Branches for Lucid

Name Status Last Modified Last Commit
lp:~qtjambi-community/ubuntu/lucid/qtjambi-snapshot/debian Development 2015-06-02 17:16:31 UTC 2015-06-02
264. maint/bzr_push.sh Auto copy, commit a...

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:16:31 UTC

maint/bzr_push.sh Auto copy, commit and push for: control.snapshot (ubuntu/lucid)

lp:ubuntu/lucid-proposed/linux-meta-ec2 bug Mature 2015-04-28 14:23:23 UTC 2015-04-28
61. Bump linux-ec2 ABI to 377 for stable ...

Author: Stefan Bader
Revision Date: 2015-04-28 14:23:23 UTC

Bump linux-ec2 ABI to 377 for stable release

lp:ubuntu/lucid-security/linux-meta-ec2 Mature 2015-04-28 14:23:23 UTC 2015-04-28
61. Bump linux-ec2 ABI to 377 for stable ...

Author: Stefan Bader
Revision Date: 2015-04-28 14:23:23 UTC

Bump linux-ec2 ABI to 377 for stable release

lp:ubuntu/lucid-updates/linux-meta-ec2 Mature 2015-04-28 14:23:23 UTC 2015-04-28
61. Bump linux-ec2 ABI to 377 for stable ...

Author: Stefan Bader
Revision Date: 2015-04-28 14:23:23 UTC

Bump linux-ec2 ABI to 377 for stable release

lp:ubuntu/lucid-security/linux-ports-meta Mature 2015-04-28 10:33:15 UTC 2015-04-28
91. Bump ABI

Author: Luis Henriques
Revision Date: 2015-04-28 10:33:15 UTC

Bump ABI

lp:ubuntu/lucid-updates/linux-ports-meta Mature 2015-04-28 10:33:15 UTC 2015-04-28
91. Bump ABI

Author: Luis Henriques
Revision Date: 2015-04-28 10:33:15 UTC

Bump ABI

lp:ubuntu/lucid-security/linux-backports-modules-2.6.32 Mature 2015-04-28 10:27:52 UTC 2015-04-28
70. Start new release (and bump ABI)

Author: Luis Henriques
Revision Date: 2015-04-28 10:27:52 UTC

Start new release (and bump ABI)

lp:ubuntu/lucid-updates/linux-backports-modules-2.6.32 bug Mature 2015-04-28 10:27:52 UTC 2015-04-28
70. Start new release (and bump ABI)

Author: Luis Henriques
Revision Date: 2015-04-28 10:27:52 UTC

Start new release (and bump ABI)

lp:ubuntu/lucid-proposed/linux-backports-modules-2.6.32 bug Development 2015-04-28 10:27:52 UTC 2015-04-28
70. Start new release (and bump ABI)

Author: Luis Henriques
Revision Date: 2015-04-28 10:27:52 UTC

Start new release (and bump ABI)

lp:ubuntu/lucid-security/linux-meta bug Mature 2015-04-27 17:47:44 UTC 2015-04-27
228. [ Luis Henriques ] Bump ABI

Author: Luis Henriques
Revision Date: 2015-04-27 17:47:44 UTC

[ Luis Henriques ]

Bump ABI

lp:ubuntu/lucid-updates/linux-meta bug Mature 2015-04-27 17:47:44 UTC 2015-04-27
228. [ Luis Henriques ] Bump ABI

Author: Luis Henriques
Revision Date: 2015-04-27 17:47:44 UTC

[ Luis Henriques ]

Bump ABI

lp:ubuntu/lucid-proposed/tzdata bug Mature 2015-04-26 16:44:56 UTC 2015-04-26
91. New upstream release with yet another...

Author: Adam Conrad
Revision Date: 2015-04-26 16:44:56 UTC

New upstream release with yet another urgent DST change for Egypt.

lp:ubuntu/lucid-security/tzdata Mature 2015-04-26 16:44:56 UTC 2015-04-26
91. New upstream release with yet another...

Author: Adam Conrad
Revision Date: 2015-04-26 16:44:56 UTC

New upstream release with yet another urgent DST change for Egypt.

lp:ubuntu/lucid-updates/tzdata bug Mature 2015-04-26 16:44:56 UTC 2015-04-26
91. New upstream release with yet another...

Author: Adam Conrad
Revision Date: 2015-04-26 16:44:56 UTC

New upstream release with yet another urgent DST change for Egypt.

lp:ubuntu/lucid-security/libtasn1-3 Mature 2015-04-02 11:27:53 UTC 2015-04-02
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-04-02 11:27:53 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_ltostr
  - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
    in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
    lib/parser_aux.h.
  - CVE-2015-2806

lp:ubuntu/lucid-updates/libtasn1-3 Mature 2015-04-02 11:27:53 UTC 2015-04-02
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-04-02 11:27:53 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_ltostr
  - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
    in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
    lib/parser_aux.h.
  - CVE-2015-2806

lp:ubuntu/lucid-security/tiff bug Mature 2015-04-01 20:14:58 UTC 2015-04-01
23. * SECURITY REGRESSION: regression whe...

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:09:19 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

lp:ubuntu/lucid-updates/tiff bug Mature 2015-04-01 14:09:19 UTC 2015-04-01
23. * SECURITY REGRESSION: regression whe...

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:09:19 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

lp:ubuntu/lucid-security/libgcrypt11 Mature 2015-03-26 08:55:36 UTC 2015-03-26
24. * SECURITY UPDATE: sidechannel attack...

Author: Marc Deslauriers
Revision Date: 2015-03-26 08:55:36 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/24-CVE-2014-3591.diff: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/25-CVE-2015-0837.diff: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

lp:ubuntu/lucid-updates/libgcrypt11 Mature 2015-03-26 08:55:36 UTC 2015-03-26
24. * SECURITY UPDATE: sidechannel attack...

Author: Marc Deslauriers
Revision Date: 2015-03-26 08:55:36 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/24-CVE-2014-3591.diff: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/25-CVE-2015-0837.diff: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

lp:ubuntu/lucid-security/gnutls26 Mature 2015-03-20 09:56:50 UTC 2015-03-20
26. * SECURITY UPDATE: signature forgery ...

Author: Marc Deslauriers
Revision Date: 2015-03-20 09:56:50 UTC

* SECURITY UPDATE: signature forgery issue
  - debian/patches/CVE-2015-0282.patch: make sure the signature
    algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
    lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
    lib/x509/x509_int.h.
  - CVE-2015-0282
* SECURITY UPDATE: certificate algorithm consistency issue
  - debian/patches/CVE-2015-0294.patch: make sure the two signature
    algorithms match on cert import in lib/x509/x509.c.
  - CVE-2015-0294
* SECURITY UPDATE: missing date/time checks on CA certificates
  - debian/patches/CVE-2014-8155.patch: perform time verification on
    trusted certificate list in lib/includes/gnutls/x509.h,
    lib/x509/verify.c.
  - CVE-2014-8155

lp:ubuntu/lucid-updates/gnutls26 bug Mature 2015-03-20 09:56:50 UTC 2015-03-20
27. * SECURITY UPDATE: signature forgery ...

Author: Marc Deslauriers
Revision Date: 2015-03-20 09:56:50 UTC

* SECURITY UPDATE: signature forgery issue
  - debian/patches/CVE-2015-0282.patch: make sure the signature
    algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
    lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
    lib/x509/x509_int.h.
  - CVE-2015-0282
* SECURITY UPDATE: certificate algorithm consistency issue
  - debian/patches/CVE-2015-0294.patch: make sure the two signature
    algorithms match on cert import in lib/x509/x509.c.
  - CVE-2015-0294
* SECURITY UPDATE: missing date/time checks on CA certificates
  - debian/patches/CVE-2014-8155.patch: perform time verification on
    trusted certificate list in lib/includes/gnutls/x509.h,
    lib/x509/verify.c.
  - CVE-2014-8155

lp:ubuntu/lucid-security/openssl bug Mature 2015-03-19 09:57:59 UTC 2015-03-19
61. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-03-19 09:57:59 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

lp:ubuntu/lucid-updates/openssl Mature 2015-03-19 09:57:59 UTC 2015-03-19
61. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-03-19 09:57:59 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

lp:ubuntu/lucid-security/libxfont Mature 2015-03-18 07:33:52 UTC 2015-03-18
27. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:52 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

lp:ubuntu/lucid-updates/libxfont Mature 2015-03-18 07:33:52 UTC 2015-03-18
27. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:52 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

lp:ubuntu/lucid-security/sudo Mature 2015-03-12 12:21:20 UTC 2015-03-12
43. * SECURITY UPDATE: arbitrary file acc...

Author: Marc Deslauriers
Revision Date: 2015-03-12 12:21:20 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
    pathnames.h.in, plugins/sudoers/env.c: sanity check TZ env variable.
  - http://www.sudo.ws/repos/sudo/rev/650ac6938b59
  - http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0
  - http://www.sudo.ws/repos/sudo/rev/91859f613b88
  - http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
  - CVE-2014-9680

lp:ubuntu/lucid-updates/sudo Mature 2015-03-12 12:21:20 UTC 2015-03-12
43. * SECURITY UPDATE: arbitrary file acc...

Author: Marc Deslauriers
Revision Date: 2015-03-12 12:21:20 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
    pathnames.h.in, plugins/sudoers/env.c: sanity check TZ env variable.
  - http://www.sudo.ws/repos/sudo/rev/650ac6938b59
  - http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0
  - http://www.sudo.ws/repos/sudo/rev/91859f613b88
  - http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
  - CVE-2014-9680

lp:ubuntu/lucid-security/ecryptfs-utils bug Mature 2015-03-11 00:37:05 UTC 2015-03-11
68. * SECURITY UPDATE: Mount passphrase w...

Author: Tyler Hicks
Revision Date: 2015-03-04 16:26:45 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
    random salt when wrapping the mount passphrase.
  - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
    wrapped using the default salt, their mount passphrase will be rewrapped
    using a random salt when they log in with their password.
  - src/libecryptfs/key_management.c: Create a temporary file when creating
    a new wrapped-passphrase file and copy it to its final destination after
    the file has been fully synced to disk (LP: #1020902)
  - CVE-2014-9687

lp:ubuntu/lucid-updates/ecryptfs-utils Mature 2015-03-04 16:26:45 UTC 2015-03-04
68. * SECURITY UPDATE: Mount passphrase w...

Author: Tyler Hicks
Revision Date: 2015-03-04 16:26:45 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
    random salt when wrapping the mount passphrase.
  - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
    wrapped using the default salt, their mount passphrase will be rewrapped
    using a random salt when they log in with their password.
  - src/libecryptfs/key_management.c: Create a temporary file when creating
    a new wrapped-passphrase file and copy it to its final destination after
    the file has been fully synced to disk (LP: #1020902)
  - CVE-2014-9687

lp:ubuntu/lucid-proposed/vde2 bug Mature 2015-02-26 19:58:08 UTC 2015-02-26
11. * d/p/vdeterm-terminal-reset.patch: *...

Author: Serge Hallyn
Revision Date: 2014-09-22 14:39:06 UTC

* d/p/vdeterm-terminal-reset.patch: * Fix bug when vdeterm exits too early
  and improperly resets the terminal (LP: #804647)
* d/p/fix-splitpacket-bug.patch: attempt to backport the fix to the
  splitpacket() bug from the upstream svn fix. (LP: #629439)

lp:ubuntu/lucid-security/eglibc bug Mature 2015-02-25 09:19:02 UTC 2015-02-25
54. * SECURITY UPDATE: getaddrinfo writes...

Author: Marc Deslauriers
Revision Date: 2015-02-25 09:19:02 UTC

* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
  high load
  - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
    after calling reopen in resolv/res_send.c.
  - CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402

lp:ubuntu/lucid-updates/eglibc bug Mature 2015-02-25 09:19:02 UTC 2015-02-25
60. * SECURITY UPDATE: getaddrinfo writes...

Author: Marc Deslauriers
Revision Date: 2015-02-25 09:19:02 UTC

* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
  high load
  - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
    after calling reopen in resolv/res_send.c.
  - CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402

lp:ubuntu/lucid-security/freetype bug Mature 2015-02-24 11:22:14 UTC 2015-02-24
34. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:22:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

lp:ubuntu/lucid-updates/freetype Mature 2015-02-24 11:22:14 UTC 2015-02-24
34. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:22:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

lp:ubuntu/lucid-security/e2fsprogs Mature 2015-02-23 19:10:15 UTC 2015-02-23
41. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:48:39 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - limit first_meta_bg in lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - properly check against fs->desc_blocks in lib/ext2fs/closefs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a
  - CVE-2015-1572

lp:ubuntu/lucid-security/ca-certificates bug Mature 2015-02-23 18:43:18 UTC 2015-02-23
14. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:23:55 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

lp:ubuntu/lucid-updates/ca-certificates Mature 2015-02-20 08:23:55 UTC 2015-02-20
14. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:23:55 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

lp:ubuntu/lucid-updates/e2fsprogs Mature 2015-02-16 13:48:39 UTC 2015-02-16
41. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:48:39 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - limit first_meta_bg in lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - properly check against fs->desc_blocks in lib/ext2fs/closefs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a
  - CVE-2015-1572

lp:ubuntu/lucid-updates/clamav bug Mature 2015-02-13 00:05:38 UTC 2015-02-13
95. [ Marc Deslauriers ] * Updated to 0.9...

Author: chris pollock
Revision Date: 2015-02-08 07:54:07 UTC

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

lp:ubuntu/lucid-security/clamav bug Mature 2015-02-12 23:20:18 UTC 2015-02-12
91. [ Marc Deslauriers ] * Updated to 0.9...

Author: chris pollock
Revision Date: 2015-02-08 07:54:07 UTC

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

lp:ubuntu/lucid-security/postgresql-8.4 bug Mature 2015-02-06 13:18:20 UTC 2015-02-06
22. * Add 15-to_char_buffer_overflow.patc...

Author: Martin Pitt
Revision Date: 2015-02-06 13:18:20 UTC

* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
  Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
  Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
  Fix possible loss of frontend/backend protocol synchronization after an
  error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
  Fix information leak via constraint-violation error messages
  [CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
  snprintf().

lp:ubuntu/lucid-updates/postgresql-8.4 bug Mature 2015-02-06 13:18:20 UTC 2015-02-06
22. * Add 15-to_char_buffer_overflow.patc...

Author: Martin Pitt
Revision Date: 2015-02-06 13:18:20 UTC

* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
  Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
  Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
  Fix possible loss of frontend/backend protocol synchronization after an
  error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
  Fix information leak via constraint-violation error messages
  [CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
  snprintf().

lp:ubuntu/lucid-security/ntp Mature 2015-02-06 09:32:14 UTC 2015-02-06
41. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-06 09:32:14 UTC

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

lp:ubuntu/lucid-updates/ntp Mature 2015-02-06 09:32:14 UTC 2015-02-06
42. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-06 09:32:14 UTC

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

lp:ubuntu/lucid-security/unzip Mature 2015-01-29 11:39:12 UTC 2015-01-29
21. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-01-29 11:39:12 UTC

* SECURITY UPDATE: heap overflow via mismatched block sizes
  - extract.c: ensure compressed and uncompressed block sizes match when
    using STORED method.
  - CVE-2014-9636

lp:ubuntu/lucid-updates/unzip Mature 2015-01-29 11:39:12 UTC 2015-01-29
21. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-01-29 11:39:12 UTC

* SECURITY UPDATE: heap overflow via mismatched block sizes
  - extract.c: ensure compressed and uncompressed block sizes match when
    using STORED method.
  - CVE-2014-9636

lp:ubuntu/lucid-updates/spamassassin Mature 2015-01-28 18:19:19 UTC 2015-01-28
31. d/p/disable-ahbl: disable AHBL DNS bl...

Author: Robie Basak
Revision Date: 2015-01-28 02:29:24 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

lp:ubuntu/lucid-proposed/spamassassin bug Mature 2015-01-28 04:14:38 UTC 2015-01-28
31. d/p/disable-ahbl: disable AHBL DNS bl...

Author: Robie Basak
Revision Date: 2015-01-28 02:29:24 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

lp:ubuntu/lucid-security/ghostscript bug Mature 2015-01-22 13:09:28 UTC 2015-01-22
73. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:09:28 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

lp:ubuntu/lucid-updates/ghostscript Mature 2015-01-22 13:09:28 UTC 2015-01-22
73. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:09:28 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

lp:ubuntu/lucid-proposed/landscape-client bug Mature 2015-01-21 17:55:41 UTC 2015-01-21
39. * New upstream version (LP: #1401523...

Author: Chris Glass
Revision Date: 2014-12-15 00:59:26 UTC

 * New upstream version (LP: #1401523):
  - Fix regression occurring when performing Landscape-driven release
    upgrades (LP: #1389686)
  - Fix regression occurring when switching the client between different
    Landscape servers (LP: #1376134)
  - Support reporting QEMU virtualization (LP: #1374501)
  - Bump Juju integration message format (LP: #1369635, LP: #1362506)
  - Drop provisioning registration message (LP: #1344054)
  - Drop cloud registration message (LP: #1342646)
  - Fix handling broken packages (LP: #1326940)
  - Add new Swift usage message type (LP: #1320236)
  - Fix platform detection on POWER machines (LP: #1271615)
  - Fix platform detection for arm64 machines (LP: #1306824)
  - Added a mechanism to set the client's user-agent (LP: #1399139)
  - Fixed release-upgrader not asking for a seesion ID before attempting to
    send a message (LP: #1401867)
* Added dependency on python-configobj.
* Removed dependency on python-twisted-names

lp:ubuntu/lucid-security/coreutils Mature 2015-01-14 21:24:50 UTC 2015-01-14
11. * SECURITY UPDATE: infinite loop or c...

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:18 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/getdate.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471
* SECURITY UPDATE: local privilege escalation via /tmp file race in
  dist-check.mk
  - debian/patches/CVE-2009-4135.dpatch: modify dist-check.mk to no longer
    use system /tmp directory for predictable names
  - CVE-2009-4135

lp:ubuntu/lucid-security/curl bug Mature 2015-01-14 16:46:45 UTC 2015-01-14
51. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 16:46:45 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c.
  - CVE-2014-8150

lp:ubuntu/lucid-updates/curl bug Mature 2015-01-14 16:46:45 UTC 2015-01-14
51. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 16:46:45 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c.
  - CVE-2014-8150

lp:ubuntu/lucid-updates/coreutils bug Mature 2015-01-13 19:31:18 UTC 2015-01-13
11. * SECURITY UPDATE: infinite loop or c...

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:18 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/getdate.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471
* SECURITY UPDATE: local privilege escalation via /tmp file race in
  dist-check.mk
  - debian/patches/CVE-2009-4135.dpatch: modify dist-check.mk to no longer
    use system /tmp directory for predictable names
  - CVE-2009-4135

lp:ubuntu/lucid-updates/bsd-mailx Mature 2015-01-07 19:58:53 UTC 2015-01-07
6. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-05 11:42:56 UTC

* SECURITY UPDATE: shell command injection
  - Apply OpenBSD patches from Todd Miller (taken from Debian update):
    + glob.h, main.c, quit.c, mail.1: remove undocumented/obsolete -T
      option
    + main.c, mail.1: adjust -f processing
    + mail.1, names.c: fix CVE-2014-7844
    + main.c, mail.1: make -- work for option parsing suppression
  - CVE-2014-7844

lp:ubuntu/lucid-security/bsd-mailx Mature 2015-01-07 19:17:03 UTC 2015-01-07
6. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-05 11:42:56 UTC

* SECURITY UPDATE: shell command injection
  - Apply OpenBSD patches from Todd Miller (taken from Debian update):
    + glob.h, main.c, quit.c, mail.1: remove undocumented/obsolete -T
      option
    + main.c, mail.1: adjust -f processing
    + mail.1, names.c: fix CVE-2014-7844
    + main.c, mail.1: make -- work for option parsing suppression
  - CVE-2014-7844

lp:ubuntu/lucid-updates/mime-support Mature 2015-01-07 18:49:35 UTC 2015-01-07
9. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-06 14:17:22 UTC

* SECURITY UPDATE: shell command injection in run-mailcap
  - Thanks to Salvatore Bonaccorso and Charles Plessy for the patch.
  - CVE-2014-7209

lp:ubuntu/lucid-security/mime-support Mature 2015-01-07 17:59:42 UTC 2015-01-07
9. * SECURITY UPDATE: shell command inje...

Author: Marc Deslauriers
Revision Date: 2015-01-06 14:17:22 UTC

* SECURITY UPDATE: shell command injection in run-mailcap
  - Thanks to Salvatore Bonaccorso and Charles Plessy for the patch.
  - CVE-2014-7209

lp:ubuntu/lucid-updates/lazr.restfulclient bug Mature 2014-12-18 18:13:59 UTC 2014-12-18
13. Always uppercase HTTP methods to matc...

Author: Colin Watson
Revision Date: 2014-12-11 16:30:02 UTC

Always uppercase HTTP methods to match httplib2 expectations
(LP: #1401544).

lp:ubuntu/lucid-updates/landscape-client Mature 2014-12-15 00:59:26 UTC 2014-12-15
39. * New upstream version (LP: #1401523...

Author: Chris Glass
Revision Date: 2014-12-15 00:59:26 UTC

 * New upstream version (LP: #1401523):
  - Fix regression occurring when performing Landscape-driven release
    upgrades (LP: #1389686)
  - Fix regression occurring when switching the client between different
    Landscape servers (LP: #1376134)
  - Support reporting QEMU virtualization (LP: #1374501)
  - Bump Juju integration message format (LP: #1369635, LP: #1362506)
  - Drop provisioning registration message (LP: #1344054)
  - Drop cloud registration message (LP: #1342646)
  - Fix handling broken packages (LP: #1326940)
  - Add new Swift usage message type (LP: #1320236)
  - Fix platform detection on POWER machines (LP: #1271615)
  - Fix platform detection for arm64 machines (LP: #1306824)
  - Added a mechanism to set the client's user-agent (LP: #1399139)
  - Fixed release-upgrader not asking for a seesion ID before attempting to
    send a message (LP: #1401867)
* Added dependency on python-configobj.
* Removed dependency on python-twisted-names

lp:ubuntu/lucid-proposed/lazr.restfulclient bug Mature 2014-12-11 17:08:37 UTC 2014-12-11
14. Always uppercase HTTP methods to matc...

Author: Colin Watson
Revision Date: 2014-12-11 16:30:02 UTC

Always uppercase HTTP methods to match httplib2 expectations
(LP: #1401544).

lp:ubuntu/lucid-security/mutt Mature 2014-12-10 12:46:54 UTC 2014-12-10
31. * SECURITY UPDATE: heap-based overflo...

Author: Steve Beattie
Revision Date: 2014-12-10 12:46:54 UTC

* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
  handling headers beginning with newline.
  - debian/patches/ubuntu/mutt-CVE-2014-9116.patch
  - CVE-2014-9116

lp:ubuntu/lucid-updates/mutt Mature 2014-12-10 12:46:54 UTC 2014-12-10
31. * SECURITY UPDATE: heap-based overflo...

Author: Steve Beattie
Revision Date: 2014-12-10 12:46:54 UTC

* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
  handling headers beginning with newline.
  - debian/patches/ubuntu/mutt-CVE-2014-9116.patch
  - CVE-2014-9116

lp:ubuntu/lucid-security/bind9 Mature 2014-12-09 13:46:06 UTC 2014-12-09
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-09 13:46:06 UTC

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
    lib/isccfg/namedconf.c.
  - Based on patch provided by upstream.
  - CVE-2014-8500

lp:ubuntu/lucid-updates/bind9 Mature 2014-12-09 13:46:06 UTC 2014-12-09
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-09 13:46:06 UTC

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
    lib/isccfg/namedconf.c.
  - Based on patch provided by upstream.
  - CVE-2014-8500

lp:ubuntu/lucid-security/graphviz Mature 2014-12-04 16:33:37 UTC 2014-12-04
33. * SECURITY UPDATE: Format string vuln...

Author: Seth Arnold
Revision Date: 2014-12-04 16:33:37 UTC

* SECURITY UPDATE: Format string vulnerability may allow attackers to
  cause a denial of service or possibly execute code.
  - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in
    lib/cgraph/scan.l yyerror() routine.
  - CVE-2014-9157

lp:ubuntu/lucid-updates/graphviz Mature 2014-12-04 16:33:37 UTC 2014-12-04
33. * SECURITY UPDATE: Format string vuln...

Author: Seth Arnold
Revision Date: 2014-12-04 16:33:37 UTC

* SECURITY UPDATE: Format string vulnerability may allow attackers to
  cause a denial of service or possibly execute code.
  - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in
    lib/cgraph/scan.l yyerror() routine.
  - CVE-2014-9157

lp:ubuntu/lucid-updates/tcpdump Mature 2014-12-04 14:37:28 UTC 2014-12-04
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-03 17:17:23 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  olsr_print
  - debian/patches/CVE-2014-8767.patch: improve bounds checking and
    error handling in print-olsr.c.
  - CVE-2014-8767
* SECURITY UPDATE: denial of service and possible code execution in
  print-aodv.c
  - debian/patches/CVE-2014-8769.patch: improve bounds checking and
    length checking in print-aodv.c, aodv.h.
  - CVE-2014-8769
* SECURITY UPDATE: denial of service and possible code execution in
  print-ppp.c
  - debian/patches/CVE-2014-9140.patch: improve bounds checking in
    print-ppp.c.
  - CVE-2014-9140

lp:ubuntu/lucid-security/tcpdump Mature 2014-12-04 14:13:56 UTC 2014-12-04
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-12-03 17:17:23 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  olsr_print
  - debian/patches/CVE-2014-8767.patch: improve bounds checking and
    error handling in print-olsr.c.
  - CVE-2014-8767
* SECURITY UPDATE: denial of service and possible code execution in
  print-aodv.c
  - debian/patches/CVE-2014-8769.patch: improve bounds checking and
    length checking in print-aodv.c, aodv.h.
  - CVE-2014-8769
* SECURITY UPDATE: denial of service and possible code execution in
  print-ppp.c
  - debian/patches/CVE-2014-9140.patch: improve bounds checking in
    print-ppp.c.
  - CVE-2014-9140

lp:ubuntu/lucid-updates/ppp Mature 2014-12-01 16:06:47 UTC 2014-12-01
22. * SECURITY UPDATE: possible privilege...

Author: Marc Deslauriers
Revision Date: 2014-11-26 07:50:57 UTC

* SECURITY UPDATE: possible privilege escalation via option parsing
  - debian/patches/CVE-2014-3158.patch: fix integer overflow in
    pppd/options.c.
  - CVE-2014-3158

lp:ubuntu/lucid-security/ppp Mature 2014-12-01 15:42:51 UTC 2014-12-01
22. * SECURITY UPDATE: possible privilege...

Author: Marc Deslauriers
Revision Date: 2014-11-26 07:50:57 UTC

* SECURITY UPDATE: possible privilege escalation via option parsing
  - debian/patches/CVE-2014-3158.patch: fix integer overflow in
    pppd/options.c.
  - CVE-2014-3158

lp:ubuntu/lucid-updates/flac Mature 2014-11-27 19:35:27 UTC 2014-11-27
18. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:28:27 UTC

* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-8962.dpatch: validate id in
    src/libFLAC/stream_decoder.c.
  - CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-9028.dpatch: error out to avoid heap overflow
    in src/libFLAC/stream_decoder.c.
  - CVE-2014-9028

lp:ubuntu/lucid-security/flac Mature 2014-11-27 19:07:14 UTC 2014-11-27
18. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:28:27 UTC

* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-8962.dpatch: validate id in
    src/libFLAC/stream_decoder.c.
  - CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-9028.dpatch: error out to avoid heap overflow
    in src/libFLAC/stream_decoder.c.
  - CVE-2014-9028

lp:~ubuntu-branches/ubuntu/lucid/landscape-client/lucid-updates-201411191716 (Has a merge proposal) Development 2014-11-19 17:16:32 UTC 2014-11-19
38. add tracking bug

Author: Martin Pitt
Revision Date: 2012-04-16 10:02:07 UTC

add tracking bug

lp:ubuntu/lucid-updates/konversation Mature 2014-11-15 04:54:51 UTC 2014-11-15
47. * SECURITY UPDATE: out-of-bounds read...

Author: Jonathan Riddell
Revision Date: 2014-11-04 17:40:19 UTC

* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

lp:ubuntu/lucid-security/konversation bug Mature 2014-11-15 04:54:44 UTC 2014-11-15
47. * SECURITY UPDATE: out-of-bounds read...

Author: Jonathan Riddell
Revision Date: 2014-11-04 17:40:19 UTC

* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

lp:ubuntu/lucid-proposed/apt bug Mature 2014-10-30 21:40:45 UTC 2014-10-30
117. [ David Kalnischkies ] * methods/http...

Author: Michael Vogt
Revision Date: 2014-10-17 10:09:56 UTC

[ David Kalnischkies ]
* methods/http.cc:
  - retry without partial data after a 416 response (closes: 710924)
    LP: #1382401

lp:ubuntu/lucid-security/wget Mature 2014-10-30 10:10:03 UTC 2014-10-30
18. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:10:03 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

lp:ubuntu/lucid-updates/wget Mature 2014-10-30 10:10:03 UTC 2014-10-30
18. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:10:03 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

lp:ubuntu/lucid-security/libxml2 bug Mature 2014-10-22 14:27:25 UTC 2014-10-22
50. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-22 14:27:25 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

lp:ubuntu/lucid-updates/libxml2 Mature 2014-10-22 14:27:25 UTC 2014-10-22
50. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-22 14:27:25 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

lp:ubuntu/lucid-security/wpasupplicant Mature 2014-10-14 18:03:23 UTC 2014-10-14
9. * SECURITY UPDATE: arbitrary command ...

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:27:24 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c.
  - CVE-2014-3686

lp:ubuntu/lucid-updates/wpasupplicant Mature 2014-10-10 09:27:24 UTC 2014-10-10
10. * SECURITY UPDATE: arbitrary command ...

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:27:24 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c.
  - CVE-2014-3686

lp:ubuntu/lucid-security/rsyslog Mature 2014-10-09 16:51:44 UTC 2014-10-09
28. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-02 11:36:23 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid PRI value
  - debian/patches/CVE-2014-3634.patch: limit PRI values in
    runtime/rsyslog.h.
  - CVE-2014-3634
  - CVE-2014-3683

lp:ubuntu/lucid-security/bash Mature 2014-10-07 14:26:26 UTC 2014-10-07
51. * SECURITY UPDATE: incorrect function...

Author: Marc Deslauriers
Revision Date: 2014-10-07 14:26:26 UTC

* SECURITY UPDATE: incorrect function definition parsing with
  here-document delimited by end-of-file
  - debian/patches/CVE-2014-6277.dpatch: properly handle closing
    delimiter in copy_cmd.c, make_cmd.c.
  - CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
  command substitutions
  - debian/patches/CVE-2014-6278.dpatch: properly handle certain parsing
    attempts in builtins/evalstring.c, parse.y, shell.h.
  - CVE-2014-6278
* debian/rules: added new patches to list.
* Updated patches with official upstream versions:
  - debian/patches/CVE-2014-6271.dpatch
  - debian/patches/CVE-2014-7169.dpatch
  - debian/patches/variables-affix.dpatch
  - debian/patches/CVE-2014-718x.dpatch

lp:ubuntu/lucid-updates/bash Mature 2014-10-07 14:26:26 UTC 2014-10-07
51. * SECURITY UPDATE: incorrect function...

Author: Marc Deslauriers
Revision Date: 2014-10-07 14:26:26 UTC

* SECURITY UPDATE: incorrect function definition parsing with
  here-document delimited by end-of-file
  - debian/patches/CVE-2014-6277.dpatch: properly handle closing
    delimiter in copy_cmd.c, make_cmd.c.
  - CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
  command substitutions
  - debian/patches/CVE-2014-6278.dpatch: properly handle certain parsing
    attempts in builtins/evalstring.c, parse.y, shell.h.
  - CVE-2014-6278
* debian/rules: added new patches to list.
* Updated patches with official upstream versions:
  - debian/patches/CVE-2014-6271.dpatch
  - debian/patches/CVE-2014-7169.dpatch
  - debian/patches/variables-affix.dpatch
  - debian/patches/CVE-2014-718x.dpatch

lp:ubuntu/lucid-updates/rsyslog Mature 2014-10-02 11:36:23 UTC 2014-10-02
28. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-10-02 11:36:23 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid PRI value
  - debian/patches/CVE-2014-3634.patch: limit PRI values in
    runtime/rsyslog.h.
  - CVE-2014-3634
  - CVE-2014-3683

lp:ubuntu/lucid-proposed/man-db bug Mature 2014-09-23 17:14:45 UTC 2014-09-23
23. Cache the value of man-db/auto-update...

Author: Colin Watson
Revision Date: 2014-09-23 11:56:37 UTC

Cache the value of man-db/auto-update in the file system, so that we
don't have to talk to debconf when processing triggers (LP: #1372673).

lp:ubuntu/lucid-security/apt bug Mature 2014-09-23 16:41:58 UTC 2014-09-23
111. * SECURITY UPDATE: - fix potential ...

Author: Michael Vogt
Revision Date: 2014-09-23 08:58:49 UTC

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
  are used and those are on a different partition than
  the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

lp:ubuntu/lucid-updates/man-db Mature 2014-09-23 11:56:37 UTC 2014-09-23
23. Cache the value of man-db/auto-update...

Author: Colin Watson
Revision Date: 2014-09-23 11:56:37 UTC

Cache the value of man-db/auto-update in the file system, so that we
don't have to talk to debconf when processing triggers (LP: #1372673).

lp:ubuntu/lucid-updates/apt bug Mature 2014-09-23 08:58:49 UTC 2014-09-23
111. * SECURITY UPDATE: - fix potential ...

Author: Michael Vogt
Revision Date: 2014-09-23 08:58:49 UTC

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
  are used and those are on a different partition than
  the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

lp:ubuntu/lucid-security/nspr Mature 2014-09-19 08:25:13 UTC 2014-09-19
24. * Update to 4.10.7 to support nss sec...

Author: Marc Deslauriers
Revision Date: 2014-09-19 08:25:13 UTC

* Update to 4.10.7 to support nss security update.
* Removed unneeded patches:
  - debian/patches/30_config_64bits.patch: no longer needed
  - debian/patches/99_configure.patch: no longer needed
  - debian/patches/CVE-2013-5607.patch: included upstream.
  - debian/patches/CVE-2014-1545.patch: included upstream.
* debian/libnspr4-0d.symbols: updated for new version.
* debian/rules: adjust paths, add --enable-64bit when appropriate.

lp:ubuntu/lucid-updates/nspr Mature 2014-09-19 08:25:13 UTC 2014-09-19
24. * Update to 4.10.7 to support nss sec...

Author: Marc Deslauriers
Revision Date: 2014-09-19 08:25:13 UTC

* Update to 4.10.7 to support nss security update.
* Removed unneeded patches:
  - debian/patches/30_config_64bits.patch: no longer needed
  - debian/patches/99_configure.patch: no longer needed
  - debian/patches/CVE-2013-5607.patch: included upstream.
  - debian/patches/CVE-2014-1545.patch: included upstream.
* debian/libnspr4-0d.symbols: updated for new version.
* debian/rules: adjust paths, add --enable-64bit when appropriate.

lp:ubuntu/lucid-security/python-django bug Mature 2014-09-10 13:07:32 UTC 2014-09-10
39. * SECURITY UPDATE: incorrect url vali...

Author: Marc Deslauriers
Revision Date: 2014-09-10 13:07:32 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

lp:ubuntu/lucid-updates/python-django bug Mature 2014-09-10 13:07:32 UTC 2014-09-10
39. * SECURITY UPDATE: incorrect url vali...

Author: Marc Deslauriers
Revision Date: 2014-09-10 13:07:32 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

lp:ubuntu/lucid-security/nss bug Mature 2014-09-09 07:54:31 UTC 2014-09-09
34. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2014-09-09 07:54:31 UTC

* SECURITY UPDATE: possible arbitrary code execution via race condition
  - debian/patches/CVE-2014-1544.patch: prevent
    nssTrustDomain_AddCertsToCache from freeing the CERTCertificate
    associated with the NSSCertificate in nss/lib/pk11wrap/pk11cert.c.
  - CVE-2014-1544

lp:ubuntu/lucid-updates/procmail Mature 2014-09-04 18:26:09 UTC 2014-09-04
13. * SECURITY UPDATE: heap overflow in f...

Author: Marc Deslauriers
Revision Date: 2014-09-04 09:43:29 UTC

* SECURITY UPDATE: heap overflow in formail via malformed from header
  - src/formisc.c: handle unbalanced quotes
  - Patch by Tavis Ormandy
  - CVE-2014-3618

lp:ubuntu/lucid-security/procmail Mature 2014-09-04 17:50:14 UTC 2014-09-04
13. * SECURITY UPDATE: heap overflow in f...

Author: Marc Deslauriers
Revision Date: 2014-09-04 09:43:29 UTC

* SECURITY UPDATE: heap overflow in formail via malformed from header
  - src/formisc.c: handle unbalanced quotes
  - Patch by Tavis Ormandy
  - CVE-2014-3618

1100 of 23030 results