[ubuntu/precise-security] swift 1.4.8-0ubuntu2.2 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Thu Jun 20 02:22:29 UTC 2013
swift (1.4.8-0ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: fix unchecked input in XML responses
- debian/patches/CVE-2013-2161.patch: use saxutils.quoteattr() on account
name
- CVE-2013-2161
- LP: #1183884
* SECURITY UPDATE: optionally allow using secure json serialization instead
of pickle.
- debian/patches/CVE-2012-4406.patch: add memcache_serialization_support
option and update man pages
- debian/patches/memcache_serialization_support-default-to-zero.patch:
default to insecure pickle configuration for people upgrading.
Interested users can adjust this as desired
- CVE-2012-4406
- LP: #1006414
Date: 2013-06-17 20:30:29.327437+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/swift/1.4.8-0ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list