From marc.deslauriers at ubuntu.com Wed Apr 4 21:03:39 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 04 Apr 2012 21:03:39 -0000 Subject: [ubuntu/maverick-security] tiff 3.9.4-2ubuntu0.5 (Accepted) Message-ID: <20120404210339.22395.2021.launchpad@cocoplum.canonical.com> tiff (3.9.4-2ubuntu0.5) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via tiffdump - debian/patches/CVE-2010-4665.patch: prevent integer overflow in tools/tiffdump.c. - CVE-2010-4665 * SECURITY UPDATE: arbitrary code execution via size overflow - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h. - CVE-2012-1173 Date: Mon, 02 Apr 2012 11:01:42 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/tiff/3.9.4-2ubuntu0.5 -------------- next part -------------- Format: 1.8 Date: Mon, 02 Apr 2012 11:01:42 -0400 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.9.4-2ubuntu0.5 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.9.4-2ubuntu0.5) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via tiffdump - debian/patches/CVE-2010-4665.patch: prevent integer overflow in tools/tiffdump.c. - CVE-2010-4665 * SECURITY UPDATE: arbitrary code execution via size overflow - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h. - CVE-2012-1173 Checksums-Sha1: 469f502b5e7f54a9b3f4cfd4bc5e54b1cfec66bf 1953 tiff_3.9.4-2ubuntu0.5.dsc bf953b4809b899f5e6ac31f7fc8d9d7381bd11b2 20765 tiff_3.9.4-2ubuntu0.5.debian.tar.gz Checksums-Sha256: b8886bf03a5509274bf1bedb6eef20e0ee0c24ed7c06cb658d69bbc4b0c8361b 1953 tiff_3.9.4-2ubuntu0.5.dsc 3a504ccc8e3ca98fa11b72fec1277a7581bf9f5dec75e0feee32169258b14885 20765 tiff_3.9.4-2ubuntu0.5.debian.tar.gz Files: 3afb008f1a9cdfd2524d32f6cc25f721 1953 libs optional tiff_3.9.4-2ubuntu0.5.dsc 7b12e38c20c7e7130aed6ca3a8c44edc 20765 libs optional tiff_3.9.4-2ubuntu0.5.debian.tar.gz Original-Maintainer: Jay Berkenbilt From marc.deslauriers at ubuntu.com Thu Apr 5 18:03:43 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 05 Apr 2012 18:03:43 -0000 Subject: [ubuntu/maverick-security] libpng 1.2.44-1ubuntu0.4 (Accepted) Message-ID: <20120405180343.15178.8839.launchpad@cocoplum.canonical.com> libpng (1.2.44-1ubuntu0.4) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via memory corruption issue. - debian/patches/CVE-2011-3048.patch: correctly restore to previous condition in pngset.c. - CVE-2011-3048 Date: Thu, 05 Apr 2012 08:41:07 -0400 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libpng/1.2.44-1ubuntu0.4 -------------- next part -------------- Format: 1.8 Date: Thu, 05 Apr 2012 08:41:07 -0400 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source Version: 1.2.44-1ubuntu0.4 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Changes: libpng (1.2.44-1ubuntu0.4) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via memory corruption issue. - debian/patches/CVE-2011-3048.patch: correctly restore to previous condition in pngset.c. - CVE-2011-3048 Checksums-Sha1: bc63e72f35e5fab14ab66c263333bab135b962a2 1939 libpng_1.2.44-1ubuntu0.4.dsc 9c08dbc567708fb5288c54220443bf45aec0a789 17971 libpng_1.2.44-1ubuntu0.4.debian.tar.bz2 Checksums-Sha256: 49973a54ff8a586d4ec0ab279973272716ce658aca4e8d3552e78c2b0d1dc234 1939 libpng_1.2.44-1ubuntu0.4.dsc 78f1150b9aee24072efdc771f68d98a299b23dbea10187af06f8658d10f76482 17971 libpng_1.2.44-1ubuntu0.4.debian.tar.bz2 Files: 90cabdaf4cc1f02465866af75bcfb8b5 1939 libs optional libpng_1.2.44-1ubuntu0.4.dsc f21d0faba4d1a2ae873ffb9a91066280 17971 libs optional libpng_1.2.44-1ubuntu0.4.debian.tar.bz2 Original-Maintainer: Anibal Monsalve Salazar From tyhicks at canonical.com Thu Apr 5 22:03:57 2012 From: tyhicks at canonical.com (Tyler Hicks) Date: Thu, 05 Apr 2012 22:03:57 -0000 Subject: [ubuntu/maverick-security] gnutls26_2.8.6-1ubuntu0.1_powerpc_translations.tar.gz, gnutls26_2.8.6-1ubuntu0.1_armel_translations.tar.gz, gnutls26, gnutls26_2.8.6-1ubuntu0.1_i386_translations.tar.gz, gnutls26_2.8.6-1ubuntu0.1_amd64_translations.tar.gz 2.8.6-1ubuntu0.1 (Accepted) Message-ID: <20120405220357.18468.92498.launchpad@cocoplum.canonical.com> gnutls26 (2.8.6-1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: Denial of service in client application - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying session data. Based on upstream patch. - CVE-2011-4128 * SECURITY UPDATE: Denial of service via crafted TLS record - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 Date: Wed, 04 Apr 2012 11:13:02 -0500 Changed-By: Tyler Hicks Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/gnutls26/2.8.6-1ubuntu0.1 -------------- next part -------------- Format: 1.8 Date: Wed, 04 Apr 2012 11:13:02 -0500 Source: gnutls26 Binary: libgnutls-dev libgnutls26 libgnutls26-dbg gnutls-bin gnutls-doc guile-gnutls Architecture: source Version: 2.8.6-1ubuntu0.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Tyler Hicks Description: gnutls-bin - the GNU TLS library - commandline utilities gnutls-doc - the GNU TLS library - documentation and examples guile-gnutls - the GNU TLS library - GNU Guile bindings libgnutls-dev - the GNU TLS library - development files libgnutls26 - the GNU TLS library - runtime library libgnutls26-dbg - GNU TLS library - debugger symbols Changes: gnutls26 (2.8.6-1ubuntu0.1) maverick-security; urgency=low . * SECURITY UPDATE: Denial of service in client application - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying session data. Based on upstream patch. - CVE-2011-4128 * SECURITY UPDATE: Denial of service via crafted TLS record - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 Checksums-Sha1: 64645dd60646ecdf4406f92fced0c4f36403f77b 2372 gnutls26_2.8.6-1ubuntu0.1.dsc 758a4b836675c5ceaf239d3762016a30979931d4 20128 gnutls26_2.8.6-1ubuntu0.1.debian.tar.gz Checksums-Sha256: 3d9021c766cbbb3c173c5b8572732af47e70320386ec8477a96455c11cf8eb39 2372 gnutls26_2.8.6-1ubuntu0.1.dsc f3193759717c2409be2036e4fb74b3609a7bba2e414d216ba949bf6dd7eafd46 20128 gnutls26_2.8.6-1ubuntu0.1.debian.tar.gz Files: 5bfcf7ba20ba61b8e2c32ceea9ef3e8a 2372 libs optional gnutls26_2.8.6-1ubuntu0.1.dsc eb55315a3a6eb5f42bfe0dbe7d1f9301 20128 libs optional gnutls26_2.8.6-1ubuntu0.1.debian.tar.gz Original-Maintainer: Debian GnuTLS Maintainers From martin.pitt at ubuntu.com Tue Apr 10 07:45:30 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 10 Apr 2012 07:45:30 -0000 Subject: [ubuntu/maverick-updates] chromium-browser 18.0.1025.142~r129054-0ubuntu0.10.10.1 (Accepted) Message-ID: <20120410074530.745.8237.launchpad@ackee.canonical.com> chromium-browser (18.0.1025.142~r129054-0ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release from the Stable Channel (LP: #968901) This release fixes the following security issues: - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. * Add build dependency on libudev-dev to allow for gamepad detection; see http://code.google.com/p/chromium/issues/detail?id=79050 - update debian/control * Drop dlopen_libgnutls patch as it's been implemented upstream - drop debian/patches/dlopen_libgnutls.patch - update debian/patches/series * Start removing *.so and *.so.* from the upstream tarball creation - update debian/rules * Strip almost the entire third_party/openssl directory as it's needed only on android, but is used by the build system - update debian/rules * Use tar's --exclude-vcs flag instead of just excluding .svn - update debian/rules chromium-browser (17.0.963.83~r127885-0ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release from the Stable Channel (LP: #961831) This release fixes the following security issues: - [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. - [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. - [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. Date: 2012-04-02 08:35:47.836697+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/chromium-browser/18.0.1025.142~r129054-0ubuntu0.10.10.1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Apr 10 07:45:34 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 10 Apr 2012 07:45:34 -0000 Subject: [ubuntu/maverick-security] chromium-browser 18.0.1025.142~r129054-0ubuntu0.10.10.1 (Accepted) Message-ID: <20120410074534.745.608.launchpad@ackee.canonical.com> chromium-browser (18.0.1025.142~r129054-0ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release from the Stable Channel (LP: #968901) This release fixes the following security issues: - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. * Add build dependency on libudev-dev to allow for gamepad detection; see http://code.google.com/p/chromium/issues/detail?id=79050 - update debian/control * Drop dlopen_libgnutls patch as it's been implemented upstream - drop debian/patches/dlopen_libgnutls.patch - update debian/patches/series * Start removing *.so and *.so.* from the upstream tarball creation - update debian/rules * Strip almost the entire third_party/openssl directory as it's needed only on android, but is used by the build system - update debian/rules * Use tar's --exclude-vcs flag instead of just excluding .svn - update debian/rules chromium-browser (17.0.963.83~r127885-0ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release from the Stable Channel (LP: #961831) This release fixes the following security issues: - [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. - [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. - [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. Date: 2012-04-02 08:35:47.836697+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/chromium-browser/18.0.1025.142~r129054-0ubuntu0.10.10.1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Apr 10 09:17:30 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 10 Apr 2012 09:17:30 -0000 Subject: [ubuntu/maverick-updates] chromium-browser 18.0.1025.151~r130497-0ubuntu0.10.10.1 (Accepted) Message-ID: <20120410091730.24882.17812.launchpad@ackee.canonical.com> chromium-browser (18.0.1025.151~r130497-0ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release from the Stable Channel (LP: #977502) - black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371) - CSS not applied to element (Issue: 114667) - Regression rendering a div with background gradient and borders (Issue: 113726) - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285) - Multiple crashes (Issues: 72235, 116825 and 92998) - Pop-up dialog is at wrong position (Issue: 116045) - HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165) - SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252) This release fixes the following security issues: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). Date: 2012-04-10 00:25:38.190803+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/chromium-browser/18.0.1025.151~r130497-0ubuntu0.10.10.1 -------------- next part -------------- Sorry, changesfile not available. From martin.pitt at ubuntu.com Tue Apr 10 09:17:34 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Tue, 10 Apr 2012 09:17:34 -0000 Subject: [ubuntu/maverick-security] chromium-browser 18.0.1025.151~r130497-0ubuntu0.10.10.1 (Accepted) Message-ID: <20120410091734.24882.9446.launchpad@ackee.canonical.com> chromium-browser (18.0.1025.151~r130497-0ubuntu0.10.10.1) maverick-security; urgency=low * New upstream release from the Stable Channel (LP: #977502) - black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371) - CSS not applied to element (Issue: 114667) - Regression rendering a div with background gradient and borders (Issue: 113726) - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285) - Multiple crashes (Issues: 72235, 116825 and 92998) - Pop-up dialog is at wrong position (Issue: 116045) - HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165) - SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252) This release fixes the following security issues: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). Date: 2012-04-10 00:25:38.190803+00:00 Changed-By: Micah Gersten Maintainer: Fabien Tassin Signed-By: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/chromium-browser/18.0.1025.151~r130497-0ubuntu0.10.10.1 -------------- next part -------------- Sorry, changesfile not available.