Branches for Karmic

Author: Marc Deslauriers
Revision Date: 2011-04-07 13:24:12 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  malformed plugin configuration files
  - debian/patches/06_security_CVE-2010-454x.patch: fix format strings in
    plug-ins/{common/sphere-designer,gfig/gfig-style,
    lighting/lighting-ui}.c.
  - CVE-2010-4540
  - CVE-2010-4541
  - CVE-2010-4542
* SECURITY UPDATE: denial of service and possible code execution via
  malformed PSP image file
  - debian/patches/07_security_CVE-2010-4543.patch: fix buffer overflow
    in plug-ins/common/file-psp.c.
  - CVE-2010-4543

Author: Timo Aaltonen
Revision Date: 2011-04-06 17:38:54 UTC

* SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
  - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
    case.
  - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
  - CVE-2011-0465

Author: Timo Aaltonen
Revision Date: 2011-04-06 17:38:54 UTC

* SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
  - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
    case.
  - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
  - CVE-2011-0465

Author: Micah Gersten
Revision Date: 2011-03-28 04:04:10 UTC

* New upstream release v3.12.9 with updated ckbi module
  (NSS_3_12_9_WITH_CKBI_1_82_RTM)
  - SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
    explicitly mark the recently issued and revoked fraudulent certificates
    as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
    attempting to verify one of these fraudulent certificates (LP: #741729)
* Add new symbols
  - update debian/libnss3-1d.symbols

Author: Marc Deslauriers
Revision Date: 2011-03-31 13:39:29 UTC

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

Author: Brian Thomason
Revision Date: 2011-01-28 13:44:28 UTC

* SECURITY UPDATE: Fix bug which allows remote attackers to execute arbitrary
  Perl code. (LP: #709401)
  - debian/patches/006_CVE-2008-5305.dpatch: patch derived from upstream
    hotfix
  - CVE-2008-5305

Author: Gary Lasker
Revision Date: 2011-04-02 16:48:57 UTC

* New upstream release 2011e: (LP: #747946)
  - africa: Add start and end of DST in 2011 in Morocco.
  - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th

Author: Jonathan Riddell
Revision Date: 2011-03-27 23:43:32 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
    lists and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Jonathan Riddell
Revision Date: 2011-03-27 23:43:32 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
    lists and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Marc Deslauriers
Revision Date: 2011-03-31 13:39:29 UTC

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

Author: Steve Beattie
Revision Date: 2011-03-29 00:22:45 UTC

* SECURITY UPDATE: race condition allowing privilege escalation
  - debian/patches/27_CVE-2011-0727.patch: fix
    daemon/gdm-session-worker.c to copy files as session user rather
    than root followed by a subsequent chown.
  - CVE-2011-0727

Author: Marc Deslauriers
Revision Date: 2011-03-30 13:20:44 UTC

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

Author: Marc Deslauriers
Revision Date: 2011-03-30 13:20:44 UTC

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

Author: Marc Deslauriers
Revision Date: 2011-03-25 14:52:24 UTC

* SECURITY UPDATE: denial of service via crafted glob expressions
  - debian/patches/11-CVE-2011-0762.patch: limit number of iterations in
    access.c, defs.h, ls.*.
  - CVE-2011-0762

Author: Marc Deslauriers
Revision Date: 2011-03-24 13:58:06 UTC

* SECURITY UPDATE: directory traversal via incorrect ServetContext
  attribute (LP: #717396)
  - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
    java/org/apache/catalina/core/StandardContext.java.
  - CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
  - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
    java/org/apache/catalina/manager/{HTMLManagerServlet.java,
    StatusTransformer.java}.
  - CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
  (LP: #714239, LP: #717396)
  - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
    java/org/apache/coyote/http11/InternalNioInputBuffer.java.
  - CVE-2011-0534

Author: Steve Beattie
Revision Date: 2011-03-29 00:22:45 UTC

* SECURITY UPDATE: race condition allowing privilege escalation
  - debian/patches/27_CVE-2011-0727.patch: fix
    daemon/gdm-session-worker.c to copy files as session user rather
    than root followed by a subsequent chown.
  - CVE-2011-0727

Author: Jamie Strandboge
Revision Date: 2011-01-04 14:37:19 UTC

* SECURITY UPDATE: fix DoS with too deeply nested messages
  - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
    message variants. Backported from upstream.
  - CVE-2010-4352
  - LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev

Author: Jamie Strandboge
Revision Date: 2011-01-04 14:37:19 UTC

* SECURITY UPDATE: fix DoS with too deeply nested messages
  - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
    message variants. Backported from upstream.
  - CVE-2010-4352
  - LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev

Author: Micah Gersten
Revision Date: 2011-03-28 04:04:10 UTC

* New upstream release v3.12.9 with updated ckbi module
  (NSS_3_12_9_WITH_CKBI_1_82_RTM)
  - SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
    explicitly mark the recently issued and revoked fraudulent certificates
    as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
    attempting to verify one of these fraudulent certificates (LP: #741729)
* Add new symbols
  - update debian/libnss3-1d.symbols

Author: Marc Deslauriers
Revision Date: 2011-03-25 14:52:24 UTC

* SECURITY UPDATE: denial of service via crafted glob expressions
  - debian/patches/11-CVE-2011-0762.patch: limit number of iterations in
    access.c, defs.h, ls.*.
  - CVE-2011-0762

Author: William Grant
Revision Date: 2011-03-24 14:01:44 UTC

* SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch
  contents. (LP: #740142)
  - debian/patches/bug-740142.diff: improve escaping of filenames.
  - CVE-2011-0728

Author: William Grant
Revision Date: 2011-03-24 14:01:44 UTC

* SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch
  contents. (LP: #740142)
  - debian/patches/bug-740142.diff: improve escaping of filenames.
  - CVE-2011-0728

Author: Evan Broder
Revision Date: 2009-11-13 10:07:28 UTC

* Backport fix for Debian #553542 to Karmic: (LP: #463429)
  - In the postinst of openafs-modules-dkms, if the openafs module
    is already added in DKMS, try to remove it first before adding
    it. This should more correctly handle the case of a user
    installing this package without the correct kernel headers,
    having it fail in postinst, and then installing the correct
    headers and having dpkg attempt to configure the package again.
    Thanks, Philipp Kaluza. (Closes: #553542)

Author: Russ Allbery
Revision Date: 2009-07-10 13:57:55 UTC

New upstream release.

Author: Michael Vogt
Revision Date: 2009-06-25 15:58:44 UTC

* Merge from debian unstable, remaining changes:
  - drop libfsplib-dev, libtre-dev, libmozjs-dev from build-depends
    (all universe)
  - debian/rules: remove --enable-fsp

Author: Marc Deslauriers
Revision Date: 2011-03-24 13:58:06 UTC

* SECURITY UPDATE: directory traversal via incorrect ServetContext
  attribute (LP: #717396)
  - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
    java/org/apache/catalina/core/StandardContext.java.
  - CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
  - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
    java/org/apache/catalina/manager/{HTMLManagerServlet.java,
    StatusTransformer.java}.
  - CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
  (LP: #714239, LP: #717396)
  - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
    java/org/apache/coyote/http11/InternalNioInputBuffer.java.
  - CVE-2011-0534

Author: Marc Deslauriers
Revision Date: 2011-03-23 14:16:30 UTC

* SECURITY UPDATE: denial of service via malformed extended communities
  - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
    communities in bgpd/bgp_attr.c.
  - CVE-2010-1674
* SECURITY UPDATE: denial of service via AS_PATHLIMIT
  - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support
    in bgpd/bgp_attr.c.
  - CVE-2010-1675

Author: Marc Deslauriers
Revision Date: 2011-03-23 14:16:30 UTC

* SECURITY UPDATE: denial of service via malformed extended communities
  - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
    communities in bgpd/bgp_attr.c.
  - CVE-2010-1674
* SECURITY UPDATE: denial of service via AS_PATHLIMIT
  - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support
    in bgpd/bgp_attr.c.
  - CVE-2010-1675

Author: Marc Deslauriers
Revision Date: 2011-03-21 16:55:09 UTC

* SECURITY UPDATE: denial of service via request containing lock token
  - debian/patches/CVE-2011-0715.patch: correctly handle locks being
    passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
    subversion/mod_dav_svn/version.c.
  - CVE-2011-0715

Author: Marc Deslauriers
Revision Date: 2011-03-21 16:55:09 UTC

* SECURITY UPDATE: denial of service via request containing lock token
  - debian/patches/CVE-2011-0715.patch: correctly handle locks being
    passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
    subversion/mod_dav_svn/version.c.
  - CVE-2011-0715

Author: Brad Figg
Revision Date: 2011-03-18 11:55:37 UTC

[ Brad Figg ]

* Release Tracking Bug
  - LP: #737761

[ Brad Figg ]

* Rebased to 2.6.31-23.75

[ Ubuntu: 2.6.31-23.75 ]

* Release Tracking Bug
  - LP: #737663
* do_exit(): make sure that we run with get_fs() == USER_DS,
  CVE-2010-4258
  - LP: #723945
  - CVE-2010-4258
* xfs: always use iget in bulkstat
  - LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
  - LP: #731199
  - CVE-2010-4164
* Revised [CVE-2010-4345 Karmic] install_special_mapping skips
  security_file_mmap check. CVE-2010-4346
  - LP: #731971
  - CVE-2010-4346
* econet: Fix crash in aun_incoming(). CVE-2010-4342
  - LP: #736394
  - CVE-2010-4342

Author: Brad Figg
Revision Date: 2011-03-18 11:55:37 UTC

[ Brad Figg ]

* Release Tracking Bug
  - LP: #737761

[ Brad Figg ]

* Rebased to 2.6.31-23.75

[ Ubuntu: 2.6.31-23.75 ]

* Release Tracking Bug
  - LP: #737663
* do_exit(): make sure that we run with get_fs() == USER_DS,
  CVE-2010-4258
  - LP: #723945
  - CVE-2010-4258
* xfs: always use iget in bulkstat
  - LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
  - LP: #731199
  - CVE-2010-4164
* Revised [CVE-2010-4345 Karmic] install_special_mapping skips
  security_file_mmap check. CVE-2010-4346
  - LP: #731971
  - CVE-2010-4346
* econet: Fix crash in aun_incoming(). CVE-2010-4342
  - LP: #736394
  - CVE-2010-4342

Author: Brad Figg
Revision Date: 2011-03-18 11:55:37 UTC

[ Brad Figg ]

* Release Tracking Bug
  - LP: #737761

[ Brad Figg ]

* Rebased to 2.6.31-23.75

[ Ubuntu: 2.6.31-23.75 ]

* Release Tracking Bug
  - LP: #737663
* do_exit(): make sure that we run with get_fs() == USER_DS,
  CVE-2010-4258
  - LP: #723945
  - CVE-2010-4258
* xfs: always use iget in bulkstat
  - LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
  - LP: #731199
  - CVE-2010-4164
* Revised [CVE-2010-4345 Karmic] install_special_mapping skips
  security_file_mmap check. CVE-2010-4346
  - LP: #731971
  - CVE-2010-4346
* econet: Fix crash in aun_incoming(). CVE-2010-4342
  - LP: #736394
  - CVE-2010-4342

Author: Jamie Strandboge
Revision Date: 2011-03-16 10:17:57 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
  backend. Note: Ubuntu is not compiled with --enable-ndb by default
  - debian/patches/CVE-2011-1025
  - CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081

Author: Jamie Strandboge
Revision Date: 2011-03-16 10:17:57 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
  backend. Note: Ubuntu is not compiled with --enable-ndb by default
  - debian/patches/CVE-2011-1025
  - CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081

Author: Dustin Kirkland 
Revision Date: 2011-02-11 17:46:26 UTC

* SECURITY UPDATE: Setting VNC password to empty string silently
  disables all authentication (LP: #697197)
  - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the
    change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson.
  - CVE-2011-0011

Author: Jamie Strandboge
Revision Date: 2011-03-15 16:23:44 UTC

* SECURITY UPDATE: debian/patches/9902-CVE-2011-1146.patch: Add missing
  checks for read only connections.
  - CVE-2011-1146

Author: Jamie Strandboge
Revision Date: 2011-03-15 16:23:44 UTC

* SECURITY UPDATE: debian/patches/9902-CVE-2011-1146.patch: Add missing
  checks for read only connections.
  - CVE-2011-1146

Author: Kees Cook
Revision Date: 2011-03-10 12:28:34 UTC

fake sync from Debian

Author: Kees Cook
Revision Date: 2011-03-10 12:28:34 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2011-03-09 09:24:36 UTC

[ Matthias Klose ]
* IcedTea6 1.8.7 release.
  - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption.
  - S6907662, CVE-2010-4465: Swing timer-based security manager bypass.
  - S6994263, CVE-2010-4472: Untrusted code allowed to replace
    DSIG/C14N implementation.
  - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets.
  - S6983554, CVE-2010-4450: Launcher incorrect processing of empty
    library path entries.
  - S6985453, CVE-2010-4471: Java2D font-related system property leak.
  - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation.
  - CVE-2011-0706: Multiple signers privilege escalation.

* IcedTea6 1.8.6 release.
  - S4421494, CVE-2010-4476: infinite loop while parsing double literal.

[ Steve Beattie ]
* debian/patches/hotspot-fix_added_define.patch: added to fix
  redefinition added by patch for S6878713

Author: Steve Beattie
Revision Date: 2011-03-09 09:24:36 UTC

[ Matthias Klose ]
* IcedTea6 1.8.7 release.
  - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption.
  - S6907662, CVE-2010-4465: Swing timer-based security manager bypass.
  - S6994263, CVE-2010-4472: Untrusted code allowed to replace
    DSIG/C14N implementation.
  - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets.
  - S6983554, CVE-2010-4450: Launcher incorrect processing of empty
    library path entries.
  - S6985453, CVE-2010-4471: Java2D font-related system property leak.
  - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation.
  - CVE-2011-0706: Multiple signers privilege escalation.

* IcedTea6 1.8.6 release.
  - S4421494, CVE-2010-4476: infinite loop while parsing double literal.

[ Steve Beattie ]
* debian/patches/hotspot-fix_added_define.patch: added to fix
  redefinition added by patch for S6878713

Author: Dustin Kirkland 
Revision Date: 2011-02-11 17:19:37 UTC

* Cherry-pick upstream commit bzr r520
* src/utils/mount.ecryptfs_private.c:
  - fix bug LP: #313812, clear used keys on unmount
  - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
    umount.ecryptfs behave similarly
  - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek

Author: Marc Deslauriers
Revision Date: 2011-03-04 14:13:34 UTC

* SECURITY UPDATE: denial of service via NULL packet
  - debian/patches/CVE-2011-1002.patch: still read corrupt packets from
    sockets in avahi-core/socket.c.
  - CVE-2011-1002

Author: Marc Deslauriers
Revision Date: 2011-03-04 14:13:34 UTC

* SECURITY UPDATE: denial of service via NULL packet
  - debian/patches/CVE-2011-1002.patch: still read corrupt packets from
    sockets in avahi-core/socket.c.
  - CVE-2011-1002

Author: Marc Deslauriers
Revision Date: 2011-03-01 10:49:46 UTC

* SECURITY UPDATE: denial of service via crafted font file
  - debian/patches/20_CVE-2010-0421.patch: initialize memory and properly
    calculate size in pango/opentype/hb-ot-layout.cc.
  - CVE-2010-0421
* SECURITY UPDATE: denial of service and possible code execution via
  crafted font file (LP: #696616)
  - debian/patches/21_CVE-2011-0020.patch: check for overflow in
    pango/pangoft2-render.c.
  - CVE-2011-0020
* SECURITY UPDATE: denial of service and possible code execution via
  unchecked realloc failures
  - debian/patches/22_CVE-2011-0064.patch: check for realloc failures in
    pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h.
  - CVE-2011-0064

Author: Marc Deslauriers
Revision Date: 2011-03-01 10:49:46 UTC

* SECURITY UPDATE: denial of service via crafted font file
  - debian/patches/20_CVE-2010-0421.patch: initialize memory and properly
    calculate size in pango/opentype/hb-ot-layout.cc.
  - CVE-2010-0421
* SECURITY UPDATE: denial of service and possible code execution via
  crafted font file (LP: #696616)
  - debian/patches/21_CVE-2011-0020.patch: check for overflow in
    pango/pangoft2-render.c.
  - CVE-2011-0020
* SECURITY UPDATE: denial of service and possible code execution via
  unchecked realloc failures
  - debian/patches/22_CVE-2011-0064.patch: check for realloc failures in
    pango/opentype/hb-buffer.*, pango/opentype/hb-buffer-private.h.
  - CVE-2011-0064

Author: Daniel Leidert
Revision Date: 2008-10-26 15:13:10 UTC

* debian/compat: Raised to v5.
* debian/control: Vcs fields transition. Added DM-Upload-Allowed.
  (Vcs-Svn): Fixed location.
  (Build-Depends): Raised debhelper to v5.
  (Depends): Moved xml-core to Pre-Depends and increased the version to 0.12
  (closes: #482140).
  (Standards-Version): Raised to 3.7.3.
* debian/rules (debian/docbook-xml.install): Fixed to not put non-existent
  files into the .install file.
  (debian/docbook-xml.xmlcatalogs): Use `sed -i' and do not create a
  temporary file.
* debian/source.lintian-overrides: Added to override
  patch-system-but-direct-changes-in-diff warning, because file creation is
  intended.

Author: Thierry Carrez
Revision Date: 2008-10-20 11:22:38 UTC

Set java source and target version to 1.4 (LP: #264808)

Author: Matthias Klose
Revision Date: 2008-10-20 13:22:01 UTC

Set java source version to 1.4. LP: #264808.

Author: Alastair McKinstry
Revision Date: 2009-03-30 23:30:39 UTC

* Added Russian translation from Yuri Kozlov. Closes: #521644.
* Move to Standards-Version: 3.8.1.0; no changes required.

Author: Fathi Boudra
Revision Date: 2007-10-14 09:20:12 UTC

Initial release. (Closes: #446583)

Author: Kees Cook
Revision Date: 2008-05-28 17:33:48 UTC

Fix auto.net to use "sort -u", which was missing in the fix for solving
LP: #111612.

Author: Chris Cheney
Revision Date: 2009-04-13 13:15:00 UTC

Added symlinks for countries. (LP: #359276)

Author: Steve Beattie
Revision Date: 2011-02-26 01:17:19 UTC

* SECURITY UPDATE: privileged code execution via badly named logfiles
  - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
    names don't contain '.
  - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26
  - CVE-2011-1018

Author: Steve Beattie
Revision Date: 2011-02-26 01:17:19 UTC

* SECURITY UPDATE: privileged code execution via badly named logfiles
  - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
    names don't contain '.
  - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26
  - CVE-2011-1018

Author: Steve Conklin
Revision Date: 2011-02-28 22:44:08 UTC

Bump linux-ec2 ABI to 308 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-28 22:44:08 UTC

Bump linux-ec2 ABI to 308 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-28 22:44:08 UTC

Bump linux-ec2 ABI to 308 for proposed release

Author: Jonas Smedegaard
Revision Date: 2008-11-05 00:32:50 UTC

* New upstream release.
* Unfuzz patches.
* Update cdbs snippets:
  + Restructure output of copyright-check.mk to match new proposed
    copyright-format at
    http://wiki.debian.org/Proposals/CopyrightFormat .
  + Several minor improvements to upstream-tarball.mk.
  + Add new local package-relations.mk to merge duplicate
    build-dependencies and more. Drop cleanup in debian/rules.
  + Update debian/README.cdbs-tweaks.
* Update copyright hints.
* Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).

Author: Steve Conklin
Revision Date: 2011-02-25 16:07:23 UTC

Bump linux-ports ABI to 23 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-25 16:07:23 UTC

Bump linux-ports ABI to 23 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-25 16:07:23 UTC

Bump linux-ports ABI to 23 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-25 15:48:42 UTC

[ Steve Conklin ]

Bump ABI to -23 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-25 15:48:42 UTC

[ Steve Conklin ]

Bump ABI to -23 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-25 15:48:42 UTC

[ Steve Conklin ]

Bump ABI to -23 for proposed release

Author: Steve Conklin
Revision Date: 2011-02-25 15:28:45 UTC

Bump ABI to 23 for proposed kernel

Author: Steve Conklin
Revision Date: 2011-02-25 15:28:45 UTC

Bump ABI to 23 for proposed kernel

Author: Steve Conklin
Revision Date: 2011-02-25 15:28:45 UTC

Bump ABI to 23 for proposed kernel

Author: Artur Rona
Revision Date: 2010-04-24 02:53:57 UTC

* SECURITY UPDATE: Multiple unspecified vulnerabilities in Trac
  before 0.11.6 have unknown impact and attack vectors, possibly
  related to (1) "policy checks in report results when using alternate
  formats" or (2) a "check for the 'raw' role that is missing
  in docutils < 0.6." (LP: #394290)
  - debian/patches/21_CVE-2009-4405.dpatch
  - CVE-2009-4405

Author: Artur Rona
Revision Date: 2010-04-24 02:53:57 UTC

* SECURITY UPDATE: Multiple unspecified vulnerabilities in Trac
  before 0.11.6 have unknown impact and attack vectors, possibly
  related to (1) "policy checks in report results when using alternate
  formats" or (2) a "check for the 'raw' role that is missing
  in docutils < 0.6." (LP: #394290)
  - debian/patches/21_CVE-2009-4405.dpatch
  - CVE-2009-4405

Author: Alessandro Ghersi
Revision Date: 2009-10-17 06:28:34 UTC

* Merge from Debian unstable, remaining changes:
  - Build-depend directly on libboost-serialization1.38-dev since
    libboost-serialization-dev from boost-defaults is not in Main
  - Add KUBUNTU_DESKTOP_POT to rules
  - Drop libphonon-dev
  - Build with our rules file for now, we haven't debhelper 7.3.16 in archive
    and keep pkg-kde-tools >= 0.4.11

Author: Chris Coulson
Revision Date: 2010-06-16 12:46:57 UTC

* New upstream release 3.0.2 to support Firefox 3.6
* Rename binary package to xul-ext-mozgest and provide a transitional
  package to ensure lucid upgrades work properly
  - update debian/control
  - update debian/rules
* Drop obsolete patches
  - remove debian/patches/no-dialog-on-first-startup.patch
  - don't include simple-patchsys.mk in debian/rules

Author: Chris Coulson
Revision Date: 2010-06-16 12:46:57 UTC

* New upstream release 3.0.2 to support Firefox 3.6
* Rename binary package to xul-ext-mozgest and provide a transitional
  package to ensure lucid upgrades work properly
  - update debian/control
  - update debian/rules
* Drop obsolete patches
  - remove debian/patches/no-dialog-on-first-startup.patch
  - don't include simple-patchsys.mk in debian/rules

Author: Atsuhito KOHDA
Revision Date: 2009-06-24 12:24:37 UTC

New Upstream Release.

Author: Alexander Sack
Revision Date: 2009-01-12 16:21:47 UTC

no changes upload for nss/nspr SONAME mini-transition

Author: Thomas Viehmann
Revision Date: 2008-10-02 18:09:30 UTC

* Non-maintainer upload.
* Fix debian/copyright, include info on license obtained from Digital
  Mars. Thanks to Walter Bright. Closes: #499931

Author: Daniel Baumann
Revision Date: 2008-12-26 10:09:00 UTC

* Prefixing debhelper files with package name.
* Removing default logo in /etc/linux_logo.conf (Closes: #504717).
* Using debhelper install file to install additional files instead of
  install target in rules.
* Using quilt instead of dpatch.
* Adding description in menu file.

Author: Jonathan Thomas
Revision Date: 2010-02-12 08:27:34 UTC

* Karmic backport:
  - Get rid of source format 3.0 (quilt)
  - Bump down debhelper build-dep version
  - Add cdbs build-depend
  - Bump down pkg-kde-tools build-dep version
  - Use libindicate patches from karmic
  - Use kde.mk rather than dh --with-kde

Author: Christian Perrier
Revision Date: 2009-06-13 09:23:30 UTC

[ Colin Watson ]
* check.d/nomountpoint_xfs:
  - partman-xfs/no_mount_point is a boolean, not a select (thanks, Nicolas
    Valcárcel; LP: #256459).

[ Updated translations ]
* Asturian (ast.po) by Marcos Alvarez Costales
* Bengali (bn.po) by Md. Rezwan Shahid
* Esperanto (eo.po) by Felipe Castro
* Estonian (et.po) by Mattias Põldaru
* Basque (eu.po) by Piarres Beobide
* Galician (gl.po) by marce villarino
* Hindi (hi.po) by Kumar Appaiah
* Italian (it.po) by Milo Casagrande
* Kazakh (kk.po) by daur88
* Malayalam (ml.po) by Praveen Arimbrathodiyil
* Marathi (mr.po) by Sampada
* Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
* Tagalog (tl.po) by Eric Pareja

Author: Christian Perrier
Revision Date: 2009-06-13 09:12:36 UTC

[ Colin Watson ]
* check.d/nomountpoint_reiserfs:
  - partman-reiserfs/no_mount_point is a boolean, not a select (thanks,
    Nicolas Valcárcel; LP: #256459).

[ Updated translations ]
* Asturian (ast.po) by Marcos Alvarez Costales
* Bengali (bn.po) by Md. Rezwan Shahid
* Esperanto (eo.po) by Felipe Castro
* Estonian (et.po) by Mattias Põldaru
* Basque (eu.po) by Piarres Beobide
* Galician (gl.po) by marce villarino
* Hindi (hi.po) by Kumar Appaiah
* Italian (it.po) by Milo Casagrande
* Kazakh (kk.po) by daur88
* Malayalam (ml.po) by Praveen Arimbrathodiyil
* Marathi (mr.po) by Sampada
* Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
* Tagalog (tl.po) by Eric Pareja

Author: Ryan Niebur
Revision Date: 2009-02-17 12:43:32 UTC

[ Ryan Niebur ]
* Adopt as part of the games team (Closes: #515504)
* update build dependency from x-dev to x11proto-core-dev (Closes:
  #515453)
* use Homepage field instead of long description
* debhelper 7
* redo debian/rules
* add watch file
* update FSF address in debian/copyright, add information about Debian
  packaging
* use quilt
* make it so that configure can be regerated
* build with sound support (Closes: #155806). Thanks to André
  Dahlqvist for the patch.
* add README.source
* standards version 3.8.0
* add .desktop file

[ Gonéri Le Bouder ]
* Add Vcs-* fields

Author: Samuel Mimram
Revision Date: 2009-02-24 20:46:08 UTC

[ Stefano Zacchiroli ]
* fix vcs-svn field to point just above the debian/ dir

[ Ralf Treinen ]
* Added myself to Uploaders.
* doc-base file:
  - changed section to Programming/OCaml.
  - fixed minor spelling errors.
  - converted to utf8.

[ Samuel Mimram ]
* Refresh documentation for OCaml 3.11.
* Switch packaging to git
* Update standards verstion to 3.8.0.
* Update compat to 7.

Author: Martin Michlmayr
Revision Date: 2009-06-07 09:24:53 UTC

[ Frans Pop ]
* Remove myself as uploader.

[ Colin Watson ]
* Make findfs use the last of any mounts found, in case there's more than
  one due to pilot error in the partitioner.

[ Martin Michlmayr ]
* Remove Netwinder-specific code since this device is no longer
  supported.

[ Updated translations ]
* ast (ast.po) by Marcos Alvarez Costales
* Belarusian (be.po) by Pavel Piatruk
* Bulgarian (bg.po) by Damyan Ivanov
* Bengali (bn.po) by Md. Rezwan Shahid
* Czech (cs.po) by Miroslav Kure
* German (de.po) by Jens Seidel
* Greek (el.po) by Emmanuel Galatoulas
* Esperanto (eo.po) by Felipe Castro
* Spanish (es.po) by Javier Fernández-Sanguino Peña
* Estonian (et.po) by Mattias Põldaru
* Basque (eu.po) by pi
* French (fr.po) by Christian Perrier
* Galician (gl.po) by marce villarino
* Hindi (hi.po) by Kumar Appaiah
* Italian (it.po) by Milo Casagrande
* Japanese (ja.po) by Kenshi Muto
* Kazakh (kk.po) by Dauren Sarsenov
* Lithuanian (lt.po) by Kęstutis Biliūnas
* Malayalam (ml.po) by Praveen Arimbrathodiyil
* Marathi (mr.po) by Sampada
* Norwegian Bokmal (nb.po) by Hans Fredrik Nordhaug
* Punjabi (Gurmukhi) (pa.po) by Amanpreet Singh Alam
* Portuguese (pt.po) by Miguel Figueiredo
* Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
* Romanian (ro.po) by Eddy Petrișor
* Russian (ru.po) by Yuri Kozlov
* Slovak (sk.po) by Ivan Masár
* Swedish (sv.po) by Daniel Nylander
* Thai (th.po) by Theppitak Karoonboonyanan
* Tagalog (tl.po) by Eric Pareja
* Vietnamese (vi.po) by Clytie Siddall
* Simplified Chinese (zh_CN.po) by Deng Xiyue

Author: David Martínez Moreno
Revision Date: 2004-08-12 11:42:27 UTC

* New upstream release.
* Converted debian/changelog to UTF-8.
* Created debian/compat.
* debian/control:
  - Updated Standards-Version to 3.6.1 (no changes).
  - Converted to UTF-8.
  - Updated Build-Depends to debhelper v4.
  - Fixed short Description to comply with Developers Reference advice.
* debian/copyright:
  - Removed rests of dh_make in upstream's names.
  - Converted to UTF-8.
* debian/rules:
  - Cleaned old comments.
  - Uncommented dh_compress. That was giving lintian errors due to the
    changelog not being compressed.
  - Removed DH_COMPAT.

Author: Chris Cheney
Revision Date: 2009-04-13 13:45:00 UTC

Added symlinks for countries. (LP: #359276)

Author: David Martínez Moreno
Revision Date: 2006-02-03 02:13:40 UTC

* Fixed syntax in Makefile for compatibility with new make. Thanks, Daniel
  Schepler (closes: #350689).
* Acknowledge NMU from Steve (closes: #287422).
* debian/control: Bumped Standards-Version to 3.6.2.2.
* debian/copyright: Updated FSF's address.

Author: Bart Martens
Revision Date: 2007-04-13 18:42:01 UTC

* New upstream release.
* debian/patches/01_add_whitespace.diff: Removed.

Author: Aurelien Jarno
Revision Date: 2006-12-10 14:46:40 UTC

* NMU.
* Urgency set to high due to bug #401566
* Fix a segfault on 64-bit arches. Closes: #401566.
* Remove "Acceuillant" from the list of words. Closes: #321142.
* Add support for GNU/kFreeBSD. Closes: #332998.

Author: Marc Deslauriers
Revision Date: 2011-02-23 16:21:11 UTC

* SECURITY UPDATE: denial of service via missing range checks on file
  descriptors
  - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
    file descriptors.
  - CVE-2011-0719

Author: Marc Deslauriers
Revision Date: 2011-02-23 16:21:11 UTC

* SECURITY UPDATE: denial of service via missing range checks on file
  descriptors
  - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
    file descriptors.
  - CVE-2011-0719

Author: Marc Deslauriers
Revision Date: 2011-02-17 10:05:20 UTC

* SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
  - debian/patches/80_CVE-2011-0707.patch: properly clean strings in
    Mailman/Cgi/confirm.py.
  - CVE-2011-0707
* SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
  information and description fields
  - debian/patches/81_CVE-2010-3089.patch: properly clean strings in
    Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
  - CVE-2010-3089

Author: Marc Deslauriers
Revision Date: 2011-02-17 10:05:20 UTC

* SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
  - debian/patches/80_CVE-2011-0707.patch: properly clean strings in
    Mailman/Cgi/confirm.py.
  - CVE-2011-0707
* SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
  information and description fields
  - debian/patches/81_CVE-2010-3089.patch: properly clean strings in
    Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
  - CVE-2010-3089

Author: Jamie Strandboge
Revision Date: 2011-02-18 12:42:35 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2011-02-18 12:42:35 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2011-02-18 12:55:15 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2011-02-18 12:55:15 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2011-02-15 17:18:54 UTC

* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
  - debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
    requests, regardless of apparent AJAX origin. This is technically
    backwards-incompatible, but the security risks have been judged to
    outweigh the compatibility concerns in this case. See the Django project
    notes for more information:
    http://www.djangoproject.com/weblog/2011/feb/08/security/
  - CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
  - debian/patches/25_CVE-2011-0697.diff: properly escape URL in
    django/contrib/admin/widgets.py
  - CVE-2011-0697

Author: Kees Cook
Revision Date: 2011-02-14 13:43:17 UTC

* SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
  - debian/patches/900_locale_env_sanity: actually set locale environment
    variables correctly.
  - debian/patches/901_reject_newline: reject newlines in GECOS updates.
  - CVE-2011-0721

Author: Kees Cook
Revision Date: 2011-02-14 13:43:17 UTC

* SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
  - debian/patches/900_locale_env_sanity: actually set locale environment
    variables correctly.
  - debian/patches/901_reject_newline: reject newlines in GECOS updates.
  - CVE-2011-0721