From gary.lasker at canonical.com Tue Oct 4 05:46:22 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Tue, 04 Oct 2011 05:46:22 -0000 Subject: [ubuntu/maverick-proposed] tzdata 2011k-0ubuntu0.10.10 (Accepted) Message-ID: <20111004054622.3959.15763.launchpad@wampee.canonical.com> tzdata (2011k-0ubuntu0.10.10) maverick-proposed; urgency=low * New upstream release 2011k: (LP: #865750) - Palestine suspends DST during Ramadan in 2011 - Gaza and Hebron split in 2011, leading to a new Asia/Hebron zone - Belarus adopts permanent DST in 2011 - Ukraine adopts permanent DST in 2011 * debian/control: update maintainer fields Date: Mon, 03 Oct 2011 22:11:02 -0400 Changed-By: Gary Lasker Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/tzdata/2011k-0ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Mon, 03 Oct 2011 22:11:02 -0400 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011k-0ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 865750 Changes: tzdata (2011k-0ubuntu0.10.10) maverick-proposed; urgency=low . * New upstream release 2011k: (LP: #865750) - Palestine suspends DST during Ramadan in 2011 - Gaza and Hebron split in 2011, leading to a new Asia/Hebron zone - Belarus adopts permanent DST in 2011 - Ukraine adopts permanent DST in 2011 * debian/control: update maintainer fields Checksums-Sha1: 9825eff2e5f5e35a6456113040eb90c5a034b7ba 1909 tzdata_2011k-0ubuntu0.10.10.dsc 56f0847a10eaea672be19984b4b403e29631c98b 199725 tzdata_2011k.orig.tar.gz 84eba62b2800fd719167c1b5ba9228db6feff75b 250898 tzdata_2011k-0ubuntu0.10.10.debian.tar.gz Checksums-Sha256: 9f8240d38c7e8b0f182ef7e4b7df73f4d567316cb4d9dcc7595a47ae04f60c19 1909 tzdata_2011k-0ubuntu0.10.10.dsc 51f7d2a42b7fb9465feced642a6676afdf8b04a071e55f3fef1f0925bd67ef21 199725 tzdata_2011k.orig.tar.gz fd5bc3227c5ba4a634c9728899174088dfbde30d389b62e7d2daaf670be3a8b7 250898 tzdata_2011k-0ubuntu0.10.10.debian.tar.gz Files: 560b6cf0bbe589369511b602e81d15dd 1909 libs required tzdata_2011k-0ubuntu0.10.10.dsc 9da1c2d4d1a01f9f504b73ccd371830f 199725 libs required tzdata_2011k.orig.tar.gz 9946d21f9a60751ae9f69dcd82dca575 250898 libs required tzdata_2011k-0ubuntu0.10.10.debian.tar.gz Original-Maintainer: GNU Libc Maintainers From marc.deslauriers at ubuntu.com Tue Oct 4 20:03:41 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 04 Oct 2011 20:03:41 -0000 Subject: [ubuntu/maverick-security] cifs-utils 2:4.5-2ubuntu0.10.10.1 (Accepted) Message-ID: <20111004200341.28769.98830.launchpad@cocoplum.canonical.com> cifs-utils (2:4.5-2ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: mtab corruption via resource limits - debian/patches/CVE-2011-1678.patch: truncate mtab file if updating it failed in mount.cifs.c, mount.h, mtab.c. - CVE-2011-1678 * SECURITY UPDATE: mtab corruption via incorrect new line check - debian/patches/CVE-2011-2724.patch: check proper return codes in mount.cifs.c. - CVE-2011-2724 Date: Fri, 30 Sep 2011 12:02:47 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/cifs-utils/2:4.5-2ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 30 Sep 2011 12:02:47 -0400 Source: cifs-utils Binary: cifs-utils smbfs Architecture: source Version: 2:4.5-2ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: cifs-utils - Common Internet File System utilities smbfs - Common Internet File System utilities - compatibility package Changes: cifs-utils (2:4.5-2ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: mtab corruption via resource limits - debian/patches/CVE-2011-1678.patch: truncate mtab file if updating it failed in mount.cifs.c, mount.h, mtab.c. - CVE-2011-1678 * SECURITY UPDATE: mtab corruption via incorrect new line check - debian/patches/CVE-2011-2724.patch: check proper return codes in mount.cifs.c. - CVE-2011-2724 Checksums-Sha1: e6d445e3aa932817905e21e73b9e72b5c6c05f6e 2217 cifs-utils_4.5-2ubuntu0.10.10.1.dsc 70aa2577eb48f30525ef8fc47c45a99bed894796 6813 cifs-utils_4.5-2ubuntu0.10.10.1.debian.tar.gz Checksums-Sha256: 4322374b8a9a2d415cd99cad6855ed0244adf34f9c32bfce0c64915b60107fda 2217 cifs-utils_4.5-2ubuntu0.10.10.1.dsc a2530dc17eecc7c9af27d38f42e6aba472617b3a7c4e7f1f5d13a7ad428d64a8 6813 cifs-utils_4.5-2ubuntu0.10.10.1.debian.tar.gz Files: 3307ccf3cfade5143476cab3602fc682 2217 otherosfs optional cifs-utils_4.5-2ubuntu0.10.10.1.dsc e3ae0ca798d8555e4b7d52c5b001e77d 6813 otherosfs optional cifs-utils_4.5-2ubuntu0.10.10.1.debian.tar.gz Original-Maintainer: Debian Samba Maintainers From brian.thomason at canonical.com Thu Oct 6 16:10:23 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Thu, 06 Oct 2011 16:10:23 -0000 Subject: [ubuntu/maverick] adobe-flashplugin 11.0.1.152-0maverick1 (Accepted) Message-ID: <20111006161023.31954.57180.launchpad@cocoplum.canonical.com> adobe-flashplugin (11.0.1.152-0maverick1) maverick; urgency=low * Initial release of 11.0.1.152 for Maverick Date: Thu, 06 Oct 2011 11:53:12 -0400 Changed-By: Brian Thomason Maintainer: DL-Flash Player Ubuntu https://launchpad.net/ubuntu/maverick/+source/adobe-flashplugin/11.0.1.152-0maverick1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 06 Oct 2011 11:53:12 -0400 Source: adobe-flashplugin Binary: adobe-flashplugin adobe-flash-properties-gtk adobe-flash-properties-kde Architecture: source Version: 11.0.1.152-0maverick1 Distribution: maverick Urgency: low Maintainer: DL-Flash Player Ubuntu Changed-By: Brian Thomason Description: adobe-flash-properties-gtk - GTK+ control panel for Adobe Flash Player plugin version 10 adobe-flash-properties-kde - KDE control panel Adobe Flash Player plugin version 10 adobe-flashplugin - Adobe Flash Player plugin version 10 Changes: adobe-flashplugin (11.0.1.152-0maverick1) maverick; urgency=low . * Initial release of 11.0.1.152 for Maverick Checksums-Sha1: 55c86874459d7433fe61afc89c4a6cac13842fc7 1272 adobe-flashplugin_11.0.1.152-0maverick1.dsc 593d661bf9f969838cae60ded973a71ebbe7e8f2 4681 adobe-flashplugin_11.0.1.152-0maverick1.diff.gz Checksums-Sha256: 98b36757d70eba36edabd82a5bee91c41efa5122dc5276f2a0cb82f00d49655d 1272 adobe-flashplugin_11.0.1.152-0maverick1.dsc 659532ec072f822b40298c3dd9b43c44daec37c7663db9d7c7940bd3d7598e20 4681 adobe-flashplugin_11.0.1.152-0maverick1.diff.gz Files: c16adee5f87d87924ef1a3be624b7e90 1272 partner/web optional adobe-flashplugin_11.0.1.152-0maverick1.dsc 5fb49cbc4391c3bb4b942042d958ee65 4681 partner/web optional adobe-flashplugin_11.0.1.152-0maverick1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk6NzwQACgkQOb4zNfJqN5dyCgCfbBhcXTzxuCUMQCTMXB25fpsK 98QAn3yUMn9M58jRslfvz4ud1Q2OmTrQ =6mGf -----END PGP SIGNATURE----- From marc.deslauriers at ubuntu.com Sat Oct 8 15:03:22 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Sat, 08 Oct 2011 15:03:22 -0000 Subject: [ubuntu/maverick-security] flashplugin-nonfree, flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1_amd64_translations.tar.gz, flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1_i386_translations.tar.gz 11.0.1.152ubuntu0.10.10.1 (Accepted) Message-ID: <20111008150322.19239.20320.launchpad@cocoplum.canonical.com> flashplugin-nonfree (11.0.1.152ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release 11.0.1.152 (LP: #868545) - debian/{config,postinst}: Updated sha256sums and version. Date: Fri, 07 Oct 2011 21:38:17 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/flashplugin-nonfree/11.0.1.152ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 07 Oct 2011 21:38:17 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 11.0.1.152ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Launchpad-Bugs-Fixed: 868545 Changes: flashplugin-nonfree (11.0.1.152ubuntu0.10.10.1) maverick-security; urgency=low . * New upstream release 11.0.1.152 (LP: #868545) - debian/{config,postinst}: Updated sha256sums and version. Checksums-Sha1: 413de5a9f6a30a49a2001107dde12f21e80675ad 1635 flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1.dsc e1622646627a86ee879a3de9ddd45969435a1cf2 27598 flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1.tar.gz Checksums-Sha256: 8e6b721afbce2c63ea57658b6c05d6ac678e972c0b2677f5dbd75c5874002d41 1635 flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1.dsc 698396b683e81b6f590bbc4bb3a0e35bd804c3d6366d1c2e34a8fa5e7f31e19f 27598 flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1.tar.gz Files: 9fb2a6aa018c2b729550a2524a80ad8d 1635 contrib/web optional flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1.dsc 07cea015c9af66acdd6f9f29fbe81403 27598 contrib/web optional flashplugin-nonfree_11.0.1.152ubuntu0.10.10.1.tar.gz Original-Maintainer: Bart Martens From q-funk at ubuntu.com Tue Oct 11 07:34:56 2011 From: q-funk at ubuntu.com (Martin-Eric Racine) Date: Tue, 11 Oct 2011 07:34:56 -0000 Subject: [ubuntu/maverick-proposed] cups-pdf 2.5.0-17ubuntu1~maverick1 (Accepted) Message-ID: <20111011073456.13773.64269.launchpad@wampee.canonical.com> cups-pdf (2.5.0-17ubuntu1~maverick1) maverick-proposed; urgency=low * Maintenance release to the 2.5.0 branch for Ubuntu Lucid and Maverick. Backports many maintainer script features to foolproof the installation and removal processes, per feedback from Martin Pitt and Till Kamppeter. * Hand-picked fixes from 2.5.1-5 and 2.5.1-7 packaging: + Modified the force-reload loop in [postinst|prerm|postrm] to end with ||: rather than with ||true for consistency with other maintainer commands. + Added a wait loop in [postinst|prerm|postrm] to ensure that CUPS reloaded. + Added 'cupsenable' and 'cupsaccept' steps in [postinst] to ensure that the PDF queue is up and running before we can manipulate it. (LP: #805947) + Added 'cupsdisable' and 'cupsreject' steps in [prerm|postrm] to match. * Hand-picked fixes from 2.5.1-3 packaging: + Remove the superfluous -E option to the queue creation loop in [postinst]. This was unnecessary to access localhost plus it sometimes makes automated installs fail. (Closes: #614713,#539156). + Implemented a CUPS queue purging loop in [postrm] to remove all traces of CUPS-PDF in the CUPS configuration after a package purge. (LP: #573667) + Enforced -h localhost usage in [prerm] for [postinst/postrm] consistency. + Bumped Standards-Version to 3.9.2 (no change required). * Reverted LFS support from 2.5.0-17 in [debian/rules] since it never made it to any stable distro. It remains in the 2.5.1 branch for those who need it. Date: Sun, 25 Sep 2011 13:58:30 +0300 Changed-By: Martin-Éric Racine Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/cups-pdf/2.5.0-17ubuntu1~maverick1 -------------- next part -------------- Format: 1.8 Date: Sun, 25 Sep 2011 13:58:30 +0300 Source: cups-pdf Binary: cups-pdf Architecture: source Version: 2.5.0-17ubuntu1~maverick1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Martin-Éric Racine Description: cups-pdf - PDF printer for CUPS Closes: 539156 614713 Launchpad-Bugs-Fixed: 573667 805947 Changes: cups-pdf (2.5.0-17ubuntu1~maverick1) maverick-proposed; urgency=low . * Maintenance release to the 2.5.0 branch for Ubuntu Lucid and Maverick. Backports many maintainer script features to foolproof the installation and removal processes, per feedback from Martin Pitt and Till Kamppeter. * Hand-picked fixes from 2.5.1-5 and 2.5.1-7 packaging: + Modified the force-reload loop in [postinst|prerm|postrm] to end with ||: rather than with ||true for consistency with other maintainer commands. + Added a wait loop in [postinst|prerm|postrm] to ensure that CUPS reloaded. + Added 'cupsenable' and 'cupsaccept' steps in [postinst] to ensure that the PDF queue is up and running before we can manipulate it. (LP: #805947) + Added 'cupsdisable' and 'cupsreject' steps in [prerm|postrm] to match. * Hand-picked fixes from 2.5.1-3 packaging: + Remove the superfluous -E option to the queue creation loop in [postinst]. This was unnecessary to access localhost plus it sometimes makes automated installs fail. (Closes: #614713,#539156). + Implemented a CUPS queue purging loop in [postrm] to remove all traces of CUPS-PDF in the CUPS configuration after a package purge. (LP: #573667) + Enforced -h localhost usage in [prerm] for [postinst/postrm] consistency. + Bumped Standards-Version to 3.9.2 (no change required). * Reverted LFS support from 2.5.0-17 in [debian/rules] since it never made it to any stable distro. It remains in the 2.5.1 branch for those who need it. Checksums-Sha1: 9fe45a0b6dd4445bddf9c0d2c066456306cf24f7 1144 cups-pdf_2.5.0-17ubuntu1~maverick1.dsc b11582d0dd21671b8f7adceddc2190765e9c8be0 13299 cups-pdf_2.5.0-17ubuntu1~maverick1.diff.gz Checksums-Sha256: c186792f373359b89b231ddaa793c2aa54ad65474c34f714ffaa6cab20b69402 1144 cups-pdf_2.5.0-17ubuntu1~maverick1.dsc 4bb95f23b43de45f712444eccafe7ec47ca0d276af2cb1b92aea743e14638063 13299 cups-pdf_2.5.0-17ubuntu1~maverick1.diff.gz Files: 73eeaf14c8faecc0e46c35a525776d2e 1144 graphics optional cups-pdf_2.5.0-17ubuntu1~maverick1.dsc 21dc96feefebbf4c5b13005a7080dd92 13299 graphics optional cups-pdf_2.5.0-17ubuntu1~maverick1.diff.gz From bigras.bruno at gmail.com Tue Oct 11 07:36:53 2011 From: bigras.bruno at gmail.com (Bruno Bigras) Date: Tue, 11 Oct 2011 07:36:53 -0000 Subject: [ubuntu/maverick-proposed] lfm 2.2-1ubuntu0.10.10.1 (Accepted) Message-ID: <20111011073653.23500.29088.launchpad@chaenomeles.canonical.com> lfm (2.2-1ubuntu0.10.10.1) maverick-proposed; urgency=low * Fix a crash at startup, because of UnicodeDecodeError (LP: #786491) Date: Sat, 17 Sep 2011 22:19:56 -0400 Changed-By: Bruno Bigras Maintainer: Ubuntu Developers Signed-By: Daniel Holbach https://launchpad.net/ubuntu/maverick/+source/lfm/2.2-1ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Sat, 17 Sep 2011 22:19:56 -0400 Source: lfm Binary: lfm Architecture: source Version: 2.2-1ubuntu0.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Bruno Bigras Description: lfm - simple but powerful file manager for the UNIX console Launchpad-Bugs-Fixed: 786491 Changes: lfm (2.2-1ubuntu0.10.10.1) maverick-proposed; urgency=low . * Fix a crash at startup, because of UnicodeDecodeError (LP: #786491) Checksums-Sha1: 7a0c5846606900264ea247288e19a805de6adb46 1217 lfm_2.2-1ubuntu0.10.10.1.dsc 682eb67e854067978cd9def7806731f7b32d8c1c 212586 lfm_2.2-1ubuntu0.10.10.1.debian.tar.gz Checksums-Sha256: ff28d6b68dd99efb7e6a29c9100af93c30b7c9ee7d72997e317f2c2547debc02 1217 lfm_2.2-1ubuntu0.10.10.1.dsc 29c61655b5b8668e0779a10bd9b868e337522f309c96491858b8ff1344fe54a2 212586 lfm_2.2-1ubuntu0.10.10.1.debian.tar.gz Files: 6142aa5d97ffd425ec3d3130d77b21f4 1217 utils optional lfm_2.2-1ubuntu0.10.10.1.dsc fe70a02e8dce02158566c5e91f0d15bd 212586 utils optional lfm_2.2-1ubuntu0.10.10.1.debian.tar.gz Original-Maintainer: Chris Silva From kees at ubuntu.com Tue Oct 11 07:36:28 2011 From: kees at ubuntu.com (Kees Cook) Date: Tue, 11 Oct 2011 07:36:28 -0000 Subject: [ubuntu/maverick-proposed] gdb 7.2-1ubuntu3.1 (Accepted) Message-ID: <20111011073628.23401.7724.launchpad@chaenomeles.canonical.com> gdb (7.2-1ubuntu3.1) maverick-proposed; urgency=low * Add support to "gcore" command for executables with GNU_RELRO sections (Debian bug 606667, LP: #680588). Date: Fri, 16 Sep 2011 11:17:31 -0700 Changed-By: Kees Cook Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/gdb/7.2-1ubuntu3.1 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Sep 2011 11:17:31 -0700 Source: gdb Binary: gdb gdb64 gdbserver libgdb-dev gdb-source Architecture: source Version: 7.2-1ubuntu3.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Kees Cook Description: gdb - The GNU Debugger gdb-source - The GNU Debugger (source) gdb64 - The GNU Debugger (64-bit) gdbserver - The GNU Debugger (remote server) libgdb-dev - The GNU Debugger (libgdb.a) Launchpad-Bugs-Fixed: 680588 Changes: gdb (7.2-1ubuntu3.1) maverick-proposed; urgency=low . * Add support to "gcore" command for executables with GNU_RELRO sections (Debian bug 606667, LP: #680588). Checksums-Sha1: fba6bf9a8763ce20a4293a7fc957b4a7190c5a33 2717 gdb_7.2-1ubuntu3.1.dsc af96112ebe55f531a284815e9f432ee39d5fb94f 56422 gdb_7.2-1ubuntu3.1.debian.tar.gz Checksums-Sha256: da81b22f43be1854fab535d75d4088057c1930d7619c45615226d07160eea03f 2717 gdb_7.2-1ubuntu3.1.dsc d6723e2d9d8b83a1cb99d550207709afde30055fbd3dba99b1b75e44047c9849 56422 gdb_7.2-1ubuntu3.1.debian.tar.gz Files: a1c64658251ad8562f9e6d20db096553 2717 devel optional gdb_7.2-1ubuntu3.1.dsc ffa1e69889ecaa7e9cf1fa2cfb3362da 56422 devel optional gdb_7.2-1ubuntu3.1.debian.tar.gz Original-Maintainer: Daniel Jacobowitz From debfx-pkg at fobos.de Wed Oct 12 20:03:28 2011 From: debfx-pkg at fobos.de (Felix Geyer) Date: Wed, 12 Oct 2011 20:03:28 -0000 Subject: [ubuntu/maverick-security] rails 2.3.5-1.1ubuntu0.1 (Accepted) Message-ID: <20111012200328.26927.18007.launchpad@cocoplum.canonical.com> rails (2.3.5-1.1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch from Debian and fix Debian bug #629067 by replacing .html_safe with html_escape() - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - Add CVE-2011-2930.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - Add CVE-2011-2931.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - Add CVE-2011-2932.patch, backported from upstream - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - Add CVE-2011-3186.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 Date: Wed, 12 Oct 2011 18:48:13 +0200 Changed-By: Felix Geyer Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/rails/2.3.5-1.1ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Wed, 12 Oct 2011 18:48:13 +0200 Source: rails Binary: rails rails-ruby1.8 rails-doc libactiverecord-ruby libactiverecord-ruby1.8 libactiverecord-ruby1.9.1 libactivesupport-ruby libactivesupport-ruby1.8 libactivesupport-ruby1.9.1 libactionpack-ruby libactionpack-ruby1.8 libactionmailer-ruby libactionmailer-ruby1.8 libactiveresource-ruby libactiveresource-ruby1.8 Architecture: source Version: 2.3.5-1.1ubuntu0.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Felix Geyer Description: libactionmailer-ruby - Framework for generation of customized email messages libactionmailer-ruby1.8 - Framework for generation of customized email messages libactionpack-ruby - Controller and View framework used by Rails libactionpack-ruby1.8 - Controller and View framework used by Rails libactiverecord-ruby - ORM database interface for ruby libactiverecord-ruby1.8 - ORM database interface for ruby libactiverecord-ruby1.9.1 - ORM database interface for ruby libactiveresource-ruby - Connects objects and REST web services libactiveresource-ruby1.8 - Connects objects and REST web services libactivesupport-ruby - utility classes and extensions (Ruby 1.8) libactivesupport-ruby1.8 - utility classes and extensions (Ruby 1.8) libactivesupport-ruby1.9.1 - utility classes and extensions (Ruby 1.8) rails - MVC ruby based framework geared for web application development rails-doc - Documentation for rails, a MVC ruby based framework rails-ruby1.8 - MVC ruby based framework geared for web application development Launchpad-Bugs-Fixed: 870846 Changes: rails (2.3.5-1.1ubuntu0.1) maverick-security; urgency=low . * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch from Debian and fix Debian bug #629067 by replacing .html_safe with html_escape() - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - Add CVE-2011-2930.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - Add CVE-2011-2931.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - Add CVE-2011-2932.patch, backported from upstream - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - Add CVE-2011-3186.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 Checksums-Sha1: df45499fc6186a59ce480591c61e760cdcf0cc17 2410 rails_2.3.5-1.1ubuntu0.1.dsc 317789e5990ec542c0af5990aeade0c0c439ec16 23726 rails_2.3.5-1.1ubuntu0.1.debian.tar.gz Checksums-Sha256: b1607aa1585d9b3c876bf9662e15260a293729a7af7e13d311464175fe6bfcf9 2410 rails_2.3.5-1.1ubuntu0.1.dsc 4251a9960b0ac6e6f8135eabc731fa0ff896b993063f99238cc54c8173a14d41 23726 rails_2.3.5-1.1ubuntu0.1.debian.tar.gz Files: b94ee65d1a7d0c438934c0b37f4f6cd3 2410 ruby optional rails_2.3.5-1.1ubuntu0.1.dsc 644f0c960fac5223c9d0e508606fce26 23726 ruby optional rails_2.3.5-1.1ubuntu0.1.debian.tar.gz Original-Maintainer: Adam Majer From martin.pitt at ubuntu.com Thu Oct 13 13:05:29 2011 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 13 Oct 2011 13:05:29 -0000 Subject: [ubuntu/maverick-security] postgresql-8.4, postgresql-8.4_8.4.9-0ubuntu0.10.10_i386_translations.tar.gz, postgresql-8.4_8.4.9-0ubuntu0.10.10_amd64_translations.tar.gz, postgresql-8.4_8.4.9-0ubuntu0.10.10_powerpc_translations.tar.gz, postgresql-8.4_8.4.9-0ubuntu0.10.10_armel_translations.tar.gz 8.4.9-0ubuntu0.10.10 (Accepted) Message-ID: <20111013130529.502.5594.launchpad@cocoplum.canonical.com> postgresql-8.4 (8.4.9-0ubuntu0.10.10) maverick-security; urgency=low * New upstream bug fix/security release: (LP: #866049) - Fix bugs in indexing of in-doubt HOT-updated tuples. These bugs could result in index corruption after reindexing a system catalog. They are not believed to affect user indexes. - Fix multiple bugs in GiST index page split processing. The probability of occurrence was low, but these could lead to index corruption. - Fix possible buffer overrun in tsvector_concat(). The function could underestimate the amount of memory needed for its result, leading to server crashes. - Fix crash in xml_recv when processing a "standalone" parameter. - Make pg_options_to_table return NULL for an option with no value. Previously such cases would result in a server crash. - Avoid possibly accessing off the end of memory in "ANALYZE" and in SJIS-2004 encoding conversion. This fixes some very-low-probability server crash scenarios. - Prevent intermittent hang in interactions of startup process with bgwriter process. This affected recovery in non-hot-standby cases. - Fix race condition in relcache init file invalidation. There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically "could not read block 0 in file ..." later during startup. - Fix memory leak at end of a GiST index scan. Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. - Fix incorrect memory accounting (leading to possible memory bloat) in tuplestores supporting holdable cursors and plpgsql's RETURN NEXT command. - Fix performance problem when constructing a large, lossy bitmap. - Fix join selectivity estimation for unique columns. This fixes an erroneous planner heuristic that could lead to poor estimates of the result size of a join. - Fix nested PlaceHolderVar expressions that appear only in sub-select target lists. This mistake could result in outputs of an outer join incorrectly appearing as NULL. - Allow nested EXISTS queries to be optimized properly. - Fix array- and path-creating functions to ensure padding bytes are zeroes. This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan subplans. The usual symptom of this oversight was "bogus varno" errors. - Work around gcc 4.6.0 bug that breaks WAL replay. This could lead to loss of committed transactions after a server crash. - Fix dump bug for VALUES in a view. - Disallow SELECT FOR UPDATE/SHARE on sequences. This operation doesn't work as expected and can lead to failures. - Fix "VACUUM" so that it always updates pg_class.reltuples/relpages. This fixes some scenarios where autovacuum could make increasingly poor decisions about when to vacuum tables. - Defend against integer overflow when computing size of a hash table. - Fix cases where "CLUSTER" might attempt to access already-removed TOAST data. - Fix portability bugs in use of credentials control messages for "peer" authentication. - Fix SSPI login when multiple roundtrips are required. The typical symptom of this problem was "The function requested is not supported" errors during SSPI login. - Throw an error if "pg_hba.conf" contains hostssl but SSL is disabled. This was concluded to be more user-friendly than the previous behavior of silently ignoring such lines. - Fix typo in pg_srand48 seed initialization. This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. - Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63. - Add overflow checks to int4 and int8 versions of generate_series(). - Fix trailing-zero removal in to_char(). In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63. - Weaken plpgsql's check for typmod matching in record values. An overly enthusiastic check could lead to discarding length modifiers that should have been kept. - Fix pg_upgrade to preserve toast tables' relfrozenxids during an upgrade from 8.3. Failure to do this could lead to "pg_clog" files being removed too soon after the upgrade. - Fix psql's counting of script file line numbers during COPY from a different file. - Fix pg_restore's direct-to-database mode for standard_conforming_strings. pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. - Be more user-friendly about unsupported cases for parallel pg_restore. This change ensures that such cases are detected and reported before any restore actions have been taken. - Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code. - In libpq, avoid failures when using nonblocking I/O and an SSL connection. - Improve libpq's handling of failures during connection startup. In particular, the response to a server report of fork() failure during SSL connection startup is now saner. - Improve libpq's error reporting for SSL failures. - Fix PQsetvalue() to avoid possible crash when adding a new tuple to a PGresult originally obtained from a server query. - Make ecpglib write double values with 15 digits precision. - In ecpglib, be sure LC_NUMERIC setting is restored after an error. - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) (Closes: #631285) "contrib/pg_crypto"'s blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. - Fix memory leak in "contrib/seg". - Fix pgstatindex() to give consistent results for empty indexes. - Allow building with perl 5.14. (Closes: #628503) Date: Tue, 04 Oct 2011 12:26:42 +0200 Changed-By: Martin Pitt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/postgresql-8.4/8.4.9-0ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Tue, 04 Oct 2011 12:26:42 +0200 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.9-0ubuntu0.10.10 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Closes: 628503 631285 Launchpad-Bugs-Fixed: 866049 Changes: postgresql-8.4 (8.4.9-0ubuntu0.10.10) maverick-security; urgency=low . * New upstream bug fix/security release: (LP: #866049) - Fix bugs in indexing of in-doubt HOT-updated tuples. These bugs could result in index corruption after reindexing a system catalog. They are not believed to affect user indexes. - Fix multiple bugs in GiST index page split processing. The probability of occurrence was low, but these could lead to index corruption. - Fix possible buffer overrun in tsvector_concat(). The function could underestimate the amount of memory needed for its result, leading to server crashes. - Fix crash in xml_recv when processing a "standalone" parameter. - Make pg_options_to_table return NULL for an option with no value. Previously such cases would result in a server crash. - Avoid possibly accessing off the end of memory in "ANALYZE" and in SJIS-2004 encoding conversion. This fixes some very-low-probability server crash scenarios. - Prevent intermittent hang in interactions of startup process with bgwriter process. This affected recovery in non-hot-standby cases. - Fix race condition in relcache init file invalidation. There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically "could not read block 0 in file ..." later during startup. - Fix memory leak at end of a GiST index scan. Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. - Fix incorrect memory accounting (leading to possible memory bloat) in tuplestores supporting holdable cursors and plpgsql's RETURN NEXT command. - Fix performance problem when constructing a large, lossy bitmap. - Fix join selectivity estimation for unique columns. This fixes an erroneous planner heuristic that could lead to poor estimates of the result size of a join. - Fix nested PlaceHolderVar expressions that appear only in sub-select target lists. This mistake could result in outputs of an outer join incorrectly appearing as NULL. - Allow nested EXISTS queries to be optimized properly. - Fix array- and path-creating functions to ensure padding bytes are zeroes. This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan subplans. The usual symptom of this oversight was "bogus varno" errors. - Work around gcc 4.6.0 bug that breaks WAL replay. This could lead to loss of committed transactions after a server crash. - Fix dump bug for VALUES in a view. - Disallow SELECT FOR UPDATE/SHARE on sequences. This operation doesn't work as expected and can lead to failures. - Fix "VACUUM" so that it always updates pg_class.reltuples/relpages. This fixes some scenarios where autovacuum could make increasingly poor decisions about when to vacuum tables. - Defend against integer overflow when computing size of a hash table. - Fix cases where "CLUSTER" might attempt to access already-removed TOAST data. - Fix portability bugs in use of credentials control messages for "peer" authentication. - Fix SSPI login when multiple roundtrips are required. The typical symptom of this problem was "The function requested is not supported" errors during SSPI login. - Throw an error if "pg_hba.conf" contains hostssl but SSL is disabled. This was concluded to be more user-friendly than the previous behavior of silently ignoring such lines. - Fix typo in pg_srand48 seed initialization. This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. - Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63. - Add overflow checks to int4 and int8 versions of generate_series(). - Fix trailing-zero removal in to_char(). In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63. - Weaken plpgsql's check for typmod matching in record values. An overly enthusiastic check could lead to discarding length modifiers that should have been kept. - Fix pg_upgrade to preserve toast tables' relfrozenxids during an upgrade from 8.3. Failure to do this could lead to "pg_clog" files being removed too soon after the upgrade. - Fix psql's counting of script file line numbers during COPY from a different file. - Fix pg_restore's direct-to-database mode for standard_conforming_strings. pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. - Be more user-friendly about unsupported cases for parallel pg_restore. This change ensures that such cases are detected and reported before any restore actions have been taken. - Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code. - In libpq, avoid failures when using nonblocking I/O and an SSL connection. - Improve libpq's handling of failures during connection startup. In particular, the response to a server report of fork() failure during SSL connection startup is now saner. - Improve libpq's error reporting for SSL failures. - Fix PQsetvalue() to avoid possible crash when adding a new tuple to a PGresult originally obtained from a server query. - Make ecpglib write double values with 15 digits precision. - In ecpglib, be sure LC_NUMERIC setting is restored after an error. - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) (Closes: #631285) "contrib/pg_crypto"'s blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. - Fix memory leak in "contrib/seg". - Fix pgstatindex() to give consistent results for empty indexes. - Allow building with perl 5.14. (Closes: #628503) Checksums-Sha1: 7b5452809568451745580355e8d6d133c9737202 2621 postgresql-8.4_8.4.9-0ubuntu0.10.10.dsc 08e2a6f939e221437f8cfcc044f0f29210e43a78 17853113 postgresql-8.4_8.4.9.orig.tar.gz 6e72dd4b36eeba3d42e14cf5c8f7db713480f584 44732 postgresql-8.4_8.4.9-0ubuntu0.10.10.diff.gz Checksums-Sha256: 121a70d66a63c7078b2f0094b10e94dc3acfa026e0a50cb2e5b14c539645b9d7 2621 postgresql-8.4_8.4.9-0ubuntu0.10.10.dsc d23ab8edf48f7e058ddc8ef2d97159a0da37c328061bc287255288868d781a57 17853113 postgresql-8.4_8.4.9.orig.tar.gz 8460bc7da114ab644a8d3fde3e5506cafb76c909ddee003e5bc264498e78e7db 44732 postgresql-8.4_8.4.9-0ubuntu0.10.10.diff.gz Files: fe7cd0a2a3ecb84b94eaead2e503bf44 2621 database optional postgresql-8.4_8.4.9-0ubuntu0.10.10.dsc 7f69c8bb6b7994cbd863685a2d65f4db 17853113 database optional postgresql-8.4_8.4.9.orig.tar.gz 2bbe2f7d6111a1ad1eef00ced59b7425 44732 database optional postgresql-8.4_8.4.9-0ubuntu0.10.10.diff.gz Original-Maintainer: Martin Pitt From brian.thomason at canonical.com Thu Oct 13 15:42:16 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Thu, 13 Oct 2011 15:42:16 -0000 Subject: [ubuntu/maverick] acroread 9.4.2.0-0maverick1 (Accepted) Message-ID: <20111013154216.7219.30967.launchpad@cocoplum.canonical.com> acroread (9.4.2.0-0maverick1) maverick; urgency=low * Initial release of new language builds for Maverick Date: Thu, 13 Oct 2011 11:35:01 -0400 Changed-By: Brian Thomason https://launchpad.net/ubuntu/maverick/+source/acroread/9.4.2.0-0maverick1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 13 Oct 2011 11:35:01 -0400 Source: acroread Binary: acroread adobereader-deu adobereader-fra adobereader-jpn acroread-common Architecture: source Version: 9.4.2.0-0maverick1 Distribution: maverick Urgency: low Maintainer: Brian Thomason Changed-By: Brian Thomason Description: acroread - Adobe Reader acroread-common - Adobe Reader - Common Files adobereader-deu - Adobe Reader adobereader-fra - Adobe Reader adobereader-jpn - Adobe Reader Changes: acroread (9.4.2.0-0maverick1) maverick; urgency=low . * Initial release of new language builds for Maverick Checksums-Sha1: 7be297a6bfa508ac643997a11fac3130b5b1f8a8 1303 acroread_9.4.2.0-0maverick1.dsc 34dc084755717ad8d8136788cc8883465321ca1f 18375 acroread_9.4.2.0-0maverick1.diff.gz Checksums-Sha256: d36bc16367aa756ad49e9dcb21f904dd6b0ab03fb75f17cd2eef1378a1ae1875 1303 acroread_9.4.2.0-0maverick1.dsc e08df8479fe00d7c2804356a7fba61f6a603d2cbbd8a89ea42a9bb6b0cda0c89 18375 acroread_9.4.2.0-0maverick1.diff.gz Files: 26114e67683ed15157a65f3742254ccd 1303 partner/text extra acroread_9.4.2.0-0maverick1.dsc 73f5e844f8552984340aa99390ad76c9 18375 partner/text extra acroread_9.4.2.0-0maverick1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6XBVEACgkQOb4zNfJqN5dTCwCdGT+TNOVq05sLwKUS5j6YqSmT GFwAniwH8JbXAMX+YE3c7uX3z/gof7yy =6vtw -----END PGP SIGNATURE----- From debfx-pkg at fobos.de Fri Oct 14 04:04:04 2011 From: debfx-pkg at fobos.de (Felix Geyer) Date: Fri, 14 Oct 2011 04:04:04 -0000 Subject: [ubuntu/maverick-security] quassel_0.7.1-0ubuntu1.2_i386_translations.tar.gz, quassel_0.7.1-0ubuntu1.2_armel_translations.tar.gz, quassel_0.7.1-0ubuntu1.2_powerpc_translations.tar.gz, quassel, quassel_0.7.1-0ubuntu1.2_amd64_translations.tar.gz 0.7.1-0ubuntu1.2 (Accepted) Message-ID: <20111014040404.31179.28013.launchpad@cocoplum.canonical.com> quassel (0.7.1-0ubuntu1.2) maverick-security; urgency=low * SECURITY UPDATE: data and log dir are world-readable (LP: #846922) - Set permissions of /var/lib/quassel and /var/log/quassel to 750. - Set permissions of /var/lib/quassel/quasselCert.pem to 640. Date: Wed, 12 Oct 2011 23:48:38 +0200 Changed-By: Felix Geyer Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/quassel/0.7.1-0ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Wed, 12 Oct 2011 23:48:38 +0200 Source: quassel Binary: quassel quassel-client quassel-core quassel-qt4 quassel-client-qt4 quassel-data quassel-dbg Architecture: source Version: 0.7.1-0ubuntu1.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Felix Geyer Description: quassel - KDE/Qt-based IRC client quassel-client - distributed, KDE/Qt-based IRC client - client component quassel-client-qt4 - distributed, Qt based IRC client - client component (no KDE depen quassel-core - distributed, KDE/Qt-based IRC client - core/server component quassel-data - distributed, KDE/Qt-based IRC client - data files quassel-dbg - distributed, KDE/Qt-based IRC client - debugging symbols quassel-qt4 - Qt-based IRC client (no KDE dependencies) Launchpad-Bugs-Fixed: 846922 Changes: quassel (0.7.1-0ubuntu1.2) maverick-security; urgency=low . * SECURITY UPDATE: data and log dir are world-readable (LP: #846922) - Set permissions of /var/lib/quassel and /var/log/quassel to 750. - Set permissions of /var/lib/quassel/quasselCert.pem to 640. Checksums-Sha1: 53f828578abf491931b6947ab2f0ccbc577ad71d 2158 quassel_0.7.1-0ubuntu1.2.dsc fe9e896dac32b4429ca394c4e723ebdf67e2449e 18627 quassel_0.7.1-0ubuntu1.2.debian.tar.gz Checksums-Sha256: 9e1b1ecbde0c3fd54ade71e2901ad7f28dfe23a781b34ca84b673e8b9dcb2864 2158 quassel_0.7.1-0ubuntu1.2.dsc 0de364ae24ff3631b2461fc736bfa2ac43dd0555f025850ff1f4f41f8dd50f90 18627 quassel_0.7.1-0ubuntu1.2.debian.tar.gz Files: 68e52d111a8dd8d6515f4a8e9858f6f4 2158 net optional quassel_0.7.1-0ubuntu1.2.dsc cc0d0bb518539624bd622406f7e02c24 18627 net optional quassel_0.7.1-0ubuntu1.2.debian.tar.gz Original-Maintainer: Harald Sitter From sbeattie at ubuntu.com Mon Oct 17 22:05:31 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 17 Oct 2011 22:05:31 -0000 Subject: [ubuntu/maverick-security] php5_5.3.3-1ubuntu9.6_amd64_translations.tar.gz, php5, php5_5.3.3-1ubuntu9.6_powerpc_translations.tar.gz, php5_5.3.3-1ubuntu9.6_i386_translations.tar.gz, php5_5.3.3-1ubuntu9.6_armel_translations.tar.gz 5.3.3-1ubuntu9.6 (Accepted) Message-ID: <20111017220531.29516.43758.launchpad@cocoplum.canonical.com> php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low [ Angel Abad ] * SECURITY UPDATE: File path injection vulnerability in RFC1867 File upload filename (LP: #813115) - debian/patches/php5-CVE-2011-2202.patch: - CVE-2011-2202 * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 [ Steve Beattie ] * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing on invalid flags - debian/patches/php5-CVE-2011-1657.patch: check for valid flags - CVE-2011-1657 * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit (non-ascii) passwords leading to a smaller collision space - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish to 1.2 to correct handling of passwords containing 8-bit (non-ascii) characters. CVE-2011-2483 * SECURITY UPDATE: DoS due to failure to check for memory allocation errors - debian/patches/php5-CVE-2011-3182.patch: check the return values of the malloc, calloc, and realloc functions - CVE-2011-3182 * SECURITY UPDATE: DoS in errorlog() when passed NULL - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in errorlog() - CVE-2011-3267 Date: Thu, 13 Oct 2011 13:56:23 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/php5/5.3.3-1ubuntu9.6 -------------- next part -------------- Format: 1.8 Date: Thu, 13 Oct 2011 13:56:23 -0700 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.3-1ubuntu9.6 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 813110 813115 Changes: php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low . [ Angel Abad ] * SECURITY UPDATE: File path injection vulnerability in RFC1867 File upload filename (LP: #813115) - debian/patches/php5-CVE-2011-2202.patch: - CVE-2011-2202 * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 . [ Steve Beattie ] * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing on invalid flags - debian/patches/php5-CVE-2011-1657.patch: check for valid flags - CVE-2011-1657 * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit (non-ascii) passwords leading to a smaller collision space - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish to 1.2 to correct handling of passwords containing 8-bit (non-ascii) characters. CVE-2011-2483 * SECURITY UPDATE: DoS due to failure to check for memory allocation errors - debian/patches/php5-CVE-2011-3182.patch: check the return values of the malloc, calloc, and realloc functions - CVE-2011-3182 * SECURITY UPDATE: DoS in errorlog() when passed NULL - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in errorlog() - CVE-2011-3267 Checksums-Sha1: a36d5ebb9943f39d9ec3515a690c8edee11149d2 3268 php5_5.3.3-1ubuntu9.6.dsc a21f88835e8b71b10c256d1ded1744c0ca45889a 241233 php5_5.3.3-1ubuntu9.6.diff.gz Checksums-Sha256: 92ddfcace0f7e887c93527700a0a07325295334543e4a937b28f0564753ca8a8 3268 php5_5.3.3-1ubuntu9.6.dsc eeba36ecced5c3a1c2a1f36fff288f1df486bfb336395c42873e40a3a629b86c 241233 php5_5.3.3-1ubuntu9.6.diff.gz Files: 3c3cd80b561e3744d50afc69079935d0 3268 php optional php5_5.3.3-1ubuntu9.6.dsc 594b11fc8d29d6d0ec50198dadcce98b 241233 php optional php5_5.3.3-1ubuntu9.6.diff.gz Original-Maintainer: Debian PHP Maintainers From stgraber at ubuntu.com Mon Oct 17 22:23:33 2011 From: stgraber at ubuntu.com (Stephane Graber) Date: Mon, 17 Oct 2011 22:23:33 -0000 Subject: [ubuntu/maverick-proposed] nagios-nrpe 2.12-4ubuntu1.10.10.1 (Accepted) Message-ID: <20111017222333.8139.8896.launchpad@chaenomeles.canonical.com> nagios-nrpe (2.12-4ubuntu1.10.10.1) maverick-proposed; urgency=low * Use pidfile for start-stop-daemon and fix pidfile deletion (LP: #600941) Date: Fri, 14 Oct 2011 10:32:51 +0100 Changed-By: Stéphane Graber Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/nagios-nrpe/2.12-4ubuntu1.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 14 Oct 2011 10:32:51 +0100 Source: nagios-nrpe Binary: nagios-nrpe-server nagios-nrpe-plugin Architecture: source Version: 2.12-4ubuntu1.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Stéphane Graber Description: nagios-nrpe-plugin - Nagios Remote Plugin Executor Plugin nagios-nrpe-server - Nagios Remote Plugin Executor Server Launchpad-Bugs-Fixed: 600941 Changes: nagios-nrpe (2.12-4ubuntu1.10.10.1) maverick-proposed; urgency=low . * Use pidfile for start-stop-daemon and fix pidfile deletion (LP: #600941) Checksums-Sha1: ea06a746d5ae8ed1c0deddd75ca409c16b967010 2033 nagios-nrpe_2.12-4ubuntu1.10.10.1.dsc c683cc0c194ad8a7be923d1f580e6a5c5a126bab 10263 nagios-nrpe_2.12-4ubuntu1.10.10.1.diff.gz Checksums-Sha256: 5bd544306d0cbc6bd8539e50bf24e35512901e912bf38bddcaecdd0f7bcc90f7 2033 nagios-nrpe_2.12-4ubuntu1.10.10.1.dsc 7e5f4eecb300c73d5803152224cf5ea5a1a5719dd401189a2ecaefc4c520a60c 10263 nagios-nrpe_2.12-4ubuntu1.10.10.1.diff.gz Files: 559c4e6456b4c2149e3278ab3a27f000 2033 net optional nagios-nrpe_2.12-4ubuntu1.10.10.1.dsc 5b632e5e63e2d87c4b071520cf70b4ae 10263 net optional nagios-nrpe_2.12-4ubuntu1.10.10.1.diff.gz Original-Maintainer: Debian Nagios Maintainer Group From marc.deslauriers at ubuntu.com Tue Oct 18 16:04:48 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 18 Oct 2011 16:04:48 -0000 Subject: [ubuntu/maverick-security] xorg-server 2:1.9.0-0ubuntu7.5 (Accepted) Message-ID: <20111018160448.20604.34721.launchpad@cocoplum.canonical.com> xorg-server (2:1.9.0-0ubuntu7.5) maverick-security; urgency=low * SECURITY UPDATE: file existence disclosure - debian/patches/210_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW in os/utils.c. - CVE-2011-4028 * SECURITY UPDATE: privilege escalation via file permission change - debian/patches/211_CVE-2011-4029.patch: use fchmod to prevent race in os/utils.c. - CVE-2011-4029 * SECURITY UPDATE: denial of service and possible code execution via incorrect input sanitization - debian/patches/212_CVE-2010-4818.patch: validate sizes and arguments in glx/{glxcmds,glxcmdsswap,xfont}.c. - CVE-2010-4818 Date: Fri, 14 Oct 2011 06:00:40 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu X-SWAT https://launchpad.net/ubuntu/maverick/+source/xorg-server/2:1.9.0-0ubuntu7.5 -------------- next part -------------- Format: 1.8 Date: Fri, 14 Oct 2011 06:00:40 -0400 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source Version: 2:1.9.0-0ubuntu7.5 Distribution: maverick-security Urgency: low Maintainer: Ubuntu X-SWAT Changed-By: Marc Deslauriers Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:1.9.0-0ubuntu7.5) maverick-security; urgency=low . * SECURITY UPDATE: file existence disclosure - debian/patches/210_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW in os/utils.c. - CVE-2011-4028 * SECURITY UPDATE: privilege escalation via file permission change - debian/patches/211_CVE-2011-4029.patch: use fchmod to prevent race in os/utils.c. - CVE-2011-4029 * SECURITY UPDATE: denial of service and possible code execution via incorrect input sanitization - debian/patches/212_CVE-2010-4818.patch: validate sizes and arguments in glx/{glxcmds,glxcmdsswap,xfont}.c. - CVE-2010-4818 Checksums-Sha1: c5fcdc9444de8d01cfbca27495c40276271b4ba1 4181 xorg-server_1.9.0-0ubuntu7.5.dsc 0cf99418e15770d55e0901fb971060e9c6c2366a 423393 xorg-server_1.9.0-0ubuntu7.5.diff.gz Checksums-Sha256: eb92a83d5771d3c6d6f162be448b48a97f4d2b7bc6ef7325d38cb97f6f4e0130 4181 xorg-server_1.9.0-0ubuntu7.5.dsc a478323a2ae52846f074c083320ea113b91f0aa448ec3f6719c01bfd82e7d066 423393 xorg-server_1.9.0-0ubuntu7.5.diff.gz Files: 1fc916f54b971edfb122c6ef9f239e8f 4181 x11 optional xorg-server_1.9.0-0ubuntu7.5.dsc 61cf72b85bec4e4f4c3993cd5e39a45d 423393 x11 optional xorg-server_1.9.0-0ubuntu7.5.diff.gz Original-Maintainer: Debian X Strike Force From sbeattie at ubuntu.com Tue Oct 18 22:04:08 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Tue, 18 Oct 2011 22:04:08 -0000 Subject: [ubuntu/maverick-security] krb5, krb5_1.8.1+dfsg-5ubuntu0.8_amd64_translations.tar.gz, krb5_1.8.1+dfsg-5ubuntu0.8_i386_translations.tar.gz, krb5_1.8.1+dfsg-5ubuntu0.8_armel_translations.tar.gz, krb5_1.8.1+dfsg-5ubuntu0.8_powerpc_translations.tar.gz 1.8.1+dfsg-5ubuntu0.8 (Accepted) Message-ID: <20111018220408.24909.75183.launchpad@cocoplum.canonical.com> krb5 (1.8.1+dfsg-5ubuntu0.8) maverick-security; urgency=low * SECURITY UPDATE: fix multiple kdc DoS issues: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert and return when db is locked + applied inline from upstream - CVE-2011-1528 and CVE-2011-1529 - MITKRB5-SA-2011-006 Date: Tue, 11 Oct 2011 06:52:39 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/krb5/1.8.1+dfsg-5ubuntu0.8 -------------- next part -------------- Format: 1.8 Date: Tue, 11 Oct 2011 06:52:39 -0700 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.8.1+dfsg-5ubuntu0.8 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.8.1+dfsg-5ubuntu0.8) maverick-security; urgency=low . * SECURITY UPDATE: fix multiple kdc DoS issues: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert and return when db is locked + applied inline from upstream - CVE-2011-1528 and CVE-2011-1529 - MITKRB5-SA-2011-006 Checksums-Sha1: cb7830f336af1b30a33e44e2bc82f7d70b238cef 2323 krb5_1.8.1+dfsg-5ubuntu0.8.dsc 76a088dc41ab49d7f9296fe899533b7318faac5f 135961 krb5_1.8.1+dfsg-5ubuntu0.8.diff.gz Checksums-Sha256: 086d11dd789f9d3c15e5f2c4fc3ea9915cdecbd35dafbba3d1c3085934952140 2323 krb5_1.8.1+dfsg-5ubuntu0.8.dsc c48f8496646868fa10d5d53ff595870e2b7e2c75ef916f529e01334930d0c8ed 135961 krb5_1.8.1+dfsg-5ubuntu0.8.diff.gz Files: 67d137a7ce144c94e3da889af4de0161 2323 net standard krb5_1.8.1+dfsg-5ubuntu0.8.dsc 37d467c96342f60cd3e1edb4be2a03ce 135961 net standard krb5_1.8.1+dfsg-5ubuntu0.8.diff.gz Original-Maintainer: Sam Hartman From gary.lasker at canonical.com Wed Oct 19 05:21:59 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Wed, 19 Oct 2011 05:21:59 -0000 Subject: [ubuntu/maverick-proposed] tzdata 2011l-0ubuntu0.10.10 (Accepted) Message-ID: <20111019052159.17558.94041.launchpad@soybean.canonical.com> tzdata (2011l-0ubuntu0.10.10) maverick-proposed; urgency=low * New upstream release 2011l: (LP: #876090) - Fiji adopts DST for 2011 (effective Oct 23rd, 2011) - West Bank changes date for DST end in 2011 to Sep 30th Date: Mon, 17 Oct 2011 16:29:26 -0400 Changed-By: Gary Lasker Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/tzdata/2011l-0ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Mon, 17 Oct 2011 16:29:26 -0400 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011l-0ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 876090 Changes: tzdata (2011l-0ubuntu0.10.10) maverick-proposed; urgency=low . * New upstream release 2011l: (LP: #876090) - Fiji adopts DST for 2011 (effective Oct 23rd, 2011) - West Bank changes date for DST end in 2011 to Sep 30th Checksums-Sha1: 90c02f64c9e2f798b5919ff92d6c32f779da73b1 1909 tzdata_2011l-0ubuntu0.10.10.dsc c6740ec9645b78750e2109b6d42cd283e16988d7 203374 tzdata_2011l.orig.tar.gz d92e0475581f3d0383daa411c7a354c40104bd47 251047 tzdata_2011l-0ubuntu0.10.10.debian.tar.gz Checksums-Sha256: 900c68a1b6674a2743d036d26c86bc3de3cd032d191ba0f85e84c4d34f41510a 1909 tzdata_2011l-0ubuntu0.10.10.dsc cb9fec68a19c9c3b900bb71f3ca20d0051a863f765387b52fc2d144a5bbb0c7d 203374 tzdata_2011l.orig.tar.gz f70eeac5025de3568d3af41b45353a52c397a8e23a0f551e8718f766b7977b17 251047 tzdata_2011l-0ubuntu0.10.10.debian.tar.gz Files: 11dd1c615232229016b2948f884e3d38 1909 libs required tzdata_2011l-0ubuntu0.10.10.dsc bae1b93673e1aef80186c90dfd493f1c 203374 libs required tzdata_2011l.orig.tar.gz 8886fcab9068a2ccc7b3a292fb3d9e1f 251047 libs required tzdata_2011l-0ubuntu0.10.10.debian.tar.gz Original-Maintainer: GNU Libc Maintainers From sbeattie at ubuntu.com Wed Oct 19 20:14:59 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Wed, 19 Oct 2011 20:14:59 -0000 Subject: [ubuntu/maverick-security] cyrus-imapd-2.2, cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1_armel_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1_powerpc_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1_i386_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1_amd64_translations.tar.gz 2.2.13-19squeeze2build0.10.10.1 (Accepted) Message-ID: <20111019201459.7654.91879.launchpad@cocoplum.canonical.com> cyrus-imapd-2.2 (2.2.13-19squeeze2build0.10.10.1) maverick-security; urgency=low * fake sync from Debian cyrus-imapd-2.2 (2.2.13-19+squeeze2) stable-security; urgency=low * Update Vcs-* and Homepage * Fix stack-based buffer overflow in the split_wildmats function in nntpd.c (CVE-2011-3208) * Fix for authentication bypass in nntpd (SA46093) Date: Tue, 18 Oct 2011 22:17:13 -0700 Changed-By: Steve Beattie Maintainer: Debian Cyrus Team https://launchpad.net/ubuntu/maverick/+source/cyrus-imapd-2.2/2.2.13-19squeeze2build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Tue, 18 Oct 2011 22:17:13 -0700 Source: cyrus-imapd-2.2 Binary: cyrus-common-2.2 cyrus-doc-2.2 cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-admin-2.2 cyrus-murder-2.2 cyrus-nntpd-2.2 cyrus-clients-2.2 cyrus-dev-2.2 libcyrus-imap-perl22 Architecture: source Version: 2.2.13-19squeeze2build0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Debian Cyrus Team Changed-By: Steve Beattie Description: cyrus-admin-2.2 - Cyrus mail system - administration tools cyrus-clients-2.2 - Cyrus mail system (test clients) cyrus-common-2.2 - Cyrus mail system - common files cyrus-dev-2.2 - Cyrus mail system (developer files) cyrus-doc-2.2 - Cyrus mail system - documentation files cyrus-imapd-2.2 - Cyrus mail system - IMAP support cyrus-murder-2.2 - Cyrus mail system (proxies and aggregator) cyrus-nntpd-2.2 - Cyrus mail system (NNTP support) cyrus-pop3d-2.2 - Cyrus mail system - POP3 support libcyrus-imap-perl22 - Interface to Cyrus imap client imclient library Changes: cyrus-imapd-2.2 (2.2.13-19squeeze2build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . cyrus-imapd-2.2 (2.2.13-19+squeeze2) stable-security; urgency=low . * Update Vcs-* and Homepage * Fix stack-based buffer overflow in the split_wildmats function in nntpd.c (CVE-2011-3208) * Fix for authentication bypass in nntpd (SA46093) Checksums-Sha1: f2813b894829e40392f7e8898edbefff59b5da6f 2666 cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1.dsc db7b474b16b43e39cd9bafd7d2e31bdc10374fba 276651 cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1.diff.gz Checksums-Sha256: 2bc180cdfde63c154c264881dd2bff31116f4a56d24e0ba1a05e11c29cfec4c9 2666 cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1.dsc 3da3a3b09789d90f5c77821c69f009c83d18ce74b5420f2e62d47a824043a7e9 276651 cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1.diff.gz Files: 19ba50ea982824de26abf2225050eaf8 2666 mail extra cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1.dsc 76379f9700ec09b47af1d80564f9e073 276651 mail extra cyrus-imapd-2.2_2.2.13-19squeeze2build0.10.10.1.diff.gz From jamie at ubuntu.com Thu Oct 20 18:03:49 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 20 Oct 2011 18:03:49 -0000 Subject: [ubuntu/maverick-security] acpid 1.0.10-5ubuntu4.1 (Accepted) Message-ID: <20111020180349.6332.68297.launchpad@cocoplum.canonical.com> acpid (1.0.10-5ubuntu4.1) maverick-security; urgency=low * SECURITY UPDATE: denial of service via blocking socket - debian/patches/CVE-2011-1159.patch: adjust the socket fd to use O_NONBLOCK - CVE-2011-1159 Date: Thu, 13 Oct 2011 17:35:25 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/acpid/1.0.10-5ubuntu4.1 -------------- next part -------------- Format: 1.8 Date: Thu, 13 Oct 2011 17:35:25 -0500 Source: acpid Binary: acpid Architecture: source Version: 1.0.10-5ubuntu4.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: acpid - Advanced Configuration and Power Interface event daemon Changes: acpid (1.0.10-5ubuntu4.1) maverick-security; urgency=low . * SECURITY UPDATE: denial of service via blocking socket - debian/patches/CVE-2011-1159.patch: adjust the socket fd to use O_NONBLOCK - CVE-2011-1159 Checksums-Sha1: 01cb8b0f897edfbea64af75e2280c2d75f1d4956 2048 acpid_1.0.10-5ubuntu4.1.dsc 2bedff568fd69736274ce0f32111e5d029b44f64 42569 acpid_1.0.10-5ubuntu4.1.diff.gz Checksums-Sha256: 3d9c6de2d981b5370925c366e6b5e1a6b05904590558cb3bfe3fe8f5723a5001 2048 acpid_1.0.10-5ubuntu4.1.dsc da53a25ca256fb3859389bbf1173f68eb4e1439cfb8cd8cffee420f6724ca42b 42569 acpid_1.0.10-5ubuntu4.1.diff.gz Files: f93bb22026c41d4e415281ba9e3eccc4 2048 admin optional acpid_1.0.10-5ubuntu4.1.dsc 9a746992ece5d28e9f09744bf32f9a8d 42569 admin optional acpid_1.0.10-5ubuntu4.1.diff.gz Original-Maintainer: Debian Acpi Team From marc.deslauriers at ubuntu.com Thu Oct 20 23:05:50 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 20 Oct 2011 23:05:50 -0000 Subject: [ubuntu/maverick-security] xorg-server 2:1.9.0-0ubuntu7.6 (Accepted) Message-ID: <20111020230550.18749.65924.launchpad@cocoplum.canonical.com> xorg-server (2:1.9.0-0ubuntu7.6) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via incorrect input sanitization - debian/patches/212_CVE-2010-4818.patch: updated with missing commit to fix regression. - CVE-2010-4818 Date: Thu, 20 Oct 2011 10:42:45 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu X-SWAT https://launchpad.net/ubuntu/maverick/+source/xorg-server/2:1.9.0-0ubuntu7.6 -------------- next part -------------- Format: 1.8 Date: Thu, 20 Oct 2011 10:42:45 -0400 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source Version: 2:1.9.0-0ubuntu7.6 Distribution: maverick-security Urgency: low Maintainer: Ubuntu X-SWAT Changed-By: Marc Deslauriers Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:1.9.0-0ubuntu7.6) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via incorrect input sanitization - debian/patches/212_CVE-2010-4818.patch: updated with missing commit to fix regression. - CVE-2010-4818 Checksums-Sha1: 8476369f4ea9ac7828daa9f224767f7d99d0c076 4181 xorg-server_1.9.0-0ubuntu7.6.dsc 7f8fa67516bb4a2672e4242276472ac393d439ec 423678 xorg-server_1.9.0-0ubuntu7.6.diff.gz Checksums-Sha256: daf2c017ff62f41c0713806e9c8dfc24b0ac2a09840ec811e8091ab9ec201537 4181 xorg-server_1.9.0-0ubuntu7.6.dsc ab7c05b68bde6e51393f3aef10231a6fea2aa3181bc22deadbd22025db950502 423678 xorg-server_1.9.0-0ubuntu7.6.diff.gz Files: 01570700e600ed54b9b6cd77658fff87 4181 x11 optional xorg-server_1.9.0-0ubuntu7.6.dsc b7b7a30614c25f583c230a3ba56acd76 423678 x11 optional xorg-server_1.9.0-0ubuntu7.6.diff.gz Original-Maintainer: Debian X Strike Force From sbeattie at ubuntu.com Fri Oct 21 19:03:26 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Fri, 21 Oct 2011 19:03:26 -0000 Subject: [ubuntu/maverick-security] wireshark_1.2.11-6+squeeze4build0.10.10.1_amd64_translations.tar.gz, wireshark_1.2.11-6+squeeze4build0.10.10.1_powerpc_translations.tar.gz, wireshark_1.2.11-6+squeeze4build0.10.10.1_i386_translations.tar.gz, wireshark_1.2.11-6+squeeze4build0.10.10.1_armel_translations.tar.gz, wireshark 1.2.11-6+squeeze4build0.10.10.1 (Accepted) Message-ID: <20111021190326.8332.405.launchpad@cocoplum.canonical.com> wireshark (1.2.11-6+squeeze4build0.10.10.1) maverick-security; urgency=low * fake sync from Debian wireshark (1.2.11-6+squeeze4) stable-security; urgency=low * Rebuild to bypass dak weirdness wireshark (1.2.11-6+squeeze3) stable-security; urgency=low * CVE-2011-3360, update by Balint Date: Fri, 21 Oct 2011 09:26:39 -0700 Changed-By: Steve Beattie Maintainer: Balint Reczey https://launchpad.net/ubuntu/maverick/+source/wireshark/1.2.11-6+squeeze4build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 21 Oct 2011 09:26:39 -0700 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg Architecture: source Version: 1.2.11-6+squeeze4build0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Balint Reczey Changed-By: Steve Beattie Description: tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools Changes: wireshark (1.2.11-6+squeeze4build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . wireshark (1.2.11-6+squeeze4) stable-security; urgency=low . * Rebuild to bypass dak weirdness . wireshark (1.2.11-6+squeeze3) stable-security; urgency=low . * CVE-2011-3360, update by Balint Checksums-Sha1: aa177a035b049c4866f2ea47a7215e252c25b1c2 2443 wireshark_1.2.11-6+squeeze4build0.10.10.1.dsc 9af7d4224ceea5360073ebae5d54c0b9ac90ecb8 79952 wireshark_1.2.11-6+squeeze4build0.10.10.1.debian.tar.gz Checksums-Sha256: e8906c9c4fd670a1ddd0a32ecdb9b67041b3dd000020402ca12ea8038bbd9ff1 2443 wireshark_1.2.11-6+squeeze4build0.10.10.1.dsc 2215f8c879e39b02b305d9b6425c3759060cf4acdc70a0071a6fd421e1ab7009 79952 wireshark_1.2.11-6+squeeze4build0.10.10.1.debian.tar.gz Files: fd8408dc49622fd4623a81dc1ee34826 2443 net optional wireshark_1.2.11-6+squeeze4build0.10.10.1.dsc ecbebf00de0f42998de77779fce83286 79952 net optional wireshark_1.2.11-6+squeeze4build0.10.10.1.debian.tar.gz From marc.deslauriers at ubuntu.com Mon Oct 24 19:04:14 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 24 Oct 2011 19:04:14 -0000 Subject: [ubuntu/maverick-security] pam_1.1.1-4ubuntu2.4_powerpc_translations.tar.gz, pam_1.1.1-4ubuntu2.4_amd64_translations.tar.gz, pam_1.1.1-4ubuntu2.4_i386_translations.tar.gz, pam, pam_1.1.1-4ubuntu2.4_armel_translations.tar.gz 1.1.1-4ubuntu2.4 (Accepted) Message-ID: <20111024190414.25513.32691.launchpad@cocoplum.canonical.com> pam (1.1.1-4ubuntu2.4) maverick-security; urgency=low * SECURITY UPDATE: possible code execution via incorrect environment file parsing (LP: #874469) - debian/patches-applied/CVE-2011-3148.patch: correctly count leading whitespace when parsing environment file in modules/pam_env/pam_env.c. - CVE-2011-3148 * SECURITY UPDATE: denial of service via overflowed environment variable expansion (LP: #874565) - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit with PAM_BUF_ERR in modules/pam_env/pam_env.c. - CVE-2011-3149 * SECURITY UPDATE: code execution via incorrect environment cleaning - debian/patches-applied/update-motd: updated to use clean environment and absolute paths in modules/pam_motd/pam_motd.c. - CVE-2011-XXXX Date: Tue, 18 Oct 2011 10:05:50 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/pam/1.1.1-4ubuntu2.4 -------------- next part -------------- Format: 1.8 Date: Tue, 18 Oct 2011 10:05:50 -0400 Source: pam Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: source Version: 1.1.1-4ubuntu2.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Launchpad-Bugs-Fixed: 874469 874565 Changes: pam (1.1.1-4ubuntu2.4) maverick-security; urgency=low . * SECURITY UPDATE: possible code execution via incorrect environment file parsing (LP: #874469) - debian/patches-applied/CVE-2011-3148.patch: correctly count leading whitespace when parsing environment file in modules/pam_env/pam_env.c. - CVE-2011-3148 * SECURITY UPDATE: denial of service via overflowed environment variable expansion (LP: #874565) - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit with PAM_BUF_ERR in modules/pam_env/pam_env.c. - CVE-2011-3149 * SECURITY UPDATE: code execution via incorrect environment cleaning - debian/patches-applied/update-motd: updated to use clean environment and absolute paths in modules/pam_motd/pam_motd.c. - CVE-2011-XXXX Checksums-Sha1: b6f2ec5514f9ac5bc61996a5250404071e19b2a8 2241 pam_1.1.1-4ubuntu2.4.dsc 0ff3d5157b772c160645ce6400abf7cf74a5bb54 269580 pam_1.1.1-4ubuntu2.4.diff.gz Checksums-Sha256: 75627a065e5564447d029bebca192e2b625558752bd303a289ae9a568017f7ed 2241 pam_1.1.1-4ubuntu2.4.dsc 520ee02fa2da1e69ce8d8c7c66ab831e7e88cbfb182eb86b7d1526da39c42ed5 269580 pam_1.1.1-4ubuntu2.4.diff.gz Files: 67a479881c6cdd11becfcad775ad5893 2241 libs optional pam_1.1.1-4ubuntu2.4.dsc 3ea92719a5d30be039ac92dfe4eb42ec 269580 libs optional pam_1.1.1-4ubuntu2.4.diff.gz Original-Maintainer: Steve Langasek From marc.deslauriers at ubuntu.com Mon Oct 24 22:03:33 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 24 Oct 2011 22:03:33 -0000 Subject: [ubuntu/maverick-security] puppet 2.6.1-0ubuntu2.4 (Accepted) Message-ID: <20111024220333.26174.64684.launchpad@cocoplum.canonical.com> puppet (2.6.1-0ubuntu2.4) maverick-security; urgency=low * SECURITY UPDATE: puppet master impersonation via incorrect certificates - debian/patches/CVE-2011-3872.patch: refactor certificate handling. - Thanks to upstream for providing the patch. - CVE-2011-3872 Date: Mon, 24 Oct 2011 15:08:20 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/puppet/2.6.1-0ubuntu2.4 -------------- next part -------------- Format: 1.8 Date: Mon, 24 Oct 2011 15:08:20 -0400 Source: puppet Binary: puppet puppetmaster-common puppetmaster puppetmaster-passenger puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source Version: 2.6.1-0ubuntu2.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: puppet - Centralized configuration management - agent startup and compatib puppet-common - Centralized configuration management puppet-el - syntax highlighting for puppet manifests in emacs puppet-testsuite - Centralized configuration management - test suite puppetmaster - Centralized configuration management - master startup and compati puppetmaster-common - Puppet master common scripts puppetmaster-passenger - Centralised configuration management - master setup to run under vim-puppet - syntax highlighting for puppet manifests in vim Changes: puppet (2.6.1-0ubuntu2.4) maverick-security; urgency=low . * SECURITY UPDATE: puppet master impersonation via incorrect certificates - debian/patches/CVE-2011-3872.patch: refactor certificate handling. - Thanks to upstream for providing the patch. - CVE-2011-3872 Checksums-Sha1: 8631e677523d3c35f91ba75052ffedf0fdcb63ba 2296 puppet_2.6.1-0ubuntu2.4.dsc dd0e6ff53a61731db1c08a90c1ae02135b865776 87709 puppet_2.6.1-0ubuntu2.4.debian.tar.gz Checksums-Sha256: 5a74b1f86cd5932c96c0cafcff8662cc85cd9cc3b056fb82adc7355343c238dd 2296 puppet_2.6.1-0ubuntu2.4.dsc edb3de571c6d61cf99856a92a3441be373e3dfd40e05cf2d92ce5a1bfaa5721a 87709 puppet_2.6.1-0ubuntu2.4.debian.tar.gz Files: 63aabfeeaed1e7504463e3f47610559a 2296 admin optional puppet_2.6.1-0ubuntu2.4.dsc c52ffa7ad15bc8d73bf344eb1ce2e809 87709 admin optional puppet_2.6.1-0ubuntu2.4.debian.tar.gz Original-Maintainer: Puppet Package Maintainers From debfx-pkg at fobos.de Tue Oct 25 05:05:28 2011 From: debfx-pkg at fobos.de (Felix Geyer) Date: Tue, 25 Oct 2011 05:05:28 -0000 Subject: [ubuntu/maverick-proposed] global 5.7.1-1ubuntu0.10.10 (Accepted) Message-ID: <20111025050528.27349.60405.launchpad@soybean.canonical.com> global (5.7.1-1ubuntu0.10.10) maverick-proposed; urgency=low * debian/global.postinst: Fall back to localhost if `hostname --fqdn` fails. (LP: #398009) Date: Fri, 21 Oct 2011 00:04:29 +0200 Changed-By: Felix Geyer Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/global/5.7.1-1ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Fri, 21 Oct 2011 00:04:29 +0200 Source: global Binary: global Architecture: source Version: 5.7.1-1ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Felix Geyer Description: global - Source code search and browse tools Launchpad-Bugs-Fixed: 398009 Changes: global (5.7.1-1ubuntu0.10.10) maverick-proposed; urgency=low . * debian/global.postinst: Fall back to localhost if `hostname --fqdn` fails. (LP: #398009) Checksums-Sha1: 187753c6a06c7e265f11a58e2be19a10d7a172c9 1714 global_5.7.1-1ubuntu0.10.10.dsc 8cbf5fb10b7c32719218eb6d7a37bbbaa4b83670 18265 global_5.7.1-1ubuntu0.10.10.diff.gz Checksums-Sha256: 9114216506c91cce3201d2456dbaa5a5baf56df8285c77576300f027e79be71f 1714 global_5.7.1-1ubuntu0.10.10.dsc ad3a47969c63d074739d470151adf564b2b6a480cff14e2cffc365b90319f6b5 18265 global_5.7.1-1ubuntu0.10.10.diff.gz Files: 06a76b9d9dd848e1743bc63cfaf49d31 1714 devel optional global_5.7.1-1ubuntu0.10.10.dsc 8c5f23f2d10ebb537c155b6d7a8c9ed9 18265 devel optional global_5.7.1-1ubuntu0.10.10.diff.gz Original-Maintainer: Ron Lee From jamie at ubuntu.com Tue Oct 25 17:03:42 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Tue, 25 Oct 2011 17:03:42 -0000 Subject: [ubuntu/maverick-security] nova 0.9.1~bzr331-0ubuntu2.1 (Accepted) Message-ID: <20111025170342.29049.36218.launchpad@cocoplum.canonical.com> nova (0.9.1~bzr331-0ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: fix information leak via invalid key debina/patches/security-fix-lp868360.patch: adjust nova/auth/manager.py to not return access, secret or admin fields for User error and project_manager_id, description and member_ids for Project - LP: #868360 - CVE-2011-XXXX Date: Tue, 25 Oct 2011 09:14:00 -0500 Changed-By: Jamie Strandboge Maintainer: Soren Hansen https://launchpad.net/ubuntu/maverick/+source/nova/0.9.1~bzr331-0ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Tue, 25 Oct 2011 09:14:00 -0500 Source: nova Binary: python-nova nova-common nova-compute nova-scheduler nova-volume nova-api nova-network nova-objectstore nova-instancemonitor nova-doc Architecture: source Version: 0.9.1~bzr331-0ubuntu2.1 Distribution: maverick-security Urgency: low Maintainer: Soren Hansen Changed-By: Jamie Strandboge Description: nova-api - OpenStack Compute - Nova - API frontend nova-common - OpenStack Compute - Nova - common files nova-compute - OpenStack Compute - Nova - compute node nova-doc - OpenStack Compute - Nova - documetation nova-instancemonitor - Nova instance monitor nova-network - OpenStack Compute - Nova - Network thingamajig nova-objectstore - OpenStack Compute - Nova - object store nova-scheduler - OpenStack Compute - Nova - Scheduler nova-volume - OpenStack Compute - Nova - storage python-nova - OpenStack Compute - Nova - Python libraries Launchpad-Bugs-Fixed: 868360 Changes: nova (0.9.1~bzr331-0ubuntu2.1) maverick-security; urgency=low . * SECURITY UPDATE: fix information leak via invalid key debina/patches/security-fix-lp868360.patch: adjust nova/auth/manager.py to not return access, secret or admin fields for User error and project_manager_id, description and member_ids for Project - LP: #868360 - CVE-2011-XXXX Checksums-Sha1: fa454f1e424c048225a3343451b283a1b608ee03 2349 nova_0.9.1~bzr331-0ubuntu2.1.dsc a6d97ab6273b632c6045e35b005582b81c333c5a 8969 nova_0.9.1~bzr331-0ubuntu2.1.debian.tar.gz Checksums-Sha256: c0d8d707aa1c8c49a899e3078c02e00149f8bf01a49fe64fe5c86ff128751685 2349 nova_0.9.1~bzr331-0ubuntu2.1.dsc e3313bd0ff18932c68e1db0c09ea568d4bd22cf0d1013a429ef9fdbca7c35906 8969 nova_0.9.1~bzr331-0ubuntu2.1.debian.tar.gz Files: c75032d0ea61c5674e02b3fee22292d2 2349 net extra nova_0.9.1~bzr331-0ubuntu2.1.dsc 63de2b8ac0da3aa043a85c3ba3efacb4 8969 net extra nova_0.9.1~bzr331-0ubuntu2.1.debian.tar.gz From jamie at ubuntu.com Tue Oct 25 22:04:34 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Tue, 25 Oct 2011 22:04:34 -0000 Subject: [ubuntu/maverick-security] kde4libs_4.5.5-0ubuntu2.1_i386_translations.tar.gz, kde4libs_4.5.5-0ubuntu2.1_amd64_translations.tar.gz, kde4libs_4.5.5-0ubuntu2.1_armel_translations.tar.gz, kde4libs, kde4libs_4.5.5-0ubuntu2.1_powerpc_translations.tar.gz 4:4.5.5-0ubuntu2.1 (Accepted) Message-ID: <20111025220434.5553.77635.launchpad@cocoplum.canonical.com> kde4libs (4:4.5.5-0ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: Fix vulnerabity with certificate boxes in KSSL, which let the opportunity to interpret html tags. - debian/patches/security_04_CVE-2011-3365.diff: Change the QLabel's text format from RichText to PlainText in important locations. - CVE-2011-3365 - LP: #857437 * SECURITY UPDATE: Fix vulnerability in kioslave which let the opportunity to interpret html tags - debian/patches/security_04_CVE-2011-3365-kioslave.patch: Use HTML escaping on texts that come from the website. Date: Fri, 14 Oct 2011 09:10:11 -0500 Changed-By: Jamie Strandboge Maintainer: Kubuntu Developers https://launchpad.net/ubuntu/maverick/+source/kde4libs/4:4.5.5-0ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Fri, 14 Oct 2011 09:10:11 -0500 Source: kde4libs Binary: libkdecore5 libkdeui5 libkpty4 libkdesu5 libkjsapi4 libkjsembed4 libkio5 libkntlm4 libsolid4 libkde3support4 libkatepartinterfaces4 libkfile4 libknewstuff2-4 libknewstuff3-4 libkparts4 libkutils4 libthreadweaver4 libkhtml5 libkimproxy4 libkmediaplayer4 libktexteditor4 libknotifyconfig4 libkdnssd4 libkrosscore4 libkrossui4 libnepomuk4 libnepomukquery4a libplasma3 libkunitconversion4 libkdewebkit5 kdelibs-bin kdelibs5-plugins kdelibs5-data kdoctools kdelibs5-dev kdelibs5 kdelibs5-dbg Architecture: source Version: 4:4.5.5-0ubuntu2.1 Distribution: maverick-security Urgency: low Maintainer: Kubuntu Developers Changed-By: Jamie Strandboge Description: kdelibs-bin - core executables for KDE Aapplications kdelibs5 - transitional package for the KDE Development Platform libraries kdelibs5-data - core shared data for all KDE Applications kdelibs5-dbg - debugging symbols for the KDE Development Platform libraries kdelibs5-dev - development files for the KDE Development Platform libraries kdelibs5-plugins - core plugins for KDE Applications kdoctools - various tools for accessing application documentation libkatepartinterfaces4 - Kate part library libkde3support4 - the KDE 3 Support Library for the KDE 4 Platform libkdecore5 - the KDE Platform Core Library libkdesu5 - the Console-mode Authentication Library for the KDE Platform libkdeui5 - the KDE Platform User Interface Library libkdewebkit5 - the KDE WebKit Library libkdnssd4 - the DNS-SD Protocol Library for the KDE Platform libkfile4 - the File Selection Dialog Library for KDE Platform libkhtml5 - the KHTML Web Content Rendering Engine libkimproxy4 - the Instant Messaging Interface Library for the KDE Platform libkio5 - the Network-enabled File Management Library for the KDE Platform libkjsapi4 - the KJS API Library for the KDE Development Platform libkjsembed4 - library for binding JavaScript objects to QObjects libkmediaplayer4 - the KMediaPlayer Interface for the KDE Platform libknewstuff2-4 - the "Get Hot New Stuff" v2 Library for the KDE Platform libknewstuff3-4 - the "Get Hot New Stuff" v3 Library for the KDE Platform libknotifyconfig4 - library for configuring KDE Notifications libkntlm4 - the NTLM Authentication Library for the KDE Platform libkparts4 - the Framework for the KDE Platform Graphical Components libkpty4 - the Pseudo Terminal Library for the KDE Platform libkrosscore4 - the Kross Core Library libkrossui4 - the Kross UI Library libktexteditor4 - the KTextEditor interfaces for the KDE Platform libkunitconversion4 - the Unit Conversion library for the KDE Platform libkutils4 - various utility classes for the KDE Platform libnepomuk4 - the Nepomuk Meta Data Library libnepomukquery4a - the Nepomuk Query Library for the KDE Platform libplasma3 - the Plasma Library for the KDE Platform libsolid4 - Solid Library for KDE Platform libthreadweaver4 - the ThreadWeaver Library for the KDE Platform Launchpad-Bugs-Fixed: 857437 Changes: kde4libs (4:4.5.5-0ubuntu2.1) maverick-security; urgency=low . * SECURITY UPDATE: Fix vulnerabity with certificate boxes in KSSL, which let the opportunity to interpret html tags. - debian/patches/security_04_CVE-2011-3365.diff: Change the QLabel's text format from RichText to PlainText in important locations. - CVE-2011-3365 - LP: #857437 * SECURITY UPDATE: Fix vulnerability in kioslave which let the opportunity to interpret html tags - debian/patches/security_04_CVE-2011-3365-kioslave.patch: Use HTML escaping on texts that come from the website. Checksums-Sha1: 93f9baec97fa2b6e9a64a390e47e96a06e25b8bd 3682 kde4libs_4.5.5-0ubuntu2.1.dsc 1a80bd78c33aed30cc48d9b74c7333029ebe7896 358559 kde4libs_4.5.5-0ubuntu2.1.debian.tar.gz Checksums-Sha256: f30a0fb54170e5527dfd523409c4763f012ee552ce696095cfcd3d4cc6ead702 3682 kde4libs_4.5.5-0ubuntu2.1.dsc 480c78114b5b02b11d56be3f9c0171979968249c4bff85c280a6cf7e48145f14 358559 kde4libs_4.5.5-0ubuntu2.1.debian.tar.gz Files: 75f6ec2f17e354529ec25dfb5371bc31 3682 libs optional kde4libs_4.5.5-0ubuntu2.1.dsc 9ef057f3385928d4035093ddb46df4f8 358559 libs optional kde4libs_4.5.5-0ubuntu2.1.debian.tar.gz Original-Maintainer: Debian Qt/KDE Maintainers From jamie at ubuntu.com Thu Oct 27 13:03:25 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 27 Oct 2011 13:03:25 -0000 Subject: [ubuntu/maverick-security] libfcgi-perl 0.71-1+squeeze1build0.10.10.1 (Accepted) Message-ID: <20111027130325.31189.86900.launchpad@cocoplum.canonical.com> libfcgi-perl (0.71-1+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian libfcgi-perl (0.71-1+squeeze1) stable-security; urgency=high * Team upload * Add patch from upstream bug tracker fixing CVE-2011-2766 Closes: #607479. Thaks to Ferdinand for reporting, Russ Allbery for the analysis and chansen for the patch. * control: update Vcs-* fields to point to Git Date: Wed, 26 Oct 2011 16:20:39 -0500 Changed-By: Jamie Strandboge Maintainer: Debian Perl Group https://launchpad.net/ubuntu/maverick/+source/libfcgi-perl/0.71-1+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 26 Oct 2011 16:20:39 -0500 Source: libfcgi-perl Binary: libfcgi-perl Architecture: source Version: 0.71-1+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Debian Perl Group Changed-By: Jamie Strandboge Description: libfcgi-perl - helper module for FastCGI Closes: 607479 Changes: libfcgi-perl (0.71-1+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . libfcgi-perl (0.71-1+squeeze1) stable-security; urgency=high . * Team upload . * Add patch from upstream bug tracker fixing CVE-2011-2766 Closes: #607479. Thaks to Ferdinand for reporting, Russ Allbery for the analysis and chansen for the patch. * control: update Vcs-* fields to point to Git Checksums-Sha1: e6b5ca62531eb284630b2cd28588a8e4481de28b 2089 libfcgi-perl_0.71-1+squeeze1build0.10.10.1.dsc 64ee5b9eb60f9655ebd1eb2ca134846da34e8958 5329 libfcgi-perl_0.71-1+squeeze1build0.10.10.1.debian.tar.gz Checksums-Sha256: e7851516088ac35bf4c3e6d48c06bf5dd5b4ab8e2a2820220ceba54fe4564522 2089 libfcgi-perl_0.71-1+squeeze1build0.10.10.1.dsc 61856ae1143eb018c8be1c891e8b1fad952fc7280a0322fdc902ff04ac31af11 5329 libfcgi-perl_0.71-1+squeeze1build0.10.10.1.debian.tar.gz Files: c0a475e951acf924d32db2fe5ab1ab08 2089 perl optional libfcgi-perl_0.71-1+squeeze1build0.10.10.1.dsc a486ed8efad57306ca76a191a9bf0eaa 5329 perl optional libfcgi-perl_0.71-1+squeeze1build0.10.10.1.debian.tar.gz From jamie at ubuntu.com Thu Oct 27 22:03:46 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 27 Oct 2011 22:03:46 -0000 Subject: [ubuntu/maverick-security] backuppc, backuppc_3.1.0-9ubuntu2.2_i386_translations.tar.gz 3.1.0-9ubuntu2.2 (Accepted) Message-ID: <20111027220346.28313.27385.launchpad@cocoplum.canonical.com> backuppc (3.1.0-9ubuntu2.2) maverick-security; urgency=low * SECURITY UPDATE: XSS in CGI/Browse.pm - debian/patches/CVE-2011-3361.dpatch: update lib/BackupPC/CGI/Browse.pm to verify backup number is numeric - CVE-2011-3361 * SECURITY UPDATE: XSS in CGI/View.pm - debian/patches/CVE-2011-XXXX_view_pm.dpatch: update to verify backup number is numeric - CVE-2011-XXXX Date: Thu, 27 Oct 2011 14:38:23 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/backuppc/3.1.0-9ubuntu2.2 -------------- next part -------------- Format: 1.8 Date: Thu, 27 Oct 2011 14:38:23 -0500 Source: backuppc Binary: backuppc Architecture: source Version: 3.1.0-9ubuntu2.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: backuppc - high-performance, enterprise-grade system for backing up PCs Changes: backuppc (3.1.0-9ubuntu2.2) maverick-security; urgency=low . * SECURITY UPDATE: XSS in CGI/Browse.pm - debian/patches/CVE-2011-3361.dpatch: update lib/BackupPC/CGI/Browse.pm to verify backup number is numeric - CVE-2011-3361 * SECURITY UPDATE: XSS in CGI/View.pm - debian/patches/CVE-2011-XXXX_view_pm.dpatch: update to verify backup number is numeric - CVE-2011-XXXX Checksums-Sha1: a3b44dfd5e9ea566509f47dc89e4405ce8aafc04 1762 backuppc_3.1.0-9ubuntu2.2.dsc 7cd836c422e6a1b16965602c54c56ee2ac619375 30219 backuppc_3.1.0-9ubuntu2.2.diff.gz Checksums-Sha256: c89cb54f002bcf8d0b9e5115120161a7cc5c22c756de0dee1affb2a5321fc867 1762 backuppc_3.1.0-9ubuntu2.2.dsc b667b2e8a83a6a0d186ff066dc9c1dec05a63dd6eb89e6aa2281ccb8b9f7eb2f 30219 backuppc_3.1.0-9ubuntu2.2.diff.gz Files: ffec1043d2508025b7aa685a549f347c 1762 utils optional backuppc_3.1.0-9ubuntu2.2.dsc 5a884750bc91d62ade6afdefb8966b9b 30219 utils optional backuppc_3.1.0-9ubuntu2.2.diff.gz Original-Maintainer: Ludovic Drolez From sbeattie at ubuntu.com Fri Oct 28 17:05:43 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Fri, 28 Oct 2011 17:05:43 -0000 Subject: [ubuntu/maverick-security] empathy, empathy_2.32.1-0ubuntu1.2_powerpc_translations.tar.gz, empathy_2.32.1-0ubuntu1.2_armel_translations.tar.gz, empathy_2.32.1-0ubuntu1.2_amd64_translations.tar.gz, empathy_2.32.1-0ubuntu1.2_static_translations.tar.gz, empathy_2.32.1-0ubuntu1.2_i386_translations.tar.gz 2.32.1-0ubuntu1.2 (Accepted) Message-ID: <20111028170543.18815.14611.launchpad@cocoplum.canonical.com> empathy (2.32.1-0ubuntu1.2) maverick-security; urgency=low * SECURITY UPDATE: remote HTML injection (LP: #879301) - debian/patches/75_empathy-CVE-2011-3635-lp879301.patch: escape HTML in when displaying other users' names. (Thanks to upstream for patch.) - CVE-2011-3635, CVE-2011-4170 Date: Tue, 25 Oct 2011 15:58:45 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/empathy/2.32.1-0ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Tue, 25 Oct 2011 15:58:45 -0700 Source: empathy Binary: empathy empathy-dbg empathy-common nautilus-sendto-empathy Architecture: source Version: 2.32.1-0ubuntu1.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: empathy - GNOME multi-protocol chat and call client empathy-common - GNOME multi-protocol chat and call client (common files) empathy-dbg - GNOME multi-protocol chat and call client (debug symbols) nautilus-sendto-empathy - GNOME multi-protocol chat and call client (nautilus-sendto plugin Launchpad-Bugs-Fixed: 879301 Changes: empathy (2.32.1-0ubuntu1.2) maverick-security; urgency=low . * SECURITY UPDATE: remote HTML injection (LP: #879301) - debian/patches/75_empathy-CVE-2011-3635-lp879301.patch: escape HTML in when displaying other users' names. (Thanks to upstream for patch.) - CVE-2011-3635, CVE-2011-4170 Checksums-Sha1: 40e50666abedcc99945b49757b2c6a2aa5fc927e 3214 empathy_2.32.1-0ubuntu1.2.dsc bf1c4f52d3bc0e0fc55f31a58960ec5b1f511d59 33675 empathy_2.32.1-0ubuntu1.2.debian.tar.bz2 Checksums-Sha256: acf345857a9dc6417f96abd4b3cb274581882054f35ce7f4169ceb2a5400055f 3214 empathy_2.32.1-0ubuntu1.2.dsc ce463bcb35dd4bc157078c26004039c0a002ead7813a0cf535c7417262757b51 33675 empathy_2.32.1-0ubuntu1.2.debian.tar.bz2 Files: 0053e80259488bf372863a901a123a00 3214 gnome optional empathy_2.32.1-0ubuntu1.2.dsc 5dfdf332ef6102ad0cfda18339e97461 33675 gnome optional empathy_2.32.1-0ubuntu1.2.debian.tar.bz2 Original-Maintainer: Debian Telepathy maintainers From adconrad at ubuntu.com Fri Oct 28 21:49:21 2011 From: adconrad at ubuntu.com (Adam Conrad) Date: Fri, 28 Oct 2011 21:49:21 -0000 Subject: [ubuntu/maverick-proposed] tzdata 2011m-0ubuntu0.10.10 (Accepted) Message-ID: <20111028214921.27605.74799.launchpad@cocoplum.canonical.com> tzdata (2011m-0ubuntu0.10.10) maverick-proposed; urgency=low * New upstream version, fix DST for: - Pridnestrovian Moldavian Republic. - Ukraine (LP: #881250). - Bahia, Brazil. Date: Fri, 28 Oct 2011 14:52:19 -0600 Changed-By: Adam Conrad Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/tzdata/2011m-0ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Fri, 28 Oct 2011 14:52:19 -0600 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011m-0ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Adam Conrad Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 881250 Changes: tzdata (2011m-0ubuntu0.10.10) maverick-proposed; urgency=low . * New upstream version, fix DST for: - Pridnestrovian Moldavian Republic. - Ukraine (LP: #881250). - Bahia, Brazil. Checksums-Sha1: 1cc3ae04cc58d85cc1a0b4368ae170d7e5935d6d 1269 tzdata_2011m-0ubuntu0.10.10.dsc e6374cd41c5bffd7ade27c365c4bdc5213bb9d85 204214 tzdata_2011m.orig.tar.gz bc13f79d179ad8dc5748e0037d175aef5c9e87b5 251068 tzdata_2011m-0ubuntu0.10.10.debian.tar.gz Checksums-Sha256: 21fd5e967083609e41ee7866202a81ae8d53c13ebd59ca16372629a5367fa4cd 1269 tzdata_2011m-0ubuntu0.10.10.dsc c8e01f5b4a3cd8b8aee84b4befb4b671cef34353e5af022ed22071f5b86ef5f4 204214 tzdata_2011m.orig.tar.gz 2ff864dac75c12acb398d0c8b3ecafba0b3515ccd490ef794393a292e6598acf 251068 tzdata_2011m-0ubuntu0.10.10.debian.tar.gz Files: 2e22a7fbacb671f664546e89d9d68f72 1269 libs required tzdata_2011m-0ubuntu0.10.10.dsc 6dc4455b62c951dcf367a239ca249e69 204214 libs required tzdata_2011m.orig.tar.gz cc6ba9c9847bfb83a6dad67db61ac4fc 251068 libs required tzdata_2011m-0ubuntu0.10.10.debian.tar.gz Original-Maintainer: GNU Libc Maintainers From adamg at canonical.com Mon Oct 31 20:38:44 2011 From: adamg at canonical.com (Adam Gandelman) Date: Mon, 31 Oct 2011 20:38:44 -0000 Subject: [ubuntu/maverick-proposed] facter 1.5.7-1ubuntu1.2 (Accepted) Message-ID: <20111031203844.8835.14807.launchpad@gac.canonical.com> facter (1.5.7-1ubuntu1.2) maverick-proposed; urgency=low * lib/facter/ec2.rb: Properly handle ip+port when testing connectivity of ec2 metadata service.(LP: #732953) * lib/facter/util/collection.rb: Backported fix from upstream commit 2255abee7bdb9b6478ca228546e3d275dbac0ec3. Reload all facts if the requested fact is not found. Ensures consistency after facts have been cleared. (LP: #876130) Date: Tue, 25 Oct 2011 10:43:54 -0700 Changed-By: Adam Gandelman Maintainer: Ubuntu Core Developers Signed-By: Luke Yelavich https://launchpad.net/ubuntu/maverick/+source/facter/1.5.7-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Tue, 25 Oct 2011 10:43:54 -0700 Source: facter Binary: facter Architecture: source Version: 1.5.7-1ubuntu1.2 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Adam Gandelman Description: facter - a library for retrieving facts from operating systems Launchpad-Bugs-Fixed: 732953 876130 Changes: facter (1.5.7-1ubuntu1.2) maverick-proposed; urgency=low . * lib/facter/ec2.rb: Properly handle ip+port when testing connectivity of ec2 metadata service.(LP: #732953) * lib/facter/util/collection.rb: Backported fix from upstream commit 2255abee7bdb9b6478ca228546e3d275dbac0ec3. Reload all facts if the requested fact is not found. Ensures consistency after facts have been cleared. (LP: #876130) Checksums-Sha1: ba9bce19fdf22bc71342609b1abc7f2f29cc9c52 1249 facter_1.5.7-1ubuntu1.2.dsc be3649e057d61679120f5e4f220ce9ed774d4943 6070 facter_1.5.7-1ubuntu1.2.diff.gz Checksums-Sha256: c62863493b36b0cfbe4b29afe80379d1266b49cb8e9eb56966cd553e3e9ea825 1249 facter_1.5.7-1ubuntu1.2.dsc d55d5cef71d2dabc0072f4eea2638bd911328c45d156903818e013795dec9367 6070 facter_1.5.7-1ubuntu1.2.diff.gz Files: aca66bf9f6778ebc2256446cf48a3ee0 1249 admin optional facter_1.5.7-1ubuntu1.2.dsc 7a71dd270bc3b038b8fe9782fa38ccbb 6070 admin optional facter_1.5.7-1ubuntu1.2.diff.gz Original-Maintainer: Puppet Package Maintainers From stefanor at ubuntu.com Mon Oct 31 20:39:17 2011 From: stefanor at ubuntu.com (Stefano Rivera) Date: Mon, 31 Oct 2011 20:39:17 -0000 Subject: [ubuntu/maverick-proposed] rpy 1.0.3-14build0.1 (Accepted) Message-ID: <20111031203917.31968.60121.launchpad@chaenomeles.canonical.com> rpy (1.0.3-14build0.1) maverick-proposed; urgency=low * No-change rebuild for R 2.11.1 (LP: #883204) Date: Fri, 28 Oct 2011 21:07:03 +0200 Changed-By: Stefano Rivera Maintainer: Dirk Eddelbuettel https://launchpad.net/ubuntu/maverick/+source/rpy/1.0.3-14build0.1 -------------- next part -------------- Format: 1.8 Date: Fri, 28 Oct 2011 21:07:03 +0200 Source: rpy Binary: python-rpy python-rpy-doc Architecture: source Version: 1.0.3-14build0.1 Distribution: maverick-proposed Urgency: low Maintainer: Dirk Eddelbuettel Changed-By: Stefano Rivera Description: python-rpy - Python interface to the GNU R language and environment python-rpy-doc - Python interface to the GNU R language (documentation package) Launchpad-Bugs-Fixed: 883204 Changes: rpy (1.0.3-14build0.1) maverick-proposed; urgency=low . * No-change rebuild for R 2.11.1 (LP: #883204) Checksums-Sha1: cc9cb3a59b906cf7c6760da7d5e758e4c5699553 1877 rpy_1.0.3-14build0.1.dsc 33a8ee366dfb55931036c08bc3a64450b282d87d 51708 rpy_1.0.3-14build0.1.diff.gz Checksums-Sha256: 3d67c9b9e11fd05a9e509f60479c24d48a2af4378204100ea85a9cc7ee4ea4b0 1877 rpy_1.0.3-14build0.1.dsc 84dd0239f7fd794a9165c0a57c3da98627eda8f4f6ad86badce70d194909fc91 51708 rpy_1.0.3-14build0.1.diff.gz Files: 570a73bf6bfdb350c10bb7274ef12f3e 1877 python optional rpy_1.0.3-14build0.1.dsc 32be5db92c0b893db2beced64f265026 51708 python optional rpy_1.0.3-14build0.1.diff.gz