Branches for Lucid

Name Status Last Modified Last Commit
lp:ubuntu/lucid-proposed/vde2 bug Mature 2015-02-26 19:58:08 UTC 2015-02-26
11. * d/p/vdeterm-terminal-reset.patch: *...

Author: Serge Hallyn
Revision Date: 2014-09-22 14:39:06 UTC

* d/p/vdeterm-terminal-reset.patch: * Fix bug when vdeterm exits too early
  and improperly resets the terminal (LP: #804647)
* d/p/fix-splitpacket-bug.patch: attempt to backport the fix to the
  splitpacket() bug from the upstream svn fix. (LP: #629439)

lp:ubuntu/lucid-security/eglibc bug Mature 2015-02-25 09:19:02 UTC 2015-02-25
54. * SECURITY UPDATE: getaddrinfo writes...

Author: Marc Deslauriers
Revision Date: 2015-02-25 09:19:02 UTC

* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
  high load
  - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
    after calling reopen in resolv/res_send.c.
  - CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402

lp:ubuntu/lucid-updates/eglibc bug Mature 2015-02-25 09:19:02 UTC 2015-02-25
60. * SECURITY UPDATE: getaddrinfo writes...

Author: Marc Deslauriers
Revision Date: 2015-02-25 09:19:02 UTC

* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
  high load
  - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
    after calling reopen in resolv/res_send.c.
  - CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402

lp:ubuntu/lucid-security/freetype bug Mature 2015-02-24 11:22:14 UTC 2015-02-24
34. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:22:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

lp:ubuntu/lucid-updates/freetype Mature 2015-02-24 11:22:14 UTC 2015-02-24
34. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:22:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

lp:ubuntu/lucid-security/e2fsprogs Mature 2015-02-23 19:10:15 UTC 2015-02-23
41. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:48:39 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - limit first_meta_bg in lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - properly check against fs->desc_blocks in lib/ext2fs/closefs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a
  - CVE-2015-1572

lp:ubuntu/lucid-security/ca-certificates bug Mature 2015-02-23 18:43:18 UTC 2015-02-23
14. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:23:55 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

lp:ubuntu/lucid-updates/ca-certificates Mature 2015-02-20 08:23:55 UTC 2015-02-20
14. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:23:55 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

lp:ubuntu/lucid-updates/e2fsprogs Mature 2015-02-16 13:48:39 UTC 2015-02-16
41. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:48:39 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - limit first_meta_bg in lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - properly check against fs->desc_blocks in lib/ext2fs/closefs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a
  - CVE-2015-1572

lp:ubuntu/lucid-updates/clamav bug Mature 2015-02-13 00:05:38 UTC 2015-02-13
95. [ Marc Deslauriers ] * Updated to 0.9...

Author: chris pollock
Revision Date: 2015-02-08 07:54:07 UTC

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

lp:ubuntu/lucid-security/clamav bug Mature 2015-02-12 23:20:18 UTC 2015-02-12
91. [ Marc Deslauriers ] * Updated to 0.9...

Author: chris pollock
Revision Date: 2015-02-08 07:54:07 UTC

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

lp:ubuntu/lucid-proposed/linux-meta-ec2 bug Mature 2015-02-11 14:11:12 UTC 2015-02-11
60. Bump linux-ec2 ABI to 376 for stable ...

Author: Stefan Bader
Revision Date: 2015-02-11 14:11:12 UTC

Bump linux-ec2 ABI to 376 for stable release

lp:ubuntu/lucid-security/linux-meta-ec2 Mature 2015-02-11 14:11:12 UTC 2015-02-11
60. Bump linux-ec2 ABI to 376 for stable ...

Author: Stefan Bader
Revision Date: 2015-02-11 14:11:12 UTC

Bump linux-ec2 ABI to 376 for stable release

lp:ubuntu/lucid-updates/linux-meta-ec2 Mature 2015-02-11 14:11:12 UTC 2015-02-11
60. Bump linux-ec2 ABI to 376 for stable ...

Author: Stefan Bader
Revision Date: 2015-02-11 14:11:12 UTC

Bump linux-ec2 ABI to 376 for stable release

lp:ubuntu/lucid-security/linux-ports-meta Mature 2015-02-10 10:14:08 UTC 2015-02-10
90. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-10 10:14:08 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Bump ABI

lp:ubuntu/lucid-updates/linux-ports-meta Mature 2015-02-10 10:14:08 UTC 2015-02-10
90. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-10 10:14:08 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Bump ABI

lp:ubuntu/lucid-security/linux-backports-modules-2.6.32 Mature 2015-02-09 16:08:30 UTC 2015-02-09
69. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-09 16:08:30 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Sart new release (and bump ABI)

lp:ubuntu/lucid-updates/linux-backports-modules-2.6.32 bug Mature 2015-02-09 16:08:30 UTC 2015-02-09
69. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-09 16:08:30 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Sart new release (and bump ABI)

lp:ubuntu/lucid-proposed/linux-backports-modules-2.6.32 bug Development 2015-02-09 16:08:30 UTC 2015-02-09
69. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-09 16:08:30 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Sart new release (and bump ABI)

lp:ubuntu/lucid-security/linux-meta bug Mature 2015-02-09 16:04:06 UTC 2015-02-09
227. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-09 16:04:06 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Bump ABI

lp:ubuntu/lucid-updates/linux-meta bug Mature 2015-02-09 16:04:06 UTC 2015-02-09
227. [ Kamal Mostafa ] * [Packaging] forc...

Author: Seth Forshee
Revision Date: 2015-02-09 16:04:06 UTC

[ Kamal Mostafa ]

* [Packaging] force "dpkg-source -I -i" behavior

[ Seth Forshee ]

* Bump ABI

lp:ubuntu/lucid-security/postgresql-8.4 bug Mature 2015-02-06 13:18:20 UTC 2015-02-06
22. * Add 15-to_char_buffer_overflow.patc...

Author: Martin Pitt
Revision Date: 2015-02-06 13:18:20 UTC

* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
  Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
  Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
  Fix possible loss of frontend/backend protocol synchronization after an
  error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
  Fix information leak via constraint-violation error messages
  [CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
  snprintf().

lp:ubuntu/lucid-updates/postgresql-8.4 bug Mature 2015-02-06 13:18:20 UTC 2015-02-06
22. * Add 15-to_char_buffer_overflow.patc...

Author: Martin Pitt
Revision Date: 2015-02-06 13:18:20 UTC

* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
  Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
  Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
  Fix possible loss of frontend/backend protocol synchronization after an
  error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
  Fix information leak via constraint-violation error messages
  [CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
  snprintf().

lp:ubuntu/lucid-security/ntp Mature 2015-02-06 09:32:14 UTC 2015-02-06
41. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-06 09:32:14 UTC

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

lp:ubuntu/lucid-updates/ntp Mature 2015-02-06 09:32:14 UTC 2015-02-06
42. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-06 09:32:14 UTC

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

lp:ubuntu/lucid-proposed/tzdata bug Mature 2015-02-02 06:40:25 UTC 2015-02-02
88. New upstream release with several DST...

Author: Adam Conrad
Revision Date: 2015-02-02 06:40:25 UTC

New upstream release with several DST zone changes and
a new leap second inserted at 2015-06-30 23:59:60 UTC.

lp:ubuntu/lucid-security/tzdata Mature 2015-02-02 06:40:25 UTC 2015-02-02
88. New upstream release with several DST...

Author: Adam Conrad
Revision Date: 2015-02-02 06:40:25 UTC

New upstream release with several DST zone changes and
a new leap second inserted at 2015-06-30 23:59:60 UTC.

lp:ubuntu/lucid-updates/tzdata bug Mature 2015-02-02 06:40:25 UTC 2015-02-02
88. New upstream release with several DST...

Author: Adam Conrad
Revision Date: 2015-02-02 06:40:25 UTC

New upstream release with several DST zone changes and
a new leap second inserted at 2015-06-30 23:59:60 UTC.

lp:ubuntu/lucid-security/unzip Mature 2015-01-29 11:39:12 UTC 2015-01-29
21. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-01-29 11:39:12 UTC

* SECURITY UPDATE: heap overflow via mismatched block sizes
  - extract.c: ensure compressed and uncompressed block sizes match when
    using STORED method.
  - CVE-2014-9636

lp:ubuntu/lucid-updates/unzip Mature 2015-01-29 11:39:12 UTC 2015-01-29
21. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-01-29 11:39:12 UTC

* SECURITY UPDATE: heap overflow via mismatched block sizes
  - extract.c: ensure compressed and uncompressed block sizes match when
    using STORED method.
  - CVE-2014-9636

lp:ubuntu/lucid-updates/spamassassin Mature 2015-01-28 18:19:19 UTC 2015-01-28
31. d/p/disable-ahbl: disable AHBL DNS bl...

Author: Robie Basak
Revision Date: 2015-01-28 02:29:24 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

lp:ubuntu/lucid-proposed/spamassassin bug Mature 2015-01-28 04:14:38 UTC 2015-01-28
31. d/p/disable-ahbl: disable AHBL DNS bl...

Author: Robie Basak
Revision Date: 2015-01-28 02:29:24 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

lp:ubuntu/lucid-security/ghostscript bug Mature 2015-01-22 13:09:28 UTC 2015-01-22
73. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:09:28 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

lp:ubuntu/lucid-updates/ghostscript Mature 2015-01-22 13:09:28 UTC 2015-01-22
73. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:09:28 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

lp:ubuntu/lucid-proposed/landscape-client bug Mature 2015-01-21 17:55:41 UTC 2015-01-21
39. * New upstream version (LP: #1401523...

Author: Chris Glass
Revision Date: 2014-12-15 00:59:26 UTC

 * New upstream version (LP: #1401523):
  - Fix regression occurring when performing Landscape-driven release
    upgrades (LP: #1389686)
  - Fix regression occurring when switching the client between different
    Landscape servers (LP: #1376134)
  - Support reporting QEMU virtualization (LP: #1374501)
  - Bump Juju integration message format (LP: #1369635, LP: #1362506)
  - Drop provisioning registration message (LP: #1344054)
  - Drop cloud registration message (LP: #1342646)
  - Fix handling broken packages (LP: #1326940)
  - Add new Swift usage message type (LP: #1320236)
  - Fix platform detection on POWER machines (LP: #1271615)
  - Fix platform detection for arm64 machines (LP: #1306824)
  - Added a mechanism to set the client's user-agent (LP: #1399139)
  - Fixed release-upgrader not asking for a seesion ID before attempting to
    send a message (LP: #1401867)
* Added dependency on python-configobj.
* Removed dependency on python-twisted-names

lp:ubuntu/lucid-security/coreutils Mature 2015-01-14 21:24:50 UTC 2015-01-14
11. * SECURITY UPDATE: infinite loop or c...

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:18 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/getdate.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471
* SECURITY UPDATE: local privilege escalation via /tmp file race in
  dist-check.mk
  - debian/patches/CVE-2009-4135.dpatch: modify dist-check.mk to no longer
    use system /tmp directory for predictable names
  - CVE-2009-4135

lp:ubuntu/lucid-security/curl bug Mature 2015-01-14 16:46:45 UTC 2015-01-14
51. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 16:46:45 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c.
  - CVE-2014-8150

lp:ubuntu/lucid-updates/curl bug Mature 2015-01-14 16:46:45 UTC 2015-01-14
51. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 16:46:45 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c.
  - CVE-2014-8150

lp:ubuntu/lucid-updates/coreutils bug Mature 2015-01-13 19:31:18 UTC 2015-01-13
11. * SECURITY UPDATE: infinite loop or c...

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:18 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/getdate.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471
* SECURITY UPDATE: local privilege escalation via /tmp file race in
  dist-check.mk
  - debian/patches/CVE-2009-4135.dpatch: modify dist-check.mk to no longer
    use system /tmp directory for predictable names
  - CVE-2009-4135

lp:ubuntu/lucid-security/openssl bug Mature 2015-01-09 11:16:50 UTC 2015-01-09
60. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-09 11:16:50 UTC

* SECURITY UPDATE: denial of service via unexpected handshake when
  no-ssl3 build option is used (not the default)
  - debian/patches/CVE-2014-3569.patch: keep the old method for now in
    ssl/s23_srvr.c.
  - CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
  - debian/patches/CVE-2014-3570.patch: fix bignum logic in
    crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
    crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
  - CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
  - debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
    ssl/s3_pkt.c.
  - CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
  - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
    ssl/s3_clnt.c.
  - CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
  - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
    crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
    crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
    crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
    crypto/x509/x_all.c, util/libeay.num.
  - CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
  - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
    export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
    ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
    doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
  - CVE-2015-0204

lp:ubuntu/lucid-updates/openssl Mature 2015-01-09 11:16:50 UTC 2015-01-09
60. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-09 11:16:50 UTC

* SECURITY UPDATE: denial of service via unexpected handshake when
  no-ssl3 build option is used (not the default)
  - debian/patches/CVE-2014-3569.patch: keep the old method for now in
    ssl/s23_srvr.c.
  - CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
  - debian/patches/CVE-2014-3570.patch: fix bignum logic in
    crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
    crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
  - CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
  - debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
    ssl/s3_pkt.c.
  - CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
  - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
    ssl/s3_clnt.c.
  - CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
  - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
    crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
    crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
    crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
    crypto/x509/x_all.c, util/libeay.num.
  - CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
  - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
    export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
    ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
    doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
  - CVE-2015-0204

lp:ubuntu/lucid-updates/bsd-mailx Mature 2015-01-07 19:58:53 UTC 2015-01-07
6. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-05 11:42:56 UTC

* SECURITY UPDATE: shell command injection
  - Apply OpenBSD patches from Todd Miller (taken from Debian update):
    + glob.h, main.c, quit.c, mail.1: remove undocumented/obsolete -T
      option
    + main.c, mail.1: adjust -f processing
    + mail.1, names.c: fix CVE-2014-7844
    + main.c, mail.1: make -- work for option parsing suppression
  - CVE-2014-7844

lp:ubuntu/lucid-security/bsd-mailx Mature 2015-01-07 19:17:03 UTC 2015-01-07
6. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-05 11:42:56 UTC

* SECURITY UPDATE: shell command injection
  - Apply OpenBSD patches from Todd Miller (taken from Debian update):
    + glob.h, main.c, quit.c, mail.1: remove undocumented/obsolete -T
      option
    + main.c, mail.1: adjust -f processing
    + mail.1, names.c: fix CVE-2014-7844
    + main.c, mail.1: make -- work for option parsing suppression
  - CVE-2014-7844

lp:ubuntu/lucid-updates/mime-support Mature 2015-01-07 18:49:35 UTC 2015-01-07
9. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-06 14:17:22 UTC

* SECURITY UPDATE: shell command injection in run-mailcap
  - Thanks to Salvatore Bonaccorso and Charles Plessy for the patch.
  - CVE-2014-7209

lp:ubuntu/lucid-security/mime-support Mature 2015-01-07 17:59:42 UTC 2015-01-07
9. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-06 14:17:22 UTC

* SECURITY UPDATE: shell command injection in run-mailcap
  - Thanks to Salvatore Bonaccorso and Charles Plessy for the patch.
  - CVE-2014-7209

lp:ubuntu/lucid-updates/lazr.restfulclient bug Mature 2014-12-18 18:13:59 UTC 2014-12-18
13. Always uppercase HTTP methods to matc...

Author: Colin Watson
Revision Date: 2014-12-11 16:30:02 UTC

Always uppercase HTTP methods to match httplib2 expectations
(LP: #1401544).

lp:ubuntu/lucid-updates/landscape-client Mature 2014-12-15 00:59:26 UTC 2014-12-15
39. * New upstream version (LP: #1401523...

Author: Chris Glass
Revision Date: 2014-12-15 00:59:26 UTC

 * New upstream version (LP: #1401523):
  - Fix regression occurring when performing Landscape-driven release
    upgrades (LP: #1389686)
  - Fix regression occurring when switching the client between different
    Landscape servers (LP: #1376134)
  - Support reporting QEMU virtualization (LP: #1374501)
  - Bump Juju integration message format (LP: #1369635, LP: #1362506)
  - Drop provisioning registration message (LP: #1344054)
  - Drop cloud registration message (LP: #1342646)
  - Fix handling broken packages (LP: #1326940)
  - Add new Swift usage message type (LP: #1320236)
  - Fix platform detection on POWER machines (LP: #1271615)
  - Fix platform detection for arm64 machines (LP: #1306824)
  - Added a mechanism to set the client's user-agent (LP: #1399139)
  - Fixed release-upgrader not asking for a seesion ID before attempting to
    send a message (LP: #1401867)
* Added dependency on python-configobj.
* Removed dependency on python-twisted-names

lp:ubuntu/lucid-proposed/lazr.restfulclient bug Mature 2014-12-11 17:08:37 UTC 2014-12-11
14. Always uppercase HTTP methods to matc...

Author: Colin Watson
Revision Date: 2014-12-11 16:30:02 UTC

Always uppercase HTTP methods to match httplib2 expectations
(LP: #1401544).

lp:ubuntu/lucid-security/mutt Mature 2014-12-10 12:46:54 UTC 2014-12-10
31. * SECURITY UPDATE: heap-based overflo...

Author: Steve Beattie
Revision Date: 2014-12-10 12:46:54 UTC

* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
  handling headers beginning with newline.
  - debian/patches/ubuntu/mutt-CVE-2014-9116.patch
  - CVE-2014-9116

lp:ubuntu/lucid-updates/mutt Mature 2014-12-10 12:46:54 UTC 2014-12-10
31. * SECURITY UPDATE: heap-based overflo...

Author: Steve Beattie
Revision Date: 2014-12-10 12:46:54 UTC

* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
  handling headers beginning with newline.
  - debian/patches/ubuntu/mutt-CVE-2014-9116.patch
  - CVE-2014-9116

lp:ubuntu/lucid-security/bind9 Mature 2014-12-09 13:46:06 UTC 2014-12-09
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-09 13:46:06 UTC

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
    lib/isccfg/namedconf.c.
  - Based on patch provided by upstream.
  - CVE-2014-8500

lp:ubuntu/lucid-updates/bind9 Mature 2014-12-09 13:46:06 UTC 2014-12-09
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-09 13:46:06 UTC

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
    lib/isccfg/namedconf.c.
  - Based on patch provided by upstream.
  - CVE-2014-8500

lp:ubuntu/lucid-security/graphviz Mature 2014-12-04 16:33:37 UTC 2014-12-04
33. * SECURITY UPDATE: Format string vuln...

Author: Seth Arnold
Revision Date: 2014-12-04 16:33:37 UTC

* SECURITY UPDATE: Format string vulnerability may allow attackers to
  cause a denial of service or possibly execute code.
  - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in
    lib/cgraph/scan.l yyerror() routine.
  - CVE-2014-9157

lp:ubuntu/lucid-updates/graphviz Mature 2014-12-04 16:33:37 UTC 2014-12-04
33. * SECURITY UPDATE: Format string vuln...

Author: Seth Arnold
Revision Date: 2014-12-04 16:33:37 UTC

* SECURITY UPDATE: Format string vulnerability may allow attackers to
  cause a denial of service or possibly execute code.
  - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in
    lib/cgraph/scan.l yyerror() routine.
  - CVE-2014-9157

lp:ubuntu/lucid-updates/tcpdump Mature 2014-12-04 14:37:28 UTC 2014-12-04
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-03 17:17:23 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  olsr_print
  - debian/patches/CVE-2014-8767.patch: improve bounds checking and
    error handling in print-olsr.c.
  - CVE-2014-8767
* SECURITY UPDATE: denial of service and possible code execution in
  print-aodv.c
  - debian/patches/CVE-2014-8769.patch: improve bounds checking and
    length checking in print-aodv.c, aodv.h.
  - CVE-2014-8769
* SECURITY UPDATE: denial of service and possible code execution in
  print-ppp.c
  - debian/patches/CVE-2014-9140.patch: improve bounds checking in
    print-ppp.c.
  - CVE-2014-9140

lp:ubuntu/lucid-security/tcpdump Mature 2014-12-04 14:13:56 UTC 2014-12-04
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-03 17:17:23 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  olsr_print
  - debian/patches/CVE-2014-8767.patch: improve bounds checking and
    error handling in print-olsr.c.
  - CVE-2014-8767
* SECURITY UPDATE: denial of service and possible code execution in
  print-aodv.c
  - debian/patches/CVE-2014-8769.patch: improve bounds checking and
    length checking in print-aodv.c, aodv.h.
  - CVE-2014-8769
* SECURITY UPDATE: denial of service and possible code execution in
  print-ppp.c
  - debian/patches/CVE-2014-9140.patch: improve bounds checking in
    print-ppp.c.
  - CVE-2014-9140

lp:ubuntu/lucid-updates/ppp Mature 2014-12-01 16:06:47 UTC 2014-12-01
22. * SECURITY UPDATE: possible privilege...

Author: Marc Deslauriers
Revision Date: 2014-11-26 07:50:57 UTC

* SECURITY UPDATE: possible privilege escalation via option parsing
  - debian/patches/CVE-2014-3158.patch: fix integer overflow in
    pppd/options.c.
  - CVE-2014-3158

lp:ubuntu/lucid-security/ppp Mature 2014-12-01 15:42:51 UTC 2014-12-01
22. * SECURITY UPDATE: possible privilege...

Author: Marc Deslauriers
Revision Date: 2014-11-26 07:50:57 UTC

* SECURITY UPDATE: possible privilege escalation via option parsing
  - debian/patches/CVE-2014-3158.patch: fix integer overflow in
    pppd/options.c.
  - CVE-2014-3158

lp:ubuntu/lucid-updates/flac Mature 2014-11-27 19:35:27 UTC 2014-11-27
18. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:28:27 UTC

* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-8962.dpatch: validate id in
    src/libFLAC/stream_decoder.c.
  - CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-9028.dpatch: error out to avoid heap overflow
    in src/libFLAC/stream_decoder.c.
  - CVE-2014-9028

lp:ubuntu/lucid-security/flac Mature 2014-11-27 19:07:14 UTC 2014-11-27
18. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:28:27 UTC

* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-8962.dpatch: validate id in
    src/libFLAC/stream_decoder.c.
  - CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-9028.dpatch: error out to avoid heap overflow
    in src/libFLAC/stream_decoder.c.
  - CVE-2014-9028

lp:~ubuntu-branches/ubuntu/lucid/landscape-client/lucid-updates-201411191716 (Has a merge proposal) Development 2014-11-19 17:16:32 UTC 2014-11-19
38. add tracking bug

Author: Martin Pitt
Revision Date: 2012-04-16 10:02:07 UTC

add tracking bug

lp:ubuntu/lucid-updates/konversation Mature 2014-11-15 04:54:51 UTC 2014-11-15
47. * SECURITY UPDATE: out-of-bounds read...

Author: Jonathan Riddell
Revision Date: 2014-11-04 17:40:19 UTC

* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

lp:ubuntu/lucid-security/konversation bug Mature 2014-11-15 04:54:44 UTC 2014-11-15
47. * SECURITY UPDATE: out-of-bounds read...

Author: Jonathan Riddell
Revision Date: 2014-11-04 17:40:19 UTC

* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

lp:ubuntu/lucid-proposed/apt bug Mature 2014-10-30 21:40:45 UTC 2014-10-30
117. [ David Kalnischkies ] * methods/http...

Author: Michael Vogt
Revision Date: 2014-10-17 10:09:56 UTC

[ David Kalnischkies ]
* methods/http.cc:
  - retry without partial data after a 416 response (closes: 710924)
    LP: #1382401

lp:ubuntu/lucid-security/wget Mature 2014-10-30 10:10:03 UTC 2014-10-30
18. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:10:03 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

lp:ubuntu/lucid-updates/wget Mature 2014-10-30 10:10:03 UTC 2014-10-30
18. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:10:03 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

lp:ubuntu/lucid-security/libxml2 bug Mature 2014-10-22 14:27:25 UTC 2014-10-22
50. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-22 14:27:25 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

lp:ubuntu/lucid-updates/libxml2 Mature 2014-10-22 14:27:25 UTC 2014-10-22
50. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-22 14:27:25 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

lp:ubuntu/lucid-security/wpasupplicant Mature 2014-10-14 18:03:23 UTC 2014-10-14
9. * SECURITY UPDATE: arbitrary command ...

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:27:24 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c.
  - CVE-2014-3686

lp:ubuntu/lucid-updates/wpasupplicant Mature 2014-10-10 09:27:24 UTC 2014-10-10
10. * SECURITY UPDATE: arbitrary command ...

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:27:24 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c.
  - CVE-2014-3686

lp:ubuntu/lucid-security/rsyslog Mature 2014-10-09 16:51:44 UTC 2014-10-09
28. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-02 11:36:23 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid PRI value
  - debian/patches/CVE-2014-3634.patch: limit PRI values in
    runtime/rsyslog.h.
  - CVE-2014-3634
  - CVE-2014-3683

lp:ubuntu/lucid-security/bash Mature 2014-10-07 14:26:26 UTC 2014-10-07
51. * SECURITY UPDATE: incorrect function...

Author: Marc Deslauriers
Revision Date: 2014-10-07 14:26:26 UTC

* SECURITY UPDATE: incorrect function definition parsing with
  here-document delimited by end-of-file
  - debian/patches/CVE-2014-6277.dpatch: properly handle closing
    delimiter in copy_cmd.c, make_cmd.c.
  - CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
  command substitutions
  - debian/patches/CVE-2014-6278.dpatch: properly handle certain parsing
    attempts in builtins/evalstring.c, parse.y, shell.h.
  - CVE-2014-6278
* debian/rules: added new patches to list.
* Updated patches with official upstream versions:
  - debian/patches/CVE-2014-6271.dpatch
  - debian/patches/CVE-2014-7169.dpatch
  - debian/patches/variables-affix.dpatch
  - debian/patches/CVE-2014-718x.dpatch

lp:ubuntu/lucid-updates/bash Mature 2014-10-07 14:26:26 UTC 2014-10-07
51. * SECURITY UPDATE: incorrect function...

Author: Marc Deslauriers
Revision Date: 2014-10-07 14:26:26 UTC

* SECURITY UPDATE: incorrect function definition parsing with
  here-document delimited by end-of-file
  - debian/patches/CVE-2014-6277.dpatch: properly handle closing
    delimiter in copy_cmd.c, make_cmd.c.
  - CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
  command substitutions
  - debian/patches/CVE-2014-6278.dpatch: properly handle certain parsing
    attempts in builtins/evalstring.c, parse.y, shell.h.
  - CVE-2014-6278
* debian/rules: added new patches to list.
* Updated patches with official upstream versions:
  - debian/patches/CVE-2014-6271.dpatch
  - debian/patches/CVE-2014-7169.dpatch
  - debian/patches/variables-affix.dpatch
  - debian/patches/CVE-2014-718x.dpatch

lp:ubuntu/lucid-updates/rsyslog Mature 2014-10-02 11:36:23 UTC 2014-10-02
28. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-02 11:36:23 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid PRI value
  - debian/patches/CVE-2014-3634.patch: limit PRI values in
    runtime/rsyslog.h.
  - CVE-2014-3634
  - CVE-2014-3683

lp:ubuntu/lucid-proposed/man-db bug Mature 2014-09-23 17:14:45 UTC 2014-09-23
23. Cache the value of man-db/auto-update...

Author: Colin Watson
Revision Date: 2014-09-23 11:56:37 UTC

Cache the value of man-db/auto-update in the file system, so that we
don't have to talk to debconf when processing triggers (LP: #1372673).

lp:ubuntu/lucid-security/apt bug Mature 2014-09-23 16:41:58 UTC 2014-09-23
111. * SECURITY UPDATE: - fix potential ...

Author: Michael Vogt
Revision Date: 2014-09-23 08:58:49 UTC

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
  are used and those are on a different partition than
  the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

lp:ubuntu/lucid-updates/man-db Mature 2014-09-23 11:56:37 UTC 2014-09-23
23. Cache the value of man-db/auto-update...

Author: Colin Watson
Revision Date: 2014-09-23 11:56:37 UTC

Cache the value of man-db/auto-update in the file system, so that we
don't have to talk to debconf when processing triggers (LP: #1372673).

lp:ubuntu/lucid-updates/apt bug Mature 2014-09-23 08:58:49 UTC 2014-09-23
111. * SECURITY UPDATE: - fix potential ...

Author: Michael Vogt
Revision Date: 2014-09-23 08:58:49 UTC

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
  are used and those are on a different partition than
  the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

lp:ubuntu/lucid-security/nspr Mature 2014-09-19 08:25:13 UTC 2014-09-19
24. * Update to 4.10.7 to support nss sec...

Author: Marc Deslauriers
Revision Date: 2014-09-19 08:25:13 UTC

* Update to 4.10.7 to support nss security update.
* Removed unneeded patches:
  - debian/patches/30_config_64bits.patch: no longer needed
  - debian/patches/99_configure.patch: no longer needed
  - debian/patches/CVE-2013-5607.patch: included upstream.
  - debian/patches/CVE-2014-1545.patch: included upstream.
* debian/libnspr4-0d.symbols: updated for new version.
* debian/rules: adjust paths, add --enable-64bit when appropriate.

lp:ubuntu/lucid-updates/nspr Mature 2014-09-19 08:25:13 UTC 2014-09-19
24. * Update to 4.10.7 to support nss sec...

Author: Marc Deslauriers
Revision Date: 2014-09-19 08:25:13 UTC

* Update to 4.10.7 to support nss security update.
* Removed unneeded patches:
  - debian/patches/30_config_64bits.patch: no longer needed
  - debian/patches/99_configure.patch: no longer needed
  - debian/patches/CVE-2013-5607.patch: included upstream.
  - debian/patches/CVE-2014-1545.patch: included upstream.
* debian/libnspr4-0d.symbols: updated for new version.
* debian/rules: adjust paths, add --enable-64bit when appropriate.

lp:ubuntu/lucid-security/python-django bug Mature 2014-09-10 13:07:32 UTC 2014-09-10
39. * SECURITY UPDATE: incorrect url vali...

Author: Marc Deslauriers
Revision Date: 2014-09-10 13:07:32 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

lp:ubuntu/lucid-updates/python-django bug Mature 2014-09-10 13:07:32 UTC 2014-09-10
39. * SECURITY UPDATE: incorrect url vali...

Author: Marc Deslauriers
Revision Date: 2014-09-10 13:07:32 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

lp:ubuntu/lucid-security/nss bug Mature 2014-09-09 07:54:31 UTC 2014-09-09
34. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2014-09-09 07:54:31 UTC

* SECURITY UPDATE: possible arbitrary code execution via race condition
  - debian/patches/CVE-2014-1544.patch: prevent
    nssTrustDomain_AddCertsToCache from freeing the CERTCertificate
    associated with the NSSCertificate in nss/lib/pk11wrap/pk11cert.c.
  - CVE-2014-1544

lp:ubuntu/lucid-updates/procmail Mature 2014-09-04 18:26:09 UTC 2014-09-04
13. * SECURITY UPDATE: heap overflow in f...

Author: Marc Deslauriers
Revision Date: 2014-09-04 09:43:29 UTC

* SECURITY UPDATE: heap overflow in formail via malformed from header
  - src/formisc.c: handle unbalanced quotes
  - Patch by Tavis Ormandy
  - CVE-2014-3618

lp:ubuntu/lucid-security/procmail Mature 2014-09-04 17:50:14 UTC 2014-09-04
13. * SECURITY UPDATE: heap overflow in f...

Author: Marc Deslauriers
Revision Date: 2014-09-04 09:43:29 UTC

* SECURITY UPDATE: heap overflow in formail via malformed from header
  - src/formisc.c: handle unbalanced quotes
  - Patch by Tavis Ormandy
  - CVE-2014-3618

lp:ubuntu/lucid-security/gnupg Mature 2014-08-19 09:44:38 UTC 2014-08-19
36. * SECURITY UPDATE: side-channel attac...

Author: Marc Deslauriers
Revision Date: 2014-08-19 09:44:38 UTC

* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
  - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
    exponentiation algorithm in mpi/mpi-pow.c.
  - CVE-2014-5270

lp:ubuntu/lucid-updates/gnupg Mature 2014-08-19 09:44:38 UTC 2014-08-19
36. * SECURITY UPDATE: side-channel attac...

Author: Marc Deslauriers
Revision Date: 2014-08-19 09:44:38 UTC

* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
  - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
    exponentiation algorithm in mpi/mpi-pow.c.
  - CVE-2014-5270

lp:ubuntu/lucid-security/libgcrypt11 Mature 2014-08-19 09:12:39 UTC 2014-08-19
23. * SECURITY UPDATE: side-channel attac...

Author: Marc Deslauriers
Revision Date: 2014-08-19 09:12:39 UTC

* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
  - debian/patches/22-add_gcry_divide_by_zero.diff: replace deliberate
    division by zero with new _gcry_divide_by_zero().
  - debian/patches/23-CVE-2014-5270.diff: use sliding window method for
    exponentiation algorithm in mpi/mpi-pow.c.
  - CVE-2014-5270

lp:ubuntu/lucid-updates/libgcrypt11 Mature 2014-08-19 09:12:39 UTC 2014-08-19
23. * SECURITY UPDATE: side-channel attac...

Author: Marc Deslauriers
Revision Date: 2014-08-19 09:12:39 UTC

* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
  - debian/patches/22-add_gcry_divide_by_zero.diff: replace deliberate
    division by zero with new _gcry_divide_by_zero().
  - debian/patches/23-CVE-2014-5270.diff: use sliding window method for
    exponentiation algorithm in mpi/mpi-pow.c.
  - CVE-2014-5270

lp:ubuntu/lucid-updates/gpgme1.0 Mature 2014-08-06 14:10:20 UTC 2014-08-06
21. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-08-01 09:45:06 UTC

* SECURITY UPDATE: denial of service via different line lengths
  - debian/patches/CVE-2014-3564.dpatch: correctly calculate size of
    buffers in src/engine-gpgsm.c.
  - CVE-2014-3564

lp:ubuntu/lucid-security/gpgme1.0 Mature 2014-08-06 13:25:55 UTC 2014-08-06
21. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-08-01 09:45:06 UTC

* SECURITY UPDATE: denial of service via different line lengths
  - debian/patches/CVE-2014-3564.dpatch: correctly calculate size of
    buffers in src/engine-gpgsm.c.
  - CVE-2014-3564

lp:~tj/ubuntu/lucid/eglibc/lp1352504 bug Development 2014-08-04 21:00:00 UTC 2014-08-04
49. * SECURITY UPDATE: fix memory free SI...

Author: TJ
Revision Date: 2014-08-04 20:49:14 UTC

* SECURITY UPDATE: fix memory free SIGSEGV regression introduced by
  CVE-2013-4357.diff
  - debian/patches/any/fix_memory_free_regression_introduced_by_CVE-2013-4357.diff:
    fix incorrect free() of non-malloc-ed memory (LP: #1352504)

lp:ubuntu/lucid-proposed/postgresql-8.4 bug Mature 2014-07-30 09:52:26 UTC 2014-07-30
22. * New upstream bug fix release: (LP: ...

Author: Martin Pitt
Revision Date: 2014-07-24 18:17:34 UTC

* New upstream bug fix release: (LP: #1348176)
  - Various data integrity and other bug fixes.
  - Secure Unix-domain sockets of temporary postmasters started during make
     check.
     Any local user able to access the socket file could connect as the
     server's bootstrap superuser, then proceed to execute arbitrary code as
     the operating-system user running the test, as we previously noted in
     CVE-2014-0067. This change defends against that risk by placing the
     server's socket in a temporary, mode 0700 subdirectory of /tmp.
  - See release notes for details:
    http://www.postgresql.org/docs/current/static/release-8-4-22.html
* Drop pg_regress patch to run tests with socket in /tmp, obsolete with
  above upstream changes and not applicable any more.
* Add debian/postgresql-8.4.NEWS to point out that upstream support ends
  now.

lp:ubuntu/lucid-security/tomcat6 bug Mature 2014-07-24 15:49:36 UTC 2014-07-24
29. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-07-24 15:49:36 UTC

* SECURITY UPDATE: denial of service via malformed chunk size
  - debian/patches/CVE-2014-0075.patch: fix overflow in
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
  - CVE-2014-0075
* SECURITY UPDATE: file disclosure via XXE issue
  - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a
    relative path in conf/web.xml,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/servlets/LocalStrings.properties,
    webapps/docs/default-servlet.xml.
  - CVE-2014-0096
* SECURITY UPDATE: HTTP request smuggling attack via crafted
  Content-Length HTTP header
  - debian/patches/CVE-2014-0099.patch: correctly handle long values in
    java/org/apache/tomcat/util/buf/Ascii.java.
  - CVE-2014-0099

lp:ubuntu/lucid-updates/tomcat6 Mature 2014-07-24 15:49:36 UTC 2014-07-24
29. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-07-24 15:49:36 UTC

* SECURITY UPDATE: denial of service via malformed chunk size
  - debian/patches/CVE-2014-0075.patch: fix overflow in
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
  - CVE-2014-0075
* SECURITY UPDATE: file disclosure via XXE issue
  - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a
    relative path in conf/web.xml,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/servlets/LocalStrings.properties,
    webapps/docs/default-servlet.xml.
  - CVE-2014-0096
* SECURITY UPDATE: HTTP request smuggling attack via crafted
  Content-Length HTTP header
  - debian/patches/CVE-2014-0099.patch: correctly handle long values in
    java/org/apache/tomcat/util/buf/Ascii.java.
  - CVE-2014-0099

lp:ubuntu/lucid-security/libtasn1-3 Mature 2014-07-18 15:50:06 UTC 2014-07-18
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-07-18 15:50:06 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid ASN.1 data
  - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
    in lib/decoding.c.
  - CVE-2014-3467
  - CVE-2014-3468
* SECURITY UPDATE: denial of service via NULL value
  - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
  - CVE-2014-3469

lp:ubuntu/lucid-updates/libtasn1-3 Mature 2014-07-18 15:50:06 UTC 2014-07-18
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-07-18 15:50:06 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid ASN.1 data
  - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
    in lib/decoding.c.
  - CVE-2014-3467
  - CVE-2014-3468
* SECURITY UPDATE: denial of service via NULL value
  - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
  - CVE-2014-3469

lp:ubuntu/lucid-security/gnupg2 Mature 2014-06-26 09:21:08 UTC 2014-06-26
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:21:08 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

lp:ubuntu/lucid-updates/gnupg2 Mature 2014-06-26 09:21:08 UTC 2014-06-26
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:21:08 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

lp:ubuntu/lucid-updates/chkrootkit Mature 2014-06-04 16:00:49 UTC 2014-06-04
15. * SECURITY UPDATE: root escalation vi...

Author: Marc Deslauriers
Revision Date: 2014-06-04 09:02:04 UTC

* SECURITY UPDATE: root escalation via missing quotes in slapper()
  - debian/patches/CVE-2014-0476.patch: make sure file_port is properly
    quoted in chkrootkit.
  - CVE-2014-0476

1100 of 23031 results