From sbeattie at ubuntu.com Thu Sep 1 21:04:03 2011 From: sbeattie at ubuntu.com (Steve Beattie) Date: Thu, 01 Sep 2011 21:04:03 -0000 Subject: [ubuntu/maverick-security] apache2 2.2.16-1ubuntu3.3 (Accepted) Message-ID: <20110901210403.22310.75086.launchpad@cocoplum.canonical.com> apache2 (2.2.16-1ubuntu3.3) maverick-security; urgency=low * SECURITY UPDATE: Range header DoS vulnerability - debian/patches/084_CVE-2011-3192.dpatch: filter out large byte ranges and improve memory efficiency in handling buckets. (thanks to Debian and upstream) - CVE-2011-3192 * Include fix for regressions introduced by above patch: - debian/patches/085_CVE-2011-3192_regression.dpatch: return 206 and 416 response codes where appropriate (see deban bug 639825) Date: Thu, 01 Sep 2011 01:51:58 -0700 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/apache2/2.2.16-1ubuntu3.3 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Sep 2011 01:51:58 -0700 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source Version: 2.2.16-1ubuntu3.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.16-1ubuntu3.3) maverick-security; urgency=low . * SECURITY UPDATE: Range header DoS vulnerability - debian/patches/084_CVE-2011-3192.dpatch: filter out large byte ranges and improve memory efficiency in handling buckets. (thanks to Debian and upstream) - CVE-2011-3192 * Include fix for regressions introduced by above patch: - debian/patches/085_CVE-2011-3192_regression.dpatch: return 206 and 416 response codes where appropriate (see deban bug 639825) Checksums-Sha1: 5a4526e2e8da69e553ebb420ed81d940981cb08c 2686 apache2_2.2.16-1ubuntu3.3.dsc f68708cbeb744270b7addb3ccc6ac963eb8106bc 217927 apache2_2.2.16-1ubuntu3.3.diff.gz Checksums-Sha256: 86df3eff14cbcc140087a574c04f97722bd390fb647092cac7ba22a2b6ed3cbd 2686 apache2_2.2.16-1ubuntu3.3.dsc 08d37fd9276cbc56e474b4978c7e84417c45b31c769faa9cf749ea078b679226 217927 apache2_2.2.16-1ubuntu3.3.diff.gz Files: c1b60c31074e05576a67a552b637d166 2686 httpd optional apache2_2.2.16-1ubuntu3.3.dsc ad74f68290d769babbda3e26955685ae 217927 httpd optional apache2_2.2.16-1ubuntu3.3.diff.gz Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2 From barygin at gmail.com Tue Sep 6 16:35:28 2011 From: barygin at gmail.com (Ilya Barygin) Date: Tue, 06 Sep 2011 16:35:28 -0000 Subject: [ubuntu/maverick-proposed] prefixsuffix 0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1 (Accepted) Message-ID: <20110906163528.17699.7449.launchpad@gac.canonical.com> prefixsuffix (0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1) maverick-proposed; urgency=low * Update dependencies of package from bakery-2.4 to bakery-2.6 and gnome-vfsmm-2.6. This makes the package installable (LP: #689044). - affected files: dependencies.patch, debian/control Date: Thu, 01 Sep 2011 21:24:35 +0400 Changed-By: Ilya Barygin Maintainer: Daniel Holbach https://launchpad.net/ubuntu/maverick/+source/prefixsuffix/0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Sep 2011 21:24:35 +0400 Source: prefixsuffix Binary: prefixsuffix Architecture: source Version: 0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Daniel Holbach Changed-By: Ilya Barygin Description: prefixsuffix - gui application that renames batches of files Launchpad-Bugs-Fixed: 689044 Changes: prefixsuffix (0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1) maverick-proposed; urgency=low . * Update dependencies of package from bakery-2.4 to bakery-2.6 and gnome-vfsmm-2.6. This makes the package installable (LP: #689044). - affected files: dependencies.patch, debian/control Checksums-Sha1: bf54fd408ea8f9aa36da29916465158f5b2a63c3 1544 prefixsuffix_0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1.dsc fb7759d3f8db43030504498b2ef3e212a33ee79f 4545 prefixsuffix_0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1.diff.gz Checksums-Sha256: 9b6a65aa57fd6ba999db890bc7ff1a373e92dc32d3e505cd78758acec48d765f 1544 prefixsuffix_0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1.dsc 86ad6692e8d7b40f840592030d3e861b9cc872c07dc4e57693af38717c98e38f 4545 prefixsuffix_0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1.diff.gz Files: 1c48935874634d7c9b6300d35e3bac1d 1544 gnome optional prefixsuffix_0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1.dsc 93efff8be59b587e966949ae2b4b7885 4545 gnome optional prefixsuffix_0.5.0+cvs.2005.06.18-0ubuntu10.10.10.1.diff.gz From kirkland at ubuntu.com Tue Sep 6 16:47:13 2011 From: kirkland at ubuntu.com (Dustin Kirkland) Date: Tue, 06 Sep 2011 16:47:13 -0000 Subject: [ubuntu/maverick-proposed] ecryptfs-utils 83-0ubuntu3.2.10.10.3 (Accepted) Message-ID: <20110906164713.7054.37552.launchpad@gac.canonical.com> ecryptfs-utils (83-0ubuntu3.2.10.10.3) maverick-proposed; urgency=low * src/libecryptfs/key_management.c: LP: #725862 - fix nasty bug affecting users who do *not* encrypt filenames; the first login works, but on logout, only one key gets cleaned out; subsequent logins do not insert the necessary key due to an early "goto out" Date: Fri, 02 Sep 2011 17:46:45 -0500 Changed-By: Dustin Kirkland Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.3 -------------- next part -------------- Format: 1.8 Date: Fri, 02 Sep 2011 17:46:45 -0500 Source: ecryptfs-utils Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev Architecture: source Version: 83-0ubuntu3.2.10.10.3 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Dustin Kirkland Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) Launchpad-Bugs-Fixed: 725862 Changes: ecryptfs-utils (83-0ubuntu3.2.10.10.3) maverick-proposed; urgency=low . * src/libecryptfs/key_management.c: LP: #725862 - fix nasty bug affecting users who do *not* encrypt filenames; the first login works, but on logout, only one key gets cleaned out; subsequent logins do not insert the necessary key due to an early "goto out" Checksums-Sha1: 892ec4e6c20bd94e38573b5dadd16832bb1afbad 2227 ecryptfs-utils_83-0ubuntu3.2.10.10.3.dsc ab82032679c60bfc702dc339b2c9d506ace0dc34 548235 ecryptfs-utils_83.orig.tar.gz d2eb835c65745f1638fc5806386242c930b025ff 20198 ecryptfs-utils_83-0ubuntu3.2.10.10.3.diff.gz Checksums-Sha256: ad9fed825699692008f907f05100538fda75256b92fc96ce8a95caae9fa38741 2227 ecryptfs-utils_83-0ubuntu3.2.10.10.3.dsc ede721fa2dba9cb3dadf89e5a21c555be35fa031abd841073fcc6f92e3b29dee 548235 ecryptfs-utils_83.orig.tar.gz ce408b078ed67a8ac5cdecb95ae0d4b054e77492f7d0380e42148b3f36dde91d 20198 ecryptfs-utils_83-0ubuntu3.2.10.10.3.diff.gz Files: 835d884cc80ba9db9ff1fe77b4e16dfa 2227 misc optional ecryptfs-utils_83-0ubuntu3.2.10.10.3.dsc 1c97d96437d62921744647d4157a8f3e 548235 misc optional ecryptfs-utils_83.orig.tar.gz 420879a9496a60e3f16e3ad23502d88e 20198 misc optional ecryptfs-utils_83-0ubuntu3.2.10.10.3.diff.gz Original-Maintainer: Daniel Baumann From jtaylor.debian at googlemail.com Fri Sep 9 03:03:25 2011 From: jtaylor.debian at googlemail.com (Julian Taylor) Date: Fri, 09 Sep 2011 03:03:25 -0000 Subject: [ubuntu/maverick-security] bcfg2 0.9.6-0ubuntu2.1.10.10.1 (Accepted) Message-ID: <20110909030325.15425.99337.launchpad@cocoplum.canonical.com> bcfg2 (0.9.6-0ubuntu2.1.10.10.1) maverick-security; urgency=high * SECURITY UPDATE: missing input sanitization allowing execution of arbitrary commands (LP: #844743) - backported from upstream by Chris St. Pierre - https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1 - CVE-2011-3211 Date: Thu, 08 Sep 2011 15:17:00 +0200 Changed-By: Julian Taylor Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/bcfg2/0.9.6-0ubuntu2.1.10.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 08 Sep 2011 15:17:00 +0200 Source: bcfg2 Binary: bcfg2 bcfg2-server Architecture: source Version: 0.9.6-0ubuntu2.1.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Julian Taylor Description: bcfg2 - Configuration management client bcfg2-server - Configuration management server Launchpad-Bugs-Fixed: 844743 Changes: bcfg2 (0.9.6-0ubuntu2.1.10.10.1) maverick-security; urgency=high . * SECURITY UPDATE: missing input sanitization allowing execution of arbitrary commands (LP: #844743) - backported from upstream by Chris St. Pierre - https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1 - CVE-2011-3211 Checksums-Sha1: d274cef697829ea02720e53ef8c5c3cc5650d7c2 1866 bcfg2_0.9.6-0ubuntu2.1.10.10.1.dsc cd5bcb06bdbe007bf26dd4baac326ebe2ac3b611 12829 bcfg2_0.9.6-0ubuntu2.1.10.10.1.diff.gz Checksums-Sha256: bee2987390214910d61250d3705f55d1a5ecc1edf783974770869abe80769249 1866 bcfg2_0.9.6-0ubuntu2.1.10.10.1.dsc cda15e6e480ee47d0d0a9b1299bed3b958958b0bee7ea7fb10cd7b3109056f44 12829 bcfg2_0.9.6-0ubuntu2.1.10.10.1.diff.gz Files: 920baa7379a5dc6e0bbf68deca1b2392 1866 admin optional bcfg2_0.9.6-0ubuntu2.1.10.10.1.dsc 1226e84fd607130887a65e35128a1e54 12829 admin optional bcfg2_0.9.6-0ubuntu2.1.10.10.1.diff.gz Original-Maintainer: Sami Haahtinen From tim.gardner at canonical.com Mon Sep 12 21:19:59 2011 From: tim.gardner at canonical.com (Tim Gardner) Date: Mon, 12 Sep 2011 21:19:59 -0000 Subject: [ubuntu/maverick-proposed] linux-firmware 1.38.9 (Accepted) Message-ID: <20110912211959.24844.80650.launchpad@chaenomeles.canonical.com> linux-firmware (1.38.9) maverick-proposed; urgency=low * Added firmware files to support compat-wireless linux-firmware: add new firmware for RTL8168E-VL linux-firmware: update firmware for RTL8111E linux-firmware: Add firmware for RTL8168/8111E linux-firmware: Add firmware for RTL8105E rtl_nic: Add firmware for RTL8111D(L) -LP: #804671 linux-firmware (1.38.8) maverick-proposed; urgency=low * Added carl9170.fw for Atheros wireless AR9170 based devices. -LP: #713987 linux-firmware (1.38.7) maverick-proposed; urgency=low * Added iwlwifi-1000-5.ucode -LP: #752829 Date: Tue, 05 Jul 2011 14:15:59 -0600 Changed-By: Tim Gardner Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/maverick/+source/linux-firmware/1.38.9 -------------- next part -------------- Format: 1.8 Date: Tue, 05 Jul 2011 14:15:59 -0600 Source: linux-firmware Binary: linux-firmware nic-firmware scsi-firmware Architecture: source Version: 1.38.9 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Tim Gardner Description: linux-firmware - Firmware for Linux kernel drivers nic-firmware - Firmware for NICs (udeb) scsi-firmware - Firmware for SCSI controllers (udeb) Launchpad-Bugs-Fixed: 713987 752829 804671 Changes: linux-firmware (1.38.9) maverick-proposed; urgency=low . * Added firmware files to support compat-wireless linux-firmware: add new firmware for RTL8168E-VL linux-firmware: update firmware for RTL8111E linux-firmware: Add firmware for RTL8168/8111E linux-firmware: Add firmware for RTL8105E rtl_nic: Add firmware for RTL8111D(L) -LP: #804671 . linux-firmware (1.38.8) maverick-proposed; urgency=low . * Added carl9170.fw for Atheros wireless AR9170 based devices. -LP: #713987 . linux-firmware (1.38.7) maverick-proposed; urgency=low . * Added iwlwifi-1000-5.ucode -LP: #752829 Checksums-Sha1: 50ec3cab910458b21dd91afe4479072fcbbff8a6 861 linux-firmware_1.38.9.dsc 6bec639008fb28bb6d7b8877cfd4638c1a512f3b 13407101 linux-firmware_1.38.9.tar.gz Checksums-Sha256: 207aba8d80ee7b15cf6c7aba4a26000215815b281c99dbe5763e628c0407d5a6 861 linux-firmware_1.38.9.dsc 514c19e3715a66e5d40b620713a2879c55c9524b1f612628d7072f61e6ac1fe0 13407101 linux-firmware_1.38.9.tar.gz Files: b56373fb56367c26d7aa332611518e7c 861 misc optional linux-firmware_1.38.9.dsc 4e39f1609c356c9e10bef7f2423eb112 13407101 misc optional linux-firmware_1.38.9.tar.gz From kees at ubuntu.com Tue Sep 13 21:03:28 2011 From: kees at ubuntu.com (Kees Cook) Date: Tue, 13 Sep 2011 21:03:28 -0000 Subject: [ubuntu/maverick-security] librsvg 2.32.0-0ubuntu1.1 (Accepted) Message-ID: <20110913210328.19352.29147.launchpad@cocoplum.canonical.com> librsvg (2.32.0-0ubuntu1.1) maverick-security; urgency=low * SECURITY UPDATE: fix arbitrary execution of fake node types. - debian/patches/store-node-type-separately.patch: add upstream fix, thanks to Christian Persch. - CVE-2011-3146 Date: Thu, 01 Sep 2011 15:44:48 -0700 Changed-By: Kees Cook Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/maverick/+source/librsvg/2.32.0-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Thu, 01 Sep 2011 15:44:48 -0700 Source: librsvg Binary: librsvg2-dev librsvg2-2 librsvg2-common librsvg2-dbg librsvg2-bin Architecture: source Version: 2.32.0-0ubuntu1.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Kees Cook Description: librsvg2-2 - SAX-based renderer library for SVG files (runtime) librsvg2-bin - command-line and graphical viewers for SVG files librsvg2-common - SAX-based renderer library for SVG files (extra runtime) librsvg2-dbg - SAX-based renderer library for SVG files (debug) librsvg2-dev - SAX-based renderer library for SVG files (development) Changes: librsvg (2.32.0-0ubuntu1.1) maverick-security; urgency=low . * SECURITY UPDATE: fix arbitrary execution of fake node types. - debian/patches/store-node-type-separately.patch: add upstream fix, thanks to Christian Persch. - CVE-2011-3146 Checksums-Sha1: 0b3f3fdfa9136a0062f527a9afece3fc6471f7a0 2604 librsvg_2.32.0-0ubuntu1.1.dsc 654f82f9ced5910280410cacdfb0001e3dfa32be 19122 librsvg_2.32.0-0ubuntu1.1.diff.gz Checksums-Sha256: 6b29cf30b05685051b23810e2e547dd314396f2166922ab139d0f3187966a2b2 2604 librsvg_2.32.0-0ubuntu1.1.dsc 8d9fb8d54b4f39baa2ae128ab9ddf61ac11da30225d8eaf59ebcff2620369559 19122 librsvg_2.32.0-0ubuntu1.1.diff.gz Files: b58ee4fa678c2756df4a67e3b32d066e 2604 libdevel optional librsvg_2.32.0-0ubuntu1.1.dsc 193f2aae0b9538c87ee7c320bc51d055 19122 libdevel optional librsvg_2.32.0-0ubuntu1.1.diff.gz Original-Maintainer: Josselin Mouette From marc.deslauriers at ubuntu.com Wed Sep 14 16:04:07 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 14 Sep 2011 16:04:07 -0000 Subject: [ubuntu/maverick-security] cups_1.4.4-6ubuntu2.4_amd64_translations.tar.gz, cups, cups_1.4.4-6ubuntu2.4_powerpc_translations.tar.gz, cups_1.4.4-6ubuntu2.4_i386_translations.tar.gz, cups_1.4.4-6ubuntu2.4_armel_translations.tar.gz 1.4.4-6ubuntu2.4 (Accepted) Message-ID: <20110914160407.31580.14588.launchpad@cocoplum.canonical.com> cups (1.4.4-6ubuntu2.4) maverick-security; urgency=low * SECURITY UPDATE: arbitrary code execution via missing code words - debian/patches/CVE-2011-2896.dpatch: improve logic in filter/image-gif.c. - CVE-2011-2896 * SECURITY UPDATE: arbitrary code execution via incorrect code word handling - debian/patches/CVE-2011-3170.dpatch: don't overflow in filter/image-gif.c. - CVE-2011-3170 Date: Mon, 12 Sep 2011 09:20:08 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/cups/1.4.4-6ubuntu2.4 -------------- next part -------------- Format: 1.8 Date: Mon, 12 Sep 2011 09:20:08 -0400 Source: cups Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsddk Architecture: source Version: 1.4.4-6ubuntu2.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities cupsddk - Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - Core library libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library libcupscgi1 - Common UNIX Printing System(tm) - CGI library libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra libcupsdriver1 - Common UNIX Printing System(tm) - Driver library libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar libcupsimage2 - Common UNIX Printing System(tm) - Raster image library libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li libcupsmime1 - Common UNIX Printing System(tm) - MIME library libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library Changes: cups (1.4.4-6ubuntu2.4) maverick-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via missing code words - debian/patches/CVE-2011-2896.dpatch: improve logic in filter/image-gif.c. - CVE-2011-2896 * SECURITY UPDATE: arbitrary code execution via incorrect code word handling - debian/patches/CVE-2011-3170.dpatch: don't overflow in filter/image-gif.c. - CVE-2011-3170 Checksums-Sha1: 29d64f8177cfd19c1960867710330fcb050579fb 2839 cups_1.4.4-6ubuntu2.4.dsc 71c07910a5f493e8a0333a154c4c44b530717ca5 495258 cups_1.4.4-6ubuntu2.4.diff.gz Checksums-Sha256: 1cfe01ed095b6e86465633b8edd2f3927e771487336cef4acadc85a9495efa31 2839 cups_1.4.4-6ubuntu2.4.dsc fc986b8c4940fad4e56550c30085ca592cb69fc5dde1879154b06afaa7928686 495258 cups_1.4.4-6ubuntu2.4.diff.gz Files: 059b4bf77e7a0f959e4e8756664b2e05 2839 net optional cups_1.4.4-6ubuntu2.4.dsc eeed1ddea2dc9876630e2a59b7eb5456 495258 net optional cups_1.4.4-6ubuntu2.4.diff.gz Original-Maintainer: Debian CUPS Maintainers From jtaylor.debian at googlemail.com Thu Sep 15 19:03:51 2011 From: jtaylor.debian at googlemail.com (Julian Taylor) Date: Thu, 15 Sep 2011 19:03:51 -0000 Subject: [ubuntu/maverick-security] tahoe-lafs 1.7.1-0ubuntu1.1 (Accepted) Message-ID: <20110915190351.6741.46088.launchpad@cocoplum.canonical.com> tahoe-lafs (1.7.1-0ubuntu1.1) maverick-security; urgency=high * SECURITY UPDATE: fix unauthorized deletion (LP: #848476) a person who knows the "storage index" that identifies an immutable file can cause the server to delete its shares of that file. - backported from upstream version 1.8.3 * http://tahoe-lafs.org/source/tahoe-lafs/snapshots/allmydata-tahoe-1.8.3.zip Date: Tue, 13 Sep 2011 22:37:02 +0200 Changed-By: Julian Taylor Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/tahoe-lafs/1.7.1-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Tue, 13 Sep 2011 22:37:02 +0200 Source: tahoe-lafs Binary: tahoe-lafs Architecture: source Version: 1.7.1-0ubuntu1.1 Distribution: maverick-security Urgency: high Maintainer: Ubuntu Developers Changed-By: Julian Taylor Description: tahoe-lafs - Secure distributed filesystem Launchpad-Bugs-Fixed: 848476 Changes: tahoe-lafs (1.7.1-0ubuntu1.1) maverick-security; urgency=high . * SECURITY UPDATE: fix unauthorized deletion (LP: #848476) a person who knows the "storage index" that identifies an immutable file can cause the server to delete its shares of that file. - backported from upstream version 1.8.3 * http://tahoe-lafs.org/source/tahoe-lafs/snapshots/allmydata-tahoe-1.8.3.zip Checksums-Sha1: efe423763aa06adcbe751e601408e367b2a3c759 1885 tahoe-lafs_1.7.1-0ubuntu1.1.dsc 3c2731e4f4c95567aa70af177378176886b55fdd 17110 tahoe-lafs_1.7.1-0ubuntu1.1.debian.tar.gz Checksums-Sha256: 5b8c94fb5b8adee7802c41681da3f18dac71d43cb3181c8f297d076496913a40 1885 tahoe-lafs_1.7.1-0ubuntu1.1.dsc 89ff0b6fff1669bcce70a81bf60e42f3f2ef3a7bd0e48d52dae8e79c9685449d 17110 tahoe-lafs_1.7.1-0ubuntu1.1.debian.tar.gz Files: 84ac158829546ee09fb0c4423f171b86 1885 utils optional tahoe-lafs_1.7.1-0ubuntu1.1.dsc 78c6f1a1672ba818b93dd7531632700c 17110 utils optional tahoe-lafs_1.7.1-0ubuntu1.1.debian.tar.gz Original-Maintainer: Brian Warner From gary.lasker at canonical.com Mon Sep 19 05:05:56 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Mon, 19 Sep 2011 05:05:56 -0000 Subject: [ubuntu/maverick-proposed] tzdata 2011j-0ubuntu0.10.10 (Accepted) Message-ID: <20110919050556.19674.81764.launchpad@gac.canonical.com> tzdata (2011j-0ubuntu0.10.10) maverick-proposed; urgency=low * New upstream release 2011j: (LP: #802778) Date: Fri, 16 Sep 2011 00:12:09 -0400 Changed-By: Gary Lasker Maintainer: GNU Libc Maintainers Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/tzdata/2011j-0ubuntu0.10.10 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Sep 2011 00:12:09 -0400 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011j-0ubuntu0.10.10 Distribution: maverick-proposed Urgency: low Maintainer: GNU Libc Maintainers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 802778 Changes: tzdata (2011j-0ubuntu0.10.10) maverick-proposed; urgency=low . * New upstream release 2011j: (LP: #802778) Checksums-Sha1: fc0f61087941686cf9f840f3429d835b21c2a6b1 1830 tzdata_2011j-0ubuntu0.10.10.dsc f0be74619b61a7a000116c33022a9256bbda4e53 198820 tzdata_2011j.orig.tar.gz 725afca1e91ee2f723f6e67462de0066760b4617 250733 tzdata_2011j-0ubuntu0.10.10.debian.tar.gz Checksums-Sha256: 861436e239c4d93b13e288161917f03ee9c428c7a3efed56e48a199a73417966 1830 tzdata_2011j-0ubuntu0.10.10.dsc 7e8540a85f1b474df1b40b403bea5748311ca7731b3038e51d6abc7f2d223c2a 198820 tzdata_2011j.orig.tar.gz 0daba025104f818b89612d765f1785985e017ae895b690fcc4874c717967b715 250733 tzdata_2011j-0ubuntu0.10.10.debian.tar.gz Files: d454414b0d5ead50eb9aa8bd63216a88 1830 libs required tzdata_2011j-0ubuntu0.10.10.dsc 30a6bebdbdd03c5bd29241c15f569d50 198820 libs required tzdata_2011j.orig.tar.gz 7a09b95dd6121452c476fdea491efbf4 250733 libs required tzdata_2011j-0ubuntu0.10.10.debian.tar.gz From marc.deslauriers at ubuntu.com Mon Sep 19 18:04:46 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 19 Sep 2011 18:04:46 -0000 Subject: [ubuntu/maverick-security] ffmpeg 4:0.6-2ubuntu6.2 (Accepted) Message-ID: <20110919180446.18243.45912.launchpad@cocoplum.canonical.com> ffmpeg (4:0.6-2ubuntu6.2) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed OGG file - debian/patches/CVE-2011-1196.patch: revalidate index when necessary in libavformat/oggdec.c. - CVE-2011-1196 * SECURITY UPDATE: denial of service and possible code execution via malformed AMV file - debian/patches/CVE-2011-1931.patch: don't change flags in libavcodec/sp5xdec.c. - CVE-2011-1931 * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Date: Fri, 16 Sep 2011 09:32:44 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ffmpeg/4:0.6-2ubuntu6.2 -------------- next part -------------- Format: 1.8 Date: Fri, 16 Sep 2011 09:32:44 -0400 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil50 libavcodec52 libavdevice52 libavformat52 libavfilter1 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: source Version: 4:0.6-2ubuntu6.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: ffmpeg - multimedia player, server and encoder ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API libavcodec-dev - development files for libavcodec libavcodec52 - ffmpeg codec library libavdevice-dev - development files for libavdevice libavdevice52 - ffmpeg device handling library libavfilter-dev - development files for libavfilter libavfilter1 - ffmpeg video filtering library libavformat-dev - development files for libavformat libavformat52 - ffmpeg file format library libavutil-dev - development files for libavutil libavutil50 - ffmpeg utility library libpostproc-dev - development files for libpostproc libpostproc51 - ffmpeg video postprocessing library libswscale-dev - development files for libswscale libswscale0 - ffmpeg video scaling library Changes: ffmpeg (4:0.6-2ubuntu6.2) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed OGG file - debian/patches/CVE-2011-1196.patch: revalidate index when necessary in libavformat/oggdec.c. - CVE-2011-1196 * SECURITY UPDATE: denial of service and possible code execution via malformed AMV file - debian/patches/CVE-2011-1931.patch: don't change flags in libavcodec/sp5xdec.c. - CVE-2011-1931 * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Checksums-Sha1: e2e42e7be619d101e4a408af12e4ff9f8c4b9275 2922 ffmpeg_0.6-2ubuntu6.2.dsc 7c57fe03467d4f0648f7e702cc8a5d7a2e94d734 99619 ffmpeg_0.6-2ubuntu6.2.diff.gz Checksums-Sha256: 0065695a101e0e3f4241e3f0c84081308c03fec47566878a28682151a98594b0 2922 ffmpeg_0.6-2ubuntu6.2.dsc 0ef3529164b9198e19017aeaed7fd61fb3815674639708af589b27b6168a4035 99619 ffmpeg_0.6-2ubuntu6.2.diff.gz Files: 41b3655af4eb922bc5dcd7f6f1dea377 2922 libs optional ffmpeg_0.6-2ubuntu6.2.dsc a1ed9c8cb84a6b63c5a0bba8440c98be 99619 libs optional ffmpeg_0.6-2ubuntu6.2.diff.gz Original-Maintainer: Debian multimedia packages maintainers From marc.deslauriers at ubuntu.com Mon Sep 19 18:05:09 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Mon, 19 Sep 2011 18:05:09 -0000 Subject: [ubuntu/maverick-security] ffmpeg-extra 4:0.6-2ubuntu3.2 (Accepted) Message-ID: <20110919180509.18243.6301.launchpad@cocoplum.canonical.com> ffmpeg-extra (4:0.6-2ubuntu3.2) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed OGG file - debian/patches/CVE-2011-1196.patch: revalidate index when necessary in libavformat/oggdec.c. - CVE-2011-1196 * SECURITY UPDATE: denial of service and possible code execution via malformed AMV file - debian/patches/CVE-2011-1931.patch: don't change flags in libavcodec/sp5xdec.c. - CVE-2011-1931 * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Date: Mon, 19 Sep 2011 09:29:46 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ffmpeg-extra/4:0.6-2ubuntu3.2 -------------- next part -------------- Format: 1.8 Date: Mon, 19 Sep 2011 09:29:46 -0400 Source: ffmpeg-extra Binary: libavutil-extra-50 libavutil-unstripped-50 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-1 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0 Architecture: source Version: 4:0.6-2ubuntu3.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libavcodec-extra-52 - ffmpeg codec library libavcodec-unstripped-52 - ffmpeg utility library - transitional package libavdevice-extra-52 - ffmpeg device handling library libavdevice-unstripped-52 - ffmpeg utility library - transitional package libavfilter-extra-1 - ffmpeg video filtering library libavformat-extra-52 - ffmpeg file format library libavformat-unstripped-52 - ffmpeg utility library - transitional package libavutil-extra-50 - ffmpeg utility library libavutil-unstripped-50 - ffmpeg utility library - transitional package libpostproc-extra-51 - ffmpeg video postprocessing library libpostproc-unstripped-51 - ffmpeg utility library - transitional package libswscale-extra-0 - ffmpeg video scaling library libswscale-unstripped-0 - ffmpeg utility library - transitional package Changes: ffmpeg-extra (4:0.6-2ubuntu3.2) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed OGG file - debian/patches/CVE-2011-1196.patch: revalidate index when necessary in libavformat/oggdec.c. - CVE-2011-1196 * SECURITY UPDATE: denial of service and possible code execution via malformed AMV file - debian/patches/CVE-2011-1931.patch: don't change flags in libavcodec/sp5xdec.c. - CVE-2011-1931 * SECURITY UPDATE: denial of service via malformed APE file - debian/patches/CVE-2011-2161.patch: make sure there are frames in libavformat/ape.c. - CVE-2011-2161 * SECURITY UPDATE: arbitrary code execution via malformed CAVS file - debian/patches/CVE-2011-3362.patch: validate values in libavcodec/cavsdec.c. - CVE-2011-3362 Checksums-Sha1: 5007d4b4c84833fc5c4f0c056f9254baad338d5a 3259 ffmpeg-extra_0.6-2ubuntu3.2.dsc 3fcf3f1590e5098b19ebc6b8de88b5686ba0a577 100698 ffmpeg-extra_0.6-2ubuntu3.2.diff.gz Checksums-Sha256: 81bc5ec6d2bc222d09bef38c57d8fb24ff7869f805e25e69aa29e635ddf902e6 3259 ffmpeg-extra_0.6-2ubuntu3.2.dsc c0c65e59933b5ea1960a58e63d841e77a74ff736868ef6ada0ae94a90115f31f 100698 ffmpeg-extra_0.6-2ubuntu3.2.diff.gz Files: 73683419a7c54c3e03e20721f4c87ddf 3259 libs optional ffmpeg-extra_0.6-2ubuntu3.2.dsc c3d1d62ddef173393a8c1ec45ac2f651 100698 libs optional ffmpeg-extra_0.6-2ubuntu3.2.diff.gz Original-Maintainer: Debian multimedia packages maintainers From stefanor at ubuntu.com Mon Sep 19 23:13:50 2011 From: stefanor at ubuntu.com (Stefano Rivera) Date: Mon, 19 Sep 2011 23:13:50 -0000 Subject: [ubuntu/maverick-proposed] ubuntu-dev-tools 0.104.1 (Accepted) Message-ID: <20110919231350.29843.63018.launchpad@wampee.canonical.com> ubuntu-dev-tools (0.104.1) maverick-proposed; urgency=low * Debian source publication records are all Published now, not pending (LP: #845487) Date: Wed, 14 Sep 2011 13:44:46 +0200 Changed-By: Stefano Rivera Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ubuntu-dev-tools/0.104.1 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Sep 2011 13:44:46 +0200 Source: ubuntu-dev-tools Binary: ubuntu-dev-tools Architecture: source Version: 0.104.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Stefano Rivera Description: ubuntu-dev-tools - useful tools for Ubuntu developers Launchpad-Bugs-Fixed: 845487 Changes: ubuntu-dev-tools (0.104.1) maverick-proposed; urgency=low . * Debian source publication records are all Published now, not pending (LP: #845487) Checksums-Sha1: 6d9638071fcc6abe16390febb5795b28aa416ef3 1827 ubuntu-dev-tools_0.104.1.dsc f7e38c4c8e8122c4979be34c51455b605bb4dd89 150608 ubuntu-dev-tools_0.104.1.tar.gz Checksums-Sha256: 1242a3c4119733ac3e3bf3537495ad39a949d01075dd0fe63902eebe96f7246d 1827 ubuntu-dev-tools_0.104.1.dsc b004bfbcf971f56102f1811148cf8f0a1426cb6fdf54e9a952748cabee6c778d 150608 ubuntu-dev-tools_0.104.1.tar.gz Files: 0e3f9c178a22e05eda26c24cbe8e7468 1827 devel optional ubuntu-dev-tools_0.104.1.dsc e6c8be8897a4b90e94f6eca706bcc114 150608 devel optional ubuntu-dev-tools_0.104.1.tar.gz From torsten at canonical.com Tue Sep 20 17:37:01 2011 From: torsten at canonical.com (Torsten Spindler (Canonical)) Date: Tue, 20 Sep 2011 17:37:01 -0000 Subject: [ubuntu/maverick-proposed] libgksu 2.0.13~pre1-1ubuntu5.1 (Accepted) Message-ID: <20110920173701.27919.28692.launchpad@gac.canonical.com> libgksu (2.0.13~pre1-1ubuntu5.1) maverick-proposed; urgency=low * debian/patches/29_check-newline.patch: - check if an empty line is really received before ignoring it (LP: #298217) Date: Wed, 14 Sep 2011 12:17:51 +0200 Changed-By: Torsten Spindler (Canonical) Maintainer: Ubuntu Core Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/libgksu/2.0.13~pre1-1ubuntu5.1 -------------- next part -------------- Format: 1.8 Date: Wed, 14 Sep 2011 12:17:51 +0200 Source: libgksu Binary: libgksu2-0 libgksu2-dev Architecture: source Version: 2.0.13~pre1-1ubuntu5.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Torsten Spindler (Canonical) Description: libgksu2-0 - library providing su and sudo functionality libgksu2-dev - library providing su and sudo functionality (development files) Launchpad-Bugs-Fixed: 298217 Changes: libgksu (2.0.13~pre1-1ubuntu5.1) maverick-proposed; urgency=low . * debian/patches/29_check-newline.patch: - check if an empty line is really received before ignoring it (LP: #298217) Checksums-Sha1: 6998d44edcf6851f50e01e295009cfd050b9b63a 2297 libgksu_2.0.13~pre1-1ubuntu5.1.dsc 55f820594c1efd78eee10e0a1b8fc5144115c721 27475 libgksu_2.0.13~pre1-1ubuntu5.1.diff.gz Checksums-Sha256: a2d38c85cde1aa648201584717d3168ec0e60bb789357e560e6b912cee0b6f4e 2297 libgksu_2.0.13~pre1-1ubuntu5.1.dsc b6b839caa9e82631d26f0fc6c66a8f0a60e401865b3a343c6f3d1a305e571b28 27475 libgksu_2.0.13~pre1-1ubuntu5.1.diff.gz Files: 2ef174ae354a25b91fcee8d44ef6012c 2297 admin optional libgksu_2.0.13~pre1-1ubuntu5.1.dsc 123b9a3c9523e2871d767a92a563b3d5 27475 admin optional libgksu_2.0.13~pre1-1ubuntu5.1.diff.gz Original-Maintainer: Gustavo Noronha Silva From andreas at canonical.com Tue Sep 20 22:41:15 2011 From: andreas at canonical.com (Andreas Hasenack) Date: Tue, 20 Sep 2011 22:41:15 -0000 Subject: [ubuntu/maverick-proposed] smart 1.3-1ubuntu0.2 (Accepted) Message-ID: <20110920224115.29843.20779.launchpad@wampee.canonical.com> smart (1.3-1ubuntu0.2) maverick-proposed; urgency=low * Handle authentication errors when using pycurl, giving a meaningful error message. (LP: #244453) Date: Sat, 10 Sep 2011 18:37:03 -0400 Changed-By: Andreas Hasenack Maintainer: Ubuntu Developers Signed-By: Chuck Short https://launchpad.net/ubuntu/maverick/+source/smart/1.3-1ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Sat, 10 Sep 2011 18:37:03 -0400 Source: smart Binary: smartpm smartpm-core python-smartpm Architecture: source Version: 1.3-1ubuntu0.2 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Andreas Hasenack Description: python-smartpm - Python library of the Smart Package Manager smartpm - An alternative package manager that works with dpkg/rpm smartpm-core - An alternative package manager that works with dpkg/rpm Launchpad-Bugs-Fixed: 244453 Changes: smart (1.3-1ubuntu0.2) maverick-proposed; urgency=low . * Handle authentication errors when using pycurl, giving a meaningful error message. (LP: #244453) Checksums-Sha1: ac76aa9ef74df28047077cbe7a8ebc5287c0bac2 1189 smart_1.3-1ubuntu0.2.dsc fb5457deb7ba3889382ed1254cb70287aec5d647 12041 smart_1.3-1ubuntu0.2.diff.gz Checksums-Sha256: 44369ac1f0250e186d9c6836f42b5fb0813f3d74b8938362f7581cfa1308c70c 1189 smart_1.3-1ubuntu0.2.dsc 088e682a9d13985947ae12db81a23e7c665c1c6f3e5bfde1beafd567aec240ff 12041 smart_1.3-1ubuntu0.2.diff.gz Files: d53babb3dd7db63403a422adb7386f86 1189 admin optional smart_1.3-1ubuntu0.2.dsc 5bf5084484b4f9fc52260c2bc736e93d 12041 admin optional smart_1.3-1ubuntu0.2.diff.gz Original-Maintainer: Michael Vogt From brian.thomason at canonical.com Wed Sep 21 19:40:20 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Wed, 21 Sep 2011 19:40:20 -0000 Subject: [ubuntu/maverick] adobe-flashplugin 10.3.183.10-0maverick1 (Accepted) Message-ID: <20110921194020.30362.64401.launchpad@cocoplum.canonical.com> adobe-flashplugin (10.3.183.10-0maverick1) maverick; urgency=low * Initial release of 10.3.183.10 for Maverick Date: Mon, 19 Sep 2011 20:05:53 -0400 Changed-By: Brian Thomason Maintainer: DL-Flash Player Ubuntu https://launchpad.net/ubuntu/maverick/+source/adobe-flashplugin/10.3.183.10-0maverick1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 19 Sep 2011 20:05:53 -0400 Source: adobe-flashplugin Binary: adobe-flashplugin adobe-flash-properties-gtk adobe-flash-properties-kde Architecture: source Version: 10.3.183.10-0maverick1 Distribution: maverick Urgency: low Maintainer: DL-Flash Player Ubuntu Changed-By: Brian Thomason Description: adobe-flash-properties-gtk - GTK+ control panel for Adobe Flash Player plugin version 10 adobe-flash-properties-kde - KDE control panel Adobe Flash Player plugin version 10 adobe-flashplugin - Adobe Flash Player plugin version 10 Changes: adobe-flashplugin (10.3.183.10-0maverick1) maverick; urgency=low . * Initial release of 10.3.183.10 for Maverick Checksums-Sha1: 2092f4f1881ec0287acb0130b5880a66c2f351a3 1267 adobe-flashplugin_10.3.183.10-0maverick1.dsc aefc1698fd6e274a5ccda7aa54765d7f8dfc379a 286 adobe-flashplugin_10.3.183.10-0maverick1.diff.gz Checksums-Sha256: 427822b1c92f7b09abed34e7b325ddff3bef7b8bbba75568d619b409be2ae0dd 1267 adobe-flashplugin_10.3.183.10-0maverick1.dsc 6068a3fe44842340954aa859f08dde6cf31c9a13ee090d1ebfa9a026833396ca 286 adobe-flashplugin_10.3.183.10-0maverick1.diff.gz Files: 0e139c3328544298f1c551ca67728acb 1267 partner/web optional adobe-flashplugin_10.3.183.10-0maverick1.dsc 70b3a2cc609759ccf6d34af19af70a06 286 partner/web optional adobe-flashplugin_10.3.183.10-0maverick1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk532QMACgkQOb4zNfJqN5eQHwCghHJFLrkNcb+BgGZWugJi5LaD PbUAniYR3bflXOx/WtR2TtoS4aj8OY3Y =zI5n -----END PGP SIGNATURE----- From marc.deslauriers at ubuntu.com Wed Sep 21 22:03:34 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 21 Sep 2011 22:03:34 -0000 Subject: [ubuntu/maverick-security] flashplugin-nonfree, flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1_i386_translations.tar.gz, flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1_amd64_translations.tar.gz 10.3.183.10ubuntu0.10.10.1 (Accepted) Message-ID: <20110921220334.28322.55891.launchpad@cocoplum.canonical.com> flashplugin-nonfree (10.3.183.10ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release 10.3.183.10 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-2426 - CVE-2011-2427 - CVE-2011-2428 - CVE-2011-2429 - CVE-2011-2430 - CVE-2011-2444 Date: Wed, 21 Sep 2011 15:53:20 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/flashplugin-nonfree/10.3.183.10ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Sep 2011 15:53:20 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.3.183.10ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.3.183.10ubuntu0.10.10.1) maverick-security; urgency=low . * New upstream release 10.3.183.10 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-2426 - CVE-2011-2427 - CVE-2011-2428 - CVE-2011-2429 - CVE-2011-2430 - CVE-2011-2444 Checksums-Sha1: fa8fef2fef15b8203f2d711c379cbdf723e03b19 1639 flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1.dsc d1b79a772994b1e82a060f299aa5640286c9cc9b 27642 flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1.tar.gz Checksums-Sha256: 5aadd0ce8d075385a785039109b4204ca955a98c61483fe542c8e05cc4211822 1639 flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1.dsc 5109647d7138adbf276191e83b9b3875160c8924bcea05ecdec9964ed6486ca0 27642 flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1.tar.gz Files: 4cb5426d21695603d183af40de2a05b8 1639 contrib/web optional flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1.dsc 4dd9521c764fc9ee4da474c2f56980bf 27642 contrib/web optional flashplugin-nonfree_10.3.183.10ubuntu0.10.10.1.tar.gz Original-Maintainer: Bart Martens From andreas at canonical.com Thu Sep 22 05:00:05 2011 From: andreas at canonical.com (Andreas Hasenack) Date: Thu, 22 Sep 2011 05:00:05 -0000 Subject: [ubuntu/maverick-proposed] landscape-client 11.07.1.1-0ubuntu0.10.10.0 (Accepted) Message-ID: <20110922050005.13583.72290.launchpad@gac.canonical.com> landscape-client (11.07.1.1-0ubuntu0.10.10.0) maverick-proposed; urgency=low * Try to load the old persist file if the current one doesn't exist or is empty (LP: #809210). * Fallback to gethostname to get something interesting out of get_fqdn. * Fix wrong ownership and permissions when the reporter is run as a result of applying a repository profile (LP: #804008). * Keep original sources.list ownership (LP: #804548). * Refactored tests (LP: #805746). * Preserve permissions of sources.list (LP: #804548). * Added a broker command line option (--record) that saves exchanges with the server to the filesystem * Detect if running in a vmware guest (LP: #795794). * Report VM type when run in the cloud (LP: #797069). * Report VM type in non-cloud registration (LP: #795752). * Report the package reporter result even in case of success, not just in case of failure (LP: #780406). * Report package reporter errors (LP: #732490). * Fix dependencies for hardy removing references to python 2.4 packages for pycurl and dbus (LP: #759764). * The landscape client now reports whether it is running on a virtual machine or not. * Add a plugin which manages APT sources.list and the associated GPG keys (LP: #758928). * Limit the number of items in a network message to 200, to prevent problems when communication is interrupted with the server and the client accumulates too many network items, thus overloading the server when it's available again (LP: #760486). * Updated version number in __init__.py so that the client reports the correct one in its user-agent string. Date: Fri, 22 Jul 2011 12:46:34 -0300 Changed-By: Andreas Hasenack Maintainer: Ubuntu Developers Signed-By: Clint Byrum https://launchpad.net/ubuntu/maverick/+source/landscape-client/11.07.1.1-0ubuntu0.10.10.0 -------------- next part -------------- Format: 1.8 Date: Fri, 22 Jul 2011 12:46:34 -0300 Source: landscape-client Binary: landscape-common landscape-client Architecture: source Version: 11.07.1.1-0ubuntu0.10.10.0 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Andreas Hasenack Description: landscape-client - The Landscape administration system client landscape-common - The Landscape administration system client Launchpad-Bugs-Fixed: 732490 758928 759764 760486 780406 795752 795794 797069 804008 804548 805746 809210 Changes: landscape-client (11.07.1.1-0ubuntu0.10.10.0) maverick-proposed; urgency=low . * Try to load the old persist file if the current one doesn't exist or is empty (LP: #809210). * Fallback to gethostname to get something interesting out of get_fqdn. * Fix wrong ownership and permissions when the reporter is run as a result of applying a repository profile (LP: #804008). * Keep original sources.list ownership (LP: #804548). * Refactored tests (LP: #805746). * Preserve permissions of sources.list (LP: #804548). * Added a broker command line option (--record) that saves exchanges with the server to the filesystem * Detect if running in a vmware guest (LP: #795794). * Report VM type when run in the cloud (LP: #797069). * Report VM type in non-cloud registration (LP: #795752). * Report the package reporter result even in case of success, not just in case of failure (LP: #780406). * Report package reporter errors (LP: #732490). * Fix dependencies for hardy removing references to python 2.4 packages for pycurl and dbus (LP: #759764). * The landscape client now reports whether it is running on a virtual machine or not. * Add a plugin which manages APT sources.list and the associated GPG keys (LP: #758928). * Limit the number of items in a network message to 200, to prevent problems when communication is interrupted with the server and the client accumulates too many network items, thus overloading the server when it's available again (LP: #760486). * Updated version number in __init__.py so that the client reports the correct one in its user-agent string. Checksums-Sha1: 3bfeaa211804826be1eb74bd40b94dc6e5b341db 1634 landscape-client_11.07.1.1-0ubuntu0.10.10.0.dsc a927ab61ed3746cd2db6c8d6e29f1387a325f43c 439964 landscape-client_11.07.1.1.orig.tar.gz c86a1924bb0220a72ac79701cfa882a2d0d3bde4 29567 landscape-client_11.07.1.1-0ubuntu0.10.10.0.diff.gz Checksums-Sha256: e114fb2ff91e512296ebec7cd6cad27c226fe23840069ea872d846305404f036 1634 landscape-client_11.07.1.1-0ubuntu0.10.10.0.dsc 7b5034acb1d2d70b05b89d0e01068cd096cf6d8e2d0c6ca86959494f7e361b83 439964 landscape-client_11.07.1.1.orig.tar.gz 93992a23daeeac0d08b53e6e1a656862c6a92a33a370f09e30b10ba7c6474560 29567 landscape-client_11.07.1.1-0ubuntu0.10.10.0.diff.gz Files: b9ffccfa1c6380ccffa36718daa149d8 1634 admin optional landscape-client_11.07.1.1-0ubuntu0.10.10.0.dsc f82d6aa56d84c501e3c865453c9b3da2 439964 admin optional landscape-client_11.07.1.1.orig.tar.gz 7a5ffb0ca3fec6f5831ee0e6aa84fccc 29567 admin optional landscape-client_11.07.1.1-0ubuntu0.10.10.0.diff.gz Original-Maintainer: Landscape Team From clint at ubuntu.com Thu Sep 22 05:01:07 2011 From: clint at ubuntu.com (Clint Byrum) Date: Thu, 22 Sep 2011 05:01:07 -0000 Subject: [ubuntu/maverick-proposed] lxc 0.7.2-1ubuntu1 (Accepted) Message-ID: <20110922050107.15538.31549.launchpad@chaenomeles.canonical.com> lxc (0.7.2-1ubuntu1) maverick-proposed; urgency=low [ Serge Hallyn ] * debian/rules: add -r (--no-restart-on-upgrade) to DEB_DH_INSTALLINIT_ARGS to prevent upgrading lxc from forcing lxc autostart containers to stop and restart. (LP: #753308) * debian/control: set ubuntu maintainer. Date: Mon, 12 Sep 2011 17:38:28 -0700 Changed-By: Clint Byrum Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/lxc/0.7.2-1ubuntu1 -------------- next part -------------- Format: 1.8 Date: Mon, 12 Sep 2011 17:38:28 -0700 Source: lxc Binary: lxc Architecture: source Version: 0.7.2-1ubuntu1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Clint Byrum Description: lxc - Linux containers userspace tools Launchpad-Bugs-Fixed: 753308 Changes: lxc (0.7.2-1ubuntu1) maverick-proposed; urgency=low . [ Serge Hallyn ] * debian/rules: add -r (--no-restart-on-upgrade) to DEB_DH_INSTALLINIT_ARGS to prevent upgrading lxc from forcing lxc autostart containers to stop and restart. (LP: #753308) * debian/control: set ubuntu maintainer. Checksums-Sha1: 17dbdc239404d6a41e5de22845ade6cf7569935b 1494 lxc_0.7.2-1ubuntu1.dsc 39d78ccb64d90a6ac2c06ab15936146afd1e3667 6896 lxc_0.7.2-1ubuntu1.debian.tar.gz Checksums-Sha256: 823397425e908c8c4ac5a906c285969cd786c62b651caccf600b726f31b8c7e0 1494 lxc_0.7.2-1ubuntu1.dsc f289420e66873ad360d81bc23e8c136b7aaa076e0f589b199c9daef99292b738 6896 lxc_0.7.2-1ubuntu1.debian.tar.gz Files: 16eee9b1823a2bdf420380be4052bc1f 1494 admin optional lxc_0.7.2-1ubuntu1.dsc 1a1c6307d909ccd1a3cf8e8b59711610 6896 admin optional lxc_0.7.2-1ubuntu1.debian.tar.gz Original-Maintainer: Guido Trotter From marc.deslauriers at ubuntu.com Thu Sep 22 15:08:05 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 22 Sep 2011 15:08:05 -0000 Subject: [ubuntu/maverick-security] gimp_2.6.10-1ubuntu3.4_powerpc_translations.tar.gz, gimp_2.6.10-1ubuntu3.4_amd64_translations.tar.gz, gimp_2.6.10-1ubuntu3.4_i386_translations.tar.gz, gimp_2.6.10-1ubuntu3.4_armel_translations.tar.gz, gimp 2.6.10-1ubuntu3.4 (Accepted) Message-ID: <20110922150805.31490.63653.launchpad@cocoplum.canonical.com> gimp (2.6.10-1ubuntu3.4) maverick-security; urgency=low * SECURITY UPDATE: possible arbitrary code execution via malformed GIF - debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in plug-ins/common/file-gif-load.c. - CVE-2011-2896 Date: Wed, 21 Sep 2011 10:04:38 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/maverick/+source/gimp/2.6.10-1ubuntu3.4 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Sep 2011 10:04:38 -0400 Source: gimp Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg Architecture: source Version: 2.6.10-1ubuntu3.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Marc Deslauriers Description: gimp - The GNU Image Manipulation Program gimp-data - Data files for GIMP gimp-dbg - Debugging symbols for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Changes: gimp (2.6.10-1ubuntu3.4) maverick-security; urgency=low . * SECURITY UPDATE: possible arbitrary code execution via malformed GIF - debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in plug-ins/common/file-gif-load.c. - CVE-2011-2896 Checksums-Sha1: f0f1b04f29ff2e62a08bc89dd72b4e2844237f6b 2790 gimp_2.6.10-1ubuntu3.4.dsc d3591dbd7d03a2290d5f1b9f2361da13a3763e11 47775 gimp_2.6.10-1ubuntu3.4.debian.tar.gz Checksums-Sha256: 789c2a19fc8b81276b41782978033d7d447a81946188f1962eb9668cb0ce6325 2790 gimp_2.6.10-1ubuntu3.4.dsc c6653184fecbeaaf665cb03362921bd167c7414fcf681a7be01872cdecadd9c3 47775 gimp_2.6.10-1ubuntu3.4.debian.tar.gz Files: bf91cc52c5040fc22f7bd7ffa1890cce 2790 graphics optional gimp_2.6.10-1ubuntu3.4.dsc 7e46bf133cf4064ae3422648b4cf5981 47775 graphics optional gimp_2.6.10-1ubuntu3.4.debian.tar.gz Original-Maintainer: Ari Pollak From marc.deslauriers at ubuntu.com Thu Sep 22 18:05:41 2011 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 22 Sep 2011 18:05:41 -0000 Subject: [ubuntu/maverick-security] apt_0.8.3ubuntu7.2_i386_translations.tar.gz, apt_0.8.3ubuntu7.2_amd64_translations.tar.gz, apt_0.8.3ubuntu7.2_powerpc_translations.tar.gz, apt_0.8.3ubuntu7.2_armel_translations.tar.gz, apt 0.8.3ubuntu7.2 (Accepted) Message-ID: <20110922180541.24284.9722.launchpad@cocoplum.canonical.com> apt (0.8.3ubuntu7.2) maverick-security; urgency=low * SECURITY UPDATE: Disable apt-key net-update for now, as validation code is insecure. (LP: #856489) - cmdline/apt-key: exit immediately out of net_update(). - CVE number pending Date: Thu, 22 Sep 2011 11:23:05 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/apt/0.8.3ubuntu7.2 -------------- next part -------------- Format: 1.8 Date: Thu, 22 Sep 2011 11:23:05 -0400 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 0.8.3ubuntu7.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Launchpad-Bugs-Fixed: 856489 Changes: apt (0.8.3ubuntu7.2) maverick-security; urgency=low . * SECURITY UPDATE: Disable apt-key net-update for now, as validation code is insecure. (LP: #856489) - cmdline/apt-key: exit immediately out of net_update(). - CVE number pending Checksums-Sha1: 317b289e492d08a9d46b19b17d518b4c44b02cd6 2037 apt_0.8.3ubuntu7.2.dsc ebe2e0d39ecfbffbbe969017c2eb11b171802e04 3144815 apt_0.8.3ubuntu7.2.tar.gz Checksums-Sha256: 917ce65512e43ce1c1e708206ff1246c3c61e75f30b338940ef206752a0b0720 2037 apt_0.8.3ubuntu7.2.dsc 8ba8dfd129390e09b1ed678e5049e561830298010bbaa39b343442980d3055cf 3144815 apt_0.8.3ubuntu7.2.tar.gz Files: 53f4d2f170054b0072c6c9ae4ee39d5a 2037 admin important apt_0.8.3ubuntu7.2.dsc 4c14e90f0bc3ade48c4ac1f5832ed718 3144815 admin important apt_0.8.3ubuntu7.2.tar.gz Original-Maintainer: APT Development Team From cjwatson at ubuntu.com Mon Sep 26 15:48:52 2011 From: cjwatson at ubuntu.com (Colin Watson) Date: Mon, 26 Sep 2011 15:48:52 -0000 Subject: [ubuntu/maverick-proposed] grub 0.97-29ubuntu60.10.10.1 (Accepted) Message-ID: <20110926154852.10140.63201.launchpad@soybean.canonical.com> grub (0.97-29ubuntu60.10.10.1) maverick-proposed; urgency=low * Backport from Debian 0.97-39 (LP: #720558): - Support for Xen style xvd[a-z] devices. Thanks Ian Campbell. (Closes: #456776) * Don't use UUIDs for expressing xvd* devices as GRUB drives, as PV-GRUB can't handle it. Date: Fri, 23 Sep 2011 22:36:41 +0100 Changed-By: Colin Watson Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/maverick/+source/grub/0.97-29ubuntu60.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 23 Sep 2011 22:36:41 +0100 Source: grub Binary: grub grub-disk grub-doc grub-legacy-doc multiboot-doc Architecture: source Version: 0.97-29ubuntu60.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Colin Watson Description: grub - GRand Unified Bootloader (Legacy version) grub-disk - GRUB bootable disk image (dummy package) grub-doc - Documentation for GRand Unified Bootloader (dummy package) grub-legacy-doc - Documentation for GRUB Legacy multiboot-doc - The Multiboot specification Closes: 456776 Launchpad-Bugs-Fixed: 720558 Changes: grub (0.97-29ubuntu60.10.10.1) maverick-proposed; urgency=low . * Backport from Debian 0.97-39 (LP: #720558): - Support for Xen style xvd[a-z] devices. Thanks Ian Campbell. (Closes: #456776) * Don't use UUIDs for expressing xvd* devices as GRUB drives, as PV-GRUB can't handle it. Checksums-Sha1: 24119f9c6e3076c90c5f47d1de1356df0ac6ad75 2267 grub_0.97-29ubuntu60.10.10.1.dsc a0da985f94fcf741c61ba24e0bd866e1d4cc032c 148414 grub_0.97-29ubuntu60.10.10.1.diff.gz Checksums-Sha256: d5c73947a20ce9ecf09703cccf5b8b635eab20f4871d9d1c6387fd1a8f3b8002 2267 grub_0.97-29ubuntu60.10.10.1.dsc 87a2c03783aab1361d3ac83a3fde86051b6548b902ed1a1392f45757f2f98178 148414 grub_0.97-29ubuntu60.10.10.1.diff.gz Files: 8fd6897bb6fa364ee4957bf7ad892fa8 2267 admin optional grub_0.97-29ubuntu60.10.10.1.dsc a3c4fbc3e2df5dfce3507fe26bb0a7fa 148414 admin optional grub_0.97-29ubuntu60.10.10.1.diff.gz Original-Maintainer: Grub Maintainers From cjwatson at ubuntu.com Wed Sep 28 05:09:33 2011 From: cjwatson at ubuntu.com (Colin Watson) Date: Wed, 28 Sep 2011 05:09:33 -0000 Subject: [ubuntu/maverick-proposed] grub 0.97-29ubuntu60.10.10.2 (Accepted) Message-ID: <20110928050933.29955.26630.launchpad@gac.canonical.com> grub (0.97-29ubuntu60.10.10.2) maverick-proposed; urgency=low * Work around LP #684875: detect /dev/sd* devices with major number 202, which are really /dev/xvd* devices in disguise, and don't use UUIDs for expressing them as GRUB drives either (LP: #720558). Date: Wed, 28 Sep 2011 00:58:01 +0100 Changed-By: Colin Watson Maintainer: Ubuntu Kernel Team https://launchpad.net/ubuntu/maverick/+source/grub/0.97-29ubuntu60.10.10.2 -------------- next part -------------- Format: 1.8 Date: Wed, 28 Sep 2011 00:58:01 +0100 Source: grub Binary: grub grub-disk grub-doc grub-legacy-doc multiboot-doc Architecture: source Version: 0.97-29ubuntu60.10.10.2 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Kernel Team Changed-By: Colin Watson Description: grub - GRand Unified Bootloader (Legacy version) grub-disk - GRUB bootable disk image (dummy package) grub-doc - Documentation for GRand Unified Bootloader (dummy package) grub-legacy-doc - Documentation for GRUB Legacy multiboot-doc - The Multiboot specification Launchpad-Bugs-Fixed: 720558 Changes: grub (0.97-29ubuntu60.10.10.2) maverick-proposed; urgency=low . * Work around LP #684875: detect /dev/sd* devices with major number 202, which are really /dev/xvd* devices in disguise, and don't use UUIDs for expressing them as GRUB drives either (LP: #720558). Checksums-Sha1: 1ee2d61d464b57ff70753add95bdccbf6d254898 2267 grub_0.97-29ubuntu60.10.10.2.dsc d8fd393c97a3b335eb3bcba2ff7fece811f7349e 148639 grub_0.97-29ubuntu60.10.10.2.diff.gz Checksums-Sha256: cc302425d155a73d0dd187ecab7e1f9bd1701a2e57b53aa11abad75a18e9f5d8 2267 grub_0.97-29ubuntu60.10.10.2.dsc 7659cfd0f6199fd86b45341694c2eaadb8765c066beb7cac8a1496d959e4ccd4 148639 grub_0.97-29ubuntu60.10.10.2.diff.gz Files: bbfdd46fb6c94ddbf5126566993d9be9 2267 admin optional grub_0.97-29ubuntu60.10.10.2.dsc c01d89d95e85e21deed07da72c2b433c 148639 admin optional grub_0.97-29ubuntu60.10.10.2.diff.gz Original-Maintainer: Grub Maintainers From jamie at ubuntu.com Thu Sep 29 02:03:41 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 29 Sep 2011 02:03:41 -0000 Subject: [ubuntu/maverick-security] puppet 2.6.1-0ubuntu2.1 (Accepted) Message-ID: <20110929020341.9048.43780.launchpad@cocoplum.canonical.com> puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. - CVE-2011-3848 - LP: #861182 Date: Wed, 28 Sep 2011 08:28:21 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/puppet/2.6.1-0ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Wed, 28 Sep 2011 08:28:21 -0500 Source: puppet Binary: puppet puppetmaster-common puppetmaster puppetmaster-passenger puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source Version: 2.6.1-0ubuntu2.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: puppet - Centralized configuration management - agent startup and compatib puppet-common - Centralized configuration management puppet-el - syntax highlighting for puppet manifests in emacs puppet-testsuite - Centralized configuration management - test suite puppetmaster - Centralized configuration management - master startup and compati puppetmaster-common - Puppet master common scripts puppetmaster-passenger - Centralised configuration management - master setup to run under vim-puppet - syntax highlighting for puppet manifests in vim Launchpad-Bugs-Fixed: 861182 Changes: puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low . * SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. - CVE-2011-3848 - LP: #861182 Checksums-Sha1: 4c64ee088dec53ae96b44516dff4004d872d9ba1 2296 puppet_2.6.1-0ubuntu2.1.dsc 77b7e9a140df03293551d09e4d0d883c49b50001 35731 puppet_2.6.1-0ubuntu2.1.debian.tar.gz Checksums-Sha256: 7e238348ccec9b8bfdbfdaf5d873297cd4e6fb78c471e52d63daee11bd08454e 2296 puppet_2.6.1-0ubuntu2.1.dsc e4488c90a43d012c1248abc463ff27c72efe74923d2be9d0dc3f72023774ce61 35731 puppet_2.6.1-0ubuntu2.1.debian.tar.gz Files: 0f86fe37e73166680a06887770e2cd8b 2296 admin optional puppet_2.6.1-0ubuntu2.1.dsc 531ee37678f8ab566da95b9f1e4f7c4e 35731 admin optional puppet_2.6.1-0ubuntu2.1.debian.tar.gz Original-Maintainer: Puppet Package Maintainers From tyhicks at canonical.com Thu Sep 29 22:03:45 2011 From: tyhicks at canonical.com (Tyler Hicks) Date: Thu, 29 Sep 2011 22:03:45 -0000 Subject: [ubuntu/maverick-security] mutt_1.5.20-9ubuntu2.1_armel_translations.tar.gz, mutt_1.5.20-9ubuntu2.1_i386_translations.tar.gz, mutt_1.5.20-9ubuntu2.1_amd64_translations.tar.gz, mutt, mutt_1.5.20-9ubuntu2.1_powerpc_translations.tar.gz 1.5.20-9ubuntu2.1 (Accepted) Message-ID: <20110929220345.22400.4271.launchpad@cocoplum.canonical.com> mutt (1.5.20-9ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: Failure to verify that a server's hostname matches the Common Name listed in a certificate when setting up a TLS connection. - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate. - CVE-2011-1429 Date: Thu, 22 Sep 2011 00:34:19 -0500 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/mutt/1.5.20-9ubuntu2.1 -------------- next part -------------- Format: 1.8 Date: Thu, 22 Sep 2011 00:34:19 -0500 Source: mutt Binary: mutt mutt-patched mutt-dbg Architecture: source Version: 1.5.20-9ubuntu2.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: mutt - text-based mailreader supporting MIME, GPG, PGP and threading mutt-dbg - debugging symbols for mutt mutt-patched - the Mutt Mail User Agent with extra patches Changes: mutt (1.5.20-9ubuntu2.1) maverick-security; urgency=low . * SECURITY UPDATE: Failure to verify that a server's hostname matches the Common Name listed in a certificate when setting up a TLS connection. - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate. - CVE-2011-1429 Checksums-Sha1: 4c55cc65e4903210d3280f88c18733058cea34f9 2113 mutt_1.5.20-9ubuntu2.1.dsc 348916e26dcdb19fcb4992550436349878d939bd 170090 mutt_1.5.20-9ubuntu2.1.diff.gz Checksums-Sha256: d681de0e251d66ac2e0c7fe73f04ec922a47dc7a908c1bc1848476fb35a4de5d 2113 mutt_1.5.20-9ubuntu2.1.dsc 66753c2a625322f0594f9097cc24b0e8c5496483542ca0aed6dd686f3bbce837 170090 mutt_1.5.20-9ubuntu2.1.diff.gz Files: 60410da770f22cda33d67cfe999ac63d 2113 mail standard mutt_1.5.20-9ubuntu2.1.dsc 80624825aee67cfcbb20c8df7c0dc1b0 170090 mail standard mutt_1.5.20-9ubuntu2.1.diff.gz Original-Maintainer: Antonio Radici From john.lenton at canonical.com Fri Sep 30 21:39:58 2011 From: john.lenton at canonical.com (John Lenton) Date: Fri, 30 Sep 2011 21:39:58 -0000 Subject: [ubuntu/maverick-proposed] desktopcouch 0.6.9b-0ubuntu1.1 (Accepted) Message-ID: <20110930213958.7922.4045.launchpad@gac.canonical.com> desktopcouch (0.6.9b-0ubuntu1.1) maverick-proposed; urgency=low * Preserve Ubuntu One service through longer replication period, 10 minutes changed to 60 minutes. (LP: #834857) Date: Wed, 28 Sep 2011 07:41:44 +0200 Changed-By: John Lenton Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/desktopcouch/0.6.9b-0ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Wed, 28 Sep 2011 07:41:44 +0200 Source: desktopcouch Binary: desktopcouch desktopcouch-tools python-desktopcouch python-desktopcouch-records Architecture: source Version: 0.6.9b-0ubuntu1.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: John Lenton Description: desktopcouch - A Desktop CouchDB instance desktopcouch-tools - Desktop CouchDB tools python-desktopcouch - Transitional package, Python Desktop CouchDB python-desktopcouch-records - Transitional package, desktop CouchDB Records API Launchpad-Bugs-Fixed: 834857 Changes: desktopcouch (0.6.9b-0ubuntu1.1) maverick-proposed; urgency=low . * Preserve Ubuntu One service through longer replication period, 10 minutes changed to 60 minutes. (LP: #834857) Checksums-Sha1: 426468afc526cc89c90064bad38672b1bf39faae 2122 desktopcouch_0.6.9b-0ubuntu1.1.dsc f94146bc6654c7e9a563cb4a0a52b19de08fcfa5 8122 desktopcouch_0.6.9b-0ubuntu1.1.diff.gz Checksums-Sha256: 9ebe837d0a0f047fee39a8b94ab254863c534d066ea7d1b463a888382edc5564 2122 desktopcouch_0.6.9b-0ubuntu1.1.dsc fdc8cb63edd2003feba6d8e60ba523412b703a8feb2b6c517c223f341c15d032 8122 desktopcouch_0.6.9b-0ubuntu1.1.diff.gz Files: 51524379382286f64269b32c15bb9525 2122 python optional desktopcouch_0.6.9b-0ubuntu1.1.dsc 7b3fba0753451bc625794bdef6645898 8122 python optional desktopcouch_0.6.9b-0ubuntu1.1.diff.gz From james.page at ubuntu.com Fri Sep 30 21:46:11 2011 From: james.page at ubuntu.com (James Page) Date: Fri, 30 Sep 2011 21:46:11 -0000 Subject: [ubuntu/maverick-proposed] eucalyptus 2.0+bzr1241-0ubuntu4.3 (Accepted) Message-ID: <20110930214611.26974.96548.launchpad@wampee.canonical.com> eucalyptus (2.0+bzr1241-0ubuntu4.3) maverick-proposed; urgency=low * d/patches/28-clock_drift.patch: Resolve issue with rampart blocking communication between CC and NC when time is fractionally in the future (LP: #854946). Date: Mon, 26 Sep 2011 09:41:53 +0100 Changed-By: James Page Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/eucalyptus/2.0+bzr1241-0ubuntu4.3 -------------- next part -------------- Format: 1.8 Date: Mon, 26 Sep 2011 09:41:53 +0100 Source: eucalyptus Binary: eucalyptus-common eucalyptus-sc eucalyptus-cloud eucalyptus-walrus eucalyptus-java-common eucalyptus-cc eucalyptus-nc eucalyptus-gl uec-component-listener eucalyptus-udeb Architecture: source Version: 2.0+bzr1241-0ubuntu4.3 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: James Page Description: eucalyptus-cc - Elastic Utility Computing Architecture - Cluster controller eucalyptus-cloud - Elastic Utility Computing Architecture - Cloud controller eucalyptus-common - Elastic Utility Computing Architecture - Common files eucalyptus-gl - Elastic Utility Computing Architecture - Logging service eucalyptus-java-common - Elastic Utility Computing Architecture - Common Java package eucalyptus-nc - Elastic Utility Computing Architecture - Node controller eucalyptus-sc - Elastic Utility Computing Architecture - Storage controller eucalyptus-udeb - Elastic Utility Computing Architecture - installer integration (udeb) eucalyptus-walrus - Elastic Utility Computing Architecture - Walrus (S3) uec-component-listener - Ubuntu Enterprise Cloud - Component listener Launchpad-Bugs-Fixed: 854946 Changes: eucalyptus (2.0+bzr1241-0ubuntu4.3) maverick-proposed; urgency=low . * d/patches/28-clock_drift.patch: Resolve issue with rampart blocking communication between CC and NC when time is fractionally in the future (LP: #854946). Checksums-Sha1: 1664a5d807d9013fb721f57e486f91632b151f3b 3092 eucalyptus_2.0+bzr1241-0ubuntu4.3.dsc 8147746f1a82f2667d7c57417dbd86f31c03e6ac 1097938 eucalyptus_2.0+bzr1241-0ubuntu4.3.debian.tar.gz Checksums-Sha256: 12ea3af1ca13740e15593e3efcc50331c3f76030644d527a3d46f2e9148ac0c2 3092 eucalyptus_2.0+bzr1241-0ubuntu4.3.dsc a369a722612285b3a2f3550d7cee68347a3e058b0e8117b2c1825b85c04571ba 1097938 eucalyptus_2.0+bzr1241-0ubuntu4.3.debian.tar.gz Files: 3b2e5798b046885efdb1dbb5b536b2b8 3092 admin extra eucalyptus_2.0+bzr1241-0ubuntu4.3.dsc 8ec0559c82a4106d17593548a35a26d8 1097938 admin extra eucalyptus_2.0+bzr1241-0ubuntu4.3.debian.tar.gz From jamie at ubuntu.com Fri Sep 30 23:03:26 2011 From: jamie at ubuntu.com (Jamie Strandboge) Date: Fri, 30 Sep 2011 23:03:26 -0000 Subject: [ubuntu/maverick-security] puppet 2.6.1-0ubuntu2.2 (Accepted) Message-ID: <20110930230326.10804.37959.launchpad@cocoplum.canonical.com> puppet (2.6.1-0ubuntu2.2) maverick-security; urgency=low * SECURITY UPDATE: k5login can overwrite arbitrary files as root - debian/patches/CVE-2011-3869.patch: adjust type/k5login.rb to securely open the file before writing to it as root - CVE-2011-3869 * SECURITY UPDATE: didn't drop privileges before creating and changing permissions on SSH keys - debian/patches/CVE-2011-3870.patch: adjust ssh_authorized_key/parsed.rb to drop privileges before creating the ssh directory and setting permissions - CVE-2011-3870 * SECURITY UPDATE: fix predictable temporary filename in ralsh - debian/patches/CVE-2011-3871.patch: adjust application/resource.rb to use an unpredictable filename - CVE-2011-3871 * SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848 - secure-indirector-file-backed-terminus-base-cla.patch: Since the indirector file backed terminus base class is only used by the test suite, remove it and update test cases to use a continuing class. Date: Fri, 30 Sep 2011 09:04:20 -0500 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/puppet/2.6.1-0ubuntu2.2 -------------- next part -------------- Format: 1.8 Date: Fri, 30 Sep 2011 09:04:20 -0500 Source: puppet Binary: puppet puppetmaster-common puppetmaster puppetmaster-passenger puppet-common vim-puppet puppet-el puppet-testsuite Architecture: source Version: 2.6.1-0ubuntu2.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: puppet - Centralized configuration management - agent startup and compatib puppet-common - Centralized configuration management puppet-el - syntax highlighting for puppet manifests in emacs puppet-testsuite - Centralized configuration management - test suite puppetmaster - Centralized configuration management - master startup and compati puppetmaster-common - Puppet master common scripts puppetmaster-passenger - Centralised configuration management - master setup to run under vim-puppet - syntax highlighting for puppet manifests in vim Changes: puppet (2.6.1-0ubuntu2.2) maverick-security; urgency=low . * SECURITY UPDATE: k5login can overwrite arbitrary files as root - debian/patches/CVE-2011-3869.patch: adjust type/k5login.rb to securely open the file before writing to it as root - CVE-2011-3869 * SECURITY UPDATE: didn't drop privileges before creating and changing permissions on SSH keys - debian/patches/CVE-2011-3870.patch: adjust ssh_authorized_key/parsed.rb to drop privileges before creating the ssh directory and setting permissions - CVE-2011-3870 * SECURITY UPDATE: fix predictable temporary filename in ralsh - debian/patches/CVE-2011-3871.patch: adjust application/resource.rb to use an unpredictable filename - CVE-2011-3871 * SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848 - secure-indirector-file-backed-terminus-base-cla.patch: Since the indirector file backed terminus base class is only used by the test suite, remove it and update test cases to use a continuing class. Checksums-Sha1: b1565150c6fe5d839f3c6d6eadf0a083c934304a 2296 puppet_2.6.1-0ubuntu2.2.dsc 29922084667b42f396d1c5583eb644cd10ea5538 41769 puppet_2.6.1-0ubuntu2.2.debian.tar.gz Checksums-Sha256: ca24eb2029d91d490a06c67aa78914c7e05620bd5870ed6d779f8005cb003703 2296 puppet_2.6.1-0ubuntu2.2.dsc f3f089169e810316cfe92b0f7adb9029a0c111eb6e023450d9a832c0f3136bc0 41769 puppet_2.6.1-0ubuntu2.2.debian.tar.gz Files: 17863c8519c1a7ff5a1f560d41bee91f 2296 admin optional puppet_2.6.1-0ubuntu2.2.dsc 12a81c36eb830f7c6de3e65e24c315ff 41769 admin optional puppet_2.6.1-0ubuntu2.2.debian.tar.gz Original-Maintainer: Puppet Package Maintainers