From stgraber at ubuntu.com Mon Jan 2 17:17:15 2012 From: stgraber at ubuntu.com (Stephane Graber) Date: Mon, 02 Jan 2012 17:17:15 -0000 Subject: [ubuntu/maverick-proposed] opencryptoki 2.2.8+dfsg-4ubuntu0.10.10.1 (Accepted) Message-ID: <20120102171715.26965.92127.launchpad@soybean.canonical.com> opencryptoki (2.2.8+dfsg-4ubuntu0.10.10.1) maverick-proposed; urgency=low * Cherry-pick patch from Deibna to reset TPM datastructures on init and not just logout, fixes TPM token reinitialization failure on reload. Thanks to David Smith for the patch (LP: #645576) Date: Wed, 07 Dec 2011 11:25:22 -0500 Changed-By: Stéphane Graber Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/opencryptoki/2.2.8+dfsg-4ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 11:25:22 -0500 Source: opencryptoki Binary: opencryptoki opencryptoki-dbg libopencryptoki0 libopencryptoki-dev Architecture: source Version: 2.2.8+dfsg-4ubuntu0.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Stéphane Graber Description: libopencryptoki-dev - PKCS#11 implementation for Linux (development) libopencryptoki0 - PKCS#11 implementation for Linux (library) opencryptoki - PKCS#11 implementation for Linux (daemon) opencryptoki-dbg - PKCS#11 implementation for Linux (debug) Launchpad-Bugs-Fixed: 645576 Changes: opencryptoki (2.2.8+dfsg-4ubuntu0.10.10.1) maverick-proposed; urgency=low . * Cherry-pick patch from Deibna to reset TPM datastructures on init and not just logout, fixes TPM token reinitialization failure on reload. Thanks to David Smith for the patch (LP: #645576) Checksums-Sha1: c11c1fdfa42866ace09806338f4ff62299891c8e 2109 opencryptoki_2.2.8+dfsg-4ubuntu0.10.10.1.dsc c29d6634f4b5fe3051dc8f6a186c4a2fd3e4893a 13963 opencryptoki_2.2.8+dfsg-4ubuntu0.10.10.1.diff.gz Checksums-Sha256: 351e48a6d619d2f1d45d3b09e74a7a96e6a14ab0c98d16487a2f4ee48a99a59e 2109 opencryptoki_2.2.8+dfsg-4ubuntu0.10.10.1.dsc 7a320d76b84f18a499bc7aa922b9205b17b369cc532d7c6c91ce939b76c237b1 13963 opencryptoki_2.2.8+dfsg-4ubuntu0.10.10.1.diff.gz Files: eafc1969930716dc32fc5d97b3f79bce 2109 admin optional opencryptoki_2.2.8+dfsg-4ubuntu0.10.10.1.dsc 6c0a7b33209e214b63af3ed91663f229 13963 admin optional opencryptoki_2.2.8+dfsg-4ubuntu0.10.10.1.diff.gz Original-Maintainer: Debian QA Group From jamie at ubuntu.com Wed Jan 4 00:03:26 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 04 Jan 2012 00:03:26 -0000 Subject: [ubuntu/maverick-security] selinux 1:0.10~10.10.1 (Accepted) Message-ID: <20120104000326.6684.66139.launchpad@cocoplum.canonical.com> selinux (1:0.10~10.10.1) maverick-security; urgency=low * Fix unsafe lockfile creation. The scope of this is limited by when this script is run. On Ubuntu 10.10 and higher, Yama blocks exploitation of this issue, but we want to fix this on Ubuntu 10.04 LTS (which doesn't have Yama) and so this package is provided for upgrades. (LP: #876994) Date: Wed, 21 Dec 2011 12:14:45 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Hardened Developers https://launchpad.net/ubuntu/maverick/+source/selinux/1:0.10~10.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Dec 2011 12:14:45 -0600 Source: selinux Binary: selinux Architecture: source Version: 1:0.10~10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Hardened Developers Changed-By: Jamie Strandboge Description: selinux - Security-Enhanced Linux runtime support Launchpad-Bugs-Fixed: 876994 Changes: selinux (1:0.10~10.10.1) maverick-security; urgency=low . * Fix unsafe lockfile creation. The scope of this is limited by when this script is run. On Ubuntu 10.10 and higher, Yama blocks exploitation of this issue, but we want to fix this on Ubuntu 10.04 LTS (which doesn't have Yama) and so this package is provided for upgrades. (LP: #876994) Checksums-Sha1: af08519212af3658eb13561cdb6abfb64243fb70 1445 selinux_0.10~10.10.1.dsc 30b26228d4234d40f580bc2a78aa66c86589d895 10187 selinux_0.10~10.10.1.tar.gz Checksums-Sha256: 5dfdae36172c248e822711bbf1d3587800d776bfaef070514e7cd5cd172aac91 1445 selinux_0.10~10.10.1.dsc 8a9a1650cc624e5eb1245b75d4fae1eaa8b70f03e3a2ca8a8bf57c161a6c3f6e 10187 selinux_0.10~10.10.1.tar.gz Files: b487f83f5d9190f8d0d43b830778f966 1445 admin optional selinux_0.10~10.10.1.dsc 7bd0aaf586d65265e96d7a3715901333 10187 admin optional selinux_0.10~10.10.1.tar.gz Original-Maintainer: J. Tang From marc.deslauriers at ubuntu.com Wed Jan 4 14:33:24 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Wed, 04 Jan 2012 14:33:24 -0000 Subject: [ubuntu/maverick-security] ghostscript 8.71.dfsg.2-0ubuntu7.1 (Accepted) Message-ID: <20120104143324.16275.30555.launchpad@cocoplum.canonical.com> ghostscript (8.71.dfsg.2-0ubuntu7.1) maverick-security; urgency=low * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Date: Tue, 20 Dec 2011 14:09:50 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ghostscript/8.71.dfsg.2-0ubuntu7.1 -------------- next part -------------- Format: 1.8 Date: Tue, 20 Dec 2011 14:09:50 -0500 Source: ghostscript Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-cups ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev Architecture: source Version: 8.71.dfsg.2-0ubuntu7.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: ghostscript - The GPL Ghostscript PostScript/PDF interpreter ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS filters ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor gs - Transitional package gs-aladdin - Transitional package gs-common - Dummy package depending on ghostscript gs-esp - Transitional package gs-esp-x - Transitional package gs-gpl - Transitional package libgs-dev - The Ghostscript PostScript Library - Development Files libgs-esp-dev - Transitional package libgs8 - The Ghostscript PostScript/PDF interpreter Library Changes: ghostscript (8.71.dfsg.2-0ubuntu7.1) maverick-security; urgency=low . * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Checksums-Sha1: 47f28ae862d0cf177254e58f4c0cda12a8d21d3f 2476 ghostscript_8.71.dfsg.2-0ubuntu7.1.dsc f1e8aa5ba1d71b946d7b9337c6d380319fa11e5f 80791 ghostscript_8.71.dfsg.2-0ubuntu7.1.diff.gz Checksums-Sha256: 2a2377a2d8624417253409aea7359968744fede434d3455a8789a9615a272148 2476 ghostscript_8.71.dfsg.2-0ubuntu7.1.dsc 991b2542fe0fdf78be08dad4407fd1f4f91e955553cab39c6350b8c031364cd0 80791 ghostscript_8.71.dfsg.2-0ubuntu7.1.diff.gz Files: 6d17c751ba77b222127c41a18c6033f8 2476 text optional ghostscript_8.71.dfsg.2-0ubuntu7.1.dsc ff4329a9893a7f156a57bf0dbca8ff17 80791 text optional ghostscript_8.71.dfsg.2-0ubuntu7.1.diff.gz Original-Maintainer: Masayuki Hatta (mhatta) From martin.pitt at ubuntu.com Thu Jan 5 12:31:28 2012 From: martin.pitt at ubuntu.com (Martin Pitt) Date: Thu, 05 Jan 2012 12:31:28 -0000 Subject: [ubuntu/maverick-proposed] postgresql-8.4 8.4.10-0ubuntu0.10.10.1 (Accepted) Message-ID: <20120105123128.15962.29241.launchpad@soybean.canonical.com> postgresql-8.4 (8.4.10-0ubuntu0.10.10.1) maverick-proposed; urgency=low * Add 00git_inet_cidr_unpack.patch: Revert the behavior of inet/cidr functions to not unpack the arguments. This fixes the memory leak when sorting inet values. Patch taken from upstream git HEAD. Spotted during testing in LP #904631. * 01-armel-tas.patch: Turn slock_t datatype into an int, and define S_UNLOCK() to call __sync_lock_release() instead of using the default implementation. This complies to the gcc built-in atomic operations specifiction more strictly and now also works on the Panda boards. (LP: #904828) postgresql-8.4 (8.4.10-0ubuntu0.10.10) maverick-proposed; urgency=low * New upstream release (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Date: Thu, 05 Jan 2012 13:16:22 +0100 Changed-By: Martin Pitt Maintainer: Martin Pitt https://launchpad.net/ubuntu/maverick/+source/postgresql-8.4/8.4.10-0ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 05 Jan 2012 13:16:22 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source Version: 8.4.10-0ubuntu0.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Martin Pitt Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 904631 904828 Changes: postgresql-8.4 (8.4.10-0ubuntu0.10.10.1) maverick-proposed; urgency=low . * Add 00git_inet_cidr_unpack.patch: Revert the behavior of inet/cidr functions to not unpack the arguments. This fixes the memory leak when sorting inet values. Patch taken from upstream git HEAD. Spotted during testing in LP #904631. * 01-armel-tas.patch: Turn slock_t datatype into an int, and define S_UNLOCK() to call __sync_lock_release() instead of using the default implementation. This complies to the gcc built-in atomic operations specifiction more strictly and now also works on the Panda boards. (LP: #904828) . postgresql-8.4 (8.4.10-0ubuntu0.10.10) maverick-proposed; urgency=low . * New upstream release (LP: #904631) - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix incorrect replay of WAL records for GIN index updates. This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next "VACUUM" of the index, however. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. - Track dependencies of functions on items used in parameter default expressions. Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to "CREATE OR REPLACE" each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. - Allow inlining of set-returning SQL functions with multiple OUT parameters. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. - Change foreign-key trigger creation order to better support self-referential foreign keys. For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention "RI_ConstraintTrigger_NNNN". A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Checksums-Sha1: 7437ea1a05b77e63f6d8d05c825eb180c7386a60 3265 postgresql-8.4_8.4.10-0ubuntu0.10.10.1.dsc f25f9c442add8d0077f09759ce959095b4ef3756 48267 postgresql-8.4_8.4.10-0ubuntu0.10.10.1.diff.gz Checksums-Sha256: d9997e41704a6779528493a86e485de92c3e4a1706efcc1f481019669b2a5586 3265 postgresql-8.4_8.4.10-0ubuntu0.10.10.1.dsc d51544d22a1f5403818c9e1ed628294ac1639783055ea5d72c8c1a80c4559c06 48267 postgresql-8.4_8.4.10-0ubuntu0.10.10.1.diff.gz Files: 09b9242281455f59f675cc018260ba7e 3265 database optional postgresql-8.4_8.4.10-0ubuntu0.10.10.1.dsc 50f1367e133651cb4ec44e11651fe964 48267 database optional postgresql-8.4_8.4.10-0ubuntu0.10.10.1.diff.gz From marc.deslauriers at ubuntu.com Thu Jan 5 15:03:42 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 05 Jan 2012 15:03:42 -0000 Subject: [ubuntu/maverick-security] ffmpeg 4:0.6-2ubuntu6.3 (Accepted) Message-ID: <20120105150342.12747.24623.launchpad@cocoplum.canonical.com> ffmpeg (4:0.6-2ubuntu6.3) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP3 stream - debian/patches/CVE-2011-4352.patch: check coefficient index in libavcodec/vp3.c. - CVE-2011-4352 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Date: Wed, 21 Dec 2011 10:46:50 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ffmpeg/4:0.6-2ubuntu6.3 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Dec 2011 10:46:50 -0500 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil50 libavcodec52 libavdevice52 libavformat52 libavfilter1 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: source Version: 4:0.6-2ubuntu6.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: ffmpeg - multimedia player, server and encoder ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API libavcodec-dev - development files for libavcodec libavcodec52 - ffmpeg codec library libavdevice-dev - development files for libavdevice libavdevice52 - ffmpeg device handling library libavfilter-dev - development files for libavfilter libavfilter1 - ffmpeg video filtering library libavformat-dev - development files for libavformat libavformat52 - ffmpeg file format library libavutil-dev - development files for libavutil libavutil50 - ffmpeg utility library libpostproc-dev - development files for libpostproc libpostproc51 - ffmpeg video postprocessing library libswscale-dev - development files for libswscale libswscale0 - ffmpeg video scaling library Changes: ffmpeg (4:0.6-2ubuntu6.3) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP3 stream - debian/patches/CVE-2011-4352.patch: check coefficient index in libavcodec/vp3.c. - CVE-2011-4352 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Checksums-Sha1: 57f1dc9927e1fb58a97516f4469c8e252027d922 2925 ffmpeg_0.6-2ubuntu6.3.dsc ceb06c72c84aeea63a1db7b4440889caaec01bd7 105186 ffmpeg_0.6-2ubuntu6.3.diff.gz Checksums-Sha256: 7e4e391d914729f179f4c38b0d2d0010411a6c586e84be5ac83c19c4b08fb2a3 2925 ffmpeg_0.6-2ubuntu6.3.dsc 22496c7801ca9589bdd76fd9f10ed1a0c58729ccafd714046a130ba06957dd82 105186 ffmpeg_0.6-2ubuntu6.3.diff.gz Files: a7cf236719e4d6a98864d6c3e252fb74 2925 libs optional ffmpeg_0.6-2ubuntu6.3.dsc 81d9ca2f9c0bd3b23adefb9ee9a1d039 105186 libs optional ffmpeg_0.6-2ubuntu6.3.diff.gz Original-Maintainer: Debian multimedia packages maintainers From marc.deslauriers at ubuntu.com Thu Jan 5 16:04:34 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 05 Jan 2012 16:04:34 -0000 Subject: [ubuntu/maverick-security] ffmpeg-extra 4:0.6-2ubuntu3.3 (Accepted) Message-ID: <20120105160434.4159.88421.launchpad@cocoplum.canonical.com> ffmpeg-extra (4:0.6-2ubuntu3.3) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP3 stream - debian/patches/CVE-2011-4352.patch: check coefficient index in libavcodec/vp3.c. - CVE-2011-4352 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Date: Wed, 21 Dec 2011 15:37:45 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/ffmpeg-extra/4:0.6-2ubuntu3.3 -------------- next part -------------- Format: 1.8 Date: Wed, 21 Dec 2011 15:37:45 -0500 Source: ffmpeg-extra Binary: libavutil-extra-50 libavutil-unstripped-50 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-1 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0 Architecture: source Version: 4:0.6-2ubuntu3.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libavcodec-extra-52 - ffmpeg codec library libavcodec-unstripped-52 - ffmpeg utility library - transitional package libavdevice-extra-52 - ffmpeg device handling library libavdevice-unstripped-52 - ffmpeg utility library - transitional package libavfilter-extra-1 - ffmpeg video filtering library libavformat-extra-52 - ffmpeg file format library libavformat-unstripped-52 - ffmpeg utility library - transitional package libavutil-extra-50 - ffmpeg utility library libavutil-unstripped-50 - ffmpeg utility library - transitional package libpostproc-extra-51 - ffmpeg video postprocessing library libpostproc-unstripped-51 - ffmpeg utility library - transitional package libswscale-extra-0 - ffmpeg video scaling library libswscale-unstripped-0 - ffmpeg utility library - transitional package Changes: ffmpeg-extra (4:0.6-2ubuntu3.3) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed Matroska file - debian/patches/CVE-2011-3504.patch: verify memory allocation failures in libavformat/matroskadec.c. - CVE-2011-3504 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing QDM2 stream - debian/patches/CVE-2011-4351.patch: check boundaries in libavcodec/qdm2.c. - CVE-2011-4351 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP3 stream - debian/patches/CVE-2011-4352.patch: check coefficient index in libavcodec/vp3.c. - CVE-2011-4352 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing VP5 or VP6 streams - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c and libavcodec/vp6.c. - CVE-2011-4353 * SECURITY UPDATE: denial of service and possible code execution via malformed VMD file - debian/patches/CVE-2011-4364.patch: properly check lengths in libavcodec/vmdav.c. - CVE-2011-4364 * SECURITY UPDATE: denial of service and possible code execution via malformed file containing svq1 stream - debian/patches/CVE-2011-4579.patch: set dimensions after they have changed in libavcodec/svq1dec.c. - CVE-2011-4579 Checksums-Sha1: 34c65e55ac2822adcc00b28c6a3401dce05a4884 3259 ffmpeg-extra_0.6-2ubuntu3.3.dsc 7e200e109ddeac057a5df0abb5d65bebcc62c3fe 106228 ffmpeg-extra_0.6-2ubuntu3.3.diff.gz Checksums-Sha256: c1275bcfd69a95a4bd1f771844cfaa337c5d196c565a816000b98bf65a389928 3259 ffmpeg-extra_0.6-2ubuntu3.3.dsc b11d203b5755a102c3f3b791b9b7c5db9d713a331f39dc9413a87d4762ec6023 106228 ffmpeg-extra_0.6-2ubuntu3.3.diff.gz Files: d7ffc745784fbdd5d2180870506d8ee1 3259 libs optional ffmpeg-extra_0.6-2ubuntu3.3.dsc 7195cd41d58a81d18a645fa0c979c6e6 106228 libs optional ffmpeg-extra_0.6-2ubuntu3.3.diff.gz Original-Maintainer: Debian multimedia packages maintainers From andreas at canonical.com Thu Jan 12 16:27:52 2012 From: andreas at canonical.com (Andreas Hasenack) Date: Thu, 12 Jan 2012 16:27:52 -0000 Subject: [ubuntu/maverick-proposed] python-tz 2010b-1ubuntu0.10.10.1 (Accepted) Message-ID: <20120112162752.22500.72598.launchpad@soybean.canonical.com> python-tz (2010b-1ubuntu0.10.10.1) maverick-proposed; urgency=low [ Forest Bond ] * Add patch samoa-idl (LP: #885163). Date: Mon, 09 Jan 2012 22:02:50 +0200 Changed-By: Andreas Hasenack Maintainer: Ubuntu Developers Signed-By: Stefano Rivera https://launchpad.net/ubuntu/maverick/+source/python-tz/2010b-1ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Mon, 09 Jan 2012 22:02:50 +0200 Source: python-tz Binary: python-tz Architecture: source Version: 2010b-1ubuntu0.10.10.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Andreas Hasenack Description: python-tz - Python version of the Olson timezone database Launchpad-Bugs-Fixed: 885163 Changes: python-tz (2010b-1ubuntu0.10.10.1) maverick-proposed; urgency=low . [ Forest Bond ] * Add patch samoa-idl (LP: #885163). Checksums-Sha1: fa14e6e3bfd2799ef8aed1bd20fedbc1ac8b7157 2177 python-tz_2010b-1ubuntu0.10.10.1.dsc 6724acf4891b1be163cd170a077211e2a996b595 5124 python-tz_2010b-1ubuntu0.10.10.1.diff.gz Checksums-Sha256: ee3a6c14c8509d480ac98ef19c464e16f5feb9d9413bcb8598089547b686e58c 2177 python-tz_2010b-1ubuntu0.10.10.1.dsc a0f4e5faa19a7985fc6ebeddffaaeaf0c5f2142a9d669d66f366629ca7d7d28f 5124 python-tz_2010b-1ubuntu0.10.10.1.diff.gz Files: 3fff00015b0165e5109a6de043239667 2177 python optional python-tz_2010b-1ubuntu0.10.10.1.dsc 7f076a32047e629b718414ceeb6895ee 5124 python optional python-tz_2010b-1ubuntu0.10.10.1.diff.gz Original-Maintainer: Debian/Ubuntu Zope Team From gary.lasker at canonical.com Tue Jan 17 05:26:12 2012 From: gary.lasker at canonical.com (Gary Lasker) Date: Tue, 17 Jan 2012 05:26:12 -0000 Subject: [ubuntu/maverick-proposed] software-center 3.0.12 (Accepted) Message-ID: <20120117052612.28103.59048.launchpad@wampee.canonical.com> software-center (3.0.12) maverick-proposed; urgency=low * lp:~gary-lasker/software-center/icon-data-for-3.0: - remove the need for inline icon data from the agent, instead download icons directly using the provided URL (LP: #914054) Date: Wed, 11 Jan 2012 23:29:45 -0500 Changed-By: Gary Lasker Maintainer: Michael Vogt Signed-By: Michael Vogt https://launchpad.net/ubuntu/maverick/+source/software-center/3.0.12 -------------- next part -------------- Format: 1.8 Date: Wed, 11 Jan 2012 23:29:45 -0500 Source: software-center Binary: software-center Architecture: source Version: 3.0.12 Distribution: maverick-proposed Urgency: low Maintainer: Michael Vogt Changed-By: Gary Lasker Description: software-center - Utility for browsing, installing, and removing applications Launchpad-Bugs-Fixed: 914054 Changes: software-center (3.0.12) maverick-proposed; urgency=low . * lp:~gary-lasker/software-center/icon-data-for-3.0: - remove the need for inline icon data from the agent, instead download icons directly using the provided URL (LP: #914054) Checksums-Sha1: 3ebc6a279b1f2ca328f1e449d19054700fae738f 1025 software-center_3.0.12.dsc 738ce5a76e82aa8fa27e8364c6205a6e309cb23f 635093 software-center_3.0.12.tar.gz Checksums-Sha256: 3b8fc93eaf9a345cb4a4bed97e80426c6043e5a303ffddda8e61d339fc9f02d6 1025 software-center_3.0.12.dsc ca8ce022ba93f10039dfd4f4c190b64a77464337eafece7a94dbfd0e5efbcc0c 635093 software-center_3.0.12.tar.gz Files: ca038237addf0ebbbb5bcb06b7b957f9 1025 gnome optional software-center_3.0.12.dsc 40cf22def16f4d179d665b65a0c480d3 635093 gnome optional software-center_3.0.12.tar.gz From james.hunt at ubuntu.com Tue Jan 17 05:27:03 2012 From: james.hunt at ubuntu.com (James Hunt) Date: Tue, 17 Jan 2012 05:27:03 -0000 Subject: [ubuntu/maverick-proposed] procps 1:3.2.8-9ubuntu3.3 (Accepted) Message-ID: <20120117052703.27628.41252.launchpad@wampee.canonical.com> procps (1:3.2.8-9ubuntu3.3) maverick-proposed; urgency=low * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). procps (1:3.2.8-9ubuntu3.2) maverick-proposed; urgency=low * debian/postinst, debian/rules: instead of manually calling 'start' in the postinst, allow dh_installinit to DTRT. LP: #602896. * debian/sysctl.d/README: fix the documentation to point at the standard interfaces, not at the 'start' command. procps (1:3.2.8-9ubuntu3.1) maverick-proposed; urgency=low [ James Hunt ] * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). Date: Wed, 07 Dec 2011 14:53:24 +0000 Changed-By: James Hunt Maintainer: Ubuntu Core Developers Signed-By: Steve Langasek https://launchpad.net/ubuntu/maverick/+source/procps/1:3.2.8-9ubuntu3.3 -------------- next part -------------- Format: 1.8 Date: Wed, 07 Dec 2011 14:53:24 +0000 Source: procps Binary: procps libproc-dev Architecture: source Version: 1:3.2.8-9ubuntu3.3 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Core Developers Changed-By: James Hunt Description: libproc-dev - library for accessing process information from /proc procps - /proc file system utilities Launchpad-Bugs-Fixed: 602896 771372 Changes: procps (1:3.2.8-9ubuntu3.3) maverick-proposed; urgency=low . * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). . procps (1:3.2.8-9ubuntu3.2) maverick-proposed; urgency=low . * debian/postinst, debian/rules: instead of manually calling 'start' in the postinst, allow dh_installinit to DTRT. LP: #602896. * debian/sysctl.d/README: fix the documentation to point at the standard interfaces, not at the 'start' command. . procps (1:3.2.8-9ubuntu3.1) maverick-proposed; urgency=low . [ James Hunt ] * Make procps job run twice: as early as possible (for kernel parameters such as kernel.printk) and then after all network interfaces are up (to account for any kernel parameters relating to recently loaded networking modules) (LP: #771372). Checksums-Sha1: d250eed75303542d26ce940fd608a3523c2757de 2004 procps_3.2.8-9ubuntu3.3.dsc 3b7601ee025595ee03d928f631c4d167a40e6a20 94112 procps_3.2.8-9ubuntu3.3.debian.tar.gz Checksums-Sha256: 1254b918fe388b43dded8682870ca31230584db94e8028f3a54f9b40dd94825b 2004 procps_3.2.8-9ubuntu3.3.dsc cb2f6196bbb2b4abf3b131d0c1bd2a2d02912848111daa7fed5dcd3f3eff2e87 94112 procps_3.2.8-9ubuntu3.3.debian.tar.gz Files: 1df00485290282a3d35f0beb04009da3 2004 admin important procps_3.2.8-9ubuntu3.3.dsc cee81d8d24f421bac61096a46b8b4d50 94112 admin important procps_3.2.8-9ubuntu3.3.debian.tar.gz Original-Maintainer: Craig Small From evan at ebroder.net Tue Jan 17 05:28:02 2012 From: evan at ebroder.net (Evan Broder) Date: Tue, 17 Jan 2012 05:28:02 -0000 Subject: [ubuntu/maverick-proposed] youtube-dl 2011.08.04-1~maverick0.1 (Accepted) Message-ID: <20120117052802.10308.34737.launchpad@chaenomeles.canonical.com> youtube-dl (2011.08.04-1~maverick0.1) maverick-proposed; urgency=low * Backport new upstream release to Maverick to fix changes in Youtube. (LP: #915029) Date: Wed, 11 Jan 2012 15:59:23 -0500 Changed-By: Evan Broder Maintainer: Rogério Brito https://launchpad.net/ubuntu/maverick/+source/youtube-dl/2011.08.04-1~maverick0.1 -------------- next part -------------- Format: 1.8 Date: Wed, 11 Jan 2012 15:59:23 -0500 Source: youtube-dl Binary: youtube-dl Architecture: source Version: 2011.08.04-1~maverick0.1 Distribution: maverick-proposed Urgency: low Maintainer: Rogério Brito Changed-By: Evan Broder Description: youtube-dl - download videos from youtube Launchpad-Bugs-Fixed: 915029 Changes: youtube-dl (2011.08.04-1~maverick0.1) maverick-proposed; urgency=low . * Backport new upstream release to Maverick to fix changes in Youtube. (LP: #915029) Checksums-Sha1: 0996a976a41e34e24d1b553349404bfb0806aa24 1815 youtube-dl_2011.08.04-1~maverick0.1.dsc e21de06c0165a8491ee00009f021172d5528a6b4 12677 youtube-dl_2011.08.04-1~maverick0.1.debian.tar.gz Checksums-Sha256: 91a4e265d3f8358bb125b4f7350c5a100913cecb7abb145f33d7c6da738e95ba 1815 youtube-dl_2011.08.04-1~maverick0.1.dsc 954a02c902d72e804581a9e8c7bda8c8d8f43c8e40c8a12785dd6b004283283b 12677 youtube-dl_2011.08.04-1~maverick0.1.debian.tar.gz Files: 6faccea4c65a89f82fe6f8d1085a62f1 1815 web extra youtube-dl_2011.08.04-1~maverick0.1.dsc 05130930d52d2adc74b6528c65ac9bf9 12677 web extra youtube-dl_2011.08.04-1~maverick0.1.debian.tar.gz From udienz at ubuntu.com Tue Jan 17 16:33:55 2012 From: udienz at ubuntu.com (Mahyuddin Susanto) Date: Tue, 17 Jan 2012 16:33:55 -0000 Subject: [ubuntu/maverick-security] squid3 3.1.6-1.1ubuntu1.2 (Accepted) Message-ID: <20120117163355.31768.72682.launchpad@cocoplum.canonical.com> squid3 (3.1.6-1.1ubuntu1.2) maverick-security; urgency=low * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response by remote Gopher servers. (LP: #907687) - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream. - CVE-2011-3205 * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. - debian/patches/CVE-2011-4096.dpatch - CVE-2011-4096 Date: Thu, 22 Dec 2011 21:55:40 +0700 Changed-By: Mahyuddin Susanto Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/squid3/3.1.6-1.1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Thu, 22 Dec 2011 21:55:40 +0700 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi Architecture: source Version: 3.1.6-1.1ubuntu1.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Mahyuddin Susanto Description: squid-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI squid3 - A full featured Web Proxy cache (HTTP proxy) squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility Launchpad-Bugs-Fixed: 907687 Changes: squid3 (3.1.6-1.1ubuntu1.2) maverick-security; urgency=low . * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response by remote Gopher servers. (LP: #907687) - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream. - CVE-2011-3205 * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. - debian/patches/CVE-2011-4096.dpatch - CVE-2011-4096 Checksums-Sha1: 4a7ba7409352d3696c2433f51f46fb3bb85e563e 2024 squid3_3.1.6-1.1ubuntu1.2.dsc 9e3cf120f3325f2bba91f7aff217ca2a87830043 21834 squid3_3.1.6-1.1ubuntu1.2.diff.gz Checksums-Sha256: 7b1ef7d8f33eb78284bda63bf9053508e60982fc87e96b14ce095bac72e3dcac 2024 squid3_3.1.6-1.1ubuntu1.2.dsc 9b40f92f3e34d9b7fd230b7d3ee1ddbdef574c1ad9d8bdcfd411cd34fa4b8a90 21834 squid3_3.1.6-1.1ubuntu1.2.diff.gz Files: 23c091fe59848f71bf34a02c8000dd02 2024 web optional squid3_3.1.6-1.1ubuntu1.2.dsc 61374999cb87deccdfc047e58285fd88 21834 web optional squid3_3.1.6-1.1ubuntu1.2.diff.gz Original-Maintainer: Luigi Gangitano From l3on at ubuntu.com Wed Jan 18 06:27:08 2012 From: l3on at ubuntu.com (Leo Iannacone) Date: Wed, 18 Jan 2012 06:27:08 -0000 Subject: [ubuntu/maverick-proposed] mrtg 2.16.3-1ubuntu1.1 (Accepted) Message-ID: <20120118062708.7923.38819.launchpad@chaenomeles.canonical.com> mrtg (2.16.3-1ubuntu1.1) maverick-proposed; urgency=low * Explicitly import Socket6 routines in SNMP_Session (LP: #899460) Patch cherry-picked from upstream (r330) Date: Mon, 09 Jan 2012 12:49:33 +0100 Changed-By: Leo Iannacone Maintainer: Ubuntu Developers Signed-By: Mahyuddin Susanto https://launchpad.net/ubuntu/maverick/+source/mrtg/2.16.3-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Mon, 09 Jan 2012 12:49:33 +0100 Source: mrtg Binary: mrtg mrtg-contrib Architecture: source Version: 2.16.3-1ubuntu1.1 Distribution: maverick-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Leo Iannacone Description: mrtg - multi router traffic grapher mrtg-contrib - multi router traffic grapher (contributed files) Launchpad-Bugs-Fixed: 899460 Changes: mrtg (2.16.3-1ubuntu1.1) maverick-proposed; urgency=low . * Explicitly import Socket6 routines in SNMP_Session (LP: #899460) Patch cherry-picked from upstream (r330) Checksums-Sha1: 3acd9192ed30ce636961fd3233b8cee47866c8bd 2053 mrtg_2.16.3-1ubuntu1.1.dsc a682aedcd3bf4f1930c9762b5aad01820f5da792 34638 mrtg_2.16.3-1ubuntu1.1.diff.gz Checksums-Sha256: c0176fad2becac3684095e1b19a227166abc26248d2d53003b8047dba5dfc033 2053 mrtg_2.16.3-1ubuntu1.1.dsc f6b987f85af1a76f909f92711c4ad253c056ebcf4eb88238f282674310096c29 34638 mrtg_2.16.3-1ubuntu1.1.diff.gz Files: ff612153f0b753b275221c6fe62a22d1 2053 net extra mrtg_2.16.3-1ubuntu1.1.dsc 16dde1bf13aff90a52ec47f6dad170a2 34638 net extra mrtg_2.16.3-1ubuntu1.1.diff.gz Original-Maintainer: Adam Majer From jamie at ubuntu.com Thu Jan 19 17:34:10 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 19 Jan 2012 17:34:10 -0000 Subject: [ubuntu/maverick-security] libxml2 2.7.7.dfsg-4ubuntu0.3 (Accepted) Message-ID: <20120119173410.5507.1754.launchpad@cocoplum.canonical.com> libxml2 (2.7.7.dfsg-4ubuntu0.3) maverick-security; urgency=low * SECURITY UPDATE: fix off-by-one leading to denial of service - encoding.c: adjust calculation of space available - 69f04562f75212bfcabecd190ea8b06ace28ece2 - CVE-2011-0216 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when entering a function or a scoped evaluation - f5048b3e71fc30ad096970b8df6e7af073bae4cb - CVE-2011-2821 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.c: fix missing error status in XPath evaluation - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd - CVE-2011-2834 * SECURITY UPDATE: fix out of bounds read - parser.c: make sure the parser returns when getting a Stop order - 77404b8b69bc122d12231807abf1a837d121b551 - CVE-2011-3905 * SECURITY UPDATE: fix heap overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Date: Wed, 18 Jan 2012 13:46:22 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/libxml2/2.7.7.dfsg-4ubuntu0.3 -------------- next part -------------- Format: 1.8 Date: Wed, 18 Jan 2012 13:46:22 -0600 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg libxml2-udeb Architecture: source Version: 2.7.7.dfsg-4ubuntu0.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-udeb - GNOME XML library - minimal runtime (udeb) libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.7.7.dfsg-4ubuntu0.3) maverick-security; urgency=low . * SECURITY UPDATE: fix off-by-one leading to denial of service - encoding.c: adjust calculation of space available - 69f04562f75212bfcabecd190ea8b06ace28ece2 - CVE-2011-0216 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when entering a function or a scoped evaluation - f5048b3e71fc30ad096970b8df6e7af073bae4cb - CVE-2011-2821 * SECURITY UPDATE: fix double free in XPath evaluation - xpath.c: fix missing error status in XPath evaluation - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd - CVE-2011-2834 * SECURITY UPDATE: fix out of bounds read - parser.c: make sure the parser returns when getting a Stop order - 77404b8b69bc122d12231807abf1a837d121b551 - CVE-2011-3905 * SECURITY UPDATE: fix heap overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Checksums-Sha1: 414f085f00ca45c623e09686c70ec52870190d10 2287 libxml2_2.7.7.dfsg-4ubuntu0.3.dsc 99e99c506055adf54ae4af8c64a3345b3515978c 105658 libxml2_2.7.7.dfsg-4ubuntu0.3.diff.gz Checksums-Sha256: 65168fb996412667f0976c639aab483e35251dd144d43cf5fab6545de397fda1 2287 libxml2_2.7.7.dfsg-4ubuntu0.3.dsc 60bfd578bfa9b6877f119cb8d294dcb6fabea2e3543378f7d114328ec8dc8ac5 105658 libxml2_2.7.7.dfsg-4ubuntu0.3.diff.gz Files: 6dd9f703fb2674087af7e4374ecc1c53 2287 libs optional libxml2_2.7.7.dfsg-4ubuntu0.3.dsc f1a7329bb9474638837fda11836fe350 105658 libs optional libxml2_2.7.7.dfsg-4ubuntu0.3.diff.gz Original-Maintainer: Debian XML/SGML Group From jamie at ubuntu.com Thu Jan 19 17:34:21 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Thu, 19 Jan 2012 17:34:21 -0000 Subject: [ubuntu/maverick-security] t1lib 5.1.2-3ubuntu0.10.10.2 (Accepted) Message-ID: <20120119173421.5507.64144.launchpad@cocoplum.canonical.com> t1lib (5.1.2-3ubuntu0.10.10.2) maverick-security; urgency=low * SECURITY UPDATE: fix denial of service via oversized fonts - debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to address remaining crashes - CVE-2011-1552 - CVE-2011-1553 - CVE-2011-1554 * SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser - debian/patches/CVE-2010-2642_2011-0433.patch: verify array boundaries in lib/t1lib/parseAFM.c - CVE-2010-2642 - CVE-2011-0433 Date: Tue, 17 Jan 2012 14:37:04 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/t1lib/5.1.2-3ubuntu0.10.10.2 -------------- next part -------------- Format: 1.8 Date: Tue, 17 Jan 2012 14:37:04 -0600 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: source Version: 5.1.2-3ubuntu0.10.10.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Changes: t1lib (5.1.2-3ubuntu0.10.10.2) maverick-security; urgency=low . * SECURITY UPDATE: fix denial of service via oversized fonts - debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to address remaining crashes - CVE-2011-1552 - CVE-2011-1553 - CVE-2011-1554 * SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser - debian/patches/CVE-2010-2642_2011-0433.patch: verify array boundaries in lib/t1lib/parseAFM.c - CVE-2010-2642 - CVE-2011-0433 Checksums-Sha1: dbb2d082b3825adf47e1953166ecf5c160db2334 1906 t1lib_5.1.2-3ubuntu0.10.10.2.dsc 9a8f79b0d77dbe3d3cf965cea333f3c2ed6932ca 20461 t1lib_5.1.2-3ubuntu0.10.10.2.diff.gz Checksums-Sha256: e2711ec7be9b6f4136b538e9e672f11a55ffcb6ea3371871e65201e555dd5205 1906 t1lib_5.1.2-3ubuntu0.10.10.2.dsc a0a7cdf81717f41ead741c17b5968ba564e7dd9ab9ab301be6d475ea4a9acace 20461 t1lib_5.1.2-3ubuntu0.10.10.2.diff.gz Files: ae7a8a8f3a8277ad90b165baad8ebf73 1906 libs optional t1lib_5.1.2-3ubuntu0.10.10.2.dsc 927132390577ba11d4229a964e60ae7a 20461 libs optional t1lib_5.1.2-3ubuntu0.10.10.2.diff.gz Original-Maintainer: Ruben Molina From jamie at ubuntu.com Mon Jan 23 22:33:43 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Mon, 23 Jan 2012 22:33:43 -0000 Subject: [ubuntu/maverick-security] qemu-kvm 0.12.5+noroms-0ubuntu7.11 (Accepted) Message-ID: <20120123223343.3627.28439.launchpad@cocoplum.canonical.com> qemu-kvm (0.12.5+noroms-0ubuntu7.11) maverick-security; urgency=low * SECURITY UPDATE: fix heap overflow in e1000 driver with crafted legacy mode packets - debian/patches/CVE-2012-0029.patch: check for overflow whenever issuing PCI dma reads - CVE-2012-0029 Date: Tue, 17 Jan 2012 13:42:24 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.11 -------------- next part -------------- Format: 1.8 Date: Tue, 17 Jan 2012 13:42:24 -0600 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: source Version: 0.12.5+noroms-0ubuntu7.11 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Changes: qemu-kvm (0.12.5+noroms-0ubuntu7.11) maverick-security; urgency=low . * SECURITY UPDATE: fix heap overflow in e1000 driver with crafted legacy mode packets - debian/patches/CVE-2012-0029.patch: check for overflow whenever issuing PCI dma reads - CVE-2012-0029 Checksums-Sha1: 441d5b39b8c87dd8579329e9f489942ca4a7b852 2187 qemu-kvm_0.12.5+noroms-0ubuntu7.11.dsc 7efac3546de96263315dfc651a7aa7c023ff7637 67114 qemu-kvm_0.12.5+noroms-0ubuntu7.11.diff.gz Checksums-Sha256: 84cf2f45c4614ec22c7d02f829d5a60651b00083db03438f36b4d6a6fcec5b1d 2187 qemu-kvm_0.12.5+noroms-0ubuntu7.11.dsc 3b6b88270f8c32175964abacdb1ab0a6356a88ab23542c7c3683e7627204a976 67114 qemu-kvm_0.12.5+noroms-0ubuntu7.11.diff.gz Files: 19682ce5b19207123312d19a16cc0de4 2187 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.11.dsc 7ac6d754357a7870dad3abb2ea8655ed 67114 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.11.diff.gz From marc.deslauriers at ubuntu.com Tue Jan 24 21:03:54 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 24 Jan 2012 21:03:54 -0000 Subject: [ubuntu/maverick-security] curl 7.21.0-1ubuntu1.3 (Accepted) Message-ID: <20120124210354.19846.25314.launchpad@cocoplum.canonical.com> curl (7.21.0-1ubuntu1.3) maverick-security; urgency=low * SECURITY UPDATE: URL sanitization vulnerability - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}. - CVE-2012-0036 Date: Tue, 24 Jan 2012 08:29:10 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/curl/7.21.0-1ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Tue, 24 Jan 2012 08:29:10 -0500 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev libcurl3-dbg Architecture: source Version: 7.21.0-1ubuntu1.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: curl - Get a file from an HTTP, HTTPS or FTP server libcurl3 - Multi-protocol file transfer library (OpenSSL) libcurl3-dbg - libcurl compiled with debug symbols libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS) libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS) libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL) Changes: curl (7.21.0-1ubuntu1.3) maverick-security; urgency=low . * SECURITY UPDATE: URL sanitization vulnerability - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}. - CVE-2012-0036 Checksums-Sha1: 5d9b01d17d39f9109e40bd1ba62506269ebfd4cc 2221 curl_7.21.0-1ubuntu1.3.dsc 255237d2fe49a4a667087d1c29d590226b7fedb0 96854 curl_7.21.0-1ubuntu1.3.debian.tar.gz Checksums-Sha256: 1867a3a2c2d4c184aba0b8c7f5eb33bf63eb6a81b291f90e8b32d348bae00522 2221 curl_7.21.0-1ubuntu1.3.dsc f35d2daf96e2acc5a372917d087d0a0c36885e6e04fb77c10889ee2783065c21 96854 curl_7.21.0-1ubuntu1.3.debian.tar.gz Files: 2ecf757b4236ea18f58a00f72be6f13b 2221 web optional curl_7.21.0-1ubuntu1.3.dsc f01411fb6249104ebdad14f4cb05e2a4 96854 web optional curl_7.21.0-1ubuntu1.3.debian.tar.gz Original-Maintainer: Ramakrishnan Muthukrishnan From sbeattie at ubuntu.com Tue Jan 24 22:07:00 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Tue, 24 Jan 2012 22:07:00 -0000 Subject: [ubuntu/maverick-security] openjdk-6b18 6b18-1.8.10-0ubuntu1~10.10.3 (Accepted) Message-ID: <20120124220700.11887.74120.launchpad@cocoplum.canonical.com> openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.3) maverick-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Date: Fri, 20 Jan 2012 15:41:49 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.3 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 15:41:49 -0800 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.10-0ubuntu1~10.10.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Launchpad-Bugs-Fixed: 891761 Changes: openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.3) maverick-security; urgency=low . * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Checksums-Sha1: 96a95233059fdd3c58b38ae07ffb71d07bc47fe8 3125 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.3.dsc 0874d3b4cc4cf37aef8aba5dc53d4dbb3a3f3bea 142146 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.3.diff.gz Checksums-Sha256: e83187822b8fc59d5232ad185641869c054a589ccb7e17422cc699fcb4c4b6fe 3125 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.3.dsc e45b6ac5317a626c679f51d0764edcc730c6f9743effabeab470e9bd6a718689 142146 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.3.diff.gz Files: e06feb728d2ed089a2fc8f739ff7df15 3125 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.3.dsc 04be877f2715c52d508938f9a4148bdc 142146 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.3.diff.gz Original-Maintainer: OpenJDK Team From sbeattie at ubuntu.com Tue Jan 24 22:07:36 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Tue, 24 Jan 2012 22:07:36 -0000 Subject: [ubuntu/maverick-security] openjdk-6 6b20-1.9.10-0ubuntu1~10.10.3 (Accepted) Message-ID: <20120124220736.11887.96015.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.3) maverick-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Date: Fri, 20 Jan 2012 09:59:35 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.3 -------------- next part -------------- Format: 1.8 Date: Fri, 20 Jan 2012 09:59:35 -0800 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.10-0ubuntu1~10.10.3 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Launchpad-Bugs-Fixed: 891761 Changes: openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.3) maverick-security; urgency=low . * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) Checksums-Sha1: 0f2859871a26005ea482c5d725b2701abb6de4d8 3122 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.3.dsc 9e47206e5189609029be8a3dbc1616eb2dc1da61 139471 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.3.diff.gz Checksums-Sha256: 91ed3a9f91e6e25c0bdbd887b951007163aff8b5bc5b300f7ab42c9c8d4ac49a 3122 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.3.dsc 7de92d4f7c129ab397a44d44a2f2658a132d0083228a66b2dcf0b96ef62ca0fe 139471 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.3.diff.gz Files: 0d829c1ef1620df456cddb1f957bb456 3122 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.10.3.dsc a5d99c3066c2ddaa8b038358a3a9e2c0 139471 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.10.3.diff.gz Original-Maintainer: OpenJDK Team From jamie at ubuntu.com Wed Jan 25 19:34:50 2012 From: jamie at ubuntu.com (Jamie Strandboge) Date: Wed, 25 Jan 2012 19:34:50 -0000 Subject: [ubuntu/maverick-security] evince_2.32.0-0ubuntu1.2_i386_translations.tar.gz, evince_2.32.0-0ubuntu1.2_powerpc_translations.tar.gz, evince_2.32.0-0ubuntu1.2_armel_translations.tar.gz, evince, evince_2.32.0-0ubuntu1.2_static_translations.tar.gz, evince_2.32.0-0ubuntu1.2_amd64_translations.tar.gz 2.32.0-0ubuntu1.2 (Accepted) Message-ID: <20120125193450.26373.14099.launchpad@cocoplum.canonical.com> evince (2.32.0-0ubuntu1.2) maverick-security; urgency=low * SECURITY UPDATE: fix heap-based buffer overflow - debian/patches/03_CVE-2011-0433.patch: add more bounds checking in backend/dvi/mdvi-lib/afmparse.c - CVE-2011-0433 Date: Thu, 19 Jan 2012 09:27:06 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/evince/2.32.0-0ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Thu, 19 Jan 2012 09:27:06 -0600 Source: evince Binary: evince evince-dbg evince-gtk libevview-dev libevview3 libevdocument-dev libevdocument3 evince-common gir1.0-evince-2.32 Architecture: source Version: 2.32.0-0ubuntu1.2 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: evince - Document (postscript, pdf) viewer evince-common - Document (postscript, pdf) viewer - common files evince-dbg - Document (postscript, pdf) viewer - debugging symbols evince-gtk - Document (postscript, pdf) viewer (GTK+ version) gir1.0-evince-2.32 - GObject introspection data for the libevince library libevdocument-dev - GNOME document viewer backend library - development headers libevdocument3 - GNOME document viewer backend library libevview-dev - GNOME document viewer view library - development headers libevview3 - GNOME document viewer view library Changes: evince (2.32.0-0ubuntu1.2) maverick-security; urgency=low . * SECURITY UPDATE: fix heap-based buffer overflow - debian/patches/03_CVE-2011-0433.patch: add more bounds checking in backend/dvi/mdvi-lib/afmparse.c - CVE-2011-0433 Checksums-Sha1: d2fe5a322bbe379b47ece1cd9183fbf16873623a 2831 evince_2.32.0-0ubuntu1.2.dsc 49882cd12325701d2694b2270fd6691c58ed5adf 29302 evince_2.32.0-0ubuntu1.2.debian.tar.gz Checksums-Sha256: 833de88438d4792e2ba0e658733988315d4a273224b1f7a115758818d72ca454 2831 evince_2.32.0-0ubuntu1.2.dsc ea80e7a0fadb33e5735028bbf563d74ea68fae21549f54cf10256ff7a03b393b 29302 evince_2.32.0-0ubuntu1.2.debian.tar.gz Files: 4556bd95a22d9fd236807c7b433bcbbc 2831 gnome optional evince_2.32.0-0ubuntu1.2.dsc 42f4278c3fde5a4916462ab3b5b24150 29302 gnome optional evince_2.32.0-0ubuntu1.2.debian.tar.gz Original-Maintainer: Debian GNOME Maintainers From marc.deslauriers at ubuntu.com Thu Jan 26 14:34:06 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Thu, 26 Jan 2012 14:34:06 -0000 Subject: [ubuntu/maverick-security] icu 4.2.1-3ubuntu0.10.10.1 (Accepted) Message-ID: <20120126143406.16958.110.launchpad@cocoplum.canonical.com> icu (4.2.1-3ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via out of bounds access - debian/patches/CVE-2011-4599.patch: add bounds checks in source/common/uloc.c. - CVE-2011-4599 Date: Wed, 25 Jan 2012 15:11:21 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/maverick/+source/icu/4.2.1-3ubuntu0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 25 Jan 2012 15:11:21 -0500 Source: icu Binary: libicu42 libicu42-dbg libicu-dev lib32icu42 lib32icu-dev icu-doc Architecture: source Version: 4.2.1-3ubuntu0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: icu-doc - API documentation for ICU classes and functions lib32icu-dev - Development files for International Components for Unicode (32-bi lib32icu42 - International Components for Unicode (32-bit) libicu-dev - Development files for International Components for Unicode libicu42 - International Components for Unicode libicu42-dbg - International Components for Unicode Changes: icu (4.2.1-3ubuntu0.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via out of bounds access - debian/patches/CVE-2011-4599.patch: add bounds checks in source/common/uloc.c. - CVE-2011-4599 Checksums-Sha1: efe056d43c94144193c01a7a46736f9f08c88c91 2093 icu_4.2.1-3ubuntu0.10.10.1.dsc d68a85fffeea0d39d3938fc11232c1f5f38699ca 14448 icu_4.2.1-3ubuntu0.10.10.1.diff.gz Checksums-Sha256: 40da6f237c129f7006d113df2f6db43b31ea571a9c697132c40f499b95240d4e 2093 icu_4.2.1-3ubuntu0.10.10.1.dsc bb158ac7335991025cf3231ca499549b648beedf0c9d30b680cf06559acd4205 14448 icu_4.2.1-3ubuntu0.10.10.1.diff.gz Files: f19b1e22d13dad9947c82f46306d5039 2093 libs optional icu_4.2.1-3ubuntu0.10.10.1.dsc 1de56012ad6be835dc2492d75a39173c 14448 libs optional icu_4.2.1-3ubuntu0.10.10.1.diff.gz Original-Maintainer: Jay Berkenbilt From sbeattie at ubuntu.com Mon Jan 30 08:33:28 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 30 Jan 2012 08:33:28 -0000 Subject: [ubuntu/maverick-security] wireshark_1.2.11-6+squeeze6build0.10.10.1_amd64_translations.tar.gz, wireshark_1.2.11-6+squeeze6build0.10.10.1_armel_translations.tar.gz, wireshark_1.2.11-6+squeeze6build0.10.10.1_powerpc_translations.tar.gz, wireshark_1.2.11-6+squeeze6build0.10.10.1_i386_translations.tar.gz, wireshark 1.2.11-6+squeeze6build0.10.10.1 (Accepted) Message-ID: <20120130083328.29594.45543.launchpad@cocoplum.canonical.com> wireshark (1.2.11-6+squeeze6build0.10.10.1) maverick-security; urgency=low * fake sync from Debian wireshark (1.2.11-6+squeeze6) stable-security; urgency=low * Fix CVE-2011-3483, CVE-2011-0042, CVE-2012-0068, CVE-2012-0067, CVE-2012-0066, CVE-2011-0041 (Patches provided by Balint) Date: Fri, 27 Jan 2012 15:51:55 -0800 Changed-By: Steve Beattie Maintainer: Balint Reczey https://launchpad.net/ubuntu/maverick/+source/wireshark/1.2.11-6+squeeze6build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 27 Jan 2012 15:51:55 -0800 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg Architecture: source Version: 1.2.11-6+squeeze6build0.10.10.1 Distribution: maverick-security Urgency: low Maintainer: Balint Reczey Changed-By: Steve Beattie Description: tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools Changes: wireshark (1.2.11-6+squeeze6build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . wireshark (1.2.11-6+squeeze6) stable-security; urgency=low . * Fix CVE-2011-3483, CVE-2011-0042, CVE-2012-0068, CVE-2012-0067, CVE-2012-0066, CVE-2011-0041 (Patches provided by Balint) Checksums-Sha1: 22a4dd305adf7055371d72156a93f78ad09260d2 2443 wireshark_1.2.11-6+squeeze6build0.10.10.1.dsc c055ca06e63ca794507083f412b1aa6c4f578720 84546 wireshark_1.2.11-6+squeeze6build0.10.10.1.debian.tar.gz Checksums-Sha256: c5db1dea382d23cd47ea11c34455a3e1a213c334e1673d1248f301f4d5315a02 2443 wireshark_1.2.11-6+squeeze6build0.10.10.1.dsc faf3d6d84382de9225c774d0d190250b437e2c4a9aa81989d599cd7f96ebcf72 84546 wireshark_1.2.11-6+squeeze6build0.10.10.1.debian.tar.gz Files: 42fd8e68a00ce2c56f79b3135bd4340c 2443 net optional wireshark_1.2.11-6+squeeze6build0.10.10.1.dsc ad50f3cdf856eb7db25e89fac46705f5 84546 net optional wireshark_1.2.11-6+squeeze6build0.10.10.1.debian.tar.gz From sbeattie at ubuntu.com Mon Jan 30 09:35:57 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 30 Jan 2012 09:35:57 -0000 Subject: [ubuntu/maverick-security] super 3.30.0-3+squeeze1build0.10.10.1 (Accepted) Message-ID: <20120130093557.19855.31825.launchpad@cocoplum.canonical.com> super (3.30.0-3+squeeze1build0.10.10.1) maverick-security; urgency=low * fake sync from Debian super (3.30.0-3+squeeze1) stable-security; urgency=high * Add 12-Use-vsnprintf.patch to fix buffer overflow error occurring when logging via syslog is enabled (CVE-2011-2776). * Add 13-Potential-format-string-vulnerability.patch to fix a vulnerability that might occur if the user of file name or file name used in the tag contains a '%' character. Date: Fri, 27 Jan 2012 16:27:48 -0800 Changed-By: Steve Beattie Maintainer: Robert Luberda https://launchpad.net/ubuntu/maverick/+source/super/3.30.0-3+squeeze1build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 27 Jan 2012 16:27:48 -0800 Source: super Binary: super Architecture: source Version: 3.30.0-3+squeeze1build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Robert Luberda Changed-By: Steve Beattie Description: super - Execute commands setuid root Changes: super (3.30.0-3+squeeze1build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . super (3.30.0-3+squeeze1) stable-security; urgency=high . * Add 12-Use-vsnprintf.patch to fix buffer overflow error occurring when logging via syslog is enabled (CVE-2011-2776). * Add 13-Potential-format-string-vulnerability.patch to fix a vulnerability that might occur if the user of file name or file name used in the tag contains a '%' character. Checksums-Sha1: c5a1a3d9b99b7c87f138108a2e878bb6c028cc4a 1762 super_3.30.0-3+squeeze1build0.10.10.1.dsc b5429e3ec3978670d2ba70a6de2fddc4f42a39b9 13562 super_3.30.0-3+squeeze1build0.10.10.1.diff.gz Checksums-Sha256: ae1f40ffe771a0d048697b914ce89b38982f1329575cf8c2bdac86e898d3037f 1762 super_3.30.0-3+squeeze1build0.10.10.1.dsc cbfeebad5491f1354047a0377cfd06c651410aa14ef3d6e81770d5cd40bf13ac 13562 super_3.30.0-3+squeeze1build0.10.10.1.diff.gz Files: 2828b4cd368f22363f0b115dcd5cf78a 1762 admin optional super_3.30.0-3+squeeze1build0.10.10.1.dsc bf397c194b011176ca6f4d775751abea 13562 admin optional super_3.30.0-3+squeeze1build0.10.10.1.diff.gz From sbeattie at ubuntu.com Mon Jan 30 10:33:42 2012 From: sbeattie at ubuntu.com (Steve Beattie) Date: Mon, 30 Jan 2012 10:33:42 -0000 Subject: [ubuntu/maverick-security] cyrus-imapd-2.2, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1_powerpc_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1_armel_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1_i386_translations.tar.gz, cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1_amd64_translations.tar.gz 2.2.13-19squeeze3build0.10.10.1 (Accepted) Message-ID: <20120130103342.9712.13671.launchpad@cocoplum.canonical.com> cyrus-imapd-2.2 (2.2.13-19squeeze3build0.10.10.1) maverick-security; urgency=low * fake sync from Debian cyrus-imapd-2.2 (2.2.13-19+squeeze3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Fix possible NULL pointer dereference via crafted message reference id caused by a missing sanitizing of the mail headers. This can be exploited from a client making use of the IMAP threading feature (CVE-2011-3481). Date: Fri, 27 Jan 2012 17:18:29 -0800 Changed-By: Steve Beattie Maintainer: Debian Cyrus Team https://launchpad.net/ubuntu/maverick/+source/cyrus-imapd-2.2/2.2.13-19squeeze3build0.10.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 27 Jan 2012 17:18:29 -0800 Source: cyrus-imapd-2.2 Binary: cyrus-common-2.2 cyrus-doc-2.2 cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-admin-2.2 cyrus-murder-2.2 cyrus-nntpd-2.2 cyrus-clients-2.2 cyrus-dev-2.2 libcyrus-imap-perl22 Architecture: source Version: 2.2.13-19squeeze3build0.10.10.1 Distribution: maverick-security Urgency: high Maintainer: Debian Cyrus Team Changed-By: Steve Beattie Description: cyrus-admin-2.2 - Cyrus mail system - administration tools cyrus-clients-2.2 - Cyrus mail system (test clients) cyrus-common-2.2 - Cyrus mail system - common files cyrus-dev-2.2 - Cyrus mail system (developer files) cyrus-doc-2.2 - Cyrus mail system - documentation files cyrus-imapd-2.2 - Cyrus mail system - IMAP support cyrus-murder-2.2 - Cyrus mail system (proxies and aggregator) cyrus-nntpd-2.2 - Cyrus mail system (NNTP support) cyrus-pop3d-2.2 - Cyrus mail system - POP3 support libcyrus-imap-perl22 - Interface to Cyrus imap client imclient library Changes: cyrus-imapd-2.2 (2.2.13-19squeeze3build0.10.10.1) maverick-security; urgency=low . * fake sync from Debian . cyrus-imapd-2.2 (2.2.13-19+squeeze3) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix possible NULL pointer dereference via crafted message reference id caused by a missing sanitizing of the mail headers. This can be exploited from a client making use of the IMAP threading feature (CVE-2011-3481). Checksums-Sha1: 1806c4529cc0c09272a1fa292f8f9f62a332966f 2666 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1.dsc dfc89f2b071c7a40df2ef98975e6fc99cf85d241 277550 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1.diff.gz Checksums-Sha256: a11a2ee2a40b739d7cd95aa326092ea09ce0961b2fdb5b45c8e466c8e96184dc 2666 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1.dsc dc7e41b2324e53759ef16cc33ce4c9e5e485aafc13d6c5424c9c30069ce9d5b7 277550 cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1.diff.gz Files: 49574826131526f1ed929c94ed25806a 2666 mail extra cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1.dsc 1a48cade46e25586b9eecb3b296e81a5 277550 mail extra cyrus-imapd-2.2_2.2.13-19squeeze3build0.10.10.1.diff.gz From marc.deslauriers at ubuntu.com Tue Jan 31 13:34:18 2012 From: marc.deslauriers at ubuntu.com (Marc Deslauriers) Date: Tue, 31 Jan 2012 13:34:18 -0000 Subject: [ubuntu/maverick-security] software-properties, software-properties_0.76.7.1_i386_translations.tar.gz 0.76.7.1 (Accepted) Message-ID: <20120131133418.15196.28821.launchpad@cocoplum.canonical.com> software-properties (0.76.7.1) maverick-security; urgency=low * SECURITY UPDATE: incorrect ssl certificate validation (LP: #915210) - softwareproperties/ppa.py: use pycurl to download the signing key fingerprint. - debian/control: add python-pycurl dependency. - CVE-2011-4407 Date: Thu, 26 Jan 2012 11:18:52 -0500 Changed-By: Marc Deslauriers Maintainer: Michael Vogt https://launchpad.net/ubuntu/maverick/+source/software-properties/0.76.7.1 -------------- next part -------------- Format: 1.8 Date: Thu, 26 Jan 2012 11:18:52 -0500 Source: software-properties Binary: python-software-properties software-properties-gtk software-properties-kde Architecture: source Version: 0.76.7.1 Distribution: maverick-security Urgency: low Maintainer: Michael Vogt Changed-By: Marc Deslauriers Description: python-software-properties - manage the repositories that you install software from software-properties-gtk - manage the repositories that you install software from software-properties-kde - manage the repositories that you install software from Launchpad-Bugs-Fixed: 915210 Changes: software-properties (0.76.7.1) maverick-security; urgency=low . * SECURITY UPDATE: incorrect ssl certificate validation (LP: #915210) - softwareproperties/ppa.py: use pycurl to download the signing key fingerprint. - debian/control: add python-pycurl dependency. - CVE-2011-4407 Checksums-Sha1: b67197f6cb633dd44ee84c54754cad6255fd7e2a 1710 software-properties_0.76.7.1.dsc 6d9ae9678b74690de7b95091b944ee0b345fc313 1409014 software-properties_0.76.7.1.tar.gz Checksums-Sha256: f4ac30304721ceb5f706abb5bbe06c64d61b07eee6a63bdf46291461aa805c27 1710 software-properties_0.76.7.1.dsc c35cd6252b381cc3fb48d8d44bb704e5334aee0aa950be2941c84f407a4cff29 1409014 software-properties_0.76.7.1.tar.gz Files: 56933954d3a02b1bc24f8dbaee3c50b6 1710 admin optional software-properties_0.76.7.1.dsc bc7a59031685bbe40e5a9e8909153c25 1409014 admin optional software-properties_0.76.7.1.tar.gz