[Bug 887188] [NEW] Sync jabberd2 2.2.8-2.2 (universe) from Debian unstable (main)

Launchpad Bug Tracker 887188 at bugs.launchpad.net
Mon Nov 7 16:36:28 UTC 2011 

You have been subscribed to a public bug by Jamie Strandboge (jdstrand):

Please sync jabberd2 2.2.8-2.2 (universe) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:

The security update is included in the Debian version. All of the other bits
are rebuilds. The package builds fine on i386 and amd64. There is one change
that is not included in Debian, and that is the Conflicts/Replaces on jabber.
Testing in a chroot shows that jabber/jabberd14 and jabberd2 are co-installable
and that there is no reason to continue to carry this change, even though it
makes some sense to do so (eg, both can't run and bind to the same port). This
small improvement does not warrant a persistent delta with Debian.

  * SECURITY UPDATE: Prevent entity expansion in order to prevent the billion
    laughs DoS attack
    - Patch thanks to Nico Golde from Debian
    - CVE-2011-1755.dpatch
  * SECURITY UPDATE: Prevent entity expansion in order to prevent the billion
    laughs DoS attack
    - Patch thanks to Nico Golde from Debian
    - CVE-2011-1755.dpatch
  * Rebuild for OpenSSL 1.0.0.
  * Rebuild for libmysqlclient transition.
  * Rebuild for libmysqlclient transition.
  * Rebuild for libmysqlclient transition.
  * Rebuild for libmysqlclient transition.
  * debian/control: revert last change and instead Build-Depends on
    libgsasl7-dev (>= 1.4.0-1ubuntu2). This can be dropped in lucid+1
    (properly fix LP: #538126)
  * debian.control: Build-Depends on libgcrypt11-dev to fix FTBFS
    (LP: #538126)
  * Merge from debian unstable, remaining changes:
   - debian/control:
      + Added Conflicts and Replaces: ..., jabber for jabberd2
>>> ENTER_EXPLANATION_HERE <<<

Changelog entries since current precise version 2.2.8-2ubuntu6:

jabberd2 (2.2.8-2.2) unstable; urgency=low

  * Non-maintainer upload.
  * Don't ship .la files (Closes: #621606).

 -- Luk Claes <luk at debian.org>  Wed, 22 Jun 2011 08:14:00 +0200

jabberd2 (2.2.8-2.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Prevent entity expansion in order to prevent about
    the billion laughs DoS attack (CVE-2011-1755.dpatch).

 -- Nico Golde <nion at debian.org>  Mon, 30 May 2011 23:40:50 +0200

** Affects: jabberd2 (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Sync jabberd2 2.2.8-2.2 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/887188
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.

More information about the ubuntu-archive mailing list