[ubuntu/oneiric-security] gypsy 0.8-0ubuntu3.1 (Accepted)

Wed Feb 15 16:03:42 UTC 2012

gypsy (0.8-0ubuntu3.1) oneiric-security; urgency=low

  * SECURITY UPDATE: "arbitrary file access and buffer overflows"
    A new config file, /etc/gypsy.conf, is added that specifies a whitelist
    of globs.  By default, they are "/dev/tty*",  "/dev/pgps", and "bluetooth"
    (which matches Bluetooth addresses).
    Thanks to Michael Leibowitz <michael.leibowitz at intel.com>
    CVE-2011-0523
  * SECURITY UPDATE: Prevent buffer overflows in NMEA parsing by using
    snprintf() instead of sprintf.
    Thanks to Bastien Nocera <hadess at hadess.net>
    CVE-2011-0524 (LP: #690323)
  * Run autoreconf to include changes to configure.ac

Date: Sat, 11 Feb 2012 15:51:56 +0100
Changed-By: Andreas Moog <amoog at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/gypsy/0.8-0ubuntu3.1
-------------- next part --------------
Format: 1.8
Date: Sat, 11 Feb 2012 15:51:56 +0100
Source: gypsy
Binary: gypsy-daemon libgypsy0 libgypsy-dev libgypsy-doc
Architecture: source
Version: 0.8-0ubuntu3.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Moog <amoog at ubuntu.com>
Description: 
 gypsy-daemon - A GPS Multiplexing Daemon
 libgypsy-dev - A GPS Multiplexing Daemon (Development Package)
 libgypsy-doc - A GPS Multiplexing Daemon (HTML API Docs)
 libgypsy0  - A GPS Multiplexing Daemon (Library Package)
Launchpad-Bugs-Fixed: 690323
Changes: 
 gypsy (0.8-0ubuntu3.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: "arbitrary file access and buffer overflows"
     A new config file, /etc/gypsy.conf, is added that specifies a whitelist
     of globs.  By default, they are "/dev/tty*",  "/dev/pgps", and "bluetooth"
     (which matches Bluetooth addresses).
     Thanks to Michael Leibowitz <michael.leibowitz at intel.com>
     CVE-2011-0523
   * SECURITY UPDATE: Prevent buffer overflows in NMEA parsing by using
     snprintf() instead of sprintf.
     Thanks to Bastien Nocera <hadess at hadess.net>
     CVE-2011-0524 (LP: #690323)
   * Run autoreconf to include changes to configure.ac
Checksums-Sha1: 
 3b49cc9bedee3b8dc2ae23a8ca6687272f26ad58 1843 gypsy_0.8-0ubuntu3.1.dsc
 1c695b8defade5d132aa0a3115770645175c52e5 151726 gypsy_0.8-0ubuntu3.1.debian.tar.gz
Checksums-Sha256: 
 c805167221fef14c7863f69ddd577607746c9bf03abf5bb5eae63a0ace848127 1843 gypsy_0.8-0ubuntu3.1.dsc
 4e25b5b6742c234ae2f86d1ed1ffa1bec153ac2f112c3a8d69bb0e672058de9b 151726 gypsy_0.8-0ubuntu3.1.debian.tar.gz
Files: 
 8df0b0f20a9e3ac0e3a86cb0b8cd29e8 1843 utils optional gypsy_0.8-0ubuntu3.1.dsc
 651422db9a4345ee6a171edda7f493d1 151726 utils optional gypsy_0.8-0ubuntu3.1.debian.tar.gz
Original-Maintainer: Linaro User Platforms <linaro-dev at lists.linaro.org>