[ubuntu/natty-security] gypsy 0.8-0ubuntu2.1 (Accepted)

Andreas Moog amoog at ubuntu.com
Wed Feb 15 16:03:58 UTC 2012 

gypsy (0.8-0ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: "arbitrary file access and buffer overflows"
    A new config file, /etc/gypsy.conf, is added that specifies a whitelist
    of globs.  By default, they are "/dev/tty*",  "/dev/pgps", and "bluetooth"
    (which matches Bluetooth addresses).
    Thanks to Michael Leibowitz <michael.leibowitz at intel.com>
    CVE-2011-0523
  * SECURITY UPDATE: Prevent buffer overflows in NMEA parsing by using
    snprintf() instead of sprintf.
    Thanks to Bastien Nocera <hadess at hadess.net>
    CVE-2011-0524 (LP: #690323)
  * Run autoreconf to include changes to configure.ac

Date: Sat, 11 Feb 2012 15:59:26 +0100
Changed-By: Andreas Moog <amoog at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/gypsy/0.8-0ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Sat, 11 Feb 2012 15:59:26 +0100
Source: gypsy
Binary: gypsy-daemon libgypsy0 libgypsy-dev libgypsy-doc
Architecture: source
Version: 0.8-0ubuntu2.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Moog <amoog at ubuntu.com>
Description: 
 gypsy-daemon - A GPS Multiplexing Daemon
 libgypsy-dev - A GPS Multiplexing Daemon (Development Package)
 libgypsy-doc - A GPS Multiplexing Daemon (HTML API Docs)
 libgypsy0  - A GPS Multiplexing Daemon (Library Package)
Launchpad-Bugs-Fixed: 690323
Changes: 
 gypsy (0.8-0ubuntu2.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: "arbitrary file access and buffer overflows"
     A new config file, /etc/gypsy.conf, is added that specifies a whitelist
     of globs.  By default, they are "/dev/tty*",  "/dev/pgps", and "bluetooth"
     (which matches Bluetooth addresses).
     Thanks to Michael Leibowitz <michael.leibowitz at intel.com>
     CVE-2011-0523
   * SECURITY UPDATE: Prevent buffer overflows in NMEA parsing by using
     snprintf() instead of sprintf.
     Thanks to Bastien Nocera <hadess at hadess.net>
     CVE-2011-0524 (LP: #690323)
   * Run autoreconf to include changes to configure.ac
Checksums-Sha1: 
 29dd6ea90a464536b03fed681184bec3240aad7b 1840 gypsy_0.8-0ubuntu2.1.dsc
 4fa09fe43fe0afb43efe302b21504df9ffd837fb 22878 gypsy_0.8-0ubuntu2.1.debian.tar.gz
Checksums-Sha256: 
 4b103e856cfbabfe5e261451a00a85fd9e67d2e1d1d8638bfe94f6d10c3cbf26 1840 gypsy_0.8-0ubuntu2.1.dsc
 e1182c6d2ca75be8e918bc5481edcef09adb998b45ae72273e975f5bff393321 22878 gypsy_0.8-0ubuntu2.1.debian.tar.gz
Files: 
 e05e5ad060c5c1b89067acd8b9633ae1 1840 utils optional gypsy_0.8-0ubuntu2.1.dsc
 5b2a13209a85479af8980aaa49b13b6e 22878 utils optional gypsy_0.8-0ubuntu2.1.debian.tar.gz
Original-Maintainer: Linaro User Platforms <linaro-dev at lists.linaro.org>

More information about the Natty-changes mailing list