsc c316ac8a1b040e28275bf34911fbce14209c1563 4722351 qemu-kvm_0.12.5+noroms.orig.tar.gz e61a143143168205d7aa3639a83bf5b1f3b2d74c 66236 qemu-kvm_0.12.5+noroms-0ubuntu7.9.diff.gz Checksums-Sha256: acf59b8d965930bcdb90d6d9a5afff98507a60e9836d079fd56416fa38457a1d 1835 qemu-kvm_0.12.5+noroms-0ubuntu7.9.dsc 24c085aecbc784ea8b4837ca02bfe5086c7f91c8a88a0f607826692234af583f 4722351 qemu-kvm_0.12.5+noroms.orig.tar.gz 5ac4bb4abe7a9b2f434ff3af0c4703a854874fc1fd7e7b44e9e2ba18611db5b5 66236 qemu-kvm_0.12.5+noroms-0ubuntu7.9.diff.gz Files: e07b998d64a753f0b047ebdbda85ef23 1835 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.9.dsc c7303c30432dc4eb0a39bb85a9d15cc9 4722351 misc optional qemu-kvm_0.12.5+noroms.orig.tar.gz 1e03ba974d4f8ef9c3292c77dff860e1 66236 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.9.diff.gz From serge.hallyn at ubuntu.com Tue Jul 12 08:41:52 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Tue, 12 Jul 2011 08:41:52 -0000 Subject: [ubuntu/maverick-proposed] libvirt 0.8.3-1ubuntu19 (Accepted) Message-ID: <20110712084152.20741.22678.launchpad@gac.canonical.com> libvirt (0.8.3-1ubuntu19) maverick-proposed; urgency=low * Fix /etc/init/libvirt-bin.conf start on to wait until networking.conf has stopped with success, meaning ifup -a completed successfully and all auto-started network devices are up. (LP: #495394) Date: Thu, 07 Jul 2011 16:48:36 -0500 Changed-By: Serge Hallyn Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libvirt/0.8.3-1ubuntu19 -------------- next part -------------- Format: 1.8 Date: Thu, 07 Jul 2011 16:48:36 -0500 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.8.3-1ubuntu19 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Serge Hallyn Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Launchpad-Bugs-Fixed: 495394 Changes: libvirt (0.8.3-1ubuntu19) maverick-proposed; urgency=low . * Fix /etc/init/libvirt-bin.conf start on to wait until networking.conf has stopped with success, meaning ifup -a completed successfully and all auto-started network devices are up. (LP: #495394) Checksums-Sha1: f6dc033209e6a6b93c64185d27eff790c7290ff6 2313 libvirt_0.8.3-1ubuntu19.dsc 4dc92139031f2af3141c2b1d0813b57ecd735c5d 12430752 libvirt_0.8.3.orig.tar.gz 4baa70c3b4e55358e353b98db3118405a4cbae39 70300 libvirt_0.8.3-1ubuntu19.debian.tar.gz Checksums-Sha256: 0396a42e52b5def5ee1460f59ba9764094096114ef0af619ed6133adca9e965c 2313 libvirt_0.8.3-1ubuntu19.dsc 35e1836c3947ac3edd7b4a1948cf13f5f13dd3e5bb31933d627d771b1e997a1f 12430752 libvirt_0.8.3.orig.tar.gz 127741fa568469a2910c94e465143b496ce3d196f3010015607d2734a26f0de7 70300 libvirt_0.8.3-1ubuntu19.debian.tar.gz Files: 4f3312f9ef9d852d984f3607a6209593 2313 libs optional libvirt_0.8.3-1ubuntu19.dsc ae8535ce119d32a2e9fb1f46e2c8f325 12430752 libs optional libvirt_0.8.3.orig.tar.gz db8a64a4eb3fca4b534e3ecf714df8a1 70300 libs optional libvirt_0.8.3-1ubuntu19.debian.tar.gz Original-Maintainer: Debian Libvirt Maintainers From brian.thomason at canonical.com Tue Jul 12 18:20:46 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Tue, 12 Jul 2011 18:20:46 -0000 Subject: [ubuntu/maverick] sun-java6 6.26-1maverick1 (Accepted) Message-ID: <20110712182046.24094.3305.launchpad@cocoplum.canonical.com> sun-java6 (6.26-1maverick1) maverick; urgency=low * Initial release of 6.26 for Maverick Date: Tue, 12 Jul 2011 18:12:51 +0000 Changed-By: Brian Thomason Maintainer: Debian Java Maintainers https://launchpad.net/ubuntu/maverick/+source/sun-java6/6.26-1maverick1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 12 Jul 2011 18:12:51 +0000 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb Architecture: source Version: 6.26-1maverick1 Distribution: maverick Urgency: low Maintainer: Debian Java Maintainers Changed-By: Brian Thomason Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Changes: sun-java6 (6.26-1maverick1) maverick; urgency=low . * Initial release of 6.26 for Maverick Checksums-Sha1: c85bf89253f8f492b14d31bf42bb207a36307a92 1686 sun-java6_6.26-1maverick1.dsc 970f4d7c45b5937b92f384a3250bc634ff05d985 87450 sun-java6_6.26-1maverick1.debian.tar.gz Checksums-Sha256: e3f54c192defb12497369683667edcbcad0d4a8c5468d6b1b82b6f583a6e7888 1686 sun-java6_6.26-1maverick1.dsc 294414e5d0acf0c2bb723e8e82c20a8f300d20b05fdd2d136943af433f3a5e78 87450 sun-java6_6.26-1maverick1.debian.tar.gz Files: 922a2a87ed86afa7bbd2bae335830845 1686 partner/java optional sun-java6_6.26-1maverick1.dsc 44050954a2a754663b1140b0a6d1a91b 87450 partner/java optional sun-java6_6.26-1maverick1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk4cjxMACgkQOb4zNfJqN5eYhACfevBh7zZTemcqcWLBbX+6tZ84 C+cAnjRopXiRoy0oXW3SDIYvXOmX7hzm =LAm+ -----END PGP SIGNATURE----- From gary.lasker at canonical.com Thu Jul 14 16:26:44 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Thu, 14 Jul 2011 16:26:44 -0000 Subject: [ubuntu/maverick-proposed] software-center 3.0.10 (Accepted) Message-ID: <20110714162644.20891.53332.launchpad@chaenomeles.canonical.com> software-center (3.0.10) maverick-proposed; urgency=low * softwarecenter/utils.py, softwarecenter/backend/aptd.py, test/test_software_channels.py: - obfuscate private ppa details in the error log output and in the error dialog itself, add corresponding unit test (LP: #807745) Date: Fri, 08 Jul 2011 18:01:01 -0400 Changed-By: Gary Lasker Maintainer: Michael Vogt Signed-By: Michael Vogt https://launchpad.net/ubuntu/maverick/+source/software-center/3.0.10 -------------- next part -------------- Format: 1.8 Date: Fri, 08 Jul 2011 18:01:01 -0400 Source: software-center Binary: software-center Architecture: source Version: 3.0.10 Distribution: maverick-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Gary Lasker Description: software-center - Utility for browsing, installing, and removing applications Launchpad-Bugs-Fixed: 807745 Changes: software-center (3.0.10) maverick-proposed; urgency=low . * softwarecenter/utils.py, softwarecenter/backend/aptd.py, test/test_software_channels.py: - obfuscate private ppa details in the error log output and in the error dialog itself, add corresponding unit test (LP: #807745) Checksums-Sha1: e479d3476e87c0d86bc8e50647a04a39305acbc9 1025 software-center_3.0.10.dsc 21e3ca33cbb01a8036752a50d52ed0d0c5304c99 633776 software-center_3.0.10.tar.gz Checksums-Sha256: 3fc8d6bac0d6e633a67800c507e220a594728999a9a42b60d18dd36d542a0865 1025 software-center_3.0.10.dsc fb0287157cb088fd4dc4cf8d6ec94b77e5f23a591362ae1a7afe7a94433c5264 633776 software-center_3.0.10.tar.gz Files: 682beba1ea1cd5660c7c2cd2ccc58a10 1025 gnome optional software-center_3.0.10.dsc 81adf936682e3d8bbabadc2e23f14fb9 633776 gnome optional software-center_3.0.10.tar.gz From cjwatson at ubuntu.com Mon Jul 18 13:25:01 2011 From: cjwatson at ubuntu.com (Colin Watson) Date: Mon, 18 Jul 2011 13:25:01 -0000 Subject: [ubuntu/maverick-proposed] ubiquity 2.4.10 (Accepted) Message-ID: <20110718132501.14212.37354.launchpad@soybean.canonical.com> ubiquity (2.4.10) maverick-proposed; urgency=low * Separate out oem-config-debconf into a new Upstart job which is only installed in the oem-config-debconf package, to prevent race conditions between oem-config-gtk and gdm (thanks, Mario Limonciello; LP: #650703). ubiquity (2.4.9) maverick-proposed; urgency=low * Add --config=Mode:0644 to debconf-copydb call, as otherwise we leave /var/cache/debconf/config.dat mode 0600 in the installed system, breaking the first run of some package management frontends (LP: #442941). Date: Mon, 18 Jul 2011 13:52:12 +0100 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/maverick/+source/ubiquity/2.4.10 -------------- next part -------------- Format: 1.8 Date: Mon, 18 Jul 2011 13:52:12 +0100 Source: ubiquity Binary: ubiquity ubiquity-ubuntu-artwork ubiquity-frontend-gtk ubiquity-frontend-kde ubiquity-frontend-debconf oem-config oem-config-gtk oem-config-kde oem-config-debconf oem-config-check oem-config-udeb oem-config-remaster Architecture: source Version: 2.4.10 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: oem-config - Perform end-user configuration after initial OEM installation oem-config-check - enter OEM mode if requested (udeb) oem-config-debconf - debconf frontend for end-user post-OEM-install configuration oem-config-gtk - GTK+ frontend for end-user post-OEM-install configuration oem-config-kde - KDE frontend for end-user post-OEM-install configuration oem-config-remaster - Remaster a CD with additional oem-config functionality oem-config-udeb - Prepare for OEM configuration (udeb) ubiquity - Ubuntu live CD installer ubiquity-frontend-debconf - debconf frontend for the Ubiquity live installer ubiquity-frontend-gtk - GTK+ frontend for Ubiquity live installer ubiquity-frontend-kde - KDE frontend for Ubiquity live installer ubiquity-ubuntu-artwork - Ubuntu artwork for Ubiquity live installer Launchpad-Bugs-Fixed: 442941 650703 Changes: ubiquity (2.4.10) maverick-proposed; urgency=low . * Separate out oem-config-debconf into a new Upstart job which is only installed in the oem-config-debconf package, to prevent race conditions between oem-config-gtk and gdm (thanks, Mario Limonciello; LP: #650703). . ubiquity (2.4.9) maverick-proposed; urgency=low . * Add --config=Mode:0644 to debconf-copydb call, as otherwise we leave /var/cache/debconf/config.dat mode 0600 in the installed system, breaking the first run of some package management frontends (LP: #442941). Checksums-Sha1: 7305a0e587253828019e5a557c341e63a7cc568b 2506 ubiquity_2.4.10.dsc aa105ab129a4d6da9384c7fcef5bb07bfe3374ca 5824151 ubiquity_2.4.10.tar.bz2 Checksums-Sha256: 353adeaa384996209e20e641945b70452fbaeb465ab55ffb3ade988a746e66df 2506 ubiquity_2.4.10.dsc 8ae76fc1923b8d3aef604da21689671ad1bb5ee629fff4b5c1a6a2d2ad24e93c 5824151 ubiquity_2.4.10.tar.bz2 Files: da7cfe48e7914898b8f83f299dda5fec 2506 admin optional ubiquity_2.4.10.dsc 0df6c609357981471f3c016668737a2d 5824151 admin optional ubiquity_2.4.10.tar.bz2 From steve.langasek at ubuntu.com Tue Jul 19 20:41:58 2011 From: steve.langasek at ubuntu.com (Steve Langasek) Date: Tue, 19 Jul 2011 20:41:58 -0000 Subject: [ubuntu/maverick-proposed] nfs-utils 1:1.2.2-1ubuntu1.2 (Accepted) Message-ID: <20110719204158.14897.46855.launchpad@soybean.canonical.com> nfs-utils (1:1.2.2-1ubuntu1.2) maverick-proposed; urgency=low * debian/nfs-common.idmapd.upstart: don't use a script unnecessarily for our job when we can exec directly - making the job more resilient in the face of races with /usr being mounted. LP: #811823. * Drop rpc_pipefs.conf; this has gotten far more complicated than it should be, just do the mount in-line in each of the gssd and idmapd jobs. Date: Sun, 17 Jul 2011 22:45:15 -0700 Changed-By: Steve Langasek Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/nfs-utils/1:1.2.2-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Sun, 17 Jul 2011 22:45:15 -0700 Source: nfs-utils Binary: nfs-kernel-server nfs-common Architecture: source Version: 1:1.2.2-1ubuntu1.2 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Langasek Description: nfs-common - NFS support files common to client and server nfs-kernel-server - support for NFS kernel server Launchpad-Bugs-Fixed: 811823 Changes: nfs-utils (1:1.2.2-1ubuntu1.2) maverick-proposed; urgency=low . * debian/nfs-common.idmapd.upstart: don't use a script unnecessarily for our job when we can exec directly - making the job more resilient in the face of races with /usr being mounted. LP: #811823. * Drop rpc_pipefs.conf; this has gotten far more complicated than it should be, just do the mount in-line in each of the gssd and idmapd jobs. Checksums-Sha1: 8696be0daaeb3bed950e33c4afae1a7414f4b64e 2093 nfs-utils_1.2.2-1ubuntu1.2.dsc b0bd101a3d44c1f98e4e398106cf1c74165e58b3 36578 nfs-utils_1.2.2-1ubuntu1.2.debian.tar.bz2 Checksums-Sha256: 8ec007d10a8e0b2bdadb7e71751737de63aad6d714476a0c70418fc1799d8da3 2093 nfs-utils_1.2.2-1ubuntu1.2.dsc b0b01e5c3b3c9ca1c8307c9129c3a936762aeeaa19dac2030e20d045c5bc31aa 36578 nfs-utils_1.2.2-1ubuntu1.2.debian.tar.bz2 Files: 5e837cc150b64484728d41526200a631 2093 net standard nfs-utils_1.2.2-1ubuntu1.2.dsc 78f979256c943c89d3941c6f237cdeda 36578 net standard nfs-utils_1.2.2-1ubuntu1.2.debian.tar.bz2 Original-Maintainer: Debian kernel team From ssalley at likewise.com Wed Jul 20 00:03:42 2011 From: ssalley at likewise.com (Scott Salley) Date: Wed, 20 Jul 2011 00:03:42 -0000 Subject: [ubuntu/maverick-security] likewise-open 5.4.0.42111-2ubuntu2.1 (Accepted) Message-ID: <20110720000342.26950.75941.launchpad@cocoplum.canonical.com> likewise-open (5.4.0.42111-2ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: local access restrictions bypass via SQL injection - debian/patches/lp-security-CVE-2011-2467.diff: Construct SQL queries using safe methods. - CVE-2011-2467 * debian/rules: ensure autotool files were regenerated Date: Tue, 28 Jun 2011 17:00:39 -0700 Changed-By: Scott Salley Maintainer: Chuck Short https://launchpad.net/ubuntu/maverick/+source/likewise-open/5.4.0.42111-2ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Tue, 28 Jun 2011 17:00:39 -0700 Source: likewise-open Binary: likewise-open5 likewise-open5-gui likewise-open5-libs likewise-open5-lsass likewise-open5-eventlog likewise-open5-netlogon likewise-open5-rpc likewise-open likewise-open-gui likewise-open-server Architecture: source Version: 5.4.0.42111-2ubuntu2.1 Distribution: maverick-security Urgency: low Maintainer: Chuck Short Changed-By: Scott Salley Description: likewise-open - Authentication services for Active Directory Domains likewise-open-gui - Desktop utility for joining Active Directory domains likewise-open-server - Likewise-CIFS and related server components likewise-open5 - transitional dummy package likewise-open5-eventlog - transitional dummy package likewise-open5-gui - transitional dummy package likewise-open5-libs - transitional dummy package likewise-open5-lsass - transitional dummy package likewise-open5-netlogon - transitional dummy package likewise-open5-rpc - transitional dummy package Changes: likewise-open (5.4.0.42111-2ubuntu2.1) maverick-security; urgency=low . * SECURITY UPDATE: local access restrictions bypass via SQL injection - debian/patches/lp-security-CVE-2011-2467.diff: Construct SQL queries using safe methods. - CVE-2011-2467 * debian/rules: ensure autotool files were regenerated Checksums-Sha1: 21648888cf9602f7c541a5ed64505c68bf3b9acc 2252 likewise-open_5.4.0.42111-2ubuntu2.1.dsc dea034029f3896981c6a914caa135ba549f0dfc6 75775 likewise-open_5.4.0.42111-2ubuntu2.1.diff.gz Checksums-Sha256: f2e4f6be8d82cb390e8e6d1e3b3e25e4a81f97de68886966e6d3b7c7ad3b778f 2252 likewise-open_5.4.0.42111-2ubuntu2.1.dsc c8c54ef78484fd7ae08b1d5474753d665cdd4e0663efc109fcc8b785682f30c2 75775 likewise-open_5.4.0.42111-2ubuntu2.1.diff.gz Files: bed8070fd12aa8efe6182e22ec2a92a8 2252 net optional likewise-open_5.4.0.42111-2ubuntu2.1.dsc ff2730def0191d855f07b6b7694f6207 75775 net optional likewise-open_5.4.0.42111-2ubuntu2.1.diff.gz Original-Maintainer: Gerald Carter From crimsun at ubuntu.com Wed Jul 20 05:45:46 2011 From: crimsun at ubuntu.com (Daniel T Chen) Date: Wed, 20 Jul 2011 05:45:46 -0000 Subject: [ubuntu/maverick-proposed] wackamole 2.1.1-3.1ubuntu0.10.10.0 (Accepted) Message-ID: <20110720054546.13916.51082.launchpad@soybean.canonical.com> wackamole (2.1.1-3.1ubuntu0.10.10.0) maverick-proposed; urgency=low * Tweak patch from Eric Williams to handle nonexistence of the pid dir in /var/run before invoking the daemon. Thanks, Eric! (LP: #788085) Date: Tue, 19 Jul 2011 17:39:28 -0400 Changed-By: Daniel T Chen Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/wackamole/2.1.1-3.1ubuntu0.10.10.0 -------------- next part -------------- Format: 1.8 Date: Tue, 19 Jul 2011 17:39:28 -0400 Source: wackamole Binary: wackamole Architecture: source Version: 2.1.1-3.1ubuntu0.10.10.0 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Daniel T Chen Description: wackamole - Daemon to make a cluster highly available Launchpad-Bugs-Fixed: 788085 Changes: wackamole (2.1.1-3.1ubuntu0.10.10.0) maverick-proposed; urgency=low . * Tweak patch from Eric Williams to handle nonexistence of the pid dir in /var/run before invoking the daemon. Thanks, Eric! (LP: #788085) Checksums-Sha1: 2adb093bd23e8cbdca9a42f35b97985ec17aca0c 1228 wackamole_2.1.1-3.1ubuntu0.10.10.0.dsc 9056fee72df08ed44c176457bc9ac3def5b4c2c1 34615 wackamole_2.1.1-3.1ubuntu0.10.10.0.diff.gz Checksums-Sha256: 5e55f2d17253270bc784ed87fd8fe7d57d36230c0ae4000293c96dda214559e7 1228 wackamole_2.1.1-3.1ubuntu0.10.10.0.dsc 8f114d8f6f12b6ca0d0e49caf8cbd99176d77b924d2a1b8b7914ecd00c6a4c08 34615 wackamole_2.1.1-3.1ubuntu0.10.10.0.diff.gz Files: 28a60a35384118b13f96575c939f0dc0 1228 net optional wackamole_2.1.1-3.1ubuntu0.10.10.0.dsc 12bf21aa21545e0ba026e3b782aa68b6 34615 net optional wackamole_2.1.1-3.1ubuntu0.10.10.0.diff.gz Original-Maintainer: Michael Mende From crimsun at ubuntu.com Wed Jul 20 05:48:02 2011 From: crimsun at ubuntu.com (Daniel T Chen) Date: Wed, 20 Jul 2011 05:48:02 -0000 Subject: [ubuntu/maverick-proposed] w-scan 20100316-3ubuntu0.1 (Accepted) Message-ID: <20110720054802.14347.76284.launchpad@soybean.canonical.com> w-scan (20100316-3ubuntu0.1) maverick-proposed; urgency=low * Backport patch from Michael Krufky resolving 8VSB & 16VSB channel xine dump for ATSC channel scan. Thanks, Michael! (LP: #771786) Date: Tue, 19 Jul 2011 19:40:35 -0400 Changed-By: Daniel T Chen Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/w-scan/20100316-3ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Tue, 19 Jul 2011 19:40:35 -0400 Source: w-scan Binary: w-scan Architecture: source Version: 20100316-3ubuntu0.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Daniel T Chen Description: w-scan - Channel scanning tool for for DVB and ATSC channels Launchpad-Bugs-Fixed: 771786 Changes: w-scan (20100316-3ubuntu0.1) maverick-proposed; urgency=low . * Backport patch from Michael Krufky resolving 8VSB & 16VSB channel xine dump for ATSC channel scan. Thanks, Michael! (LP: #771786) Checksums-Sha1: 23182000dffc30f775d2221c1fe29ae1c58c703c 1417 w-scan_20100316-3ubuntu0.1.dsc 2963cbb07ebeeae7e9fb206b399e968a714c9ea2 4109 w-scan_20100316-3ubuntu0.1.debian.tar.gz Checksums-Sha256: 18137bfbe19546b97d44a227ce7bad5690d45bc4866770cfaa534fbffa393244 1417 w-scan_20100316-3ubuntu0.1.dsc 6b56d25d155e995ab4ec5d0099425079d3500b7097f37cadbb226a43cea78ccf 4109 w-scan_20100316-3ubuntu0.1.debian.tar.gz Files: 0bd92ed7d5c99b97fe1adae02a9e374c 1417 video extra w-scan_20100316-3ubuntu0.1.dsc 026ffa16e91bb78c3060ec2fae57ef88 4109 video extra w-scan_20100316-3ubuntu0.1.debian.tar.gz Original-Maintainer: Debian VDR Team From crimsun at ubuntu.com Wed Jul 20 05:50:39 2011 From: crimsun at ubuntu.com (Daniel T Chen) Date: Wed, 20 Jul 2011 05:50:39 -0000 Subject: [ubuntu/maverick-proposed] patchage 0.4.4-1.2ubuntu0.10.10.0 (Accepted) Message-ID: <20110720055039.21868.22960.launchpad@wampee.canonical.com> patchage (0.4.4-1.2ubuntu0.10.10.0) maverick-proposed; urgency=low * Tweak patch from Dan Muresan adding dbus-glib build-dependency to restore LASH functionality. Thanks, Dan! (LP: #730506) Date: Mon, 18 Jul 2011 10:44:44 -0400 Changed-By: Daniel T Chen Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/patchage/0.4.4-1.2ubuntu0.10.10.0 -------------- next part -------------- Format: 1.8 Date: Mon, 18 Jul 2011 10:44:44 -0400 Source: patchage Binary: patchage Architecture: source Version: 0.4.4-1.2ubuntu0.10.10.0 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Daniel T Chen Description: patchage - modular patch bay for Jack audio and Alsa Midi Launchpad-Bugs-Fixed: 730506 Changes: patchage (0.4.4-1.2ubuntu0.10.10.0) maverick-proposed; urgency=low . * Tweak patch from Dan Muresan adding dbus-glib build-dependency to restore LASH functionality. Thanks, Dan! (LP: #730506) Checksums-Sha1: 5c987b791bb6cc03596e09516d224aa6e0661c2d 1489 patchage_0.4.4-1.2ubuntu0.10.10.0.dsc 5dc690c4038c9ac0836adc68cf55063cd1ea5851 7794 patchage_0.4.4-1.2ubuntu0.10.10.0.debian.tar.gz Checksums-Sha256: 97aad5bd1dfb1155dcf873693fd589f76d04b7467c40b5c30b74a72af7c111cc 1489 patchage_0.4.4-1.2ubuntu0.10.10.0.dsc 214e9d5ddf81dd3a2ec5a1a7776dc365f00e7261aef9db6164d11f330d6021c4 7794 patchage_0.4.4-1.2ubuntu0.10.10.0.debian.tar.gz Files: 8cb66d165cd779c56b26a8ef9fc6a434 1489 sound optional patchage_0.4.4-1.2ubuntu0.10.10.0.dsc 07060f2cc4ff25377fb7cbb59a67495d 7794 sound optional patchage_0.4.4-1.2ubuntu0.10.10.0.debian.tar.gz Original-Maintainer: Paul Brossier From cjwatson at ubuntu.com Wed Jul 20 05:54:24 2011 From: cjwatson at ubuntu.com (Colin Watson) Date: Wed, 20 Jul 2011 05:54:24 -0000 Subject: [ubuntu/maverick-proposed] kickseed 0.54ubuntu1.10.10.1 (Accepted) Message-ID: <20110720055424.18358.67618.launchpad@chaenomeles.canonical.com> kickseed (0.54ubuntu1.10.10.1) maverick-proposed; urgency=low * Preseed partman-lvm/confirm_overwrite as well as partman-lvm/confirm. * Preseed partman-lvm/device_remove_lvm when confirming logvol results, since Kickstart doesn't have a separate control with a one-to-one correspondence to this (LP: #708548). Date: Tue, 19 Jul 2011 10:33:06 +0100 Changed-By: Colin Watson Maintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/maverick/+source/kickseed/0.54ubuntu1.10.10.1 -------------- next part -------------- Format: 1.8 Date: Tue, 19 Jul 2011 10:33:06 +0100 Source: kickseed Binary: kickseed-common initrd-kickseed Architecture: source Version: 0.54ubuntu1.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Installer Team Changed-By: Colin Watson Description: initrd-kickseed - Load Kickstart file from the initrd (udeb) kickseed-common - Common files for Kickstart compatibility (udeb) Launchpad-Bugs-Fixed: 708548 Changes: kickseed (0.54ubuntu1.10.10.1) maverick-proposed; urgency=low . * Preseed partman-lvm/confirm_overwrite as well as partman-lvm/confirm. * Preseed partman-lvm/device_remove_lvm when confirming logvol results, since Kickstart doesn't have a separate control with a one-to-one correspondence to this (LP: #708548). Checksums-Sha1: fb1461fad1a268116ab5724510f613da06b559dc 1756 kickseed_0.54ubuntu1.10.10.1.dsc f547e409a9494a5094cba3c822e4e4162252c21f 25718 kickseed_0.54ubuntu1.10.10.1.tar.gz Checksums-Sha256: 814a80d48ef9053eda4e7a92eeb368ab5050cd2e7b5f71a189bf81d531937483 1756 kickseed_0.54ubuntu1.10.10.1.dsc 961462707f50a83ef949e07e9bcdc1b71789081c209832604b5e824b073ffd88 25718 kickseed_0.54ubuntu1.10.10.1.tar.gz Files: 012ab3e741892641096d6abd955011a0 1756 debian-installer optional kickseed_0.54ubuntu1.10.10.1.dsc 64124d4229784d96d3b9cea7bb4e0b28 25718 debian-installer optional kickseed_0.54ubuntu1.10.10.1.tar.gz Original-Maintainer: Debian Install System Team From marc.deslauriers at ubuntu.com Thu Jul 21 16:03:38 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 21 Jul 2011 16:03:38 -0000 Subject: [ubuntu/maverick-security] logrotate 3.7.8-6ubuntu1.1 (Accepted) Message-ID: <20110721160338.6059.14492.launchpad@cocoplum.canonical.com> logrotate (3.7.8-6ubuntu1.1) maverick-security; urgency=low * SECURITY UPDATE: arbitrary code execution via shell metacharacters in log filename - debian/patches/CVE-2011-1154.patch: improve shred logic in logrotate.c. - CVE-2011-1154 * SECURITY UPDATE: denial of service via invalid characters in log filename - debian/patches/CVE-2011-1155.patch: properly escape filenames in logrotate.c. - CVE-2011-1155 Date: Fri, 17 Jun 2011 13:46:45 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/logrotate/3.7.8-6ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Fri, 17 Jun 2011 13:46:45 -0400 Source: logrotate Binary: logrotate Architecture: source Version: 3.7.8-6ubuntu1.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: logrotate - Log rotation utility Changes: logrotate (3.7.8-6ubuntu1.1) maverick-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via shell metacharacters in log filename - debian/patches/CVE-2011-1154.patch: improve shred logic in logrotate.c. - CVE-2011-1154 * SECURITY UPDATE: denial of service via invalid characters in log filename - debian/patches/CVE-2011-1155.patch: properly escape filenames in logrotate.c. - CVE-2011-1155 Checksums-Sha1: d032bd6acd0a008200e337f7eda4ff078dc9bc26 1814 logrotate_3.7.8-6ubuntu1.1.dsc 4db7ef1b7488407b4b65d2c309fc4fe19335f23e 24558 logrotate_3.7.8-6ubuntu1.1.debian.tar.gz Checksums-Sha256: 38b6953e3110e52014be98db47db6110c3113f67bf45e5d2a628557f5f71b325 1814 logrotate_3.7.8-6ubuntu1.1.dsc 3e020147938ac2c235230bad330973b42473932d775e2f1bdba8e481f0034215 24558 logrotate_3.7.8-6ubuntu1.1.debian.tar.gz Files: 30da949e7620dc3f0ca5650957271f24 1814 admin important logrotate_3.7.8-6ubuntu1.1.dsc 3fbab6e33ffb40865f3babf54fe42b8a 24558 admin important logrotate_3.7.8-6ubuntu1.1.debian.tar.gz Original-Maintainer: Paul Martin From bdrung at ubuntu.com Thu Jul 21 20:04:37 2011 From: bdrung at ubuntu.com (Benjamin Drung) Date: Thu, 21 Jul 2011 20:04:37 -0000 Subject: [ubuntu/maverick-security] vlc, vlc_1.1.4-1ubuntu1.7_amd64_translations.tar.gz, vlc_1.1.4-1ubuntu1.7_i386_translations.tar.gz, vlc_1.1.4-1ubuntu1.7_armel_translations.tar.gz, vlc_1.1.4-1ubuntu1.7_powerpc_translations.tar.gz 1.1.4-1ubuntu1.7 (Accepted) Message-ID: <20110721200437.6368.49339.launchpad@cocoplum.canonical.com> vlc (1.1.4-1ubuntu1.7) maverick-security; urgency=low * SECURITY UPDATE: Heap overflow in RealMedia demuxer (LP: #807486) - debian/patches/CVE-2011-2587.patch: real: fix heap buffer overflow, thanks to Rémi Denis-Courmont - CVE-2011-2587 - VideoLAN-SA-1105 * SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488) - debian/patches/CVE-2011-2588.patch: AVI: fix heap buffer overflow, thanks to Rémi Denis-Courmont - CVE-2011-2588 - VideoLAN-SA-1106 Date: Mon, 18 Jul 2011 16:10:28 +0200 Changed-By: Benjamin Drung Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/vlc/1.1.4-1ubuntu1.7 -------------- next part -------------- Format: 1.8 Date: Mon, 18 Jul 2011 16:10:28 +0200 Source: vlc Binary: libvlc5 libvlc-dev libvlccore4 libvlccore-dev mozilla-plugin-vlc vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-ggi vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-svgalib vlc-plugin-zvbi Architecture: source Version: 1.1.4-1ubuntu1.7 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Benjamin Drung Description: libvlc-dev - development files for libvlc libvlc5 - multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore4 - base library for VLC and its modules mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-data - Common data for VLC vlc-dbg - debugging symbols for vlc vlc-nox - multimedia player and streamer (without X support) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC vlc-plugin-zvbi - VBI teletext plugin for VLC Launchpad-Bugs-Fixed: 807486 807488 Changes: vlc (1.1.4-1ubuntu1.7) maverick-security; urgency=low . * SECURITY UPDATE: Heap overflow in RealMedia demuxer (LP: #807486) - debian/patches/CVE-2011-2587.patch: real: fix heap buffer overflow, thanks to Rémi Denis-Courmont - CVE-2011-2587 - VideoLAN-SA-1105 * SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488) - debian/patches/CVE-2011-2588.patch: AVI: fix heap buffer overflow, thanks to Rémi Denis-Courmont - CVE-2011-2588 - VideoLAN-SA-1106 Checksums-Sha1: d70c19053d8e02c8d6a6fdfd667dd1e9a2a21535 4366 vlc_1.1.4-1ubuntu1.7.dsc 181c5d62e3c948afed3c2d4faf4d7cd393c91017 61964 vlc_1.1.4-1ubuntu1.7.debian.tar.gz Checksums-Sha256: 0ae4fcdecc2aabc6a8e664f01453cc417a92fc32b2d953f5fd9f4fe1c8104dc4 4366 vlc_1.1.4-1ubuntu1.7.dsc 8017fadc4afb561468d9a4cd3c46b50e0cd5640819c007c269c10ec528dd15b2 61964 vlc_1.1.4-1ubuntu1.7.debian.tar.gz Files: 48e86983f45ddf75eac8ec6931955a20 4366 video optional vlc_1.1.4-1ubuntu1.7.dsc a21d93b9fd025fe85c5c9b9cd1a0ef20 61964 video optional vlc_1.1.4-1ubuntu1.7.debian.tar.gz Original-Maintainer: Debian multimedia packages maintainers From crimsun at ubuntu.com Fri Jul 22 16:33:03 2011 From: crimsun at ubuntu.com (Daniel T Chen) Date: Fri, 22 Jul 2011 16:33:03 -0000 Subject: [ubuntu/maverick-proposed] vim-addon-manager 0.4.3ubuntu0.10.10.0 (Accepted) Message-ID: <20110722163303.23306.49178.launchpad@soybean.canonical.com> vim-addon-manager (0.4.3ubuntu0.10.10.0) maverick-proposed; urgency=low * Apply patch from Chris Lasher fixing incorrect handling in the remove command for ~/.vim being a symlink. Thanks, Chris! (LP: #802036) Date: Mon, 18 Jul 2011 16:52:11 -0400 Changed-By: Daniel T Chen Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/vim-addon-manager/0.4.3ubuntu0.10.10.0 -------------- next part -------------- Format: 1.8 Date: Mon, 18 Jul 2011 16:52:11 -0400 Source: vim-addon-manager Binary: vim-addon-manager Architecture: source Version: 0.4.3ubuntu0.10.10.0 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Daniel T Chen Description: vim-addon-manager - manager of addons for the Vim editor Launchpad-Bugs-Fixed: 802036 Changes: vim-addon-manager (0.4.3ubuntu0.10.10.0) maverick-proposed; urgency=low . * Apply patch from Chris Lasher fixing incorrect handling in the remove command for ~/.vim being a symlink. Thanks, Chris! (LP: #802036) Checksums-Sha1: a8dcb8c6072956de9d8edf314b26c3693d1ec6bc 1107 vim-addon-manager_0.4.3ubuntu0.10.10.0.dsc 582abaf9ae0219589ebf013f2f23b09917c57526 12352 vim-addon-manager_0.4.3ubuntu0.10.10.0.tar.gz Checksums-Sha256: 6d18a9e0ba74ec09bcfd629e30bf08e8a11e16e4d0edb39bde2960c406be5465 1107 vim-addon-manager_0.4.3ubuntu0.10.10.0.dsc d93847b7e3d92c8fec7bff870ef40991683babf34a6c573630ca074a376918b0 12352 vim-addon-manager_0.4.3ubuntu0.10.10.0.tar.gz Files: 907881a609729df34d2272397596a2dd 1107 editors extra vim-addon-manager_0.4.3ubuntu0.10.10.0.dsc dadb766a263cb323e40b3c2430ebf9e4 12352 editors extra vim-addon-manager_0.4.3ubuntu0.10.10.0.tar.gz Original-Maintainer: Debian Vim Maintainers From serge.hallyn at ubuntu.com Fri Jul 22 17:41:17 2011 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Fri, 22 Jul 2011 17:41:17 -0000 Subject: [ubuntu/maverick-proposed] multipath-tools 0.4.8-14ubuntu4.10.10.2 (Accepted) Message-ID: <20110722174117.2760.94851.launchpad@chaenomeles.canonical.com> multipath-tools (0.4.8-14ubuntu4.10.10.2) maverick-proposed; urgency=high * Add patch to fix the expected pathname from multipath uevents (LP: #690387) Date: Thu, 21 Jul 2011 11:26:02 -0500 Changed-By: Serge Hallyn Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/maverick/+source/multipath-tools/0.4.8-14ubuntu4.10.10.2 -------------- next part -------------- Format: 1.8 Date: Thu, 21 Jul 2011 11:26:02 -0500 Source: multipath-tools Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb Architecture: source Version: 0.4.8-14ubuntu4.10.10.2 Distribution: maverick-proposed Urgency: high Maintainer: Ubuntu Core Developers Changed-By: Serge Hallyn Description: kpartx - create device mappings for partitions multipath-tools - maintain multipath block device access multipath-tools-boot - Support booting from multipath devices multipath-udeb - maintain multipath block device access (udeb) Launchpad-Bugs-Fixed: 690387 Changes: multipath-tools (0.4.8-14ubuntu4.10.10.2) maverick-proposed; urgency=high . * Add patch to fix the expected pathname from multipath uevents (LP: #690387) Checksums-Sha1: a39ea55bf260330ea9e323c3f17635db5aafb986 1798 multipath-tools_0.4.8-14ubuntu4.10.10.2.dsc 7137ae6721de0ba7f7c00654ea8daad6a031f9d4 28566 multipath-tools_0.4.8-14ubuntu4.10.10.2.diff.gz Checksums-Sha256: 505eb9ae08cf3b2c876acd167d29eab388759f3c0987eb43f987a95144f1ed83 1798 multipath-tools_0.4.8-14ubuntu4.10.10.2.dsc f7b9f3ec5295acc6d7f39fdc97bec94e371faa81a905c4a29326b67a60c043d1 28566 multipath-tools_0.4.8-14ubuntu4.10.10.2.diff.gz Files: 03a9cbccbb15f27178a88fdb179129d0 1798 admin extra multipath-tools_0.4.8-14ubuntu4.10.10.2.dsc 41e2741a4470529124c51e1368c83255 28566 admin extra multipath-tools_0.4.8-14ubuntu4.10.10.2.diff.gz Original-Maintainer: Debian LVM Team From marc.deslauriers at ubuntu.com Mon Jul 25 14:03:27 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 25 Jul 2011 14:03:27 -0000 Subject: [ubuntu/maverick-security] freetype 2.4.2-2ubuntu0.2 (Accepted) Message-ID: <20110725140327.16106.30190.launchpad@cocoplum.canonical.com> freetype (2.4.2-2ubuntu0.2) maverick-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted Type 1 font - debian/patches-freetype/CVE-2011-0226.patch: check for proper signedness in src/psaux/t1decode.c. - CVE-2011-0226 Date: Thu, 21 Jul 2011 14:02:47 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/freetype/2.4.2-2ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Thu, 21 Jul 2011 14:02:47 -0400 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source Version: 2.4.2-2ubuntu0.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.4.2-2ubuntu0.2) maverick-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted Type 1 font - debian/patches-freetype/CVE-2011-0226.patch: check for proper signedness in src/psaux/t1decode.c. - CVE-2011-0226 Checksums-Sha1: dde9ef295023e79f1e979a9f52c8a2187ae11420 1946 freetype_2.4.2-2ubuntu0.2.dsc fd5d96f9b807506a154404c5c4b4b65073f119aa 37425 freetype_2.4.2-2ubuntu0.2.diff.gz Checksums-Sha256: f667fc153c57d995068037139041deac827580e6dda97973b063b8a20b02b774 1946 freetype_2.4.2-2ubuntu0.2.dsc a11ea7a2d0096562782925af35babd046ce2ba7fda491677c9b0b8f82e844cb9 37425 freetype_2.4.2-2ubuntu0.2.diff.gz Files: 240a496864a4fe521c6e4810e3a15b82 1946 libs optional freetype_2.4.2-2ubuntu0.2.dsc 622d6206f0b9f5b8194d45c9bbe97648 37425 libs optional freetype_2.4.2-2ubuntu0.2.diff.gz Original-Maintainer: Steve Langasek From aboudreault at mapgears.com Mon Jul 25 18:03:45 2011 From: aboudreault at mapgears.com (Alan Boudreault) Date: Mon, 25 Jul 2011 18:03:45 -0000 Subject: [ubuntu/maverick-security] mapserver, mapserver_5.6.5-1ubuntu0.1_armel_translations.tar.gz, mapserver_5.6.5-1ubuntu0.1_powerpc_translations.tar.gz, mapserver_5.6.5-1ubuntu0.1_i386_translations.tar.gz, mapserver_5.6.5-1ubuntu0.1_amd64_translations.tar.gz 5.6.5-1ubuntu0.1 (Accepted) Message-ID: <20110725180345.4986.47809.launchpad@cocoplum.canonical.com> mapserver (5.6.5-1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: SQL Injection and buffer overflows (LP: #809133) - debian/patches/09_wfs_sql_injection.dpatch: Fix possible WFS SQL injection and buffer overflows in OGC Filter Encoding support. [http://trac.osgeo.org/mapserver/ticket/3874] [http://trac.osgeo.org/mapserver/ticket/3903] - CVE-2011-2703, CVE-2011-2704 Date: Tue, 12 Jul 2011 01:37:56 -0400 Changed-By: Alan Boudreault Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/mapserver/5.6.5-1ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Tue, 12 Jul 2011 01:37:56 -0400 Source: mapserver Binary: php5-mapscript perl-mapscript cgi-mapserver python-mapscript mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8 libmapscript-ruby1.9.1 Architecture: source Version: 5.6.5-1ubuntu0.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Alan Boudreault Description: cgi-mapserver - CGI executable for MapServer libmapscript-ruby - Ruby MapServer library libmapscript-ruby1.8 - Ruby MapServer library libmapscript-ruby1.9.1 - Ruby MapServer library mapserver-bin - MapServer utilities mapserver-doc - documentation for MapServer perl-mapscript - Perl MapServer library php5-mapscript - php5-cgi module for MapServer python-mapscript - Python library for MapServer Launchpad-Bugs-Fixed: 809133 Changes: mapserver (5.6.5-1ubuntu0.1) maverick-security; urgency=low . * SECURITY UPDATE: SQL Injection and buffer overflows (LP: #809133) - debian/patches/09_wfs_sql_injection.dpatch: Fix possible WFS SQL injection and buffer overflows in OGC Filter Encoding support. [http://trac.osgeo.org/mapserver/ticket/3874] [http://trac.osgeo.org/mapserver/ticket/3903] - CVE-2011-2703, CVE-2011-2704 Checksums-Sha1: fca82c7c79992e2cbb05e3c24fba713dd0c9e85f 2760 mapserver_5.6.5-1ubuntu0.1.dsc 3275dc902fb04812df1a04e9bc26bdef4bc9d6a3 29984 mapserver_5.6.5-1ubuntu0.1.diff.gz Checksums-Sha256: 2a8d1df1a9b78badb71985ed386f8ff1164eec79b268feeb73261d6ec35e0172 2760 mapserver_5.6.5-1ubuntu0.1.dsc 8605af574cb2e402e7e78cb70dd10b9e6ddd370b7a3e6c64854ed6ff36af2568 29984 mapserver_5.6.5-1ubuntu0.1.diff.gz Files: b01bf3ad725142c9b9079ea425740cd8 2760 devel optional mapserver_5.6.5-1ubuntu0.1.dsc 38b8dc322d7e700111ba73b537844d7b 29984 devel optional mapserver_5.6.5-1ubuntu0.1.diff.gz Original-Maintainer: Debian GIS Project From jamie at ubuntu.com Mon Jul 25 23:03:40 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Mon, 25 Jul 2011 23:03:40 -0000 Subject: [ubuntu/maverick-security] libsndfile 1.0.21-2ubuntu0.10.10.1 (Accepted) Message-ID: <20110725230340.19076.55322.launchpad@cocoplum.canonical.com> libsndfile (1.0.21-2ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: integer overflow leading to heap-based overflow - debian/CVE-2011-2696.patch: verify paf header length and paf channels - CVE-2011-2696 Date: Thu, 21 Jul 2011 15:33:45 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libsndfile/1.0.21-2ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 21 Jul 2011 15:33:45 -0500 Source: libsndfile Binary: libsndfile1-dev libsndfile1 sndfile-programs Architecture: source Version: 1.0.21-2ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dev - Development files for libsndfile; a library for reading/writing a sndfile-programs - Sample programs that use libsndfile Changes: libsndfile (1.0.21-2ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: integer overflow leading to heap-based overflow - debian/CVE-2011-2696.patch: verify paf header length and paf channels - CVE-2011-2696 Checksums-Sha1: 6b57fa55bf7b71ff85867b05565453997f2e538c 2027 libsndfile_1.0.21-2ubuntu0.10.10.1.dsc 543b7f36fab36617c495944e5a304cd67dd17709 10098 libsndfile_1.0.21-2ubuntu0.10.10.1.diff.gz Checksums-Sha256: 9e017d34754a691ce9a752a2eff209950d2e000cf80505e82977b5f804ef8987 2027 libsndfile_1.0.21-2ubuntu0.10.10.1.dsc e91a1ca86fca970394f25229991ef6167c6f6eed1557748478f56e856906f6a5 10098 libsndfile_1.0.21-2ubuntu0.10.10.1.diff.gz Files: 8f16e1a6e7fce02805cfe8e2684aa15c 2027 devel optional libsndfile_1.0.21-2ubuntu0.10.10.1.dsc 039d042349f4437d90d5ca0fdb217a35 10098 devel optional libsndfile_1.0.21-2ubuntu0.10.10.1.diff.gz Original-Maintainer: Erik de Castro Lopo From marc.deslauriers at ubuntu.com Tue Jul 26 17:04:04 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 26 Jul 2011 17:04:04 -0000 Subject: [ubuntu/maverick-security] libpng 1.2.44-1ubuntu0.1 (Accepted) Message-ID: <20110726170404.12828.30278.launchpad@cocoplum.canonical.com> libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: denial of service via error message data - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in pngerror.c. - CVE-2011-2501 * SECURITY UPDATE: denial of service and possible arbitrary code execution via crafted PNG image - debian/patches/03-CVE-2011-2690.patch: validate coefficients in pngrtran.c. - CVE-2011-2690 * SECURITY UPDATE: denial of service and possible arbitrary code execution via invalid sCAL chunks - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in pngrutil.c. - CVE-2011-2692 Date: Tue, 26 Jul 2011 08:31:17 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libpng/1.2.44-1ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Tue, 26 Jul 2011 08:31:17 -0400 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source Version: 1.2.44-1ubuntu0.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Changes: libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low . * SECURITY UPDATE: denial of service via error message data - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in pngerror.c. - CVE-2011-2501 * SECURITY UPDATE: denial of service and possible arbitrary code execution via crafted PNG image - debian/patches/03-CVE-2011-2690.patch: validate coefficients in pngrtran.c. - CVE-2011-2690 * SECURITY UPDATE: denial of service and possible arbitrary code execution via invalid sCAL chunks - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in pngrutil.c. - CVE-2011-2692 Checksums-Sha1: 22ffba24d975fa34c4648856a3f9c724a75758a9 1939 libpng_1.2.44-1ubuntu0.1.dsc 2d85e0a2783aa910393a07826147f22024845a04 16352 libpng_1.2.44-1ubuntu0.1.debian.tar.bz2 Checksums-Sha256: f472e2ad77adcf2aece906bf87adb77da2e629e6865eac0d6904c521ca6d0d38 1939 libpng_1.2.44-1ubuntu0.1.dsc 2097d7097db70256d301f02dfdf63fb9844c91e4c2f4d142ab2c71e692531154 16352 libpng_1.2.44-1ubuntu0.1.debian.tar.bz2 Files: d68bd2bcdb0e1805a9a7d7f71eaacfbc 1939 libs optional libpng_1.2.44-1ubuntu0.1.dsc 03b406aed4bc5501d27b69d2c0a8a2fc 16352 libs optional libpng_1.2.44-1ubuntu0.1.debian.tar.bz2 Original-Maintainer: Anibal Monsalve Salazar From jamie at ubuntu.com Tue Jul 26 22:03:45 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Tue, 26 Jul 2011 22:03:45 -0000 Subject: [ubuntu/maverick-security] dbus 1.4.0-0ubuntu1.3 (Accepted) Message-ID: <20110726220345.22210.39625.launchpad@cocoplum.canonical.com> dbus (1.4.0-0ubuntu1.3) maverick-security; urgency=low * SECURITY UPDATE: denial of service via messages with non-native byte order - debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c to verify header->data byte order and header->byte_order match in _dbus_header_byteswap() - CVE-2011-2200 Date: Fri, 22 Jul 2011 09:01:52 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/dbus/1.4.0-0ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Fri, 22 Jul 2011 09:01:52 -0500 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: source Version: 1.4.0-0ubuntu1.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: dbus - simple interprocess messaging system dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.4.0-0ubuntu1.3) maverick-security; urgency=low . * SECURITY UPDATE: denial of service via messages with non-native byte order - debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c to verify header->data byte order and header->byte_order match in _dbus_header_byteswap() - CVE-2011-2200 Checksums-Sha1: a8d6e2dd08006bc8fbb71320192e40a092adb7ee 2330 dbus_1.4.0-0ubuntu1.3.dsc 7d9d3ceceef09acc96dc1b1debcf9898ec037322 33906 dbus_1.4.0-0ubuntu1.3.debian.tar.gz Checksums-Sha256: b99d0165ea62ccd4b6841bb4480ecc06db129d39df360d9a744f7b40a393ecff 2330 dbus_1.4.0-0ubuntu1.3.dsc 2ec23cea5538e6a4020fea94c06bd948aa5791b87f88b4a0dadf592d249e8982 33906 dbus_1.4.0-0ubuntu1.3.debian.tar.gz Files: bea3810bffbef663cc5d639057fa0f09 2330 devel optional dbus_1.4.0-0ubuntu1.3.dsc b605f73377afee2ce75976e697eb8db6 33906 devel optional dbus_1.4.0-0ubuntu1.3.debian.tar.gz Original-Maintainer: Utopia Maintenance Team From jamie at ubuntu.com Wed Jul 27 16:03:53 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 27 Jul 2011 16:03:53 -0000 Subject: [ubuntu/maverick-security] qemu-kvm 0.12.5+noroms-0ubuntu7.10 (Accepted) Message-ID: <20110727160353.21181.84847.launchpad@cocoplum.canonical.com> qemu-kvm (0.12.5+noroms-0ubuntu7.10) maverick-security; urgency=low * SECURITY UPDATE: fix potential privilege escalation via improper group handling - debian/patches/CVE-2011-2527.patch: call initgroups() to drop supplementary group privileges - CVE-2011-2527 Date: Tue, 26 Jul 2011 08:03:24 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.10 -------------- next part -------------- Format: 1.8 Date: Tue, 26 Jul 2011 08:03:24 -0500 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.5+noroms-0ubuntu7.10 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Changes: qemu-kvm (0.12.5+noroms-0ubuntu7.10) maverick-security; urgency=low . * SECURITY UPDATE: fix potential privilege escalation via improper group handling - debian/patches/CVE-2011-2527.patch: call initgroups() to drop supplementary group privileges - CVE-2011-2527 Checksums-Sha1: dbe8c9a073518009d03b48ae32fa2fa04b923524 2187 qemu-kvm_0.12.5+noroms-0ubuntu7.10.dsc 6c6f84962ad41aeddaedf0a38f0ac813439697c2 66618 qemu-kvm_0.12.5+noroms-0ubuntu7.10.diff.gz Checksums-Sha256: d30746d4656785833bdac42804ba392fae5639de48fddcb38b818ce1189ecfb6 2187 qemu-kvm_0.12.5+noroms-0ubuntu7.10.dsc dcf9a2a379dc138717e87bc2adf4fe1950d679ebe60f5177f7f1c955e4307f12 66618 qemu-kvm_0.12.5+noroms-0ubuntu7.10.diff.gz Files: fe7191bab94de790f9bef71b367e1d6a 2187 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.10.dsc ac3d475c57786dc3a2a5dc6b76d8e054 66618 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.10.diff.gz From sbeattie at ubuntu.com Wed Jul 27 18:04:17 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Wed, 27 Jul 2011 18:04:17 -0000 Subject: [ubuntu/maverick-security] openjdk-6b18 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9 (Accepted) Message-ID: <20110727180417.1884.35009.launchpad@cocoplum.canonical.com> openjdk-6b18 (6b18-1.8.8-0ubuntu1~10.10.2+1.8.9) maverick-security; urgency=low * SECURITY UPDATE: information disclosure - IcedTea 1.8.9 release: + debian/patches/cache-directory-exposed-it6-1.9.patch: don't allow unsigned web start applications/applets determine the location of the netx cache directory + CVE-2011-2513 + applied inline due to no natty update (icedtea-web is separate there) * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: remove Override attributes per http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=764 Date: Mon, 25 Jul 2011 17:44:43 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/openjdk-6b18/6b18-1.8.8-0ubuntu1~10.10.2+1.8.9 -------------- next part -------------- Format: 1.8 Date: Mon, 25 Jul 2011 17:44:43 -0700 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Changes: openjdk-6b18 (6b18-1.8.8-0ubuntu1~10.10.2+1.8.9) maverick-security; urgency=low . * SECURITY UPDATE: information disclosure - IcedTea 1.8.9 release: + debian/patches/cache-directory-exposed-it6-1.9.patch: don't allow unsigned web start applications/applets determine the location of the netx cache directory + CVE-2011-2513 + applied inline due to no natty update (icedtea-web is separate there) * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: remove Override attributes per http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=764 Checksums-Sha1: 0e1e32855eac0102d2a9b445ec58722e7f052fc0 3142 openjdk-6b18_6b18-1.8.8-0ubuntu1~10.10.2+1.8.9.dsc 781cfa6cd69b8b7e5b2e080d63bf39d0cd5d7619 156196 openjdk-6b18_6b18-1.8.8-0ubuntu1~10.10.2+1.8.9.diff.gz Checksums-Sha256: 87cf0aabff506103bd2348e434d13ba73982bfa4828d402456caa87f27548b3e 3142 openjdk-6b18_6b18-1.8.8-0ubuntu1~10.10.2+1.8.9.dsc 1055f1fae67446fc8e71c341f000c18f6bde2c0ba92d628c30b24b3a1ef1982e 156196 openjdk-6b18_6b18-1.8.8-0ubuntu1~10.10.2+1.8.9.diff.gz Files: ba90c05906f8992d40f9c8d88205d05c 3142 java optional openjdk-6b18_6b18-1.8.8-0ubuntu1~10.10.2+1.8.9.dsc 7412cb51511c44b4ed27c7a0aa0003da 156196 java optional openjdk-6b18_6b18-1.8.8-0ubuntu1~10.10.2+1.8.9.diff.gz Original-Maintainer: OpenJDK Team From sbeattie at ubuntu.com Wed Jul 27 18:04:37 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Wed, 27 Jul 2011 18:04:37 -0000 Subject: [ubuntu/maverick-security] openjdk-6 6b20-1.9.9-0ubuntu1~10.10.2 (Accepted) Message-ID: <20110727180437.1884.43812.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.9-0ubuntu1~10.10.2) maverick-security; urgency=low * SECURITY UPDATE: information disclosure - IcedTea 1.9.9 release: + debian/patches/cache-directory-exposed-it6-1.9.patch: don't allow unsigned web start applications/applets determine the location of the netx cache directory + CVE-2011-2513 * drop debian/patches/hotspot-fix_added_define.patch: applied upstream Date: Thu, 21 Jul 2011 08:54:38 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/openjdk-6/6b20-1.9.9-0ubuntu1~10.10.2 -------------- next part -------------- Format: 1.8 Date: Thu, 21 Jul 2011 08:54:38 -0700 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.9-0ubuntu1~10.10.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.9-0ubuntu1~10.10.2) maverick-security; urgency=low . * SECURITY UPDATE: information disclosure - IcedTea 1.9.9 release: + debian/patches/cache-directory-exposed-it6-1.9.patch: don't allow unsigned web start applications/applets determine the location of the netx cache directory + CVE-2011-2513 * drop debian/patches/hotspot-fix_added_define.patch: applied upstream Checksums-Sha1: 132e4fbe32849d93e23b4c92f45379cbf033c30c 3115 openjdk-6_6b20-1.9.9-0ubuntu1~10.10.2.dsc 6ef51005c56a185da340cf82675b6ff6c08ab8cd 73285319 openjdk-6_6b20-1.9.9.orig.tar.gz 0ceb76db7674a90a0b23abba0163deaedbd37c50 135268 openjdk-6_6b20-1.9.9-0ubuntu1~10.10.2.diff.gz Checksums-Sha256: b00473d68882c4d26667fb911d89cfde93b081f667b5b2fa40281c54463b24aa 3115 openjdk-6_6b20-1.9.9-0ubuntu1~10.10.2.dsc b8c8f39a95dfd84ad7b9d84d7c6805eaf08992afb5be13f7a5ea1a1f28baa1c4 73285319 openjdk-6_6b20-1.9.9.orig.tar.gz b358e9699d46a6fd9142cc88d2a9b80b14ae24e9ad4afdb56f738bd3042a4c1a 135268 openjdk-6_6b20-1.9.9-0ubuntu1~10.10.2.diff.gz Files: 19b03124015751cdccd08ba424422c6b 3115 java optional openjdk-6_6b20-1.9.9-0ubuntu1~10.10.2.dsc b0a54a76423fd8f7abd9a22443c62465 73285319 java optional openjdk-6_6b20-1.9.9.orig.tar.gz 17a7d52b19c4164ce0f416b979a70d43 135268 java optional openjdk-6_6b20-1.9.9-0ubuntu1~10.10.2.diff.gz Original-Maintainer: OpenJDK Team From jamie at ubuntu.com Thu Jul 28 16:04:25 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 28 Jul 2011 16:04:25 -0000 Subject: [ubuntu/maverick-security] libvirt_0.8.3-1ubuntu19.1_powerpc_translations.tar.gz, libvirt_0.8.3-1ubuntu19.1_amd64_translations.tar.gz, libvirt_0.8.3-1ubuntu19.1_i386_translations.tar.gz, libvirt_0.8.3-1ubuntu19.1_armel_translations.tar.gz, libvirt 0.8.3-1ubuntu19.1 (Accepted) Message-ID: <20110728160425.16382.94728.launchpad@cocoplum.canonical.com> libvirt (0.8.3-1ubuntu19.1) maverick-security; urgency=low * SECURITY UPDATE: integer overflow in virDomainGetVcpus() - debian/patches/9031-CVE-2011-2511.patch: use INT_MULTIPLY_OVERFLOW() to verify maxinfo * maplen < REMOTE_CPUMAPS_MAX - CVE-2011-2511 Date: Tue, 26 Jul 2011 07:13:43 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libvirt/0.8.3-1ubuntu19.1 -------------- next part -------------- Format: 1.8 Date: Tue, 26 Jul 2011 07:13:43 -0500 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source Version: 0.8.3-1ubuntu19.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Changes: libvirt (0.8.3-1ubuntu19.1) maverick-security; urgency=low . * SECURITY UPDATE: integer overflow in virDomainGetVcpus() - debian/patches/9031-CVE-2011-2511.patch: use INT_MULTIPLY_OVERFLOW() to verify maxinfo * maplen < REMOTE_CPUMAPS_MAX - CVE-2011-2511 Checksums-Sha1: 2adbe934469bab492486a93cbb0317186e1895e4 2669 libvirt_0.8.3-1ubuntu19.1.dsc 589606b3ed8606a1d8abab25f64da2b9a9f355bb 73758 libvirt_0.8.3-1ubuntu19.1.debian.tar.gz Checksums-Sha256: b3aa456b27494b967fe6de5dcd59d8942d5875b604b5aa3b90f4d969a3774e4e 2669 libvirt_0.8.3-1ubuntu19.1.dsc 7307440b0a6531c436d922c2b81cd3755200c5e8c31ea494553f4d524a45de9e 73758 libvirt_0.8.3-1ubuntu19.1.debian.tar.gz Files: 24962f2e833e1eb7751b624a8ae91f75 2669 libs optional libvirt_0.8.3-1ubuntu19.1.dsc d0a766cd6d4b5ec5fd6378374d7d4eae 73758 libs optional libvirt_0.8.3-1ubuntu19.1.debian.tar.gz Original-Maintainer: Debian Libvirt Maintainers From jamie at ubuntu.com Thu Jul 28 23:03:37 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 28 Jul 2011 23:03:37 -0000 Subject: [ubuntu/maverick-security] libsoup2.4 2.31.92-0ubuntu1.1 (Accepted) Message-ID: <20110728230337.4344.99583.launchpad@cocoplum.canonical.com> libsoup2.4 (2.31.92-0ubuntu1.1) maverick-security; urgency=low * SECURITY UPDATE: directory traversal in SoupServer - debian/patches/91_CVE-2011-2524.patch: adjust libsoup/soup-server.c to properly verify path input - CVE-2011-2524 Date: Thu, 21 Jul 2011 12:36:32 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libsoup2.4/2.31.92-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Thu, 21 Jul 2011 12:36:32 -0500 Source: libsoup2.4 Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-dbg libsoup-gnome2.4-1 libsoup-gnome2.4-dev libsoup2.4-doc gir1.0-soup-2.4 Architecture: source Version: 2.31.92-0ubuntu1.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: gir1.0-soup-2.4 - GObject introspection data for the libsoup HTTP library libsoup-gnome2.4-1 - an HTTP library implementation in C -- GNOME support library libsoup-gnome2.4-dev - an HTTP library implementation in C -- GNOME support development libsoup2.4-1 - an HTTP library implementation in C -- Shared library libsoup2.4-dbg - an HTTP library implementation in C -- debugging symbols libsoup2.4-dev - an HTTP library implementation in C -- Development files libsoup2.4-doc - an HTTP library implementation in C -- API Reference Changes: libsoup2.4 (2.31.92-0ubuntu1.1) maverick-security; urgency=low . * SECURITY UPDATE: directory traversal in SoupServer - debian/patches/91_CVE-2011-2524.patch: adjust libsoup/soup-server.c to properly verify path input - CVE-2011-2524 Checksums-Sha1: 0864d4dce76f5b8af3b0f9251a685e7c290be778 2522 libsoup2.4_2.31.92-0ubuntu1.1.dsc 805d1a20d7c93c87322f2ef6ccf36ddfc4c6faca 52801 libsoup2.4_2.31.92-0ubuntu1.1.debian.tar.gz Checksums-Sha256: b42aa92d45ae8fca844bbdaebde6b7f280906d2ac645c8126adc5e1dcd67d7ce 2522 libsoup2.4_2.31.92-0ubuntu1.1.dsc 01d099976077a6a73aeab8dddd00dd1b35f9f11120c09b2c45a001e982a03a65 52801 libsoup2.4_2.31.92-0ubuntu1.1.debian.tar.gz Files: bb0c28d027b5c39f66dc8ee10e09c3bc 2522 devel optional libsoup2.4_2.31.92-0ubuntu1.1.dsc 49c5af8826e768dd70557b0a8f28e22a 52801 devel optional libsoup2.4_2.31.92-0ubuntu1.1.debian.tar.gz Original-Maintainer: Debian GNOME Maintainers From jamie at ubuntu.com Fri Jul 29 19:03:31 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 29 Jul 2011 19:03:31 -0000 Subject: [ubuntu/maverick-security] xml-security-c 1.5.1-3+squeeze1build0.10.10.1 (Accepted) Message-ID: <20110729190331.27829.3691.launchpad@cocoplum.canonical.com> xml-security-c (1.5.1-3+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian xml-security-c (1.5.1-3+squeeze1) stable-security; urgency=high * Apply upstream patch to fix buffer overflow when signing or verifying files with big asymmetric keys. (Closes: #632973, CVE-2011-2516) Date: Fri, 29 Jul 2011 08:32:29 -0500 Changed-By: Jamie Strandboge Maintainer: Debian Shib Team https://launchpad.net/ubuntu/maverick/+source/xml-security-c/1.5.1-3+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 29 Jul 2011 08:32:29 -0500 Source: xml-security-c Binary: libxml-security-c15 libxml-security-c-dev Architecture: source Version: 1.5.1-3+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Debian Shib Team Changed-By: Jamie Strandboge Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c15 - C++ library for XML Digital Signatures (runtime) Closes: 632973 Changes: xml-security-c (1.5.1-3+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . xml-security-c (1.5.1-3+squeeze1) stable-security; urgency=high . * Apply upstream patch to fix buffer overflow when signing or verifying files with big asymmetric keys. (Closes: #632973, CVE-2011-2516) Checksums-Sha1: 0b3bab90b2feb46e12e5ba4a34e27517f83bbc89 2069 xml-security-c_1.5.1-3+squeeze1build0.10.10.1.dsc 35b2f5918b08b773497051a6bc6492be46875360 8097 xml-security-c_1.5.1-3+squeeze1build0.10.10.1.diff.gz Checksums-Sha256: 496fdb4a8a0f6e9ef035ca97a83872cc4c5f652c85c202538a686aafaf84d74c 2069 xml-security-c_1.5.1-3+squeeze1build0.10.10.1.dsc 7926a01a104d7d03994d906788a6251243a4c43c9b43e4e61e4709ce2bb45ee0 8097 xml-security-c_1.5.1-3+squeeze1build0.10.10.1.diff.gz Files: 1ac62d9f10a4ff219d6ff3f824fdc41b 2069 libs extra xml-security-c_1.5.1-3+squeeze1build0.10.10.1.dsc b13663eff703ca60324ea75ee1827ea0 8097 libs extra xml-security-c_1.5.1-3+squeeze1build0.10.10.1.diff.gz From jamie at ubuntu.com Fri Jul 29 19:03:41 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 29 Jul 2011 19:03:41 -0000 Subject: [ubuntu/maverick-security] wireshark_1.2.11-6+squeeze2build0.10.10.1_powerpc_translations.tar.gz, wireshark_1.2.11-6+squeeze2build0.10.10.1_i386_translations.tar.gz, wireshark_1.2.11-6+squeeze2build0.10.10.1_armel_translations.tar.gz, wireshark_1.2.11-6+squeeze2build0.10.10.1_amd64_translations.tar.gz, wireshark 1.2.11-6+squeeze2build0.10.10.1 (Accepted) Message-ID: <20110729190341.27829.45504.launchpad@cocoplum.canonical.com> wireshark (1.2.11-6+squeeze2build0.10.10.1) maverick-security; urgency=low * fake sync from Debian wireshark (1.2.11-6+squeeze2) stable-security; urgency=high * security fixes from Wireshark 1.2.16: - The X.509if dissector could crash. (CVE-2011-1590) * security fixes from Wireshark 1.2.17 (Closes: #630159): - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. (CVE-2011-1958) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) Date: Fri, 29 Jul 2011 08:51:23 -0500 Changed-By: Jamie Strandboge Maintainer: Balint Reczey https://launchpad.net/ubuntu/maverick/+source/wireshark/1.2.11-6+squeeze2build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 29 Jul 2011 08:51:23 -0500 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg Architecture: source Version: 1.2.11-6+squeeze2build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Balint Reczey Changed-By: Jamie Strandboge Description: tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools Closes: 630159 Changes: wireshark (1.2.11-6+squeeze2build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . wireshark (1.2.11-6+squeeze2) stable-security; urgency=high . * security fixes from Wireshark 1.2.16: - The X.509if dissector could crash. (CVE-2011-1590) . * security fixes from Wireshark 1.2.17 (Closes: #630159): - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. (CVE-2011-1958) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) Checksums-Sha1: 33cec0169c9b1cbec9da12d3e30c7796a9ac6761 2443 wireshark_1.2.11-6+squeeze2build0.10.10.1.dsc 5ad7adb3d7dbd504322c638f1b5086852305950b 75086 wireshark_1.2.11-6+squeeze2build0.10.10.1.debian.tar.gz Checksums-Sha256: 3eba248208caab38a8a83b40a7d2453708dc8b43a89f75fa804f7c3f60ec8be9 2443 wireshark_1.2.11-6+squeeze2build0.10.10.1.dsc d2009bf91f647704fa805c3c888fea5aaf12666daa247595bb351e02c9e65873 75086 wireshark_1.2.11-6+squeeze2build0.10.10.1.debian.tar.gz Files: 54c9ba01a71ed54479502ee8dfc8eb42 2443 net optional wireshark_1.2.11-6+squeeze2build0.10.10.1.dsc 8faa670a2c9f3ef399b524ec5a8a5b95 75086 net optional wireshark_1.2.11-6+squeeze2build0.10.10.1.debian.tar.gz From jamie at ubuntu.com Fri Jul 29 19:03:57 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 29 Jul 2011 19:03:57 -0000 Subject: [ubuntu/maverick-security] opensaml2 2.3-2+squeeze1build0.10.10.1 (Accepted) Message-ID: <20110729190357.27829.99511.launchpad@cocoplum.canonical.com> opensaml2 (2.3-2+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian opensaml2 (2.3-2+squeeze1) stable-security; urgency=high * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a remote, unauthenticated attacker to craft messages that can be successfully verified but contain arbitrary content. This may allow an attacker to subvert the security of software using OpenSAML and supply an unauthenticated login identity and data under the guise of a trusted issuer. (CVE-2011-1411) Date: Fri, 29 Jul 2011 08:58:00 -0500 Changed-By: Jamie Strandboge Maintainer: Debian Shib Team https://launchpad.net/ubuntu/maverick/+source/opensaml2/2.3-2+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 29 Jul 2011 08:58:00 -0500 Source: opensaml2 Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: source Version: 2.3-2+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Debian Shib Team Changed-By: Jamie Strandboge Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml6 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.3-2+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . opensaml2 (2.3-2+squeeze1) stable-security; urgency=high . * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a remote, unauthenticated attacker to craft messages that can be successfully verified but contain arbitrary content. This may allow an attacker to subvert the security of software using OpenSAML and supply an unauthenticated login identity and data under the guise of a trusted issuer. (CVE-2011-1411) Checksums-Sha1: 5d280f64571e04ecc93cbf4e060ff86ba30e2c30 2176 opensaml2_2.3-2+squeeze1build0.10.10.1.dsc b7b26146c6ae575568638b11e8cf338cab3eb22f 8990 opensaml2_2.3-2+squeeze1build0.10.10.1.diff.gz Checksums-Sha256: c8f05e4050e3daf6234d0339460cb07b4dde40c23c43b9f45666c46f8a1a2e52 2176 opensaml2_2.3-2+squeeze1build0.10.10.1.dsc afa7ccb6410385abd2501e5d288ffbdde8ed6a74963af3191c5bcd32c396c567 8990 opensaml2_2.3-2+squeeze1build0.10.10.1.diff.gz Files: e03b37b1ea793f2177bfad7f160724f9 2176 libs extra opensaml2_2.3-2+squeeze1build0.10.10.1.dsc a3d1035564ac66cee66934a153e9b4dd 8990 libs extra opensaml2_2.3-2+squeeze1build0.10.10.1.diff.gz From jamie at ubuntu.com Fri Jul 29 19:04:03 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 29 Jul 2011 19:04:03 -0000 Subject: [ubuntu/maverick-security] libapache2-mod-authnz-external 3.2.4-2+squeeze1build0.10.10.1 (Accepted) Message-ID: <20110729190403.27829.59215.launchpad@cocoplum.canonical.com> libapache2-mod-authnz-external (3.2.4-2+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian libapache2-mod-authnz-external (3.2.4-2+squeeze1) stable-security; urgency=high * Non-maintainer upload by the security team * Fix SQL injection via $user parameter (Closes: #633637) Fixes: CVE-2011-2688 Date: Fri, 29 Jul 2011 08:54:16 -0500 Changed-By: Jamie Strandboge Maintainer: Hai Zaar https://launchpad.net/ubuntu/maverick/+source/libapache2-mod-authnz-external/3.2.4-2+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 29 Jul 2011 08:54:16 -0500 Source: libapache2-mod-authnz-external Binary: libapache2-mod-authnz-external Architecture: source Version: 3.2.4-2+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Hai Zaar Changed-By: Jamie Strandboge Description: libapache2-mod-authnz-external - authenticate Apache against external authentication services Closes: 633637 Changes: libapache2-mod-authnz-external (3.2.4-2+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . libapache2-mod-authnz-external (3.2.4-2+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix SQL injection via $user parameter (Closes: #633637) Fixes: CVE-2011-2688 Checksums-Sha1: e5bbb65ffe35d464511e5b485283fb8569b6c62c 1938 libapache2-mod-authnz-external_3.2.4-2+squeeze1build0.10.10.1.dsc 154e244516a14a2ff8f45c5dcaf1bfc18cc3cc36 3687 libapache2-mod-authnz-external_3.2.4-2+squeeze1build0.10.10.1.diff.gz Checksums-Sha256: cbdc6e587e04acf0389a486cab36a4f18ff58f794e0b4e9e3ff9b2a4c0947f48 1938 libapache2-mod-authnz-external_3.2.4-2+squeeze1build0.10.10.1.dsc 9cdcc99c90bc70abffc651267033a936df3bd47db325de9885f81367f3e13240 3687 libapache2-mod-authnz-external_3.2.4-2+squeeze1build0.10.10.1.diff.gz Files: e2de0a8d09ac9b8f67898c249b8b96d2 1938 web optional libapache2-mod-authnz-external_3.2.4-2+squeeze1build0.10.10.1.dsc 5f6d6ddf1f5277c953de5d4424f319b2 3687 web optional libapache2-mod-authnz-external_3.2.4-2+squeeze1build0.10.10.1.diff.gz