[ubuntu/natty-security] oprofile 0.9.6-1.1ubuntu2.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Jul 7 18:03:27 UTC 2011 

oprofile (0.9.6-1.1ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: shell metacharacter injection -e argument and arbitrary
    file overwrite
    - 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e
    - 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch: ensure
      that --save only saves things in $SESSION_DIR
    - 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands
      in $SETUP_FILE
    - 0004-Do-additional-checks-on-user-supplied-arguments.patch: input
      validation on user supplied values
    - 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename()
      which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch
    - CVE-2011-1760

Date: Thu, 07 Jul 2011 11:05:23 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/oprofile/0.9.6-1.1ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Thu, 07 Jul 2011 11:05:23 -0500
Source: oprofile
Binary: oprofile libopagent1 oprofile-gui
Architecture: source
Version: 0.9.6-1.1ubuntu2.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libopagent1 - system-wide profiler for Linux systems (opagent runtime library)
 oprofile   - system-wide profiler for Linux systems
 oprofile-gui - system-wide profiler for Linux systems (GUI components)
Changes: 
 oprofile (0.9.6-1.1ubuntu2.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: shell metacharacter injection -e argument and arbitrary
     file overwrite
     - 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e
     - 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch: ensure
       that --save only saves things in $SESSION_DIR
     - 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands
       in $SETUP_FILE
     - 0004-Do-additional-checks-on-user-supplied-arguments.patch: input
       validation on user supplied values
     - 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename()
       which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch
     - CVE-2011-1760
Checksums-Sha1: 
 e30b07f492dd6c427fc7cbed0d4015152b408435 2199 oprofile_0.9.6-1.1ubuntu2.1.dsc
 af2d75b30bc238908882ea01faad6690511c801e 24606 oprofile_0.9.6-1.1ubuntu2.1.diff.gz
Checksums-Sha256: 
 0ef4323aea91f79e9e9b25041df5a0cf1b3362a846bdd1645bf493615f5834bb 2199 oprofile_0.9.6-1.1ubuntu2.1.dsc
 e542713658c6b6e868c325120aeb20c01c901f2d04a663f9518c95b1aa72011e 24606 oprofile_0.9.6-1.1ubuntu2.1.diff.gz
Files: 
 46fa06bbbd31178d5767337eac3c513c 2199 devel optional oprofile_0.9.6-1.1ubuntu2.1.dsc
 336a6b4eb554f6fb4e834f65f7e1bcf0 24606 devel optional oprofile_0.9.6-1.1ubuntu2.1.diff.gz
Original-Maintainer: LIU Qi <liuqi82 at gmail.com>

More information about the Natty-changes mailing list