From steve.langasek at canonical.com  Mon May  3 12:45:02 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:02 -0000
Subject: [ubuntu/precise-security] gnupg 1.4.11-3ubuntu2.12 (Accepted)
Message-ID: <162004590232.5996.8016630998299889883.launchpad@ackee.canonical.com>

gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
    - debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
    - debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
      cipher/rsa.c.
    - CVE-2017-7526

gnupg (1.4.11-3ubuntu2.11) precise-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.dpatch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

Date: 2018-08-15 15:37:12.612502+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.12
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:16 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:16 -0000
Subject: [ubuntu/precise-security] icu 4.8.1.1-3ubuntu0.10 (Accepted)
Message-ID: <162004591657.6007.5952081591009378151.launchpad@ackee.canonical.com>

icu (4.8.1.1-3ubuntu0.10) precise-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2020-10531.patch: adds a int32_t overflow
      check when calculate a newLen in doReplace function in
      source/common/unistr.cpp.
    - CVE-2020-10531

icu (4.8.1.1-3ubuntu0.9) precise-security; urgency=medium

  * SECURITY UPDATE: double free
    - debian/patches/CVE-2017-14952.patch: fixes double free in
      createMetaZoneMappings() source/i18n/zonemeta.cpp.
    - CVE-2017-14952

icu (4.8.1.1-3ubuntu0.8) precise-security; urgency=medium

  * SECURITY UPDATE: out of bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle hunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - debian/patches/CVE-2017-786x-additional.patch: this patch was originally
      typed to debian Wheezy and applied here in order to adapt the original
      fix to Precise. Thanks to Roberto C. Sànchez.
    - CVE-2017-7867
    - CVE-2017-7868

Date: 2020-03-16 18:14:26.164013+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/icu/4.8.1.1-3ubuntu0.10
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:21 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:21 -0000
Subject: [ubuntu/precise-security] heimdal 1.6~git20120311.dfsg.1-2ubuntu0.2
 (Accepted)
Message-ID: <162004592128.5996.7499817786583262475.launchpad@ackee.canonical.com>

heimdal (1.6~git20120311.dfsg.1-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: avoiding impersonation and other attacks through
    unauthenticated portions of Kerberos tickets
    - debian/patches/CVE-2017-11103.patch: this patch assures that
      the KDC-REP service name is obtained from encrypted version.
    - CVE-2017-11103

Date: 2017-07-20 14:58:15.112340+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/heimdal/1.6~git20120311.dfsg.1-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:31 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:31 -0000
Subject: [ubuntu/precise-security] ipsec-tools 1:0.8.0-9ubuntu1.2 (Accepted)
Message-ID: <162004593144.6007.6045205269812294503.launchpad@ackee.canonical.com>

ipsec-tools (1:0.8.0-9ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: remote attacker exploitable DoS
    - debian/patches/CVE-2016-10396.patch: fix remotely exploitable DoS in
      src/racoon/isakmp_frag.c, src/racoon/isakmp_inf.c, src/racoon/isakmp.c,
      src/racoon/handler.h.
    - CVE-2016-10396

Date: 2017-11-16 13:24:24.095842+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/ipsec-tools/1:0.8.0-9ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:33 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:33 -0000
Subject: [ubuntu/precise-security] jinja2 2.6-1ubuntu0.2 (Accepted)
Message-ID: <162004593376.6008.1841353331853841194.launchpad@ackee.canonical.com>

jinja2 (2.6-1ubuntu0.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-3.patch: adding types and EscapeFormatter
      class to support the fixes from this CVE in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

Date: 2019-05-15 16:45:18.086312+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/jinja2/2.6-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:34 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:34 -0000
Subject: [ubuntu/precise-security] isc-dhcp 4.1.ESV-R4-0ubuntu5.13 (Accepted)
Message-ID: <162004593419.25021.18344856599402838071.launchpad@ackee.canonical.com>

isc-dhcp (4.1.ESV-R4-0ubuntu5.13) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in dhclient
    - debian/patches/CVE-2018-573x.patch: check option data size in
      common/options.c.
    - CVE-2018-5732
  * SECURITY UPDATE: reference counter overflow in dhcpd
    - debian/patches/CVE-2018-573x.patch: avoid overflow in
      common/options.c.
    - CVE-2018-5733

isc-dhcp (4.1.ESV-R4-0ubuntu5.12) precise; urgency=medium

  * ipv6: wait for duplicate address detection to finish (LP: #1633479).

isc-dhcp (4.1.ESV-R4-0ubuntu5.11) precise; urgency=medium

  * Don't assume IPv6 prefix length of 64 (LP: #1609898).
    Pulled from debian commit c347ab8a43587164486ce1f104eedfd638594e59.

Date: 2018-05-25 15:56:20.932427+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/isc-dhcp/4.1.ESV-R4-0ubuntu5.13
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:35 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:35 -0000
Subject: [ubuntu/precise-security] json-c 0.9-1ubuntu1.4 (Accepted)
Message-ID: <162004593544.5996.17750020820735729136.launchpad@ackee.canonical.com>

json-c (0.9-1ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c,
      also adds the  fix for the INT_MAX regression caused in
      previous update.
    - CVE-2020-12762

json-c (0.9-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY REGRESSION: last update caused a series of regressions,
    revert to previous version, removing patches applied
    CVE-2020-12762-*.patch (LP: #1878723).

json-c (0.9-1ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c.
    - CVE-2020-12762

Date: 2020-05-27 16:54:10.158178+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/json-c/0.9-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:38 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:38 -0000
Subject: [ubuntu/precise-security] keepalived 1:1.2.2-3ubuntu1.2 (Accepted)
Message-ID: <162004593803.5996.17790421762527165568.launchpad@ackee.canonical.com>

keepalived (1:1.2.2-3ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19115.patch: fix in
      lib/html.c.
    - CVE-2018-19115

Date: 2019-02-18 10:31:14.419104+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/keepalived/1:1.2.2-3ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:42 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:42 -0000
Subject: [ubuntu/precise-security] lcms 1.19.dfsg-1ubuntu3.1 (Accepted)
Message-ID: <162004594205.6008.5687573770374750278.launchpad@ackee.canonical.com>

lcms (1.19.dfsg-1ubuntu3.1) precise-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - fix in samples/icctrans.c, tifficc/tiffdiff.c.
    - CVE-2013-4276
  * SECURITY UPDATE: Integer overflow
    - fix in src/cmscgats.c.
    - CVE-2018-16435

Date: 2018-09-19 13:02:19.269379+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/lcms/1.19.dfsg-1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:45 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:45 -0000
Subject: [ubuntu/precise-security] lcms2 2.2+git20110628-2ubuntu3.3 (Accepted)
Message-ID: <162004594514.6008.3781266564762001591.launchpad@ackee.canonical.com>

lcms2 (2.2+git20110628-2ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-10165.patch: fix in src/cmstypes.c.
    - CVE-2016-10165
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-16435.patch: fix in src/cmscgats.c.
    - CVE-2018-16435
  * Removing broken clean on debian/rules

Date: 2018-09-20 11:30:12.812401+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/lcms2/2.2+git20110628-2ubuntu3.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:48 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:48 -0000
Subject: [ubuntu/precise-security] lftp 4.3.3-1ubuntu0.1 (Accepted)
Message-ID: <162004594849.6008.13215869481069354738.launchpad@ackee.canonical.com>

lftp (4.3.3-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Incorrectly sanitize remote file names
    - debian/patches/CVE-2018-10196.patch: fix in src/MirrorJob.cc.
    - CVE-2018-10196

Date: 2018-08-03 16:56:12.744254+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/lftp/4.3.3-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:51 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:51 -0000
Subject: [ubuntu/precise-security] libapache2-mod-perl2 2.0.5-5ubuntu1.1
 (Accepted)
Message-ID: <162004595181.5996.13419479413719540209.launchpad@ackee.canonical.com>

libapache2-mod-perl2 (2.0.5-5ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary perl code execution via .htaccess file
    - debian/patches/CVE-2011-2767.patch: only allow perl and pod sections
      in server configuration and not per directory in
      src/modules/perl/mod_perl.c.
    - CVE-2011-2767
  * Fix FTBFS caused by test failures due to Apache security updates.
    - debian/patches/370_http_syntax.patch
    - debian/patches/380_inject_header_line_terminators.patch
  * FIX FTBFS on hask_attack test
    - debian/patches/270_fix_hash_attack_test.patch

Date: 2018-11-21 18:44:12.718096+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libapache2-mod-perl2/2.0.5-5ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:45:54 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:45:54 -0000
Subject: [ubuntu/precise-security] libarchive-zip-perl 1.30-6ubuntu0.1
 (Accepted)
Message-ID: <162004595475.5996.1965652063296803554.launchpad@ackee.canonical.com>

libarchive-zip-perl (1.30-6ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Traversal path vulnerability
    - debian/patches/CVE-2018-10860.patch: fix in
      lib/Archive/Zip/Archive.pm and add test in
      t/25_traversal.t and some .zip files for test.
    - CVE-2018-10860

Date: 2018-07-03 14:58:14.490400+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libarchive-zip-perl/1.30-6ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:01 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:01 -0000
Subject: [ubuntu/precise-security] libbsd 0.3.0-2ubuntu0.1 (Accepted)
Message-ID: <162004596152.5996.17637102367632465799.launchpad@ackee.canonical.com>

libbsd (0.3.0-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2019-20367.patch: make sure that there is
      a bounded comparison in  src/nlist.c.
    - CVE-2019-20367

Date: 2020-01-16 12:38:15.638453+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libbsd/0.3.0-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:05 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:05 -0000
Subject: [ubuntu/precise-security] libcaca 0.99.beta17-2.1ubuntu2.1 (Accepted)
Message-ID: <162004596506.5996.3362508027763158269.launchpad@ackee.canonical.com>

libcaca (0.99.beta17-2.1ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: Floating point exception
    - debian/patches/CVE-2018-20544.patch: fix in
      caca/dither.c.
    - CVE-2018-20544
  * SECURITY UPDATE: Buffer over-write
    - debian/patches/CVE-2018-20545_20548_20549.patch:
      fix in src/common-image.h.
    - CVE-2018-20545
    - CVE-2018-20548
    - CVE-2018-20549
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2018-20546_20547.patch: fix in
      caca/dither.c.
    - CVE-2018-20546
    - CVE-2018-20547

Date: 2019-01-14 16:43:13.610481+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta17-2.1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:10 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:10 -0000
Subject: [ubuntu/precise-security] libdbi-perl 1.616-1ubuntu0.3 (Accepted)
Message-ID: <162004597009.5996.2769578957106710948.launchpad@ackee.canonical.com>

libdbi-perl (1.616-1ubuntu0.3) precise-security; urgency=medium

  * Rebuild no change for fixing unmet dependency.

Date: 2020-10-13 13:57:13.930917+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libdbi-perl/1.616-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:13 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:13 -0000
Subject: [ubuntu/precise-security] libexif 0.6.20-2ubuntu0.7 (Accepted)
Message-ID: <162004597378.5996.12791344500208343871.launchpad@ackee.canonical.com>

libexif (0.6.20-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-0452.patch: fixed a incorrect overflow check that could be
      optimized away in libexif/exif-entry.c.
    - CVE-2020-0452

libexif (0.6.20-2ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0093.patch: fix read
      buffer overflow making sure the number of bytes being
      copied from does not exceed the source buffer size in
      libexif/exif-data.c.
    - CVE-2020-0093
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
      overflow check for a size overflow while reading tags in
      libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif/mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.c.
    - CVE-2020-13112
  * SECURITY UPDATE: Possibly crash and potential use-after-free
    - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
      pointer is not dereferenced later in the case where the number of
      components is 0 in libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif-mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.
    - CVE-2020-13113
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-13114.patch: add a failsafe on the
      maximum number of Canon MakerNote subtags in
      libexif/canon/exif-mnote-data-canon.c.
    - CVE-2020-13114
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0182.patch: fix a buffer read
      overflow in exif_entry_get_value in libexif/exif-entry.c.
    - CVE-2020-0182
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
      in libexif/exif-data.c.
    - CVE-2020-0198

libexif (0.6.20-2ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20030.patch: improve deep recursion detection
      in exif_data_load_data_content in libexif/exif-data.c.
    - CVE-2018-20030
  * SECURITY UPDATE: Divinding by zero vulnerability
    - debian/patches/CVE-2020-12767.patch: check if d variable is not zeroed
      before use it in libexif/exif-entry.c
    - CVE-2020-12767

libexif (0.6.20-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2016-6328.patch: fix int overflow while parsing
      MNOTE entry data of the input file in
      libexif/pentax/mnote-pentax-entry.c
    - CVE-2016-6328
  * SECURITY UPDATE: Out-bouns heap read and denial of service
    - debian/patches/CVE-2017-7544.patch: fixes out-of-bounds heap read
      in exif_data_save_data_entry function in libexif/exif-data.c.
    - CVE-2017-7544
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2019-9278.patch: avoid the use of unsafe int overflow
      checking constructs and check for the actual sizes to avoid integer
      overflows in libexif/exif-data.c.
    - CVE-2019-9278

Date: 2020-11-09 12:48:13.993928+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libexif/0.6.20-2ubuntu0.7
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:17 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:17 -0000
Subject: [ubuntu/precise-security] aptdaemon 0.43+bzr805-0ubuntu10.1 (Accepted)
Message-ID: <162004597715.5996.14359685336189583120.launchpad@ackee.canonical.com>

aptdaemon (0.43+bzr805-0ubuntu10.1) precise-security; urgency=medium

  * Fix compatibility with python-apt security update (LP: #1858973)

Date: 2020-01-16 16:41:05.444536+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu10.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:17 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:17 -0000
Subject: [ubuntu/precise-security] apache2 2.2.22-1ubuntu1.15 (Accepted)
Message-ID: <162004597720.6008.10588927958462508162.launchpad@ackee.canonical.com>

apache2 (2.2.22-1ubuntu1.15) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312-*.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217

apache2 (2.2.22-1ubuntu1.14) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: optionsbleed information leak
    - debian/patches/CVE-2017-9798.patch: disallow method registration
      at run time in server/core.c.
    - CVE-2017-9798

apache2 (2.2.22-1ubuntu1.13) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: uninitialized memory reflection in mod_auth_digest
    - debian/patches/CVE-2017-9788.patch: correct string scope in
      modules/aaa/mod_auth_digest.c.
    - CVE-2017-9788

apache2 (2.2.22-1ubuntu1.12) precise-security; urgency=medium

  * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw()
    - debian/patches/CVE-2017-3167.patch: deprecate and replace
      ap_get_basic_auth_pw in include/ap_mm.h, include/http_protocol.h,
      server/protocol.c, server/request.c.
    - CVE-2017-3167
  * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection()
    - debian/patches/CVE-2017-3169.patch: fix ctx passed to
      ssl_io_filter_error() in modules/ssl/ssl_engine_io.c.
    - CVE-2017-3169
  * SECURITY UDPATE: denial of service and possible incorrect value return
    in HTTP strict parsing changes
    - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in
      server/util.c.
    - CVE-2017-7668
  * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header
    - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in
      modules/http/mod_mime.c.
    - CVE-2017-7679
  * SECURITY UPDATE: response splitting and cache pollution issue via
    imcomplete RCF7230 HTTP request grammar enforcing
    - debian/patches/CVE-2016-8743*.patch: enforce stricter parsing in
      include/http_core.h, include/http_protocal.h, include/httpd.h,
      modules/http/http_filters.c, server/core.c, server/gen_test_char.c,
      server/protocol.c, server/util.c, server/vhost.c.
      This patch set were applied from Wheezy. Patch CVE-2016-8743-4.patch
      fix a possible regression. Thanks Antoine Beaupre.
    - CVE-2016-8743
  * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and may
    introduce compatibility issues with clients that do not strictly
    follow specifications. A new configuration directive,
    "HttpProtocolOptions Unsafe" can be used to re-enable some of the less
    strict parsing restrictions, at the expense of security.

Date: 2019-04-09 20:19:10.482572+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.15
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:17 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:17 -0000
Subject: [ubuntu/precise-security] apport 2.0.1-0ubuntu17.16 (Accepted)
Message-ID: <162004597737.25890.7558972587019071892.launchpad@ackee.canonical.com>

apport (2.0.1-0ubuntu17.16) precise-security; urgency=medium

  * Disable apport as it is excluded from ESM.

Date: 2017-10-27 21:22:15.516250+00:00
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.16
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:19 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:19 -0000
Subject: [ubuntu/precise-security] aspell 0.60.7~20110707-1ubuntu0.1 (Accepted)
Message-ID: <162004597996.6007.15921862004616330163.launchpad@ackee.canonical.com>

aspell (0.60.7~20110707-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer over-read
    - debian/patches/CVE-2019-17544.patch: add checks
      in common/config.cpp, common/file_util.cpp,
      common/getdata.cpp.
    - CVE-2019-17544

Date: 2019-10-15 13:02:15.001678+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/aspell/0.60.7~20110707-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:20 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:20 -0000
Subject: [ubuntu/precise-security] bash 4.2-2ubuntu2.9 (Accepted)
Message-ID: <162004598070.6008.10874954465748826834.launchpad@ackee.canonical.com>

bash (4.2-2ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2012-6711.patch: making u32cconv() return
      the number of bytes instead a negative value  in
      lib/sh/unicode.c
    - CVE-2012-6711

bash (4.2-2ubuntu2.8) precise-security; urgency=medium

  * SECURITY UPDATE: rbash restriction bypass (LP: #1803441)
    - debian/patches/CVE-2019-9924.patch: if the shell is restricted,
      reject attempts to add pathnames containing slashes to the hash table
      in variables.c.
    - CVE-2019-9924

bash (4.2-2ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
    (LP: #1689304)
    - debian/patches/CVE-2016-7543.patch: check for root in variables.c.
    - CVE-2016-7543

Date: 2019-11-08 13:55:21.947800+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.9
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:22 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:22 -0000
Subject: [ubuntu/precise-security] avahi 0.6.30-5ubuntu2.3 (Accepted)
Message-ID: <162004598276.5996.7244686912886769731.launchpad@ackee.canonical.com>

avahi (0.6.30-5ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-6519-and-CVE-2018-1000845.patch:
      fix in avahi-core/server.c.
    - CVE-2017-6519
    - CVE-2018-1000845

Date: 2019-01-30 18:00:16.841373+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/avahi/0.6.30-5ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:24 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:24 -0000
Subject: [ubuntu/precise-security] bind9 1:9.8.1.dfsg.P1-4ubuntu0.32 (Accepted)
Message-ID: <162004598424.6007.6411565887512723412.launchpad@ackee.canonical.com>

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.32) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - properly calculate length in lib/dns/spnego.c.
    - CVE-2020-8625

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.31) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.30) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.29) precise-security; urgency=medium

  * Segfault: 'host' command could die if a UDP query timed out.
    commit adec9654d0177df1955a58409ab802106ac61bea at branch v9.8.

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.28) precise-security; urgency=medium

  * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
    - debian/patches/CVE-2018-5743.patch: add reference counting in
      bin/named/client.c, bin/named/include/named/client.h,
      bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
      lib/isc/include/isc/quota.h, lib/isc/quota.c,
      lib/isc/win32/libisc.def.in.
    - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
      operations with isc_refcount reference counting in
      bin/named/client.c, bin/named/include/named/interfacemgr.h,
      bin/named/interfacemgr.c.
    - CVE-2018-5743

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.27) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - lib/dns/zone.c: enhance rfc 5011 logging
    - lib/dns/include/dst/dst.h, lib/dns/zone.c: properly handle situations
      when the key tag cannot be computed.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - bin/named/xfrout.c: handle zone transfers marked in the zone table as
      a DLZ zone.
    - CVE-2019-6465

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.26) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - lib/dns/resolver.c: explicit DNAME query could trigger a crash if
      deny-answer-aliases was set
    - Patch backported from 9.9.13-P1.
    - CVE-2018-5740

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.25) precise-security; urgency=medium

  * SECURITY UPDATE: Assertion failure causing denial of service
    - lib/dns/validator.c and adds a couple of tests.
    - CVE-2018-5735

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.24) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - lib/dns/resolver.c: fix cleanup handling.
    - Patch backported from 9.9.11-P1.
    - CVE-2017-3145

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.23) precise-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues and regression
    - fix verification of TSIG signed TCP message sequences where not all
      the messages contain TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c, lib/dns/dnssec.c,
      lib/dns/message.c.
    - 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
    - CVE-2017-3142
    - CVE-2017-3143
  * Update the built in managed keys to include the upcoming root KSK in
    bind.keys, bin/named/bind.keys.h.
    - 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7

Date: 2021-02-26 17:19:10.680808+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.32
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:24 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:24 -0000
Subject: [ubuntu/precise-security] libffi 3.0.11~rc1-5ubuntu0.1 (Accepted)
Message-ID: <162004598415.6008.13076416828623858450.launchpad@ackee.canonical.com>

libffi (3.0.11~rc1-5ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: executable stack
    - debian/patches/CVE-2017-1000376.patch: add missing GNU stack markings
      in src/x86/win32.S.
    - CVE-2017-1000376

Date: 2017-10-18 16:47:18.465718+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libffi/3.0.11~rc1-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:27 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:27 -0000
Subject: [ubuntu/precise-security] bzr 2.5.1-0ubuntu2.1 (Accepted)
Message-ID: <162004598758.6008.4968725637743111175.launchpad@ackee.canonical.com>

bzr (2.5.1-0ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: Possible arbitrary code execution on clients
    through malicious bzr+ssh URLs
    - debian/patches/24_ssh_hostnames-lp1710979.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - debian/patches/fixing_test_fail.patch: test fails for
      test_smart_transport.py this patch comment the offended line out.
    - LP: #1710979
    - CVE-2017-14176

Date: 2017-10-19 17:43:30.704361+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/bzr/2.5.1-0ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:28 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:28 -0000
Subject: [ubuntu/precise-security] ca-certificates 20190110~12.04.1 (Accepted)
Message-ID: <162004598890.5996.12815263814204985823.launchpad@ackee.canonical.com>

ca-certificates (20190110~12.04.1) precise-security; urgency=medium

  * Update ca-certificates database to 20190110:
    - backport certain changes from the Ubuntu 19.10 20190110 package
  * mozilla/blacklist.txt: blacklist expired AddTrust External Root CA.

Date: 2020-06-01 14:53:28.453874+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/ca-certificates/20190110~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:29 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:29 -0000
Subject: [ubuntu/precise-security] bzip2 1.0.6-1ubuntu0.2 (Accepted)
Message-ID: <162004598972.6007.11343094622027438008.launchpad@ackee.canonical.com>

bzip2 (1.0.6-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

Date: 2019-07-04 12:25:14.003554+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:32 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:32 -0000
Subject: [ubuntu/precise-security] libgcrypt11 1.5.0-3ubuntu0.9 (Accepted)
Message-ID: <162004599246.6007.4963408622202722809.launchpad@ackee.canonical.com>

libgcrypt11 (1.5.0-3ubuntu0.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627.patch: add mitigation against timing
      attack in cipher/ecc.c, mpi/ec.c.
    - CVE-2019-13627

libgcrypt11 (1.5.0-3ubuntu0.8) precise-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc.
    - CVE-2018-0495

libgcrypt11 (1.5.0-3ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526

Date: 2020-01-28 15:47:24.609573+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.9
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:34 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:34 -0000
Subject: [ubuntu/precise-security] cpio 2.11-7ubuntu3.3 (Accepted)
Message-ID: <162004599466.6007.5172765616396165226.launchpad@ackee.canonical.com>

cpio (2.11-7ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: Improper input validation
    - debian/patches/CVE-2019-14866.patch: improve diagnostics,
      remove to_oct_or_error, adding new macro in
      src/copyout.c, src/extern.h, src/tar.c.
    - CVE-2019-14866

Date: 2019-11-05 15:58:15.114914+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/cpio/2.11-7ubuntu3.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:35 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:35 -0000
Subject: [ubuntu/precise-security] clamav 0.102.4+dfsg-0ubuntu0.12.04.1
 (Accepted)
Message-ID: <162004599576.5996.16815610626290781407.launchpad@ackee.canonical.com>

clamav (0.102.4+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.2 to fix security issues
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 115.
    - CVE-2020-3327
    - CVE-2020-3350
    - CVE-2020-3481

clamav (0.102.3+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.2 to fix security issues
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 114.
    - CVE-2020-3327
    - CVE-2020-3341

clamav (0.102.2+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.2 to fix security issue (CVE-2020-3123)
    - debian/patches/*: synced patches with 0.102.2+dfsg-1.
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 113.
    - debian/clamav-daemon.config.in, clamav-daemon.postinst.in:
      Removing ScanOnAccess option.
  * d/clamav-daemon.config.in: Correct error from ScanOnAccess option
    removal so that setting LogFile options via DebConf works again
    (Closes: #950296) (LP: #1860217)

clamav (0.102.1+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.1 to fix security issue (CVE-2019-15961)
    - debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1.
    - debian/clamav-daemon.postinst.in,clamav-freshclam.postinst.in: added
      new configuration options.
    - debian/clamav-docs.*: removed missing docs.
    - debian/libclamav9.install: added libfreshclam.so.2.
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 112.*
    - debian/control: adding libcurl4-openssl-dev as a new dependency for
      build freshclam, clamsubmit - See NEWS.md file.

clamav (0.101.4+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to version 0.101.4 to fix security issues.
    - debian/patches/*: sync patches with 0.101.4+dfsg-1ubuntu1.
    - debian/clamav-daemon.postinst.in: removed DetectBrokenExecutables,
      added MaxScanTime, HeuristicAlerts, Alert*.
    - debian/*: updated for new library version.
    - debian/libclamav9.symbols: updated for new version.
    - debian/clamav-docs*, debian/rules: fix doc file locations.
    - debian/libclam-dev.install: include new header file.
    - debian/rules, debian/control: build with --with autoreconf.
    - debian/rules: build with --with-system-libmspack.
    - CVE-2019-12625
    - CVE-2019-12900

clamav (0.100.3+dfsg-1ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2019-1010305

clamav (0.100.3+dfsg-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to version 0.100.3 to fix security issues. (LP: #1822503)
    - debian/libclamav7.symbols: updated to new version.
    - CVE-2019-1787
    - CVE-2019-1788
    - CVE-2019-1789

clamav (0.100.2+dfsg-1ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in
      libclamav/libmspack-0.5alpha/mspack/chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in libclamav/libmspack-0.5alpha/mspack/cab.h
    - CVE-2018-18584

clamav (0.100.2+dfsg-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to version 0.100.2 to fix security issue.
    - CVE-2018-15378
  * Bump to new symbol version
    - debian/rules: set CL_FLEVEL 93.
    - debian/libclamav7.symbols: updated to new version.
  * Removed patches included in new version:
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch
    - debian/patches/CVE-2018-14681.patch
    - debian/patches/CVE-2018-14682.patch

clamav (0.100.1+dfsg-1ubuntu0.12.04.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * debian/clamav-daemon.config.in: fix infinite loop during
    dpkg-reconfigure (LP: #1792051)

clamav (0.100.1+dfsg-1ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in libclamav/libmspack-0.5alpha/mspack/cchmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/kwajd.c.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2018-14682

clamav (0.100.1+dfsg-1ubuntu0.12.04.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY REGRESSION: clamav-daemon fails to start due to options
    removed in new version and manually edited configuration file.
    (LP: #1783632)
    - debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
      add patch from Debian stretch to simply warn about removed options.

clamav (0.100.1+dfsg-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Rebuild as security update for 12.04 to fix multiple issues
    - CVE-2018-0360
    - CVE-2018-0361
  * Disabling LLVM support:
    - debian/control: removing llvm-3.6-dev
    - debian/rules: removing llvm
  * Removing patches that adds LLVM support:
    - debian/patches/Add-support-for-LLVM-3.*.patch
  * Removing dependency for procps >= 1:3:3.2:
    - debian/control
    - debian/clamav-daemon.ini.in
    - debian/clamav-freshclam.ini.in

clamav (0.100.1+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Rebuild as security update for 14.04 to fix multiple issues
    - CVE-2018-0360
    - CVE-2018-0361
  * Re-enable LLVM support:
    - debian/control: add llvm-3.6-dev to BuildDepends.
    - debian/rules: add llvm back.
  * debian/clamav-daemon.postinst.in: updated version to drop support for
    clamav-daemon.socket.
  * debian/control: switch libtfm-dev to libtommath-dev, remove
    dh-strip-nondeterminism, electric-fence, and libsystemd-dev.
  * Use internal libmspack:
    - debian/control: remove libmspack-dev.
    - debian/rules: remove --with-system-libmspack.
    - debian/libclamav7.install: add libclammspack.so.0*.
    - debian/libclamav-dev.install: add libclammspack.so.
  * Revert to Debhelper in 14.04:
    - debian/compat: set to 8
    - debian/control: set debhelper to 8.9.7
  * debian/{libclamav7,libclamav-dev}.install: fix file locations
  * debian/rules: modify to not use dpkg-parsechangelog -S
  * debian/control: remove Multi-Arch and Rules-Requires-Root tags.
  * Don't built with json and curl:
    - debian/rules: remove --with-libjson and --with-libcurl=/usr.
    - debian/control: remove libjson-c-dev, libcurl4-openssl-dev.
    - debian/clamav.install: remove clamsubmit.
    - debian/clamav.manpages: remove clamsubmit.1.
  * Removed clamdscan package:
    - debian/control: removed package section
    - debian/clamdscan.*: removed and added files to clamav-daemon.*
  * Added clamav-dbg package:
    - debian/control: added package section
    - debian/rules: use --dbg-package, not --dbgsym-migration
  * debian/control: updated clamav-daemon Breaks versions.

clamav (0.100.1+dfsg-1ubuntu1) cosmic; urgency=medium

  * debian/control: switch Build-Depends from libpcre2-dev to libpcre3-dev
    as pcre2 is in Universe.

clamav (0.100.1+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Only create clamav user during clamav-base install if it does not exist
    (LP: #121872)
    - Thanks to Shane Williams for the patch
  * Remove spurious debian/changelog entry for the above change from the
    0.100.0~beta+dfsg-1 entry since the change was not actually included

  [ Sebastian Andrzej Siewior ]
  * Import new upstream.
  * Bump symbol version due to new version.
  * Add read permission for freshclam on /var/log in the apparmor profile.
    Thanks to Robie Basak (Closes: #902601).
  * Bump standards-version to 4.1.5 without further change

clamav (0.100.0+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - remove various documentation files including Changelog from the file
      list because they are no longer included in upstream archive.

clamav (0.100.0~beta+dfsg-2) unstable; urgency=medium

  * Switch to pcre2 which is newer (Closes: #891195).
  * Cherry pick patches referenced in bb#11973 and bb#11980 to fix
    CVE-2018-0202.
  * Use compat level 11.

clamav (0.100.0~beta+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Add lintian override for clamav-freshclam: duplicate-updaterc.d-calls-in-
    postinst clamav-freshclam
  * New upstream beta release
  * Bump standards-version to 4.1.3 without further change
  * Update README.Debian to describe how to disable apparmor for clamav-daemon
    and clamav-freshclam (Closes: #884707)

  [ Sebastian Andrzej Siewior ]
  * Point Vcs-* tags to salsa.

clamav (0.99.3~beta2+dfsg-1) unstable; urgency=medium

  * Update upstream's signing gpg key
  * Update to beta2:
    - freshclam does not complain that clamav is outdated (Closes: #876429).

clamav (0.99.3~beta1+dfsg-4) unstable; urgency=medium

  * Ignore errors from update-rc.d in freshclam postins (Closes: #882323).
  * Drop dh-systemd & autoreconf from B-D.

clamav (0.99.3~beta1+dfsg-3) unstable; urgency=medium

  * Drop "demime = *" from Debian.README for clamav, this option is gone from
    exim (Closes: #881634).
  * Use "ucf" instead "ucp" in clamav-milter's postinst.
  * Disable LLVM support due to 3.8 removal (Closes: #873401).
  * Disable the freshclam service if changed to `manual' mode so it does not start
    again after system reboot with systemd (Closes: #881780).
  * Bump standards version to 4.1.1 without further change.
  * Allow to build as non root user.
  * Update dh compat level 10

clamav (0.99.3~beta1+dfsg-2) unstable; urgency=medium

  * Build again against system's libmspack (dropped by accident)
    (Closes: #872594).
  * Don't replace config file with sample config after debconf gets disabled
    (in milter and daemon (Closes: #870253).
  * Update standards to 4.0.1
    - use invoke-rc.d instead of /etc/init.d.
    - drop priority extra from clamav-milter.
  * Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
    by Václav Ovsík <vaclav.ovsik at gmail.com> (Closes: #868766).

clamav (0.99.3~beta1+dfsg-1) unstable; urgency=medium

  * Upload to unstable
  * update to official beta1 release:
    - drop fts-no-use-AC_TRY_RUN.patch, applied upstream.

clamav (0.99.3~snapshot20170704+dfsg-1) experimental; urgency=medium

  * Update to upstream snapshot (commit
    144ef69462427b63a650294257c892b047601aac):
    - add config options
    - boost symbol file
    - drop applied patches:
      - Allow-M-suffix-for-PCREMaxFileSize.patch
      - bb11549-fix-temp-file-cleanup-issue.patch
      - clamav_add_private_fts_implementation.patch
      - drop-AllowSupplementaryGroups-option-and-make-it-def.patch
      - fix-ssize_t-size_t-off_t-printf-modifier.patch
      - libclamav-use-libmspack.patch
      - make_it_compile_against_openssl_1_1_0.patch
    - add new ones:
      - fts-no-use-AC_TRY_RUN.patch
      - clamsubmit-add-JSON-libs-to-clamsubmit.patch

clamav (0.99.2+dfsg-6) unstable; urgency=medium

  * Fix detection of curl. Patch by Reiner Herrmann <reiner at reiner-h.de>
    (Closes: #852894).

clamav (0.99.2+dfsg-5) unstable; urgency=medium

  [ Andreas Cadhalpun ]
  * Add patches to support LLVM 3.7-3.9.
  * Re-enable llvm support.
  * Update embedded-library lintian override for multiarch locations.
  * Update standards version to 3.9.8. (no changes needed)
  * Mark clamav-docs and clamav-testfiles as Multi-Arch foreign and
    libclamav7 as same.
  * Fix spelling errors in the debian files. (Closes: #825055)
  * Remove unused package-contains-timestamped-gzip lintian-override.
  * Fix wildcard-matches-nothing-in-dep5-copyright lintian warning.

  [ Sebastian Andrzej Siewior ]
  * Remove clamav-daemon.service.d on purge (Closes: #842074).
  * Fix FTCBFS: Annotate interpreter dependencies with :native. Patch by
    Helmut Grohne (Closes: #844066).
  * Drop bc from B-D, it seems we no longer need it.
  * Cherry-pick patch from bb11549 to fix a temp file cleanup issue
    (Closes: #824196).

clamav (0.99.2+dfsg-4) unstable; urgency=medium

  * Remove Stephen Gran as Uploader and thank you for your work
    (Closes: #838405).
  * Drop llvm supported for now. The bytecode will be interpreted by clamav
    instead of llvm's JIT - there is no loss in functionality. It will come back
    once we llvm support again (Closes: #839850).

clamav (0.99.2+dfsg-3) unstable; urgency=medium

  * BD on dh-strip-nondeterminism.
  * get it compiled against openssl 1.1.0 (Closes: #828083).
  * Drop support for clamav-daemon.socket. Should avoid restart loops if clamd
    crashes on start (via OOM for instance). (Closes: #824042).

clamav (0.99.2+dfsg-2) unstable; urgency=medium

  * Ensure the users of PRIVATE symbols (clamd + freshclam) do not fall
    behind a upstream version (Closes: #824485).

clamav (0.99.2+dfsg-1) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * also remove bytecode.cld on purge
  * Update to new upstream release 0.99.2
  * Drop AllowSupplementaryGroups option which is default now
    (Closes: #822444).
  * Let the LSB init script have more consistent output. Patch by Guillem
    Jover (Closes: #823074).

Date: 2020-07-24 18:00:18.826063+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:37 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:37 -0000
Subject: [ubuntu/precise-security] curl 7.22.0-3ubuntu4.29 (Accepted)
Message-ID: <162004599708.6007.7498136545330549347.launchpad@ackee.canonical.com>

curl (7.22.0-3ubuntu4.29) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: FTP redirect to malicious host via PASV response
    - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by
      default in lib/url.c, src/main.c.
    - CVE-2020-8284
  * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl
    - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of
      recurse in lib/ftp.c.
    - CVE-2020-8285

curl (7.22.0-3ubuntu4.28) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: curl overwrite local file with -J
    - debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
      src/tool_cb_hdr.c, src/tool_getparam.c.
    - CVE-2020-8177

curl (7.22.0-3ubuntu4.27) precise-security; urgency=medium

  [ Alex Murray ]
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

curl (7.22.0-3ubuntu4.26) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5436.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5436

curl (7.22.0-3ubuntu4.24) precise-security; urgency=medium

  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/CVE-2018-16842.patch: fix bad arithmetic
      in src/tool_msgs.c.
    - CVE-2018-16842

curl (7.22.0-3ubuntu4.23) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

curl (7.22.0-3ubuntu4.21) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in FTP URL handling
    - debian/patches/CVE-2018-1000120.patch: fix in lib/ftp.c,
      add test test/data/test340.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122
  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

curl (7.22.0-3ubuntu4.20) precise-security; urgency=medium

  * SECURITY UPDATE: leak authentication data
    - debian/patches/CVE-2018-1000007.patch: prevent custom
      authorization headers in redirects in lib/http.c,
      lib/url.c, lib/urldata.h, tests/data/Makefile.in,
      tests/data/test317, tests/data/test318.
    - CVE-2018-1000007

curl (7.22.0-3ubuntu4.19) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

curl (7.22.0-3ubuntu4.18) precise-security; urgency=medium

  * SECURITY UPDATE: printf floating point buffer overflow
    - debian/patches/CVE-2016-9586.patch: fix floating point buffer
      overflow issues in lib/mprintf.c, added test to tests/data/test557,
      tests/libtest/lib557.c.
    - CVE-2016-9586
  * SECURITY UPDATE: TFTP sends more than buffer size
    - debian/patches/CVE-2017-1000100.patch: reject file name lengths that
      don't fit in lib/tftp.c.
    - CVE-2017-1000100
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.am, tests/data/test1152.
    - CVE-2017-1000254
  * SECURITY UPDATE: --write-out out of buffer read
    - debian/patches/CVE-2017-7407-1.patch: fix a buffer read overrun in
      src/writeout.c added test to tests/data/Makefile.am,
      tests/data/test1440, tests/data/test1441.
    - debian/patches/CVE-2017-7407-2.patch: check for end of input in
      src/_writeout.c added test to tests/data/Makefile.am,
      tests/data/test1442.
    - CVE-2017-7407
  * SECURITY UPDATE: IMAP FETCH response out of bounds read
    - debian/patches/CVE-2017-1000257.patch: check size in lib/imap.c.
    - CVE-2017-1000257

Date: 2020-12-04 15:08:43.959595+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.29
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:39 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:39 -0000
Subject: [ubuntu/precise-security] davfs2 1.4.6-1ubuntu3.1 (Accepted)
Message-ID: <162004599996.6007.8821329559278386321.launchpad@ackee.canonical.com>

davfs2 (1.4.6-1ubuntu3.1) precise-security; urgency=medium

  * SECURITY UPDATE: Added missing '\r' in constant
    none_match_header
    - webdav.c: fix missing '\r'. This update is
      required since apache2 fails for davfs2
      test after CVE-2016-8743 update.

Date: 2017-07-31 14:43:18.942319+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/davfs2/1.4.6-1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:41 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:41 -0000
Subject: [ubuntu/precise-security] cyrus-sasl2 2.1.25.dfsg1-3ubuntu0.2
 (Accepted)
Message-ID: <162004600105.5996.1754961301548969467.launchpad@ackee.canonical.com>

cyrus-sasl2 (2.1.25.dfsg1-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Off-by-one
    - debian/patches/CVE-2019-19906.patch: fix in _sasl_add_string function
    - CVE-2019-19906
  * Thanks Debian for the patch provide that (Closes: #947043)

Date: 2020-01-28 11:13:32.992067+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.25.dfsg1-3ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:44 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:44 -0000
Subject: [ubuntu/precise-security] db4.8 4.8.30-11ubuntu1.1 (Accepted)
Message-ID: <162004600498.5996.1900592307604851940.launchpad@ackee.canonical.com>

db4.8 (4.8.30-11ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: Berkeley DB reads DB_CONFIG from cwd
    - debian/patches/CVE-2017-10140.patch in src/env/env_open.c.
    - CVE-2017-10140

Date: 2017-11-16 20:03:26.317501+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/db4.8/4.8.30-11ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:45 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:45 -0000
Subject: [ubuntu/precise-security] db 5.1.25-11ubuntu0.1 (Accepted)
Message-ID: <162004600544.6007.3859874343226222457.launchpad@ackee.canonical.com>

db (5.1.25-11ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Berkeley DB reads DB_CONFIG from cwd
    - debian/patches/CVE-2017-10140.patch in src/env/env_open.c.
    - CVE-2017-10140

Date: 2017-11-16 20:57:22.375737+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/db/5.1.25-11ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:44 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:44 -0000
Subject: [ubuntu/precise-security] libgd2 2.0.36~rc1~dfsg-6ubuntu2.6 (Accepted)
Message-ID: <162004600444.6008.14383689895124783772.launchpad@ackee.canonical.com>

libgd2 (2.0.36~rc1~dfsg-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in gd_png.c.
    - CVE-2017-6362

libgd2 (2.0.36~rc1~dfsg-6ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak in src/gd_gif_in.c,
    - CVE-2017-7890

Date: 2017-09-05 13:34:14.293349+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libgd2/2.0.36~rc1~dfsg-6ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:48 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:48 -0000
Subject: [ubuntu/precise-security] dbus 1.4.18-1ubuntu1.10 (Accepted)
Message-ID: <162004600843.5996.843378809279436710.launchpad@ackee.canonical.com>

dbus (1.4.18-1ubuntu1.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2020-12049.patch: on MSG_CTRUNC, close the fds
      we did receive in dbus/dbus-sysdeps-unix.c.
    - CVE-2020-12049

dbus (1.4.18-1ubuntu1.9) precise-security; urgency=medium

  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - debian/patches/CVE-2019-12749*.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c, enforce hardening EXTERNAL auth in
      bus/session.conf.in, cmake/CMakeLists.txt, configure.ac.
    - CVE-2019-12749

Date: 2020-06-15 19:11:14.457832+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.10
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:49 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:49 -0000
Subject: [ubuntu/precise-security] libidn 1.23-2ubuntu0.2 (Accepted)
Message-ID: <162004600957.6007.18119707043272810277.launchpad@ackee.canonical.com>

libidn (1.23-2ubuntu0.2) precise-security; urgency=medium

  [ Marc Deslauries ]
  * SECURITY UPDATE:  Integer overflow
    - debian/patches/CVE-2017-14062.patch: fix integer overflow
      in punycode.c.
    - CVE-2017-14062

Date: 2017-10-17 20:40:43.672418+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libidn/1.23-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:50 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:50 -0000
Subject: [ubuntu/precise-security] distro-info 0.8.2ubuntu1 (Accepted)
Message-ID: <162004601051.6008.13454281206980536384.launchpad@ackee.canonical.com>

distro-info (0.8.2ubuntu1) precise; urgency=medium

  * Provide support for the milestone eol-esm and add filters for
    supported-esm to ubuntu-distro-info along with the python and perl
    modules. (LP: #1808038, LP: #1825553)

Date: 2019-04-23 10:45:16.615500+00:00
Changed-By: Adam Conrad <adconrad at 0c3.net>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/distro-info/0.8.2ubuntu1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:53 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:53 -0000
Subject: [ubuntu/precise-security] libjpeg-turbo 1.1.90+svn733-0ubuntu4.6
 (Accepted)
Message-ID: <162004601344.6008.15180026981334096312.launchpad@ackee.canonical.com>

libjpeg-turbo (1.1.90+svn733-0ubuntu4.6) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2020-13790.patch: fix buf overrun caused
      by bad binary PPM in rdppm.c.
    - CVE-2020-13790

libjpeg-turbo (1.1.90+svn733-0ubuntu4.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via JPEG file
    - debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c.
    - CVE-2014-9092
  * SECURITY UPDATE: denial of service via crafted file
    - debian/patches/CVE-2016-3616.patch: check range of integer values in
      PPM text file in cderror.h, rdppm.c.
    - CVE-2016-3616
    - CVE-2018-11213
    - CVE-2018-11214
  * SECURITY UPDATE: divide-by-zero via crafted file
    - debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c.
    - CVE-2018-11212
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

libjpeg-turbo (1.1.90+svn733-0ubuntu4.4) precise; urgency=medium

  * Updated FixLibraryStartup.patch to properly close /proc/self/auxv.
    (LP: #1189939)

Date: 2020-06-08 12:40:15.395092+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.1.90+svn733-0ubuntu4.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:54 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:54 -0000
Subject: [ubuntu/precise-security] distro-info-data 0.8ubuntu0.21 (Accepted)
Message-ID: <162004601402.6007.1966566908312495730.launchpad@ackee.canonical.com>

distro-info-data (0.8ubuntu0.21) precise-security; urgency=medium

  * Add Ubuntu 20.10, Groovy Gorilla. (LP: #1874843)

distro-info-data (0.8ubuntu0.20) precise-security; urgency=medium

  * Add Ubuntu 21.04, Hirsute Hippo (LP: #1901361).

distro-info-data (0.8ubuntu0.19) precise; urgency=medium

  * Copy data from 0.40ubuntu3:
    - Add Ubuntu 20.04 LTS, with 5 years LTS and 10 years ESM. (LP: #1848688)

distro-info-data (0.8ubuntu0.18) precise; urgency=medium

  * Replace EANIMAL placeholder with Ermine.

distro-info-data (0.8ubuntu0.17) precise; urgency=medium

  * Add in eol-server and eol-esm dates for all Ubuntu LTS releases.
    (LP: #1814976, LP: #1808038)
  * Correct EOL dates for trusty (LP: #1825553)

distro-info-data (0.8ubuntu0.16) precise; urgency=medium

  * Copy data from 0.39ubuntu2:
    - Add Ubuntu 19.10 Eoan EANIMAL. (LP: #1825379)

distro-info-data (0.8ubuntu0.15) precise; urgency=medium

  * Copy data from 0.39:
    - Add Ubuntu 19.04 Disco Dingo. (LP: #1800656)

distro-info-data (0.8ubuntu0.14) precise; urgency=medium

  * Copy data from 0.38:
    - Add Ubuntu 18.10 Cosmic Cuttlefish. (LP: #1769992)
    - Correct EOL date for zesty. (LP: #1743936)
    - Adjust provisional creation date for Debian 11 Bullseye to August 2019.
      The release-team expects Buster to release "some time mid-2019".
    - Add Debian 12 Bookworm, with a provisional creation date.

distro-info-data (0.8ubuntu0.13) precise; urgency=medium

  * Copy data from 0.37 (LP: #1727046)
    - Set EOL date for Debian Wheezy.
    - Set (provisional) EOL date for Debian Jessie.
    - Set release date for Stretch (and matching creation date for Buster).
    - Add Ubuntu 18.04 LTS Bionic Beaver.

Date: 2020-11-04 22:22:13.642805+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/distro-info-data/0.8ubuntu0.21
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:46:58 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:46:58 -0000
Subject: [ubuntu/precise-security] dovecot 1:2.0.19-0ubuntu2.8 (Accepted)
Message-ID: <162004601844.6008.14821520719268301932.launchpad@ackee.canonical.com>

dovecot (1:2.0.19-0ubuntu2.8) precise-security; urgency=medium

  * SECURITY REGRESSION: updating CVE-2019-11500-3.patch with the right check

dovecot (1:2.0.19-0ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
    heap memory writes
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

dovecot (1:2.0.19-0ubuntu2.6) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect client certificate validation
    - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
      username in src/auth/auth-request.c.
    - debian/patches/CVE-2019-3814-2.patch: fail authentication if
      certificate username was unexpectedly missing in
      src/auth/auth-request-handler.c.
    - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
      certificate in src/login-common/sasl-server.c.
    - CVE-2019-3814

dovecot (1:2.0.19-0ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

dovecot (1:2.0.19-0ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: passdb exploitable throuh checkpassword
    - debian/patches/CVE-2013-6171.patch: refuse to run checkpassword
      script insecurely by default in src/auth/checkpassword-reply.c,
      src/auth/db-checkpassword.c.
    - CVE-2013-6171
  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
      src/lib-auth/auth-server-connection.c,
      src/lib-auth/auth-serser-connection.h.
    - CVE-2017-15132

dovecot (1:2.0.19-0ubuntu2.2) precise; urgency=medium

  * Backport support for the ssl_protocols setting to easily allow
    disabling SSLv3. (LP: #1381537)
    - debian/patches/backport_ssl_protocols.patch: added new setting to
      src/login-common/login-settings.c, src/login-common/login-settings.h,
      src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.

Date: 2019-08-28 17:13:27.534455+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.0.19-0ubuntu2.8
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:01 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:01 -0000
Subject: [ubuntu/precise-security] dnsmasq 2.59-4ubuntu0.4 (Accepted)
Message-ID: <162004602180.6007.15194211158926451171.launchpad@ackee.canonical.com>

dnsmasq (2.59-4ubuntu0.4) precise-security; urgency=medium

  * REGRESSION UPDATE: a offset error passed in the last update that cause a
    regresion in dnsmasq this update fix this issue.

dnsmasq (2.59-4ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: add fixes to correct multiple security issues
    - CVE-2017-14491 DNS heap buffer overflow.
    - CVE-2017-14492, DHCPv6 RA heap overflow.
    - CVE-2017-14493, DHCPv6 - Stack buffer overflow.
    - CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
    - CVE-2017-14495, OOM in DNS response creation.
    - CVE-2017-14496, Integer underflow in DNS response creation.

Date: 2018-01-03 21:29:12.677131+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/dnsmasq/2.59-4ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:04 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:04 -0000
Subject: [ubuntu/precise-security] dpkg 1.16.1.2ubuntu7.9 (Accepted)
Message-ID: <162004602480.6008.2219682655433617869.launchpad@ackee.canonical.com>

dpkg (1.16.1.2ubuntu7.9) precise-security; urgency=medium

  * Fix physical file offset comparison in dpkg. Closes: #808912
    Thanks to Yuri Gribov <tetra2005 at gmail.com>.
    - adbdfb0dd9cec401609fd3eef232b7ff2153db7f
  * Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
    for the filesystem containing the info database. LP: #872734
    - 916bdba9095bd361cb2bccd6f566ecffdb206193

dpkg (1.16.1.2ubuntu7.8) precise; urgency=medium

  * Backport from Debian (LP: #1587667):
    - Allow detached upstream signatures for upstream orig.tar files in the
      .dsc file. Suggested by Daniel Kahn Gillmor <dkg at fifthhorseman.net>.
      Closes: #759478
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages.

Date: 2020-02-07 16:21:14.825837+00:00
Changed-By: Jamie Strandboge <jamie at strandboge.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/dpkg/1.16.1.2ubuntu7.9
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:06 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:06 -0000
Subject: [ubuntu/precise-security] e2fsprogs 1.42-1ubuntu2.5 (Accepted)
Message-ID: <162004602670.6007.5800936107499197083.launchpad@ackee.canonical.com>

e2fsprogs (1.42-1ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2019-5188-*.patch:  abort if there is a corrupted
      directory block when rehashing and don't try to rehash a deleted directory
      in e2fsck/rehash.c, e2fsck/pass1b.c.
    - CVE-2019-5188

e2fsprogs (1.42-1ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write on the heap
    - debian/patches/CVE-2019-5094.patch: add checks to prevent
      buffer overrun in quota code in lib/quota/quotaio_tree.c,
      lib/quota/quotaio_v2.c.
    - CVE-2019-5094

e2fsprogs (1.42-1ubuntu2.3) precise; urgency=low

  * fix rule-violating lblk->pblk mappings on bigalloc filesystems (LP: #1321418)

Date: 2020-01-22 13:07:17.480873+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/e2fsprogs/1.42-1ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:11 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:11 -0000
Subject: [ubuntu/precise-security] expat 2.0.1-7.2ubuntu1.7 (Accepted)
Message-ID: <162004603164.6007.3340266534544447444.launchpad@ackee.canonical.com>

expat (2.0.1-7.2ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-15903.dpatch: Deny internal
      entities closing the doctype in lib/xmlparse.c.
    - CVE-2019-15903

expat (2.0.1-7.2ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20843.dpatch: adds a break in
      setElementTypePrefix avoiding consume a high amount of RAM
      and CPU in lib/xmlparser.c
    - CVE-2018-20843

expat (2.0.1-7.2ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.dpatch: add check to lib/xmlparse.c.
    - CVE-2017-9233

Date: 2019-09-12 13:59:13.835185+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:12 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:12 -0000
Subject: [ubuntu/precise-security] eglibc 2.15-0ubuntu10.23 (Accepted)
Message-ID: <162004603206.6008.10859423370102922326.launchpad@ackee.canonical.com>

eglibc (2.15-0ubuntu10.23) precise-security; urgency=medium

  * Removing locale/locales-all from debian/control since in Precise
    it uses langpack-locales and no binary is created in eglibc for locales

eglibc (2.15-0ubuntu10.22) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patch/CVE-2018-6485.patch: fix integer overflows in
      internal memallign and malloc functions in
      malloc/malloc.c.
    - CVE-2018-6485

eglibc (2.15-0ubuntu10.21) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer underflow in realpath()
    - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff:
      Make getcwd(3) fail if it cannot obtain an absolute path
    - CVE-2018-1000001

eglibc (2.15-0ubuntu10.20) precise-security; urgency=medium

  * SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
    - debian/patches/any/CVE-2017-1000366.patch: Completely ignore
      LD_LIBRARY_PATH for AT_SECURE=1 programs
    - CVE-2017-1000366
  * SECURITY UPDATE: LD_PRELOAD stack corruption
    - debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
      Reject overly long names or names containing directories in
      LD_PRELOAD for AT_SECURE=1 programs.
  * debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
    additional consistency check for 1-byte overflows
  * debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
    LD_HWCAP_MASK for AT_SECURE=1 programs

Date: 2020-03-06 13:51:34.505624+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.23
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:15 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:15 -0000
Subject: [ubuntu/precise-security] file 5.09-2ubuntu0.8 (Accepted)
Message-ID: <162004603572.6007.18404281788524997401.launchpad@ackee.canonical.com>

file (5.09-2ubuntu0.8) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
    - debian/patches/CVE-2019-18218.patch: limit the number of elements in
      a vector in src/cdf.*.
    - CVE-2019-18218

file (5.09-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: memory corruption in file_check_mem.
    - debian/patches/CVE-2015-8865.patch: properly calculate length in
      src/funcs.c.
    - CVE-2015-8865
  * SECURITY UPDATE: out-of-bounds read via crafted ELF file
    - debian/patches/CVE-2018-10360.patch: add bounds check to
      src/readelf.c.
    - CVE-2018-10360

Date: 2019-10-31 15:03:15.592961+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.8
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:17 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:17 -0000
Subject: [ubuntu/precise-security] freetype 2.4.8-1ubuntu2.7 (Accepted)
Message-ID: <162004603762.6008.15120179363822356243.launchpad@ackee.canonical.com>

freetype (2.4.8-1ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches-freetype/CVE-2015-9381.patch: check
      if 'eexec' doesn't exceed 'limit' in src/type1/t1parse.c
    - CVE-2015-9381
  * SECURITY UPDATE: buffer over-read
    - debian/patches-freetype/CVE-2015-9382.patch: ensure that
      the cursor position doesn't get larger than the current limit
      in src/psaux/psobjs.c.
    - CVE-2015-9382
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches-freetype/CVE-2015-9383.patch: check
      limit before accessing 'numRanges' and numMappings in
      src/sfnt/ttcmap.c.
    - CVE-2015-9383

Date: 2019-09-06 15:05:32.743768+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/freetype/2.4.8-1ubuntu2.7
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:18 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:18 -0000
Subject: [ubuntu/precise-security] gettext 0.18.1.1-5ubuntu3.1 (Accepted)
Message-ID: <162004603809.26058.4293907880636751140.launchpad@ackee.canonical.com>

gettext (0.18.1.1-5ubuntu3.1) precise-security; urgency=medium

  * SECURITY UPDATE: Invalid free
    - debian/patches/CVE-2018-18751.patch: fix in
      gettext-tools/src/read-catalog.c,
      gettext-tools/tests/Makefile.am,
      gettext-tools/tests/xgettext-po-2.
   - CVE-2018-18751

Date: 2018-11-09 13:22:14.291560+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/gettext/0.18.1.1-5ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:47:21 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:47:21 -0000
Subject: [ubuntu/precise-security] glib2.0 2.32.4-0ubuntu1.4 (Accepted)
Message-ID: <162004604126.6007.9523514864156488438.launchpad@ackee.canonical.com>

glib2.0 (2.32.4-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update (LP: #1838890)
    - debian/patches/CVE-2019-13012-regression.patch: fix a
      memory leak introduced by the last security update while
      not properly handled the g_file_get_patch function in
      gio/gkeyfilesettingsbackend.c.

Date: 2019-08-05 17:06:18.586317+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/glib2.0/2.32.4-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:48:59 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:48:59 -0000
Subject: [ubuntu/precise-security] libmspack 0.4-1~12.04.1 (Accepted)
Message-ID: <162004613994.5996.9457470336169839162.launchpad@ackee.canonical.com>

libmspack (0.4-1~12.04.1) precise-security; urgency=medium

  * Rebuilding for  precise/esm

Date: 2019-10-02 18:18:13.321717+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libmspack/0.4-1~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:07 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:07 -0000
Subject: [ubuntu/precise-security] libnl3 3.2.3-2ubuntu2.1 (Accepted)
Message-ID: <162004614772.6007.4771138004397876889.launchpad@ackee.canonical.com>

libnl3 (3.2.3-2ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: integer-overflow in nlmsg_reserve()
    - debian/patches/CVE-2017-0553.patch: check len in lib/msg.c.
    - CVE-2017-0553

Date: 2017-06-16 17:23:14.221062+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libnl3/3.2.3-2ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:09 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:09 -0000
Subject: [ubuntu/precise-security] libpam-krb5 4.5-3ubuntu0.1 (Accepted)
Message-ID: <162004614908.6008.8035122475960952354.launchpad@ackee.canonical.com>

libpam-krb5 (4.5-3ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: One-byte buffer overflow
    - debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
      boundaries in prompting.c.
    - CVE-2020-10595

Date: 2020-03-24 13:45:16.394954+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libpam-krb5/4.5-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:11 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:11 -0000
Subject: [ubuntu/precise-security] libpam-radius-auth 1.3.17-0ubuntu3.1
 (Accepted)
Message-ID: <162004615169.5996.1558280096527099390.launchpad@ackee.canonical.com>

libpam-radius-auth (1.3.17-0ubuntu3.1) precise-security; urgency=medium

   [ Marc Deslauriers ]
   * SECURITY UPDATE: DoS via stack overflow in password field
    - debian/patches/CVE-2015-9542-1.patch: use length, which has been
      limited in size in pam_radius_auth.c.
    - debian/patches/CVE-2015-9542-2.patch: clear out trailing part of the
      buffer in pam_radius_auth.c.
    - debian/patches/CVE-2015-9542-3.patch: copy password to buffer before
      rounding length in pam_radius_auth.c.
    - debian/rules: added new patches.
    - CVE-2015-9542

Date: 2020-02-20 16:23:14.919779+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libpam-radius-auth/1.3.17-0ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:14 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:14 -0000
Subject: [ubuntu/precise-security] libpcap 1.1.1-10ubuntu0.1 (Accepted)
Message-ID: <162004615443.6008.5561975822614901476.launchpad@ackee.canonical.com>

libpcap (1.1.1-10ubuntu0.1) precise-security; urgency=medium

  [ Steve Beattie ]
  * SECURITY UPDATE: pcapng reading buffer over-read.
    - debian/patches/CVE-2019-15165-1.patch: do sanity checks on PHB
      header length before allocating memory.
    - debian/patches/CVE-2019-15165-2.patch: fix introduced format
      warning
    - CVE-2019-15165

Date: 2020-01-15 15:03:14.268667+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libpcap/1.1.1-10ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:17 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:17 -0000
Subject: [ubuntu/precise-security] libpng 1.2.46-3ubuntu4.3 (Accepted)
Message-ID: <162004615748.5996.3939238494168058654.launchpad@ackee.canonical.com>

libpng (1.2.46-3ubuntu4.3) precise-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2016-10087.patch: fix in png.c.
    - CVE-2016-10087

Date: 2018-07-10 20:18:25.575377+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:21 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:21 -0000
Subject: [ubuntu/precise-security] libsdl1.2 1.2.14-6.4ubuntu3.2 (Accepted)
Message-ID: <162004616166.6007.5281971275305986444.launchpad@ackee.canonical.com>

libsdl1.2 (1.2.14-6.4ubuntu3.2) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-13616.patch: validate image size
      when loading BMP files in src/video/SDL_bmp.c.
    - CVE-2019-13616
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2019-7572*.patch: moving clamping the index
      value at beginning of IMA_ADPCM_nibble in src/audio/SDL_wave.c.
    - CVE-2019-7572
  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-7573-76.patch: check if MS ADPCK chunk
      was too short in src/audio/SDL_wave.c.
    - CVE-2019-7573
    - CVE-2019-7576
  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-7574.patch: check if data chunk
      was shorter than expected based on WAF format in
      src/audio/SDL_wave.c.
    - CVE-2019-7574
  * SECURITY UPDATE: Heap-based buffer overflow and buffer over-read
    - debian/patches/CVE-2019-7575-77-2.patch: check if
      a WAV format defines shorter audio stream in
      src/audio/SDL_wave.c.
    - debian/patches/CVE-2019-7577.patch: checks overread in
      src/audio/SDL_wave.c.
    - CVE-2019-7575
    - CVE-2019-7577
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7578.patch: fix in
      src/audio/SDL_wave.c.
    - CVE-2019-7578
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7635.patch: fix in
      src/video/SDL_bmp.c.
    - CVE-2019-7635
  * SECURITY UPDATE: heap-baed buffer over-read
    - debian/patches/CVE-2019-7636.patch: fix in
      src/video/SDL_bmp.c.
    - CVE-2019-7636
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-7637*.patch: fix in
      src/video/SDL_pixels.c, src/video/gapi/SDL_gapivideo.c.
    - CVE-2019-7637
  * fixing a patch error
    - debian/patches/fix_error_patching*.patch: in
      src/audio/SDL_wave.c, src/video/SDL_pixels.c.

Date: 2019-10-16 13:19:13.939551+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libsdl1.2/1.2.14-6.4ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:23 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:23 -0000
Subject: [ubuntu/precise-security] libtasn1-3 2.10-1ubuntu1.6 (Accepted)
Message-ID: <162004616342.6008.579637383026780587.launchpad@ackee.canonical.com>

libtasn1-3 (2.10-1ubuntu1.6) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks lib/parser_aux.c.
    - CVE-2017-6891

Date: 2017-07-11 18:57:16.377525+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:27 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:27 -0000
Subject: [ubuntu/precise-security] libtirpc 0.2.2-5ubuntu0.1 (Accepted)
Message-ID: <162004616721.6008.6775335093866862565.launchpad@ackee.canonical.com>

libtirpc (0.2.2-5ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-4429.diff: fix in src/clnt_dg.c.
    - CVE-2016-4429
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-8779.patch: fix in src/rpc_generic.c,
      src/rpcb_prot.c, src/rpcb_st_xdr.c, src/xdr.c.
    - CVE-2017-8779
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14622.patch: fix in src/svc_c.c.
    - CVE-2018-14622

Date: 2018-09-04 16:40:17.373457+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libtirpc/0.2.2-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:29 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:29 -0000
Subject: [ubuntu/precise-security] libx11 2:1.4.99.1-0ubuntu2.5 (Accepted)
Message-ID: <162004616991.6008.12915567339942601147.launchpad@ackee.canonical.com>

libx11 (2:1.4.99.1-0ubuntu2.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: integer overflow and heap overflow in XIM client
    - debian/patches/CVE-2020-14344-1.patch: fix signed length values in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-2.patch: fix integer overflows in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-3.patch: fix more unchecked lengths in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-4.patch: zero out buffers in functions
      in modules/im/ximcp/imDefIc.c, modules/im/ximcp/imDefIm.c.
    - debian/patches/CVE-2020-14344-5.patch: change the data_len parameter
      to CARD16 in modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-6.patch: fix size calculation in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-7.patch: fix input clients connecting
      to server in modules/im/ximcp/imRmAttr.c.
    - CVE-2020-14344
  * SECURITY UPDATE: integer overflow and double free in locale handling
    - debian/patches/CVE-2020-14363.patch: fix an integer overflow in
      modules/om/generic/omGeneric.c.
    - CVE-2020-14363

libx11 (2:1.4.99.1-0ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2016-7942.patch: fix in src/GetImage.c.
    - CVE-2016-7942
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2016-7943.patch: fix in src/FontNames.c,
      src/ListExt.c, src/ModMap.c.
    - CVE-2016-7943
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14598.patch: fix in src/GetFPath.c,
      src/ListExt.c.
    - CVE-2018-14598
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14599.patch: fix in src/FontNames.c,
      src/GetFPath.c, src/ListExt.c.
    - CVE-2018-14599
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14600.patch: fix in src/GetFPath.
    - CVE-2018-14600

Date: 2020-09-02 17:55:14.309433+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libx11/2:1.4.99.1-0ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:35 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:35 -0000
Subject: [ubuntu/precise-security] libxml2 2.7.8.dfsg-5.1ubuntu4.22 (Accepted)
Message-ID: <162004617541.5996.7479201226250069463.launchpad@ackee.canonical.com>

libxml2 (2.7.8.dfsg-5.1ubuntu4.22) precise-security; urgency=medium

  * SECURITY UPDATE: Memory leak
    - fix memory leak in xmlParseBalancedChunkMemoryRecover checking
      if doc is NULL in parser.c.
    - CVE-2019-19956
  * SECURITY UPDATE: Denial of service though an infinite loop
    - fix infinite loop in  xmlStringLenDecodeEntities adding checks
      to ctxt->instate if it is == XML_PARSER_EOF in parser.c.
    - CVE-2020-7595

libxml2 (2.7.8.dfsg-5.1ubuntu4.21) precise-security; urgency=medium

  * SECURITY UPDATE: XXE attacks
    - debian/patches/CVE-2016-9318.patch: fix in parser.c.
    - CVE-2016-9318
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14404.patch: fix in xpath.c.
    - CVE-2018-14404

libxml2 (2.7.8.dfsg-5.1ubuntu4.20) precise-security; urgency=medium

  * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
    - CVE-2017-15412

libxml2 (2.7.8.dfsg-5.1ubuntu4.19) precise-security; urgency=medium

  * SECURITY UPDATE: infinite recursion in parameter entities
    - CVE-2017-16932

libxml2 (2.7.8.dfsg-5.1ubuntu4.18) precise-security; urgency=medium

  * SECURITY UPDATE: type confusion leading to out-of-bounds write
    - CVE-2017-0663
  * SECURITY UPDATE: XML external entity (XXE) vulnerability
      entity references
    - CVE-2017-7375
  * SECURITY UPDATE: buffer overflow in URL handling
      ports in HTTP redirect support
    - CVE-2017-7376
  * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
      remains in buffer for copied data
    - CVE-2017-9047, CVE-2017-9048
  * SECURITY UPDATE: heap based buffer overreads in
    xmlDictComputeFastKey()
      expansions, add additional sanity check
    - CVE-2017-9049, CVE-2017-9050

Date: 2020-02-05 17:23:22.089564+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.22
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:36 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:36 -0000
Subject: [ubuntu/precise-security] libxslt 1.1.26-8ubuntu1.6 (Accepted)
Message-ID: <162004617639.6007.362338183206561711.launchpad@ackee.canonical.com>

libxslt (1.1.26-8ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Uninitialized read
      Fix uninitialized
      read of xsl:number token in libxslt/numbers.c.
    - CVE-2019-13117
  * SECURITY UPDATE: Uninitialized read
      Fix uninitialized
      read with UTF-8 grouping chars in libxslt/numbers.c,
      tests/docs/bug-222.xml, tests/general/bug-222.out,
      tests/general/bug-222.xsl.
    - CVE-2019-13118
  * SECURITY UPDATE: Buffer over-read
      Fix dangling
      pointer in xsltCopyText in libxslt/transform.c.
    - CVE-2019-18197

libxslt (1.1.26-8ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Date: 2019-10-22 14:44:15.610919+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:52 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:52 -0000
Subject: [ubuntu/precise-security] linux-backports-modules-3.2.0 3.2.0-150.141
 (Accepted)
Message-ID: <162004619203.6007.12045774010616468051.launchpad@ackee.canonical.com>

linux-backports-modules-3.2.0 (3.2.0-150.141) precise; urgency=medium

  * Bump ABI 3.2.0-150

linux-backports-modules-3.2.0 (3.2.0-149.140) precise; urgency=medium

  * Bump ABI 3.2.0-149

linux-backports-modules-3.2.0 (3.2.0-148.139) precise; urgency=medium

  * Bump ABI 3.2.0-148

linux-backports-modules-3.2.0 (3.2.0-147.138) precise; urgency=medium

  * Bump ABI 3.2.0-147

linux-backports-modules-3.2.0 (3.2.0-145.137) precise; urgency=medium

  * Bump ABI 3.2.0-145

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-backports-modules-3.2.0 (3.2.0-144.136) precise; urgency=medium

  * Bump ABI 3.2.0-144

linux-backports-modules-3.2.0 (3.2.0-143.135) precise; urgency=medium

  * Bump ABI 3.2.0-143

linux-backports-modules-3.2.0 (3.2.0-142.134) precise; urgency=medium

  * Bump ABI 3.2.0-142

linux-backports-modules-3.2.0 (3.2.0-141.133) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-140.132) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-139.131) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-138.130) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-137.129) precise; urgency=low

  * UBUNTU: cw: fix compilation error after L1TF fixes

linux-backports-modules-3.2.0 (3.2.0-137.128) precise; urgency=low

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-136.127) precise; urgency=low

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-135.126) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-134.125) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-133.124) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-132.123) precise; urgency=medium

  * Bmp ABI

linux-backports-modules-3.2.0 (3.2.0-131.122) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-130.121) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-129.120) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-128.119) precise; urgency=medium

  * Bump ABI

Date: 2021-04-05 22:26:09.038659+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-backports-modules-3.2.0/3.2.0-150.141
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:49:57 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:49:57 -0000
Subject: [ubuntu/precise-security] linux-base 4.5ubuntu1~12.04.1 (Accepted)
Message-ID: <162004619757.6007.10582773806091319711.launchpad@ackee.canonical.com>

linux-base (4.5ubuntu1~12.04.1) precise; urgency=low

  * Update precise to the latest linux-base. (LP: #1766728)

Date: 2019-02-15 16:29:13.381213+00:00
Changed-By: Andy Whitcroft <apw at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:29 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:29 -0000
Subject: [ubuntu/precise-security] linux-meta 3.2.0.150.164 (Accepted)
Message-ID: <162004622984.5996.905500676459733582.launchpad@ackee.canonical.com>

linux-meta (3.2.0.150.164) precise; urgency=medium

  * Bump ABI 3.2.0-150

linux-meta (3.2.0.149.163) precise; urgency=medium

  * Bump ABI 3.2.0-149

linux-meta (3.2.0.148.162) precise; urgency=medium

  * Bump ABI 3.2.0-148

linux-meta (3.2.0.147.161) precise; urgency=medium

  * Bump ABI 3.2.0-147

linux-meta (3.2.0.145.160) precise; urgency=medium

  * Bump ABI 3.2.0-145

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-meta (3.2.0.144.159) precise; urgency=medium

  * Bump ABI 3.2.0-144

linux-meta (3.2.0.143.158) precise; urgency=medium

  * Bump ABI 3.2.0-143

linux-meta (3.2.0.142.157) precise; urgency=medium

  * Bump ABI 3.2.0-142

linux-meta (3.2.0.141.156) precise; urgency=medium

  * Bump ABI 3.2.0-141

linux-meta (3.2.0.140.155) precise; urgency=medium

  * Bump ABI 3.2.0-140

linux-meta (3.2.0.139.154) precise; urgency=medium

  * Bump ABI 3.2.0-139

linux-meta (3.2.0.138.153) precise; urgency=medium

  * Bump ABI 3.2.0-138

linux-meta (3.2.0.137.152) precise; urgency=medium

  * Bump ABI 3.2.0-137

linux-meta (3.2.0.136.151) precise; urgency=medium

  * Bump ABI 3.2.0-136

linux-meta (3.2.0.135.150) precise; urgency=medium

  * Bump ABI 3.2.0-135

linux-meta (3.2.0.134.149) precise; urgency=medium

  * Bump ABI 3.2.0-134

linux-meta (3.2.0.133.148) precise; urgency=medium

  * Bump ABI 3.2.0-133

  * Miscellaneous upstream changes
    - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates"

linux-meta (3.2.0.132.147) precise; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
    to ensure they are pulled into all host installs of Ubuntu on upgrade.
    LP: #1738259.  [intel-microcode only]

linux-meta (3.2.0.132.146) precise; urgency=medium

  * Bump ABI 3.2.0-132

linux-meta (3.2.0.131.145) precise; urgency=medium

  * Bump ABI 3.2.0-131

linux-meta (3.2.0.130.144) precise; urgency=medium

  * Bump ABI 3.2.0-130

linux-meta (3.2.0.129.143) precise; urgency=medium

  * Bump ABI 3.2.0-129

linux-meta (3.2.0.128.142) precise; urgency=medium

  * Bump ABI 3.2.0-128

Date: 2021-04-05 22:24:12.774640+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-meta/3.2.0.150.164
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:34 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:34 -0000
Subject: [ubuntu/precise-security] linux-meta-lts-trusty 3.13.0.185.170
 (Accepted)
Message-ID: <162004623466.26760.12444920696478679366.launchpad@ackee.canonical.com>

linux-meta-lts-trusty (3.13.0.185.170) precise; urgency=medium

  * Bump ABI 3.13.0-185

linux-meta-lts-trusty (3.13.0.183.169) precise; urgency=medium

  * Bump ABI 3.13.0-183

linux-meta-lts-trusty (3.13.0.182.168) precise; urgency=medium

  * Bump ABI 3.13.0-182

linux-meta-lts-trusty (3.13.0.181.167) precise; urgency=medium

  * Bump ABI 3.13.0-181

linux-meta-lts-trusty (3.13.0.180.166) precise; urgency=medium

  * Bump ABI 3.13.0-180

linux-meta-lts-trusty (3.13.0.177.165) precise; urgency=medium

  * Bump ABI 3.13.0-177

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-meta-lts-trusty (3.13.0.176.164) precise; urgency=medium

  * Bump ABI 3.13.0-176

linux-meta-lts-trusty (3.13.0.175.163) precise; urgency=medium

  * Bump ABI 3.13.0-175

linux-meta-lts-trusty (3.13.0.174.162) precise; urgency=medium

  * Bump ABI 3.13.0-174

linux-meta-lts-trusty (3.13.0.173.161) precise; urgency=medium

  * Bump ABI 3.13.0-173

linux-meta-lts-trusty (3.13.0.172.160) precise; urgency=medium

  * Bump ABI 3.13.0-172

linux-meta-lts-trusty (3.13.0.171.159) precise; urgency=medium

  * Bump ABI 3.13.0-171

linux-meta-lts-trusty (3.13.0.170.158) precise; urgency=medium

  * Bump ABI 3.13.0-170

linux-meta-lts-trusty (3.13.0.168.157) precise; urgency=medium

  * Bump ABI 3.13.0-168

linux-meta-lts-trusty (3.13.0.166.156) precise; urgency=medium

  * Bump ABI 3.13.0-166

  * signing: only install a signed kernel (LP: #1764794)
    - switch to signed-only binary packages
    - convert linux-signed* into transitional packages

linux-meta-lts-trusty (3.13.0.165.155) precise; urgency=medium

  * Bump ABI 3.13.0-165

linux-meta-lts-trusty (3.13.0.164.154) precise; urgency=medium

  * Bump ABI 3.13.0-164

linux-meta-lts-trusty (3.13.0.163.153) precise; urgency=medium

  * Bump ABI 3.13.0-163

linux-meta-lts-trusty (3.13.0.162.152) precise; urgency=medium

  * Bump ABI 3.13.0-162

linux-meta-lts-trusty (3.13.0.161.151) precise; urgency=medium

  * Bump ABI 3.13.0-161

linux-meta-lts-trusty (3.13.0.160.150) precise; urgency=medium

  * Bump ABI 3.13.0-160

linux-meta-lts-trusty (3.13.0.159.149) precise; urgency=medium

  * Bump ABI 3.13.0-159

linux-meta-lts-trusty (3.13.0.158.148) precise; urgency=medium

  * Bump ABI 3.13.0-158

linux-meta-lts-trusty (3.13.0.157.147) precise; urgency=medium

  * Bump ABI 3.13.0-157

linux-meta-lts-trusty (3.13.0.156.146) precise; urgency=medium

  * Bump ABI 3.13.0-156

linux-meta-lts-trusty (3.13.0.155.145) precise; urgency=medium

  * Bump ABI 3.13.0-155

linux-meta-lts-trusty (3.13.0.154.144) precise; urgency=medium

  * Bump ABI 3.13.0-154

linux-meta-lts-trusty (3.13.0.153.143) precise; urgency=medium

  * Bump ABI 3.13.0-153

linux-meta-lts-trusty (3.13.0.151.142) precise; urgency=medium

  * Bump ABI 3.13.0-151

linux-meta-lts-trusty (3.13.0.150.141) precise; urgency=medium

  * Bump ABI 3.13.0-150

linux-meta-lts-trusty (3.13.0.149.140) precise; urgency=medium

  * Bump ABI 3.13.0-149

linux-meta-lts-trusty (3.13.0.148.139) precise; urgency=medium

  * Bump ABI 3.13.0-148

linux-meta-lts-trusty (3.13.0.147.138) precise; urgency=medium

  * Bump ABI 3.13.0-147

linux-meta-lts-trusty (3.13.0.146.137) precise; urgency=medium

  * Bump ABI 3.13.0-146

linux-meta-lts-trusty (3.13.0.145.136) precise; urgency=medium

  * Bump ABI 3.13.0-145

linux-meta-lts-trusty (3.13.0.144.135) precise; urgency=medium

  * Bump ABI 3.13.0-144

linux-meta-lts-trusty (3.13.0.143.134) precise; urgency=medium

  * Bump ABI 3.13.0-143

linux-meta-lts-trusty (3.13.0.142.133) precise; urgency=medium

  * Bump ABI 3.13.0-142

linux-meta-lts-trusty (3.13.0.141.132) precise; urgency=medium

  * Bump ABI 3.13.0-141

linux-meta-lts-trusty (3.13.0.140.131) precise; urgency=medium

  * Bump ABI 3.13.0-140

  * Miscellaneous upstream changes
    - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates"

linux-meta-lts-trusty (3.13.0.139.130) precise; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
    to ensure they are pulled into all host installs of Ubuntu on upgrade.
    LP: #1738259.  [intel-microcode only]

linux-meta-lts-trusty (3.13.0.139.129) precise; urgency=medium

  * Bump ABI 3.13.0-139

linux-meta-lts-trusty (3.13.0.138.128) precise; urgency=medium

  * Bump ABI 3.13.0-138

linux-meta-lts-trusty (3.13.0.137.127) precise; urgency=medium

  * Bump ABI 3.13.0-137

linux-meta-lts-trusty (3.13.0.136.126) precise; urgency=medium

  * Bump ABI 3.13.0-136

linux-meta-lts-trusty (3.13.0.135.125) precise; urgency=medium

  * Bump ABI 3.13.0-135

linux-meta-lts-trusty (3.13.0.134.124) precise; urgency=medium

  * Bump ABI 3.13.0-134

linux-meta-lts-trusty (3.13.0.133.123) precise; urgency=medium

  * Bump ABI 3.13.0-133

linux-meta-lts-trusty (3.13.0.132.122) precise; urgency=medium

  * Bump ABI 3.13.0-132

linux-meta-lts-trusty (3.13.0.131.121) precise; urgency=medium

  * Bump ABI 3.13.0-131

linux-meta-lts-trusty (3.13.0.130.120) precise; urgency=medium

  * Bump ABI 3.13.0-130

linux-meta-lts-trusty (3.13.0.129.119) precise; urgency=medium

  * Bump ABI 3.13.0-129

linux-meta-lts-trusty (3.13.0.128.118) precise; urgency=medium

  * Bump ABI 3.13.0-128

linux-meta-lts-trusty (3.13.0.126.117) precise; urgency=medium

  * Bump ABI 3.13.0-126

linux-meta-lts-trusty (3.13.0.125.116) precise; urgency=medium

  * Bump ABI 3.13.0-125

linux-meta-lts-trusty (3.13.0.124.115) precise; urgency=medium

  * Bump ABI 3.13.0-124

linux-meta-lts-trusty (3.13.0.123.114) precise; urgency=medium

  * Bump ABI 3.13.0-123

linux-meta-lts-trusty (3.13.0.122.113) precise; urgency=medium

  * Bump ABI 3.13.0-122

linux-meta-lts-trusty (3.13.0.121.112) precise; urgency=medium

  * Bump ABI 3.13.0-121

linux-meta-lts-trusty (3.13.0.120.111) precise; urgency=medium

  * Bump ABI 3.13.0-120

linux-meta-lts-trusty (3.13.0.119.110) precise; urgency=medium

  * Bump ABI 3.13.0-119

linux-meta-lts-trusty (3.13.0.118.109) precise; urgency=medium

  * Bump ABI 3.13.0-118

Date: 2021-03-18 15:43:31.050229+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-meta-lts-trusty/3.13.0.185.170
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:37 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:37 -0000
Subject: [ubuntu/precise-security] linux-signed-lts-trusty
 3.13.0-185.236~12.04.1 (Accepted)
Message-ID: <162004623711.5996.9233464745020622424.launchpad@ackee.canonical.com>

linux-signed-lts-trusty (3.13.0-185.236~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-185.236~12.04.1

linux-signed-lts-trusty (3.13.0-183.234~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-183.234~12.04.1

linux-signed-lts-trusty (3.13.0-182.233~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-182.233~12.04.1

linux-signed-lts-trusty (3.13.0-181.232~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-181.232~12.04.1

linux-signed-lts-trusty (3.13.0-180.231~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-180.231~12.04.1

linux-signed-lts-trusty (3.13.0-177.228~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-177.228~12.04.1

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-signed-lts-trusty (3.13.0-176.227~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-176.227~12.04.1

linux-signed-lts-trusty (3.13.0-175.226~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-175.226~12.04.1

linux-signed-lts-trusty (3.13.0-174.225~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-174.225~12.04.1

linux-signed-lts-trusty (3.13.0-173.224~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-173.224~12.04.1

linux-signed-lts-trusty (3.13.0-172.223~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-172.223~12.04.1

linux-signed-lts-trusty (3.13.0-171.222~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-171.222~12.04.1

linux-signed-lts-trusty (3.13.0-170.220~12.04.2+signed1) precise; urgency=medium

  * Rebuild after fixing and incorrectly based upload.

linux-signed-lts-trusty (3.13.0-170.220~12.04.2) precise; urgency=medium

  * Master version: 3.13.0-170.220~12.04.2

linux-signed-lts-trusty (3.13.0-168.218~precise1) precise; urgency=medium

  * Master version: 3.13.0-168.218~precise1

linux-signed-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium

  * Master version: 3.13.0-166.216~precise1

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] switch to signed-only forms
    - [Packaging] use arch headers package when building download path for signed
      binaries
    - [Packaging] match +signedN more accuratly
    - [Packaging] download-signed -- fix downloader component and handle versions
      correctly

linux-signed-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium

  * Master Version 3.13.0-165.215~precise1

linux-signed-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium

  * Master Version 3.13.0-164.214~precise1

linux-signed-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium

  * Master Version 3.13.0-163.213~precise1

linux-signed-lts-trusty (3.13.0-162.212~precise1) precise; urgency=medium

  * Master Version 3.13.0-162.212~precise1

linux-signed-lts-trusty (3.13.0-161.211~precise1) precise; urgency=medium

  * Master Version 3.13.0-161.211~precise1

linux-signed-lts-trusty (3.13.0-160.210~precise1) precise; urgency=medium

  * Master Version 3.13.0-160.210~precise1

linux-signed-lts-trusty (3.13.0-159.209~precise1) precise; urgency=medium

  * Master Version 3.13.0-159.209~precise1

linux-signed-lts-trusty (3.13.0-158.208~precise2) precise; urgency=medium

  * Master Version 3.13.0-158.208~precise2

linux-signed-lts-trusty (3.13.0-158.208~precise1) precise; urgency=medium

  * Master Version 3.13.0-158.208~precise1

linux-signed-lts-trusty (3.13.0-157.207~precise1) precise; urgency=medium

  * Master Version 3.13.0-157.207~precise1

linux-signed-lts-trusty (3.13.0-156.206~precise1) precise; urgency=medium

  * Master Version 3.13.0-156.206~precise1

linux-signed-lts-trusty (3.13.0-155.206~precise1) precise; urgency=medium

  * Master Version 3.13.0-155.206~precise1

linux-signed-lts-trusty (3.13.0-154.204~precise1) precise; urgency=medium

  * Master Version 3.13.0-154.204~precise1

linux-signed-lts-trusty (3.13.0-153.203~precise1) precise; urgency=medium

  * Master Version 3.13.0-153.203~precise1

linux-signed-lts-trusty (3.13.0-151.201~precise1) precise; urgency=medium

  * Master Version 3.13.0-151.201~precise1

linux-signed-lts-trusty (3.13.0-150.200~precise1) precise; urgency=medium

  * Master Version 3.13.0-150.200~precise1

linux-signed-lts-trusty (3.13.0-149.199~precise1) precise; urgency=medium

  * Master Version 3.13.0-149.199~precise1

linux-signed-lts-trusty (3.13.0-148.197~precise1) precise; urgency=medium

  * Master Version 3.13.0-148.197~precise1

linux-signed-lts-trusty (3.13.0-147.196~precise1) precise; urgency=medium

  * Master Version 3.13.0-147.196~precise1

linux-signed-lts-trusty (3.13.0-146.195~precise1) precise; urgency=medium

  * Master Version 3.13.0-146.195~precise1

linux-signed-lts-trusty (3.13.0-145.194~precise2) precise; urgency=medium

  * Master Version 3.13.0-145.194~precise2

linux-signed-lts-trusty (3.13.0-145.194~precise1) precise; urgency=medium

  * Master Version 3.13.0-145.194~precise1

linux-signed-lts-trusty (3.13.0-144.193~precise1) precise; urgency=medium

  * Master Version 3.13.0-144.193~precise1

linux-signed-lts-trusty (3.13.0-143.192~precise1) precise; urgency=medium

  * Master Version 3.13.0-143.192~precise1

linux-signed-lts-trusty (3.13.0-142.191~precise1) precise; urgency=medium

  * Master Version 3.13.0-142.191~precise1

linux-signed-lts-trusty (3.13.0-141.190~precise1) precise; urgency=medium

  * Master Version 3.13.0-141.190~precise1

linux-signed-lts-trusty (3.13.0-140.189~precise1) precise; urgency=medium

  * Master Version 3.13.0-140.189~precise1

linux-signed-lts-trusty (3.13.0-139.188~precise1) precise; urgency=medium

  * Master Version 3.13.0-139.188~precise1

linux-signed-lts-trusty (3.13.0-138.187~precise1) precise; urgency=medium

  * Master Version 3.13.0-138.187~precise1

linux-signed-lts-trusty (3.13.0-137.186~precise1) precise; urgency=medium

  * Master Version 3.13.0-137.186~precise1

linux-signed-lts-trusty (3.13.0-136.185~precise1) precise; urgency=medium

  * Master Version 3.13.0-136.185~precise1

linux-signed-lts-trusty (3.13.0-135.184~precise1) precise; urgency=medium

  * Master Version 3.13.0-135.184~precise1

linux-signed-lts-trusty (3.13.0-134.183~precise1) precise; urgency=medium

  * Master Version 3.13.0-134.183~precise1

linux-signed-lts-trusty (3.13.0-133.182~precise1) precise; urgency=medium

  * Master Version 3.13.0-133.182~precise1

linux-signed-lts-trusty (3.13.0-132.181~precise1) precise; urgency=medium

  * Master Version 3.13.0-132.181~precise1

linux-signed-lts-trusty (3.13.0-131.180~precise1) precise; urgency=medium

  * Master Version 3.13.0-131.180~precise1

linux-signed-lts-trusty (3.13.0-130.179~precise1) precise; urgency=medium

  * Master Version 3.13.0-130.179~precise1

linux-signed-lts-trusty (3.13.0-129.178~precise1) precise; urgency=medium

  * Master Version 3.13.0-129.178~precise1

linux-signed-lts-trusty (3.13.0-128.177~precise1) precise; urgency=medium

  * Master Version 3.13.0-128.177~precise1

linux-signed-lts-trusty (3.13.0-126.175~precise1) precise; urgency=medium

  * Master Version 3.13.0-126.175~precise1

linux-signed-lts-trusty (3.13.0-125.174~precise1) precise; urgency=medium

  * Master Version 3.13.0-125.174~precise1

linux-signed-lts-trusty (3.13.0-124.173~precise1) precise; urgency=medium

  * Master Version 3.13.0-124.173~precise1

linux-signed-lts-trusty (3.13.0-123.172~precise1) precise; urgency=medium

  * Master Version 3.13.0-123.172~precise1

linux-signed-lts-trusty (3.13.0-122.171~precise1) precise; urgency=medium

  * Master Version 3.13.0-122.171~precise1

linux-signed-lts-trusty (3.13.0-121.170~precise1) precise; urgency=medium

  * Master Version 3.13.0-121.170~precise1

linux-signed-lts-trusty (3.13.0-120.167~precise1) precise; urgency=medium

  * Master Version 3.13.0-120.167~precise1

linux-signed-lts-trusty (3.13.0-119.166~precise1) precise; urgency=medium

  * Master Version 3.13.0-119.166~precise1

linux-signed-lts-trusty (3.13.0-118.165~precise1) precise; urgency=medium

  * Master Version 3.13.0-118.165~precise1

Date: 2021-03-18 15:43:32.438879+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-signed-lts-trusty/3.13.0-185.236~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:37 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:37 -0000
Subject: [ubuntu/precise-security] lxml 2.3.2-1ubuntu0.5 (Accepted)
Message-ID: <162004623796.26760.18387819483700624391.launchpad@ackee.canonical.com>

lxml (2.3.2-1ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - This adds the missing part reported from upstream
      Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

lxml (2.3.2-1ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

lxml (2.3.2-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - Make the cleaner remove javascript URLs
      that use espacing in in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.txt.
    - CVE-2018-19787

Date: 2020-12-10 15:36:17.368489+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/lxml/2.3.2-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:40 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:40 -0000
Subject: [ubuntu/precise-security] mutt 1.5.21-5ubuntu2.6 (Accepted)
Message-ID: <162004624080.26760.12812136786657068271.launchpad@ackee.canonical.com>

mutt (1.5.21-5ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Sensitive information exposed
    - debian/patches/CVE-2020-28896.patch: Ensure IMAP connection is closed
      after a connection error in imap/imap.c.
    - CVE-2020-28896

mutt (1.5.21-5ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: Man-in-the-middle attack
    - debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
      attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
      mutt_socket.c, mutt_socket.h, mutt_ssl.c, mutt_ssl_gnutls.c.
    - CVE-2020-14954
  * Redoing patch CVE-2020-14154-1, that causes a possibly regression (LP: #1884588)

mutt (1.5.21-5ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: Man-in-the-middle attack
    - debian/patches/CVE-2020-14093.patch: prevent
      possible IMAP MITM via PREAUTH response in imap/imap.c.
    - CVE-2020-14093
  * SECURITY UPDATE: Connection even if the user rejects an
    expired intermediate certificate
    - debian/patches/CVE-2020-14154-1.patch: fix GnuTLS tls_verify_peers()
      checking in mutt_ssl_gnutls.c.
    - debian/patches/CVE-2020-14154-2.patch: Abort GnuTLS certificate if a
      cert in the chain is rejected in mutt_ssl_gnutls.c.
    - debian/patches/CVE-2020-14154-3.patch: fix GnuTLS interactive prompt
      short-circuiting in mutt_ssl_gnutls.c.
    - CVE-2020-14154

mutt (1.5.21-5ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Mishandles a NO response without a msg
    - debian/patches/ubuntu/mutt-CVE-2018-14349.patch: fix in
      imap/command.c.
    - CVE-2018-14349
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/ubuntu/mutt-CVE-2018-14350-CVE-2018-14358.patch:
      fix in imap/message.c.
    - CVE-2018-14350
    - CVE-2018-14358
  * SECURITY UPDATE: Mishandles a long IMAP status
    - debian/patches/ubuntu/mutt-CVE-2018-14351.patch: fix in
      imap/command.c.
    - CVE-2018-14351
  * SECURITY UPDATE: Integer underflow and stack-based buffer overflow
    - debian/patches/ubuntu/mutt-CVE-2018-14352-CVE-2018-14353.patch:
      fix in imap/util.c.
    - CVE-2018-14352
    - CVE-2018-14353
  * SECURITY UPDATE: Remote arbitrary code execution
    - debian/patches/ubuntu/mutt-CVE-2018-14354-CVE-2018-14357.patch:
      fix in imap/command.c, imap/imap.c, imap/imap_private.h, imap/util.c.
    - CVE-2018-14354
    - CVE-2018-14357
  * SECURITY UPDATE: Directory traversal
    - debian/patches/ubuntu/mutt-CVE-2018-14355.patch: fix in
      imap/util.c.
    - CVE-2018-14355
  * SECURITY UPDATE: Mishandles a zero-lenght UID
    - debian/patches/ubuntu/mutt-CVE-2018-14356.patch: fix in
      pop.c.
    - CVE-2018-14356
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/ubuntu/mutt-CVE-2018-14359.patch: fix in
      base64.c, imap/auth_cram.c, imap/auth_gss.c, protos.h.
    - CVE-2018-14359
  * SECURITY UPDATE: Unsafe character interactions
    - debian/patches/ubuntu/mutt-CVE-2018-14362.patch: fix in
      pop.c.
    - CVE-2018-14362

Date: 2020-11-24 14:27:31.448750+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:44 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:44 -0000
Subject: [ubuntu/precise-security] mysql-5.5 5.5.62-0ubuntu0.12.04.1 (Accepted)
Message-ID: <162004624457.26760.15856045222049109664.launchpad@ackee.canonical.com>

mysql-5.5 (5.5.62-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.61 to fix security issues
    - CVE-2018-3133, CVE-2018-3174, CVE-2018-3282

mysql-5.5 (5.5.61-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.61 to fix security issues
    - CVE-2018-2767, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066,
      CVE-2018-3070, CVE-2018-3081

mysql-5.5 (5.5.60-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.60 to fix security issues
    - CVE-2018-2755, CVE-2018-2761, CVE-2018-2771, CVE-2018-2773,
      CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2818,
      CVE-2018-2819
  * debian/*.files: remove man pages no longer shipped in new version.

mysql-5.5 (5.5.59-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.59 to fix security issues
    - CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665,
      CVE-2018-2668

mysql-5.5 (5.5.58-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.58 to fix security issues
    - CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384

mysql-5.5 (5.5.57-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.57 to fix security issues
    - CVE-2017-3635
    - CVE-2017-3636
    - CVE-2017-3641
    - CVE-2017-3648
    - CVE-2017-3651
    - CVE-2017-3652
    - CVE-2017-3653
    - CVE-2017-3302
    - CVE-2017-3305
    - CVE-2017-3308
    - CVE-2017-3309
    - CVE-2017-3329
    - CVE-2017-3453
    - CVE-2017-3456
    - CVE-2017-3461
    - CVE-2017-3462
    - CVE-2017-3463
    - CVE-2017-3464
    - CVE-2017-3600
  * debian/patches/fix_test_events_2.path: removed, upstream

Date: 2018-10-26 13:29:13.352284+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.62-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:50:50 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:50:50 -0000
Subject: [ubuntu/precise-security] net-snmp 5.4.3~dfsg-2.4ubuntu1.6 (Accepted)
Message-ID: <162004625079.26760.174981652346098844.launchpad@ackee.canonical.com>

net-snmp (5.4.3~dfsg-2.4ubuntu1.6) precise-security; urgency=medium

  * Rebuilding no changes to fixing unmet dependency with perl.

net-snmp (5.4.3~dfsg-2.4ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Elevation of privileges - symlink handling
    - debian/patches/CVE-2020-15861.patch: stop reading and writing
      the mib_indexes files in include/net-snmp/library/mib.h,
      include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
    - CVE-2020-15861

net-snmp (5.4.3~dfsg-2.4ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via NULL pointer exception
    - debian/patches/CVE-2018-18065.patch: fix logic in
      agent/helpers/table.c.
    - CVE-2018-18065

Date: 2020-10-13 17:47:00.417438+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:51:26 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:51:26 -0000
Subject: [ubuntu/precise-security] linux-lts-trusty 3.13.0-185.236~12.04.1
 (Accepted)
Message-ID: <162004628691.6007.11533637422086450635.launchpad@ackee.canonical.com>

linux-lts-trusty (3.13.0-185.236~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-185.236~12.04.1 -proposed tracker
    (LP: #1919170)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-185.236 ]

  * trusty/linux: 3.13.0-185.236 -proposed tracker (LP: #1919171)
  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities
  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate

  [ Ubuntu: 3.13.0-184.235 ]

  * trusty/linux: 3.13.0-184.235 -proposed tracker (LP: #1914232)
  * CVE-2020-28374
    - SAUCE: target: cleanup some boolean tests
    - target: simplify XCOPY wwn->se_dev lookup helper
    - xcopy: loop over devices using idr helper
    - scsi: target: Fix XCOPY NAA identifier lookup
  * Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX

linux-lts-trusty (3.13.0-183.234~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-183.234 ]

  * CVE-2020-8694
    - powercap: make attributes only readable by root

linux-lts-trusty (3.13.0-182.233~12.04.1) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-182.233 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux-lts-trusty (3.13.0-181.232~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-181.232~12.04.1 -proposed tracker
    (LP: #1882771)

  [ Ubuntu: 3.13.0-181.232 ]

  * trusty/linux: 3.13.0-181.232 -proposed tracker (LP: #1882772)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

linux-lts-trusty (3.13.0-180.231~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-180.231 ]

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-lts-trusty (3.13.0-177.228~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-177.228~12.04.1 -proposed tracker
    (LP: #1878874)

  [ Ubuntu: 3.13.0-177.228 ]

  * trusty/linux: 3.13.0-177.228 -proposed tracker (LP: #1878875)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * CVE-2020-12114
    - fs/namespace.c: fix mountpoint reference counter race
    - propagate_one(): mnt_set_mountpoint() needs mount_lock
  * CVE-2020-12654
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

linux-lts-trusty (3.13.0-176.227~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-176.227~12.04.1 -proposed tracker
    (LP: #1858624)

  [ Ubuntu: 3.13.0-176.227 ]

  * trusty/linux: 3.13.0-176.227 -proposed tracker (LP: #1858625)
  * multi-zone raid0 corruption (LP: #1850540)
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - md: add feature flag MD_FEATURE_RAID0_LAYOUT
    - SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout
      migration
    - SAUCE: md/raid0: Use kernel specific layout

linux-lts-trusty (3.13.0-175.226~12.04.1) precise; urgency=medium

  [ Ubuntu: 3.13.0-175.226 ]

  * CVE-2019-11135
    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2018-3646
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
  * Kernel Oops - unable to handle kernel paging request; RIP is at
    wait_migrate_huge_page+0x51/0x70 (LP: #1813018)
    - mm: numa: do not dereference pmd outside of the lock during NUMA hinting
      fault
  * The 3.13 kernel for Precise ESM does not provide the expected version number
    (LP: #1838610)
    - [debian] Fix regression with ABI subversions and backport
    - [Packaging] uploadnum should be the remainder of the version

linux-lts-trusty (3.13.0-174.225~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-174.225~12.04.1 -proposed tracker
    (LP: #1846248)

  [ Ubuntu: 3.13.0-174.225 ]

  * trusty/linux: 3.13.0-174.225 -proposed tracker (LP: #1846250)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * fanotify06 in LTP syscall test failed with T kernel  (LP: #1775378)
    - fanotify: fix notification of groups with inode & mount marks
  * ixgbe{vf} - Physical Function gets IRQ when VF checks link state
    (LP: #1836760)
    - ixgbevf: Use cached link state instead of re-reading the value for ethtool

linux-lts-trusty (3.13.0-173.224~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-173.224 ]

  * CVE-2019-14835
    - vhost: make sure log_num < in_num

linux-lts-trusty (3.13.0-172.223~12.04.1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-172.223~12.04.1 -proposed tracker (LP: #1835189)

  [ Ubuntu: 3.13.0-172.223 ]

  * linux: 3.13.0-172.223 -proposed tracker (LP: #1835190)
  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    CPU buffers are not cleared on all paths from kernel to userspace (LP:
    #1833047)
    - x86/asm: Error out if asm/jump_label.h is included inappropriately
    - SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
    - SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce sched_smt_{active,present}
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    Incorrect warning when booting with 'nosmt' (LP: #1830018)
    - SAUCE: [Fix] x86/speculation/mds: Add SMT warning message
  * CVE-2017-5715 // CVE-2018-3639
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - x86/speculataion: Mark command line parser data __initdata
    - x86/cpu/bugs: Use __initconst for 'const' init data
  * CVE-2017-5715 // CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - x86/speculation: Mark string arrays const correctly
  * CVE-2018-3639
    - x86/speculation: Rename SSBD update functions
  * CVE-2017-5715
    - x86/speculation: Clean up various Spectre related details
    - SAUCE: x86/cpufeatures: Reorder feature bits
    - SAUCE: x86/speculation, objtool: Remove unused macro
      ANNOTATE_NOSPEC_ALTERNATIVE
    - SAUCE: Move vmexit_fill_RSB()
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - SAUCE: Rename restricted_branch_speculation_{start,end}
    - SAUCE: Allow STIBP in MSR_SPEC_CTRL if supported
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
  * CVE-2017-5754
    - SAUCE: Show 'pti' in /proc/cpuinfo
  * Guests using IBRS incur a large performance penalty (LP: #1764956) //
    CVE-2017-5715
    - SAUCE: Restore the IBRS host state on VMEXIT
  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation
  * CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux-lts-trusty (3.13.0-171.222~12.04.1) precise; urgency=medium

  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format

  [ Ubuntu: 3.13.0-171.222 ]

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

linux-lts-trusty (3.13.0-170.220~12.04.2) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-170.220 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - KVM: x86: pass host_initiated to functions that read MSRs
    - KVM: x86: remove data variable from kvm_get_msr_common
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: KVM/VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - perf/x86/intel: Use Intel family macros for core perf events
    - SAUCE: perf/x86/uncore: Use Intel Model name macros
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/static_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: jump_label: Introduce static_branch_{inc,dec}
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715
    - SAUCE: Fix 'check_fpu defined but not used' compiler warning on x86_64
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling (v2)
    - SAUCE: KVM/x86: Expose IBRS to guests
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
  * CVE-2017-5715 // CVE-2018-3639
    - SAUCE: KVM/x86: Use host_initiated when accessing MSRs

  [ Ubuntu: 3.13.0-169.219 ]

  * linux: 3.13.0-169.219 -proposed tracker (LP: #1822883)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

linux-lts-trusty (3.13.0-168.218~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-168.218~precise1 -proposed tracker (LP: #1819662)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  * Strip specific changes from update-from-*master (LP: #1817734)
    - Packaging: Introduce copy-files and local-mangle
    - Packaging: Make update-from-*master call copy-files

  [ Ubuntu: 3.13.0-168.218 ]

  * linux: 3.13.0-168.218 -proposed tracker (LP: #1819663)
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * CVE-2017-1000410
    - Bluetooth: Prevent stack info leak from the EFS element.
  * ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
    (LP: #1815501)
    - ixgbe: check for vfs outside of sriov_num_vfs before dereference
  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
  * CVE-2017-18360
    - USB: serial: io_ti: fix div-by-zero in set_termios

  [ Ubuntu: 3.13.0-167.217 ]

  * linux: 3.13.0-167.217 -proposed tracker (LP: #1819917)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * linux-cloud-tools-common 3.13.0-166.216 in Trusty is missing contents of
    /usr/sbin (LP: #1819869)
    - Revert "UBUNTU: [Packaging] skip cloud tools packaging when not building
      package"

linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-166.216~precise1 -proposed tracker (LP: #1814646)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Config] resync flavour-control.stub
    - [Config] hooks.mk -- add basic LTS hook configuration

  * signing: only install a signed kernel (LP: #1764794)
    - [debian] fix check for the reconstruct file

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 3.13.0-166.216 ]

  * linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)
  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
    - [Packaging] getabis -- handle all known package combinations
    - [Packaging] getabis -- support parsing a simple version
    - [Packaging] autoreconstruct -- base tag is always primary mainline version
  * signing: only install a signed kernel (LP: #1764794)
    - [Debian] usbip tools packaging
    - [Debian] Don't fail if a symlink already exists
    - [Debian] perf -- build in the context of the full generated local headers
    - [Debian] basic hook support
    - [Debian] follow rename of DEB_BUILD_PROFILES
    - [Debian] standardise on stage1 for the bootstrap stage in line with debian
    - [Debian] set do_*_tools after stage1 or bootstrap is determined
    - [Debian] initscripts need installing when making the package
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Debian] add feature interlock with mainline builds
    - [Debian] Remove generated intermediate files on clean
    - [Packaging] prevent linux-*-tools-common from being produced from non linux
      packages
    - SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean:
    - [Debian] Update to new signing key type and location
    - [Packaging] autoreconstruct -- generate extend-diff-ignore for links
    - [Packaging] reconstruct -- update when inserting final changes
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Packaging] printenv -- add signing options
    - [Packaging] fix invocation of header postinst hooks
    - [Packaging] signing -- add support for signing Opal kernel binaries
    - [Debian] Use src_pkg_name when constructing udeb control files
    - [Debian] Dynamically determine linux udebs package name
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-source-* is in the primary linux namespace
    - [Packaging] lookup the upstream tag
    - [Packaging] switch up to debhelper 9
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
    - [debian] support for ship_extras_package=false
    - [Debian] do_common_tools should always be on
    - [debian] do not force do_tools_common
    - [Packaging] skip cloud tools packaging when not building package
    - [debian] prep linux-libc-dev only if do_libc_dev_package=true
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation
  * iptables connlimit allows more connections than the limit when using
    multiple CPUs (LP: #1811094)
    - netfilter: connlimit: improve packet-to-closed-connection logic
    - netfilter: nf_conncount: fix garbage collection confirm race
    - netfilter: nf_conncount: don't skip eviction when age is negative
  * CVE-2019-6133
    - fork: record start_time late
  * test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
    (LP: #1813001)
    - procfs: make /proc/*/{stack, syscall, personality} 0400

linux-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-165.215~precise1 -proposed tracker (LP: #1811857)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 3.13.0-165.215 ]

  * linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)
  * CVE-2018-17972
    - proc: restrict kernel stack dumps to root
  * CVE-2018-18281
    - mremap: properly flush TLB before releasing the page
  * 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
    (LP: #1809868)
    - Btrfs: send, don't send rmdir for same target multiple times
  * CVE-2018-9568
    - net: Set sk_prot_creator when cloning sockets to the right proto
  * CVE-2018-1066
    - cifs: empty TargetInfo leads to crash on recovery

linux-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-164.214~precise1 -proposed tracker (LP: #1806429)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-164.214 ]

  * linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)
  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling
  * CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler
  * CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically
  * CVE-2018-18386
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
  * CVE-2017-5753
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.
  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE
  * CVE-2018-14734
    - infiniband: fix a possible use-after-free bug
  * CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
    - keys: Guard against null match function in keyring_search_aux()

linux-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-163.213~precise1 -proposed tracker (LP: #1802772)

  * linux: 3.13.0-163.213 -proposed tracker (LP: #1802769)

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
    (LP: #1797546)
    - drm: fix NULL pointer access by wrong ioctl

  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

linux (3.13.0-162.212) trusty; urgency=medium

  * linux: 3.13.0-162.212 -proposed tracker (LP: #1799399)

  * packet socket panic in Trusty 3.13.0-157 and later (LP: #1800254)
    - SAUCE: (no-up) net/packet: fix erroneous dev_add_pack usage in fanout

  * Cleanup Meltdown/Spectre implementation (LP: #1779848)
    - x86/Documentation: Add PTI description
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
    - x86/pti: Document fix wrong index
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/spectre: Fix an error message
    - SAUCE: x86/cpufeatures: Reorder spectre-related feature bits
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - SAUCE: x86/msr: Fix formatting of msr-index.h
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Mark constant arrays as __initconst
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value
    - SAUCE: Move SSBD feature detection to common code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - xen: Add xen_arch_suspend()
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    - SAUCE: x86/speculation: Cleanup IBRS runtime control handling

  * CVE-2016-9588
    - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)

  * CVE-2017-16649
    - net: cdc_ether: fix divide by 0 on bad descriptors

  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse

  * xattr length returned by vfs_getxattr() is not correct in Trusty kernel
    (LP: #1798013)
    - getxattr: use correct xattr length

  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

linux (3.13.0-161.211) trusty; urgency=medium

  * linux: 3.13.0-161.211 -proposed tracker (LP: #1795595)

  * CVE-2017-0794
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - scsi: sg: recheck MMAP_IO request length with lock held

  * CVE-2017-15299
    - KEYS: don't let add_key() update an uninstantiated key

  * CVE-2015-8539
    - KEYS: Fix handling of stored error in a negatively instantiated user key

  * CVE-2018-7566
    - ALSA: seq: Fix racy pool initializations
    - ALSA: seq: More protection for concurrent write and ioctl races

  * CVE-2018-1000004. // CVE-2018-7566
    - ALSA: seq: Don't allow resizing pool in use

  * CVE-2018-1000004
    - ALSA: seq: Make ioctls race-free

  * CVE-2017-18216
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent

  * CVE-2016-7913
    - tuner-xc2028: Don't try to sleep twice
    - xc2028: avoid use after free
    - xc2028: unlock on error in xc2028_set_config()
    - xc2028: Fix use-after-free bug properly

  * The VM hang happens because of pending interrupts not reinjected when
    migrating the VM several times (LP: #1791286)
    - KVM: ioapic: merge ioapic_deliver into ioapic_service
    - KVM: ioapic: clear IRR for edge-triggered interrupts at delivery
    - KVM: ioapic: extract body of kvm_ioapic_set_irq
    - KVM: ioapic: reinject pending interrupts on KVM_SET_IRQCHIP

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * CVE-2018-9518
    - NFC: llcp: Limit size of SDP URI

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

linux (3.13.0-160.210) trusty; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

linux (3.13.0-159.209) trusty; urgency=medium

  * linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * i40e NIC not recognized (LP: #1789215)
    - SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
    - SAUCE: i40e_bpo: Add a compatibility layer
    - SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
    - SAUCE: i40e_bpo: Rename the driver to i40e_bpo
    - SAUCE: i40e_bpo: Hook the driver into the kernel tree
    - [Config] Add CONFIG_I40E_BPO=m

  * Probable regression with EXT3 file systems and CVE-2018-1093 patches
    (LP: #1789131)
    - ext4: fix bitmap position validation

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
    - Revert "UBUNTU: [Config] disable NUMA_BALANCING"

  * CVE-2018-15572
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt

  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket

  * BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
    - drm/ast: Fixed system hanged if disable P2A

  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

linux (3.13.0-158.208) trusty; urgency=medium

  * linux: 3.13.0-158.208 -proposed tracker (LP: #1788764)

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE

  * BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
    (LP: #1780470)
    - VSOCK: sock_put wasn't safe to call in interrupt context
    - VSOCK: Fix lockdep issue.
    - VSOCK: Detach QP check should filter out non matching QPs.

  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

linux (3.13.0-157.207) trusty; urgency=medium

  * linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"

  * CVE-2017-2583
    - KVM: x86: fix emulation of "MOV SS, null selector"

  * CVE-2017-7518
    - KVM: x86: fix singlestepping over syscall

  * CVE-2017-18270
    - KEYS: prevent creating a different user's keyrings

  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h

  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

  * CVE-2016-10208
    - ext4: validate s_first_meta_bg at mount time
    - ext4: fix fencepost in s_first_meta_bg validation

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * CVE-2017-16911
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address

  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

  * CVE-2018-10877
    - ext4: verify the depth of extent tree in ext4_find_extent()

  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * CVE-2018-1093
    - ext4: fix block bitmap validation when bigalloc, ^flex_bg
    - ext4: add validity checks for bitmap block numbers

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * CVE-2017-16912
    - usbip: fix stub_rx: get_pipe() to validate endpoint number

  * CVE-2018-10675
    - mm/mempolicy: fix use after free when calling get_mempolicy

  * CVE-2017-8831
    - saa7164: fix sparse warnings
    - saa7164: fix double fetch PCIe access condition

  * CVE-2017-16533
    - HID: usbhid: fix out-of-bounds bug

  * CVE-2017-16538
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start

  * CVE-2017-16644
    - hdpvr: Remove deprecated create_singlethread_workqueue
    - media: hdpvr: Fix an error handling path in hdpvr_probe()

  * CVE-2017-16645
    - Input: ims-psu - check if CDC union descriptor is sane

  * CVE-2017-5549
    - USB: serial: kl5kusb105: fix line-state error handling

  * CVE-2017-16532
    - usb: usbtest: fix NULL pointer dereference

  * CVE-2017-16537
    - media: imon: Fix null-ptr-deref in imon_probe

  * CVE-2017-11472
    - ACPICA: Add additional debug info/statements
    - ACPICA: Namespace: fix operand cache leak

  * CVE-2017-16643
    - Input: gtco - fix potential out-of-bound access

  * CVE-2017-16531
    - USB: fix out-of-bounds in usb_set_configuration

  * CVE-2018-10124
    - kernel/signal.c: avoid undefined behaviour in kill_something_info

  * CVE-2017-6348
    - irda: Fix lockdep annotations in hashbin_delete().

  * CVE-2017-17558
    - USB: core: prevent malicious bNumInterfaces overflow

  * CVE-2017-5897
    - ip6_gre: fix ip6gre_err() invalid reads

  * CVE-2017-6345
    - SAUCE: import sock_efree()
    - net/llc: avoid BUG_ON() in skb_orphan()

  * CVE-2017-7645
    - nfsd: check for oversized NFSv2/v3 arguments

  * CVE-2017-9984
    - ALSA: msnd: Optimize / harden DSP and MIDI loops

  * CVE-2018-1000204
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

  * CVE-2018-10021
    - scsi: libsas: defer ata device eh commands to libata

  * CVE-2017-16914
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer

  * CVE-2017-16913
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

  * CVE-2017-16535
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()

  * CVE-2017-16536
    - cx231xx-cards: fix NULL-deref on missing association descriptor

  * CVE-2017-16650
    - net: qmi_wwan: fix divide by 0 on bad descriptors

  * CVE-2017-18255
    - perf/core: Fix the perf_cpu_time_max_percent check

  * CVE-2018-10940
    - cdrom: information leak in cdrom_ioctl_media_changed()

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

  * CVE-2017-16529
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

  * CVE-2017-2671
    - ping: implement proper locking

  * CVE-2017-15649
    - packet: hold bind lock when rebinding to fanout hook
    - packet: in packet_do_bind, test fanout with bind_lock held

  * CVE-2017-16527
    - ALSA: usb-audio: Kill stray URB at exiting

  * CVE-2017-16526
    - uwb: properly check kthread_run return value

  * CVE-2017-11473
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables

  * CVE-2017-14991
    - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

  * CVE-2017-2584
    - KVM: x86: Introduce segmented_write_std

  * CVE-2018-10087
    - kernel/exit.c: avoid undefined behaviour when calling wait4()

  * fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

linux (3.13.0-156.206) trusty; urgency=medium

  * linux: 3.13.0-156.206 -proposed tracker (LP: #1787187)

  * java Corrupted page table (LP: #1787127)
    - [Config] disable NUMA_BALANCING

  * java Corrupted page table (LP: #1787127) // CVE-2018-3620 // CVE-2018-3646
    - x86/mm: Simplify p[g4um]d_page() macros

  * 3.13.0-155.205 Kernel Panic - divide by zero (LP: #1787258)
    - x86/topology: Handle CPUID bogosity gracefully

linux (3.13.0-155.205) trusty; urgency=medium

  * CVE-2017-18344
    - posix-timer: Properly check sigevent->sigev_notify

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - SAUCE: Add pfn_pud() and pud_mkhuge()
    - x86/mm/pat: Make set_memory_np() L1TF safe

linux (3.13.0-153.203) trusty; urgency=medium

  * linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)

  * CVE-2018-3665 (x86)
    - x86/fpu: Print out whether we are doing lazy/eager FPU context switches
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix math emulation in eager fpu mode

linux (3.13.0-152.202) trusty; urgency=medium

  * linux: 3.13.0-152.202 -proposed tracker (LP: #1776350)

  * CVE-2017-15265
    - ALSA: seq: Fix use-after-free at creating a port

  * register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

  * CVE-2018-1130
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped

  * add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference)
    with T kernel (LP: #1775316) // CVE-2017-12193
    - assoc_array: Fix a buggy node-splitting case

  * CVE-2017-12154
    - kvm: nVMX: Don't allow L2 to access the hardware CR8

  * CVE-2018-7757
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()

  * CVE-2018-6927
    - futex: Prevent overflow by strengthen input validation

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

  * CVE-2018-5803
    - sctp: verify size of a new chunk in _sctp_make_chunk()

  * WARNING: CPU: 28 PID: 34085 at /build/linux-
    90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90()
    (LP: #1771480)
    - net/core: generic support for disabling netdev features down stack
    - SAUCE: Backport helper function netdev_upper_get_next_dev_rcu

  * CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

  * CVE-2018-5750
    - ACPI: sbshc: remove raw pointer from printk() message

linux (3.13.0-151.201) trusty; urgency=medium

  * linux: 3.13.0-151.201 -proposed tracker (LP: #1774190)

  * CVE-2018-3639 (x86)
    - SAUCE: Set generic SSBD feature for Intel cpus
    - KVM: vmx: fix MPX detection
    - KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
    - x86/cpu: Add CLZERO detection

  * Trusty cannot load microcode for family 17h AMD processors (LP: #1774082)
    - x86/microcode/AMD: Add support for fam17h microcode loading

linux (3.13.0-150.200) trusty; urgency=medium

  * linux: 3.13.0-150.200 -proposed tracker (LP: #1772970)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - SAUCE: x86/cpu: Rename x86_amd_ssbd_enable
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: x86: introduce num_emulated_msrs
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * CVE-2018-7492
    - rds: Fix NULL pointer dereference in __rds_rdma_map

  * CVE-2017-0627
    - media: uvcvideo: Prevent heap overflow when accessing mapped controls

  * CVE-2018-8781
    - drm: udl: Properly check framebuffer mmap offsets

  * CVE-2018-1068
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
    - arch: Introduce post-init read-only memory
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static

linux (3.13.0-148.197) trusty; urgency=medium

  * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)

  * CVE-2017-18208
    - mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
    - staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18221
    - mlock: fix mlock count can not decrease in race condition

  * CVE-2017-12134
    - xen: fix bio vec merging

  * CVE-2017-18203
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
    - netlink: Add netns check on taps

  * CVE-2017-13220
    - Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

  * CVE-2017-18204
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()

  * CVE-2017-13305
    - KEYS: encrypted: fix buffer overread in valid_master_desc()

  * CVE-2017-18079
    - Input: i8042 - fix crash at boot time

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

linux (3.13.0-147.196) trusty; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

linux (3.13.0-145.194) trusty; urgency=medium

  * linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] retpoline hints -- handle missing files when RETPOLINE not
      enabled
    - [Packaging] final-checks -- remove check for empty retpoline files

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386

  * Boot crash with Trusty 3.13 (LP: #1757193)
    - Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
    - x86/mm: Expand the exception table logic to allow new handling options

  * Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
    - x86/kvm: Rename VMX's segment access rights defines
    - x86/signal/64: Fix SS if needed when delivering a 64-bit signal

linux (3.13.0-144.193) trusty; urgency=medium

  * linux: 3.13.0-144.193 -proposed tracker (LP: #1755227)

  * CVE-2017-12762
    - isdn/i4l: fix buffer overflow

  * CVE-2017-17807
    - KEYS: add missing permission check for request_key() destination

  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: Add ndo_gso_check
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware

  * CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks

  * CVE-2017-11089
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE

  * CVE-2018-5332
    - RDS: Heap OOB write in rds_message_alloc_sgs()

  * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier

  * CVE-2017-17805
    - crypto: salsa20 - fix blkcipher_walk API usage

  * [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce
    buffers (LP: #1742480)
    - SAUCE: storvsc: do not assume SG list is continuous when doing bounce
      buffers

  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport

  * CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio

  * CVE-2017-5715 (Spectre v2 Intel)
    - [Packaging] pull in retpoline files

linux (3.13.0-143.192) trusty; urgency=medium

  * linux: 3.13.0-143.192 -proposed tracker (LP: #1751838)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/alternatives: Fix ALTERNATIVE_2 padding generation properly
    - x86/alternatives: Fix alt_max_short macro to really be a max()
    - x86/alternatives: Guard NOPs optimization
    - x86/alternatives: Switch AMD F15h and later to the P6 NOPs
    - x86/alternatives: Make optimize_nops() interrupt safe and synced
    - x86/alternatives: Fix optimize_nops() checking
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Packaging] retpoline files must be sorted
    - [Config] disable retpoline for the first upload
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES

  * retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files

  * CVE-2017-5715 (Spectre v2 Intel)
    - x86, microcode: Share native MSR accessing variants
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/entry: Fixup 32bit compat call locations
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: turn off IBRS when full retpoline is present

  * CVE-2017-5753 (Spectre v1 Intel)
    - x86: Add another set of MSR accessor functions
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: switch to lfence rather than mfence
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - fs: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - powerpc: add osb barrier
    - s390/spinlock: add osb memory barrier
    - arm64: no osb() implementation yet
    - arm: no osb() implementation yet

  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: x86/cpuid: Fix ordering of scattered feature list"
    - Revert "UBUNTU: SAUCE: KVM: Fix spec_ctrl CPUID support for guests"
    - Revert "UBUNTU: SAUCE: x86/entry: Fixup 32bit compat call locations"
    - Revert "UBUNTU: SAUCE: powerpc: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: arm: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: arm64: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
      MFENCE_RDTSC feature"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized"
    - Revert "UBUNTU: SAUCE: x86/svm: Add code to clobber the RSB on VM exit"
    - Revert "UBUNTU: SAUCE: KVM: x86: Add speculative control CPUID support for
      guests"
    - Revert "UBUNTU: SAUCE: x86/svm: Set IBPB when running a different VCPU"
    - Revert "UBUNTU: SAUCE: x86/svm: Set IBRS value on VM entry and exit"
    - Revert "UBUNTU: SAUCE: KVM: SVM: Do not intercept new speculative control
      MSRs"
    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
      support IBPB feature"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Add speculative control support for AMD"
    - Revert "UBUNTU: SAUCE: x86/entry: Use retpoline for syscall's indirect
      calls"
    - Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs
      and ibpb control"
    - Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable
      SPEC_CTRL feature"
    - Revert "UBUNTU: SAUCE: x86/kvm: Pad RSB on VM transition"
    - Revert "UBUNTU: SAUCE: x86/kvm: Toggle IBRS on VM entry and exit"
    - Revert "UBUNTU: SAUCE: x86/kvm: Set IBPB when switching VM"
    - Revert "UBUNTU: SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
      to kvm"
    - Revert "UBUNTU: SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP
      platform"
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - Revert "UBUNTU: SAUCE: x86/mm: Set IBPB upon context switch"
    - Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS when offlining cpu and re-
      enable on wakeup"
    - Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS entering idle and enable it on
      wakeup"
    - Revert "UBUNTU: SAUCE: x86/enter: Use IBRS on syscall and interrupts"
    - Revert "UBUNTU: SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB"
    - Revert "UBUNTU: SAUCE: x86/feature: Report presence of IBPB and IBRS
      control"
    - Revert "UBUNTU: SAUCE: x86/feature: Enable the x86 feature to control
      Speculation"
    - Revert "UBUNTU: SAUCE: udf: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: fs: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: userns: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: cw1200: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: qla2xxx: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: p54: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: carl9170: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: uvcvideo: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: locking/barriers: introduce new memory barrier gmb()"
    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
    - Revert "x86: Add another set of MSR accessor functions"
    - Revert "x86, microcode: Share native MSR accessing variants"

  * stress-ng enosys stressor triggers a kernel BUG (LP: #1750786)
    - SAUCE: x86, extable: fix uaccess fixup detection

linux (3.13.0-142.191) trusty; urgency=medium

  * linux: 3.13.0-142.191 -proposed tracker (LP: #1746900)

  * CVE-2017-17806
    - crypto: hmac - require that the underlying hash algorithm is unkeyed

  * CVE-2017-18017
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

  * CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks

  * CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release

  * CVE-2017-5715 (Spectre v2 embargoed) // CVE-2017-5753 (Spectre v1 embargoed)
    - x86/asm/msr: Make wrmsrl_safe() a function

  * CVE-2017-1000407
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts

  * CVE-2017-0861
    - ALSA: pcm: prevent UAF in snd_pcm_info

  * CVE-2017-14051
    - scsi: qla2xxx: Fix an integer overflow in sysfs code

  * CVE-2017-15868
    - Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with
      l2cap socket

  * CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op

  * powerpc: flush L1D on return to use (LP: #1742772) // CVE-2017-5754
    (Meltdown)
    - SAUCE: powerpc: Prevent Meltdown attack with L1-D$ flush
    - SAUCE: powerpc: Remove dead code in sycall entry
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: rfi-flush: Make the fallback robust against memory corruption
    - SAUCE: powerpc/kernel: Does not use sync
    - SAUCE: rfi-flush: Factor out init_fallback_flush()
    - SAUCE: rfi-flush: Make setup_rfi_flush() not __init
    - SAUCE: rfi-flush: Move the logic to avoid a redo into the sysfs code
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again
    - SAUCE: rfi-flush: Call setup_rfi_flush() after LPM migration
    - SAUCE: rfi-flush: Fix fallback on distros using bootmem
    - SAUCE: rfi-flush: fix package build error (unused variable limit)
    - SAUCE: rfi-flush: Fix kernel package build using bootmem
    - SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
    - SAUCE: rfi-flush: Fix rename of pseries_setup_rfi_flush()
    - SAUCE: rfi-flush: Mark DEBUG_RFI as BROKEN
    - SAUCE: rfi-flush: Switch to new linear fallback flush
    - SAUCE: powerpc/kernel: Remove unused variable
    - SAUCE: powerpc/kernel: Fix typo on variable
    - SAUCE: powerpc/kernel: Fix instructions usage
    - SAUCE: powerpc/kernel: Define PACA_L1D_FLUSH_SIZE
    - SAUCE: rfi-flush: Fix for kernel crash.

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * CVE-2017-12190
    - fix unbalanced page refcounting in bio_map_user_iov
    - more bio_map_user_iov() leak fixes

  * CVE-2017-15274
    - KEYS: fix dereferencing NULL payload with nonzero length

  * CVE-2017-14140
    - Sanitize 'move_pages()' permission checks

  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one

  * CVE-2017-14489
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse
      nlmsg properly

  * CVE-2017-12153
    - nl80211: check for the required netlink attributes presence

  * CVE-2017-16525
    - USB: serial: console: fix use-after-free after failed setup
    - USB: serial: console: fix use-after-free on disconnect

  * CVE-2017-7542
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt
    - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()

  * CVE-2017-15102
    - usb: misc: legousbtower: Fix NULL pointer deference

  * CVE-2017-12192
    - KEYS: prevent KEYCTL_READ on negative key

  * CVE-2017-14156
    - video: fbdev: aty: do not leak uninitialized padding in clk to userspace

  * CVE-2017-5669
    - ipc/shm: Fix shmat mmap nil-page protection

  * CVE-2017-0750
    - f2fs: do more integrity verification for superblock

  * CVE-2017-7889
    - mm: Tighten x86 /dev/mem with zeroing reads

  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

linux (3.13.0-141.190) trusty; urgency=low

  * linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)

  * ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
    test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
    3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fixup 32bit compat call locations

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.13.0-140.189) trusty; urgency=low

  * linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)

  [ Stefan Bader ]
  * CVE-2017-5715 // CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: cw1200: prevent speculative execution
    - SAUCE: userns: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - SAUCE: arm64: no gmb() implementation yet
    - SAUCE: arm: no gmb() implementation yet
    - SAUCE: powerpc: no gmb() implementation yet

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

linux (3.13.0-139.188) trusty; urgency=low

  * linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - arch: Introduce smp_load_acquire(), smp_store_release()
    - mm, x86: Account for TLB flushes only when debugging
    - x86/mm: Clean up inconsistencies when flushing TLB ranges
    - x86/mm: Eliminate redundant page table walk during TLB range flushing
    - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
      IvyBridge
    - x86/mm: Clean up the TLB flushing code
    - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
    - x86/mm: Fix missed global TLB flush stat
    - x86/mm: New tunable for single vs full TLB flush
    - x86/mm: Set TLB flush tunable to sane value (33)
    - x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
      variable read-mostly
    - rcu: Provide counterpart to rcu_dereference() for non-RCU situations
    - rcu: Move lockless_dereference() out of rcupdate.h
    - x86/ldt: Make modify_ldt synchronous
    - x86/ldt: Correct LDT access in single stepping logic
    - x86/ldt: Correct FPU emulation access to LDT
    - x86/ldt: Further fix FPU emulation
    - x86/mm: Disable preemption during CR3 read+write
    - x86: Clean up cr4 manipulation
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - kvmclock: export kvmclock clocksource and data pointers
    - x86/mm/kaiser: remove paravirt clock warning
    - kaiser: x86: Fix NMI handling
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION

linux (3.13.0-137.186) trusty; urgency=low

  * linux: 3.13.0-137.186 -proposed tracker (LP: #1736194)

  * CVE-2017-1000405
    - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()

  * CVE-2017-16939
    - netlink: add a start callback for starting a netlink dump
    - ipsec: Fix aborted xfrm policy dump crash

linux (3.13.0-136.185) trusty; urgency=low

  * linux: 3.13.0-136.185 -proposed tracker (LP: #1734733)

  * NVMe timeout is too short (LP: #1729119)
    - NVMe: Make I/O timeout a module parameter
    - nvme: update timeout module parameter type

linux (3.13.0-135.184) trusty; urgency=low

  * linux: 3.13.0-135.184 -proposed tracker (LP: #1724500)

  * Trusty NVMe boot fails on some systems (LP: #1720867)
    - NVMe: RCU protected access to io queues
    - NVMe: IOCTL path RCU protect queue access
    - powerpc/mm: fix ".__node_distance" undefined
    - NVMe: per-cpu io queues
    - nvme: Use pci_enable_msi_range() and pci_enable_msix_range()
    - NVMe: make setup work for devices that don't do INTx
    - NVMe: Always use MSI/MSI-x interrupts

linux (3.13.0-134.183) trusty; urgency=low

  * linux: 3.13.0-134.183 -proposed tracker (LP: #1722335)

  [ Thadeu Lima de Souza Cascardo ]
  * CVE-2017-10661
    - timerfd: Protect the might cancel mechanism proper

  * CVE-2017-10662
    - f2fs: sanity check segment count

  * CVE-2017-10663
    - f2fs: sanity check checkpoint segno and blkoff

  * CVE-2017-14340
    - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present

  * CVE-2017-10911
    - xen-blkback: don't leak stack data via response ring

  * CVE-2017-11176
    - mqueue: fix a use-after-free in sys_mq_notify()

  * CVE-2016-8632
    - tipc: check minimum bearer MTU

linux (3.13.0-133.182) trusty; urgency=low

  * linux: 3.13.0-133.182 -proposed tracker (LP: #1718159)

  [ Stefan Bader ]
  * CVE-2016-8633
    - firewire: net: guard against rx buffer overflows

  * CVE-2017-14106
    - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

linux (3.13.0-132.181) trusty; urgency=low

  * linux: 3.13.0-132.181 -proposed tracker (LP: #1716634)

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (3.13.0-131.180) trusty; urgency=low

  * linux: 3.13.0-131.180 -proposed tracker (LP: #1715439)

  * CVE-2016-7097
    - posix_acl: Clear SGID bit when setting file permissions

  * CVE-2016-9083
    - vfio/pci: Fix integer overflows, bitmask check

  * CVE-2016-9084
    - vfio/pci: Fix integer overflows, bitmask check

  * CVE-2016-9604
    - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings

  * CVE-2016-9191
    - sysctl: Drop reference added by grab_header in proc_sys_readdir

  * CVE-2016-9178
    - fix minor infoleak in get_user_ex()

  * CVE-2016-8650
    - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]

  * CVE-2016-10044
    - vfs: Commit to never having exectuables on proc and sysfs.
    - aio: mark AIO pseudo-fs noexec

linux (3.13.0-130.179) trusty; urgency=low

  * linux: 3.13.0-130.179 -proposed tracker (LP: #1713456)

  * CVE-2016-10200
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{, 6}_bind()

  * CVE-2016-9754
    - ring-buffer: Prevent overflow of size in ring_buffer_resize()

  * CVE-2017-5970
    - ipv4: keep skb->dst around in presence of IP options

  * CVE-2017-6346
    - packet: fix races in fanout_add()

  * CVE-2017-6214
    - tcp: avoid infinite loop in tcp_splice_read()

  * CVE-2017-6951
    - KEYS: Change the name of the dead type to ".dead" to prevent user access

  * CVE-2017-7472
    - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

  * CVE-2017-7187
    - scsi: sg: check length passed to SG_NEXT_CMD_LEN

  * CVE-2017-7541
    - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()

  * sort ABI files with C.UTF-8 locale (LP: #1712345)
    - [Packaging] sort ABI files with C.UTF-8 locale

  * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for
    kernels able to boot without initramfs (LP: #1700972)
    - [Debian] Don't depend on initramfs-tools

linux (3.13.0-129.178) trusty; urgency=low

  * linux: 3.13.0-129.178 -proposed tracker (LP: #1709292)

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

  * CVE-2016-7914
    - assoc_array: don't call compare_object() on a node

  * CVE-2017-7616
    - mm/mempolicy.c: fix error handling in set_mempolicy and mbind.

  * CVE-2017-7261
    - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()

  * CVE-2017-7273
    - HID: hid-cypress: validate length of report

  * CVE-2017-7487
    - ipx: call ipxitf_put() in ioctl error path

  * CVE-2017-7495
    - ext4: fix data exposure after a crash

linux (3.13.0-128.177) trusty; urgency=low

  * CVE-2017-1000112
    - ipv4: Should use consistent conditional judgement for ip fragment in
      __ip_append_data and ip_finish_output
    - ipv6: Don't use ufo handling on later transformed packets
    - ipv6: Should use consistent conditional judgement for ip6 fragment between
      __ip6_append_data and ip6_finish_output
    - udp: avoid ufo handling on IP payload compression packets
    - net: account for current skb length when deciding about UFO
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - net-packet: fix race in packet_set_ring on PACKET_RESERVE

linux (3.13.0-126.175) trusty; urgency=low

  * linux: 3.13.0-126.175 -proposed tracker (LP: #1704994)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

  * CVE-2017-7482
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode

  * CVE-2017-1000365
    - fs/exec.c: account for argv/envp pointers

  * CVE-2016-8405
    - fbdev: color map copying bounds checking

  * CVE-2017-2618
    - selinux: fix off-by-one in setprocattr

  * update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - lib: devres: add a helper function for ioremap_wc
    - net: ena: remove superfluous check in ena_remove()
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

linux (3.13.0-125.174) trusty; urgency=low

  * linux: 3.13.0-125.174 -proposed tracker (LP: #1703396)

  * NULL pointer dereference triggered by openvswitch autopkg testcase
    (LP: #1703401)
    - Revert "rtnl/do_setlink(): notify when a netdev is modified"
    - Revert "rtnl/do_setlink(): last arg is now a set of flags"
    - Revert "rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated"
    - Revert "rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated"
    - Revert "rtnetlink: provide api for getting and setting slave info"

linux (3.13.0-124.173) trusty; urgency=low

  * linux: 3.13.0-124.173 -proposed tracker (LP: #1701042)

  * CVE-2017-7895
    - nfsd: Remove assignments inside conditions
    - svcrdma: Do not add XDR padding to xdr_buf page vector
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops

  * CVE-2017-9605
    - drm/vmwgfx: Make sure backup_handle is always valid

  * CVE-2017-1000380
    - ALSA: timer: Fix race between read and ioctl
    - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

  * linux <3.18: netlink notification is missing when an interface is modified
    (LP: #1690094)
    - rtnetlink: provide api for getting and setting slave info
    - rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated
    - rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated
    - rtnl/do_setlink(): last arg is now a set of flags
    - rtnl/do_setlink(): notify when a netdev is modified

  * CVE-2015-8944
    - Make file credentials available to the seqfile interfaces
    - /proc/iomem: only expose physical resource addresses to privileged users

  * CVE-2016-10088
    - sg_write()/bsg_write() is not fit to be called under KERNEL_DS

  * CVE-2017-7346
    - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()

  * CVE-2015-8966
    - arm: fix handling of F_OFD_... in oabi_fcntl64()

  * Missing IOTLB flush causes DMAR errors with SR-IOV (LP: #1697053)
    - iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap()

  * CVE-2017-8924
    - USB: serial: io_ti: fix information leak in completion handler

  * CVE-2017-8925
    - USB: serial: omninet: fix reference leaks at open

  * CVE-2015-8967
    - arm64: make sys_call_table const

  * CVE-2015-8964
    - tty: Prevent ldisc drivers from re-using stale tty fields

  * CVE-2015-8955
    - arm64: perf: reject groups spanning multiple HW PMUs

  * CVE-2015-8962
    - sg: Fix double-free when drives detach during SG_IO

  * CVE-2015-8963
    - perf: Fix race in swevent hash

  * CVE-2017-9074
    - ipv6: Check ip6_find_1stfragopt() return value properly.

  * CVE-2014-9900
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()

linux (3.13.0-123.172) trusty; urgency=low

  * linux: 3.13.0-123.172 -proposed tracker (LP: #1700558)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux (3.13.0-122.171) trusty; urgency=low

  * linux: 3.13.0-122.171 -proposed tracker (LP: #1699047)

  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit

  * CVE-2014-9940
    - regulator: core: Fix regualtor_ena_gpio_free not to access pin after freeing

  * CVE-2017-100363
    - char: lp: fix possible integer overflow in lp_setup()

  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()

  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options

  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent

  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

  * CVE-2017-7294
    - drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()

linux (3.13.0-121.170) trusty; urgency=low

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

linux (3.13.0-119.166) trusty; urgency=low

  * linux: 3.13.0-119.166 -proposed tracker (LP: #1687718)

  * CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation
    (LP: #1687107)
    - rose: limit sk_filter trim to payload
    - tcp: take care of truncations done by sk_filter()

linux (3.13.0-118.165) trusty; urgency=low

  * linux: 3.13.0-118.165 -proposed tracker (LP: #1686154)

  * linux_3.13.0-*.*: nVMX: Check current_vmcs12 before accessing in
    handle_invept() (LP: #1678676)
    - SAUCE: KVM has a flaw in INVEPT emulation that could crash the host

  * Please backport fix to reference leak in cgroup blkio throttle
    (LP: #1683976)
    - block: fix module reference leak on put_disk() call for cgroups throttle

linux (3.13.0-117.164) trusty; urgency=low

  * linux: 3.13.0-117.164 -proposed tracker (LP: #1680733)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * CVE-2017-5986
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf

  * Update ENA driver to 1.1.2 from net-next (LP: #1664312)
    - net: ena: Remove unnecessary pci_set_drvdata()
    - net: ena: Fix error return code in ena_device_init()
    - net: ena: change the return type of ena_set_push_mode() to be void.
    - net: ena: use setup_timer() and mod_timer()
    - net/ena: remove ntuple filter support from device feature list
    - net/ena: fix queues number calculation
    - net/ena: fix ethtool RSS flow configuration
    - net/ena: fix RSS default hash configuration
    - net/ena: fix NULL dereference when removing the driver after device reset
      failed
    - net/ena: refactor ena_get_stats64 to be atomic context safe
    - net/ena: fix potential access to freed memory during device reset
    - net/ena: use READ_ONCE to access completion descriptors
    - net/ena: reduce the severity of ena printouts
    - net/ena: change driver's default timeouts
    - net/ena: change condition for host attribute configuration
    - net/ena: update driver version to 1.1.2

  * [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
    bytes to a sockaddr (LP: #1668042)
    - net/bonding: Enforce active-backup policy for IPoIB bonds

  * stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
    failure with linux 4.9.0-12.13) (LP: #1658633)
    - ext4: lock the xattr block before checksuming it

  * vmxnet3 LRO IPv6 performance issues (stalling TCP) (LP: #1605494)
    - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets

  * move aufs.ko from -extra to linux-image package (LP: #1673498)
    - [config] aufs.ko moved to linux-image package

  * lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls

Date: 2021-03-18 15:43:09.304736+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-185.236~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:51:32 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:51:32 -0000
Subject: [ubuntu/precise-security] linux 3.2.0-150.197 (Accepted)
Message-ID: <162004629212.6008.13489343568481204110.launchpad@ackee.canonical.com>

linux (3.2.0-150.197) precise; urgency=medium

  * precise/linux: 3.2.0-150.197 -proposed tracker (LP: #1919172)

  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - Add file_ns_capable() helper function for open-time capability checking
    - net: Add variants of capable for use on on sockets
    - netlink: Make the sending netlink socket availabe in NETLINK_CB

linux (3.2.0-149.196) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux (3.2.0-148.195) precise; urgency=medium

  * precise/linux: 3.2.0-148.195 -proposed tracker (LP: #1882773)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

linux (3.2.0-147.194) precise; urgency=medium

  * CVE-2020-0543
    - x86, cpufeature: Add the RDSEED and ADX features
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (3.2.0-145.192) precise; urgency=medium

  * precise/linux: 3.2.0-145.192 -proposed tracker (LP: #1878876)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * CVE-2020-12654
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

linux (3.2.0-144.191) precise; urgency=medium

  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * The 3.13 kernel for Precise ESM does not provide the expected version number
    (LP: #1838610)
    - [debian] Allow for package revisions condusive for branching
    - [debian] Fix regression with ABI subversions and backport
    - [Packaging] uploadnum should be the remainder of the version

linux (3.2.0-143.190) precise; urgency=medium

  * CVE-2019-14835
    - vhost: make sure log_num < in_num

linux (3.2.0-142.189) precise; urgency=medium

  * linux: 3.2.0-142.189 -proposed tracker (LP: #1835270)

  * CVE-2017-5715 // MDS: CPU buffers are not cleared on all paths from kernel
    to userspace (LP: #1833047)
    - SAUCE: KVM: x86: Make use of x86_spec_ctrl_{set_guest,restore_host}

  * CVE-2017-5715 // x86/speculation: SPEC_CTRL MSR not properly set/restored on
    VMENTER/VMEXIT (LP: #1834635)
    - SAUCE: x86/speculation: Introduce x86_spec_ctrl_{set_guest,restore_host}

  * x86/speculation: SPEC_CTRL MSR not properly set/restored on VMENTER/VMEXIT
    (LP: #1834635)
    - SAUCE: KVM: VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    CPU buffers are not cleared on all paths from kernel to userspace (LP:
    #1833047)
    - x86/asm: Error out if asm/jump_label.h is included inappropriately
    - x86/asm: Make asm/alternative.h safe from assembly
    - x86/jump-label: Use best default nops for inital jump label calls
    - SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    Incorrect warning when booting with 'nosmt' (LP: #1830018)
    - SAUCE: [Fix] x86/speculation/mds: Add SMT warning message

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter

  * CVE-2017-5715
    - SAUCE: Reset the SPEC_CTRL MSR on secondary CPUs

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
    - SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce sched_smt_{active,present}

  * CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation: Mark string arrays const correctly

  * CVE-2017-5715 // CVE-2018-3639
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read

  * CVE-2017-5754
    - SAUCE: Show 'pti' in /proc/cpuinfo

  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation

  * CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM

  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5754
    - x86/Documentation: Add PTI description
    - x86/pti: Document fix wrong index
    - SAUCE: x86/pti: Query MSR IA32_ARCH_CAPABILITIES for ARCH_CAP_RDCL_NO

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715
    - SAUCE: x86/cpufeatures: Reorder auxiliary feature bits
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - SAUCE: x86/speculation: Introduce spectre_v2_select_mitigation() stub
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - SAUCE: x86/cpufeatures: Clean up Spectre v2 related feature bits
    - x86/speculation: Use IBRS if available before calling into firmware
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715 //
    CVE-2018-3639
    - SAUCE: x86/speculation: Introduce x86_spec_ctrl_base

  * intel-microcode 3.20180312.0 causes lockup at login screen (LP: #1759920) //
    Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2018-12126 //
    CVE-2018-12127 // CVE-2018-12130
    - SAUCE: x86/msr: Fix formatting of msr-index.h

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5753
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

linux (3.2.0-141.188) precise; urgency=medium

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format

linux (3.2.0-140.186) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] Sync in-tree getabis script

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - perf/x86/intel: Use Intel family macros for core perf events
    - x86/cpu: Sanitize FAM6_ATOM naming
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/jump_label_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
    - KVM: Add x86_hyper_kvm to complete detect_hypervisor_platform check

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * CVE-2018-3639 (x86)
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627) //
    CVE-2017-5715
    - SAUCE: remove ibrs_dump sysctl interface

linux (3.2.0-139.185) precise; urgency=medium

  * linux: 3.2.0-139.185 -proposed tracker (LP: #1806430)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * Update to upstream's implementation of Spectre v1 mitigation
    (LP: #1774181) // CVE-2017-5753
    - SAUCE: x86/speculation: Add X86_BUG_SPECTRE_V[12] and sysfs show functions
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - SAUCE: Drop gmb() in favor of array_index_nospec()
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
      MFENCE_RDTSC feature"
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1

  * Update to upstream's implementation of Spectre v1 mitigation
    (LP: #1774181) // Prevent speculation on user controlled pointer
    (LP: #1775137) // CVE-2017-5753
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

linux (3.2.0-138.184) precise; urgency=medium

  * linux: 3.2.0-138.184 -proposed tracker (LP: #1802777)

  * CVE-2017-5754
    - SAUCE: x86/pti: Add X86_BUG_CPU_MELTDOWN and sysfs show function

linux (3.2.0-137.183) precise; urgency=medium

  * linux: 3.2.0-137.183 -proposed tracker (LP: #1799398)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - x86/mm: Simplify p[g4um]d_page() macros
    - x86/cpu: Merge bugs.c and bugs_64.c
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE
    - x86: Fix 32-bit *_cpu_data initializers
    - x86, cpu: Expand cpufeature facility to include cpu bugs
    - x86, cpu: Convert F00F bug detection
    - x86, cpu: Convert FDIV bug detection
    - x86, cpu: Convert Cyrix coma bug detection
    - x86, cpu: Convert AMD Erratum 383
    - x86, cpu: Convert AMD Erratum 400
    - x86/cpu/intel: Introduce macros for Intel family numbers
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - SAUCE: x86/cpu: Introduce x86_match_cpu()
    - SAUCE: sysfs/cpu: Add vulnerability folder
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86: fix boot on uniprocessor systems
    - ACPI / processor: Introduce apic_id in struct processor to save parsed APIC
      id
    - ACPI processor: Remove unneeded variable passed by
      acpi_processor_hotadd_init V2
    - ACPI / processor: use apic_id and remove duplicated _MAT evaluation
    - x86 / ACPI: simplify _acpi_map_lsapic()
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Handle CPUID bogosity gracefully
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - SAUCE: Introduce lock/unlock device hotplug functions
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - SAUCE: Work-around for gcc 4.6.3 segmentation fault
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - arch: Introduce post-init read-only memory
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert

linux (3.2.0-136.182) precise; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

linux (3.2.0-135.181) precise; urgency=medium

  * linux: 3.2.0-135.181 -proposed tracker (LP: #1788762)

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

linux (3.2.0-134.180) precise; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

linux (3.2.0-133.179) precise; urgency=medium

  * linux: 3.2.0-133.179 -proposed tracker (LP: #1745959)

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86, alternative: Add header guards to <asm/alternative-asm.h>
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - x86, microcode: Share native MSR accessing variants
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - Fix race in process_vm_rw_core
    - ptrace: mark __ptrace_may_access() static
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - x86 / msr: add 64bit _on_cpu access functions
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - bitops: Introduce BIT_ULL
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - x86/bitops: Move BIT_64() for a wider use
    - x86, pvops: Remove hooks for {rd,wr}msr_safe_regs
    - x86, cpu: Fix show_msr MSR accessing function
    - x86, cpu, amd: Fix crash as Xen Dom0 on AMD Trinity systems
    - x86, cpu, amd: Deprecate AMD-specific MSR variants
    - x86, cpu: Rename checking_wrmsrl() to wrmsrl_safe()
    - x86: Add another set of MSR accessor functions
    - x86/asm/msr: Make wrmsrl_safe() a function
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: arm: no gmb() implementation yet
    - SAUCE: powerpc: no gmb() implementation yet

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.2.0-132.178) precise; urgency=low

  * linux: 3.2.0-132.178 -proposed tracker (LP: #1741612)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - x86/mm: Disable preemption during CR3 read+write
    - x86, cpufeature: Add CPU features from Intel document 319433-012A
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION
    - x86/pti: Do not enable PTI on AMD processors

linux (3.2.0-131.177) precise; urgency=low

  * linux: 3.2.0-131.177 -proposed tracker (LP: #1716644)

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (3.2.0-130.176) precise; urgency=low

  * linux: 3.2.0-130.176 -proposed tracker (LP: #1704996)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

linux (3.2.0-129.174) precise; urgency=low

  * linux: 3.2.0-129.174 -proposed tracker (LP: #1700563)

  * CVE-2017-1000364
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: larger stack guard gap, between vmas
    - Allow stack to grow up to address space limit

linux (3.2.0-128.173) precise; urgency=low

  * CVE-2016-4997
    - netfilter: x_tables: add and use xt_check_entry_offsets
    - netfilter: x_tables: kill check_entry helper
    - netfilter: x_tables: add compat version of xt_check_entry_offsets
    - netfilter: x_tables: check for bogus target offset

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

Date: 2021-04-05 22:22:09.691838+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux/3.2.0-150.197
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:34 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:34 -0000
Subject: [ubuntu/precise-security] nspr 4.13.1-0ubuntu0.12.04.1 (Accepted)
Message-ID: <162004635423.5996.12276616666835939150.launchpad@ackee.canonical.com>

nspr (4.13.1-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 4.13.1 to support nss security update.

Date: 2017-07-26 19:47:18.314090+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/nspr/4.13.1-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:38 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:38 -0000
Subject: [ubuntu/precise-security] nss 2:3.28.4-0ubuntu0.12.04.11 (Accepted)
Message-ID: <162004635859.6008.1227247203548928449.launchpad@ackee.canonical.com>

nss (2:3.28.4-0ubuntu0.12.04.11) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12403-2.patch: fix incorrect call to ChaChaPoly1305 by PKCS11
      in nss/lib/freebl/chacha20poly1305.c.
    - CVE-2020-12403

nss (2:3.28.4-0ubuntu0.12.04.10) precise-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

nss (2:3.28.4-0ubuntu0.12.04.9) precise-security; urgency=medium

  * SECURITY UPDATE: Side channel vulnerability
    - debian/patches/CVE-2020-12402.patch: reduce
      side-channel leaks in nss/lib/freebl/mpi/mpi.c,
      nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
    - CVE-2020-12402

nss (2:3.28.4-0ubuntu0.12.04.8) precise-security; urgency=medium

   [ Marc Deslauriers ]
   * SECURITY UPDATE: Timing attack during DSA key generation
    - debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
      exponentiation in nss/lib/freebl/dsa.c.
    - CVE-2020-12399

nss (2:3.28.4-0ubuntu0.12.04.7) precise-security; urgency=medium

  * SECURITY UPDATE: Possible wrong length for cryptographic primitives input
    - debian/patches/CVE-2019-17006.patch: adds checks for length of crypto
      primitives in nss/lib/freebl/chacha20poly1305.c,
      nss/lib/freebl/ctr.c, nss/lib/freebl/gcm.c,
      nss/lib/freebl/intel-gcm-wrap.c,
      nss/lib/freebl/rsapkcs.c.
    - CVE-2019-17006

nss (2:3.28.4-0ubuntu0.12.04.6) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-17007.patch: check got some certs in
      collect_certs r=jcj in nss/lib/pkcs7/certread.c.
    - CVE-2019-17007

nss (2:3.28.4-0ubuntu0.12.04.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: out-of-bounds write in NSC_EncryptUpdate
    - debian/patches/CVE-2019-11745.patch: use maxout not block size in
      nss/lib/softoken/pkcs11c.c.
    - CVE-2019-11745
  * Note: this does _not_ contain the changes from 2:3.35-2ubuntu2.4 in
    disco-proposed.

nss (2:3.28.4-0ubuntu0.12.04.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: OOB read when importing a curve25519 private key
    - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip
      leading 0's from key material during PKCS11 import in
      nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c,
      nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c,
      nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c.
    - CVE-2019-11719
  * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys
    - debian/patches/CVE-2019-11729-1.patch: more thorough input checking
      in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c,
      nss/lib/freebl/ec.c, nss/lib/util/quickder.c.
    - CVE-2019-11729

nss (2:3.28.4-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

nss (2:3.28.4-0ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805
  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

nss (2:3.28.4-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get new CA
    certificate bundle.
  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502
  * debian/patches/99_jarfile_ftbfs.patch: removed, upstream.
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

Date: 2020-08-24 19:49:12.266574+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.12.04.11
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:40 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:40 -0000
Subject: [ubuntu/precise-security] ntp 1:4.2.6.p3+dfsg-1ubuntu3.13 (Accepted)
Message-ID: <162004636080.6007.2949188139248328589.launchpad@ackee.canonical.com>

ntp (1:4.2.6.p3+dfsg-1ubuntu3.13) precise-security; urgency=medium

  * SECURITY UPDATE: crash or possible code execution via a long string as
    the ipv4 host argument
    - debian/patches/CVE-2018-12327.patch prevent overflow of host
      in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c.
    - CVE-2018-12327

ntp (1:4.2.6.p3+dfsg-1ubuntu3.12) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

Date: 2020-01-06 15:01:15.071496+00:00
Changed-By: Mark Morlino <mark.morlino at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.13
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:46 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:46 -0000
Subject: [ubuntu/precise-security] openldap 2.4.28-1.1ubuntu4.12 (Accepted)
Message-ID: <162004636646.6007.13022224259050186603.launchpad@ackee.canonical.com>

openldap (2.4.28-1.1ubuntu4.12) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: assertion failure in Certificate List syntax
    validation
    - debian/patches/CVE-2020-25709.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25709
  * SECURITY UPDATE: assertion failure in CSN normalization with invalid
    input
    - debian/patches/CVE-2020-25710.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25710

openldap (2.4.28-1.1ubuntu4.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via NULL pointer dereference
    - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
      equality rule in servers/slapd/modrdn.c.
    - CVE-2020-25692

openldap (2.4.28-1.1ubuntu4.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via nested search filters
    - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
      servers/slapd/filter.c.
    - CVE-2020-12243

openldap (2.4.28-1.1ubuntu4.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

openldap (2.4.28-1.1ubuntu4.8) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via search with page size of 0
    - debian/patches/CVE-2017-9287.patch: fix double-free in
      servers/slapd/back-mdb/search.c.
    - CVE-2017-9287

Date: 2020-11-20 18:53:13.844325+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/openldap/2.4.28-1.1ubuntu4.12
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:50 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:50 -0000
Subject: [ubuntu/precise-security] openssl 1.0.1-4ubuntu5.45 (Accepted)
Message-ID: <162004637066.6007.4171710201095915125.launchpad@ackee.canonical.com>

openssl (1.0.1-4ubuntu5.45) precise-security; urgency=medium

  * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
    - debian/patches/DirectoryString-is-a-CHOICE-type-and-therefore-uses-expli.patch:
      use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c.
    - debian/patches/Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch:
      correctly compare EdiPartyName in crypto/x509v3/v3_genn.c.
    - debian/patches/Check-that-multi-strings-CHOICE-types-don-t-use-implicit-.patch:
      check that multi-strings/CHOICE types don't use implicit tagging in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
    - debian/patches/Complain-if-we-are-attempting-to-encode-with-an-invalid-A.patch:
      complain if we are attempting to encode with an invalid ASN.1 template in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
    - CVE-2020-1971 
  * SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash()
    - debian/patches/CVE-2021-23841.patch: fix Null pointer deref in
      crypto/x509/x509_cmp.c.
    - CVE-2021-23841

openssl (1.0.1-4ubuntu5.44) precise-security; urgency=medium

  * SECURITY UPDATE: ECDSA remote timing attack
    - debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
      zero cofactor, compute it in crypto/ec/ec.h, crypto/ec/ec_err.c,
      crypto/ec/ec_lib.c.
    - CVE-2019-1547
  * SECURITY UPDATE: 0-byte record padding oracle
    - debian/patches/CVE-2019-1559*.patch: go into the error state if a
      fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.ci,
      ssl/ssl.h.
    - CVE-2019-1559
  * SECURITY UPDATE: Padding Oracle issue
    - debian/patches/CVE-2019-1563.patch: fix a padding oracle in
      PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
      crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
      crypto/pkcs7/pk7_doit.c.
    - CVE-2019-1563

openssl (1.0.1-4ubuntu5.43) precise-security; urgency=medium

  * SECURITY UPDATE: Key Extraction side channel
    - debian/patches/CVE-2018-0495.patch: fix in
      crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-0732.patch: fix in
      crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737-*.patch: additional patches
    - CVE-2017-0737

openssl (1.0.1-4ubuntu5.41) precise-security; urgency=medium

  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse
      and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set
      in crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

openssl (1.0.1-4ubuntu5.40) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
    - debian/patches/CVE-2018-0739.patch: limit stack depth in
      crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
    - CVE-2018-0739
  * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read
    - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in
      crypto/x509v3/v3_addr.c.
    - CVE-2017-3735

Date: 2021-02-23 01:58:08.883307+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.45
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:52 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:52 -0000
Subject: [ubuntu/precise-security] openvpn 2.2.1-8ubuntu1.5 (Accepted)
Message-ID: <162004637252.6008.16721281881247133999.launchpad@ackee.canonical.com>

openvpn (2.2.1-8ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - NO CVE number

Date: 2017-08-02 19:27:16.879173+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/openvpn/2.2.1-8ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:55 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:55 -0000
Subject: [ubuntu/precise-security] paramiko 1.7.7.1-2ubuntu1.2 (Accepted)
Message-ID: <162004637543.6008.16258473781896488157.launchpad@ackee.canonical.com>

paramiko (1.7.7.1-2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: server-side authentication vulnerability
    - debian/patches/CVE-2018-1000805-pre.patch: fix MSG_UNIMPLEMENTED in
      paramiko/transport.py, added tests to tests/test_transport.py.
    - debian/patches/CVE-2018-1000805.patch: split messages dict in
      paramiko/auth_handler.py, added tests to tests/test_transport.py.
    - debian/control: added python-mock to Build-Depends.
    - CVE-2018-1000805

Date: 2018-10-17 17:30:13.230793+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/paramiko/1.7.7.1-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:52:58 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:52:58 -0000
Subject: [ubuntu/precise-security] patch 2.6.1-3ubuntu0.2 (Accepted)
Message-ID: <162004637860.6007.3778273045178772566.launchpad@ackee.canonical.com>

patch (2.6.1-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2016-10713.patch: fix in
      src/pch.c.
    - CVE-2016-10713
  * SECURITY UPDATE: Input validation vulnerability
    - debian/patches/CVE-2018-1000156.patch: fix in
      src/pch.c adding tests in Makefile.in, tests/ed-style.
    - CVE-2018-1000156

Date: 2018-04-16 12:44:26.498168+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/patch/2.6.1-3ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:53:04 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:53:04 -0000
Subject: [ubuntu/precise-security] perl 5.14.2-6ubuntu2.11 (Accepted)
Message-ID: <162004638459.6007.3399071918827730931.launchpad@ackee.canonical.com>

perl (5.14.2-6ubuntu2.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: heap buffer overflow in regex compiler
    - debian/patches/CVE-2020-10543.patch: prevent integer overflow
      from nested regex quantifiers in regcomp.c.
    - CVE-2020-10543
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-10878.patch: extract
      rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
    - CVE-2020-10878
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-12723.patch: avoid mutating regexp
      program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
      t/re/pat.t.
    - CVE-2020-12723
  * debian/patches/fix_test_2020.patch: fix FTBFS caused by test
    failing in the year 2020 in cpan/Time-Local/t/Local.t.

perl (5.14.2-6ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
    - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
      util.c.
    - CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow read
    - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
      memchr in regcomp.c.
    - CVE-2018-18313

perl (5.14.2-6ubuntu2.8) precise-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

perl (5.14.2-6ubuntu2.7) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite loop via crafted utf-8 data
    - debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
      t/re/pat.t.
    - debian/patches/fixes/CVE-2015-8853-2.patch: use
      Perl_croak_nocontext() in regexec.c.
    - CVE-2015-8853
  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

perl (5.14.2-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883

Date: 2020-10-26 16:40:14.020698+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.11
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 12:53:05 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 12:53:05 -0000
Subject: [ubuntu/precise-security] php-ssh2 0.11.2-1ubuntu0.1 (Accepted)
Message-ID: <162004638545.6008.9914340422641573090.launchpad@ackee.canonical.com>

php-ssh2 (0.11.2-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: fixing php_url_parse fails
    - debian/patches/fix_php_url_fails.patch: this fix is needed after
      php security fix CVE-2016-10397. Fix in ssh2_fopen_wrappers.c.

Date: 2018-04-27 15:55:43.278078+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/php-ssh2/0.11.2-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:04:44 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:04:44 -0000
Subject: [ubuntu/precise-security] php5 5.3.10-1ubuntu3.48 (Accepted)
Message-ID: <162004708490.6008.10029287995370135015.launchpad@ackee.canonical.com>

php5 (5.3.10-1ubuntu3.48) precise-security; urgency=medium

  * SECURITY UPDATE: Possibly forge cookie
    - debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
      in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
      tests/basic/bug79699.phpt.
    - CVE-2020-7070

php5 (5.3.10-1ubuntu3.47) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service through oversized memory allocated
    - debian/patches/CVE-2019-11048.patch: changes types int to size_t
      in main/rfc1867.c.
    - CVE-2019-11048

php5 (5.3.10-1ubuntu3.46) precise-security; urgency=medium

  * Fixing wrong patch in previous update. Replacing
    CVE-2020-7066 for *-7064 as it should be.

php5 (5.3.10-1ubuntu3.45) precise-security; urgency=medium

  * SECURITY UPDATE: Lax permissions
    - debian/patches/CVE-2020-7063.patch: restricting permissions
      for files added to tar in ext/phar/phar_object.c,
      ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082/*.
    - CVE-2020-7063
  * SECURITY UPDATE: One byte read or denial of service
    - debian/patches/CVE-2020-7064.patch: fix itemlen size to
      be passed to exif_file_sections_add and check if length < 2
      in ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064

php5 (5.3.10-1ubuntu3.44) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2015-9253.patch: directly listen
      on socket, instead duping it to STDIN in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
      and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
    - CVE-2015-9253
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-7059.patch: fix OOB read in
      php_strip_tags_ex in ext/standard/string.c and added
      test ext/standard/tests/file/bug79099.phpt.
    - CVE-2020-7059

php5 (5.3.10-1ubuntu3.42) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer underflow
    - debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
      to detect digits in ext/bcmath/libbcmath/src/str2num.c,
      ext/bcmath/tests/bug78878.phpt.
    - CVE-2019-11046
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
      ext/exif/tests/bug78910.phpt.
    - CVE-2019-11047
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-11050.patch: fix in
      ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
    - CVE-2019-11050

php5 (5.3.10-1ubuntu3.40) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: RCE via env_path_info underflow
    - debian/patches/CVE-2019-11043.patch: add check in
      sapi/fpm/fpm/fpm_main.c.
    - CVE-2019-11043

php5 (5.3.10-1ubuntu3.39) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
      to avoid an overflow in ext/exif.exif.c.
    - CVE-2019-11041
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11042.patch: check ByteCount in order to
      avoid an overflow in ext/exif/exif.c.
    - CVE-2019-11042

php5 (5.3.10-1ubuntu3.38) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-13224.patch: don't allow
      diff encondings for onig_new_deluxe in
      ext/mbstring/oniguruma/regext.c.
    - CVE-2019-13224

php5 (5.3.10-1ubuntu3.37) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2019-11039.patch: checks if
      str_left is > 1 in order to avoid a read out-of-bounds
      in ext/iconv/iconv.c.
    - CVE-2019-11039
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11040.patch: checks
      Thumbnail.size in order to avoid a heap-buffer-overflow
      in ext/exif/exif.c.
    - CVE-2019-11040

php5 (5.3.10-1ubuntu3.36) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2018-20783.patch: add more checks to buffer reads in
      ext/phat/phar.c.
    - CVE-2018-20783
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2019-11036.patch: check dir_entry <= offset_base in
      ext/exif/exif.c.
    - CVE-2019-11036
  [ Marc Deslauriers ]
  * SECURITY UPDATE: stream_get_meta_data issue
    - debian/patches/CVE-2016-10712.patch: properly handle metadata in
      ext/standard/streamsfuncs.c, ext/standard/tests/*,
      main/streams/memory.c.
    - debian/patches/CVE-2016-10712-2.patch: fix various tests.
    - CVE-2016-10712
  * SECURITY UPDATE: buffer over-read while unserializing untrusted data
    - debian/patches/CVE-2017-12933*.patch: add check to
      ext/standard/var_unserializer.*, add test to
      ext/standard/tests/serialize/bug74111.phpt, adjust test in
      ext/standard/tests/serialize/bug25378.phpt.
    - CVE-2017-12933
  * SECURITY UPDATE: DoS via long locale
    - debian/patches/CVE-2017-11362.patch: check length in
      ext/intl/msgformat/msgformat_parse.c.
    - CVE-2017-11362

php5 (5.3.10-1ubuntu3.35) precise-security; urgency=medium

  * SECURITY UPDATE: Information disclosure or crash
    - debian/patches/CVE-2019-11034.patch: fix heap-buffer-overflow
      in php_ifd_get32s in ext/exif/exif.c.
    - CVE-2019-11034
  * SECURITY UPDATE: Information disclosure or crash
    - debian/patches/CVE-2019-11035-*.patch: void strn on NULL,
      fix heap-buffer-overflow in ext/exif/exif.c.
    - CVE-2019-11035

php5 (5.3.10-1ubuntu3.34) precise-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
    - debian/patches/CVE-2019-9637.patch: fix in
      main/streams/plain_wrapper.c.
    - CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639.patch: fix in
      ext/exif/exif.c.
    - CVE-2019-9638
    - CVE-2019-9639
  * SECURITY UPDATE: Invalid read
    - debian/patches/CVE-2019-9640.patch: fix in
      ext/exif/exif.c.
    - CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
    - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
    - CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-9675.patch: fix in
      ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
      ext/phar/tests/bug77586/files/*.
    - CVE-2019-9675
  * Changed the way MAKERNOTE is handled in case we do not have a matching
    signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
    - debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
      it changing the behavior in order to continue the parse in
      ext/exif/exif.c
  * SECURITY UPDATE: buffer over-read in dns_get_record
    - debian/patches/CVE-2019-9022.patch: check length in
      ext/standard/dns.c.
    - CVE-2019-9022

php5 (5.3.10-1ubuntu3.33) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: invalid memory access in xmlrpc_decode()
    - debian/patches/CVE-2019-9020.patch: check length in
      ext/xmlrpc/libxmlrpc/xml_element.c, added test to
      ext/xmlrpc/tests/bug77242.phpt.
    - CVE-2019-9020
  * SECURITY UPDATE: buffer over-read in PHAR extension
    - debian/patches/CVE-2019-9021.patch: properly calculate position in
      ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
    - CVE-2019-9021
  * SECURITY UPDATE: buffer over-reads in mbstring regex functions
    - debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
      ext/mbstring/oniguruma/regparse.c, added test to
      ext/mbstring/tests/bug77370.phpt.
    - debian/patches/CVE-2019-9023-2.patch: check bounds in
      ext/mbstring/oniguruma/regcomp.c, added test to
      ext/mbstring/tests/bug77371.phpt.
    - debian/patches/CVE-2019-9023-3.patch: add length checks to
      ext/mbstring/oniguruma/enc/unicode.c,
      ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
      ext/mbstring/oniguruma/regparse.h, added test to
      ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
    - debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
      ext/mbstring/oniguruma/enc/utf16_be.c,
      ext/mbstring/oniguruma/enc/utf16_le.c,
      ext/mbstring/oniguruma/enc/utf32_be.c,
      ext/mbstring/oniguruma/enc/utf32_le.c, added test to
      ext/mbstring/tests/bug77418.phpt.
    - CVE-2019-9023
  * SECURITY UPDATE: buffer over-read in xmlrpc_decode()
    - debian/patches/CVE-2019-9024.patch: fix variable size in
      ext/xmlrpc/libxmlrpc/base64.c, added test to
      ext/xmlrpc/tests/bug77380.phpt.
    - CVE-2019-9024
  * Adding support to mb_split empty regex in support to CVE-2019-9023.
    - debian/patches/0001-supporting-empty-mb_split-regex.path: fix in
      ext/mbstring/php_mbregex.c,
      ext/mbstring/tests/mb_split_empty_match.phpt,
      ext/mbstring/tests/mb_split_variation1.phpt.

php5 (5.3.10-1ubuntu3.32) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

php5 (5.3.10-1ubuntu3.31) precise-security; urgency=medium

  * SECURITY UPDATE: opcache access controls bypass
    - debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
      default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
      sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
    - CVE-2018-10545
  * SECURITY UPDATE: XSS on PHAR error pages
    - debian/patches/CVE-2018-10547.patch: remove potential unfiltered
      outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
    - CVE-2018-10547
  * SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
    - debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
      add test to ext/ldap/tests/bug76248.phpt.
    - CVE-2018-10548

php5 (5.3.10-1ubuntu3.30) precise-security; urgency=medium

  * SECURITY UPDATE: XSS in PHAR error page
    - debian/patches/CVE-2018-5712.patch: remove file name from output to
      avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
      ext/phar/tests/*.
    - CVE-2018-5712
  * SECURITY UPDATE: stack-based under-read in HTTP response parsing
    - debian/patches/CVE-2018-7584.patch: prevent reading beyond buffer
      start in ext/standard/http_fopen_wrapper.c,
      ext/standard/tests/http/bug75981.phpt.
    - CVE-2018-7584

php5 (5.3.10-1ubuntu3.28) precise-security; urgency=medium

  * SECURITY UPDATE: URL check bypass
    - debian/patches/CVE-2016-10397.patch: fix logic in
      ext/standard/url.c, added tests to
      ext/standard/tests/url/bug73192.phpt,
      ext/standard/tests/url/parse_url_basic_00*.phpt.
    - CVE-2016-10397
  * SECURITY UPDATE: wddx empty boolean tag parsing issue
    - debian/patches/CVE-2017-11143.patch: handle empty tag in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
    - CVE-2017-11143
  * SECURITY UPDATE: DoS in OpenSSL sealing function
    - debian/patches/CVE-2017-11144.patch: check return code in
      ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
    - CVE-2017-11144
  * SECURITY UPDATE: information leak in the date extension
    - debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
      in ext/date/lib/parse_date.*.
    - CVE-2017-11145
  * SECURITY UPDATE: buffer overread in phar_parse_pharfile
    - debian/patches/CVE-2017-11147.patch: use proper sizes in
      ext/phar/phar.c.
    - CVE-2017-11147
  * SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
    - debian/patches/CVE-2017-11628.patch: use correct buffer size in
      Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
    - CVE-2017-11628
  * SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9224.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9224
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9226.patch: add checks to
      ext/mbstring/oniguruma/regparse.c.
    - CVE-2017-9226
  * SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9227.patch: add bounds check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9227
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9228.patch: add check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9228
  * SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
    - debian/patches/CVE-2017-9229.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9229

Date: 2020-10-14 14:13:15.184446+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.48
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:04:46 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:04:46 -0000
Subject: [ubuntu/precise-security] pixman 0.30.2-1ubuntu0.0.0.0.4 (Accepted)
Message-ID: <162004708637.6007.15537510921869271493.launchpad@ackee.canonical.com>

pixman (0.30.2-1ubuntu0.0.0.0.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: general_composite_rect() integer overflow
    - debian/patches/CVE-2015-5297-pre1.patch: ensure that iter buffers are
      aligned to 16 bytes in pixman/pixman-general.c,
      pixman/pixman-private.h, pixman/pixman-utils.c.
    - debian/patches/CVE-2015-5297-pre2.patch: use floating point combiners
      for all operators that involve divisions in pixman/pixman-general.c.
    - debian/patches/CVE-2015-5297-1.patch: fix stack related pointer
      arithmetic overflow in pixman/pixman-general.c.
    - debian/patches/CVE-2015-5297-2.patch: tighten up calculation of
      temporary buffer sizes in pixman/pixman-general.c.
    - debian/patches/disable_test.patch: disable blitters test as the
      correct CRC is unknown.
    - CVE-2015-5297

Date: 2018-12-11 17:50:14.902332+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/pixman/0.30.2-1ubuntu0.0.0.0.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:04:49 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:04:49 -0000
Subject: [ubuntu/precise-security] policykit-1 0.104-1ubuntu1.5 (Accepted)
Message-ID: <162004708995.5996.17044475397620671357.launchpad@ackee.canonical.com>

policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

policykit-1 (0.104-1ubuntu1.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

policykit-1 (0.104-1ubuntu1.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via duplicate action IDs
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

Date: 2019-08-29 18:57:14.122606+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.104-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:04:53 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:04:53 -0000
Subject: [ubuntu/precise-security] postgresql-common 129ubuntu1.2 (Accepted)
Message-ID: <162004709324.6007.12855412494115241455.launchpad@ackee.canonical.com>

postgresql-common (129ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: symlink attack vulnerability
    - drop privileges when creating log file in pg_ctlcluster.
    - c8989206ec360f199400c74f129f7b4cb878c1ee
    - CVE-2016-1255
  * SECURITY UPDATE: symlink attack vulnerability in init/helper scripts
    (LP: #1727209)
    - use lchown instead of chown in pg_createcluster, pg_ctlcluster,
      pg_upgradecluster.
    - 8b4d0a889a8287181c4bdf46462db9b737a6e25d
    - CVE-2017-8806

Date: 2017-11-27 17:21:12.246884+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-common/129ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:04:56 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:04:56 -0000
Subject: [ubuntu/precise-security] ppp 2.4.5-5ubuntu1.4 (Accepted)
Message-ID: <162004709614.6007.2668023281056289459.launchpad@ackee.canonical.com>

ppp (2.4.5-5ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file disclosure vulnerability
    - debian/patches/load_ppp_generic_if_needed: removed, ppp has been
      built into Ubuntu kernels since at least 2012.
    - CVE-2020-15704
  * debian/patches/0016-pppoe-include-netinet-in.h-before-linux-in.h.patch:
    fix build on newer kernels.

ppp (2.4.5-5ubuntu1.3) precise-security; urgency=medium

   [ Marc Deslauriers ]
   * SECURITY UPDATE: rhostname buffer overflow
    - debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in
      pppd/eap.c.
    - CVE-2020-8597

Date: 2020-08-05 16:05:21.730614+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/ppp/2.4.5-5ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:04:58 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:04:58 -0000
Subject: [ubuntu/precise-security] procmail 3.22-19ubuntu0.2 (Accepted)
Message-ID: <162004709826.6008.13367665376149793694.launchpad@ackee.canonical.com>

procmail (3.22-19ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in the loadbuf function
    - debian/patches/30: make sure buffer is big enough in src/formisc.c.
    - CVE-2017-16844

Date: 2017-11-21 13:09:20.909896+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/procmail/3.22-19ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:05:04 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:05:04 -0000
Subject: [ubuntu/precise-security] python-apt 0.8.3ubuntu7.5 (Accepted)
Message-ID: <162004710459.5996.17379339879851836087.launchpad@ackee.canonical.com>

python-apt (0.8.3ubuntu7.5) precise-security; urgency=medium

  * SECURITY UPDATE: Check that repository is trusted before downloading
    files from it (LP: #1858973)
    - apt/cache.py: Add checks to fetch_archives() and commit()
    - apt/package.py: Add checks to fetch_binary() and fetch_source()
    - CVE-2019-15796
  * SECURITY UPDATE: Do not use MD5 for verifying downloadeds
    (Closes: #944696) (#LP: #1858972)
    - apt/package.py: Use strongest hashes when fetching packages. Packages
      without a trusted hash are still accepted.
    - CVE-2019-15795
  * To work around the new checks, the parameter allow_unauthenticated=True
    can be passed to the functions. It defaults to the value of the
    APT::Get::AllowUnauthenticated option.
    - Bump Breaks aptdaemon (<< 0.43+bzr805-0ubuntu10+esm1), as it will have
      to set that parameter after having done validation.
  * Automatic changes and fixes for external regressions:
    - Adjustments to test suite and CI to fix CI regressions
    - Automatic mirror list update
    - utils/get_debian_mirrors.py: Get data from salsa
  * Make allow_unauthenticated argument to fetch_archives() optional
    - apt/cache.py

Date: 2020-01-23 14:17:15.940209+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/python-apt/0.8.3ubuntu7.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:05:12 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:05:12 -0000
Subject: [ubuntu/precise-security] python-crypto 2.4.1-1ubuntu0.3 (Accepted)
Message-ID: <162004711203.6007.1473223890759100831.launchpad@ackee.canonical.com>

python-crypto (2.4.1-1ubuntu0.3) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: weak ElGamal key parameters
    - debian/patches/CVE-2018-6594.patch: use backported fix from
      pycryptodome in lib/Crypto/PublicKey/ElGamal.py.
    - CVE-2018-6594

python-crypto (2.4.1-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2013-7459.patch: fix buffer overflow
      in src/block_template.c.
    - CVE-2013-7459

Date: 2018-04-06 15:21:16.345342+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/python-crypto/2.4.1-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:05:14 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:05:14 -0000
Subject: [ubuntu/precise-security] rsync 3.0.9-1ubuntu1.3 (Accepted)
Message-ID: <162004711474.6008.16608251942776073755.launchpad@ackee.canonical.com>

rsync (3.0.9-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

rsync (3.0.9-1ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

Date: 2018-01-18 20:15:12.938990+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/rsync/3.0.9-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:05:19 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:05:19 -0000
Subject: [ubuntu/precise-security] python2.7 2.7.3-0ubuntu3.19 (Accepted)
Message-ID: <162004711930.5996.6141365524114490307.launchpad@ackee.canonical.com>

python2.7 (2.7.3-0ubuntu3.19) precise-security; urgency=medium

  * SECURITY UPDATE: CRLF injection
    - debian/patches/CVE-2020-26116.patch: prevent header injection
      in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
    - CVE-2020-26116

python2.7 (2.7.3-0ubuntu3.18) precise-security; urgency=medium

  * SECURITY UPDATE: Misleading information
    - debian/patches/CVE-2019-17514.patch: explain that the orderness of the
      of the result is system-dependant in Doc/library/glob.rst.
    - CVE-2019-17514
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9674.patch: add pitfalls to
      zipfile module doc in Doc/library/zipfile.rst,
      Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
    - CVE-2019-9674
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
      tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py.
    - CVE-2019-20907

python2.7 (2.7.3-0ubuntu3.17) precise-security; urgency=medium

  * SECURITY UPDATE: CRLF injection
    - debian/patches/CVE-2019-18348.patch: disallow control characters
      in hostnames in http.client in Lib/httplib.py, Lib/test/test_urllib2.py.
    - CVE-2019-18348
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-8492.patch: fix the regex to prevent
      the regex denial of service in Lib/urllib2.py.
    - CVE-2020-8492

python2.7 (2.7.3-0ubuntu3.15) precise-security; urgency=medium

  * SECURITY UPDATE: Email module wrongly parse email addresses
    - debian/patches/CVE-2019-16056.patch: skips parsing of email addresses
      where domains include a "@" character in Lib/email/_parseaddr.py,
      Lib/email/test/test_email.py.
    - CVE-2019-16056
  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2019-16935.patch: Escape the server title of
      DocXMLRPCServer in Lib/DocXMLRPCServer.py, Lib/test/test_docxmlrpc.py.
    - CVE-2019-16935
  * Adding patch to avoid race in test_docxmlrpc server setup
    - debian/patches/docxmlrpc_test_hang_issue.patch: in
      Lib/test/test_docxmlrpc.py.

python2.7 (2.7.3-0ubuntu3.14) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947

python2.7 (2.7.3-0ubuntu3.11) precise-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647
  * Added swap_attr definition for test
    - debian/patches/0001-Adding-swap_attr-for-test.patch

python2.7 (2.7.3-0ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/stringobject.c.
    - CVE-2017-1000158

Date: 2020-10-06 15:15:19.433796+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.19
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:05:21 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:05:21 -0000
Subject: [ubuntu/precise-security] rtmpdump
 2.4~20110711.gitc28f1bab-1ubuntu0.1 (Accepted)
Message-ID: <162004712174.6007.9705895927694640020.launchpad@ackee.canonical.com>

rtmpdump (2.4~20110711.gitc28f1bab-1ubuntu0.1) precise-security; urgency=medium

  [Marc Deslauriers]
  * SECURITY UPDATE: denial of service in AMF3ReadString function
    - debian/patches/CVE-2015-8270.patch: init str on unsupported
      references in librtmp/amf.c.
    - CVE-2015-8270
  * SECURITY UPDATE: arbitrary code execution in AMF3CD_AddProp function
    - debian/patches/CVE-2015-8271-1.patch: check for input buffer underrun
      in librtmp/amf.c.
    - debian/patches/CVE-2015-8271-2.patch: more input buffer checks in
      librtmp/amf.c.
    - CVE-2015-8271
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2015-8272.patch: ignore requests without playpath
      in rtmpsrv.c.
    - CVE-2015-8272

Date: 2017-05-19 14:29:15.284993+00:00
Changed-By: Emily Ratliff <emily.ratliff at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/rtmpdump/2.4~20110711.gitc28f1bab-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:16 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:16 -0000
Subject: [ubuntu/precise-security] samba 2:3.6.25-0ubuntu0.12.04.21 (Accepted)
Message-ID: <162004735645.6008.236501415007346965.launchpad@ackee.canonical.com>

samba (2:3.6.25-0ubuntu0.12.04.21) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
    - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
      packet in libcli/nbt/nbtsocket.c.
    - CVE-2020-14303

samba (2:3.6.25-0ubuntu0.12.04.20) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
    excessive CPU
    - debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to
      fix the issue.
    - CVE-2020-10745

samba (2:3.6.25-0ubuntu0.12.04.19) precise-security; urgency=medium

  * SECURITY UPDATE: client code can return filenames containing path
    separators
    - debian/patches/CVE-2019-10218.patch: protect SMB1 client code
      from evil server returned names in source3/libsmb/clilist.c,
      source3/libsmb/proto.h.
    - CVE-2019-10218

samba (2:3.6.25-0ubuntu0.12.04.18) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
    - debian/patches/CVE-2018-16860.patch: reject PA-S4U2Self with unkeyed
      checksum in source4/heimdal/kdc/krb5tgs.c.
    - CVE-2018-16860

samba (2:3.6.25-0ubuntu0.12.04.17) precise-security; urgency=medium

  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

samba (2:3.6.25-0ubuntu0.12.04.16) precise-security; urgency=medium

  * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
    - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
      counter in  source4/dns_server/dns_query.c.
    - CVE-2018-14629
  * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
    - debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with
      mis-matching principal in source4/kdc/db-glue.c.
    - CVE-2018-16841
  * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
    - debian/patches/CVE-2018-16851.patch: check ret before manipulating
      blob in source4/ldap_server/ldap_server.c.
    - CVE-2018-16851

samba (2:3.6.25-0ubuntu0.12.04.15) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050

samba (2:3.6.25-0ubuntu0.12.04.14) precise-security; urgency=medium

  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

samba (2:3.6.25-0ubuntu0.12.04.13) precise-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where they
    should
    - debian/patches/CVE-2017-12150.patch: fixing in libgpo/gpo_fetch.c,
      source3/lib/util_cmdline.c, source3/libsmb/clidfs.c.
    - CVE-2017-12150

  * SECURITY UPDATE: Client with write access to a share can cause server
    memory contents to be written into a file or printer.
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smdb/reply.c
    - CVE-2017-12163

samba (2:3.6.25-0ubuntu0.12.04.12) precise-security; urgency=medium

  * SECURITY UPDATE: avoiding server impersonation and other attacks
    through unauthenticated portions of kerberos tickets
    - debian/patches/CVE-2017-11103.patch: this patch assures that
      the KDC-REP service name is obtained from encrypted version.
    - CVE-2017-11103

samba (2:3.6.25-0ubuntu0.12.04.11) precise-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

Date: 2020-08-10 16:01:13.843588+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/samba/2:3.6.25-0ubuntu0.12.04.21
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:16 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:16 -0000
Subject: [ubuntu/precise-security] screen 4.0.3-14ubuntu8.1 (Accepted)
Message-ID: <162004735646.5996.7640557077797057238.launchpad@ackee.canonical.com>

screen (4.0.3-14ubuntu8.1) precise-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/63-CVE-2015-6806.dpatch: Fix stack overflow due to too
      deep recursion
    - CVE-2015-6806

Date: 2019-05-28 17:27:17.509848+00:00
Changed-By: Mike Salvatore <mike.s.salvatore at gmail.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/screen/4.0.3-14ubuntu8.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:19 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:19 -0000
Subject: [ubuntu/precise-security] shadow 1:4.1.4.2+svn3283-3ubuntu5.2
 (Accepted)
Message-ID: <162004735927.5996.16914616118530813523.launchpad@ackee.canonical.com>

shadow (1:4.1.4.2+svn3283-3ubuntu5.2) precise-security; urgency=medium

  * SECURITY UPDATE: preventing tty hijacking.
    - debian/patches/0001-Do_not_foward_controlling_terminal.patch
      No CVE is currently assigned. Upstream patch.
  [ Seth Arnold ]
  * SECURITY UPDATE: su could be used to kill arbitrary process.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal. This patch is a combined patch with original and
      regression patch
    - CVE-2017-2616

Date: 2017-06-24 01:20:17.965204+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/shadow/1:4.1.4.2+svn3283-3ubuntu5.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:22 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:22 -0000
Subject: [ubuntu/precise-security] spamassassin 3.4.2-0ubuntu0.12.04.4
 (Accepted)
Message-ID: <162004736204.5996.7338795387460554084.launchpad@ackee.canonical.com>

spamassassin (3.4.2-0ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2020-1930: improve logic in
      lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm. 
    - debian/patches/CVE-2020-1931: improve logic in
      lib/Mail/SpamAssassin/Conf.pm, lib/Mail/SpamAssassin/Constants.pm.
    - CVE-2020-1930
    - CVE-2020-1931
  * Thanks to Debian for the patches.

Date: 2020-02-04 14:27:14.454092+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.12.04.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:26 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:26 -0000
Subject: [ubuntu/precise-security] sqlite3 3.7.9-2ubuntu1.4 (Accepted)
Message-ID: <162004736626.5996.4787125214345268249.launchpad@ackee.canonical.com>

sqlite3 (3.7.9-2ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2018-8740.patch: fix checking
      for pSelect and zExtra[0] in src/build.c, src/prepare.c.
    - CVE-2018-8740

sqlite3 (3.7.9-2ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-6153-*.patch: change temp direcotry
      search algorithm in src/os_unix.c.
    - CVE-2016-6153
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-13685.patch: adds checks in
      src/shell.c.
    - CVE-2017-13685
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-2518.patch: prevent a use-after-free
      in src/whereexpr.c.
    - CVE-2017-2518
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-20346-and-CVE-2018-20506*.patch:
      add extra defenses against strategically corrupt databases
      in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test,
      test/permutations.test.
    - CVE-2018-20346
    - CVE-2018-20506
  * SECURITY UPDATE: heap out-of-bound read
    - debian/patches/CVE-2019-8457.patch: enhance the
      rtreenode() in ext/rtree/rtree.c.
    - debian/patches/CVE-2019-8457-string-interface.patch:
      add string interface in src/btree.c, src/build.c,
      src/func.c, src/mutex.c, src/pragma.c, src/printf.c,
      src/sqlite.h.in, src/sqliteInt.h, src/treeview.c,
      src/vdbeaux.c, src/vdbetrace.c, src/where.c,
      src/insert.c.
    - CVE-2019-8457

Date: 2019-11-29 17:33:22.786494+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/sqlite3/3.7.9-2ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:29 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:29 -0000
Subject: [ubuntu/precise-security] squid3 3.1.19-1ubuntu3.12.04.10 (Accepted)
Message-ID: <162004736964.6007.4629749340177663951.launchpad@ackee.canonical.com>

squid3 (3.1.19-1ubuntu3.12.04.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/auth_digest.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/auth_basic.cc,
      , lib/uudecode.c.
    - CVE-2019-12529

squid3 (3.1.19-1ubuntu3.12.04.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345
  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

Date: 2019-07-19 16:30:13.354018+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/squid3/3.1.19-1ubuntu3.12.04.10
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:35 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:35 -0000
Subject: [ubuntu/precise-security] subversion 1.6.17dfsg-3ubuntu3.8 (Accepted)
Message-ID: <162004737525.6008.718789102303309107.launchpad@ackee.canonical.com>

subversion (1.6.17dfsg-3ubuntu3.8) precise-security; urgency=medium

  * SECURITY UPDATE: Remotely triggerable DoS vulnerability in svnserve
    'get-deleted-rev' and Remote unauthenticated denial-of-service
    - debian/patches/CVE-2018-11782-and-CVE-2019-0203.patch: properly handle certain replies
      in subversion/libsvn_ra_svn/client.c, subversion/svnserve/serve.c,
    - CVE-2018-11782
    - CVE-2019-0203

subversion (1.6.17dfsg-3ubuntu3.7) precise-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution on clients through
    malicious svn+ssh URLs
    - debian/patches/CVE-2017-9800.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - CVE-2017-9800
  * SECURITY UPDATE: svnserve/sasl may authenticate users using the
    wrong realm.
    - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
      SASL is being used.
    - CVE-2016-2167
  * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
    module.
    - debian/patches/CVE-2016-2168.patch: Reject requests with invalid
      Destination headers.
    - CVE-2016-2168

Date: 2019-07-29 18:25:19.601062+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.8
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:37 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:37 -0000
Subject: [ubuntu/precise-security] sudo 1.8.3p1-1ubuntu3.10 (Accepted)
Message-ID: <162004737785.6007.15755222753495552571.launchpad@ackee.canonical.com>

sudo (1.8.3p1-1ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156

sudo (1.8.3p1-1ubuntu3.9) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in sudo when pwfeedback is enabled
    - debian/patches/CVE-2019-18634.patch: fix overflow in src/tgetpass.c.
    - CVE-2019-18634

sudo (1.8.3p1-1ubuntu3.8) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via UID -1
    - debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
      in plugins/sudoers/sudoers.c.
    - CVE-2019-14287

Date: 2021-01-27 14:14:09.843406+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.10
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:39 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:39 -0000
Subject: [ubuntu/precise-security] tar 1.26-4ubuntu1.2 (Accepted)
Message-ID: <162004737995.5996.10242890453587627912.launchpad@ackee.canonical.com>

tar (1.26-4ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Infinite read loop
    - debian/patches/CVE-2018-20482.patch: Add handling for short read
      condition in sparse_dump_region() of src/sparse.c.
    - CVE-2018-20482 
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2019-9923.patch: Check for NULL return value from
      find_next_block in src/sparse.c.
    - CVE-2019-9923

Date: 2021-01-12 16:07:09.341056+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/tar/1.26-4ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:42 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:42 -0000
Subject: [ubuntu/precise-security] tcpdump 4.9.3-0ubuntu0.12.04.1 (Accepted)
Message-ID: <162004738290.5996.1508411915035314843.launchpad@ackee.canonical.com>

tcpdump (4.9.3-0ubuntu0.12.04.1) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Updated to 4.9.3 to fix multiple security issues
    - debian/patches/disable-tests.diff: disable tests that require newer
      libpcap.
    - CVE-2017-16808, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461,
      CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465,
      CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469,
      CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881,
      CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229,
      CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452,
      CVE-2018-19519, CVE-2019-1010220, CVE-2019-15166, CVE-2019-15167

tcpdump (4.9.2-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: multiple security issues in tcpdump
    - CVE-2017-13011: buffer overflow in util-print.c:
      bittok2str_internal().
    - CVE-2017-12989: RESP parser infinite loop in print-resp.c:
      resp_get_length().
    - CVE-2017-12990: ISAKMP parser infinite loops in print-isakmp.c,
      several functions.
    - CVE-2017-12995 DNS parser infinite loop in print-domain.c:
      ns_print().
    - CVE-2017-12997: LLDP parser infinite loop in print-lldp.c:
      lldp_private_8021_print().
    - CVE-2017-12893: buffer over-read in smbutil.c:name_len().
    - CVE-2017-12894: buffer over-read in addrtoname.c:
      lookup_bytestring().
    - CVE-2017-12895: buffer over-read in print-icmp.c:icmp_print().
    - CVE-2017-12896: buffer over-read in print-isakmp.c:
      isakmp_rfc3948_print().
    - CVE-2017-12897: buffer over-read in print-isoclns.c:
      isoclns_print().
    - CVE-2017-12898: buffer over-read in print-nfs.c:interp_reply().
    - CVE-2017-12899: buffer over-read in print-decnet.c:
      decnet_print().
    - CVE-2017-12900: buffer over-read in util-print.c:tok2strbuf().
    - CVE-2017-12901: buffer over-read in print-eigrp.c:eigrp_print().
    - CVE-2017-12902: buffer over-read in print-zephyr.c, several
      functions.
    - CVE-2017-12985: buffer over-read in print-ip6.c:ip6_print().
    - CVE-2017-12986: buffer over-read in print-rt6.c:rt6_print().
    - CVE-2017-12987: buffer over-read in print-802_11.c:
      parse_elements().
    - CVE-2017-12988: buffer over-read in print-telnet.c:
      telnet_parse().
    - CVE-2017-12991: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-12992: buffer over-read in print-ripng.c:ripng_print().
    - CVE-2017-12993: buffer over-read in print-juniper.c, several
      functions.
    - CVE-2017-12994: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-12996: buffer over-read in print-pim.c:pimv2_print().
    - CVE-2017-12998: buffer over-read in print-isoclns.c:
      isis_print_extd_ip_reach().
    - CVE-2017-12999: buffer over-read in print-isoclns.c:isis_print().
    - CVE-2017-13000: buffer over-read in print-802_15_4.c:
      ieee802_15_4_if_print().
    - CVE-2017-13001: buffer over-read in print-nfs.c:nfs_printfh().
    - CVE-2017-13002: buffer over-read in print-aodv.c:
      aodv_extension().
    - CVE-2017-13003: buffer over-read in print-lmp.c:lmp_print().
    - CVE-2017-13004: buffer over-read in print-juniper.c:
      juniper_parse_header().
    - CVE-2017-13005: buffer over-read in print-nfs.c:xid_map_enter().
    - CVE-2017-13006: buffer over-read in print-l2tp.c, several
      functions.
    - CVE-2017-13007: buffer over-read in print-pktap.c:
      pktap_if_print().
    - CVE-2017-13008: buffer over-read in print-802_11.c:
      parse_elements().
    - CVE-2017-13009: buffer over-read in print-mobility.c:
      mobility_print().
    - CVE-2017-13010: buffer over-read in print-beep.c:l_strnstart().
    - CVE-2017-13012: buffer over-read in print-icmp.c:icmp_print().
    - CVE-2017-13013: buffer over-read in print-arp.c, several
      functions.
    - CVE-2017-13014: buffer over-read in print-wb.c:wb_prep(), several
      functions.
    - CVE-2017-13015: buffer over-read in print-eap.c:eap_print().
    - CVE-2017-13016: buffer over-read in print-isoclns.c:esis_print().
    - CVE-2017-13017: buffer over-read in print-dhcp6.c:
      dhcp6opt_print().
    - CVE-2017-13018: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13019: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13020: buffer over-read in print-vtp.c:vtp_print().
    - CVE-2017-13021: buffer over-read in print-icmp6.c:icmp6_print().
    - CVE-2017-13022: buffer over-read in print-ip.c:ip_printroute().
    - CVE-2017-13023, CVE-2017-13024, CVE-2017-13025: multiple buffer
      over-reads in print-mobility.c:mobility_opt_print().
    - CVE-2017-13026: buffer over-read in print-isoclns.c, several functions.
    - CVE-2017-13027: buffer over-read in print-lldp.c:
      lldp_mgmt_addr_tlv_print().
    - CVE-2017-13028: buffer over-read in print-bootp.c:bootp_print().
    - CVE-2017-13029: buffer over-read in print-ppp.c:
      print_ccp_config_options().
    - CVE-2017-13030: buffer over-read in print-pim.c, several functions.
    - CVE-2017-13031: buffer over-read in print-frag6.c:frag6_print().
    - CVE-2017-13032: buffer over-read in print-radius.c:print_attr_string().
    - CVE-2017-13033: buffer over-read in print-vtp.c:vtp_print().
    - CVE-2017-13034: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13035: buffer over-read in print-isoclns.c:isis_print_id().
    - CVE-2017-13036: buffer over-read in print-ospf6.c:ospf6_decode_v3().
    - CVE-2017-13037: buffer over-read in print-ip.c:ip_printts().
    - CVE-2017-13038: buffer over-read in print-ppp.c:handle_mlppp().
    - CVE-2017-13039: buffer over-read in print-isakmp.c, several
      functions.
    - CVE-2017-13040: buffer over-read in print-mptcp.c, several
      functions.
    - CVE-2017-13041: buffer over-read in print-icmp6.c:
      icmp6_nodeinfo_print().
    - CVE-2017-13042: buffer over-read in print-hncp.c:dhcpv6_print().
    - CVE-2017-13043: buffer over-read in print-bgp.c:
      decode_multicast_vpn().
    - CVE-2017-13044: buffer over-read in print-hncp.c:dhcpv4_print().
    - CVE-2017-13045: buffer over-read in print-vqp.c:vqp_print().
    - CVE-2017-13046: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-13047: buffer over-read in print-isoclns.c:esis_print().
    - CVE-2017-13048: buffer over-read in print-rsvp.c:
      rsvp_obj_print().
    - CVE-2017-13049: buffer over-read in print-rx.c:ubik_print().
    - CVE-2017-13050: buffer over-read in print-rpki-rtr.c:
      rpki_rtr_pdu_print().
    - CVE-2017-13051: buffer over-read in print-rsvp.c:
      rsvp_obj_print().
    - CVE-2017-13052: buffer over-read in print-cfm.c:cfm_print().
    - CVE-2017-13053: buffer over-read in print-bgp.c:
      decode_rt_routing_info().
    - CVE-2017-13054: buffer over-read in print-lldp.c:
      lldp_private_8023_print().
    - CVE-2017-13055: buffer over-read in print-isoclns.c:
      isis_print_is_reach_subtlv().
    - CVE-2017-13687: buffer over-read in print-chdlc.c:chdlc_print().
    - CVE-2017-13688: buffer over-read in print-olsr.c:olsr_print().
    - CVE-2017-13689: buffer over-read in print-isakmp.c:
      ikev1_id_print().
    - CVE-2017-13690: buffer over-read in print-isakmp.c, several
      functions.
    - CVE-2017-13725: buffer over-read in print-rt6.c:rt6_print().
  * Merge from Debian unstable. Remaining changes:
    - debian/control:
      + keep older libpcap0.8-dev dependency
      + don't add breaks/replaces on apparmor-profiles-extras, as
        tcpdump profile is already dropped from there in xenial.
      + drop multi-arch: foreign
    - debian/patches/disable_tests.diff:  disable additional tests
      failing with older pcap versions
    - debian/patches/90_man_apparmor.diff: mention apparmor profile
    - debian/tcpdump.dirs: for apparmor force-complain dir

tcpdump (4.9.2-1) unstable; urgency=high

  * New upstream release:
    + Fixes 86 new CVEs, see the upstream changelog for the full list.
    + Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740).
  * Urgency high due to security fixes.

tcpdump (4.9.1-3) unstable; urgency=high

  * Cherry-pick three upstream commits to fix the following:
    + CVE-2017-11541: buffer over-read in safeputs() (closes: #873804)
    + CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805)
    + CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806)
  * Urgency high due to security fixes.

tcpdump (4.9.1-2) unstable; urgency=medium

  * Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377).

tcpdump (4.9.1-1) unstable; urgency=medium

  * New upstream release, fixes CVE-2017-11108 (closes: #867718).
  * Bump Standards-Version to 4.1.0.
  * debian/watch: add pgpsigurlmangle option.
  * Add upstream signing key in debian/upstream.

tcpdump (4.9.0-3) unstable; urgency=medium

  [ intrigeri ]
  * Include AppArmor profile from Ubuntu (closes: #866682).

  [ Romain Francoise ]
  * Bump Standards-Version to 4.0.0.

tcpdump (4.9.0-2) unstable; urgency=medium

  * Re-enable crypto support, targeting OpenSSL 1.0 as upstream still
    doesn't support OpenSSL 1.1.
  * Drop --enable-ipv6 from configure line, it has been the default for
    years now.

Date: 2020-01-27 17:13:14.085365+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:46 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:46 -0000
Subject: [ubuntu/precise-security] tiff 3.9.5-2ubuntu1.12 (Accepted)
Message-ID: <162004738633.6007.7202331061944156147.launchpad@ackee.canonical.com>

tiff (3.9.5-2ubuntu1.12) precise-security; urgency=medium

  * SECURITY UPDATE: heap over-read in TIFFWriteScanline
    - debian/patches/CVE-2018-10779.patch: fix overflow in
      libtiff/tif_write.c.
    - CVE-2018-10779
  * SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
    - debian/patches/CVE-2018-12900-1.patch: check for overflow in
      tools/tiffcp.c.
    - debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
    - CVE-2018-12900
    - CVE-2019-7663
  * SECURITY UPDATE: memory leak in TIFFFdOpen
    - debian/patches/CVE-2019-6128.patch: properly handle errors in
      tools/pal2rgb.c.
    - CVE-2019-6128
  * SECURITY UPDATE: multiple overflows
    - debian/patches/CVE-2018-1710x-*.patch: Avoid overflows in
      tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
    - CVE-2018-17100
    - CVE-2018-17101
  * SECURITY UPDATE: JBIGDecode out-of-bounds write
    - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c.
    - CVE-2018-18557

tiff (3.9.5-2ubuntu1.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
    - debian/patches/CVE-2016-3945.patch: fix integer overflow in
      tools/tiff2rgba.c.
    - CVE-2016-3945
  * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
    - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
    - CVE-2017-5225

tiff (3.9.5-2ubuntu1.10) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted field data in an extension tag
    - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.
    - CVE-2015-7554
  * SECURITY UPDATE: DoS and possible code execution via large width field
    in a BMP image
    - debian/patches/CVE-2015-8668.patch: properly calculate size in
      tools/bmp2tiff.c;
    - CVE-2015-8668
  * SECURITY UPDATE: heap-buffer-overflow in tiffcrop
    - debian/patches/CVE-2016-10092.patch: properly increment buffer in
      tools/tiffcrop.c.
    - CVE-2016-10092
  * SECURITY UPDATE: DoS in rgb2ycbcr tool
    - debian/patches/CVE-2016-3623.patch: validate parameters in
      tools/rgb2ycbcr.c.
    - CVE-2016-3623
    - CVE-2016-3624
  * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
    - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
      tools/thumbnail.c.
    - CVE-2016-3632
    - CVE-2016-8331
  * SECURITY UPDATE: DoS and possible code execution via overflow in
    horizontalDifference8 function
    - debian/patches/CVE-2016-3990.patch: add check to
      libtiff/tif_pixarlog.c.
    - CVE-2016-3990
  * SECURITY UPDATE: DoS and possible code execution in tiffcrop
    - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
    - CVE-2016-3991
    - CVE-2016-5322
  * SECURITY UPDATE: DoS in DumpModeDecode function
    - debian/patches/CVE-2016-5321.patch: limit number of samples in
      tools/tiffcrop.c.
    - CVE-2016-5321
  * SECURITY UPDATE: DoS and possible code execution via TIFFTAG_JPEGTABLES
    - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
    - CVE-2016-9453
  * SECURITY UPDATE: multiple out-of-bounds writes issues
    - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
      libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
      tools/tiffcrop.c.
    - CVE-2016-9533
    - CVE-2016-9534
    - CVE-2016-9536
    - CVE-2016-9537

Date: 2019-03-15 13:42:19.192371+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.12
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:51 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:51 -0000
Subject: [ubuntu/precise-security] unzip 6.0-4ubuntu2.6 (Accepted)
Message-ID: <162004739134.5996.5912533013757627031.launchpad@ackee.canonical.com>

unzip (6.0-4ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in unzip (LP: #387350)
    - debian/patches/17-cve-2014-9913-unzip-buffer-overflow: Accommodate
      printing an oversized compression method number in list.c.
    - CVE-2014-9913 
  * SECURITY UPDATE: buffer overflow in zipinfo (LP: #1643750)
    - debian/patches/18-cve-2016-9844-zipinfo-buffer-overflow: Accommodate an
      oversized compression method number in zipinfo.c.
    - CVE-2016-9844
  * SECURITY UPDATE: buffer overflow
    - debian/patches/07-increase-size-of-cfactorstr: Increase size of
      cfactorstr array in list.c.
    - CVE-2018-18384
  * SECURITY UPDATE: buffer overflow in password protected ZIP archives
    - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
      check before allocating memory in fileio.c.
    - CVE-2018-1000035
  * SECURITY UPDATE: denial of service (resource consumption)
    - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
      in undefer_input() of fileio.c that misplaced the input state.
    - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
      Detect and reject a zip bomb using overlapped entries.
    - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
      Do not raise a zip bomb alert for a misplaced central directory.
    - CVE-2019-13232

Date: 2020-12-11 01:15:13.352220+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:52 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:52 -0000
Subject: [ubuntu/precise-security] tzdata 2021a-0ubuntu0.12.04 (Accepted)
Message-ID: <162004739248.6008.7709807520003661177.launchpad@ackee.canonical.com>

tzdata (2021a-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version (LP: #1913482), affecting the following future timestamp:
    - South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

tzdata (2020f-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version (LP: #1909698), affecting the following timestamp:
    - Volgograd switches to Moscow time on 2020-12-27 at 02:00.

tzdata (2020d-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version (LP: #1901020), affecting past and future timestamps:
    - Palestine ends DST earlier than predicted, on 2020-10-24.
    - Fiji starts DST later than usual, on 2020-12-20.
    - Revised predictions for Morocco's changes starting in 2023.
    - Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
    - Macquarie Island has stayed in sync with Tasmania since 2011.
    - Casey, Antarctica is at +08 in winter and +11 in summer since 2018.
  * Restore old SystemV timezones.

tzdata (2020a-0ubuntu0.12.04) precise; urgency=medium

  * New upstream release (LP: #1878108), affecting past and future timestamps:
    - Morocco springs forward on 2020-05-31, not 2020-05-24.
    - Canada's Yukon advanced to -07 year-round on 2020-03-08.
    - America/Nuuk renamed from America/Godthab.

tzdata (2019c-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting the following future timestamps:
    - Fiji's next DST transitions will be 2019-11-10 and 2020-01-12
      instead of 2019-11-03 and 2020-01-19.
    - Norfolk Island will observe Australian-style DST starting in
      spring 2019.  The first transition is on 2019-10-06.

tzdata (2019b-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting the following past and future timestamps:
    - Brazil has canceled DST and will stay on standard time indefinitely.
    - Predictions for Morocco now go through 2087 instead of 2037.
    - Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
      at 01:00.  Guess future transitions to be March's last Friday at 00:00.
    - Many corrections to historical Hong Kong transitions from 1941 to 1947.

tzdata (2019a-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting past and future timestamps:
    - Palestine "springs forward" on 2019-03-30 instead of 2019-03-23.
    - Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00.

tzdata (2018i-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting past and future timestamps:
    - São Tomé and Príncipe switches from +01 to +00 on 2019-01-01.
    - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21.
    - A new zone Asia/Qostanay has been added, because Qostanay,
      Kazakhstan didn't move.
    - Metlakatla, Alaska observes PST this winter only.

tzdata (2018g-0ubuntu0.12.04) precise; urgency=high

  * New upstream version, affecting the following timestamp:
    - Morocco switches to permanent +01 on 2018-10-27.

tzdata (2018f-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting the following future timestamp:
    - Volgograd moves from +03 to +04 on 2018-10-28.
    - Fiji ends DST 2019-01-13, not 2019-01-20.
    - Most of Chile changes DST dates, effective 2019-04-06.

tzdata (2018e-0ubuntu0.12.04.1) precise; urgency=medium

  * New upstream release.  LP: #1750627.

tzdata (2017c-0ubuntu0.12.04) precise; urgency=medium

  * New upstream release (LP: #1712675, #1696298, #1691092, #1676117)

Date: 2021-01-28 05:31:09.140277+00:00
Changed-By: Brian Murray <brian at ubuntu.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/tzdata/2021a-0ubuntu0.12.04
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:58 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:58 -0000
Subject: [ubuntu/precise-security] vim 2:7.3.429-2ubuntu2.3 (Accepted)
Message-ID: <162004739808.6008.668449159573633310.launchpad@ackee.canonical.com>

vim (2:7.3.429-2ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/upstream/patch-8.0.070*.patch: check the event
      event for being out of range in src/fileio.c; do not set cmdbuff to
      NULL, make it empty in src/ex_getln.c; set w_s pointer if w_buffer
      was NULL in src/ex_cmds.c.
    - CVE-2017-11109
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/upstream/patch-8.0.0322-*.patch: check for an invalid
      length in src/spell.c.
    - CVE-2017-5953
  * SECURITY UPDATE: Integer overflow
    - debian/patches/upstream/patch-8.0.0377*.patch: check if allocated size
      is not too big in src/undo.c.
    - CVE-2017-6349
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/upstream/patch-8.0.0378*.patch: check if allocated size
      is not too big in src/undo.c.
    - CVE-2017-6350

Date: 2020-03-18 20:01:15.850467+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:7.3.429-2ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:09:59 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:09:59 -0000
Subject: [ubuntu/precise-security] w3m 0.5.3-5ubuntu1.3 (Accepted)
Message-ID: <162004739985.6007.5941017196408626157.launchpad@ackee.canonical.com>

w3m (0.5.3-5ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Infinite recursion flaw in HTMLlineproc0
    - debian/patches/CVE-2018-6196.patch: prevent negative indent value
      in table.c.
    - CVE-2018-6196
  * SECURITY UPDATE: NULL pointer dereference flaw in formUpdateBuffer
    - debian/patches/CVE-2018-6197.patch: prevent invalid columnPos() call
      in form.c.
    - CVE-2018-6197
  * SECURITY UPDATE: does not properly handle temp files
    - debian/patches/CVE-218-6198.patch: make temp directory safely
      in config.h.dist, config.h.in, configure, configure.ac, main.c and rc.c.
    - CVE-2018-6198

Date: 2018-01-30 19:22:12.835258+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/w3m/0.5.3-5ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:10:05 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:10:05 -0000
Subject: [ubuntu/precise-security] wget 1.13.4-2ubuntu1.7 (Accepted)
Message-ID: <162004740560.6008.11593479418422175736.launchpad@ackee.canonical.com>

wget (1.13.4-2ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-5953-*.patch: fix in
      src/iri.c.
    - CVE-2019-5953

wget (1.13.4-2ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Cookie injection vulnerability
    - debian/patches/CVE-2018-0494.patch: fix cooking injection
      in src/http.c.
    - CVE-2018-0494

wget (1.13.4-2ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: race condition leading to access list bypass
    - debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
    - debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
      src/http.c.
    - debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
      src/http.c.
    - CVE-2016-7098
  * SECURITY UPDATE: CRLF injection in url_parse
    - debian/patches/CVE-2017-6508.patch: check for invalid control
      characters in src/url.c.
    - CVE-2017-6508
  * SECURITY UPDATE: stack overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13089.patch: return error on negative chunk
      size in src/http.c.
    - CVE-2017-13089
  * SECURITY UPDATE: heap overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13090.patch: stop processing on negative
      chunk size in src/retr.c.
    - CVE-2017-13090

Date: 2019-04-08 23:40:12.108355+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/wget/1.13.4-2ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 13:10:10 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 13:10:10 -0000
Subject: [ubuntu/precise-security] wpasupplicant 0.7.3-6ubuntu2.5 (Accepted)
Message-ID: <162004741099.6008.4978991119241534224.launchpad@ackee.canonical.com>

wpasupplicant (0.7.3-6ubuntu2.5) precise-security; urgency=medium

   * SECURITY UPDATE: Incorrect indication of disconnection in certain
     situations
     - debian/patches/CVE-2019-16275.patch: silently ignore management
       frame from unexpected source address in src/ap/drv_callbacks.c,
       src/ap/ieee882_11.c.
     - CVE-2019-16275

Date: 2019-09-17 13:53:22.136239+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/wpasupplicant/0.7.3-6ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:33 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:33 -0000
Subject: [ubuntu/precise-updates] apport 2.0.1-0ubuntu17.16 (Accepted)
Message-ID: <162004863306.5996.10328493609968664032.launchpad@ackee.canonical.com>

apport (2.0.1-0ubuntu17.16) precise-security; urgency=medium

  * Disable apport as it is excluded from ESM.

Date: 2017-10-27 21:22:15.516250+00:00
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.16
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:33 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:33 -0000
Subject: [ubuntu/precise-updates] aptdaemon 0.43+bzr805-0ubuntu10.1 (Accepted)
Message-ID: <162004863366.6007.1545052147708480157.launchpad@ackee.canonical.com>

aptdaemon (0.43+bzr805-0ubuntu10.1) precise-security; urgency=medium

  * Fix compatibility with python-apt security update (LP: #1858973)

Date: 2020-01-16 16:41:05.444536+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu10.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:33 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:33 -0000
Subject: [ubuntu/precise-updates] apache2 2.2.22-1ubuntu1.15 (Accepted)
Message-ID: <162004863381.6008.9055467241730365455.launchpad@ackee.canonical.com>

apache2 (2.2.22-1ubuntu1.15) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312-*.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217

apache2 (2.2.22-1ubuntu1.14) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: optionsbleed information leak
    - debian/patches/CVE-2017-9798.patch: disallow method registration
      at run time in server/core.c.
    - CVE-2017-9798

apache2 (2.2.22-1ubuntu1.13) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: uninitialized memory reflection in mod_auth_digest
    - debian/patches/CVE-2017-9788.patch: correct string scope in
      modules/aaa/mod_auth_digest.c.
    - CVE-2017-9788

apache2 (2.2.22-1ubuntu1.12) precise-security; urgency=medium

  * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw()
    - debian/patches/CVE-2017-3167.patch: deprecate and replace
      ap_get_basic_auth_pw in include/ap_mm.h, include/http_protocol.h,
      server/protocol.c, server/request.c.
    - CVE-2017-3167
  * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection()
    - debian/patches/CVE-2017-3169.patch: fix ctx passed to
      ssl_io_filter_error() in modules/ssl/ssl_engine_io.c.
    - CVE-2017-3169
  * SECURITY UDPATE: denial of service and possible incorrect value return
    in HTTP strict parsing changes
    - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in
      server/util.c.
    - CVE-2017-7668
  * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header
    - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in
      modules/http/mod_mime.c.
    - CVE-2017-7679
  * SECURITY UPDATE: response splitting and cache pollution issue via
    imcomplete RCF7230 HTTP request grammar enforcing
    - debian/patches/CVE-2016-8743*.patch: enforce stricter parsing in
      include/http_core.h, include/http_protocal.h, include/httpd.h,
      modules/http/http_filters.c, server/core.c, server/gen_test_char.c,
      server/protocol.c, server/util.c, server/vhost.c.
      This patch set were applied from Wheezy. Patch CVE-2016-8743-4.patch
      fix a possible regression. Thanks Antoine Beaupre.
    - CVE-2016-8743
  * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and may
    introduce compatibility issues with clients that do not strictly
    follow specifications. A new configuration directive,
    "HttpProtocolOptions Unsafe" can be used to re-enable some of the less
    strict parsing restrictions, at the expense of security.

Date: 2019-04-09 20:19:10.482572+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.15
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:38 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:38 -0000
Subject: [ubuntu/precise-updates] aspell 0.60.7~20110707-1ubuntu0.1 (Accepted)
Message-ID: <162004863840.5996.1283933192891181315.launchpad@ackee.canonical.com>

aspell (0.60.7~20110707-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer over-read
    - debian/patches/CVE-2019-17544.patch: add checks
      in common/config.cpp, common/file_util.cpp,
      common/getdata.cpp.
    - CVE-2019-17544

Date: 2019-10-15 13:02:15.001678+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/aspell/0.60.7~20110707-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:38 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:38 -0000
Subject: [ubuntu/precise-updates] bash 4.2-2ubuntu2.9 (Accepted)
Message-ID: <162004863856.6007.12348298720125870555.launchpad@ackee.canonical.com>

bash (4.2-2ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2012-6711.patch: making u32cconv() return
      the number of bytes instead a negative value  in
      lib/sh/unicode.c
    - CVE-2012-6711

bash (4.2-2ubuntu2.8) precise-security; urgency=medium

  * SECURITY UPDATE: rbash restriction bypass (LP: #1803441)
    - debian/patches/CVE-2019-9924.patch: if the shell is restricted,
      reject attempts to add pathnames containing slashes to the hash table
      in variables.c.
    - CVE-2019-9924

bash (4.2-2ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
    (LP: #1689304)
    - debian/patches/CVE-2016-7543.patch: check for root in variables.c.
    - CVE-2016-7543

Date: 2019-11-08 13:55:21.947800+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.9
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:38 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:38 -0000
Subject: [ubuntu/precise-updates] bind9 1:9.8.1.dfsg.P1-4ubuntu0.32 (Accepted)
Message-ID: <162004863895.6008.16430818438612787654.launchpad@ackee.canonical.com>

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.32) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - properly calculate length in lib/dns/spnego.c.
    - CVE-2020-8625

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.31) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.30) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.29) precise-security; urgency=medium

  * Segfault: 'host' command could die if a UDP query timed out.
    commit adec9654d0177df1955a58409ab802106ac61bea at branch v9.8.

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.28) precise-security; urgency=medium

  * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
    - debian/patches/CVE-2018-5743.patch: add reference counting in
      bin/named/client.c, bin/named/include/named/client.h,
      bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
      lib/isc/include/isc/quota.h, lib/isc/quota.c,
      lib/isc/win32/libisc.def.in.
    - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
      operations with isc_refcount reference counting in
      bin/named/client.c, bin/named/include/named/interfacemgr.h,
      bin/named/interfacemgr.c.
    - CVE-2018-5743

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.27) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - lib/dns/zone.c: enhance rfc 5011 logging
    - lib/dns/include/dst/dst.h, lib/dns/zone.c: properly handle situations
      when the key tag cannot be computed.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - bin/named/xfrout.c: handle zone transfers marked in the zone table as
      a DLZ zone.
    - CVE-2019-6465

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.26) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - lib/dns/resolver.c: explicit DNAME query could trigger a crash if
      deny-answer-aliases was set
    - Patch backported from 9.9.13-P1.
    - CVE-2018-5740

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.25) precise-security; urgency=medium

  * SECURITY UPDATE: Assertion failure causing denial of service
    - lib/dns/validator.c and adds a couple of tests.
    - CVE-2018-5735

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.24) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - lib/dns/resolver.c: fix cleanup handling.
    - Patch backported from 9.9.11-P1.
    - CVE-2017-3145

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.23) precise-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues and regression
    - fix verification of TSIG signed TCP message sequences where not all
      the messages contain TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c, lib/dns/dnssec.c,
      lib/dns/message.c.
    - 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
    - CVE-2017-3142
    - CVE-2017-3143
  * Update the built in managed keys to include the upcoming root KSK in
    bind.keys, bin/named/bind.keys.h.
    - 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7

Date: 2021-02-26 17:19:10.680808+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.32
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:40 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:40 -0000
Subject: [ubuntu/precise-updates] ca-certificates 20190110~12.04.1 (Accepted)
Message-ID: <162004864056.6008.12982709261842493134.launchpad@ackee.canonical.com>

ca-certificates (20190110~12.04.1) precise-security; urgency=medium

  * Update ca-certificates database to 20190110:
    - backport certain changes from the Ubuntu 19.10 20190110 package
  * mozilla/blacklist.txt: blacklist expired AddTrust External Root CA.

Date: 2020-06-01 14:53:28.453874+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ca-certificates/20190110~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:41 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:41 -0000
Subject: [ubuntu/precise-updates] avahi 0.6.30-5ubuntu2.3 (Accepted)
Message-ID: <162004864114.7440.4930779076194610261.launchpad@ackee.canonical.com>

avahi (0.6.30-5ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-6519-and-CVE-2018-1000845.patch:
      fix in avahi-core/server.c.
    - CVE-2017-6519
    - CVE-2018-1000845

Date: 2019-01-30 18:00:16.841373+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/avahi/0.6.30-5ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:41 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:41 -0000
Subject: [ubuntu/precise-updates] bzip2 1.0.6-1ubuntu0.2 (Accepted)
Message-ID: <162004864108.5996.7560665126749136029.launchpad@ackee.canonical.com>

bzip2 (1.0.6-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

Date: 2019-07-04 12:25:14.003554+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:40 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:40 -0000
Subject: [ubuntu/precise-updates] bzr 2.5.1-0ubuntu2.1 (Accepted)
Message-ID: <162004864096.6007.13166835600333307197.launchpad@ackee.canonical.com>

bzr (2.5.1-0ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: Possible arbitrary code execution on clients
    through malicious bzr+ssh URLs
    - debian/patches/24_ssh_hostnames-lp1710979.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - debian/patches/fixing_test_fail.patch: test fails for
      test_smart_transport.py this patch comment the offended line out.
    - LP: #1710979
    - CVE-2017-14176

Date: 2017-10-19 17:43:30.704361+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bzr/2.5.1-0ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:43 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:43 -0000
Subject: [ubuntu/precise-updates] curl 7.22.0-3ubuntu4.29 (Accepted)
Message-ID: <162004864390.5996.464843386226736641.launchpad@ackee.canonical.com>

curl (7.22.0-3ubuntu4.29) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: FTP redirect to malicious host via PASV response
    - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by
      default in lib/url.c, src/main.c.
    - CVE-2020-8284
  * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl
    - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of
      recurse in lib/ftp.c.
    - CVE-2020-8285

curl (7.22.0-3ubuntu4.28) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: curl overwrite local file with -J
    - debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
      src/tool_cb_hdr.c, src/tool_getparam.c.
    - CVE-2020-8177

curl (7.22.0-3ubuntu4.27) precise-security; urgency=medium

  [ Alex Murray ]
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

curl (7.22.0-3ubuntu4.26) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5436.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5436

curl (7.22.0-3ubuntu4.24) precise-security; urgency=medium

  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/CVE-2018-16842.patch: fix bad arithmetic
      in src/tool_msgs.c.
    - CVE-2018-16842

curl (7.22.0-3ubuntu4.23) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

curl (7.22.0-3ubuntu4.21) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in FTP URL handling
    - debian/patches/CVE-2018-1000120.patch: fix in lib/ftp.c,
      add test test/data/test340.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122
  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

curl (7.22.0-3ubuntu4.20) precise-security; urgency=medium

  * SECURITY UPDATE: leak authentication data
    - debian/patches/CVE-2018-1000007.patch: prevent custom
      authorization headers in redirects in lib/http.c,
      lib/url.c, lib/urldata.h, tests/data/Makefile.in,
      tests/data/test317, tests/data/test318.
    - CVE-2018-1000007

curl (7.22.0-3ubuntu4.19) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

curl (7.22.0-3ubuntu4.18) precise-security; urgency=medium

  * SECURITY UPDATE: printf floating point buffer overflow
    - debian/patches/CVE-2016-9586.patch: fix floating point buffer
      overflow issues in lib/mprintf.c, added test to tests/data/test557,
      tests/libtest/lib557.c.
    - CVE-2016-9586
  * SECURITY UPDATE: TFTP sends more than buffer size
    - debian/patches/CVE-2017-1000100.patch: reject file name lengths that
      don't fit in lib/tftp.c.
    - CVE-2017-1000100
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.am, tests/data/test1152.
    - CVE-2017-1000254
  * SECURITY UPDATE: --write-out out of buffer read
    - debian/patches/CVE-2017-7407-1.patch: fix a buffer read overrun in
      src/writeout.c added test to tests/data/Makefile.am,
      tests/data/test1440, tests/data/test1441.
    - debian/patches/CVE-2017-7407-2.patch: check for end of input in
      src/_writeout.c added test to tests/data/Makefile.am,
      tests/data/test1442.
    - CVE-2017-7407
  * SECURITY UPDATE: IMAP FETCH response out of bounds read
    - debian/patches/CVE-2017-1000257.patch: check size in lib/imap.c.
    - CVE-2017-1000257

Date: 2020-12-04 15:08:43.959595+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.29
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:42 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:42 -0000
Subject: [ubuntu/precise-updates] cpio 2.11-7ubuntu3.3 (Accepted)
Message-ID: <162004864278.6007.1009727453719780995.launchpad@ackee.canonical.com>

cpio (2.11-7ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: Improper input validation
    - debian/patches/CVE-2019-14866.patch: improve diagnostics,
      remove to_oct_or_error, adding new macro in
      src/copyout.c, src/extern.h, src/tar.c.
    - CVE-2019-14866

Date: 2019-11-05 15:58:15.114914+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/cpio/2.11-7ubuntu3.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:45 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:45 -0000
Subject: [ubuntu/precise-updates] cyrus-sasl2 2.1.25.dfsg1-3ubuntu0.2
 (Accepted)
Message-ID: <162004864568.7440.14758076292582703043.launchpad@ackee.canonical.com>

cyrus-sasl2 (2.1.25.dfsg1-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Off-by-one
    - debian/patches/CVE-2019-19906.patch: fix in _sasl_add_string function
    - CVE-2019-19906
  * Thanks Debian for the patch provide that (Closes: #947043)

Date: 2020-01-28 11:13:32.992067+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.25.dfsg1-3ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:45 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:45 -0000
Subject: [ubuntu/precise-updates] db 5.1.25-11ubuntu0.1 (Accepted)
Message-ID: <162004864597.6007.4773164592317382428.launchpad@ackee.canonical.com>

db (5.1.25-11ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Berkeley DB reads DB_CONFIG from cwd
    - debian/patches/CVE-2017-10140.patch in src/env/env_open.c.
    - CVE-2017-10140

Date: 2017-11-16 20:57:22.375737+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/db/5.1.25-11ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:47 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:47 -0000
Subject: [ubuntu/precise-updates] distro-info 0.8.2ubuntu1 (Accepted)
Message-ID: <162004864772.5996.6213841980146550552.launchpad@ackee.canonical.com>

distro-info (0.8.2ubuntu1) precise; urgency=medium

  * Provide support for the milestone eol-esm and add filters for
    supported-esm to ubuntu-distro-info along with the python and perl
    modules. (LP: #1808038, LP: #1825553)

Date: 2019-04-23 10:45:16.615500+00:00
Changed-By: Adam Conrad <adconrad at 0c3.net>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/distro-info/0.8.2ubuntu1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:45 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:45 -0000
Subject: [ubuntu/precise-updates] clamav 0.102.4+dfsg-0ubuntu0.12.04.1
 (Accepted)
Message-ID: <162004864540.6008.1746890748823276909.launchpad@ackee.canonical.com>

clamav (0.102.4+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.2 to fix security issues
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 115.
    - CVE-2020-3327
    - CVE-2020-3350
    - CVE-2020-3481

clamav (0.102.3+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.2 to fix security issues
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 114.
    - CVE-2020-3327
    - CVE-2020-3341

clamav (0.102.2+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.2 to fix security issue (CVE-2020-3123)
    - debian/patches/*: synced patches with 0.102.2+dfsg-1.
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 113.
    - debian/clamav-daemon.config.in, clamav-daemon.postinst.in:
      Removing ScanOnAccess option.
  * d/clamav-daemon.config.in: Correct error from ScanOnAccess option
    removal so that setting LogFile options via DebConf works again
    (Closes: #950296) (LP: #1860217)

clamav (0.102.1+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.102.1 to fix security issue (CVE-2019-15961)
    - debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1.
    - debian/clamav-daemon.postinst.in,clamav-freshclam.postinst.in: added
      new configuration options.
    - debian/clamav-docs.*: removed missing docs.
    - debian/libclamav9.install: added libfreshclam.so.2.
    - debian/libclamav9.symbols: updated for new version.
    - debian/rules: bumped CL_FLEVEL to 112.*
    - debian/control: adding libcurl4-openssl-dev as a new dependency for
      build freshclam, clamsubmit - See NEWS.md file.

clamav (0.101.4+dfsg-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to version 0.101.4 to fix security issues.
    - debian/patches/*: sync patches with 0.101.4+dfsg-1ubuntu1.
    - debian/clamav-daemon.postinst.in: removed DetectBrokenExecutables,
      added MaxScanTime, HeuristicAlerts, Alert*.
    - debian/*: updated for new library version.
    - debian/libclamav9.symbols: updated for new version.
    - debian/clamav-docs*, debian/rules: fix doc file locations.
    - debian/libclam-dev.install: include new header file.
    - debian/rules, debian/control: build with --with autoreconf.
    - debian/rules: build with --with-system-libmspack.
    - CVE-2019-12625
    - CVE-2019-12900

clamav (0.100.3+dfsg-1ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2019-1010305

clamav (0.100.3+dfsg-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to version 0.100.3 to fix security issues. (LP: #1822503)
    - debian/libclamav7.symbols: updated to new version.
    - CVE-2019-1787
    - CVE-2019-1788
    - CVE-2019-1789

clamav (0.100.2+dfsg-1ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in
      libclamav/libmspack-0.5alpha/mspack/chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in libclamav/libmspack-0.5alpha/mspack/cab.h
    - CVE-2018-18584

clamav (0.100.2+dfsg-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to version 0.100.2 to fix security issue.
    - CVE-2018-15378
  * Bump to new symbol version
    - debian/rules: set CL_FLEVEL 93.
    - debian/libclamav7.symbols: updated to new version.
  * Removed patches included in new version:
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch
    - debian/patches/CVE-2018-14681.patch
    - debian/patches/CVE-2018-14682.patch

clamav (0.100.1+dfsg-1ubuntu0.12.04.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * debian/clamav-daemon.config.in: fix infinite loop during
    dpkg-reconfigure (LP: #1792051)

clamav (0.100.1+dfsg-1ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in libclamav/libmspack-0.5alpha/mspack/cchmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/kwajd.c.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2018-14682

clamav (0.100.1+dfsg-1ubuntu0.12.04.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY REGRESSION: clamav-daemon fails to start due to options
    removed in new version and manually edited configuration file.
    (LP: #1783632)
    - debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
      add patch from Debian stretch to simply warn about removed options.

clamav (0.100.1+dfsg-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Rebuild as security update for 12.04 to fix multiple issues
    - CVE-2018-0360
    - CVE-2018-0361
  * Disabling LLVM support:
    - debian/control: removing llvm-3.6-dev
    - debian/rules: removing llvm
  * Removing patches that adds LLVM support:
    - debian/patches/Add-support-for-LLVM-3.*.patch
  * Removing dependency for procps >= 1:3:3.2:
    - debian/control
    - debian/clamav-daemon.ini.in
    - debian/clamav-freshclam.ini.in

clamav (0.100.1+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Rebuild as security update for 14.04 to fix multiple issues
    - CVE-2018-0360
    - CVE-2018-0361
  * Re-enable LLVM support:
    - debian/control: add llvm-3.6-dev to BuildDepends.
    - debian/rules: add llvm back.
  * debian/clamav-daemon.postinst.in: updated version to drop support for
    clamav-daemon.socket.
  * debian/control: switch libtfm-dev to libtommath-dev, remove
    dh-strip-nondeterminism, electric-fence, and libsystemd-dev.
  * Use internal libmspack:
    - debian/control: remove libmspack-dev.
    - debian/rules: remove --with-system-libmspack.
    - debian/libclamav7.install: add libclammspack.so.0*.
    - debian/libclamav-dev.install: add libclammspack.so.
  * Revert to Debhelper in 14.04:
    - debian/compat: set to 8
    - debian/control: set debhelper to 8.9.7
  * debian/{libclamav7,libclamav-dev}.install: fix file locations
  * debian/rules: modify to not use dpkg-parsechangelog -S
  * debian/control: remove Multi-Arch and Rules-Requires-Root tags.
  * Don't built with json and curl:
    - debian/rules: remove --with-libjson and --with-libcurl=/usr.
    - debian/control: remove libjson-c-dev, libcurl4-openssl-dev.
    - debian/clamav.install: remove clamsubmit.
    - debian/clamav.manpages: remove clamsubmit.1.
  * Removed clamdscan package:
    - debian/control: removed package section
    - debian/clamdscan.*: removed and added files to clamav-daemon.*
  * Added clamav-dbg package:
    - debian/control: added package section
    - debian/rules: use --dbg-package, not --dbgsym-migration
  * debian/control: updated clamav-daemon Breaks versions.

clamav (0.100.1+dfsg-1ubuntu1) cosmic; urgency=medium

  * debian/control: switch Build-Depends from libpcre2-dev to libpcre3-dev
    as pcre2 is in Universe.

clamav (0.100.1+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Only create clamav user during clamav-base install if it does not exist
    (LP: #121872)
    - Thanks to Shane Williams for the patch
  * Remove spurious debian/changelog entry for the above change from the
    0.100.0~beta+dfsg-1 entry since the change was not actually included

  [ Sebastian Andrzej Siewior ]
  * Import new upstream.
  * Bump symbol version due to new version.
  * Add read permission for freshclam on /var/log in the apparmor profile.
    Thanks to Robie Basak (Closes: #902601).
  * Bump standards-version to 4.1.5 without further change

clamav (0.100.0+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - remove various documentation files including Changelog from the file
      list because they are no longer included in upstream archive.

clamav (0.100.0~beta+dfsg-2) unstable; urgency=medium

  * Switch to pcre2 which is newer (Closes: #891195).
  * Cherry pick patches referenced in bb#11973 and bb#11980 to fix
    CVE-2018-0202.
  * Use compat level 11.

clamav (0.100.0~beta+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Add lintian override for clamav-freshclam: duplicate-updaterc.d-calls-in-
    postinst clamav-freshclam
  * New upstream beta release
  * Bump standards-version to 4.1.3 without further change
  * Update README.Debian to describe how to disable apparmor for clamav-daemon
    and clamav-freshclam (Closes: #884707)

  [ Sebastian Andrzej Siewior ]
  * Point Vcs-* tags to salsa.

clamav (0.99.3~beta2+dfsg-1) unstable; urgency=medium

  * Update upstream's signing gpg key
  * Update to beta2:
    - freshclam does not complain that clamav is outdated (Closes: #876429).

clamav (0.99.3~beta1+dfsg-4) unstable; urgency=medium

  * Ignore errors from update-rc.d in freshclam postins (Closes: #882323).
  * Drop dh-systemd & autoreconf from B-D.

clamav (0.99.3~beta1+dfsg-3) unstable; urgency=medium

  * Drop "demime = *" from Debian.README for clamav, this option is gone from
    exim (Closes: #881634).
  * Use "ucf" instead "ucp" in clamav-milter's postinst.
  * Disable LLVM support due to 3.8 removal (Closes: #873401).
  * Disable the freshclam service if changed to `manual' mode so it does not start
    again after system reboot with systemd (Closes: #881780).
  * Bump standards version to 4.1.1 without further change.
  * Allow to build as non root user.
  * Update dh compat level 10

clamav (0.99.3~beta1+dfsg-2) unstable; urgency=medium

  * Build again against system's libmspack (dropped by accident)
    (Closes: #872594).
  * Don't replace config file with sample config after debconf gets disabled
    (in milter and daemon (Closes: #870253).
  * Update standards to 4.0.1
    - use invoke-rc.d instead of /etc/init.d.
    - drop priority extra from clamav-milter.
  * Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
    by Václav Ovsík <vaclav.ovsik at gmail.com> (Closes: #868766).

clamav (0.99.3~beta1+dfsg-1) unstable; urgency=medium

  * Upload to unstable
  * update to official beta1 release:
    - drop fts-no-use-AC_TRY_RUN.patch, applied upstream.

clamav (0.99.3~snapshot20170704+dfsg-1) experimental; urgency=medium

  * Update to upstream snapshot (commit
    144ef69462427b63a650294257c892b047601aac):
    - add config options
    - boost symbol file
    - drop applied patches:
      - Allow-M-suffix-for-PCREMaxFileSize.patch
      - bb11549-fix-temp-file-cleanup-issue.patch
      - clamav_add_private_fts_implementation.patch
      - drop-AllowSupplementaryGroups-option-and-make-it-def.patch
      - fix-ssize_t-size_t-off_t-printf-modifier.patch
      - libclamav-use-libmspack.patch
      - make_it_compile_against_openssl_1_1_0.patch
    - add new ones:
      - fts-no-use-AC_TRY_RUN.patch
      - clamsubmit-add-JSON-libs-to-clamsubmit.patch

clamav (0.99.2+dfsg-6) unstable; urgency=medium

  * Fix detection of curl. Patch by Reiner Herrmann <reiner at reiner-h.de>
    (Closes: #852894).

clamav (0.99.2+dfsg-5) unstable; urgency=medium

  [ Andreas Cadhalpun ]
  * Add patches to support LLVM 3.7-3.9.
  * Re-enable llvm support.
  * Update embedded-library lintian override for multiarch locations.
  * Update standards version to 3.9.8. (no changes needed)
  * Mark clamav-docs and clamav-testfiles as Multi-Arch foreign and
    libclamav7 as same.
  * Fix spelling errors in the debian files. (Closes: #825055)
  * Remove unused package-contains-timestamped-gzip lintian-override.
  * Fix wildcard-matches-nothing-in-dep5-copyright lintian warning.

  [ Sebastian Andrzej Siewior ]
  * Remove clamav-daemon.service.d on purge (Closes: #842074).
  * Fix FTCBFS: Annotate interpreter dependencies with :native. Patch by
    Helmut Grohne (Closes: #844066).
  * Drop bc from B-D, it seems we no longer need it.
  * Cherry-pick patch from bb11549 to fix a temp file cleanup issue
    (Closes: #824196).

clamav (0.99.2+dfsg-4) unstable; urgency=medium

  * Remove Stephen Gran as Uploader and thank you for your work
    (Closes: #838405).
  * Drop llvm supported for now. The bytecode will be interpreted by clamav
    instead of llvm's JIT - there is no loss in functionality. It will come back
    once we llvm support again (Closes: #839850).

clamav (0.99.2+dfsg-3) unstable; urgency=medium

  * BD on dh-strip-nondeterminism.
  * get it compiled against openssl 1.1.0 (Closes: #828083).
  * Drop support for clamav-daemon.socket. Should avoid restart loops if clamd
    crashes on start (via OOM for instance). (Closes: #824042).

clamav (0.99.2+dfsg-2) unstable; urgency=medium

  * Ensure the users of PRIVATE symbols (clamd + freshclam) do not fall
    behind a upstream version (Closes: #824485).

clamav (0.99.2+dfsg-1) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * also remove bytecode.cld on purge
  * Update to new upstream release 0.99.2
  * Drop AllowSupplementaryGroups option which is default now
    (Closes: #822444).
  * Let the LSB init script have more consistent output. Patch by Guillem
    Jover (Closes: #823074).

Date: 2020-07-24 18:00:18.826063+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:45 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:45 -0000
Subject: [ubuntu/precise-updates] db4.8 4.8.30-11ubuntu1.1 (Accepted)
Message-ID: <162004864590.5996.8091577948232776963.launchpad@ackee.canonical.com>

db4.8 (4.8.30-11ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: Berkeley DB reads DB_CONFIG from cwd
    - debian/patches/CVE-2017-10140.patch in src/env/env_open.c.
    - CVE-2017-10140

Date: 2017-11-16 20:03:26.317501+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/db4.8/4.8.30-11ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:48 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:48 -0000
Subject: [ubuntu/precise-updates] dbus 1.4.18-1ubuntu1.10 (Accepted)
Message-ID: <162004864800.6008.14554015633577210275.launchpad@ackee.canonical.com>

dbus (1.4.18-1ubuntu1.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2020-12049.patch: on MSG_CTRUNC, close the fds
      we did receive in dbus/dbus-sysdeps-unix.c.
    - CVE-2020-12049

dbus (1.4.18-1ubuntu1.9) precise-security; urgency=medium

  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - debian/patches/CVE-2019-12749*.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c, enforce hardening EXTERNAL auth in
      bus/session.conf.in, cmake/CMakeLists.txt, configure.ac.
    - CVE-2019-12749

Date: 2020-06-15 19:11:14.457832+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.10
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:48 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:48 -0000
Subject: [ubuntu/precise-updates] dnsmasq 2.59-4ubuntu0.4 (Accepted)
Message-ID: <162004864882.7440.13548132484204755980.launchpad@ackee.canonical.com>

dnsmasq (2.59-4ubuntu0.4) precise-security; urgency=medium

  * REGRESSION UPDATE: a offset error passed in the last update that cause a
    regresion in dnsmasq this update fix this issue.

dnsmasq (2.59-4ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: add fixes to correct multiple security issues
    - CVE-2017-14491 DNS heap buffer overflow.
    - CVE-2017-14492, DHCPv6 RA heap overflow.
    - CVE-2017-14493, DHCPv6 - Stack buffer overflow.
    - CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
    - CVE-2017-14495, OOM in DNS response creation.
    - CVE-2017-14496, Integer underflow in DNS response creation.

Date: 2018-01-03 21:29:12.677131+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dnsmasq/2.59-4ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:48 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:48 -0000
Subject: [ubuntu/precise-updates] distro-info-data 0.8ubuntu0.21 (Accepted)
Message-ID: <162004864879.6007.6670864303081142966.launchpad@ackee.canonical.com>

distro-info-data (0.8ubuntu0.21) precise-security; urgency=medium

  * Add Ubuntu 20.10, Groovy Gorilla. (LP: #1874843)

distro-info-data (0.8ubuntu0.20) precise-security; urgency=medium

  * Add Ubuntu 21.04, Hirsute Hippo (LP: #1901361).

distro-info-data (0.8ubuntu0.19) precise; urgency=medium

  * Copy data from 0.40ubuntu3:
    - Add Ubuntu 20.04 LTS, with 5 years LTS and 10 years ESM. (LP: #1848688)

distro-info-data (0.8ubuntu0.18) precise; urgency=medium

  * Replace EANIMAL placeholder with Ermine.

distro-info-data (0.8ubuntu0.17) precise; urgency=medium

  * Add in eol-server and eol-esm dates for all Ubuntu LTS releases.
    (LP: #1814976, LP: #1808038)
  * Correct EOL dates for trusty (LP: #1825553)

distro-info-data (0.8ubuntu0.16) precise; urgency=medium

  * Copy data from 0.39ubuntu2:
    - Add Ubuntu 19.10 Eoan EANIMAL. (LP: #1825379)

distro-info-data (0.8ubuntu0.15) precise; urgency=medium

  * Copy data from 0.39:
    - Add Ubuntu 19.04 Disco Dingo. (LP: #1800656)

distro-info-data (0.8ubuntu0.14) precise; urgency=medium

  * Copy data from 0.38:
    - Add Ubuntu 18.10 Cosmic Cuttlefish. (LP: #1769992)
    - Correct EOL date for zesty. (LP: #1743936)
    - Adjust provisional creation date for Debian 11 Bullseye to August 2019.
      The release-team expects Buster to release "some time mid-2019".
    - Add Debian 12 Bookworm, with a provisional creation date.

distro-info-data (0.8ubuntu0.13) precise; urgency=medium

  * Copy data from 0.37 (LP: #1727046)
    - Set EOL date for Debian Wheezy.
    - Set (provisional) EOL date for Debian Jessie.
    - Set release date for Stretch (and matching creation date for Buster).
    - Add Ubuntu 18.04 LTS Bionic Beaver.

Date: 2020-11-04 22:22:13.642805+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/distro-info-data/0.8ubuntu0.21
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:50 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:50 -0000
Subject: [ubuntu/precise-updates] dpkg 1.16.1.2ubuntu7.9 (Accepted)
Message-ID: <162004865074.6008.14479898668211256095.launchpad@ackee.canonical.com>

dpkg (1.16.1.2ubuntu7.9) precise-security; urgency=medium

  * Fix physical file offset comparison in dpkg. Closes: #808912
    Thanks to Yuri Gribov <tetra2005 at gmail.com>.
    - adbdfb0dd9cec401609fd3eef232b7ff2153db7f
  * Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
    for the filesystem containing the info database. LP: #872734
    - 916bdba9095bd361cb2bccd6f566ecffdb206193

Date: 2020-02-07 16:21:14.825837+00:00
Changed-By: Jamie Strandboge <jamie at strandboge.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dpkg/1.16.1.2ubuntu7.9
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:51 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:51 -0000
Subject: [ubuntu/precise-updates] e2fsprogs 1.42-1ubuntu2.5 (Accepted)
Message-ID: <162004865143.6007.18026544375572717518.launchpad@ackee.canonical.com>

e2fsprogs (1.42-1ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2019-5188-*.patch:  abort if there is a corrupted
      directory block when rehashing and don't try to rehash a deleted directory
      in e2fsck/rehash.c, e2fsck/pass1b.c.
    - CVE-2019-5188

e2fsprogs (1.42-1ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write on the heap
    - debian/patches/CVE-2019-5094.patch: add checks to prevent
      buffer overrun in quota code in lib/quota/quotaio_tree.c,
      lib/quota/quotaio_v2.c.
    - CVE-2019-5094

Date: 2020-01-22 13:07:17.480873+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/e2fsprogs/1.42-1ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:51 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:51 -0000
Subject: [ubuntu/precise-updates] dovecot 1:2.0.19-0ubuntu2.8 (Accepted)
Message-ID: <162004865159.5996.8064077863814167773.launchpad@ackee.canonical.com>

dovecot (1:2.0.19-0ubuntu2.8) precise-security; urgency=medium

  * SECURITY REGRESSION: updating CVE-2019-11500-3.patch with the right check

dovecot (1:2.0.19-0ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
    heap memory writes
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

dovecot (1:2.0.19-0ubuntu2.6) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect client certificate validation
    - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
      username in src/auth/auth-request.c.
    - debian/patches/CVE-2019-3814-2.patch: fail authentication if
      certificate username was unexpectedly missing in
      src/auth/auth-request-handler.c.
    - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
      certificate in src/login-common/sasl-server.c.
    - CVE-2019-3814

dovecot (1:2.0.19-0ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

dovecot (1:2.0.19-0ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: passdb exploitable throuh checkpassword
    - debian/patches/CVE-2013-6171.patch: refuse to run checkpassword
      script insecurely by default in src/auth/checkpassword-reply.c,
      src/auth/db-checkpassword.c.
    - CVE-2013-6171
  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
      src/lib-auth/auth-server-connection.c,
      src/lib-auth/auth-serser-connection.h.
    - CVE-2017-15132

Date: 2019-08-28 17:13:27.534455+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.0.19-0ubuntu2.8
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:52 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:52 -0000
Subject: [ubuntu/precise-updates] eglibc 2.15-0ubuntu10.23 (Accepted)
Message-ID: <162004865262.7440.1495246216498326705.launchpad@ackee.canonical.com>

eglibc (2.15-0ubuntu10.23) precise-security; urgency=medium

  * Removing locale/locales-all from debian/control since in Precise
    it uses langpack-locales and no binary is created in eglibc for locales

eglibc (2.15-0ubuntu10.22) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patch/CVE-2018-6485.patch: fix integer overflows in
      internal memallign and malloc functions in
      malloc/malloc.c.
    - CVE-2018-6485

eglibc (2.15-0ubuntu10.21) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer underflow in realpath()
    - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff:
      Make getcwd(3) fail if it cannot obtain an absolute path
    - CVE-2018-1000001

eglibc (2.15-0ubuntu10.20) precise-security; urgency=medium

  * SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
    - debian/patches/any/CVE-2017-1000366.patch: Completely ignore
      LD_LIBRARY_PATH for AT_SECURE=1 programs
    - CVE-2017-1000366
  * SECURITY UPDATE: LD_PRELOAD stack corruption
    - debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
      Reject overly long names or names containing directories in
      LD_PRELOAD for AT_SECURE=1 programs.
  * debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
    additional consistency check for 1-byte overflows
  * debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
    LD_HWCAP_MASK for AT_SECURE=1 programs

Date: 2020-03-06 13:51:34.505624+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.23
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:53 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:53 -0000
Subject: [ubuntu/precise-updates] expat 2.0.1-7.2ubuntu1.7 (Accepted)
Message-ID: <162004865304.6008.16820764061670529668.launchpad@ackee.canonical.com>

expat (2.0.1-7.2ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-15903.dpatch: Deny internal
      entities closing the doctype in lib/xmlparse.c.
    - CVE-2019-15903

expat (2.0.1-7.2ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20843.dpatch: adds a break in
      setElementTypePrefix avoiding consume a high amount of RAM
      and CPU in lib/xmlparser.c
    - CVE-2018-20843

expat (2.0.1-7.2ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.dpatch: add check to lib/xmlparse.c.
    - CVE-2017-9233

Date: 2019-09-12 13:59:13.835185+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:53 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:53 -0000
Subject: [ubuntu/precise-updates] file 5.09-2ubuntu0.8 (Accepted)
Message-ID: <162004865346.6007.16618536969611858176.launchpad@ackee.canonical.com>

file (5.09-2ubuntu0.8) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
    - debian/patches/CVE-2019-18218.patch: limit the number of elements in
      a vector in src/cdf.*.
    - CVE-2019-18218

file (5.09-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: memory corruption in file_check_mem.
    - debian/patches/CVE-2015-8865.patch: properly calculate length in
      src/funcs.c.
    - CVE-2015-8865
  * SECURITY UPDATE: out-of-bounds read via crafted ELF file
    - debian/patches/CVE-2018-10360.patch: add bounds check to
      src/readelf.c.
    - CVE-2018-10360

Date: 2019-10-31 15:03:15.592961+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.8
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:53 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:53 -0000
Subject: [ubuntu/precise-updates] freetype 2.4.8-1ubuntu2.7 (Accepted)
Message-ID: <162004865373.5996.14463717952288882556.launchpad@ackee.canonical.com>

freetype (2.4.8-1ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches-freetype/CVE-2015-9381.patch: check
      if 'eexec' doesn't exceed 'limit' in src/type1/t1parse.c
    - CVE-2015-9381
  * SECURITY UPDATE: buffer over-read
    - debian/patches-freetype/CVE-2015-9382.patch: ensure that
      the cursor position doesn't get larger than the current limit
      in src/psaux/psobjs.c.
    - CVE-2015-9382
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches-freetype/CVE-2015-9383.patch: check
      limit before accessing 'numRanges' and numMappings in
      src/sfnt/ttcmap.c.
    - CVE-2015-9383

Date: 2019-09-06 15:05:32.743768+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/freetype/2.4.8-1ubuntu2.7
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:55 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:55 -0000
Subject: [ubuntu/precise-updates] gettext 0.18.1.1-5ubuntu3.1 (Accepted)
Message-ID: <162004865591.6008.17876578870781593220.launchpad@ackee.canonical.com>

gettext (0.18.1.1-5ubuntu3.1) precise-security; urgency=medium

  * SECURITY UPDATE: Invalid free
    - debian/patches/CVE-2018-18751.patch: fix in
      gettext-tools/src/read-catalog.c,
      gettext-tools/tests/Makefile.am,
      gettext-tools/tests/xgettext-po-2.
   - CVE-2018-18751

Date: 2018-11-09 13:22:14.291560+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/gettext/0.18.1.1-5ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:56 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:56 -0000
Subject: [ubuntu/precise-updates] glib2.0 2.32.4-0ubuntu1.4 (Accepted)
Message-ID: <162004865607.6007.11132253045701120333.launchpad@ackee.canonical.com>

glib2.0 (2.32.4-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update (LP: #1838890)
    - debian/patches/CVE-2019-13012-regression.patch: fix a
      memory leak introduced by the last security update while
      not properly handled the g_file_get_patch function in
      gio/gkeyfilesettingsbackend.c.

glib2.0 (2.32.4-0ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Not properly restrict directory and file permissions
    - debian/patches/CVE-2019-13012.patch: changes the permissions when
      a directory is created, using 700 instead 777 in
      gio/gkeyfilesettingsbackend.c and changes test to run in a temp
      directory in gio/tests/gsettings.c.
    - CVE-2019-13012

glib2.0 (2.32.4-0ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Less restrictive permissions during copying
    - debian/patches/CVE-2019-12450.patch: limit access to file when
      copying in file_copy_fallback in file gio/gfile.c.
    - CVE-2019-12450

glib2.0 (2.32.4-0ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: NULL pointer deference
    - debian/patches/CVE-2018-16428.patch: fix in glib/gmarkup.c,
      glib/tests/markups/fail-51.expected,
      glib/tests/markups/fail-51.gmarkup.
    - CVE-2018-16428
  * SECURITY UPDATE: Read out-of-bounds
    - debian/patches/CVE-2018-16429.patch: fix in glib/gmarkup.c and
      glib/tests/markups/fail-50.expected,
      glib/tests/markups/fail-50.gmarkup.
    - CVE-2018-16429

Date: 2019-08-05 17:06:18.586317+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/glib2.0/2.32.4-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:58 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:58 -0000
Subject: [ubuntu/precise-updates] ipsec-tools 1:0.8.0-9ubuntu1.2 (Accepted)
Message-ID: <162004865810.6007.5694056933955430141.launchpad@ackee.canonical.com>

ipsec-tools (1:0.8.0-9ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: remote attacker exploitable DoS
    - debian/patches/CVE-2016-10396.patch: fix remotely exploitable DoS in
      src/racoon/isakmp_frag.c, src/racoon/isakmp_inf.c, src/racoon/isakmp.c,
      src/racoon/handler.h.
    - CVE-2016-10396

Date: 2017-11-16 13:24:24.095842+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ipsec-tools/1:0.8.0-9ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:56 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:56 -0000
Subject: [ubuntu/precise-updates] gnupg 1.4.11-3ubuntu2.12 (Accepted)
Message-ID: <162004865621.5996.229934660041146898.launchpad@ackee.canonical.com>

gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
    - debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
    - debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
      cipher/rsa.c.
    - CVE-2017-7526

gnupg (1.4.11-3ubuntu2.11) precise-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.dpatch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

Date: 2018-08-15 15:37:12.612502+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.12
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:58 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:58 -0000
Subject: [ubuntu/precise-updates] icu 4.8.1.1-3ubuntu0.10 (Accepted)
Message-ID: <162004865806.6008.4183133349356931424.launchpad@ackee.canonical.com>

icu (4.8.1.1-3ubuntu0.10) precise-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2020-10531.patch: adds a int32_t overflow
      check when calculate a newLen in doReplace function in
      source/common/unistr.cpp.
    - CVE-2020-10531

icu (4.8.1.1-3ubuntu0.9) precise-security; urgency=medium

  * SECURITY UPDATE: double free
    - debian/patches/CVE-2017-14952.patch: fixes double free in
      createMetaZoneMappings() source/i18n/zonemeta.cpp.
    - CVE-2017-14952

icu (4.8.1.1-3ubuntu0.8) precise-security; urgency=medium

  * SECURITY UPDATE: out of bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle hunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - debian/patches/CVE-2017-786x-additional.patch: this patch was originally
      typed to debian Wheezy and applied here in order to adapt the original
      fix to Precise. Thanks to Roberto C. Sànchez.
    - CVE-2017-7867
    - CVE-2017-7868

Date: 2020-03-16 18:14:26.164013+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/icu/4.8.1.1-3ubuntu0.10
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:58 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:58 -0000
Subject: [ubuntu/precise-updates] heimdal 1.6~git20120311.dfsg.1-2ubuntu0.2
 (Accepted)
Message-ID: <162004865883.7440.15525895039188866566.launchpad@ackee.canonical.com>

heimdal (1.6~git20120311.dfsg.1-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: avoiding impersonation and other attacks through
    unauthenticated portions of Kerberos tickets
    - debian/patches/CVE-2017-11103.patch: this patch assures that
      the KDC-REP service name is obtained from encrypted version.
    - CVE-2017-11103

Date: 2017-07-20 14:58:15.112340+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/heimdal/1.6~git20120311.dfsg.1-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:30:59 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:30:59 -0000
Subject: [ubuntu/precise-updates] isc-dhcp 4.1.ESV-R4-0ubuntu5.13 (Accepted)
Message-ID: <162004865915.5996.12009705364039597255.launchpad@ackee.canonical.com>

isc-dhcp (4.1.ESV-R4-0ubuntu5.13) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in dhclient
    - debian/patches/CVE-2018-573x.patch: check option data size in
      common/options.c.
    - CVE-2018-5732
  * SECURITY UPDATE: reference counter overflow in dhcpd
    - debian/patches/CVE-2018-573x.patch: avoid overflow in
      common/options.c.
    - CVE-2018-5733

Date: 2018-05-25 15:56:20.932427+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/isc-dhcp/4.1.ESV-R4-0ubuntu5.13
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:00 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:00 -0000
Subject: [ubuntu/precise-updates] keepalived 1:1.2.2-3ubuntu1.2 (Accepted)
Message-ID: <162004866095.5996.16821830726729111328.launchpad@ackee.canonical.com>

keepalived (1:1.2.2-3ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19115.patch: fix in
      lib/html.c.
    - CVE-2018-19115

Date: 2019-02-18 10:31:14.419104+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/keepalived/1:1.2.2-3ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:01 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:01 -0000
Subject: [ubuntu/precise-updates] json-c 0.9-1ubuntu1.4 (Accepted)
Message-ID: <162004866117.6008.3001738337297289617.launchpad@ackee.canonical.com>

json-c (0.9-1ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c,
      also adds the  fix for the INT_MAX regression caused in
      previous update.
    - CVE-2020-12762

json-c (0.9-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY REGRESSION: last update caused a series of regressions,
    revert to previous version, removing patches applied
    CVE-2020-12762-*.patch (LP: #1878723).

json-c (0.9-1ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c.
    - CVE-2020-12762

Date: 2020-05-27 16:54:10.158178+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/json-c/0.9-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:02 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:02 -0000
Subject: [ubuntu/precise-updates] lcms2 2.2+git20110628-2ubuntu3.3 (Accepted)
Message-ID: <162004866271.7440.6233288543802518136.launchpad@ackee.canonical.com>

lcms2 (2.2+git20110628-2ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-10165.patch: fix in src/cmstypes.c.
    - CVE-2016-10165
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-16435.patch: fix in src/cmscgats.c.
    - CVE-2018-16435
  * Removing broken clean on debian/rules

Date: 2018-09-20 11:30:12.812401+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/lcms2/2.2+git20110628-2ubuntu3.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:03 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:03 -0000
Subject: [ubuntu/precise-updates] lcms 1.19.dfsg-1ubuntu3.1 (Accepted)
Message-ID: <162004866302.6007.8112565152777720963.launchpad@ackee.canonical.com>

lcms (1.19.dfsg-1ubuntu3.1) precise-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - fix in samples/icctrans.c, tifficc/tiffdiff.c.
    - CVE-2013-4276
  * SECURITY UPDATE: Integer overflow
    - fix in src/cmscgats.c.
    - CVE-2018-16435

Date: 2018-09-19 13:02:19.269379+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/lcms/1.19.dfsg-1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:00 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:00 -0000
Subject: [ubuntu/precise-updates] jinja2 2.6-1ubuntu0.2 (Accepted)
Message-ID: <162004866004.6007.7193255014603164565.launchpad@ackee.canonical.com>

jinja2 (2.6-1ubuntu0.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-3.patch: adding types and EscapeFormatter
      class to support the fixes from this CVE in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

Date: 2019-05-15 16:45:18.086312+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/jinja2/2.6-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:04 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:04 -0000
Subject: [ubuntu/precise-updates] lftp 4.3.3-1ubuntu0.1 (Accepted)
Message-ID: <162004866438.5996.6219064191573612044.launchpad@ackee.canonical.com>

lftp (4.3.3-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Incorrectly sanitize remote file names
    - debian/patches/CVE-2018-10196.patch: fix in src/MirrorJob.cc.
    - CVE-2018-10196

Date: 2018-08-03 16:56:12.744254+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/lftp/4.3.3-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:04 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:04 -0000
Subject: [ubuntu/precise-updates] libapache2-mod-perl2 2.0.5-5ubuntu1.1
 (Accepted)
Message-ID: <162004866481.6008.8960661541221525432.launchpad@ackee.canonical.com>

libapache2-mod-perl2 (2.0.5-5ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary perl code execution via .htaccess file
    - debian/patches/CVE-2011-2767.patch: only allow perl and pod sections
      in server configuration and not per directory in
      src/modules/perl/mod_perl.c.
    - CVE-2011-2767
  * Fix FTBFS caused by test failures due to Apache security updates.
    - debian/patches/370_http_syntax.patch
    - debian/patches/380_inject_header_line_terminators.patch
  * FIX FTBFS on hask_attack test
    - debian/patches/270_fix_hash_attack_test.patch

Date: 2018-11-21 18:44:12.718096+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libapache2-mod-perl2/2.0.5-5ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:05 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:05 -0000
Subject: [ubuntu/precise-updates] libarchive-zip-perl 1.30-6ubuntu0.1
 (Accepted)
Message-ID: <162004866552.7440.11164974949351860379.launchpad@ackee.canonical.com>

libarchive-zip-perl (1.30-6ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Traversal path vulnerability
    - debian/patches/CVE-2018-10860.patch: fix in
      lib/Archive/Zip/Archive.pm and add test in
      t/25_traversal.t and some .zip files for test.
    - CVE-2018-10860

Date: 2018-07-03 14:58:14.490400+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libarchive-zip-perl/1.30-6ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:09 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:09 -0000
Subject: [ubuntu/precise-updates] libbsd 0.3.0-2ubuntu0.1 (Accepted)
Message-ID: <162004866967.5996.9503131497516683277.launchpad@ackee.canonical.com>

libbsd (0.3.0-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2019-20367.patch: make sure that there is
      a bounded comparison in  src/nlist.c.
    - CVE-2019-20367

Date: 2020-01-16 12:38:15.638453+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libbsd/0.3.0-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:08 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:08 -0000
Subject: [ubuntu/precise-updates] libdbi-perl 1.616-1ubuntu0.3 (Accepted)
Message-ID: <162004866800.7440.4820813225178578256.launchpad@ackee.canonical.com>

libdbi-perl (1.616-1ubuntu0.3) precise-security; urgency=medium

  * Rebuild no change for fixing unmet dependency.

Date: 2020-10-13 13:57:13.930917+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libdbi-perl/1.616-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:09 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:09 -0000
Subject: [ubuntu/precise-updates] libcaca 0.99.beta17-2.1ubuntu2.1 (Accepted)
Message-ID: <162004866917.6008.10861922970339964505.launchpad@ackee.canonical.com>

libcaca (0.99.beta17-2.1ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: Floating point exception
    - debian/patches/CVE-2018-20544.patch: fix in
      caca/dither.c.
    - CVE-2018-20544
  * SECURITY UPDATE: Buffer over-write
    - debian/patches/CVE-2018-20545_20548_20549.patch:
      fix in src/common-image.h.
    - CVE-2018-20545
    - CVE-2018-20548
    - CVE-2018-20549
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2018-20546_20547.patch: fix in
      caca/dither.c.
    - CVE-2018-20546
    - CVE-2018-20547

Date: 2019-01-14 16:43:13.610481+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta17-2.1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:11 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:11 -0000
Subject: [ubuntu/precise-updates] libexif 0.6.20-2ubuntu0.7 (Accepted)
Message-ID: <162004867168.6007.8622739432752930302.launchpad@ackee.canonical.com>

libexif (0.6.20-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-0452.patch: fixed a incorrect overflow check that could be
      optimized away in libexif/exif-entry.c.
    - CVE-2020-0452

libexif (0.6.20-2ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0093.patch: fix read
      buffer overflow making sure the number of bytes being
      copied from does not exceed the source buffer size in
      libexif/exif-data.c.
    - CVE-2020-0093
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
      overflow check for a size overflow while reading tags in
      libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif/mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.c.
    - CVE-2020-13112
  * SECURITY UPDATE: Possibly crash and potential use-after-free
    - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
      pointer is not dereferenced later in the case where the number of
      components is 0 in libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif-mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.
    - CVE-2020-13113
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-13114.patch: add a failsafe on the
      maximum number of Canon MakerNote subtags in
      libexif/canon/exif-mnote-data-canon.c.
    - CVE-2020-13114
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0182.patch: fix a buffer read
      overflow in exif_entry_get_value in libexif/exif-entry.c.
    - CVE-2020-0182
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
      in libexif/exif-data.c.
    - CVE-2020-0198

libexif (0.6.20-2ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20030.patch: improve deep recursion detection
      in exif_data_load_data_content in libexif/exif-data.c.
    - CVE-2018-20030
  * SECURITY UPDATE: Divinding by zero vulnerability
    - debian/patches/CVE-2020-12767.patch: check if d variable is not zeroed
      before use it in libexif/exif-entry.c
    - CVE-2020-12767

libexif (0.6.20-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2016-6328.patch: fix int overflow while parsing
      MNOTE entry data of the input file in
      libexif/pentax/mnote-pentax-entry.c
    - CVE-2016-6328
  * SECURITY UPDATE: Out-bouns heap read and denial of service
    - debian/patches/CVE-2017-7544.patch: fixes out-of-bounds heap read
      in exif_data_save_data_entry function in libexif/exif-data.c.
    - CVE-2017-7544
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2019-9278.patch: avoid the use of unsafe int overflow
      checking constructs and check for the actual sizes to avoid integer
      overflows in libexif/exif-data.c.
    - CVE-2019-9278

Date: 2020-11-09 12:48:13.993928+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libexif/0.6.20-2ubuntu0.7
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:11 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:11 -0000
Subject: [ubuntu/precise-updates] libffi 3.0.11~rc1-5ubuntu0.1 (Accepted)
Message-ID: <162004867169.7440.6999214102747199344.launchpad@ackee.canonical.com>

libffi (3.0.11~rc1-5ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: executable stack
    - debian/patches/CVE-2017-1000376.patch: add missing GNU stack markings
      in src/x86/win32.S.
    - CVE-2017-1000376

Date: 2017-10-18 16:47:18.465718+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libffi/3.0.11~rc1-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:15 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:15 -0000
Subject: [ubuntu/precise-updates] libjpeg-turbo 1.1.90+svn733-0ubuntu4.6
 (Accepted)
Message-ID: <162004867530.7440.8708932377743114227.launchpad@ackee.canonical.com>

libjpeg-turbo (1.1.90+svn733-0ubuntu4.6) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2020-13790.patch: fix buf overrun caused
      by bad binary PPM in rdppm.c.
    - CVE-2020-13790

libjpeg-turbo (1.1.90+svn733-0ubuntu4.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via JPEG file
    - debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c.
    - CVE-2014-9092
  * SECURITY UPDATE: denial of service via crafted file
    - debian/patches/CVE-2016-3616.patch: check range of integer values in
      PPM text file in cderror.h, rdppm.c.
    - CVE-2016-3616
    - CVE-2018-11213
    - CVE-2018-11214
  * SECURITY UPDATE: divide-by-zero via crafted file
    - debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c.
    - CVE-2018-11212
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

Date: 2020-06-08 12:40:15.395092+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.1.90+svn733-0ubuntu4.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:14 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:14 -0000
Subject: [ubuntu/precise-updates] libgd2 2.0.36~rc1~dfsg-6ubuntu2.6 (Accepted)
Message-ID: <162004867479.5996.1941358344491732833.launchpad@ackee.canonical.com>

libgd2 (2.0.36~rc1~dfsg-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in gd_png.c.
    - CVE-2017-6362

libgd2 (2.0.36~rc1~dfsg-6ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak in src/gd_gif_in.c,
    - CVE-2017-7890

Date: 2017-09-05 13:34:14.293349+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libgd2/2.0.36~rc1~dfsg-6ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:14 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:14 -0000
Subject: [ubuntu/precise-updates] libgcrypt11 1.5.0-3ubuntu0.9 (Accepted)
Message-ID: <162004867462.6008.12835154145408491926.launchpad@ackee.canonical.com>

libgcrypt11 (1.5.0-3ubuntu0.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627.patch: add mitigation against timing
      attack in cipher/ecc.c, mpi/ec.c.
    - CVE-2019-13627

libgcrypt11 (1.5.0-3ubuntu0.8) precise-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc.
    - CVE-2018-0495

libgcrypt11 (1.5.0-3ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526

Date: 2020-01-28 15:47:24.609573+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.9
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:17 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:17 -0000
Subject: [ubuntu/precise-updates] davfs2 1.4.6-1ubuntu3.1 (Accepted)
Message-ID: <162004867775.5996.13554493573350465140.launchpad@ackee.canonical.com>

davfs2 (1.4.6-1ubuntu3.1) precise-security; urgency=medium

  * SECURITY UPDATE: Added missing '\r' in constant
    none_match_header
    - webdav.c: fix missing '\r'. This update is
      required since apache2 fails for davfs2
      test after CVE-2016-8743 update.

Date: 2017-07-31 14:43:18.942319+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/davfs2/1.4.6-1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:18 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:18 -0000
Subject: [ubuntu/precise-updates] libmspack 0.4-1~12.04.1 (Accepted)
Message-ID: <162004867825.7440.2543826263824922539.launchpad@ackee.canonical.com>

libmspack (0.4-1~12.04.1) precise-security; urgency=medium

  * Rebuilding for  precise/esm

Date: 2019-10-02 18:18:13.321717+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libmspack/0.4-1~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:16 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:16 -0000
Subject: [ubuntu/precise-updates] libidn 1.23-2ubuntu0.2 (Accepted)
Message-ID: <162004867643.6007.6055160767921803585.launchpad@ackee.canonical.com>

libidn (1.23-2ubuntu0.2) precise-security; urgency=medium

  [ Marc Deslauries ]
  * SECURITY UPDATE:  Integer overflow
    - debian/patches/CVE-2017-14062.patch: fix integer overflow
      in punycode.c.
    - CVE-2017-14062

Date: 2017-10-17 20:40:43.672418+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libidn/1.23-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:19 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:19 -0000
Subject: [ubuntu/precise-updates] php-ssh2 0.11.2-1ubuntu0.1 (Accepted)
Message-ID: <162004867951.6008.17956393161415644048.launchpad@ackee.canonical.com>

php-ssh2 (0.11.2-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: fixing php_url_parse fails
    - debian/patches/fix_php_url_fails.patch: this fix is needed after
      php security fix CVE-2016-10397. Fix in ssh2_fopen_wrappers.c.

Date: 2018-04-27 15:55:43.278078+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/php-ssh2/0.11.2-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 13:31:19 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 13:31:19 -0000
Subject: [ubuntu/precise-updates] linux-base 4.5ubuntu1~12.04.1 (Accepted)
Message-ID: <162004867996.6007.13911313721283740713.launchpad@ackee.canonical.com>

linux-base (4.5ubuntu1~12.04.1) precise; urgency=low

  * Update precise to the latest linux-base. (LP: #1766728)

linux-base (4.5ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - do not install /usr/bin/perf, perf.8, bash-completion/perf
      which are provided by linux-tools-common (LP:1008713)

linux-base (4.5) unstable; urgency=medium

  [ Salvatore Bonaccorso ]
  * Update Danish debconf template translation.
    Thanks to Joe Dalton <joedalton2 at yahoo.dk> (Closes: #830587)
  * Update Brazilian Portuguese debconf templates translation.
    Thanks to Diego Neves <diego at diegoneves.eti.br> (Closes: #830691)

  [ Ben Hutchings ]
  * Update Dutch debconf template translations (Frans Spiesschaert)
    (Closes: #837097)
  * perf: Drop support for versions older than 3.2
  * Use dh with debhelper compat level 9
  * Add bash completion wrapper for perf (Closes: #702482)

linux-base (4.4) unstable; urgency=medium

  [ Ben Hutchings ]
  * Update debconf template translations:
    - Portuguese (Américo Monteiro) (Closes: #826779)
    - Polish (Łukasz Dulny)
    - Japanese (Victory)
    - Russian (Yuri Kozlov) (Closes: #828772)
    - German (Markus Hiereth)
    - French (Jean-Pierre Giraud) (Closes: #830171)
  * linux-check-removal: Fix substitution of package name in debconf title

  [ Salvatore Bonaccorso ]
  * Update Swedish debconf template translation.
    Thanks to Martin Bagge <brother at bsnet.se> (Closes: #828725)
  * Update Czech debconf template translation.
    Thanks to Michal Simunek <michal.simunek at gmail.com> (Closes: #828944)

linux-base (4.3) unstable; urgency=medium

  * Add linux-check-removal command for use by package prerm scripts
    - Override lintian warning and error for this unusual debconf usage

linux-base (4.2) unstable; urgency=medium

  * Change source format to 3.0 (native) so that .git directory is excluded
    by default
  * Add manual page for linux-update-symlinks
  * read_kernelimg_conf(): Quietly ignore settings used only by kernel-package
  * debian/rules: Add build-{arch,indep} targets
  * debian/control: Update policy version to 3.9.8; no changes required

linux-base (4.1) unstable; urgency=medium

  * Adjust for migration to git:
    - Add .gitignore files
    - debian/control: Update Vcs-* fields (Closes: #824748)
  * Add image_stem() and read_kernelimg_conf() functions to Perl module
  * Add linux-update-symlinks command for use by package maintainer scripts

linux-base (4.0ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - do not install /usr/bin/perf or perf.8 which are provided by
      linux-tools-common (LP: #1008713)

linux-base (4.0) unstable; urgency=low

  * Remove obsolete postinst upgrade code and translations
    (Closes: #580435, #660670, #670775, #686211, #686384, #686431, #686445,
     #686459, #686480, #686602, #686610, #686662, #686687, #686704, #686705,
     #686717, #686720, #686748, #698203)
  * Run version_cmp() unit tests at build time
  * linux-version: Fix sorting of version strings containing -trunk
    (Closes: #761614)
  * perf: Update error message for missing perf executable, to refer to
    linux-perf-<version> for Linux 4.1 onward
  * debian/control: Drop support for pre-multiarch releases
  * debian/control: Update Vcs-* fields to use anonscm.debian.org
  * debian/control: Update policy version to 3.9.6; no changes required

linux-base (3.5ubuntu4) quantal-proposed; urgency=low

  * Remove perf man page since its provided by (and conflicts with)
    linux-tools-common.
    -LP: #1008713

linux-base (3.5ubuntu3) quantal; urgency=low

  * remove the postinst script, in ubuntu we did the UUID transition
    years ago and it does not seem to take u-boot into account as a
    bootloader. this results in a debconf error message on all arm
    systems.

linux-base (3.5ubuntu2) quantal; urgency=low

  * Added 'Build-Depends: quilt'

linux-base (3.5ubuntu1) quantal; urgency=low

  * Added quilt patch support
  * Remove /usr/bin/perf from this package as it conflicts with
    the Ubuntu kernel tools package linux-tools-common (which
    provides the real /usr/bin/perf). I can think of no reason why
    this should cause a problem. /usr/bin/perf is kernel ABI version
    specific, therefore it can only be provided by the correct
    version of linux-tools-$version-$abi.
    debian/patches/0001-remove-bin-perf.patch
    -LP: #931353

linux-base (3.5) unstable; urgency=low

  * debian/control: Set Multi-Arch: foreign to allow for installation
    of foreign linux-image packages

Date: 2019-02-15 16:29:13.381213+00:00
Changed-By: Andy Whitcroft <apw at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:06 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:06 -0000
Subject: [ubuntu/precise-updates] libpam-krb5 4.5-3ubuntu0.1 (Accepted)
Message-ID: <162005082608.6008.17713320865478734625.launchpad@ackee.canonical.com>

libpam-krb5 (4.5-3ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: One-byte buffer overflow
    - debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
      boundaries in prompting.c.
    - CVE-2020-10595

Date: 2020-03-24 13:45:16.394954+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libpam-krb5/4.5-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:06 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:06 -0000
Subject: [ubuntu/precise-updates] libpam-radius-auth 1.3.17-0ubuntu3.1
 (Accepted)
Message-ID: <162005082659.5996.1116189172865147877.launchpad@ackee.canonical.com>

libpam-radius-auth (1.3.17-0ubuntu3.1) precise-security; urgency=medium

   [ Marc Deslauriers ]
   * SECURITY UPDATE: DoS via stack overflow in password field
    - debian/patches/CVE-2015-9542-1.patch: use length, which has been
      limited in size in pam_radius_auth.c.
    - debian/patches/CVE-2015-9542-2.patch: clear out trailing part of the
      buffer in pam_radius_auth.c.
    - debian/patches/CVE-2015-9542-3.patch: copy password to buffer before
      rounding length in pam_radius_auth.c.
    - debian/rules: added new patches.
    - CVE-2015-9542

Date: 2020-02-20 16:23:14.919779+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libpam-radius-auth/1.3.17-0ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:08 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:08 -0000
Subject: [ubuntu/precise-updates] libnl3 3.2.3-2ubuntu2.1 (Accepted)
Message-ID: <162005082852.6007.10225112366037991715.launchpad@ackee.canonical.com>

libnl3 (3.2.3-2ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: integer-overflow in nlmsg_reserve()
    - debian/patches/CVE-2017-0553.patch: check len in lib/msg.c.
    - CVE-2017-0553

Date: 2017-06-16 17:23:14.221062+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libnl3/3.2.3-2ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:09 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:09 -0000
Subject: [ubuntu/precise-updates] libpcap 1.1.1-10ubuntu0.1 (Accepted)
Message-ID: <162005082968.6008.6211170861494721668.launchpad@ackee.canonical.com>

libpcap (1.1.1-10ubuntu0.1) precise-security; urgency=medium

  [ Steve Beattie ]
  * SECURITY UPDATE: pcapng reading buffer over-read.
    - debian/patches/CVE-2019-15165-1.patch: do sanity checks on PHB
      header length before allocating memory.
    - debian/patches/CVE-2019-15165-2.patch: fix introduced format
      warning
    - CVE-2019-15165

Date: 2020-01-15 15:03:14.268667+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libpcap/1.1.1-10ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:09 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:09 -0000
Subject: [ubuntu/precise-updates] libpng 1.2.46-3ubuntu4.3 (Accepted)
Message-ID: <162005082967.5996.7628596695309962879.launchpad@ackee.canonical.com>

libpng (1.2.46-3ubuntu4.3) precise-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2016-10087.patch: fix in png.c.
    - CVE-2016-10087

Date: 2018-07-10 20:18:25.575377+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:12 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:12 -0000
Subject: [ubuntu/precise-updates] libsdl1.2 1.2.14-6.4ubuntu3.2 (Accepted)
Message-ID: <162005083206.6007.2186444370578487151.launchpad@ackee.canonical.com>

libsdl1.2 (1.2.14-6.4ubuntu3.2) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-13616.patch: validate image size
      when loading BMP files in src/video/SDL_bmp.c.
    - CVE-2019-13616
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2019-7572*.patch: moving clamping the index
      value at beginning of IMA_ADPCM_nibble in src/audio/SDL_wave.c.
    - CVE-2019-7572
  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-7573-76.patch: check if MS ADPCK chunk
      was too short in src/audio/SDL_wave.c.
    - CVE-2019-7573
    - CVE-2019-7576
  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2019-7574.patch: check if data chunk
      was shorter than expected based on WAF format in
      src/audio/SDL_wave.c.
    - CVE-2019-7574
  * SECURITY UPDATE: Heap-based buffer overflow and buffer over-read
    - debian/patches/CVE-2019-7575-77-2.patch: check if
      a WAV format defines shorter audio stream in
      src/audio/SDL_wave.c.
    - debian/patches/CVE-2019-7577.patch: checks overread in
      src/audio/SDL_wave.c.
    - CVE-2019-7575
    - CVE-2019-7577
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7578.patch: fix in
      src/audio/SDL_wave.c.
    - CVE-2019-7578
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7635.patch: fix in
      src/video/SDL_bmp.c.
    - CVE-2019-7635
  * SECURITY UPDATE: heap-baed buffer over-read
    - debian/patches/CVE-2019-7636.patch: fix in
      src/video/SDL_bmp.c.
    - CVE-2019-7636
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-7637*.patch: fix in
      src/video/SDL_pixels.c, src/video/gapi/SDL_gapivideo.c.
    - CVE-2019-7637
  * fixing a patch error
    - debian/patches/fix_error_patching*.patch: in
      src/audio/SDL_wave.c, src/video/SDL_pixels.c.

Date: 2019-10-16 13:19:13.939551+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libsdl1.2/1.2.14-6.4ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:12 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:12 -0000
Subject: [ubuntu/precise-updates] libtasn1-3 2.10-1ubuntu1.6 (Accepted)
Message-ID: <162005083295.5996.4740044995647856810.launchpad@ackee.canonical.com>

libtasn1-3 (2.10-1ubuntu1.6) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks lib/parser_aux.c.
    - CVE-2017-6891

Date: 2017-07-11 18:57:16.377525+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:14 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:14 -0000
Subject: [ubuntu/precise-updates] libtirpc 0.2.2-5ubuntu0.1 (Accepted)
Message-ID: <162005083424.6008.3329469941201841382.launchpad@ackee.canonical.com>

libtirpc (0.2.2-5ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-4429.diff: fix in src/clnt_dg.c.
    - CVE-2016-4429
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-8779.patch: fix in src/rpc_generic.c,
      src/rpcb_prot.c, src/rpcb_st_xdr.c, src/xdr.c.
    - CVE-2017-8779
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14622.patch: fix in src/svc_c.c.
    - CVE-2018-14622

Date: 2018-09-04 16:40:17.373457+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libtirpc/0.2.2-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:17 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:17 -0000
Subject: [ubuntu/precise-updates] libx11 2:1.4.99.1-0ubuntu2.5 (Accepted)
Message-ID: <162005083729.6007.12894750539947530781.launchpad@ackee.canonical.com>

libx11 (2:1.4.99.1-0ubuntu2.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: integer overflow and heap overflow in XIM client
    - debian/patches/CVE-2020-14344-1.patch: fix signed length values in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-2.patch: fix integer overflows in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-3.patch: fix more unchecked lengths in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-4.patch: zero out buffers in functions
      in modules/im/ximcp/imDefIc.c, modules/im/ximcp/imDefIm.c.
    - debian/patches/CVE-2020-14344-5.patch: change the data_len parameter
      to CARD16 in modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-6.patch: fix size calculation in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-7.patch: fix input clients connecting
      to server in modules/im/ximcp/imRmAttr.c.
    - CVE-2020-14344
  * SECURITY UPDATE: integer overflow and double free in locale handling
    - debian/patches/CVE-2020-14363.patch: fix an integer overflow in
      modules/om/generic/omGeneric.c.
    - CVE-2020-14363

libx11 (2:1.4.99.1-0ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2016-7942.patch: fix in src/GetImage.c.
    - CVE-2016-7942
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2016-7943.patch: fix in src/FontNames.c,
      src/ListExt.c, src/ModMap.c.
    - CVE-2016-7943
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14598.patch: fix in src/GetFPath.c,
      src/ListExt.c.
    - CVE-2018-14598
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14599.patch: fix in src/FontNames.c,
      src/GetFPath.c, src/ListExt.c.
    - CVE-2018-14599
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14600.patch: fix in src/GetFPath.
    - CVE-2018-14600

Date: 2020-09-02 17:55:14.309433+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libx11/2:1.4.99.1-0ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:17 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:17 -0000
Subject: [ubuntu/precise-updates] libxslt 1.1.26-8ubuntu1.6 (Accepted)
Message-ID: <162005083751.6008.9345500247869090121.launchpad@ackee.canonical.com>

libxslt (1.1.26-8ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Uninitialized read
      Fix uninitialized
      read of xsl:number token in libxslt/numbers.c.
    - CVE-2019-13117
  * SECURITY UPDATE: Uninitialized read
      Fix uninitialized
      read with UTF-8 grouping chars in libxslt/numbers.c,
      tests/docs/bug-222.xml, tests/general/bug-222.out,
      tests/general/bug-222.xsl.
    - CVE-2019-13118
  * SECURITY UPDATE: Buffer over-read
      Fix dangling
      pointer in xsltCopyText in libxslt/transform.c.
    - CVE-2019-18197

libxslt (1.1.26-8ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Date: 2019-10-22 14:44:15.610919+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:17 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:17 -0000
Subject: [ubuntu/precise-updates] libxml2 2.7.8.dfsg-5.1ubuntu4.22 (Accepted)
Message-ID: <162005083781.5996.16977402070044272228.launchpad@ackee.canonical.com>

libxml2 (2.7.8.dfsg-5.1ubuntu4.22) precise-security; urgency=medium

  * SECURITY UPDATE: Memory leak
    - fix memory leak in xmlParseBalancedChunkMemoryRecover checking
      if doc is NULL in parser.c.
    - CVE-2019-19956
  * SECURITY UPDATE: Denial of service though an infinite loop
    - fix infinite loop in  xmlStringLenDecodeEntities adding checks
      to ctxt->instate if it is == XML_PARSER_EOF in parser.c.
    - CVE-2020-7595

libxml2 (2.7.8.dfsg-5.1ubuntu4.21) precise-security; urgency=medium

  * SECURITY UPDATE: XXE attacks
    - debian/patches/CVE-2016-9318.patch: fix in parser.c.
    - CVE-2016-9318
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14404.patch: fix in xpath.c.
    - CVE-2018-14404

libxml2 (2.7.8.dfsg-5.1ubuntu4.20) precise-security; urgency=medium

  * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
    - CVE-2017-15412

libxml2 (2.7.8.dfsg-5.1ubuntu4.19) precise-security; urgency=medium

  * SECURITY UPDATE: infinite recursion in parameter entities
    - CVE-2017-16932

libxml2 (2.7.8.dfsg-5.1ubuntu4.18) precise-security; urgency=medium

  * SECURITY UPDATE: type confusion leading to out-of-bounds write
    - CVE-2017-0663
  * SECURITY UPDATE: XML external entity (XXE) vulnerability
      entity references
    - CVE-2017-7375
  * SECURITY UPDATE: buffer overflow in URL handling
      ports in HTTP redirect support
    - CVE-2017-7376
  * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
      remains in buffer for copied data
    - CVE-2017-9047, CVE-2017-9048
  * SECURITY UPDATE: heap based buffer overreads in
    xmlDictComputeFastKey()
      expansions, add additional sanity check
    - CVE-2017-9049, CVE-2017-9050

Date: 2020-02-05 17:23:22.089564+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.22
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:19 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:19 -0000
Subject: [ubuntu/precise-updates] linux-backports-modules-3.2.0 3.2.0-150.141
 (Accepted)
Message-ID: <162005083991.6007.3211103243792152867.launchpad@ackee.canonical.com>

linux-backports-modules-3.2.0 (3.2.0-150.141) precise; urgency=medium

  * Bump ABI 3.2.0-150

linux-backports-modules-3.2.0 (3.2.0-149.140) precise; urgency=medium

  * Bump ABI 3.2.0-149

linux-backports-modules-3.2.0 (3.2.0-148.139) precise; urgency=medium

  * Bump ABI 3.2.0-148

linux-backports-modules-3.2.0 (3.2.0-147.138) precise; urgency=medium

  * Bump ABI 3.2.0-147

linux-backports-modules-3.2.0 (3.2.0-145.137) precise; urgency=medium

  * Bump ABI 3.2.0-145

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-backports-modules-3.2.0 (3.2.0-144.136) precise; urgency=medium

  * Bump ABI 3.2.0-144

linux-backports-modules-3.2.0 (3.2.0-143.135) precise; urgency=medium

  * Bump ABI 3.2.0-143

linux-backports-modules-3.2.0 (3.2.0-142.134) precise; urgency=medium

  * Bump ABI 3.2.0-142

linux-backports-modules-3.2.0 (3.2.0-141.133) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-140.132) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-139.131) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-138.130) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-137.129) precise; urgency=low

  * UBUNTU: cw: fix compilation error after L1TF fixes

linux-backports-modules-3.2.0 (3.2.0-137.128) precise; urgency=low

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-136.127) precise; urgency=low

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-135.126) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-134.125) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-133.124) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-132.123) precise; urgency=medium

  * Bmp ABI

linux-backports-modules-3.2.0 (3.2.0-131.122) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-130.121) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-129.120) precise; urgency=medium

  * Bump ABI

linux-backports-modules-3.2.0 (3.2.0-128.119) precise; urgency=medium

  * Bump ABI

Date: 2021-04-05 22:26:09.038659+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux-backports-modules-3.2.0/3.2.0-150.141
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:21 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:21 -0000
Subject: [ubuntu/precise-updates] linux-meta 3.2.0.150.164 (Accepted)
Message-ID: <162005084146.5996.3581245472572236321.launchpad@ackee.canonical.com>

linux-meta (3.2.0.150.164) precise; urgency=medium

  * Bump ABI 3.2.0-150

linux-meta (3.2.0.149.163) precise; urgency=medium

  * Bump ABI 3.2.0-149

linux-meta (3.2.0.148.162) precise; urgency=medium

  * Bump ABI 3.2.0-148

linux-meta (3.2.0.147.161) precise; urgency=medium

  * Bump ABI 3.2.0-147

linux-meta (3.2.0.145.160) precise; urgency=medium

  * Bump ABI 3.2.0-145

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-meta (3.2.0.144.159) precise; urgency=medium

  * Bump ABI 3.2.0-144

linux-meta (3.2.0.143.158) precise; urgency=medium

  * Bump ABI 3.2.0-143

linux-meta (3.2.0.142.157) precise; urgency=medium

  * Bump ABI 3.2.0-142

linux-meta (3.2.0.141.156) precise; urgency=medium

  * Bump ABI 3.2.0-141

linux-meta (3.2.0.140.155) precise; urgency=medium

  * Bump ABI 3.2.0-140

linux-meta (3.2.0.139.154) precise; urgency=medium

  * Bump ABI 3.2.0-139

linux-meta (3.2.0.138.153) precise; urgency=medium

  * Bump ABI 3.2.0-138

linux-meta (3.2.0.137.152) precise; urgency=medium

  * Bump ABI 3.2.0-137

linux-meta (3.2.0.136.151) precise; urgency=medium

  * Bump ABI 3.2.0-136

linux-meta (3.2.0.135.150) precise; urgency=medium

  * Bump ABI 3.2.0-135

linux-meta (3.2.0.134.149) precise; urgency=medium

  * Bump ABI 3.2.0-134

linux-meta (3.2.0.133.148) precise; urgency=medium

  * Bump ABI 3.2.0-133

  * Miscellaneous upstream changes
    - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates"

linux-meta (3.2.0.132.147) precise; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
    to ensure they are pulled into all host installs of Ubuntu on upgrade.
    LP: #1738259.  [intel-microcode only]

linux-meta (3.2.0.132.146) precise; urgency=medium

  * Bump ABI 3.2.0-132

linux-meta (3.2.0.131.145) precise; urgency=medium

  * Bump ABI 3.2.0-131

linux-meta (3.2.0.130.144) precise; urgency=medium

  * Bump ABI 3.2.0-130

linux-meta (3.2.0.129.143) precise; urgency=medium

  * Bump ABI 3.2.0-129

linux-meta (3.2.0.128.142) precise; urgency=medium

  * Bump ABI 3.2.0-128

Date: 2021-04-05 22:24:12.774640+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux-meta/3.2.0.150.164
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:22 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:22 -0000
Subject: [ubuntu/precise-updates] linux-meta-lts-trusty 3.13.0.185.170
 (Accepted)
Message-ID: <162005084234.6007.16413278281949523889.launchpad@ackee.canonical.com>

linux-meta-lts-trusty (3.13.0.185.170) precise; urgency=medium

  * Bump ABI 3.13.0-185

linux-meta-lts-trusty (3.13.0.183.169) precise; urgency=medium

  * Bump ABI 3.13.0-183

linux-meta-lts-trusty (3.13.0.182.168) precise; urgency=medium

  * Bump ABI 3.13.0-182

linux-meta-lts-trusty (3.13.0.181.167) precise; urgency=medium

  * Bump ABI 3.13.0-181

linux-meta-lts-trusty (3.13.0.180.166) precise; urgency=medium

  * Bump ABI 3.13.0-180

linux-meta-lts-trusty (3.13.0.177.165) precise; urgency=medium

  * Bump ABI 3.13.0-177

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-meta-lts-trusty (3.13.0.176.164) precise; urgency=medium

  * Bump ABI 3.13.0-176

linux-meta-lts-trusty (3.13.0.175.163) precise; urgency=medium

  * Bump ABI 3.13.0-175

linux-meta-lts-trusty (3.13.0.174.162) precise; urgency=medium

  * Bump ABI 3.13.0-174

linux-meta-lts-trusty (3.13.0.173.161) precise; urgency=medium

  * Bump ABI 3.13.0-173

linux-meta-lts-trusty (3.13.0.172.160) precise; urgency=medium

  * Bump ABI 3.13.0-172

linux-meta-lts-trusty (3.13.0.171.159) precise; urgency=medium

  * Bump ABI 3.13.0-171

linux-meta-lts-trusty (3.13.0.170.158) precise; urgency=medium

  * Bump ABI 3.13.0-170

linux-meta-lts-trusty (3.13.0.168.157) precise; urgency=medium

  * Bump ABI 3.13.0-168

linux-meta-lts-trusty (3.13.0.166.156) precise; urgency=medium

  * Bump ABI 3.13.0-166

  * signing: only install a signed kernel (LP: #1764794)
    - switch to signed-only binary packages
    - convert linux-signed* into transitional packages

linux-meta-lts-trusty (3.13.0.165.155) precise; urgency=medium

  * Bump ABI 3.13.0-165

linux-meta-lts-trusty (3.13.0.164.154) precise; urgency=medium

  * Bump ABI 3.13.0-164

linux-meta-lts-trusty (3.13.0.163.153) precise; urgency=medium

  * Bump ABI 3.13.0-163

linux-meta-lts-trusty (3.13.0.162.152) precise; urgency=medium

  * Bump ABI 3.13.0-162

linux-meta-lts-trusty (3.13.0.161.151) precise; urgency=medium

  * Bump ABI 3.13.0-161

linux-meta-lts-trusty (3.13.0.160.150) precise; urgency=medium

  * Bump ABI 3.13.0-160

linux-meta-lts-trusty (3.13.0.159.149) precise; urgency=medium

  * Bump ABI 3.13.0-159

linux-meta-lts-trusty (3.13.0.158.148) precise; urgency=medium

  * Bump ABI 3.13.0-158

linux-meta-lts-trusty (3.13.0.157.147) precise; urgency=medium

  * Bump ABI 3.13.0-157

linux-meta-lts-trusty (3.13.0.156.146) precise; urgency=medium

  * Bump ABI 3.13.0-156

linux-meta-lts-trusty (3.13.0.155.145) precise; urgency=medium

  * Bump ABI 3.13.0-155

linux-meta-lts-trusty (3.13.0.154.144) precise; urgency=medium

  * Bump ABI 3.13.0-154

linux-meta-lts-trusty (3.13.0.153.143) precise; urgency=medium

  * Bump ABI 3.13.0-153

linux-meta-lts-trusty (3.13.0.151.142) precise; urgency=medium

  * Bump ABI 3.13.0-151

linux-meta-lts-trusty (3.13.0.150.141) precise; urgency=medium

  * Bump ABI 3.13.0-150

linux-meta-lts-trusty (3.13.0.149.140) precise; urgency=medium

  * Bump ABI 3.13.0-149

linux-meta-lts-trusty (3.13.0.148.139) precise; urgency=medium

  * Bump ABI 3.13.0-148

linux-meta-lts-trusty (3.13.0.147.138) precise; urgency=medium

  * Bump ABI 3.13.0-147

linux-meta-lts-trusty (3.13.0.146.137) precise; urgency=medium

  * Bump ABI 3.13.0-146

linux-meta-lts-trusty (3.13.0.145.136) precise; urgency=medium

  * Bump ABI 3.13.0-145

linux-meta-lts-trusty (3.13.0.144.135) precise; urgency=medium

  * Bump ABI 3.13.0-144

linux-meta-lts-trusty (3.13.0.143.134) precise; urgency=medium

  * Bump ABI 3.13.0-143

linux-meta-lts-trusty (3.13.0.142.133) precise; urgency=medium

  * Bump ABI 3.13.0-142

linux-meta-lts-trusty (3.13.0.141.132) precise; urgency=medium

  * Bump ABI 3.13.0-141

linux-meta-lts-trusty (3.13.0.140.131) precise; urgency=medium

  * Bump ABI 3.13.0-140

  * Miscellaneous upstream changes
    - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates"

linux-meta-lts-trusty (3.13.0.139.130) precise; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
    to ensure they are pulled into all host installs of Ubuntu on upgrade.
    LP: #1738259.  [intel-microcode only]

linux-meta-lts-trusty (3.13.0.139.129) precise; urgency=medium

  * Bump ABI 3.13.0-139

linux-meta-lts-trusty (3.13.0.138.128) precise; urgency=medium

  * Bump ABI 3.13.0-138

linux-meta-lts-trusty (3.13.0.137.127) precise; urgency=medium

  * Bump ABI 3.13.0-137

linux-meta-lts-trusty (3.13.0.136.126) precise; urgency=medium

  * Bump ABI 3.13.0-136

linux-meta-lts-trusty (3.13.0.135.125) precise; urgency=medium

  * Bump ABI 3.13.0-135

linux-meta-lts-trusty (3.13.0.134.124) precise; urgency=medium

  * Bump ABI 3.13.0-134

linux-meta-lts-trusty (3.13.0.133.123) precise; urgency=medium

  * Bump ABI 3.13.0-133

linux-meta-lts-trusty (3.13.0.132.122) precise; urgency=medium

  * Bump ABI 3.13.0-132

linux-meta-lts-trusty (3.13.0.131.121) precise; urgency=medium

  * Bump ABI 3.13.0-131

linux-meta-lts-trusty (3.13.0.130.120) precise; urgency=medium

  * Bump ABI 3.13.0-130

linux-meta-lts-trusty (3.13.0.129.119) precise; urgency=medium

  * Bump ABI 3.13.0-129

linux-meta-lts-trusty (3.13.0.128.118) precise; urgency=medium

  * Bump ABI 3.13.0-128

linux-meta-lts-trusty (3.13.0.126.117) precise; urgency=medium

  * Bump ABI 3.13.0-126

linux-meta-lts-trusty (3.13.0.125.116) precise; urgency=medium

  * Bump ABI 3.13.0-125

linux-meta-lts-trusty (3.13.0.124.115) precise; urgency=medium

  * Bump ABI 3.13.0-124

linux-meta-lts-trusty (3.13.0.123.114) precise; urgency=medium

  * Bump ABI 3.13.0-123

linux-meta-lts-trusty (3.13.0.122.113) precise; urgency=medium

  * Bump ABI 3.13.0-122

linux-meta-lts-trusty (3.13.0.121.112) precise; urgency=medium

  * Bump ABI 3.13.0-121

linux-meta-lts-trusty (3.13.0.120.111) precise; urgency=medium

  * Bump ABI 3.13.0-120

linux-meta-lts-trusty (3.13.0.119.110) precise; urgency=medium

  * Bump ABI 3.13.0-119

linux-meta-lts-trusty (3.13.0.118.109) precise; urgency=medium

  * Bump ABI 3.13.0-118

Date: 2021-03-18 15:43:31.050229+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux-meta-lts-trusty/3.13.0.185.170
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:23 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:23 -0000
Subject: [ubuntu/precise-updates] linux-signed-lts-trusty
 3.13.0-185.236~12.04.1 (Accepted)
Message-ID: <162005084350.5996.5404631369311846297.launchpad@ackee.canonical.com>

linux-signed-lts-trusty (3.13.0-185.236~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-185.236~12.04.1

linux-signed-lts-trusty (3.13.0-183.234~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-183.234~12.04.1

linux-signed-lts-trusty (3.13.0-182.233~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-182.233~12.04.1

linux-signed-lts-trusty (3.13.0-181.232~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-181.232~12.04.1

linux-signed-lts-trusty (3.13.0-180.231~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-180.231~12.04.1

linux-signed-lts-trusty (3.13.0-177.228~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-177.228~12.04.1

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-signed-lts-trusty (3.13.0-176.227~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-176.227~12.04.1

linux-signed-lts-trusty (3.13.0-175.226~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-175.226~12.04.1

linux-signed-lts-trusty (3.13.0-174.225~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-174.225~12.04.1

linux-signed-lts-trusty (3.13.0-173.224~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-173.224~12.04.1

linux-signed-lts-trusty (3.13.0-172.223~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-172.223~12.04.1

linux-signed-lts-trusty (3.13.0-171.222~12.04.1) precise; urgency=medium

  * Master version: 3.13.0-171.222~12.04.1

linux-signed-lts-trusty (3.13.0-170.220~12.04.2+signed1) precise; urgency=medium

  * Rebuild after fixing and incorrectly based upload.

linux-signed-lts-trusty (3.13.0-170.220~12.04.2) precise; urgency=medium

  * Master version: 3.13.0-170.220~12.04.2

linux-signed-lts-trusty (3.13.0-168.218~precise1) precise; urgency=medium

  * Master version: 3.13.0-168.218~precise1

linux-signed-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium

  * Master version: 3.13.0-166.216~precise1

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] switch to signed-only forms
    - [Packaging] use arch headers package when building download path for signed
      binaries
    - [Packaging] match +signedN more accuratly
    - [Packaging] download-signed -- fix downloader component and handle versions
      correctly

linux-signed-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium

  * Master Version 3.13.0-165.215~precise1

linux-signed-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium

  * Master Version 3.13.0-164.214~precise1

linux-signed-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium

  * Master Version 3.13.0-163.213~precise1

linux-signed-lts-trusty (3.13.0-162.212~precise1) precise; urgency=medium

  * Master Version 3.13.0-162.212~precise1

linux-signed-lts-trusty (3.13.0-161.211~precise1) precise; urgency=medium

  * Master Version 3.13.0-161.211~precise1

linux-signed-lts-trusty (3.13.0-160.210~precise1) precise; urgency=medium

  * Master Version 3.13.0-160.210~precise1

linux-signed-lts-trusty (3.13.0-159.209~precise1) precise; urgency=medium

  * Master Version 3.13.0-159.209~precise1

linux-signed-lts-trusty (3.13.0-158.208~precise2) precise; urgency=medium

  * Master Version 3.13.0-158.208~precise2

linux-signed-lts-trusty (3.13.0-158.208~precise1) precise; urgency=medium

  * Master Version 3.13.0-158.208~precise1

linux-signed-lts-trusty (3.13.0-157.207~precise1) precise; urgency=medium

  * Master Version 3.13.0-157.207~precise1

linux-signed-lts-trusty (3.13.0-156.206~precise1) precise; urgency=medium

  * Master Version 3.13.0-156.206~precise1

linux-signed-lts-trusty (3.13.0-155.206~precise1) precise; urgency=medium

  * Master Version 3.13.0-155.206~precise1

linux-signed-lts-trusty (3.13.0-154.204~precise1) precise; urgency=medium

  * Master Version 3.13.0-154.204~precise1

linux-signed-lts-trusty (3.13.0-153.203~precise1) precise; urgency=medium

  * Master Version 3.13.0-153.203~precise1

linux-signed-lts-trusty (3.13.0-151.201~precise1) precise; urgency=medium

  * Master Version 3.13.0-151.201~precise1

linux-signed-lts-trusty (3.13.0-150.200~precise1) precise; urgency=medium

  * Master Version 3.13.0-150.200~precise1

linux-signed-lts-trusty (3.13.0-149.199~precise1) precise; urgency=medium

  * Master Version 3.13.0-149.199~precise1

linux-signed-lts-trusty (3.13.0-148.197~precise1) precise; urgency=medium

  * Master Version 3.13.0-148.197~precise1

linux-signed-lts-trusty (3.13.0-147.196~precise1) precise; urgency=medium

  * Master Version 3.13.0-147.196~precise1

linux-signed-lts-trusty (3.13.0-146.195~precise1) precise; urgency=medium

  * Master Version 3.13.0-146.195~precise1

linux-signed-lts-trusty (3.13.0-145.194~precise2) precise; urgency=medium

  * Master Version 3.13.0-145.194~precise2

linux-signed-lts-trusty (3.13.0-145.194~precise1) precise; urgency=medium

  * Master Version 3.13.0-145.194~precise1

linux-signed-lts-trusty (3.13.0-144.193~precise1) precise; urgency=medium

  * Master Version 3.13.0-144.193~precise1

linux-signed-lts-trusty (3.13.0-143.192~precise1) precise; urgency=medium

  * Master Version 3.13.0-143.192~precise1

linux-signed-lts-trusty (3.13.0-142.191~precise1) precise; urgency=medium

  * Master Version 3.13.0-142.191~precise1

linux-signed-lts-trusty (3.13.0-141.190~precise1) precise; urgency=medium

  * Master Version 3.13.0-141.190~precise1

linux-signed-lts-trusty (3.13.0-140.189~precise1) precise; urgency=medium

  * Master Version 3.13.0-140.189~precise1

linux-signed-lts-trusty (3.13.0-139.188~precise1) precise; urgency=medium

  * Master Version 3.13.0-139.188~precise1

linux-signed-lts-trusty (3.13.0-138.187~precise1) precise; urgency=medium

  * Master Version 3.13.0-138.187~precise1

linux-signed-lts-trusty (3.13.0-137.186~precise1) precise; urgency=medium

  * Master Version 3.13.0-137.186~precise1

linux-signed-lts-trusty (3.13.0-136.185~precise1) precise; urgency=medium

  * Master Version 3.13.0-136.185~precise1

linux-signed-lts-trusty (3.13.0-135.184~precise1) precise; urgency=medium

  * Master Version 3.13.0-135.184~precise1

linux-signed-lts-trusty (3.13.0-134.183~precise1) precise; urgency=medium

  * Master Version 3.13.0-134.183~precise1

linux-signed-lts-trusty (3.13.0-133.182~precise1) precise; urgency=medium

  * Master Version 3.13.0-133.182~precise1

linux-signed-lts-trusty (3.13.0-132.181~precise1) precise; urgency=medium

  * Master Version 3.13.0-132.181~precise1

linux-signed-lts-trusty (3.13.0-131.180~precise1) precise; urgency=medium

  * Master Version 3.13.0-131.180~precise1

linux-signed-lts-trusty (3.13.0-130.179~precise1) precise; urgency=medium

  * Master Version 3.13.0-130.179~precise1

linux-signed-lts-trusty (3.13.0-129.178~precise1) precise; urgency=medium

  * Master Version 3.13.0-129.178~precise1

linux-signed-lts-trusty (3.13.0-128.177~precise1) precise; urgency=medium

  * Master Version 3.13.0-128.177~precise1

linux-signed-lts-trusty (3.13.0-126.175~precise1) precise; urgency=medium

  * Master Version 3.13.0-126.175~precise1

linux-signed-lts-trusty (3.13.0-125.174~precise1) precise; urgency=medium

  * Master Version 3.13.0-125.174~precise1

linux-signed-lts-trusty (3.13.0-124.173~precise1) precise; urgency=medium

  * Master Version 3.13.0-124.173~precise1

linux-signed-lts-trusty (3.13.0-123.172~precise1) precise; urgency=medium

  * Master Version 3.13.0-123.172~precise1

linux-signed-lts-trusty (3.13.0-122.171~precise1) precise; urgency=medium

  * Master Version 3.13.0-122.171~precise1

linux-signed-lts-trusty (3.13.0-121.170~precise1) precise; urgency=medium

  * Master Version 3.13.0-121.170~precise1

linux-signed-lts-trusty (3.13.0-120.167~precise1) precise; urgency=medium

  * Master Version 3.13.0-120.167~precise1

linux-signed-lts-trusty (3.13.0-119.166~precise1) precise; urgency=medium

  * Master Version 3.13.0-119.166~precise1

linux-signed-lts-trusty (3.13.0-118.165~precise1) precise; urgency=medium

  * Master Version 3.13.0-118.165~precise1

Date: 2021-03-18 15:43:32.438879+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux-signed-lts-trusty/3.13.0-185.236~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:24 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:24 -0000
Subject: [ubuntu/precise-updates] lxml 2.3.2-1ubuntu0.5 (Accepted)
Message-ID: <162005084462.6007.4579346451386867028.launchpad@ackee.canonical.com>

lxml (2.3.2-1ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - This adds the missing part reported from upstream
      Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

lxml (2.3.2-1ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

lxml (2.3.2-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - Make the cleaner remove javascript URLs
      that use espacing in in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.txt.
    - CVE-2018-19787

Date: 2020-12-10 15:36:17.368489+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/lxml/2.3.2-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:25 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:25 -0000
Subject: [ubuntu/precise-updates] mutt 1.5.21-5ubuntu2.6 (Accepted)
Message-ID: <162005084534.5996.9173065574571975809.launchpad@ackee.canonical.com>

mutt (1.5.21-5ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Sensitive information exposed
    - debian/patches/CVE-2020-28896.patch: Ensure IMAP connection is closed
      after a connection error in imap/imap.c.
    - CVE-2020-28896

mutt (1.5.21-5ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: Man-in-the-middle attack
    - debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
      attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
      mutt_socket.c, mutt_socket.h, mutt_ssl.c, mutt_ssl_gnutls.c.
    - CVE-2020-14954
  * Redoing patch CVE-2020-14154-1, that causes a possibly regression (LP: #1884588)

mutt (1.5.21-5ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: Man-in-the-middle attack
    - debian/patches/CVE-2020-14093.patch: prevent
      possible IMAP MITM via PREAUTH response in imap/imap.c.
    - CVE-2020-14093
  * SECURITY UPDATE: Connection even if the user rejects an
    expired intermediate certificate
    - debian/patches/CVE-2020-14154-1.patch: fix GnuTLS tls_verify_peers()
      checking in mutt_ssl_gnutls.c.
    - debian/patches/CVE-2020-14154-2.patch: Abort GnuTLS certificate if a
      cert in the chain is rejected in mutt_ssl_gnutls.c.
    - debian/patches/CVE-2020-14154-3.patch: fix GnuTLS interactive prompt
      short-circuiting in mutt_ssl_gnutls.c.
    - CVE-2020-14154

mutt (1.5.21-5ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Mishandles a NO response without a msg
    - debian/patches/ubuntu/mutt-CVE-2018-14349.patch: fix in
      imap/command.c.
    - CVE-2018-14349
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/ubuntu/mutt-CVE-2018-14350-CVE-2018-14358.patch:
      fix in imap/message.c.
    - CVE-2018-14350
    - CVE-2018-14358
  * SECURITY UPDATE: Mishandles a long IMAP status
    - debian/patches/ubuntu/mutt-CVE-2018-14351.patch: fix in
      imap/command.c.
    - CVE-2018-14351
  * SECURITY UPDATE: Integer underflow and stack-based buffer overflow
    - debian/patches/ubuntu/mutt-CVE-2018-14352-CVE-2018-14353.patch:
      fix in imap/util.c.
    - CVE-2018-14352
    - CVE-2018-14353
  * SECURITY UPDATE: Remote arbitrary code execution
    - debian/patches/ubuntu/mutt-CVE-2018-14354-CVE-2018-14357.patch:
      fix in imap/command.c, imap/imap.c, imap/imap_private.h, imap/util.c.
    - CVE-2018-14354
    - CVE-2018-14357
  * SECURITY UPDATE: Directory traversal
    - debian/patches/ubuntu/mutt-CVE-2018-14355.patch: fix in
      imap/util.c.
    - CVE-2018-14355
  * SECURITY UPDATE: Mishandles a zero-lenght UID
    - debian/patches/ubuntu/mutt-CVE-2018-14356.patch: fix in
      pop.c.
    - CVE-2018-14356
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/ubuntu/mutt-CVE-2018-14359.patch: fix in
      base64.c, imap/auth_cram.c, imap/auth_gss.c, protos.h.
    - CVE-2018-14359
  * SECURITY UPDATE: Unsafe character interactions
    - debian/patches/ubuntu/mutt-CVE-2018-14362.patch: fix in
      pop.c.
    - CVE-2018-14362

Date: 2020-11-24 14:27:31.448750+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:26 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:26 -0000
Subject: [ubuntu/precise-updates] linux 3.2.0-150.197 (Accepted)
Message-ID: <162005084652.20020.13729499604172868770.launchpad@ackee.canonical.com>

linux (3.2.0-150.197) precise; urgency=medium

  * precise/linux: 3.2.0-150.197 -proposed tracker (LP: #1919172)

  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - Add file_ns_capable() helper function for open-time capability checking
    - net: Add variants of capable for use on on sockets
    - netlink: Make the sending netlink socket availabe in NETLINK_CB

linux (3.2.0-149.196) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux (3.2.0-148.195) precise; urgency=medium

  * precise/linux: 3.2.0-148.195 -proposed tracker (LP: #1882773)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

linux (3.2.0-147.194) precise; urgency=medium

  * CVE-2020-0543
    - x86, cpufeature: Add the RDSEED and ADX features
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (3.2.0-145.192) precise; urgency=medium

  * precise/linux: 3.2.0-145.192 -proposed tracker (LP: #1878876)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * CVE-2020-12654
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

linux (3.2.0-144.191) precise; urgency=medium

  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * The 3.13 kernel for Precise ESM does not provide the expected version number
    (LP: #1838610)
    - [debian] Allow for package revisions condusive for branching
    - [debian] Fix regression with ABI subversions and backport
    - [Packaging] uploadnum should be the remainder of the version

linux (3.2.0-143.190) precise; urgency=medium

  * CVE-2019-14835
    - vhost: make sure log_num < in_num

linux (3.2.0-142.189) precise; urgency=medium

  * linux: 3.2.0-142.189 -proposed tracker (LP: #1835270)

  * CVE-2017-5715 // MDS: CPU buffers are not cleared on all paths from kernel
    to userspace (LP: #1833047)
    - SAUCE: KVM: x86: Make use of x86_spec_ctrl_{set_guest,restore_host}

  * CVE-2017-5715 // x86/speculation: SPEC_CTRL MSR not properly set/restored on
    VMENTER/VMEXIT (LP: #1834635)
    - SAUCE: x86/speculation: Introduce x86_spec_ctrl_{set_guest,restore_host}

  * x86/speculation: SPEC_CTRL MSR not properly set/restored on VMENTER/VMEXIT
    (LP: #1834635)
    - SAUCE: KVM: VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    CPU buffers are not cleared on all paths from kernel to userspace (LP:
    #1833047)
    - x86/asm: Error out if asm/jump_label.h is included inappropriately
    - x86/asm: Make asm/alternative.h safe from assembly
    - x86/jump-label: Use best default nops for inital jump label calls
    - SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    Incorrect warning when booting with 'nosmt' (LP: #1830018)
    - SAUCE: [Fix] x86/speculation/mds: Add SMT warning message

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter

  * CVE-2017-5715
    - SAUCE: Reset the SPEC_CTRL MSR on secondary CPUs

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
    - SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce sched_smt_{active,present}

  * CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation: Mark string arrays const correctly

  * CVE-2017-5715 // CVE-2018-3639
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read

  * CVE-2017-5754
    - SAUCE: Show 'pti' in /proc/cpuinfo

  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation

  * CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM

  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5754
    - x86/Documentation: Add PTI description
    - x86/pti: Document fix wrong index
    - SAUCE: x86/pti: Query MSR IA32_ARCH_CAPABILITIES for ARCH_CAP_RDCL_NO

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715
    - SAUCE: x86/cpufeatures: Reorder auxiliary feature bits
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - SAUCE: x86/speculation: Introduce spectre_v2_select_mitigation() stub
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - SAUCE: x86/cpufeatures: Clean up Spectre v2 related feature bits
    - x86/speculation: Use IBRS if available before calling into firmware
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715 //
    CVE-2018-3639
    - SAUCE: x86/speculation: Introduce x86_spec_ctrl_base

  * intel-microcode 3.20180312.0 causes lockup at login screen (LP: #1759920) //
    Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2018-12126 //
    CVE-2018-12127 // CVE-2018-12130
    - SAUCE: x86/msr: Fix formatting of msr-index.h

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5753
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

linux (3.2.0-141.188) precise; urgency=medium

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format

linux (3.2.0-140.186) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] Sync in-tree getabis script

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - perf/x86/intel: Use Intel family macros for core perf events
    - x86/cpu: Sanitize FAM6_ATOM naming
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/jump_label_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
    - KVM: Add x86_hyper_kvm to complete detect_hypervisor_platform check

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * CVE-2018-3639 (x86)
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627) //
    CVE-2017-5715
    - SAUCE: remove ibrs_dump sysctl interface

linux (3.2.0-139.185) precise; urgency=medium

  * linux: 3.2.0-139.185 -proposed tracker (LP: #1806430)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * Update to upstream's implementation of Spectre v1 mitigation
    (LP: #1774181) // CVE-2017-5753
    - SAUCE: x86/speculation: Add X86_BUG_SPECTRE_V[12] and sysfs show functions
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - SAUCE: Drop gmb() in favor of array_index_nospec()
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
      MFENCE_RDTSC feature"
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1

  * Update to upstream's implementation of Spectre v1 mitigation
    (LP: #1774181) // Prevent speculation on user controlled pointer
    (LP: #1775137) // CVE-2017-5753
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

linux (3.2.0-138.184) precise; urgency=medium

  * linux: 3.2.0-138.184 -proposed tracker (LP: #1802777)

  * CVE-2017-5754
    - SAUCE: x86/pti: Add X86_BUG_CPU_MELTDOWN and sysfs show function

linux (3.2.0-137.183) precise; urgency=medium

  * linux: 3.2.0-137.183 -proposed tracker (LP: #1799398)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - x86/mm: Simplify p[g4um]d_page() macros
    - x86/cpu: Merge bugs.c and bugs_64.c
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE
    - x86: Fix 32-bit *_cpu_data initializers
    - x86, cpu: Expand cpufeature facility to include cpu bugs
    - x86, cpu: Convert F00F bug detection
    - x86, cpu: Convert FDIV bug detection
    - x86, cpu: Convert Cyrix coma bug detection
    - x86, cpu: Convert AMD Erratum 383
    - x86, cpu: Convert AMD Erratum 400
    - x86/cpu/intel: Introduce macros for Intel family numbers
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - SAUCE: x86/cpu: Introduce x86_match_cpu()
    - SAUCE: sysfs/cpu: Add vulnerability folder
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86: fix boot on uniprocessor systems
    - ACPI / processor: Introduce apic_id in struct processor to save parsed APIC
      id
    - ACPI processor: Remove unneeded variable passed by
      acpi_processor_hotadd_init V2
    - ACPI / processor: use apic_id and remove duplicated _MAT evaluation
    - x86 / ACPI: simplify _acpi_map_lsapic()
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Handle CPUID bogosity gracefully
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - SAUCE: Introduce lock/unlock device hotplug functions
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - SAUCE: Work-around for gcc 4.6.3 segmentation fault
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - arch: Introduce post-init read-only memory
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert

linux (3.2.0-136.182) precise; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

linux (3.2.0-135.181) precise; urgency=medium

  * linux: 3.2.0-135.181 -proposed tracker (LP: #1788762)

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

linux (3.2.0-134.180) precise; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

linux (3.2.0-133.179) precise; urgency=medium

  * linux: 3.2.0-133.179 -proposed tracker (LP: #1745959)

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86, alternative: Add header guards to <asm/alternative-asm.h>
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - x86, microcode: Share native MSR accessing variants
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - Fix race in process_vm_rw_core
    - ptrace: mark __ptrace_may_access() static
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - x86 / msr: add 64bit _on_cpu access functions
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - bitops: Introduce BIT_ULL
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - x86/bitops: Move BIT_64() for a wider use
    - x86, pvops: Remove hooks for {rd,wr}msr_safe_regs
    - x86, cpu: Fix show_msr MSR accessing function
    - x86, cpu, amd: Fix crash as Xen Dom0 on AMD Trinity systems
    - x86, cpu, amd: Deprecate AMD-specific MSR variants
    - x86, cpu: Rename checking_wrmsrl() to wrmsrl_safe()
    - x86: Add another set of MSR accessor functions
    - x86/asm/msr: Make wrmsrl_safe() a function
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: arm: no gmb() implementation yet
    - SAUCE: powerpc: no gmb() implementation yet

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.2.0-132.178) precise; urgency=low

  * linux: 3.2.0-132.178 -proposed tracker (LP: #1741612)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - x86/mm: Disable preemption during CR3 read+write
    - x86, cpufeature: Add CPU features from Intel document 319433-012A
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION
    - x86/pti: Do not enable PTI on AMD processors

linux (3.2.0-131.177) precise; urgency=low

  * linux: 3.2.0-131.177 -proposed tracker (LP: #1716644)

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (3.2.0-130.176) precise; urgency=low

  * linux: 3.2.0-130.176 -proposed tracker (LP: #1704996)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

linux (3.2.0-129.174) precise; urgency=low

  * linux: 3.2.0-129.174 -proposed tracker (LP: #1700563)

  * CVE-2017-1000364
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: larger stack guard gap, between vmas
    - Allow stack to grow up to address space limit

linux (3.2.0-128.173) precise; urgency=low

  * CVE-2016-4997
    - netfilter: x_tables: add and use xt_check_entry_offsets
    - netfilter: x_tables: kill check_entry helper
    - netfilter: x_tables: add compat version of xt_check_entry_offsets
    - netfilter: x_tables: check for bogus target offset

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

Date: 2021-04-05 22:22:09.691838+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux/3.2.0-150.197
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:28 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:28 -0000
Subject: [ubuntu/precise-updates] net-snmp 5.4.3~dfsg-2.4ubuntu1.6 (Accepted)
Message-ID: <162005084836.5996.12974434419606966104.launchpad@ackee.canonical.com>

net-snmp (5.4.3~dfsg-2.4ubuntu1.6) precise-security; urgency=medium

  * Rebuilding no changes to fixing unmet dependency with perl.

net-snmp (5.4.3~dfsg-2.4ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Elevation of privileges - symlink handling
    - debian/patches/CVE-2020-15861.patch: stop reading and writing
      the mib_indexes files in include/net-snmp/library/mib.h,
      include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
    - CVE-2020-15861

net-snmp (5.4.3~dfsg-2.4ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via NULL pointer exception
    - debian/patches/CVE-2018-18065.patch: fix logic in
      agent/helpers/table.c.
    - CVE-2018-18065

Date: 2020-10-13 17:47:00.417438+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:27 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:27 -0000
Subject: [ubuntu/precise-updates] mysql-5.5 5.5.62-0ubuntu0.12.04.1 (Accepted)
Message-ID: <162005084711.6007.15050131275200222930.launchpad@ackee.canonical.com>

mysql-5.5 (5.5.62-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.61 to fix security issues
    - CVE-2018-3133, CVE-2018-3174, CVE-2018-3282

mysql-5.5 (5.5.61-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.61 to fix security issues
    - CVE-2018-2767, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066,
      CVE-2018-3070, CVE-2018-3081

mysql-5.5 (5.5.60-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.60 to fix security issues
    - CVE-2018-2755, CVE-2018-2761, CVE-2018-2771, CVE-2018-2773,
      CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2818,
      CVE-2018-2819
  * debian/*.files: remove man pages no longer shipped in new version.

mysql-5.5 (5.5.59-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.59 to fix security issues
    - CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665,
      CVE-2018-2668

mysql-5.5 (5.5.58-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.58 to fix security issues
    - CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384

mysql-5.5 (5.5.57-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.57 to fix security issues
    - CVE-2017-3635
    - CVE-2017-3636
    - CVE-2017-3641
    - CVE-2017-3648
    - CVE-2017-3651
    - CVE-2017-3652
    - CVE-2017-3653
    - CVE-2017-3302
    - CVE-2017-3305
    - CVE-2017-3308
    - CVE-2017-3309
    - CVE-2017-3329
    - CVE-2017-3453
    - CVE-2017-3456
    - CVE-2017-3461
    - CVE-2017-3462
    - CVE-2017-3463
    - CVE-2017-3464
    - CVE-2017-3600
  * debian/patches/fix_test_events_2.path: removed, upstream

Date: 2018-10-26 13:29:13.352284+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.62-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:29 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:29 -0000
Subject: [ubuntu/precise-updates] nspr 4.13.1-0ubuntu0.12.04.1 (Accepted)
Message-ID: <162005084948.20020.1284974961068334376.launchpad@ackee.canonical.com>

nspr (4.13.1-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 4.13.1 to support nss security update.

Date: 2017-07-26 19:47:18.314090+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nspr/4.13.1-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:29 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:29 -0000
Subject: [ubuntu/precise-updates] nss 2:3.28.4-0ubuntu0.12.04.11 (Accepted)
Message-ID: <162005084937.6007.5122129698682690252.launchpad@ackee.canonical.com>

nss (2:3.28.4-0ubuntu0.12.04.11) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12403-2.patch: fix incorrect call to ChaChaPoly1305 by PKCS11
      in nss/lib/freebl/chacha20poly1305.c.
    - CVE-2020-12403

nss (2:3.28.4-0ubuntu0.12.04.10) precise-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

nss (2:3.28.4-0ubuntu0.12.04.9) precise-security; urgency=medium

  * SECURITY UPDATE: Side channel vulnerability
    - debian/patches/CVE-2020-12402.patch: reduce
      side-channel leaks in nss/lib/freebl/mpi/mpi.c,
      nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
    - CVE-2020-12402

nss (2:3.28.4-0ubuntu0.12.04.8) precise-security; urgency=medium

   [ Marc Deslauriers ]
   * SECURITY UPDATE: Timing attack during DSA key generation
    - debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
      exponentiation in nss/lib/freebl/dsa.c.
    - CVE-2020-12399

nss (2:3.28.4-0ubuntu0.12.04.7) precise-security; urgency=medium

  * SECURITY UPDATE: Possible wrong length for cryptographic primitives input
    - debian/patches/CVE-2019-17006.patch: adds checks for length of crypto
      primitives in nss/lib/freebl/chacha20poly1305.c,
      nss/lib/freebl/ctr.c, nss/lib/freebl/gcm.c,
      nss/lib/freebl/intel-gcm-wrap.c,
      nss/lib/freebl/rsapkcs.c.
    - CVE-2019-17006

nss (2:3.28.4-0ubuntu0.12.04.6) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-17007.patch: check got some certs in
      collect_certs r=jcj in nss/lib/pkcs7/certread.c.
    - CVE-2019-17007

nss (2:3.28.4-0ubuntu0.12.04.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: out-of-bounds write in NSC_EncryptUpdate
    - debian/patches/CVE-2019-11745.patch: use maxout not block size in
      nss/lib/softoken/pkcs11c.c.
    - CVE-2019-11745
  * Note: this does _not_ contain the changes from 2:3.35-2ubuntu2.4 in
    disco-proposed.

nss (2:3.28.4-0ubuntu0.12.04.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: OOB read when importing a curve25519 private key
    - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip
      leading 0's from key material during PKCS11 import in
      nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c,
      nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c,
      nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c.
    - CVE-2019-11719
  * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys
    - debian/patches/CVE-2019-11729-1.patch: more thorough input checking
      in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c,
      nss/lib/freebl/ec.c, nss/lib/util/quickder.c.
    - CVE-2019-11729

nss (2:3.28.4-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

nss (2:3.28.4-0ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805
  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

nss (2:3.28.4-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get new CA
    certificate bundle.
  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502
  * debian/patches/99_jarfile_ftbfs.patch: removed, upstream.
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

Date: 2020-08-24 19:49:12.266574+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.12.04.11
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:30 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:30 -0000
Subject: [ubuntu/precise-updates] ntp 1:4.2.6.p3+dfsg-1ubuntu3.13 (Accepted)
Message-ID: <162005085014.5996.2306466343259694700.launchpad@ackee.canonical.com>

ntp (1:4.2.6.p3+dfsg-1ubuntu3.13) precise-security; urgency=medium

  * SECURITY UPDATE: crash or possible code execution via a long string as
    the ipv4 host argument
    - debian/patches/CVE-2018-12327.patch prevent overflow of host
      in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c.
    - CVE-2018-12327

ntp (1:4.2.6.p3+dfsg-1ubuntu3.12) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

Date: 2020-01-06 15:01:15.071496+00:00
Changed-By: Mark Morlino <mark.morlino at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.13
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:32 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:32 -0000
Subject: [ubuntu/precise-updates] openssl 1.0.1-4ubuntu5.45 (Accepted)
Message-ID: <162005085247.20020.8754851712785098889.launchpad@ackee.canonical.com>

openssl (1.0.1-4ubuntu5.45) precise-security; urgency=medium

  * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
    - debian/patches/DirectoryString-is-a-CHOICE-type-and-therefore-uses-expli.patch:
      use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c.
    - debian/patches/Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch:
      correctly compare EdiPartyName in crypto/x509v3/v3_genn.c.
    - debian/patches/Check-that-multi-strings-CHOICE-types-don-t-use-implicit-.patch:
      check that multi-strings/CHOICE types don't use implicit tagging in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
    - debian/patches/Complain-if-we-are-attempting-to-encode-with-an-invalid-A.patch:
      complain if we are attempting to encode with an invalid ASN.1 template in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
    - CVE-2020-1971 
  * SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash()
    - debian/patches/CVE-2021-23841.patch: fix Null pointer deref in
      crypto/x509/x509_cmp.c.
    - CVE-2021-23841

openssl (1.0.1-4ubuntu5.44) precise-security; urgency=medium

  * SECURITY UPDATE: ECDSA remote timing attack
    - debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
      zero cofactor, compute it in crypto/ec/ec.h, crypto/ec/ec_err.c,
      crypto/ec/ec_lib.c.
    - CVE-2019-1547
  * SECURITY UPDATE: 0-byte record padding oracle
    - debian/patches/CVE-2019-1559*.patch: go into the error state if a
      fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.ci,
      ssl/ssl.h.
    - CVE-2019-1559
  * SECURITY UPDATE: Padding Oracle issue
    - debian/patches/CVE-2019-1563.patch: fix a padding oracle in
      PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
      crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
      crypto/pkcs7/pk7_doit.c.
    - CVE-2019-1563

openssl (1.0.1-4ubuntu5.43) precise-security; urgency=medium

  * SECURITY UPDATE: Key Extraction side channel
    - debian/patches/CVE-2018-0495.patch: fix in
      crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-0732.patch: fix in
      crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737-*.patch: additional patches
    - CVE-2017-0737

openssl (1.0.1-4ubuntu5.41) precise-security; urgency=medium

  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse
      and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set
      in crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

openssl (1.0.1-4ubuntu5.40) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
    - debian/patches/CVE-2018-0739.patch: limit stack depth in
      crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
    - CVE-2018-0739
  * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read
    - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in
      crypto/x509v3/v3_addr.c.
    - CVE-2017-3735

Date: 2021-02-23 01:58:08.883307+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.45
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:31 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:31 -0000
Subject: [ubuntu/precise-updates] openldap 2.4.28-1.1ubuntu4.12 (Accepted)
Message-ID: <162005085147.6007.817586380348651642.launchpad@ackee.canonical.com>

openldap (2.4.28-1.1ubuntu4.12) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: assertion failure in Certificate List syntax
    validation
    - debian/patches/CVE-2020-25709.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25709
  * SECURITY UPDATE: assertion failure in CSN normalization with invalid
    input
    - debian/patches/CVE-2020-25710.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25710

openldap (2.4.28-1.1ubuntu4.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via NULL pointer dereference
    - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
      equality rule in servers/slapd/modrdn.c.
    - CVE-2020-25692

openldap (2.4.28-1.1ubuntu4.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via nested search filters
    - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
      servers/slapd/filter.c.
    - CVE-2020-12243

openldap (2.4.28-1.1ubuntu4.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

openldap (2.4.28-1.1ubuntu4.8) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via search with page size of 0
    - debian/patches/CVE-2017-9287.patch: fix double-free in
      servers/slapd/back-mdb/search.c.
    - CVE-2017-9287

Date: 2020-11-20 18:53:13.844325+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openldap/2.4.28-1.1ubuntu4.12
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:34 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:34 -0000
Subject: [ubuntu/precise-updates] paramiko 1.7.7.1-2ubuntu1.2 (Accepted)
Message-ID: <162005085403.5996.1934155981946911575.launchpad@ackee.canonical.com>

paramiko (1.7.7.1-2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: server-side authentication vulnerability
    - debian/patches/CVE-2018-1000805-pre.patch: fix MSG_UNIMPLEMENTED in
      paramiko/transport.py, added tests to tests/test_transport.py.
    - debian/patches/CVE-2018-1000805.patch: split messages dict in
      paramiko/auth_handler.py, added tests to tests/test_transport.py.
    - debian/control: added python-mock to Build-Depends.
    - CVE-2018-1000805

paramiko (1.7.7.1-2ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: customized clients can skip auth
    - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not
      authenticated and message type is a service request
    - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch,
      0003-Initial-tests-proving-CVE-2018-7750-1175.patch:
      add testcases plus prereq
    - CVE-2018-7750

Date: 2018-10-17 17:30:13.230793+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/paramiko/1.7.7.1-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:32 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:32 -0000
Subject: [ubuntu/precise-updates] linux-lts-trusty 3.13.0-185.236~12.04.1
 (Accepted)
Message-ID: <162005085259.6008.11862008317996825975.launchpad@ackee.canonical.com>

linux-lts-trusty (3.13.0-185.236~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-185.236~12.04.1 -proposed tracker
    (LP: #1919170)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-185.236 ]

  * trusty/linux: 3.13.0-185.236 -proposed tracker (LP: #1919171)
  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities
  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate

  [ Ubuntu: 3.13.0-184.235 ]

  * trusty/linux: 3.13.0-184.235 -proposed tracker (LP: #1914232)
  * CVE-2020-28374
    - SAUCE: target: cleanup some boolean tests
    - target: simplify XCOPY wwn->se_dev lookup helper
    - xcopy: loop over devices using idr helper
    - scsi: target: Fix XCOPY NAA identifier lookup
  * Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX

linux-lts-trusty (3.13.0-183.234~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-183.234 ]

  * CVE-2020-8694
    - powercap: make attributes only readable by root

linux-lts-trusty (3.13.0-182.233~12.04.1) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-182.233 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux-lts-trusty (3.13.0-181.232~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-181.232~12.04.1 -proposed tracker
    (LP: #1882771)

  [ Ubuntu: 3.13.0-181.232 ]

  * trusty/linux: 3.13.0-181.232 -proposed tracker (LP: #1882772)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

linux-lts-trusty (3.13.0-180.231~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-180.231 ]

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-lts-trusty (3.13.0-177.228~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-177.228~12.04.1 -proposed tracker
    (LP: #1878874)

  [ Ubuntu: 3.13.0-177.228 ]

  * trusty/linux: 3.13.0-177.228 -proposed tracker (LP: #1878875)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * CVE-2020-12114
    - fs/namespace.c: fix mountpoint reference counter race
    - propagate_one(): mnt_set_mountpoint() needs mount_lock
  * CVE-2020-12654
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

linux-lts-trusty (3.13.0-176.227~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-176.227~12.04.1 -proposed tracker
    (LP: #1858624)

  [ Ubuntu: 3.13.0-176.227 ]

  * trusty/linux: 3.13.0-176.227 -proposed tracker (LP: #1858625)
  * multi-zone raid0 corruption (LP: #1850540)
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - md: add feature flag MD_FEATURE_RAID0_LAYOUT
    - SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout
      migration
    - SAUCE: md/raid0: Use kernel specific layout

linux-lts-trusty (3.13.0-175.226~12.04.1) precise; urgency=medium

  [ Ubuntu: 3.13.0-175.226 ]

  * CVE-2019-11135
    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2018-3646
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
  * Kernel Oops - unable to handle kernel paging request; RIP is at
    wait_migrate_huge_page+0x51/0x70 (LP: #1813018)
    - mm: numa: do not dereference pmd outside of the lock during NUMA hinting
      fault
  * The 3.13 kernel for Precise ESM does not provide the expected version number
    (LP: #1838610)
    - [debian] Fix regression with ABI subversions and backport
    - [Packaging] uploadnum should be the remainder of the version

linux-lts-trusty (3.13.0-174.225~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-174.225~12.04.1 -proposed tracker
    (LP: #1846248)

  [ Ubuntu: 3.13.0-174.225 ]

  * trusty/linux: 3.13.0-174.225 -proposed tracker (LP: #1846250)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * fanotify06 in LTP syscall test failed with T kernel  (LP: #1775378)
    - fanotify: fix notification of groups with inode & mount marks
  * ixgbe{vf} - Physical Function gets IRQ when VF checks link state
    (LP: #1836760)
    - ixgbevf: Use cached link state instead of re-reading the value for ethtool

linux-lts-trusty (3.13.0-173.224~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-173.224 ]

  * CVE-2019-14835
    - vhost: make sure log_num < in_num

linux-lts-trusty (3.13.0-172.223~12.04.1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-172.223~12.04.1 -proposed tracker (LP: #1835189)

  [ Ubuntu: 3.13.0-172.223 ]

  * linux: 3.13.0-172.223 -proposed tracker (LP: #1835190)
  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    CPU buffers are not cleared on all paths from kernel to userspace (LP:
    #1833047)
    - x86/asm: Error out if asm/jump_label.h is included inappropriately
    - SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
    - SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce sched_smt_{active,present}
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    Incorrect warning when booting with 'nosmt' (LP: #1830018)
    - SAUCE: [Fix] x86/speculation/mds: Add SMT warning message
  * CVE-2017-5715 // CVE-2018-3639
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - x86/speculataion: Mark command line parser data __initdata
    - x86/cpu/bugs: Use __initconst for 'const' init data
  * CVE-2017-5715 // CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - x86/speculation: Mark string arrays const correctly
  * CVE-2018-3639
    - x86/speculation: Rename SSBD update functions
  * CVE-2017-5715
    - x86/speculation: Clean up various Spectre related details
    - SAUCE: x86/cpufeatures: Reorder feature bits
    - SAUCE: x86/speculation, objtool: Remove unused macro
      ANNOTATE_NOSPEC_ALTERNATIVE
    - SAUCE: Move vmexit_fill_RSB()
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - SAUCE: Rename restricted_branch_speculation_{start,end}
    - SAUCE: Allow STIBP in MSR_SPEC_CTRL if supported
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
  * CVE-2017-5754
    - SAUCE: Show 'pti' in /proc/cpuinfo
  * Guests using IBRS incur a large performance penalty (LP: #1764956) //
    CVE-2017-5715
    - SAUCE: Restore the IBRS host state on VMEXIT
  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation
  * CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux-lts-trusty (3.13.0-171.222~12.04.1) precise; urgency=medium

  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format

  [ Ubuntu: 3.13.0-171.222 ]

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

linux-lts-trusty (3.13.0-170.220~12.04.2) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-170.220 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - KVM: x86: pass host_initiated to functions that read MSRs
    - KVM: x86: remove data variable from kvm_get_msr_common
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: KVM/VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - perf/x86/intel: Use Intel family macros for core perf events
    - SAUCE: perf/x86/uncore: Use Intel Model name macros
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/static_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: jump_label: Introduce static_branch_{inc,dec}
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715
    - SAUCE: Fix 'check_fpu defined but not used' compiler warning on x86_64
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling (v2)
    - SAUCE: KVM/x86: Expose IBRS to guests
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
  * CVE-2017-5715 // CVE-2018-3639
    - SAUCE: KVM/x86: Use host_initiated when accessing MSRs

  [ Ubuntu: 3.13.0-169.219 ]

  * linux: 3.13.0-169.219 -proposed tracker (LP: #1822883)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

linux-lts-trusty (3.13.0-168.218~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-168.218~precise1 -proposed tracker (LP: #1819662)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  * Strip specific changes from update-from-*master (LP: #1817734)
    - Packaging: Introduce copy-files and local-mangle
    - Packaging: Make update-from-*master call copy-files

  [ Ubuntu: 3.13.0-168.218 ]

  * linux: 3.13.0-168.218 -proposed tracker (LP: #1819663)
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * CVE-2017-1000410
    - Bluetooth: Prevent stack info leak from the EFS element.
  * ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
    (LP: #1815501)
    - ixgbe: check for vfs outside of sriov_num_vfs before dereference
  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
  * CVE-2017-18360
    - USB: serial: io_ti: fix div-by-zero in set_termios

  [ Ubuntu: 3.13.0-167.217 ]

  * linux: 3.13.0-167.217 -proposed tracker (LP: #1819917)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * linux-cloud-tools-common 3.13.0-166.216 in Trusty is missing contents of
    /usr/sbin (LP: #1819869)
    - Revert "UBUNTU: [Packaging] skip cloud tools packaging when not building
      package"

linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-166.216~precise1 -proposed tracker (LP: #1814646)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Config] resync flavour-control.stub
    - [Config] hooks.mk -- add basic LTS hook configuration

  * signing: only install a signed kernel (LP: #1764794)
    - [debian] fix check for the reconstruct file

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 3.13.0-166.216 ]

  * linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)
  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
    - [Packaging] getabis -- handle all known package combinations
    - [Packaging] getabis -- support parsing a simple version
    - [Packaging] autoreconstruct -- base tag is always primary mainline version
  * signing: only install a signed kernel (LP: #1764794)
    - [Debian] usbip tools packaging
    - [Debian] Don't fail if a symlink already exists
    - [Debian] perf -- build in the context of the full generated local headers
    - [Debian] basic hook support
    - [Debian] follow rename of DEB_BUILD_PROFILES
    - [Debian] standardise on stage1 for the bootstrap stage in line with debian
    - [Debian] set do_*_tools after stage1 or bootstrap is determined
    - [Debian] initscripts need installing when making the package
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Debian] add feature interlock with mainline builds
    - [Debian] Remove generated intermediate files on clean
    - [Packaging] prevent linux-*-tools-common from being produced from non linux
      packages
    - SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean:
    - [Debian] Update to new signing key type and location
    - [Packaging] autoreconstruct -- generate extend-diff-ignore for links
    - [Packaging] reconstruct -- update when inserting final changes
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Packaging] printenv -- add signing options
    - [Packaging] fix invocation of header postinst hooks
    - [Packaging] signing -- add support for signing Opal kernel binaries
    - [Debian] Use src_pkg_name when constructing udeb control files
    - [Debian] Dynamically determine linux udebs package name
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-source-* is in the primary linux namespace
    - [Packaging] lookup the upstream tag
    - [Packaging] switch up to debhelper 9
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
    - [debian] support for ship_extras_package=false
    - [Debian] do_common_tools should always be on
    - [debian] do not force do_tools_common
    - [Packaging] skip cloud tools packaging when not building package
    - [debian] prep linux-libc-dev only if do_libc_dev_package=true
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation
  * iptables connlimit allows more connections than the limit when using
    multiple CPUs (LP: #1811094)
    - netfilter: connlimit: improve packet-to-closed-connection logic
    - netfilter: nf_conncount: fix garbage collection confirm race
    - netfilter: nf_conncount: don't skip eviction when age is negative
  * CVE-2019-6133
    - fork: record start_time late
  * test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
    (LP: #1813001)
    - procfs: make /proc/*/{stack, syscall, personality} 0400

linux-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-165.215~precise1 -proposed tracker (LP: #1811857)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 3.13.0-165.215 ]

  * linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)
  * CVE-2018-17972
    - proc: restrict kernel stack dumps to root
  * CVE-2018-18281
    - mremap: properly flush TLB before releasing the page
  * 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
    (LP: #1809868)
    - Btrfs: send, don't send rmdir for same target multiple times
  * CVE-2018-9568
    - net: Set sk_prot_creator when cloning sockets to the right proto
  * CVE-2018-1066
    - cifs: empty TargetInfo leads to crash on recovery

linux-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-164.214~precise1 -proposed tracker (LP: #1806429)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-164.214 ]

  * linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)
  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling
  * CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler
  * CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically
  * CVE-2018-18386
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
  * CVE-2017-5753
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.
  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE
  * CVE-2018-14734
    - infiniband: fix a possible use-after-free bug
  * CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
    - keys: Guard against null match function in keyring_search_aux()

linux-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-163.213~precise1 -proposed tracker (LP: #1802772)

  * linux: 3.13.0-163.213 -proposed tracker (LP: #1802769)

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
    (LP: #1797546)
    - drm: fix NULL pointer access by wrong ioctl

  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

linux (3.13.0-162.212) trusty; urgency=medium

  * linux: 3.13.0-162.212 -proposed tracker (LP: #1799399)

  * packet socket panic in Trusty 3.13.0-157 and later (LP: #1800254)
    - SAUCE: (no-up) net/packet: fix erroneous dev_add_pack usage in fanout

  * Cleanup Meltdown/Spectre implementation (LP: #1779848)
    - x86/Documentation: Add PTI description
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
    - x86/pti: Document fix wrong index
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/spectre: Fix an error message
    - SAUCE: x86/cpufeatures: Reorder spectre-related feature bits
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - SAUCE: x86/msr: Fix formatting of msr-index.h
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Mark constant arrays as __initconst
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value
    - SAUCE: Move SSBD feature detection to common code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - xen: Add xen_arch_suspend()
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    - SAUCE: x86/speculation: Cleanup IBRS runtime control handling

  * CVE-2016-9588
    - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)

  * CVE-2017-16649
    - net: cdc_ether: fix divide by 0 on bad descriptors

  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse

  * xattr length returned by vfs_getxattr() is not correct in Trusty kernel
    (LP: #1798013)
    - getxattr: use correct xattr length

  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

linux (3.13.0-161.211) trusty; urgency=medium

  * linux: 3.13.0-161.211 -proposed tracker (LP: #1795595)

  * CVE-2017-0794
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - scsi: sg: recheck MMAP_IO request length with lock held

  * CVE-2017-15299
    - KEYS: don't let add_key() update an uninstantiated key

  * CVE-2015-8539
    - KEYS: Fix handling of stored error in a negatively instantiated user key

  * CVE-2018-7566
    - ALSA: seq: Fix racy pool initializations
    - ALSA: seq: More protection for concurrent write and ioctl races

  * CVE-2018-1000004. // CVE-2018-7566
    - ALSA: seq: Don't allow resizing pool in use

  * CVE-2018-1000004
    - ALSA: seq: Make ioctls race-free

  * CVE-2017-18216
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent

  * CVE-2016-7913
    - tuner-xc2028: Don't try to sleep twice
    - xc2028: avoid use after free
    - xc2028: unlock on error in xc2028_set_config()
    - xc2028: Fix use-after-free bug properly

  * The VM hang happens because of pending interrupts not reinjected when
    migrating the VM several times (LP: #1791286)
    - KVM: ioapic: merge ioapic_deliver into ioapic_service
    - KVM: ioapic: clear IRR for edge-triggered interrupts at delivery
    - KVM: ioapic: extract body of kvm_ioapic_set_irq
    - KVM: ioapic: reinject pending interrupts on KVM_SET_IRQCHIP

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * CVE-2018-9518
    - NFC: llcp: Limit size of SDP URI

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

linux (3.13.0-160.210) trusty; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

linux (3.13.0-159.209) trusty; urgency=medium

  * linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * i40e NIC not recognized (LP: #1789215)
    - SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
    - SAUCE: i40e_bpo: Add a compatibility layer
    - SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
    - SAUCE: i40e_bpo: Rename the driver to i40e_bpo
    - SAUCE: i40e_bpo: Hook the driver into the kernel tree
    - [Config] Add CONFIG_I40E_BPO=m

  * Probable regression with EXT3 file systems and CVE-2018-1093 patches
    (LP: #1789131)
    - ext4: fix bitmap position validation

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
    - Revert "UBUNTU: [Config] disable NUMA_BALANCING"

  * CVE-2018-15572
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt

  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket

  * BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
    - drm/ast: Fixed system hanged if disable P2A

  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

linux (3.13.0-158.208) trusty; urgency=medium

  * linux: 3.13.0-158.208 -proposed tracker (LP: #1788764)

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE

  * BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
    (LP: #1780470)
    - VSOCK: sock_put wasn't safe to call in interrupt context
    - VSOCK: Fix lockdep issue.
    - VSOCK: Detach QP check should filter out non matching QPs.

  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

linux (3.13.0-157.207) trusty; urgency=medium

  * linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"

  * CVE-2017-2583
    - KVM: x86: fix emulation of "MOV SS, null selector"

  * CVE-2017-7518
    - KVM: x86: fix singlestepping over syscall

  * CVE-2017-18270
    - KEYS: prevent creating a different user's keyrings

  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h

  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

  * CVE-2016-10208
    - ext4: validate s_first_meta_bg at mount time
    - ext4: fix fencepost in s_first_meta_bg validation

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * CVE-2017-16911
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address

  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

  * CVE-2018-10877
    - ext4: verify the depth of extent tree in ext4_find_extent()

  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * CVE-2018-1093
    - ext4: fix block bitmap validation when bigalloc, ^flex_bg
    - ext4: add validity checks for bitmap block numbers

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * CVE-2017-16912
    - usbip: fix stub_rx: get_pipe() to validate endpoint number

  * CVE-2018-10675
    - mm/mempolicy: fix use after free when calling get_mempolicy

  * CVE-2017-8831
    - saa7164: fix sparse warnings
    - saa7164: fix double fetch PCIe access condition

  * CVE-2017-16533
    - HID: usbhid: fix out-of-bounds bug

  * CVE-2017-16538
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start

  * CVE-2017-16644
    - hdpvr: Remove deprecated create_singlethread_workqueue
    - media: hdpvr: Fix an error handling path in hdpvr_probe()

  * CVE-2017-16645
    - Input: ims-psu - check if CDC union descriptor is sane

  * CVE-2017-5549
    - USB: serial: kl5kusb105: fix line-state error handling

  * CVE-2017-16532
    - usb: usbtest: fix NULL pointer dereference

  * CVE-2017-16537
    - media: imon: Fix null-ptr-deref in imon_probe

  * CVE-2017-11472
    - ACPICA: Add additional debug info/statements
    - ACPICA: Namespace: fix operand cache leak

  * CVE-2017-16643
    - Input: gtco - fix potential out-of-bound access

  * CVE-2017-16531
    - USB: fix out-of-bounds in usb_set_configuration

  * CVE-2018-10124
    - kernel/signal.c: avoid undefined behaviour in kill_something_info

  * CVE-2017-6348
    - irda: Fix lockdep annotations in hashbin_delete().

  * CVE-2017-17558
    - USB: core: prevent malicious bNumInterfaces overflow

  * CVE-2017-5897
    - ip6_gre: fix ip6gre_err() invalid reads

  * CVE-2017-6345
    - SAUCE: import sock_efree()
    - net/llc: avoid BUG_ON() in skb_orphan()

  * CVE-2017-7645
    - nfsd: check for oversized NFSv2/v3 arguments

  * CVE-2017-9984
    - ALSA: msnd: Optimize / harden DSP and MIDI loops

  * CVE-2018-1000204
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

  * CVE-2018-10021
    - scsi: libsas: defer ata device eh commands to libata

  * CVE-2017-16914
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer

  * CVE-2017-16913
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

  * CVE-2017-16535
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()

  * CVE-2017-16536
    - cx231xx-cards: fix NULL-deref on missing association descriptor

  * CVE-2017-16650
    - net: qmi_wwan: fix divide by 0 on bad descriptors

  * CVE-2017-18255
    - perf/core: Fix the perf_cpu_time_max_percent check

  * CVE-2018-10940
    - cdrom: information leak in cdrom_ioctl_media_changed()

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

  * CVE-2017-16529
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

  * CVE-2017-2671
    - ping: implement proper locking

  * CVE-2017-15649
    - packet: hold bind lock when rebinding to fanout hook
    - packet: in packet_do_bind, test fanout with bind_lock held

  * CVE-2017-16527
    - ALSA: usb-audio: Kill stray URB at exiting

  * CVE-2017-16526
    - uwb: properly check kthread_run return value

  * CVE-2017-11473
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables

  * CVE-2017-14991
    - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

  * CVE-2017-2584
    - KVM: x86: Introduce segmented_write_std

  * CVE-2018-10087
    - kernel/exit.c: avoid undefined behaviour when calling wait4()

  * fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

linux (3.13.0-156.206) trusty; urgency=medium

  * linux: 3.13.0-156.206 -proposed tracker (LP: #1787187)

  * java Corrupted page table (LP: #1787127)
    - [Config] disable NUMA_BALANCING

  * java Corrupted page table (LP: #1787127) // CVE-2018-3620 // CVE-2018-3646
    - x86/mm: Simplify p[g4um]d_page() macros

  * 3.13.0-155.205 Kernel Panic - divide by zero (LP: #1787258)
    - x86/topology: Handle CPUID bogosity gracefully

linux (3.13.0-155.205) trusty; urgency=medium

  * CVE-2017-18344
    - posix-timer: Properly check sigevent->sigev_notify

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - SAUCE: Add pfn_pud() and pud_mkhuge()
    - x86/mm/pat: Make set_memory_np() L1TF safe

linux (3.13.0-153.203) trusty; urgency=medium

  * linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)

  * CVE-2018-3665 (x86)
    - x86/fpu: Print out whether we are doing lazy/eager FPU context switches
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix math emulation in eager fpu mode

linux (3.13.0-152.202) trusty; urgency=medium

  * linux: 3.13.0-152.202 -proposed tracker (LP: #1776350)

  * CVE-2017-15265
    - ALSA: seq: Fix use-after-free at creating a port

  * register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

  * CVE-2018-1130
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped

  * add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference)
    with T kernel (LP: #1775316) // CVE-2017-12193
    - assoc_array: Fix a buggy node-splitting case

  * CVE-2017-12154
    - kvm: nVMX: Don't allow L2 to access the hardware CR8

  * CVE-2018-7757
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()

  * CVE-2018-6927
    - futex: Prevent overflow by strengthen input validation

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

  * CVE-2018-5803
    - sctp: verify size of a new chunk in _sctp_make_chunk()

  * WARNING: CPU: 28 PID: 34085 at /build/linux-
    90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90()
    (LP: #1771480)
    - net/core: generic support for disabling netdev features down stack
    - SAUCE: Backport helper function netdev_upper_get_next_dev_rcu

  * CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

  * CVE-2018-5750
    - ACPI: sbshc: remove raw pointer from printk() message

linux (3.13.0-151.201) trusty; urgency=medium

  * linux: 3.13.0-151.201 -proposed tracker (LP: #1774190)

  * CVE-2018-3639 (x86)
    - SAUCE: Set generic SSBD feature for Intel cpus
    - KVM: vmx: fix MPX detection
    - KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
    - x86/cpu: Add CLZERO detection

  * Trusty cannot load microcode for family 17h AMD processors (LP: #1774082)
    - x86/microcode/AMD: Add support for fam17h microcode loading

linux (3.13.0-150.200) trusty; urgency=medium

  * linux: 3.13.0-150.200 -proposed tracker (LP: #1772970)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - SAUCE: x86/cpu: Rename x86_amd_ssbd_enable
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: x86: introduce num_emulated_msrs
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * CVE-2018-7492
    - rds: Fix NULL pointer dereference in __rds_rdma_map

  * CVE-2017-0627
    - media: uvcvideo: Prevent heap overflow when accessing mapped controls

  * CVE-2018-8781
    - drm: udl: Properly check framebuffer mmap offsets

  * CVE-2018-1068
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
    - arch: Introduce post-init read-only memory
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static

linux (3.13.0-148.197) trusty; urgency=medium

  * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)

  * CVE-2017-18208
    - mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
    - staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18221
    - mlock: fix mlock count can not decrease in race condition

  * CVE-2017-12134
    - xen: fix bio vec merging

  * CVE-2017-18203
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
    - netlink: Add netns check on taps

  * CVE-2017-13220
    - Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

  * CVE-2017-18204
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()

  * CVE-2017-13305
    - KEYS: encrypted: fix buffer overread in valid_master_desc()

  * CVE-2017-18079
    - Input: i8042 - fix crash at boot time

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

linux (3.13.0-147.196) trusty; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

linux (3.13.0-145.194) trusty; urgency=medium

  * linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] retpoline hints -- handle missing files when RETPOLINE not
      enabled
    - [Packaging] final-checks -- remove check for empty retpoline files

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386

  * Boot crash with Trusty 3.13 (LP: #1757193)
    - Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
    - x86/mm: Expand the exception table logic to allow new handling options

  * Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
    - x86/kvm: Rename VMX's segment access rights defines
    - x86/signal/64: Fix SS if needed when delivering a 64-bit signal

linux (3.13.0-144.193) trusty; urgency=medium

  * linux: 3.13.0-144.193 -proposed tracker (LP: #1755227)

  * CVE-2017-12762
    - isdn/i4l: fix buffer overflow

  * CVE-2017-17807
    - KEYS: add missing permission check for request_key() destination

  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: Add ndo_gso_check
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware

  * CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks

  * CVE-2017-11089
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE

  * CVE-2018-5332
    - RDS: Heap OOB write in rds_message_alloc_sgs()

  * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier

  * CVE-2017-17805
    - crypto: salsa20 - fix blkcipher_walk API usage

  * [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce
    buffers (LP: #1742480)
    - SAUCE: storvsc: do not assume SG list is continuous when doing bounce
      buffers

  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport

  * CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio

  * CVE-2017-5715 (Spectre v2 Intel)
    - [Packaging] pull in retpoline files

linux (3.13.0-143.192) trusty; urgency=medium

  * linux: 3.13.0-143.192 -proposed tracker (LP: #1751838)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/alternatives: Fix ALTERNATIVE_2 padding generation properly
    - x86/alternatives: Fix alt_max_short macro to really be a max()
    - x86/alternatives: Guard NOPs optimization
    - x86/alternatives: Switch AMD F15h and later to the P6 NOPs
    - x86/alternatives: Make optimize_nops() interrupt safe and synced
    - x86/alternatives: Fix optimize_nops() checking
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Packaging] retpoline files must be sorted
    - [Config] disable retpoline for the first upload
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES

  * retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files

  * CVE-2017-5715 (Spectre v2 Intel)
    - x86, microcode: Share native MSR accessing variants
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/entry: Fixup 32bit compat call locations
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: turn off IBRS when full retpoline is present

  * CVE-2017-5753 (Spectre v1 Intel)
    - x86: Add another set of MSR accessor functions
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: switch to lfence rather than mfence
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - fs: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - powerpc: add osb barrier
    - s390/spinlock: add osb memory barrier
    - arm64: no osb() implementation yet
    - arm: no osb() implementation yet

  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: x86/cpuid: Fix ordering of scattered feature list"
    - Revert "UBUNTU: SAUCE: KVM: Fix spec_ctrl CPUID support for guests"
    - Revert "UBUNTU: SAUCE: x86/entry: Fixup 32bit compat call locations"
    - Revert "UBUNTU: SAUCE: powerpc: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: arm: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: arm64: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
      MFENCE_RDTSC feature"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized"
    - Revert "UBUNTU: SAUCE: x86/svm: Add code to clobber the RSB on VM exit"
    - Revert "UBUNTU: SAUCE: KVM: x86: Add speculative control CPUID support for
      guests"
    - Revert "UBUNTU: SAUCE: x86/svm: Set IBPB when running a different VCPU"
    - Revert "UBUNTU: SAUCE: x86/svm: Set IBRS value on VM entry and exit"
    - Revert "UBUNTU: SAUCE: KVM: SVM: Do not intercept new speculative control
      MSRs"
    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
      support IBPB feature"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Add speculative control support for AMD"
    - Revert "UBUNTU: SAUCE: x86/entry: Use retpoline for syscall's indirect
      calls"
    - Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs
      and ibpb control"
    - Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable
      SPEC_CTRL feature"
    - Revert "UBUNTU: SAUCE: x86/kvm: Pad RSB on VM transition"
    - Revert "UBUNTU: SAUCE: x86/kvm: Toggle IBRS on VM entry and exit"
    - Revert "UBUNTU: SAUCE: x86/kvm: Set IBPB when switching VM"
    - Revert "UBUNTU: SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
      to kvm"
    - Revert "UBUNTU: SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP
      platform"
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - Revert "UBUNTU: SAUCE: x86/mm: Set IBPB upon context switch"
    - Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS when offlining cpu and re-
      enable on wakeup"
    - Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS entering idle and enable it on
      wakeup"
    - Revert "UBUNTU: SAUCE: x86/enter: Use IBRS on syscall and interrupts"
    - Revert "UBUNTU: SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB"
    - Revert "UBUNTU: SAUCE: x86/feature: Report presence of IBPB and IBRS
      control"
    - Revert "UBUNTU: SAUCE: x86/feature: Enable the x86 feature to control
      Speculation"
    - Revert "UBUNTU: SAUCE: udf: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: fs: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: userns: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: cw1200: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: qla2xxx: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: p54: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: carl9170: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: uvcvideo: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: locking/barriers: introduce new memory barrier gmb()"
    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
    - Revert "x86: Add another set of MSR accessor functions"
    - Revert "x86, microcode: Share native MSR accessing variants"

  * stress-ng enosys stressor triggers a kernel BUG (LP: #1750786)
    - SAUCE: x86, extable: fix uaccess fixup detection

linux (3.13.0-142.191) trusty; urgency=medium

  * linux: 3.13.0-142.191 -proposed tracker (LP: #1746900)

  * CVE-2017-17806
    - crypto: hmac - require that the underlying hash algorithm is unkeyed

  * CVE-2017-18017
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

  * CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks

  * CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release

  * CVE-2017-5715 (Spectre v2 embargoed) // CVE-2017-5753 (Spectre v1 embargoed)
    - x86/asm/msr: Make wrmsrl_safe() a function

  * CVE-2017-1000407
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts

  * CVE-2017-0861
    - ALSA: pcm: prevent UAF in snd_pcm_info

  * CVE-2017-14051
    - scsi: qla2xxx: Fix an integer overflow in sysfs code

  * CVE-2017-15868
    - Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with
      l2cap socket

  * CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op

  * powerpc: flush L1D on return to use (LP: #1742772) // CVE-2017-5754
    (Meltdown)
    - SAUCE: powerpc: Prevent Meltdown attack with L1-D$ flush
    - SAUCE: powerpc: Remove dead code in sycall entry
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: rfi-flush: Make the fallback robust against memory corruption
    - SAUCE: powerpc/kernel: Does not use sync
    - SAUCE: rfi-flush: Factor out init_fallback_flush()
    - SAUCE: rfi-flush: Make setup_rfi_flush() not __init
    - SAUCE: rfi-flush: Move the logic to avoid a redo into the sysfs code
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again
    - SAUCE: rfi-flush: Call setup_rfi_flush() after LPM migration
    - SAUCE: rfi-flush: Fix fallback on distros using bootmem
    - SAUCE: rfi-flush: fix package build error (unused variable limit)
    - SAUCE: rfi-flush: Fix kernel package build using bootmem
    - SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
    - SAUCE: rfi-flush: Fix rename of pseries_setup_rfi_flush()
    - SAUCE: rfi-flush: Mark DEBUG_RFI as BROKEN
    - SAUCE: rfi-flush: Switch to new linear fallback flush
    - SAUCE: powerpc/kernel: Remove unused variable
    - SAUCE: powerpc/kernel: Fix typo on variable
    - SAUCE: powerpc/kernel: Fix instructions usage
    - SAUCE: powerpc/kernel: Define PACA_L1D_FLUSH_SIZE
    - SAUCE: rfi-flush: Fix for kernel crash.

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * CVE-2017-12190
    - fix unbalanced page refcounting in bio_map_user_iov
    - more bio_map_user_iov() leak fixes

  * CVE-2017-15274
    - KEYS: fix dereferencing NULL payload with nonzero length

  * CVE-2017-14140
    - Sanitize 'move_pages()' permission checks

  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one

  * CVE-2017-14489
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse
      nlmsg properly

  * CVE-2017-12153
    - nl80211: check for the required netlink attributes presence

  * CVE-2017-16525
    - USB: serial: console: fix use-after-free after failed setup
    - USB: serial: console: fix use-after-free on disconnect

  * CVE-2017-7542
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt
    - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()

  * CVE-2017-15102
    - usb: misc: legousbtower: Fix NULL pointer deference

  * CVE-2017-12192
    - KEYS: prevent KEYCTL_READ on negative key

  * CVE-2017-14156
    - video: fbdev: aty: do not leak uninitialized padding in clk to userspace

  * CVE-2017-5669
    - ipc/shm: Fix shmat mmap nil-page protection

  * CVE-2017-0750
    - f2fs: do more integrity verification for superblock

  * CVE-2017-7889
    - mm: Tighten x86 /dev/mem with zeroing reads

  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

linux (3.13.0-141.190) trusty; urgency=low

  * linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)

  * ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
    test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
    3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fixup 32bit compat call locations

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.13.0-140.189) trusty; urgency=low

  * linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)

  [ Stefan Bader ]
  * CVE-2017-5715 // CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: cw1200: prevent speculative execution
    - SAUCE: userns: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - SAUCE: arm64: no gmb() implementation yet
    - SAUCE: arm: no gmb() implementation yet
    - SAUCE: powerpc: no gmb() implementation yet

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

linux (3.13.0-139.188) trusty; urgency=low

  * linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - arch: Introduce smp_load_acquire(), smp_store_release()
    - mm, x86: Account for TLB flushes only when debugging
    - x86/mm: Clean up inconsistencies when flushing TLB ranges
    - x86/mm: Eliminate redundant page table walk during TLB range flushing
    - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
      IvyBridge
    - x86/mm: Clean up the TLB flushing code
    - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
    - x86/mm: Fix missed global TLB flush stat
    - x86/mm: New tunable for single vs full TLB flush
    - x86/mm: Set TLB flush tunable to sane value (33)
    - x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
      variable read-mostly
    - rcu: Provide counterpart to rcu_dereference() for non-RCU situations
    - rcu: Move lockless_dereference() out of rcupdate.h
    - x86/ldt: Make modify_ldt synchronous
    - x86/ldt: Correct LDT access in single stepping logic
    - x86/ldt: Correct FPU emulation access to LDT
    - x86/ldt: Further fix FPU emulation
    - x86/mm: Disable preemption during CR3 read+write
    - x86: Clean up cr4 manipulation
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - kvmclock: export kvmclock clocksource and data pointers
    - x86/mm/kaiser: remove paravirt clock warning
    - kaiser: x86: Fix NMI handling
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION

linux (3.13.0-137.186) trusty; urgency=low

  * linux: 3.13.0-137.186 -proposed tracker (LP: #1736194)

  * CVE-2017-1000405
    - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()

  * CVE-2017-16939
    - netlink: add a start callback for starting a netlink dump
    - ipsec: Fix aborted xfrm policy dump crash

linux (3.13.0-136.185) trusty; urgency=low

  * linux: 3.13.0-136.185 -proposed tracker (LP: #1734733)

  * NVMe timeout is too short (LP: #1729119)
    - NVMe: Make I/O timeout a module parameter
    - nvme: update timeout module parameter type

linux (3.13.0-135.184) trusty; urgency=low

  * linux: 3.13.0-135.184 -proposed tracker (LP: #1724500)

  * Trusty NVMe boot fails on some systems (LP: #1720867)
    - NVMe: RCU protected access to io queues
    - NVMe: IOCTL path RCU protect queue access
    - powerpc/mm: fix ".__node_distance" undefined
    - NVMe: per-cpu io queues
    - nvme: Use pci_enable_msi_range() and pci_enable_msix_range()
    - NVMe: make setup work for devices that don't do INTx
    - NVMe: Always use MSI/MSI-x interrupts

linux (3.13.0-134.183) trusty; urgency=low

  * linux: 3.13.0-134.183 -proposed tracker (LP: #1722335)

  [ Thadeu Lima de Souza Cascardo ]
  * CVE-2017-10661
    - timerfd: Protect the might cancel mechanism proper

  * CVE-2017-10662
    - f2fs: sanity check segment count

  * CVE-2017-10663
    - f2fs: sanity check checkpoint segno and blkoff

  * CVE-2017-14340
    - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present

  * CVE-2017-10911
    - xen-blkback: don't leak stack data via response ring

  * CVE-2017-11176
    - mqueue: fix a use-after-free in sys_mq_notify()

  * CVE-2016-8632
    - tipc: check minimum bearer MTU

linux (3.13.0-133.182) trusty; urgency=low

  * linux: 3.13.0-133.182 -proposed tracker (LP: #1718159)

  [ Stefan Bader ]
  * CVE-2016-8633
    - firewire: net: guard against rx buffer overflows

  * CVE-2017-14106
    - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

linux (3.13.0-132.181) trusty; urgency=low

  * linux: 3.13.0-132.181 -proposed tracker (LP: #1716634)

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (3.13.0-131.180) trusty; urgency=low

  * linux: 3.13.0-131.180 -proposed tracker (LP: #1715439)

  * CVE-2016-7097
    - posix_acl: Clear SGID bit when setting file permissions

  * CVE-2016-9083
    - vfio/pci: Fix integer overflows, bitmask check

  * CVE-2016-9084
    - vfio/pci: Fix integer overflows, bitmask check

  * CVE-2016-9604
    - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings

  * CVE-2016-9191
    - sysctl: Drop reference added by grab_header in proc_sys_readdir

  * CVE-2016-9178
    - fix minor infoleak in get_user_ex()

  * CVE-2016-8650
    - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]

  * CVE-2016-10044
    - vfs: Commit to never having exectuables on proc and sysfs.
    - aio: mark AIO pseudo-fs noexec

linux (3.13.0-130.179) trusty; urgency=low

  * linux: 3.13.0-130.179 -proposed tracker (LP: #1713456)

  * CVE-2016-10200
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{, 6}_bind()

  * CVE-2016-9754
    - ring-buffer: Prevent overflow of size in ring_buffer_resize()

  * CVE-2017-5970
    - ipv4: keep skb->dst around in presence of IP options

  * CVE-2017-6346
    - packet: fix races in fanout_add()

  * CVE-2017-6214
    - tcp: avoid infinite loop in tcp_splice_read()

  * CVE-2017-6951
    - KEYS: Change the name of the dead type to ".dead" to prevent user access

  * CVE-2017-7472
    - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

  * CVE-2017-7187
    - scsi: sg: check length passed to SG_NEXT_CMD_LEN

  * CVE-2017-7541
    - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()

  * sort ABI files with C.UTF-8 locale (LP: #1712345)
    - [Packaging] sort ABI files with C.UTF-8 locale

  * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for
    kernels able to boot without initramfs (LP: #1700972)
    - [Debian] Don't depend on initramfs-tools

linux (3.13.0-129.178) trusty; urgency=low

  * linux: 3.13.0-129.178 -proposed tracker (LP: #1709292)

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

  * CVE-2016-7914
    - assoc_array: don't call compare_object() on a node

  * CVE-2017-7616
    - mm/mempolicy.c: fix error handling in set_mempolicy and mbind.

  * CVE-2017-7261
    - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()

  * CVE-2017-7273
    - HID: hid-cypress: validate length of report

  * CVE-2017-7487
    - ipx: call ipxitf_put() in ioctl error path

  * CVE-2017-7495
    - ext4: fix data exposure after a crash

linux (3.13.0-128.177) trusty; urgency=low

  * CVE-2017-1000112
    - ipv4: Should use consistent conditional judgement for ip fragment in
      __ip_append_data and ip_finish_output
    - ipv6: Don't use ufo handling on later transformed packets
    - ipv6: Should use consistent conditional judgement for ip6 fragment between
      __ip6_append_data and ip6_finish_output
    - udp: avoid ufo handling on IP payload compression packets
    - net: account for current skb length when deciding about UFO
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - net-packet: fix race in packet_set_ring on PACKET_RESERVE

linux (3.13.0-126.175) trusty; urgency=low

  * linux: 3.13.0-126.175 -proposed tracker (LP: #1704994)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

  * CVE-2017-7482
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode

  * CVE-2017-1000365
    - fs/exec.c: account for argv/envp pointers

  * CVE-2016-8405
    - fbdev: color map copying bounds checking

  * CVE-2017-2618
    - selinux: fix off-by-one in setprocattr

  * update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - lib: devres: add a helper function for ioremap_wc
    - net: ena: remove superfluous check in ena_remove()
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

linux (3.13.0-125.174) trusty; urgency=low

  * linux: 3.13.0-125.174 -proposed tracker (LP: #1703396)

  * NULL pointer dereference triggered by openvswitch autopkg testcase
    (LP: #1703401)
    - Revert "rtnl/do_setlink(): notify when a netdev is modified"
    - Revert "rtnl/do_setlink(): last arg is now a set of flags"
    - Revert "rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated"
    - Revert "rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated"
    - Revert "rtnetlink: provide api for getting and setting slave info"

linux (3.13.0-124.173) trusty; urgency=low

  * linux: 3.13.0-124.173 -proposed tracker (LP: #1701042)

  * CVE-2017-7895
    - nfsd: Remove assignments inside conditions
    - svcrdma: Do not add XDR padding to xdr_buf page vector
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops

  * CVE-2017-9605
    - drm/vmwgfx: Make sure backup_handle is always valid

  * CVE-2017-1000380
    - ALSA: timer: Fix race between read and ioctl
    - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

  * linux <3.18: netlink notification is missing when an interface is modified
    (LP: #1690094)
    - rtnetlink: provide api for getting and setting slave info
    - rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated
    - rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated
    - rtnl/do_setlink(): last arg is now a set of flags
    - rtnl/do_setlink(): notify when a netdev is modified

  * CVE-2015-8944
    - Make file credentials available to the seqfile interfaces
    - /proc/iomem: only expose physical resource addresses to privileged users

  * CVE-2016-10088
    - sg_write()/bsg_write() is not fit to be called under KERNEL_DS

  * CVE-2017-7346
    - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()

  * CVE-2015-8966
    - arm: fix handling of F_OFD_... in oabi_fcntl64()

  * Missing IOTLB flush causes DMAR errors with SR-IOV (LP: #1697053)
    - iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap()

  * CVE-2017-8924
    - USB: serial: io_ti: fix information leak in completion handler

  * CVE-2017-8925
    - USB: serial: omninet: fix reference leaks at open

  * CVE-2015-8967
    - arm64: make sys_call_table const

  * CVE-2015-8964
    - tty: Prevent ldisc drivers from re-using stale tty fields

  * CVE-2015-8955
    - arm64: perf: reject groups spanning multiple HW PMUs

  * CVE-2015-8962
    - sg: Fix double-free when drives detach during SG_IO

  * CVE-2015-8963
    - perf: Fix race in swevent hash

  * CVE-2017-9074
    - ipv6: Check ip6_find_1stfragopt() return value properly.

  * CVE-2014-9900
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()

linux (3.13.0-123.172) trusty; urgency=low

  * linux: 3.13.0-123.172 -proposed tracker (LP: #1700558)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux (3.13.0-122.171) trusty; urgency=low

  * linux: 3.13.0-122.171 -proposed tracker (LP: #1699047)

  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit

  * CVE-2014-9940
    - regulator: core: Fix regualtor_ena_gpio_free not to access pin after freeing

  * CVE-2017-100363
    - char: lp: fix possible integer overflow in lp_setup()

  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()

  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options

  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent

  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

  * CVE-2017-7294
    - drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()

linux (3.13.0-121.170) trusty; urgency=low

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

linux (3.13.0-119.166) trusty; urgency=low

  * linux: 3.13.0-119.166 -proposed tracker (LP: #1687718)

  * CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation
    (LP: #1687107)
    - rose: limit sk_filter trim to payload
    - tcp: take care of truncations done by sk_filter()

linux (3.13.0-118.165) trusty; urgency=low

  * linux: 3.13.0-118.165 -proposed tracker (LP: #1686154)

  * linux_3.13.0-*.*: nVMX: Check current_vmcs12 before accessing in
    handle_invept() (LP: #1678676)
    - SAUCE: KVM has a flaw in INVEPT emulation that could crash the host

  * Please backport fix to reference leak in cgroup blkio throttle
    (LP: #1683976)
    - block: fix module reference leak on put_disk() call for cgroups throttle

linux (3.13.0-117.164) trusty; urgency=low

  * linux: 3.13.0-117.164 -proposed tracker (LP: #1680733)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * CVE-2017-5986
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf

  * Update ENA driver to 1.1.2 from net-next (LP: #1664312)
    - net: ena: Remove unnecessary pci_set_drvdata()
    - net: ena: Fix error return code in ena_device_init()
    - net: ena: change the return type of ena_set_push_mode() to be void.
    - net: ena: use setup_timer() and mod_timer()
    - net/ena: remove ntuple filter support from device feature list
    - net/ena: fix queues number calculation
    - net/ena: fix ethtool RSS flow configuration
    - net/ena: fix RSS default hash configuration
    - net/ena: fix NULL dereference when removing the driver after device reset
      failed
    - net/ena: refactor ena_get_stats64 to be atomic context safe
    - net/ena: fix potential access to freed memory during device reset
    - net/ena: use READ_ONCE to access completion descriptors
    - net/ena: reduce the severity of ena printouts
    - net/ena: change driver's default timeouts
    - net/ena: change condition for host attribute configuration
    - net/ena: update driver version to 1.1.2

  * [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
    bytes to a sockaddr (LP: #1668042)
    - net/bonding: Enforce active-backup policy for IPoIB bonds

  * stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
    failure with linux 4.9.0-12.13) (LP: #1658633)
    - ext4: lock the xattr block before checksuming it

  * vmxnet3 LRO IPv6 performance issues (stalling TCP) (LP: #1605494)
    - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets

  * move aufs.ko from -extra to linux-image package (LP: #1673498)
    - [config] aufs.ko moved to linux-image package

  * lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls

Date: 2021-03-18 15:43:09.304736+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-185.236~12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:33 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:33 -0000
Subject: [ubuntu/precise-updates] openvpn 2.2.1-8ubuntu1.5 (Accepted)
Message-ID: <162005085317.6007.15244637691515295122.launchpad@ackee.canonical.com>

openvpn (2.2.1-8ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - NO CVE number

Date: 2017-08-02 19:27:16.879173+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openvpn/2.2.1-8ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:34 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:34 -0000
Subject: [ubuntu/precise-updates] patch 2.6.1-3ubuntu0.2 (Accepted)
Message-ID: <162005085452.20020.10104628572597078589.launchpad@ackee.canonical.com>

patch (2.6.1-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2016-10713.patch: fix in
      src/pch.c.
    - CVE-2016-10713
  * SECURITY UPDATE: Input validation vulnerability
    - debian/patches/CVE-2018-1000156.patch: fix in
      src/pch.c adding tests in Makefile.in, tests/ed-style.
    - CVE-2018-1000156

Date: 2018-04-16 12:44:26.498168+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/patch/2.6.1-3ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:35 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:35 -0000
Subject: [ubuntu/precise-updates] perl 5.14.2-6ubuntu2.11 (Accepted)
Message-ID: <162005085523.6007.15855937340405331958.launchpad@ackee.canonical.com>

perl (5.14.2-6ubuntu2.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: heap buffer overflow in regex compiler
    - debian/patches/CVE-2020-10543.patch: prevent integer overflow
      from nested regex quantifiers in regcomp.c.
    - CVE-2020-10543
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-10878.patch: extract
      rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
    - CVE-2020-10878
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-12723.patch: avoid mutating regexp
      program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
      t/re/pat.t.
    - CVE-2020-12723
  * debian/patches/fix_test_2020.patch: fix FTBFS caused by test
    failing in the year 2020 in cpan/Time-Local/t/Local.t.

perl (5.14.2-6ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
    - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
      util.c.
    - CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow read
    - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
      memchr in regcomp.c.
    - CVE-2018-18313

perl (5.14.2-6ubuntu2.8) precise-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

perl (5.14.2-6ubuntu2.7) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite loop via crafted utf-8 data
    - debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
      t/re/pat.t.
    - debian/patches/fixes/CVE-2015-8853-2.patch: use
      Perl_croak_nocontext() in regexec.c.
    - CVE-2015-8853
  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

perl (5.14.2-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883

Date: 2020-10-26 16:40:14.020698+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.11
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:35 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:35 -0000
Subject: [ubuntu/precise-updates] pixman 0.30.2-1ubuntu0.0.0.0.4 (Accepted)
Message-ID: <162005085567.5996.15247062117879586583.launchpad@ackee.canonical.com>

pixman (0.30.2-1ubuntu0.0.0.0.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: general_composite_rect() integer overflow
    - debian/patches/CVE-2015-5297-pre1.patch: ensure that iter buffers are
      aligned to 16 bytes in pixman/pixman-general.c,
      pixman/pixman-private.h, pixman/pixman-utils.c.
    - debian/patches/CVE-2015-5297-pre2.patch: use floating point combiners
      for all operators that involve divisions in pixman/pixman-general.c.
    - debian/patches/CVE-2015-5297-1.patch: fix stack related pointer
      arithmetic overflow in pixman/pixman-general.c.
    - debian/patches/CVE-2015-5297-2.patch: tighten up calculation of
      temporary buffer sizes in pixman/pixman-general.c.
    - debian/patches/disable_test.patch: disable blitters test as the
      correct CRC is unknown.
    - CVE-2015-5297

Date: 2018-12-11 17:50:14.902332+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/pixman/0.30.2-1ubuntu0.0.0.0.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:37 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:37 -0000
Subject: [ubuntu/precise-updates] ppp 2.4.5-5ubuntu1.4 (Accepted)
Message-ID: <162005085743.5996.6154319321679688946.launchpad@ackee.canonical.com>

ppp (2.4.5-5ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file disclosure vulnerability
    - debian/patches/load_ppp_generic_if_needed: removed, ppp has been
      built into Ubuntu kernels since at least 2012.
    - CVE-2020-15704
  * debian/patches/0016-pppoe-include-netinet-in.h-before-linux-in.h.patch:
    fix build on newer kernels.

ppp (2.4.5-5ubuntu1.3) precise-security; urgency=medium

   [ Marc Deslauriers ]
   * SECURITY UPDATE: rhostname buffer overflow
    - debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in
      pppd/eap.c.
    - CVE-2020-8597

Date: 2020-08-05 16:05:21.730614+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ppp/2.4.5-5ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:37 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:37 -0000
Subject: [ubuntu/precise-updates] php5 5.3.10-1ubuntu3.48 (Accepted)
Message-ID: <162005085760.6008.1957986200873709435.launchpad@ackee.canonical.com>

php5 (5.3.10-1ubuntu3.48) precise-security; urgency=medium

  * SECURITY UPDATE: Possibly forge cookie
    - debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
      in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
      tests/basic/bug79699.phpt.
    - CVE-2020-7070

php5 (5.3.10-1ubuntu3.47) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service through oversized memory allocated
    - debian/patches/CVE-2019-11048.patch: changes types int to size_t
      in main/rfc1867.c.
    - CVE-2019-11048

php5 (5.3.10-1ubuntu3.46) precise-security; urgency=medium

  * Fixing wrong patch in previous update. Replacing
    CVE-2020-7066 for *-7064 as it should be.

php5 (5.3.10-1ubuntu3.45) precise-security; urgency=medium

  * SECURITY UPDATE: Lax permissions
    - debian/patches/CVE-2020-7063.patch: restricting permissions
      for files added to tar in ext/phar/phar_object.c,
      ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082/*.
    - CVE-2020-7063
  * SECURITY UPDATE: One byte read or denial of service
    - debian/patches/CVE-2020-7064.patch: fix itemlen size to
      be passed to exif_file_sections_add and check if length < 2
      in ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064

php5 (5.3.10-1ubuntu3.44) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2015-9253.patch: directly listen
      on socket, instead duping it to STDIN in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
      and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
    - CVE-2015-9253
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-7059.patch: fix OOB read in
      php_strip_tags_ex in ext/standard/string.c and added
      test ext/standard/tests/file/bug79099.phpt.
    - CVE-2020-7059

php5 (5.3.10-1ubuntu3.42) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer underflow
    - debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
      to detect digits in ext/bcmath/libbcmath/src/str2num.c,
      ext/bcmath/tests/bug78878.phpt.
    - CVE-2019-11046
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
      ext/exif/tests/bug78910.phpt.
    - CVE-2019-11047
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-11050.patch: fix in
      ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
    - CVE-2019-11050

php5 (5.3.10-1ubuntu3.40) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: RCE via env_path_info underflow
    - debian/patches/CVE-2019-11043.patch: add check in
      sapi/fpm/fpm/fpm_main.c.
    - CVE-2019-11043

php5 (5.3.10-1ubuntu3.39) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
      to avoid an overflow in ext/exif.exif.c.
    - CVE-2019-11041
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11042.patch: check ByteCount in order to
      avoid an overflow in ext/exif/exif.c.
    - CVE-2019-11042

php5 (5.3.10-1ubuntu3.38) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-13224.patch: don't allow
      diff encondings for onig_new_deluxe in
      ext/mbstring/oniguruma/regext.c.
    - CVE-2019-13224

php5 (5.3.10-1ubuntu3.37) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2019-11039.patch: checks if
      str_left is > 1 in order to avoid a read out-of-bounds
      in ext/iconv/iconv.c.
    - CVE-2019-11039
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11040.patch: checks
      Thumbnail.size in order to avoid a heap-buffer-overflow
      in ext/exif/exif.c.
    - CVE-2019-11040

php5 (5.3.10-1ubuntu3.36) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2018-20783.patch: add more checks to buffer reads in
      ext/phat/phar.c.
    - CVE-2018-20783
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2019-11036.patch: check dir_entry <= offset_base in
      ext/exif/exif.c.
    - CVE-2019-11036
  [ Marc Deslauriers ]
  * SECURITY UPDATE: stream_get_meta_data issue
    - debian/patches/CVE-2016-10712.patch: properly handle metadata in
      ext/standard/streamsfuncs.c, ext/standard/tests/*,
      main/streams/memory.c.
    - debian/patches/CVE-2016-10712-2.patch: fix various tests.
    - CVE-2016-10712
  * SECURITY UPDATE: buffer over-read while unserializing untrusted data
    - debian/patches/CVE-2017-12933*.patch: add check to
      ext/standard/var_unserializer.*, add test to
      ext/standard/tests/serialize/bug74111.phpt, adjust test in
      ext/standard/tests/serialize/bug25378.phpt.
    - CVE-2017-12933
  * SECURITY UPDATE: DoS via long locale
    - debian/patches/CVE-2017-11362.patch: check length in
      ext/intl/msgformat/msgformat_parse.c.
    - CVE-2017-11362

php5 (5.3.10-1ubuntu3.35) precise-security; urgency=medium

  * SECURITY UPDATE: Information disclosure or crash
    - debian/patches/CVE-2019-11034.patch: fix heap-buffer-overflow
      in php_ifd_get32s in ext/exif/exif.c.
    - CVE-2019-11034
  * SECURITY UPDATE: Information disclosure or crash
    - debian/patches/CVE-2019-11035-*.patch: void strn on NULL,
      fix heap-buffer-overflow in ext/exif/exif.c.
    - CVE-2019-11035

php5 (5.3.10-1ubuntu3.34) precise-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
    - debian/patches/CVE-2019-9637.patch: fix in
      main/streams/plain_wrapper.c.
    - CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639.patch: fix in
      ext/exif/exif.c.
    - CVE-2019-9638
    - CVE-2019-9639
  * SECURITY UPDATE: Invalid read
    - debian/patches/CVE-2019-9640.patch: fix in
      ext/exif/exif.c.
    - CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
    - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
    - CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-9675.patch: fix in
      ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
      ext/phar/tests/bug77586/files/*.
    - CVE-2019-9675
  * Changed the way MAKERNOTE is handled in case we do not have a matching
    signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
    - debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
      it changing the behavior in order to continue the parse in
      ext/exif/exif.c
  * SECURITY UPDATE: buffer over-read in dns_get_record
    - debian/patches/CVE-2019-9022.patch: check length in
      ext/standard/dns.c.
    - CVE-2019-9022

php5 (5.3.10-1ubuntu3.33) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: invalid memory access in xmlrpc_decode()
    - debian/patches/CVE-2019-9020.patch: check length in
      ext/xmlrpc/libxmlrpc/xml_element.c, added test to
      ext/xmlrpc/tests/bug77242.phpt.
    - CVE-2019-9020
  * SECURITY UPDATE: buffer over-read in PHAR extension
    - debian/patches/CVE-2019-9021.patch: properly calculate position in
      ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
    - CVE-2019-9021
  * SECURITY UPDATE: buffer over-reads in mbstring regex functions
    - debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
      ext/mbstring/oniguruma/regparse.c, added test to
      ext/mbstring/tests/bug77370.phpt.
    - debian/patches/CVE-2019-9023-2.patch: check bounds in
      ext/mbstring/oniguruma/regcomp.c, added test to
      ext/mbstring/tests/bug77371.phpt.
    - debian/patches/CVE-2019-9023-3.patch: add length checks to
      ext/mbstring/oniguruma/enc/unicode.c,
      ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
      ext/mbstring/oniguruma/regparse.h, added test to
      ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
    - debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
      ext/mbstring/oniguruma/enc/utf16_be.c,
      ext/mbstring/oniguruma/enc/utf16_le.c,
      ext/mbstring/oniguruma/enc/utf32_be.c,
      ext/mbstring/oniguruma/enc/utf32_le.c, added test to
      ext/mbstring/tests/bug77418.phpt.
    - CVE-2019-9023
  * SECURITY UPDATE: buffer over-read in xmlrpc_decode()
    - debian/patches/CVE-2019-9024.patch: fix variable size in
      ext/xmlrpc/libxmlrpc/base64.c, added test to
      ext/xmlrpc/tests/bug77380.phpt.
    - CVE-2019-9024
  * Adding support to mb_split empty regex in support to CVE-2019-9023.
    - debian/patches/0001-supporting-empty-mb_split-regex.path: fix in
      ext/mbstring/php_mbregex.c,
      ext/mbstring/tests/mb_split_empty_match.phpt,
      ext/mbstring/tests/mb_split_variation1.phpt.

php5 (5.3.10-1ubuntu3.32) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

php5 (5.3.10-1ubuntu3.31) precise-security; urgency=medium

  * SECURITY UPDATE: opcache access controls bypass
    - debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
      default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
      sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
    - CVE-2018-10545
  * SECURITY UPDATE: XSS on PHAR error pages
    - debian/patches/CVE-2018-10547.patch: remove potential unfiltered
      outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
    - CVE-2018-10547
  * SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
    - debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
      add test to ext/ldap/tests/bug76248.phpt.
    - CVE-2018-10548

php5 (5.3.10-1ubuntu3.30) precise-security; urgency=medium

  * SECURITY UPDATE: XSS in PHAR error page
    - debian/patches/CVE-2018-5712.patch: remove file name from output to
      avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
      ext/phar/tests/*.
    - CVE-2018-5712
  * SECURITY UPDATE: stack-based under-read in HTTP response parsing
    - debian/patches/CVE-2018-7584.patch: prevent reading beyond buffer
      start in ext/standard/http_fopen_wrapper.c,
      ext/standard/tests/http/bug75981.phpt.
    - CVE-2018-7584

php5 (5.3.10-1ubuntu3.28) precise-security; urgency=medium

  * SECURITY UPDATE: URL check bypass
    - debian/patches/CVE-2016-10397.patch: fix logic in
      ext/standard/url.c, added tests to
      ext/standard/tests/url/bug73192.phpt,
      ext/standard/tests/url/parse_url_basic_00*.phpt.
    - CVE-2016-10397
  * SECURITY UPDATE: wddx empty boolean tag parsing issue
    - debian/patches/CVE-2017-11143.patch: handle empty tag in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
    - CVE-2017-11143
  * SECURITY UPDATE: DoS in OpenSSL sealing function
    - debian/patches/CVE-2017-11144.patch: check return code in
      ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
    - CVE-2017-11144
  * SECURITY UPDATE: information leak in the date extension
    - debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
      in ext/date/lib/parse_date.*.
    - CVE-2017-11145
  * SECURITY UPDATE: buffer overread in phar_parse_pharfile
    - debian/patches/CVE-2017-11147.patch: use proper sizes in
      ext/phar/phar.c.
    - CVE-2017-11147
  * SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
    - debian/patches/CVE-2017-11628.patch: use correct buffer size in
      Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
    - CVE-2017-11628
  * SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9224.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9224
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9226.patch: add checks to
      ext/mbstring/oniguruma/regparse.c.
    - CVE-2017-9226
  * SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9227.patch: add bounds check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9227
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9228.patch: add check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9228
  * SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
    - debian/patches/CVE-2017-9229.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9229

Date: 2020-10-14 14:13:15.184446+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.48
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:38 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:38 -0000
Subject: [ubuntu/precise-updates] procmail 3.22-19ubuntu0.2 (Accepted)
Message-ID: <162005085842.6007.1780601584045484886.launchpad@ackee.canonical.com>

procmail (3.22-19ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in the loadbuf function
    - debian/patches/30: make sure buffer is big enough in src/formisc.c.
    - CVE-2017-16844

Date: 2017-11-21 13:09:20.909896+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/procmail/3.22-19ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:37 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:37 -0000
Subject: [ubuntu/precise-updates] policykit-1 0.104-1ubuntu1.5 (Accepted)
Message-ID: <162005085752.20020.7034640417769925578.launchpad@ackee.canonical.com>

policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

policykit-1 (0.104-1ubuntu1.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

policykit-1 (0.104-1ubuntu1.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via duplicate action IDs
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

Date: 2019-08-29 18:57:14.122606+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.104-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:36 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:36 -0000
Subject: [ubuntu/precise-updates] postgresql-common 129ubuntu1.2 (Accepted)
Message-ID: <162005085699.6007.13579878297222607995.launchpad@ackee.canonical.com>

postgresql-common (129ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: symlink attack vulnerability
    - drop privileges when creating log file in pg_ctlcluster.
    - c8989206ec360f199400c74f129f7b4cb878c1ee
    - CVE-2016-1255
  * SECURITY UPDATE: symlink attack vulnerability in init/helper scripts
    (LP: #1727209)
    - use lchown instead of chown in pg_createcluster, pg_ctlcluster,
      pg_upgradecluster.
    - 8b4d0a889a8287181c4bdf46462db9b737a6e25d
    - CVE-2017-8806

Date: 2017-11-27 17:21:12.246884+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-common/129ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:07:39 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:07:39 -0000
Subject: [ubuntu/precise-updates] python-apt 0.8.3ubuntu7.5 (Accepted)
Message-ID: <162005085978.5996.2294800668510541774.launchpad@ackee.canonical.com>

python-apt (0.8.3ubuntu7.5) precise-security; urgency=medium

  * SECURITY UPDATE: Check that repository is trusted before downloading
    files from it (LP: #1858973)
    - apt/cache.py: Add checks to fetch_archives() and commit()
    - apt/package.py: Add checks to fetch_binary() and fetch_source()
    - CVE-2019-15796
  * SECURITY UPDATE: Do not use MD5 for verifying downloadeds
    (Closes: #944696) (#LP: #1858972)
    - apt/package.py: Use strongest hashes when fetching packages. Packages
      without a trusted hash are still accepted.
    - CVE-2019-15795
  * To work around the new checks, the parameter allow_unauthenticated=True
    can be passed to the functions. It defaults to the value of the
    APT::Get::AllowUnauthenticated option.
    - Bump Breaks aptdaemon (<< 0.43+bzr805-0ubuntu10+esm1), as it will have
      to set that parameter after having done validation.
  * Automatic changes and fixes for external regressions:
    - Adjustments to test suite and CI to fix CI regressions
    - Automatic mirror list update
    - utils/get_debian_mirrors.py: Get data from salsa
  * Make allow_unauthenticated argument to fetch_archives() optional
    - apt/cache.py

Date: 2020-01-23 14:17:15.940209+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python-apt/0.8.3ubuntu7.5
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:47 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:47 -0000
Subject: [ubuntu/precise-updates] python-crypto 2.4.1-1ubuntu0.3 (Accepted)
Message-ID: <162005236735.6007.17026802041016501365.launchpad@ackee.canonical.com>

python-crypto (2.4.1-1ubuntu0.3) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: weak ElGamal key parameters
    - debian/patches/CVE-2018-6594.patch: use backported fix from
      pycryptodome in lib/Crypto/PublicKey/ElGamal.py.
    - CVE-2018-6594

python-crypto (2.4.1-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2013-7459.patch: fix buffer overflow
      in src/block_template.c.
    - CVE-2013-7459

Date: 2018-04-06 15:21:16.345342+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python-crypto/2.4.1-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:48 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:48 -0000
Subject: [ubuntu/precise-updates] python2.7 2.7.3-0ubuntu3.19 (Accepted)
Message-ID: <162005236803.6008.11465376269210920902.launchpad@ackee.canonical.com>

python2.7 (2.7.3-0ubuntu3.19) precise-security; urgency=medium

  * SECURITY UPDATE: CRLF injection
    - debian/patches/CVE-2020-26116.patch: prevent header injection
      in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
    - CVE-2020-26116

python2.7 (2.7.3-0ubuntu3.18) precise-security; urgency=medium

  * SECURITY UPDATE: Misleading information
    - debian/patches/CVE-2019-17514.patch: explain that the orderness of the
      of the result is system-dependant in Doc/library/glob.rst.
    - CVE-2019-17514
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9674.patch: add pitfalls to
      zipfile module doc in Doc/library/zipfile.rst,
      Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
    - CVE-2019-9674
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
      tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py.
    - CVE-2019-20907

python2.7 (2.7.3-0ubuntu3.17) precise-security; urgency=medium

  * SECURITY UPDATE: CRLF injection
    - debian/patches/CVE-2019-18348.patch: disallow control characters
      in hostnames in http.client in Lib/httplib.py, Lib/test/test_urllib2.py.
    - CVE-2019-18348
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-8492.patch: fix the regex to prevent
      the regex denial of service in Lib/urllib2.py.
    - CVE-2020-8492

python2.7 (2.7.3-0ubuntu3.15) precise-security; urgency=medium

  * SECURITY UPDATE: Email module wrongly parse email addresses
    - debian/patches/CVE-2019-16056.patch: skips parsing of email addresses
      where domains include a "@" character in Lib/email/_parseaddr.py,
      Lib/email/test/test_email.py.
    - CVE-2019-16056
  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2019-16935.patch: Escape the server title of
      DocXMLRPCServer in Lib/DocXMLRPCServer.py, Lib/test/test_docxmlrpc.py.
    - CVE-2019-16935
  * Adding patch to avoid race in test_docxmlrpc server setup
    - debian/patches/docxmlrpc_test_hang_issue.patch: in
      Lib/test/test_docxmlrpc.py.

python2.7 (2.7.3-0ubuntu3.14) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947

python2.7 (2.7.3-0ubuntu3.11) precise-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647
  * Added swap_attr definition for test
    - debian/patches/0001-Adding-swap_attr-for-test.patch

python2.7 (2.7.3-0ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/stringobject.c.
    - CVE-2017-1000158

Date: 2020-10-06 15:15:19.433796+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.19
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:48 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:48 -0000
Subject: [ubuntu/precise-updates] rsync 3.0.9-1ubuntu1.3 (Accepted)
Message-ID: <162005236813.5996.4890440011708044525.launchpad@ackee.canonical.com>

rsync (3.0.9-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

rsync (3.0.9-1ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

Date: 2018-01-18 20:15:12.938990+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/rsync/3.0.9-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:49 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:49 -0000
Subject: [ubuntu/precise-updates] rtmpdump 2.4~20110711.gitc28f1bab-1ubuntu0.1
 (Accepted)
Message-ID: <162005236913.6007.2803588451125518143.launchpad@ackee.canonical.com>

rtmpdump (2.4~20110711.gitc28f1bab-1ubuntu0.1) precise-security; urgency=medium

  [Marc Deslauriers]
  * SECURITY UPDATE: denial of service in AMF3ReadString function
    - debian/patches/CVE-2015-8270.patch: init str on unsupported
      references in librtmp/amf.c.
    - CVE-2015-8270
  * SECURITY UPDATE: arbitrary code execution in AMF3CD_AddProp function
    - debian/patches/CVE-2015-8271-1.patch: check for input buffer underrun
      in librtmp/amf.c.
    - debian/patches/CVE-2015-8271-2.patch: more input buffer checks in
      librtmp/amf.c.
    - CVE-2015-8271
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2015-8272.patch: ignore requests without playpath
      in rtmpsrv.c.
    - CVE-2015-8272

Date: 2017-05-19 14:29:15.284993+00:00
Changed-By: Emily Ratliff <emily.ratliff at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/rtmpdump/2.4~20110711.gitc28f1bab-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:50 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:50 -0000
Subject: [ubuntu/precise-updates] screen 4.0.3-14ubuntu8.1 (Accepted)
Message-ID: <162005237048.5996.3954915406671550372.launchpad@ackee.canonical.com>

screen (4.0.3-14ubuntu8.1) precise-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/63-CVE-2015-6806.dpatch: Fix stack overflow due to too
      deep recursion
    - CVE-2015-6806

Date: 2019-05-28 17:27:17.509848+00:00
Changed-By: Mike Salvatore <mike.s.salvatore at gmail.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/screen/4.0.3-14ubuntu8.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:51 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:51 -0000
Subject: [ubuntu/precise-updates] shadow 1:4.1.4.2+svn3283-3ubuntu5.2
 (Accepted)
Message-ID: <162005237102.6007.6868456899601693087.launchpad@ackee.canonical.com>

shadow (1:4.1.4.2+svn3283-3ubuntu5.2) precise-security; urgency=medium

  * SECURITY UPDATE: preventing tty hijacking.
    - debian/patches/0001-Do_not_foward_controlling_terminal.patch
      No CVE is currently assigned. Upstream patch.
  [ Seth Arnold ]
  * SECURITY UPDATE: su could be used to kill arbitrary process.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal. This patch is a combined patch with original and
      regression patch
    - CVE-2017-2616

Date: 2017-06-24 01:20:17.965204+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/shadow/1:4.1.4.2+svn3283-3ubuntu5.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:51 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:51 -0000
Subject: [ubuntu/precise-updates] spamassassin 3.4.2-0ubuntu0.12.04.4
 (Accepted)
Message-ID: <162005237196.5996.5537846287749406550.launchpad@ackee.canonical.com>

spamassassin (3.4.2-0ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2020-1930: improve logic in
      lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm. 
    - debian/patches/CVE-2020-1931: improve logic in
      lib/Mail/SpamAssassin/Conf.pm, lib/Mail/SpamAssassin/Constants.pm.
    - CVE-2020-1930
    - CVE-2020-1931
  * Thanks to Debian for the patches.

spamassassin (3.4.2-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2018-11805: improve rule parsing.
    - CVE-2018-11805
  * SECURITY UPDATE: resource consumption issue
    - debian/patches/CVE-2019-12420: limit checked mime parts.
    - CVE-2019-12420
  * Thanks to Debian for the patches.

spamassassin (3.4.2-0ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 3.4.2 to fix multiple security issues and
    support new rule update signatures (LP: #1796863)
    - debian/patches/*patch: sync patches from 3.4.2-1 package.
    - add pkgrules orig tarball from 3.4.2-1 package.
    - debian/spamassassin.{init,preinst}: properly handle process name
      change in spamassassin 3.4.2.
    - debian/rules: copy STATISTICS files from pkgrules
    - CVE-2018-11780
    - CVE-2018-11781

spamassassin (3.3.2-2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-15705.patch: fix in
      lib/Mail/SpamAssassin/HTML.pm.
    - CVE-2017-15705

Date: 2020-02-04 14:27:14.454092+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.12.04.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:51 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:51 -0000
Subject: [ubuntu/precise-updates] samba 2:3.6.25-0ubuntu0.12.04.21 (Accepted)
Message-ID: <162005237176.6008.13186102539310809346.launchpad@ackee.canonical.com>

samba (2:3.6.25-0ubuntu0.12.04.21) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
    - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
      packet in libcli/nbt/nbtsocket.c.
    - CVE-2020-14303

samba (2:3.6.25-0ubuntu0.12.04.20) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
    excessive CPU
    - debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to
      fix the issue.
    - CVE-2020-10745

samba (2:3.6.25-0ubuntu0.12.04.19) precise-security; urgency=medium

  * SECURITY UPDATE: client code can return filenames containing path
    separators
    - debian/patches/CVE-2019-10218.patch: protect SMB1 client code
      from evil server returned names in source3/libsmb/clilist.c,
      source3/libsmb/proto.h.
    - CVE-2019-10218

samba (2:3.6.25-0ubuntu0.12.04.18) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
    - debian/patches/CVE-2018-16860.patch: reject PA-S4U2Self with unkeyed
      checksum in source4/heimdal/kdc/krb5tgs.c.
    - CVE-2018-16860

samba (2:3.6.25-0ubuntu0.12.04.17) precise-security; urgency=medium

  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

samba (2:3.6.25-0ubuntu0.12.04.16) precise-security; urgency=medium

  * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
    - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
      counter in  source4/dns_server/dns_query.c.
    - CVE-2018-14629
  * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
    - debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with
      mis-matching principal in source4/kdc/db-glue.c.
    - CVE-2018-16841
  * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
    - debian/patches/CVE-2018-16851.patch: check ret before manipulating
      blob in source4/ldap_server/ldap_server.c.
    - CVE-2018-16851

samba (2:3.6.25-0ubuntu0.12.04.15) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050

samba (2:3.6.25-0ubuntu0.12.04.14) precise-security; urgency=medium

  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

samba (2:3.6.25-0ubuntu0.12.04.13) precise-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where they
    should
    - debian/patches/CVE-2017-12150.patch: fixing in libgpo/gpo_fetch.c,
      source3/lib/util_cmdline.c, source3/libsmb/clidfs.c.
    - CVE-2017-12150

  * SECURITY UPDATE: Client with write access to a share can cause server
    memory contents to be written into a file or printer.
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smdb/reply.c
    - CVE-2017-12163

samba (2:3.6.25-0ubuntu0.12.04.12) precise-security; urgency=medium

  * SECURITY UPDATE: avoiding server impersonation and other attacks
    through unauthenticated portions of kerberos tickets
    - debian/patches/CVE-2017-11103.patch: this patch assures that
      the KDC-REP service name is obtained from encrypted version.
    - CVE-2017-11103

samba (2:3.6.25-0ubuntu0.12.04.11) precise-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

Date: 2020-08-10 16:01:13.843588+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/samba/2:3.6.25-0ubuntu0.12.04.21
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:54 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:54 -0000
Subject: [ubuntu/precise-updates] squid3 3.1.19-1ubuntu3.12.04.10 (Accepted)
Message-ID: <162005237464.6008.2981739652546600316.launchpad@ackee.canonical.com>

squid3 (3.1.19-1ubuntu3.12.04.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/auth_digest.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/auth_basic.cc,
      , lib/uudecode.c.
    - CVE-2019-12529

squid3 (3.1.19-1ubuntu3.12.04.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345
  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

Date: 2019-07-19 16:30:13.354018+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/squid3/3.1.19-1ubuntu3.12.04.10
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:53 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:53 -0000
Subject: [ubuntu/precise-updates] sqlite3 3.7.9-2ubuntu1.4 (Accepted)
Message-ID: <162005237342.6007.3244862302905754503.launchpad@ackee.canonical.com>

sqlite3 (3.7.9-2ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2018-8740.patch: fix checking
      for pSelect and zExtra[0] in src/build.c, src/prepare.c.
    - CVE-2018-8740

sqlite3 (3.7.9-2ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-6153-*.patch: change temp direcotry
      search algorithm in src/os_unix.c.
    - CVE-2016-6153
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-13685.patch: adds checks in
      src/shell.c.
    - CVE-2017-13685
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-2518.patch: prevent a use-after-free
      in src/whereexpr.c.
    - CVE-2017-2518
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-20346-and-CVE-2018-20506*.patch:
      add extra defenses against strategically corrupt databases
      in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test,
      test/permutations.test.
    - CVE-2018-20346
    - CVE-2018-20506
  * SECURITY UPDATE: heap out-of-bound read
    - debian/patches/CVE-2019-8457.patch: enhance the
      rtreenode() in ext/rtree/rtree.c.
    - debian/patches/CVE-2019-8457-string-interface.patch:
      add string interface in src/btree.c, src/build.c,
      src/func.c, src/mutex.c, src/pragma.c, src/printf.c,
      src/sqlite.h.in, src/sqliteInt.h, src/treeview.c,
      src/vdbeaux.c, src/vdbetrace.c, src/where.c,
      src/insert.c.
    - CVE-2019-8457

Date: 2019-11-29 17:33:22.786494+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/sqlite3/3.7.9-2ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:55 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:55 -0000
Subject: [ubuntu/precise-updates] sudo 1.8.3p1-1ubuntu3.10 (Accepted)
Message-ID: <162005237589.6007.1192308722632295581.launchpad@ackee.canonical.com>

sudo (1.8.3p1-1ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156

sudo (1.8.3p1-1ubuntu3.9) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in sudo when pwfeedback is enabled
    - debian/patches/CVE-2019-18634.patch: fix overflow in src/tgetpass.c.
    - CVE-2019-18634

sudo (1.8.3p1-1ubuntu3.8) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via UID -1
    - debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
      in plugins/sudoers/sudoers.c.
    - CVE-2019-14287

Date: 2021-01-27 14:14:09.843406+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.10
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:57 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:57 -0000
Subject: [ubuntu/precise-updates] tcpdump 4.9.3-0ubuntu0.12.04.1 (Accepted)
Message-ID: <162005237796.6007.849490375319249451.launchpad@ackee.canonical.com>

tcpdump (4.9.3-0ubuntu0.12.04.1) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Updated to 4.9.3 to fix multiple security issues
    - debian/patches/disable-tests.diff: disable tests that require newer
      libpcap.
    - CVE-2017-16808, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461,
      CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465,
      CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469,
      CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881,
      CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229,
      CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452,
      CVE-2018-19519, CVE-2019-1010220, CVE-2019-15166, CVE-2019-15167

tcpdump (4.9.2-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: multiple security issues in tcpdump
    - CVE-2017-13011: buffer overflow in util-print.c:
      bittok2str_internal().
    - CVE-2017-12989: RESP parser infinite loop in print-resp.c:
      resp_get_length().
    - CVE-2017-12990: ISAKMP parser infinite loops in print-isakmp.c,
      several functions.
    - CVE-2017-12995 DNS parser infinite loop in print-domain.c:
      ns_print().
    - CVE-2017-12997: LLDP parser infinite loop in print-lldp.c:
      lldp_private_8021_print().
    - CVE-2017-12893: buffer over-read in smbutil.c:name_len().
    - CVE-2017-12894: buffer over-read in addrtoname.c:
      lookup_bytestring().
    - CVE-2017-12895: buffer over-read in print-icmp.c:icmp_print().
    - CVE-2017-12896: buffer over-read in print-isakmp.c:
      isakmp_rfc3948_print().
    - CVE-2017-12897: buffer over-read in print-isoclns.c:
      isoclns_print().
    - CVE-2017-12898: buffer over-read in print-nfs.c:interp_reply().
    - CVE-2017-12899: buffer over-read in print-decnet.c:
      decnet_print().
    - CVE-2017-12900: buffer over-read in util-print.c:tok2strbuf().
    - CVE-2017-12901: buffer over-read in print-eigrp.c:eigrp_print().
    - CVE-2017-12902: buffer over-read in print-zephyr.c, several
      functions.
    - CVE-2017-12985: buffer over-read in print-ip6.c:ip6_print().
    - CVE-2017-12986: buffer over-read in print-rt6.c:rt6_print().
    - CVE-2017-12987: buffer over-read in print-802_11.c:
      parse_elements().
    - CVE-2017-12988: buffer over-read in print-telnet.c:
      telnet_parse().
    - CVE-2017-12991: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-12992: buffer over-read in print-ripng.c:ripng_print().
    - CVE-2017-12993: buffer over-read in print-juniper.c, several
      functions.
    - CVE-2017-12994: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-12996: buffer over-read in print-pim.c:pimv2_print().
    - CVE-2017-12998: buffer over-read in print-isoclns.c:
      isis_print_extd_ip_reach().
    - CVE-2017-12999: buffer over-read in print-isoclns.c:isis_print().
    - CVE-2017-13000: buffer over-read in print-802_15_4.c:
      ieee802_15_4_if_print().
    - CVE-2017-13001: buffer over-read in print-nfs.c:nfs_printfh().
    - CVE-2017-13002: buffer over-read in print-aodv.c:
      aodv_extension().
    - CVE-2017-13003: buffer over-read in print-lmp.c:lmp_print().
    - CVE-2017-13004: buffer over-read in print-juniper.c:
      juniper_parse_header().
    - CVE-2017-13005: buffer over-read in print-nfs.c:xid_map_enter().
    - CVE-2017-13006: buffer over-read in print-l2tp.c, several
      functions.
    - CVE-2017-13007: buffer over-read in print-pktap.c:
      pktap_if_print().
    - CVE-2017-13008: buffer over-read in print-802_11.c:
      parse_elements().
    - CVE-2017-13009: buffer over-read in print-mobility.c:
      mobility_print().
    - CVE-2017-13010: buffer over-read in print-beep.c:l_strnstart().
    - CVE-2017-13012: buffer over-read in print-icmp.c:icmp_print().
    - CVE-2017-13013: buffer over-read in print-arp.c, several
      functions.
    - CVE-2017-13014: buffer over-read in print-wb.c:wb_prep(), several
      functions.
    - CVE-2017-13015: buffer over-read in print-eap.c:eap_print().
    - CVE-2017-13016: buffer over-read in print-isoclns.c:esis_print().
    - CVE-2017-13017: buffer over-read in print-dhcp6.c:
      dhcp6opt_print().
    - CVE-2017-13018: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13019: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13020: buffer over-read in print-vtp.c:vtp_print().
    - CVE-2017-13021: buffer over-read in print-icmp6.c:icmp6_print().
    - CVE-2017-13022: buffer over-read in print-ip.c:ip_printroute().
    - CVE-2017-13023, CVE-2017-13024, CVE-2017-13025: multiple buffer
      over-reads in print-mobility.c:mobility_opt_print().
    - CVE-2017-13026: buffer over-read in print-isoclns.c, several functions.
    - CVE-2017-13027: buffer over-read in print-lldp.c:
      lldp_mgmt_addr_tlv_print().
    - CVE-2017-13028: buffer over-read in print-bootp.c:bootp_print().
    - CVE-2017-13029: buffer over-read in print-ppp.c:
      print_ccp_config_options().
    - CVE-2017-13030: buffer over-read in print-pim.c, several functions.
    - CVE-2017-13031: buffer over-read in print-frag6.c:frag6_print().
    - CVE-2017-13032: buffer over-read in print-radius.c:print_attr_string().
    - CVE-2017-13033: buffer over-read in print-vtp.c:vtp_print().
    - CVE-2017-13034: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13035: buffer over-read in print-isoclns.c:isis_print_id().
    - CVE-2017-13036: buffer over-read in print-ospf6.c:ospf6_decode_v3().
    - CVE-2017-13037: buffer over-read in print-ip.c:ip_printts().
    - CVE-2017-13038: buffer over-read in print-ppp.c:handle_mlppp().
    - CVE-2017-13039: buffer over-read in print-isakmp.c, several
      functions.
    - CVE-2017-13040: buffer over-read in print-mptcp.c, several
      functions.
    - CVE-2017-13041: buffer over-read in print-icmp6.c:
      icmp6_nodeinfo_print().
    - CVE-2017-13042: buffer over-read in print-hncp.c:dhcpv6_print().
    - CVE-2017-13043: buffer over-read in print-bgp.c:
      decode_multicast_vpn().
    - CVE-2017-13044: buffer over-read in print-hncp.c:dhcpv4_print().
    - CVE-2017-13045: buffer over-read in print-vqp.c:vqp_print().
    - CVE-2017-13046: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-13047: buffer over-read in print-isoclns.c:esis_print().
    - CVE-2017-13048: buffer over-read in print-rsvp.c:
      rsvp_obj_print().
    - CVE-2017-13049: buffer over-read in print-rx.c:ubik_print().
    - CVE-2017-13050: buffer over-read in print-rpki-rtr.c:
      rpki_rtr_pdu_print().
    - CVE-2017-13051: buffer over-read in print-rsvp.c:
      rsvp_obj_print().
    - CVE-2017-13052: buffer over-read in print-cfm.c:cfm_print().
    - CVE-2017-13053: buffer over-read in print-bgp.c:
      decode_rt_routing_info().
    - CVE-2017-13054: buffer over-read in print-lldp.c:
      lldp_private_8023_print().
    - CVE-2017-13055: buffer over-read in print-isoclns.c:
      isis_print_is_reach_subtlv().
    - CVE-2017-13687: buffer over-read in print-chdlc.c:chdlc_print().
    - CVE-2017-13688: buffer over-read in print-olsr.c:olsr_print().
    - CVE-2017-13689: buffer over-read in print-isakmp.c:
      ikev1_id_print().
    - CVE-2017-13690: buffer over-read in print-isakmp.c, several
      functions.
    - CVE-2017-13725: buffer over-read in print-rt6.c:rt6_print().
  * Merge from Debian unstable. Remaining changes:
    - debian/control:
      + keep older libpcap0.8-dev dependency
      + don't add breaks/replaces on apparmor-profiles-extras, as
        tcpdump profile is already dropped from there in xenial.
      + drop multi-arch: foreign
    - debian/patches/disable_tests.diff:  disable additional tests
      failing with older pcap versions
    - debian/patches/90_man_apparmor.diff: mention apparmor profile
    - debian/tcpdump.dirs: for apparmor force-complain dir

tcpdump (4.9.2-1) unstable; urgency=high

  * New upstream release:
    + Fixes 86 new CVEs, see the upstream changelog for the full list.
    + Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740).
  * Urgency high due to security fixes.

tcpdump (4.9.1-3) unstable; urgency=high

  * Cherry-pick three upstream commits to fix the following:
    + CVE-2017-11541: buffer over-read in safeputs() (closes: #873804)
    + CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805)
    + CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806)
  * Urgency high due to security fixes.

tcpdump (4.9.1-2) unstable; urgency=medium

  * Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377).

tcpdump (4.9.1-1) unstable; urgency=medium

  * New upstream release, fixes CVE-2017-11108 (closes: #867718).
  * Bump Standards-Version to 4.1.0.
  * debian/watch: add pgpsigurlmangle option.
  * Add upstream signing key in debian/upstream.

tcpdump (4.9.0-3) unstable; urgency=medium

  [ intrigeri ]
  * Include AppArmor profile from Ubuntu (closes: #866682).

  [ Romain Francoise ]
  * Bump Standards-Version to 4.0.0.

tcpdump (4.9.0-2) unstable; urgency=medium

  * Re-enable crypto support, targeting OpenSSL 1.0 as upstream still
    doesn't support OpenSSL 1.1.
  * Drop --enable-ipv6 from configure line, it has been the default for
    years now.

Date: 2020-01-27 17:13:14.085365+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:55 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:55 -0000
Subject: [ubuntu/precise-updates] subversion 1.6.17dfsg-3ubuntu3.8 (Accepted)
Message-ID: <162005237590.5996.1633165181730673451.launchpad@ackee.canonical.com>

subversion (1.6.17dfsg-3ubuntu3.8) precise-security; urgency=medium

  * SECURITY UPDATE: Remotely triggerable DoS vulnerability in svnserve
    'get-deleted-rev' and Remote unauthenticated denial-of-service
    - debian/patches/CVE-2018-11782-and-CVE-2019-0203.patch: properly handle certain replies
      in subversion/libsvn_ra_svn/client.c, subversion/svnserve/serve.c,
    - CVE-2018-11782
    - CVE-2019-0203

subversion (1.6.17dfsg-3ubuntu3.7) precise-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution on clients through
    malicious svn+ssh URLs
    - debian/patches/CVE-2017-9800.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - CVE-2017-9800
  * SECURITY UPDATE: svnserve/sasl may authenticate users using the
    wrong realm.
    - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
      SASL is being used.
    - CVE-2016-2167
  * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
    module.
    - debian/patches/CVE-2016-2168.patch: Reject requests with invalid
      Destination headers.
    - CVE-2016-2168

Date: 2019-07-29 18:25:19.601062+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.8
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:32:57 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:32:57 -0000
Subject: [ubuntu/precise-updates] tar 1.26-4ubuntu1.2 (Accepted)
Message-ID: <162005237719.6008.7003396470048556602.launchpad@ackee.canonical.com>

tar (1.26-4ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Infinite read loop
    - debian/patches/CVE-2018-20482.patch: Add handling for short read
      condition in sparse_dump_region() of src/sparse.c.
    - CVE-2018-20482 
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2019-9923.patch: Check for NULL return value from
      find_next_block in src/sparse.c.
    - CVE-2019-9923

Date: 2021-01-12 16:07:09.341056+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/tar/1.26-4ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:00 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:00 -0000
Subject: [ubuntu/precise-updates] tiff 3.9.5-2ubuntu1.12 (Accepted)
Message-ID: <162005238021.6007.2157658256738595772.launchpad@ackee.canonical.com>

tiff (3.9.5-2ubuntu1.12) precise-security; urgency=medium

  * SECURITY UPDATE: heap over-read in TIFFWriteScanline
    - debian/patches/CVE-2018-10779.patch: fix overflow in
      libtiff/tif_write.c.
    - CVE-2018-10779
  * SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
    - debian/patches/CVE-2018-12900-1.patch: check for overflow in
      tools/tiffcp.c.
    - debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
    - CVE-2018-12900
    - CVE-2019-7663
  * SECURITY UPDATE: memory leak in TIFFFdOpen
    - debian/patches/CVE-2019-6128.patch: properly handle errors in
      tools/pal2rgb.c.
    - CVE-2019-6128
  * SECURITY UPDATE: multiple overflows
    - debian/patches/CVE-2018-1710x-*.patch: Avoid overflows in
      tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
    - CVE-2018-17100
    - CVE-2018-17101
  * SECURITY UPDATE: JBIGDecode out-of-bounds write
    - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c.
    - CVE-2018-18557

tiff (3.9.5-2ubuntu1.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
    - debian/patches/CVE-2016-3945.patch: fix integer overflow in
      tools/tiff2rgba.c.
    - CVE-2016-3945
  * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
    - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
    - CVE-2017-5225

tiff (3.9.5-2ubuntu1.10) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted field data in an extension tag
    - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.
    - CVE-2015-7554
  * SECURITY UPDATE: DoS and possible code execution via large width field
    in a BMP image
    - debian/patches/CVE-2015-8668.patch: properly calculate size in
      tools/bmp2tiff.c;
    - CVE-2015-8668
  * SECURITY UPDATE: heap-buffer-overflow in tiffcrop
    - debian/patches/CVE-2016-10092.patch: properly increment buffer in
      tools/tiffcrop.c.
    - CVE-2016-10092
  * SECURITY UPDATE: DoS in rgb2ycbcr tool
    - debian/patches/CVE-2016-3623.patch: validate parameters in
      tools/rgb2ycbcr.c.
    - CVE-2016-3623
    - CVE-2016-3624
  * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
    - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
      tools/thumbnail.c.
    - CVE-2016-3632
    - CVE-2016-8331
  * SECURITY UPDATE: DoS and possible code execution via overflow in
    horizontalDifference8 function
    - debian/patches/CVE-2016-3990.patch: add check to
      libtiff/tif_pixarlog.c.
    - CVE-2016-3990
  * SECURITY UPDATE: DoS and possible code execution in tiffcrop
    - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
    - CVE-2016-3991
    - CVE-2016-5322
  * SECURITY UPDATE: DoS in DumpModeDecode function
    - debian/patches/CVE-2016-5321.patch: limit number of samples in
      tools/tiffcrop.c.
    - CVE-2016-5321
  * SECURITY UPDATE: DoS and possible code execution via TIFFTAG_JPEGTABLES
    - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
    - CVE-2016-9453
  * SECURITY UPDATE: multiple out-of-bounds writes issues
    - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
      libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
      tools/tiffcrop.c.
    - CVE-2016-9533
    - CVE-2016-9534
    - CVE-2016-9536
    - CVE-2016-9537

Date: 2019-03-15 13:42:19.192371+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.12
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:01 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:01 -0000
Subject: [ubuntu/precise-updates] tzdata 2021a-0ubuntu0.12.04 (Accepted)
Message-ID: <162005238138.6008.2600787014933003323.launchpad@ackee.canonical.com>

tzdata (2021a-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version (LP: #1913482), affecting the following future timestamp:
    - South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

tzdata (2020f-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version (LP: #1909698), affecting the following timestamp:
    - Volgograd switches to Moscow time on 2020-12-27 at 02:00.

tzdata (2020d-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version (LP: #1901020), affecting past and future timestamps:
    - Palestine ends DST earlier than predicted, on 2020-10-24.
    - Fiji starts DST later than usual, on 2020-12-20.
    - Revised predictions for Morocco's changes starting in 2023.
    - Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
    - Macquarie Island has stayed in sync with Tasmania since 2011.
    - Casey, Antarctica is at +08 in winter and +11 in summer since 2018.
  * Restore old SystemV timezones.

tzdata (2020a-0ubuntu0.12.04) precise; urgency=medium

  * New upstream release (LP: #1878108), affecting past and future timestamps:
    - Morocco springs forward on 2020-05-31, not 2020-05-24.
    - Canada's Yukon advanced to -07 year-round on 2020-03-08.
    - America/Nuuk renamed from America/Godthab.

tzdata (2019c-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting the following future timestamps:
    - Fiji's next DST transitions will be 2019-11-10 and 2020-01-12
      instead of 2019-11-03 and 2020-01-19.
    - Norfolk Island will observe Australian-style DST starting in
      spring 2019.  The first transition is on 2019-10-06.

tzdata (2019b-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting the following past and future timestamps:
    - Brazil has canceled DST and will stay on standard time indefinitely.
    - Predictions for Morocco now go through 2087 instead of 2037.
    - Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
      at 01:00.  Guess future transitions to be March's last Friday at 00:00.
    - Many corrections to historical Hong Kong transitions from 1941 to 1947.

tzdata (2019a-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting past and future timestamps:
    - Palestine "springs forward" on 2019-03-30 instead of 2019-03-23.
    - Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00.

tzdata (2018i-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting past and future timestamps:
    - São Tomé and Príncipe switches from +01 to +00 on 2019-01-01.
    - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21.
    - A new zone Asia/Qostanay has been added, because Qostanay,
      Kazakhstan didn't move.
    - Metlakatla, Alaska observes PST this winter only.

tzdata (2018g-0ubuntu0.12.04) precise; urgency=high

  * New upstream version, affecting the following timestamp:
    - Morocco switches to permanent +01 on 2018-10-27.

tzdata (2018f-0ubuntu0.12.04) precise; urgency=medium

  * New upstream version, affecting the following future timestamp:
    - Volgograd moves from +03 to +04 on 2018-10-28.
    - Fiji ends DST 2019-01-13, not 2019-01-20.
    - Most of Chile changes DST dates, effective 2019-04-06.

tzdata (2018e-0ubuntu0.12.04.1) precise; urgency=medium

  * New upstream release.  LP: #1750627.

tzdata (2017c-0ubuntu0.12.04) precise; urgency=medium

  * New upstream release (LP: #1712675, #1696298, #1691092, #1676117)

Date: 2021-01-28 05:31:09.140277+00:00
Changed-By: Brian Murray <brian at ubuntu.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/tzdata/2021a-0ubuntu0.12.04
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:04 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:04 -0000
Subject: [ubuntu/precise-updates] unzip 6.0-4ubuntu2.6 (Accepted)
Message-ID: <162005238402.6008.10653227562273971968.launchpad@ackee.canonical.com>

unzip (6.0-4ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in unzip (LP: #387350)
    - debian/patches/17-cve-2014-9913-unzip-buffer-overflow: Accommodate
      printing an oversized compression method number in list.c.
    - CVE-2014-9913 
  * SECURITY UPDATE: buffer overflow in zipinfo (LP: #1643750)
    - debian/patches/18-cve-2016-9844-zipinfo-buffer-overflow: Accommodate an
      oversized compression method number in zipinfo.c.
    - CVE-2016-9844
  * SECURITY UPDATE: buffer overflow
    - debian/patches/07-increase-size-of-cfactorstr: Increase size of
      cfactorstr array in list.c.
    - CVE-2018-18384
  * SECURITY UPDATE: buffer overflow in password protected ZIP archives
    - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
      check before allocating memory in fileio.c.
    - CVE-2018-1000035
  * SECURITY UPDATE: denial of service (resource consumption)
    - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
      in undefer_input() of fileio.c that misplaced the input state.
    - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
      Detect and reject a zip bomb using overlapped entries.
    - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
      Do not raise a zip bomb alert for a misplaced central directory.
    - CVE-2019-13232

Date: 2020-12-11 01:15:13.352220+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:06 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:06 -0000
Subject: [ubuntu/precise-updates] vim 2:7.3.429-2ubuntu2.3 (Accepted)
Message-ID: <162005238619.6007.16588805056451045776.launchpad@ackee.canonical.com>

vim (2:7.3.429-2ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/upstream/patch-8.0.070*.patch: check the event
      event for being out of range in src/fileio.c; do not set cmdbuff to
      NULL, make it empty in src/ex_getln.c; set w_s pointer if w_buffer
      was NULL in src/ex_cmds.c.
    - CVE-2017-11109
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/upstream/patch-8.0.0322-*.patch: check for an invalid
      length in src/spell.c.
    - CVE-2017-5953
  * SECURITY UPDATE: Integer overflow
    - debian/patches/upstream/patch-8.0.0377*.patch: check if allocated size
      is not too big in src/undo.c.
    - CVE-2017-6349
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/upstream/patch-8.0.0378*.patch: check if allocated size
      is not too big in src/undo.c.
    - CVE-2017-6350

Date: 2020-03-18 20:01:15.850467+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:7.3.429-2ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:08 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:08 -0000
Subject: [ubuntu/precise-updates] w3m 0.5.3-5ubuntu1.3 (Accepted)
Message-ID: <162005238820.6008.16050666351324094867.launchpad@ackee.canonical.com>

w3m (0.5.3-5ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Infinite recursion flaw in HTMLlineproc0
    - debian/patches/CVE-2018-6196.patch: prevent negative indent value
      in table.c.
    - CVE-2018-6196
  * SECURITY UPDATE: NULL pointer dereference flaw in formUpdateBuffer
    - debian/patches/CVE-2018-6197.patch: prevent invalid columnPos() call
      in form.c.
    - CVE-2018-6197
  * SECURITY UPDATE: does not properly handle temp files
    - debian/patches/CVE-218-6198.patch: make temp directory safely
      in config.h.dist, config.h.in, configure, configure.ac, main.c and rc.c.
    - CVE-2018-6198

Date: 2018-01-30 19:22:12.835258+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/w3m/0.5.3-5ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:09 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:09 -0000
Subject: [ubuntu/precise-updates] wget 1.13.4-2ubuntu1.7 (Accepted)
Message-ID: <162005238944.6007.2709570060209595502.launchpad@ackee.canonical.com>

wget (1.13.4-2ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-5953-*.patch: fix in
      src/iri.c.
    - CVE-2019-5953

wget (1.13.4-2ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Cookie injection vulnerability
    - debian/patches/CVE-2018-0494.patch: fix cooking injection
      in src/http.c.
    - CVE-2018-0494

wget (1.13.4-2ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: race condition leading to access list bypass
    - debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
    - debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
      src/http.c.
    - debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
      src/http.c.
    - CVE-2016-7098
  * SECURITY UPDATE: CRLF injection in url_parse
    - debian/patches/CVE-2017-6508.patch: check for invalid control
      characters in src/url.c.
    - CVE-2017-6508
  * SECURITY UPDATE: stack overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13089.patch: return error on negative chunk
      size in src/http.c.
    - CVE-2017-13089
  * SECURITY UPDATE: heap overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13090.patch: stop processing on negative
      chunk size in src/retr.c.
    - CVE-2017-13090

Date: 2019-04-08 23:40:12.108355+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/wget/1.13.4-2ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 14:33:10 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 14:33:10 -0000
Subject: [ubuntu/precise-updates] wpasupplicant 0.7.3-6ubuntu2.5 (Accepted)
Message-ID: <162005239088.6008.5531790060713102923.launchpad@ackee.canonical.com>

wpasupplicant (0.7.3-6ubuntu2.5) precise-security; urgency=medium

   * SECURITY UPDATE: Incorrect indication of disconnection in certain
     situations
     - debian/patches/CVE-2019-16275.patch: silently ignore management
       frame from unexpected source address in src/ap/drv_callbacks.c,
       src/ap/ieee882_11.c.
     - CVE-2019-16275

Date: 2019-09-17 13:53:22.136239+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/wpasupplicant/0.7.3-6ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.

From steve.langasek at canonical.com  Mon May  3 16:10:02 2021
From: steve.langasek at canonical.com (Steve Langasek)
Date: Mon, 03 May 2021 16:10:02 -0000
Subject: [ubuntu/precise-security] apt 0.8.16~exp12ubuntu10.29 (Accepted)
Message-ID: <162005820280.6008.8678746573875796504.launchpad@ackee.canonical.com>

apt (0.8.16~exp12ubuntu10.29) precise-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

apt (0.8.16~exp12ubuntu10.28) precise-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

apt (0.8.16~exp12ubuntu10.27) precise; urgency=low

  * When using the https transport mechanism, $no_proxy is ignored if apt is
    getting it's proxy information from $https_proxy (as opposed to
    Acquire::https::Proxy somewhere in apt config). If the source of proxy
    information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
    then $no_proxy is honored. This patch makes the behavior similar for
    both methods of setting the proxy. (LP: #1575877)

apt (0.8.16~exp12ubuntu10.26) precise; urgency=medium

  * Fix regression in the Never-MarkAuto-Sections feature caused by the
    previous auto-removal fix, with inspiration drawn from the patches
    and conversation from http://bugs.debian.org/793360 (LP: #1479207)

apt (0.8.16~exp12ubuntu10.25) precise; urgency=medium

  * Backport patches from David Kalnischkies to fix crashes with dynamic
    cache remapping (LP: #957231):
    - Do not dereference the storage for the unique strings as the pointer
      can change at the time of writing the strings, so first store it
      temporary and then save the index in the (possibly new) pointer
      location
    - Handle moved mmap after UniqFindTagWrite call (Closes: #753941)

apt (0.8.16~exp12ubuntu10.24) precise-proposed; urgency=low

  * fix crash for packages that have no section in their instVersion
    (LP: #1449394)

apt (0.8.16~exp12ubuntu10.23) precise-proposed; urgency=low

  * fix auto-removal behavior (thanks to Adam Conrad)
    LP: #1429041

apt (0.8.16~exp12ubuntu10.22) precise-proposed; urgency=low

  [ David Kalnischkies ]
  * methods/http.cc:
    - retry without partial data after a 416 response (closes: 710924)
      LP: #1382401

Date: 2020-05-28 17:23:13.335113+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.29
-------------- next part --------------
Sorry, changesfile not available.

From ubuntu-archive-robot at lists.canonical.com  Mon May  3 16:58:17 2021
From: ubuntu-archive-robot at lists.canonical.com (Ubuntu Archive Robot)
Date: Mon, 03 May 2021 16:58:17 -0000
Subject: [ubuntu/precise-updates] apt 0.8.16~exp12ubuntu10.29 (Accepted)
Message-ID: <162006109785.6008.4591570588264186889.launchpad@ackee.canonical.com>

apt (0.8.16~exp12ubuntu10.29) precise-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

apt (0.8.16~exp12ubuntu10.28) precise-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

Date: 2020-05-28 17:23:13.335113+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.29
-------------- next part --------------
Sorry, changesfile not available.