[ubuntu/precise] gypsy 0.8-0ubuntu4 (Accepted)

[Andreas Moog]

gypsy (0.8-0ubuntu4) precise; urgency=low

  * debian/patches/cve-2011-0523.patch:
    - SECURITY UPDATE: CVE-2011-0523: "arbitrary file access
      and buffer overflows" A new config file, /etc/gypsy.conf, is added
      that specifies a whitelist of globs.  By default, they are
      "/dev/tty*", "/dev/pgps", and "bluetooth" (which matches Bluetooth
      addresses).
      Thanks to Michael Leibowitz <michael.leibowitz at intel.com>
  * debian/patches/cve-2011-0524.patch:
    - SECURITY UPDATE: CVE-2011-0524 Prevent buffer overflows in NMEA parsing
      By using snprintf() instead of sprintf.
      Thanks to Bastien Nocera <hadess at hadess.net>
  * debian/patches/ deprecated_array.patch:
    - Use GArray instead of GValueArray, which got deprecated in recent glib.
      This fixes a FTBFS

Date: Fri, 10 Feb 2012 20:56:20 +0100
Changed-By: Andreas Moog <amoog at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/gypsy/0.8-0ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 10 Feb 2012 20:56:20 +0100
Source: gypsy
Binary: gypsy-daemon libgypsy0 libgypsy-dev libgypsy-doc
Architecture: source
Version: 0.8-0ubuntu4
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Moog <amoog at ubuntu.com>
Description: 
 gypsy-daemon - A GPS Multiplexing Daemon
 libgypsy-dev - A GPS Multiplexing Daemon (Development Package)
 libgypsy-doc - A GPS Multiplexing Daemon (HTML API Docs)
 libgypsy0  - A GPS Multiplexing Daemon (Library Package)
Changes: 
 gypsy (0.8-0ubuntu4) precise; urgency=low
 .
   * debian/patches/cve-2011-0523.patch:
     - SECURITY UPDATE: CVE-2011-0523: "arbitrary file access
       and buffer overflows" A new config file, /etc/gypsy.conf, is added
       that specifies a whitelist of globs.  By default, they are
       "/dev/tty*", "/dev/pgps", and "bluetooth" (which matches Bluetooth
       addresses).
       Thanks to Michael Leibowitz <michael.leibowitz at intel.com>
   * debian/patches/cve-2011-0524.patch:
     - SECURITY UPDATE: CVE-2011-0524 Prevent buffer overflows in NMEA parsing
       By using snprintf() instead of sprintf.
       Thanks to Bastien Nocera <hadess at hadess.net>
   * debian/patches/ deprecated_array.patch:
     - Use GArray instead of GValueArray, which got deprecated in recent glib.
       This fixes a FTBFS
Checksums-Sha1: 
 23d24559d1d972bf598fe7a5a4bedd0ecd0851d4 2001 gypsy_0.8-0ubuntu4.dsc
 b8bd4b40562bf1d774072f965d3045035a7fffa8 8325 gypsy_0.8-0ubuntu4.debian.tar.gz
Checksums-Sha256: 
 e665da17db636ccf66d3139087be301ec9b1ba0005ed9214c6d77a30b64d9ac8 2001 gypsy_0.8-0ubuntu4.dsc
 26aeeaa8953dc2215e8da594847518882c60876df713f3282100454d6980c77b 8325 gypsy_0.8-0ubuntu4.debian.tar.gz
Files: 
 5745cfaef595394d6ebeaee86edfc95d 2001 utils optional gypsy_0.8-0ubuntu4.dsc
 7ea4b795d2bedd385e9b86e3353844fe 8325 utils optional gypsy_0.8-0ubuntu4.debian.tar.gz
Original-Maintainer: Linaro User Platforms <linaro-dev at lists.linaro.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPNYlgAAoJEGHzRCZ03mYkx7YP/2Nm99XtCNIam4mqLm3cG6mg
nrna1CXakuhezLtjQuwsFLRFrQivmxs1eTamxDFhr0azjb2s/xpXyOxj+PtJgN8c
/2Ixw1cPqwLbXhcoKauriT/mjNb9GAkkdz8ffE+zJyFzOM6WzSb6sQi7/oPihlWt
WOd2wxP7o++hfgG5gB9e3/WciyTRzCrpwMTUSB/tFKaSt/QGdfF4fnnrFezK0LWa
mPWV1jVxzVb/X2znYYA000GJ8asxB8RxtohW5pBb3ImPYKRL8yDV470moKCwZCmw
hVTdJwtxiXqmQjfm/bUxHWB0ds9Vzd5kJJ1ofz1769YHzSsTtaUXROlE1owpZKpV
WijmQ9aOwKeAOlheka2TTRRhf+jW/tA3qJCqkLFGq1lKrgTCbNPSVrWVWUeIPzG1
KSzatQE42jkM0pr4azR+j2GT4gSB2oJuonmwlTRNDZ6GmaL5K1SfpZJnQVGXXTMB
WFyHsenz3uPt9JnfgFM13zQdozFgRmK1nD3vyEoI4h4bMzeG1PRkYiWTalxhkFBY
g9z5k1cIJdfN2wC+K0GdPHThadzv4liSlU7G1oZXF/CiK16or8XsMCYIS6HgSXUX
0ipJTzSnpngvm3Ytxf74uPRjM/7o/ZQ2ddOlvMmanDTpOoBtuhxlOz6atHRZ7uMz
i3OkrK6TRymDaGveSKqK
=kLKX
-----END PGP SIGNATURE-----