Branches for Maverick

Name Status Last Modified Last Commit
lp:ubuntu/maverick-proposed/cloud-init bug Development 2013-08-01 22:12:32 UTC
35. * add ability to configure Acquire::h...

Author: Scott Moser
Revision Date: 2012-03-16 14:36:07 UTC

* add ability to configure Acquire::http::Pipeline-Depth via
  cloud-config setting 'apt_pipelining' (LP: #948461)
* debian/cloud-init.postinst: address population of apt_pipeline
  setting on installation.

lp:~ubuntu-branches/ubuntu/maverick/cloud-init/maverick-201308012007 (Has a merge proposal) Development 2013-08-01 20:07:21 UTC
56. do not use ec2 ubuntu archive if inst...

Author: Scott Moser
Revision Date: 2010-09-16 04:28:55 UTC

do not use ec2 ubuntu archive if instance is VPC (LP: #615545)

lp:ubuntu/maverick-proposed/eglibc bug Development 2013-06-25 06:20:11 UTC
60. * Re-enable the upstream change: 20...

Author: Matthias Klose
Revision Date: 2011-03-27 17:57:07 UTC

* Re-enable the upstream change:
  2010-06-02 Kirill A. Shutemov <kirill@shutemov.name>
      * elf/dl-reloc.c: Flush cache after solving TEXTRELs if arch
      requires it.
  Working OpenJDK ARM assembler interpreter. LP: #605042.

lp:ubuntu/maverick-security/eglibc bug Mature 2013-06-25 06:20:08 UTC
58. * SECURITY UPDATE: timezone header pa...

Author: Steve Beattie
Revision Date: 2012-03-06 12:12:55 UTC

* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
  - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
    TZ file header
  - CVE-2009-5029
* SECURITY UPDATE: memory consumption denial of service in fnmatch
  - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
    stack use in fnmatch.
  - CVE-2011-1071
* SECURITY UPDATE: /etc/mtab corruption denial of service
  - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
    error in addmnt even for cached streams
  - CVE-2011-1089
* SECURITY UPDATE: insufficient locale environment sanitization
  - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
    LANG environment variable.
  - CVE-2011-1095
* SECURITY UPDATE: ld.so insecure handling of privileged programs'
  RPATHs with $ORIGIN
  - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
    RPATH and ORIGIN
  - CVE-2011-1658
* SECURITY UPDATE: fnmatch integer overflow
  - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
    pattern in wide character representation
  - CVE-2011-1659
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
  - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
    many open fds is detected
  - CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
  check bypass
  - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
    overflow
  - CVE-2012-0864

lp:ubuntu/maverick-updates/empathy bug Mature 2012-09-01 00:38:30 UTC
124. * SECURITY UPDATE: remote HTML inject...

Author: Steve Beattie
Revision Date: 2011-10-25 15:58:45 UTC

* SECURITY UPDATE: remote HTML injection (LP: #879301)
  - debian/patches/75_empathy-CVE-2011-3635-lp879301.patch: escape
    HTML in when displaying other users' names. (Thanks to upstream
    for patch.)
  - CVE-2011-3635, CVE-2011-4170

lp:~ubuntu-branches/ubuntu/maverick/empathy/maverick-201208312044 (Has a merge proposal) Development 2012-08-31 20:44:49 UTC
123. * debian/patches/91_git_fix_gtalk_for...

Author: Didier Roche-Tolomelli
Revision Date: 2010-10-01 16:06:56 UTC

* debian/patches/91_git_fix_gtalk_for_new_accounts.patch:
  - from upstream: fix empathy to be compatible with gtalk new accounts

lp:ubuntu/maverick-proposed/kdepim-runtime bug Development 2012-08-09 18:36:16 UTC
27. * New upstream release per KDE microv...

Author: Scott Kitterman
Revision Date: 2011-02-18 12:45:11 UTC

* New upstream release per KDE microversion update exception (LP: #721269)
  - Fix so versions for building with KDE 4.5
  - Bump down kde-sc-dev-latest and kdelibs5-dev to 4.5.1 to build for maverick

lp:~bzr/ubuntu/maverick/bzr/beta-ppa Development 2012-07-25 08:31:48 UTC
160. Fix mangled duplication in debian/pat...

Author: Max Bowsher
Revision Date: 2012-07-25 08:31:48 UTC

Fix mangled duplication in debian/patches/03_spurious_test_failure

lp:ubuntu/maverick/moon bug Mature 2012-07-24 11:49:21 UTC
13. * ARM development made possible by Ge...

Author: Jo Shields
Revision Date: 2010-10-04 20:58:14 UTC

* ARM development made possible by Genesi USA
* add_arm_to_firefox-xpi.m4.patch:
  + For reasons best known to themselves, Mozilla don't define a
    plugin ABI for several platforms, including ARM. This patch
    tweaks the build system not to fail on ARM, by setting the
    bogus Linux_unknownABI ABI on ARM, rather than bailing out.
    (LP: #635406)
* realign_nocodec_API_with_codec_API.patch:
  + Import upstream git commit 66993b158727585e889d, which fixes
    the build on architectures without official binary codecs
    available (such as ARM and PowerPC).

lp:~bzr/ubuntu/maverick/bzr-git/bzr-ppa Development 2012-07-24 03:40:50 UTC
79. Move upstream source modifications to...

Author: Max Bowsher
Revision Date: 2012-07-24 03:40:50 UTC

Move upstream source modifications to quilt patch.

lp:~bzr/ubuntu/maverick/dulwich/bzr-ppa Development 2012-07-21 01:21:19 UTC
466. Increment version.

Author: Max Bowsher
Revision Date: 2012-07-21 01:21:19 UTC

Increment version.

lp:~bzr/ubuntu/maverick/python-backport-helper/ppa Development 2012-07-21 00:58:12 UTC
5. Build distro-info with python-support.

Author: Max Bowsher
Revision Date: 2012-07-21 00:58:12 UTC

Build distro-info with python-support.

lp:~bzr/ubuntu/maverick/bzr/bzr-ppa bug Development 2012-07-20 20:53:11 UTC
160. Actually add debian/patches/07_revert...

Author: Max Bowsher
Revision Date: 2012-07-20 20:52:39 UTC

Actually add debian/patches/07_revert_no_tty

lp:~svn/ubuntu/maverick/serf/ppa Development 2012-06-27 23:36:08 UTC
14. maverick

Author: Max Bowsher
Revision Date: 2012-06-27 23:17:57 UTC

maverick

lp:ubuntu/maverick-proposed/tomcat6 bug Mature 2012-05-04 23:15:30 UTC
28. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-01-25 14:09:00 UTC

* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

lp:ubuntu/maverick-security/tomcat6 bug Mature 2012-05-04 23:15:28 UTC
28. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-01-25 14:09:00 UTC

* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

lp:ubuntu/maverick-proposed/all-in-one-sidebar bug Development 2012-04-30 06:36:19 UTC
10. * Install a copy of the xpi to be pic...

Author: Chris Coulson
Revision Date: 2012-01-10 10:34:53 UTC

* Install a copy of the xpi to be picked up by the Ubufox addon
  installer, to transition adblock to a local user extension. Build-depend
  on a new enough mozilla-devscripts and also depend on ubufox (LP: #904594)
  - update debian/rules
  - update debian/control

lp:ubuntu/maverick-updates/all-in-one-sidebar Development 2012-04-30 06:35:28 UTC
10. * Install a copy of the xpi to be pic...

Author: Chris Coulson
Revision Date: 2012-01-10 10:34:53 UTC

* Install a copy of the xpi to be picked up by the Ubufox addon
  installer, to transition adblock to a local user extension. Build-depend
  on a new enough mozilla-devscripts and also depend on ubufox (LP: #904594)
  - update debian/rules
  - update debian/control

lp:ubuntu/maverick-security/all-in-one-sidebar Development 2012-04-30 06:35:18 UTC
10. * Install a copy of the xpi to be pic...

Author: Chris Coulson
Revision Date: 2012-01-10 10:34:53 UTC

* Install a copy of the xpi to be picked up by the Ubufox addon
  installer, to transition adblock to a local user extension. Build-depend
  on a new enough mozilla-devscripts and also depend on ubufox (LP: #904594)
  - update debian/rules
  - update debian/control

lp:ubuntu/maverick-security/update-manager bug Development 2012-04-24 10:20:32 UTC
300. * REGRESSION FIX: - DistUpgrade/Di...

Author: Marc Deslauriers
Revision Date: 2012-02-15 22:45:27 UTC

* REGRESSION FIX:
  - DistUpgrade/DistUpgradeViewKDE.py: fix regression caused by improper
    return value handling. (LP: #933225)

lp:ubuntu/maverick-updates/grub bug Development 2012-04-24 07:54:18 UTC
99. Work around LP #684875: detect /dev/s...

Author: Colin Watson
Revision Date: 2011-09-28 00:58:01 UTC

Work around LP #684875: detect /dev/sd* devices with major number 202,
which are really /dev/xvddevices in disguise, and don't use UUIDs for
expressing them as GRUB drives either (LP: #720558).

lp:ubuntu/maverick-proposed/grub Development 2012-04-24 07:53:55 UTC
99. Work around LP #684875: detect /dev/s...

Author: Colin Watson
Revision Date: 2011-09-28 00:58:01 UTC

Work around LP #684875: detect /dev/sd* devices with major number 202,
which are really /dev/xvddevices in disguise, and don't use UUIDs for
expressing them as GRUB drives either (LP: #720558).

lp:ubuntu/maverick/cairo-dock-plugins Development 2012-04-12 06:55:51 UTC
6. [ Nobuhiro Iwamatsu ] * Fix typo in c...

Author: Nobuhiro Iwamatsu
Revision Date: 2010-08-06 01:32:39 UTC

[ Nobuhiro Iwamatsu ]
* Fix typo in cairo-dock-illusion-plugin (Closes: #588463, #588449).
[ Youhei SASAKI ]
* Bump Standard Version: 3.9.1
* Separate patches:
  - fix-plugin-version: change Scooby-Do and Network-monitor reqired version
  - fix-lintian-interreter_error: fix dustbin.conf VERSION_DUSTBIN
  - modified_clean_target: exclude clean_target for data/*.conf

lp:~ubuntu-branches/ubuntu/maverick/cairo-dock-plugins/weird Mature 2012-04-12 06:48:11 UTC
20. releasing version 2.2.0~4-0ubuntu1

Author: Didier Roche-Tolomelli
Revision Date: 2010-10-06 19:06:18 UTC

releasing version 2.2.0~4-0ubuntu1

lp:ubuntu/maverick-proposed/tzdata bug Mature 2012-04-11 11:27:42 UTC
79. * New upstream release 2012b: - Upd...

Author: Martin Pitt
Revision Date: 2012-03-09 08:47:09 UTC

* New upstream release 2012b:
  - Update DST rules for Chile (LP: #948328), Armenia, Samoa, Cuba,
    Falkland.
  - Fix historic DST rules for Canada.
  - Add leap seconds for June 2012.

lp:ubuntu/maverick-updates/libvirt bug Development 2012-04-11 10:13:28 UTC
114. New version of debian/patches/lxc-use...

Author: Serge Hallyn
Revision Date: 2011-11-15 08:06:57 UTC

New version of debian/patches/lxc-use-own-ptyfns.patch. Previous version
failed to build.

lp:ubuntu/maverick-proposed/libvirt Development 2012-04-11 10:12:53 UTC
114. New version of debian/patches/lxc-use...

Author: Serge Hallyn
Revision Date: 2011-11-15 08:06:57 UTC

New version of debian/patches/lxc-use-own-ptyfns.patch. Previous version
failed to build.

lp:ubuntu/maverick/mdadm bug Development 2012-04-11 07:49:35 UTC
54. * debian/initramfs/hook: Added follow...

Author: Surbhi Palande
Revision Date: 2010-09-13 18:59:03 UTC

* debian/initramfs/hook: Added following code (invoked on update-initramfs)
  (LP: #617725):
  - create a mdadm.conf if it is not found in /etc and copy it in initramfs
  - update an existing mdadm.conf in the initramfs if it does'nt include
    a definition of any array
  - warn the user if the definition of an active array is not found in the
    initramfs/etc/mdadm.conf

lp:ubuntu/maverick-updates/ruby1.8 Development 2012-04-11 07:09:20 UTC
39. * SECURITY UPDATE: Cross-site scripti...

Author: Tyler Hicks
Revision Date: 2012-02-21 16:28:51 UTC

* SECURITY UPDATE: Cross-site scripting via HTTP error responses
  - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
    set for HTTP error responses. Based on upstream patch.
  - CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

lp:ubuntu/maverick-security/ruby1.8 Development 2012-04-11 07:09:15 UTC
39. * SECURITY UPDATE: Cross-site scripti...

Author: Tyler Hicks
Revision Date: 2012-02-21 16:28:51 UTC

* SECURITY UPDATE: Cross-site scripting via HTTP error responses
  - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
    set for HTTP error responses. Based on upstream patch.
  - CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

lp:ubuntu/maverick/gimp bug Mature 2012-04-11 06:05:21 UTC
55. [ Sam L. ] Changed the description in...

Author: Robert Ancell
Revision Date: 2010-08-27 12:11:20 UTC

[ Sam L. ]
Changed the description in debian/control to be less confusing.
(LP: #599785)

lp:ubuntu/maverick-updates/gimp Development 2012-04-11 06:04:57 UTC
58. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2011-09-21 10:04:38 UTC

* SECURITY UPDATE: possible arbitrary code execution via malformed GIF
  - debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in
    plug-ins/common/file-gif-load.c.
  - CVE-2011-2896

lp:ubuntu/maverick-proposed/gimp Development 2012-04-11 06:04:51 UTC
56. * debian/patches/01_add_missing_calls...

Author: Bilal Akhtar
Revision Date: 2010-11-10 23:39:24 UTC

* debian/patches/01_add_missing_calls_to_cairo_surface_mark_dirty.patch:
  - Add missing calls to function cairo_surface_mark_dirty to fix the
    problem of prints and print previews coming up as blank pages.
    (LP: #636329)

lp:ubuntu/maverick-security/gimp Development 2012-04-11 06:04:45 UTC
58. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2011-09-21 10:04:38 UTC

* SECURITY UPDATE: possible arbitrary code execution via malformed GIF
  - debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in
    plug-ins/common/file-gif-load.c.
  - CVE-2011-2896

lp:ubuntu/maverick-updates/icu Development 2012-04-11 02:41:53 UTC
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-01-25 15:11:21 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  out of bounds access
  - debian/patches/CVE-2011-4599.patch: add bounds checks in
    source/common/uloc.c.
  - CVE-2011-4599

lp:ubuntu/maverick-security/icu Development 2012-04-11 02:41:48 UTC
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-01-25 15:11:21 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  out of bounds access
  - debian/patches/CVE-2011-4599.patch: add bounds checks in
    source/common/uloc.c.
  - CVE-2011-4599

lp:ubuntu/maverick/icu Development 2012-04-11 02:41:44 UTC
15. Change install-doc target to not fail...

Author: Jay Berkenbilt
Revision Date: 2009-09-04 11:56:06 UTC

Change install-doc target to not fail if there are subdirectories of
doc/html. This is necessary to handle the doc/html/search directory
created by doxygen 3.6.1. (Closes: #544799)

lp:ubuntu/maverick/mutt bug Mature 2012-04-11 01:18:17 UTC
30. Drop libtokyocabinet-dev (universe) f...

Author: Michael Bienia
Revision Date: 2010-07-19 22:42:16 UTC

Drop libtokyocabinet-dev (universe) from Build-Depends, use always
libgdbm-dev and also use gdbm for the header cache backend. (lp: #607448)

lp:ubuntu/maverick-updates/mutt Development 2012-04-11 01:18:09 UTC
31. * SECURITY UPDATE: Failure to verify ...

Author: Tyler Hicks
Revision Date: 2011-09-22 00:34:19 UTC

* SECURITY UPDATE: Failure to verify that a server's hostname matches the
  Common Name listed in a certificate when setting up a TLS connection.
  - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate.
  - CVE-2011-1429

lp:ubuntu/maverick-security/mutt Development 2012-04-11 01:18:05 UTC
31. * SECURITY UPDATE: Failure to verify ...

Author: Tyler Hicks
Revision Date: 2011-09-22 00:34:19 UTC

* SECURITY UPDATE: Failure to verify that a server's hostname matches the
  Common Name listed in a certificate when setting up a TLS connection.
  - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate.
  - CVE-2011-1429

lp:ubuntu/maverick-proposed/linux-mvl-dove bug Mature 2012-04-10 09:36:32 UTC
50. * Release Tracking Bug - LP: #96706...

Author: Paolo Pisati
Revision Date: 2012-03-30 18:17:15 UTC

* Release Tracking Bug
  - LP: #967066

[ Paolo Pisati ]

* Rebased to 2.6.32-41.88

[ Ubuntu: 2.6.32-41.88 ]

* Release Tracking Bug
  - LP: #966443
* [Config] restore build-% shortcut
* SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
  - LP: #963685
* Revert "Revert "USB: xhci - fix unsafe macro definitions""
  - LP: #948139
* Revert "Revert "USB: xhci - fix math in xhci_get_endpoint_interval()""
  - LP: #948139
* Revert "Revert "xhci: Fix full speed bInterval encoding.""
  - LP: #948139
* bsg: fix sysfs link remove warning
  - LP: #946928
* hwmon: (f75375s) Fix bit shifting in f75375_write16
  - LP: #948139
* lib: proportion: lower PROP_MAX_SHIFT to 32 on 64-bit kernel
  - LP: #948139
* relay: prevent integer overflow in relay_open()
  - LP: #948139
* mac80211: timeout a single frame in the rx reorder buffer
  - LP: #948139
* kernel.h: fix wrong usage of __ratelimit()
  - LP: #948139
* printk_ratelimited(): fix uninitialized spinlock
  - LP: #948139
* hwmon: (f75375s) Fix automatic pwm mode setting for F75373 & F75375
  - LP: #948139
* crypto: sha512 - Use binary and instead of modulus
  - LP: #948139
* crypto: sha512 - Avoid stack bloat on i386
  - LP: #948139
* crypto: sha512 - use standard ror64()
  - LP: #948139
* SCSI: 3w-9xxx fix bug in sgl loading
  - LP: #948139
* ARM: 7321/1: cache-v7: Disable preemption when reading CCSIDR
  - LP: #948139
* ARM: 7325/1: fix v7 boot with lockdep enabled
  - LP: #948139
* USB: Added Kamstrup VID/PIDs to cp210x serial driver.
  - LP: #948139
* USB: Fix handoff when BIOS disables host PCI device.
  - LP: #948139
* xhci: Fix encoding for HS bulk/control NAK rate.
  - LP: #948139
* hdpvr: fix race conditon during start of streaming
  - LP: #948139
* cdrom: use copy_to_user() without the underscores
  - LP: #948139
* autofs: work around unhappy compat problem on x86-64
  - LP: #948139
* Fix autofs compile without CONFIG_COMPAT
  - LP: #948139
* compat: fix compile breakage on s390
  - LP: #948139
* PM: Print a warning if firmware is requested when tasks are frozen
  - LP: #948139
* firmware loader: allow builtin firmware load even if usermodehelper is
  disabled
  - LP: #948139
* PM / Sleep: Fix freezer failures due to racy
  usermodehelper_is_disabled()
  - LP: #948139
* PM / Sleep: Fix read_unlock_usermodehelper() call.
  - LP: #948139
* Linux 2.6.32.58
  - LP: #948139
* regset: Prevent null pointer reference on readonly regsets
  - LP: #949905
  - CVE-2012-1097
* regset: Return -EFAULT, not -EIO, on host-side memory fault
  - LP: #949905
  - CVE-2012-1097
* KVM: Remove ability to assign a device without iommu support
  - LP: #897812
  - CVE-2011-4347
* eCryptfs: Copy up lower inode attrs after setting lower xattr
* eCryptfs: Improve statfs reporting
  - LP: #885744
* drm/i915: no lvds quirk for AOpen MP45
  - LP: #955078
* drm/radeon/kms: fix MSI re-arm on rv370+
  - LP: #955078
* Linux 2.6.32.58+drm33.24
  - LP: #955078
* KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid"
  - LP: #917842
  - CVE-2012-0045
* KVM: x86: fix missing checks in syscall emulation
  - LP: #917842
  - CVE-2012-0045
* eCryptfs: Clear ECRYPTFS_NEW_FILE flag during truncate
  - LP: #745836
* compat: Re-add missing asm/compat.h include to fix compile breakage on
  s390
  - LP: #959252
* IA64: Remove COMPAT_IA32 support
  - LP: #959252
* writeback: fixups for !dirty_writeback_centisecs
  - LP: #959252
* KEYS: Enable the compat keyctl wrapper on s390x
  - LP: #959252
* cifs: fix dentry refcount leak when opening a FIFO on lookup
  - LP: #959252
* net/usbnet: avoid recursive locking in usbnet_stop()
  - LP: #959252
* watchdog: hpwdt: clean up set_memory_x call for 32 bit
  - LP: #959252
* blkfront: Fix backtrace in del_gendisk
  - LP: #959252
* Linux 2.6.32.59
  - LP: #959252
* USB: EHCI: go back to using the system clock for QH unlinks
  - LP: #624510
* kmod: fix resource leak in call_usermodehelper_pipe()
  - LP: #963685
* kmod: add init function to usermodehelper
  - LP: #963685
* usermodehelper: use UMH_WAIT_PROC consistently
  - LP: #963685
* usermodehelper: introduce umh_complete(sub_info)
  - LP: #963685
* usermodehelper: implement UMH_KILLABLE
  - LP: #963685
* usermodehelper: kill umh_wait, renumber UMH_* constants
  - LP: #963685
* usermodehelper: ____call_usermodehelper() doesn't need do_exit()
  - LP: #963685
* kmod: introduce call_modprobe() helper
  - LP: #963685
* kmod: make __request_module() killable
  - LP: #963685

lp:ubuntu/maverick-updates/linux-mvl-dove bug Mature 2012-04-10 09:36:23 UTC
49. * Release Tracking Bug - LP: #94789...

Author: Paolo Pisati
Revision Date: 2012-03-07 15:23:30 UTC

* Release Tracking Bug
  - LP: #947896

[ Paolo Pisati ]

* Rebased to 2.6.32-40.87

[ Ubuntu: 2.6.32-40.87 ]

* Release Tracking Bug
  - LP: #947375
* IB/mlx4: pass SMP vendor-specific attribute MADs to firmware
  - LP: #932043
* mm/filemap_xip.c: fix race condition in xip_file_fault()
  - LP: #932043
* NFSv4: Fix up the callers of nfs4_state_end_reclaim_reboot
  - LP: #932043
* NFSv4: The state manager shouldn't exit on errors that were handled
  - LP: #932043
* NFSv4: Ensure the state manager handles NFS4ERR_NO_GRACE correctly
  - LP: #932043
* NFSv4: Handle NFS4ERR_GRACE when recovering an expired lease.
  - LP: #932043
* NFSv4: Fix open recovery
  - LP: #932043
* rpc client can not deal with ENOSOCK, so translate it into ENOCONN
  - LP: #932043
* udf: Mark LVID buffer as uptodate before marking it dirty
  - LP: #932043
* eCryptfs: Infinite loop due to overflow in ecryptfs_write()
  - LP: #932043
* atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume
  - LP: #932043
* Staging: asus_oled: fix image processing
  - LP: #932043
* Staging: android: binder: Don't call dump_stack in binder_vma_open
  - LP: #932043
* Staging: android: binder: Fix crashes when sharing a binder file
  between processes
  - LP: #932043
* usb: gadget: zero: fix bug in loopback autoresume handling
  - LP: #932043
* usb: Skip PCI USB quirk handling for Netlogic XLP
  - LP: #932043
* USB: usbserial: add new PID number (0xa951) to the ftdi driver
  - LP: #932043
* mmc: cb710 core: Add missing spin_lock_init for irq_lock of struct
  cb710_chip
  - LP: #932043
* net: fix sk_forward_alloc corruptions
  - LP: #932043
* net: sock_queue_err_skb() dont mess with sk_forward_alloc
  - LP: #932043
* Linux 2.6.32.57
  - LP: #932043
* Ban ecryptfs over ecryptfs
  - LP: #932987
* eCryptfs: Remove mmap from directory operations
  - LP: #400443
* eCryptfs: Use notify_change for truncating lower inodes
  - LP: #451368
* ecryptfs: read on a directory should return EISDIR if not supported
  - LP: #719691
* eCryptfs: Remove extra d_delete in ecryptfs_rmdir
  - LP: #723518
* eCryptfs: Clear i_nlink in rmdir
  - LP: #723518
* KVM: Device assignment permission checks
  - LP: #897812
  - CVE-2011-4347
* block: Fix io_context leak after clone with CLONE_IO
  - LP: #940743
  - CVE-2012-0879
* block: Fix io_context leak after failure of clone with CLONE_IO
  - LP: #940743
  - CVE-2012-0879
* eCryptfs: Handle failed metadata read in lookup
  - LP: #509180
* drm/i915: Fix TV Out refresh rate.
  - LP: #945114
* Linux 2.6.32.57+drm33.23
  - LP: #945114

lp:ubuntu/maverick-updates/gnutls26 Mature 2012-04-10 08:18:24 UTC
22. * SECURITY UPDATE: Denial of service ...

Author: Tyler Hicks
Revision Date: 2012-04-04 11:13:02 UTC

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
    patch.
  - CVE-2012-1573

lp:~kroq-gar78/ubuntu/maverick/clamav-getfiles/fix-572660 bug Development 2012-04-09 23:01:21 UTC
10. Change 'precise' to 'maverick' in cha...

Author: Aditya V
Revision Date: 2012-04-09 23:01:21 UTC

Change 'precise' to 'maverick' in changelog

lp:ubuntu/maverick-proposed/linux-ti-omap4 bug Mature 2012-04-08 02:33:18 UTC
32. * Release Tracking Bug - LP: #96706...

Author: Paolo Pisati
Revision Date: 2012-03-30 16:52:51 UTC

* Release Tracking Bug
  - LP: #967065

[ Upstream Kernel Changes ]

* regset: Prevent null pointer reference on readonly regsets
  - LP: #949905
  - CVE-2012-1097
* regset: Return -EFAULT, not -EIO, on host-side memory fault
  - LP: #949905
  - CVE-2012-1097
* mm: memcg: Correct unregistring of events attached to the same eventfd
  - LP: #952828
  - CVE-2012-1146

lp:ubuntu/maverick-security/gnutls26 Mature 2012-04-05 22:26:33 UTC
22. * SECURITY UPDATE: Denial of service ...

Author: Tyler Hicks
Revision Date: 2012-04-04 11:13:02 UTC

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
    patch.
  - CVE-2012-1573

lp:ubuntu/maverick-security/libpng Mature 2012-04-05 08:41:07 UTC
31. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-04-05 08:41:07 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048

lp:ubuntu/maverick-updates/libpng Mature 2012-04-05 08:41:07 UTC
31. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-04-05 08:41:07 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048

lp:ubuntu/maverick-security/tiff bug Mature 2012-04-02 11:01:42 UTC
18. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-04-02 11:01:42 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  tiffdump
  - debian/patches/CVE-2010-4665.patch: prevent integer overflow in
    tools/tiffdump.c.
  - CVE-2010-4665
* SECURITY UPDATE: arbitrary code execution via size overflow
  - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
    libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
  - CVE-2012-1173

lp:ubuntu/maverick-updates/tiff Mature 2012-04-02 11:01:42 UTC
18. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-04-02 11:01:42 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  tiffdump
  - debian/patches/CVE-2010-4665.patch: prevent integer overflow in
    tools/tiffdump.c.
  - CVE-2010-4665
* SECURITY UPDATE: arbitrary code execution via size overflow
  - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
    libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
  - CVE-2012-1173

lp:ubuntu/maverick-proposed/linux-meta-mvl-dove bug Mature 2012-03-30 15:46:52 UTC
32. linux-mvl-dove 2.6.32-425.44

Author: Herton R. Krzesinski
Revision Date: 2012-03-30 15:46:52 UTC

linux-mvl-dove 2.6.32-425.44

lp:ubuntu/maverick-backports/mosh Mature 2012-03-28 08:13:59 UTC
5. Automated backport upload; no source ...

Author: Evan Broder
Revision Date: 2012-03-28 03:44:44 UTC

Automated backport upload; no source changes.

lp:ubuntu/maverick-updates/ca-certificates-java bug Mature 2012-03-28 05:50:23 UTC
8. * debian/postinst: forcibly remove di...

Author: Marc Deslauriers
Revision Date: 2012-03-23 09:51:16 UTC

* debian/postinst: forcibly remove diginotar cert. It could be left
  behind under certain circumstances. (LP: #920758)
* debian/jks-keystore.hook: properly strip .pem extension from aliases.
  Also, look up and remove old incorrect aliases if necessary.
* debian/control: bump ca-certificates Build-Depends to latest security
  update to make sure we don't bundle old certificates.

lp:ubuntu/maverick-security/ca-certificates-java Mature 2012-03-28 05:48:13 UTC
8. * debian/postinst: forcibly remove di...

Author: Marc Deslauriers
Revision Date: 2012-03-23 09:51:16 UTC

* debian/postinst: forcibly remove diginotar cert. It could be left
  behind under certain circumstances. (LP: #920758)
* debian/jks-keystore.hook: properly strip .pem extension from aliases.
  Also, look up and remove old incorrect aliases if necessary.
* debian/control: bump ca-certificates Build-Depends to latest security
  update to make sure we don't bundle old certificates.

lp:ubuntu/maverick-backports/wesnoth-1.10 Mature 2012-03-26 12:10:00 UTC
4. * Backport to maverick, changes kept:...

Author: Gerfried Fuchs
Revision Date: 2012-03-06 13:32:11 UTC

* Backport to maverick, changes kept:
  - Switch to use ttf-droid instead of fonts-droid which is not available in
    maverick.

lp:ubuntu/maverick-security/thunderbird bug Mature 2012-03-23 14:10:33 UTC
57. * New upstream release v3.1.20 (THUND...

Author: Micah Gersten
Revision Date: 2012-03-13 00:31:49 UTC

* New upstream release v3.1.20 (THUNDERBIRD_3_1_20_BUILD1)
  - see LP: #953720 for USN information

lp:ubuntu/maverick-security/mahara bug Mature 2012-03-23 06:13:29 UTC
20. * SECURITY UPDATE: Fix default config...

Author: Melissa Draper
Revision Date: 2012-03-21 00:23:05 UTC

* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
  - Default configuration changed to prevent impersonation (LP: #958841)
  - debian/patches/saml_multi_default_config.patch: upstream patch

lp:ubuntu/maverick-updates/pyspf Mature 2012-03-22 08:10:16 UTC
18. Fix issues with false error generatio...

Author: Scott Kitterman
Revision Date: 2012-03-14 07:44:11 UTC

Fix issues with false error generation due to CNAMES (LP: #954936

lp:ubuntu/maverick-security/freetype Mature 2012-03-21 19:57:51 UTC
35. * SECURITY UPDATE: Denial of service ...

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

lp:ubuntu/maverick-updates/freetype Mature 2012-03-21 19:57:51 UTC
35. * SECURITY UPDATE: Denial of service ...

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

lp:ubuntu/maverick-updates/mahara Mature 2012-03-21 00:23:05 UTC
20. * SECURITY UPDATE: Fix default config...

Author: Melissa Draper
Revision Date: 2012-03-21 00:23:05 UTC

* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
  - Default configuration changed to prevent impersonation (LP: #958841)
  - debian/patches/saml_multi_default_config.patch: upstream patch

lp:ubuntu/maverick-updates/libdbd-pg-perl Mature 2012-03-20 19:50:11 UTC
26. fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-03-19 15:35:51 UTC

fake sync from Debian

lp:ubuntu/maverick-security/libdbd-pg-perl Mature 2012-03-20 19:50:05 UTC
26. fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-03-19 15:35:51 UTC

fake sync from Debian

lp:ubuntu/maverick-updates/libyaml-libyaml-perl Mature 2012-03-20 19:48:00 UTC
4. fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-03-19 15:28:36 UTC

fake sync from Debian

lp:ubuntu/maverick-security/libyaml-libyaml-perl Mature 2012-03-20 19:47:56 UTC
4. fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-03-19 15:28:36 UTC

fake sync from Debian

lp:ubuntu/maverick-security/xulrunner-1.9.2 bug Mature 2012-03-20 06:00:30 UTC
29. * New upstream release v1.9.2.28 (FIR...

Author: Micah Gersten
Revision Date: 2012-03-13 01:15:10 UTC

* New upstream release v1.9.2.28 (FIREFOX_3_6_28_BUILD1)
  - see LP: #953736 for USN information

lp:ubuntu/maverick-security/bindwood bug Mature 2012-03-17 07:51:22 UTC
24. This extension is incompatible with F...

Author: Marc Deslauriers
Revision Date: 2012-03-16 11:03:44 UTC

This extension is incompatible with Firefox 11, and is causing the
browser to fail. Since the bookmarks sync feature is no longer
available in Ubuntu One, make this package empty until someone fixes
it. (LP: #957010)

lp:ubuntu/maverick-updates/bindwood Mature 2012-03-17 07:50:41 UTC
24. This extension is incompatible with F...

Author: Marc Deslauriers
Revision Date: 2012-03-16 11:03:44 UTC

This extension is incompatible with Firefox 11, and is causing the
browser to fail. Since the bookmarks sync feature is no longer
available in Ubuntu One, make this package empty until someone fixes
it. (LP: #957010)

lp:ubuntu/maverick-updates/gcc-4.4 bug Mature 2012-03-15 23:39:17 UTC
85. Fix PR tree-optimization/52430, taken...

Author: Matthias Klose
Revision Date: 2012-03-08 20:44:24 UTC

Fix PR tree-optimization/52430, taken from the 4.4 branch. LP: #931637.

lp:ubuntu/maverick-security/gcc-4.4 Mature 2012-03-15 23:38:32 UTC
85. Fix PR tree-optimization/52430, taken...

Author: Matthias Klose
Revision Date: 2012-03-08 20:44:24 UTC

Fix PR tree-optimization/52430, taken from the 4.4 branch. LP: #931637.

lp:ubuntu/maverick-security/firefox bug Mature 2012-03-15 23:04:19 UTC
87. * New upstream stable release (FIREFO...

Author: Chris Coulson
Revision Date: 2012-03-10 19:25:32 UTC

* New upstream stable release (FIREFOX_11_0_BUILD1)
  - see LP: #951250 for USN information

* Rebuilt against updated gcc to fix LP: #931637
* Ensure that the crash reporter is disabled if rebuilt by Ubuntu
  derivatives, as there will be no crash symbols for those
  - update debian/rules
* Only add "Ubuntu" to the UA string when being built for Ubuntu
  - update debian/rules
* Temporarily disable ipdl tests due to build failures. These aren't
  enabled upstream, anyway
  - update debian/config/mozconfig.in
* Always set the update channel - not setting it at build-time on release
  builds breaks the extensions.checkCompatibility pref. The only things
  using it at runtime are nsBlocklistService, Test Pilot (beta + aurora)
  and the about dialog (where the channel is hidden anyway)
  - update debian/rules
  - update debian/firefox.install.in
* Fix LP: #898883 - IPC xpcshell tests hang the buildd's. Give all
  xpcshell tests an X display, as plugin-container won't work without one
  - update debian/build/testsuite.mk
* Turn on all IPC xpcshell tests again
  - update debian/build/testsute.mk
* Drop the default-apps xml file - there is already one provided by
  gnome-control-center, so ours duplicates this. We never used to install
  it for Firefox 3.6
  - remove debian/firefox.xml.in
  - update debian/firefox-gnome-support.install.in
  - update debian/rules
* Ship Test Pilot as a distribution addon, like upstream. This means
  that the addon manager can update it. It does also mean that it will
  remain installed in users profiles if they try the beta or aurora
  builds, but the Feedback button is disabled on release builds
  - update debian/firefox.install.in
  - fixes LP: #913357
* Drop patches fixed upstream
  - remove debian/patches/fix-cursor-handling.patch
  - update debian/patches/series
* Call xvfb-run with "-a" in case there are other servers running on the
  builder
  - update debian/build/testsuite.mk
* Really fix LP: #898883 - IPC xpcshell tests hang the build. What was
  actually happening is plugin-container would fail to start because all
  available X connections had been used up by many instances of dbus-launch,
  spawned each time an xpcshell tried to talk to the session bus. Because
  we run all of the xpcshell tests with one Xvfb instance, the buses
  accumulate until the available X connections all run out. To fix this, run
  all tests requiring a display inside dbus-launch, so we create just a
  single bus for all xpcshell tests
  - update debian/build/testsuite.mk
  - update debian/control{,.in}
* Add Ligurian to locale blacklist, as we don't support this in Ubuntu
  - update debian/config/locales.blacklist
* Fix LP: #918763 - Revert the temporary investigation patch for
  bmo: #621446, as it breaks GCC4.4
  - add debian/patches/revert-bmo621446-investigation.patch
  - update debian/patches/series
* Refresh patches
  - update debian/patches/ubuntu-ua-string-changes.patch
  - update debian/patches/mozilla-kde.patch
  - update debian/patches/firefox-kde.patch
* Fix LP: #915895 - Just set autoDisableScopes to 0. Other distributions
  are already doing this, and we already made this feature pretty much
  useless by allowing extensions in the application directory, so that our
  language packs aren't disabled by default
  - update debian/vendor.js
* Drop the solid white separators from the addressbar autocomplete dropdown,
  and increase padding so that it doesn't look so bad with dark themes
  - add debian/patches/autocomplete-theme-tweak.patch
  - update debian/patches/series
* Fix LP: #926495 - Add patch based on one from bmo: #691898 to enable
  building on ppc again
  - add debian/patches/fix-build-failure-without-yarr-jit.patch
  - update debian/patches/series
* Fix LP: #926495 - Disable the SPS profiler on unsupported architectures
  - add debian/patches/no-sps-profiler-on-unsupported-archs.patch
  - update debian/patches/series
* Add a missing include in gfx/angle/src/compiler/Types.h (backported
  from Aurora)
  - add debian/patches/fix-missing-stl-include-in-angle.patch
  - update debian/patches/series

lp:ubuntu/maverick-security/ubufox bug Mature 2012-03-15 22:22:20 UTC
48. * New upstream release. - Drop Ask....

Author: Chris Coulson
Revision Date: 2012-03-02 22:47:21 UTC

* New upstream release.
  - Drop Ask.com searchplugin
  - LP: #951250
* Refresh debian/patches/addon_installer.patch
* Move back out of the application directory now that LP: #915895 is fixed.
  The original solution didn't really make much sense
  - update debian/rules

lp:ubuntu/maverick-proposed/app-install-data-partner bug Mature 2012-03-15 03:10:36 UTC
9. Update VMware View Client entry to re...

Author: Adam Conrad
Revision Date: 2012-03-14 20:32:04 UTC

Update VMware View Client entry to remove "Tech Preview" (LP: #950993)

lp:ubuntu/maverick-proposed/pyspf bug Mature 2012-03-14 21:18:38 UTC
18. Fix issues with false error generatio...

Author: Scott Kitterman
Revision Date: 2012-03-14 07:44:11 UTC

Fix issues with false error generation due to CNAMES (LP: #954936

lp:ubuntu/maverick-updates/app-install-data-partner Mature 2012-03-14 20:32:04 UTC
9. Update VMware View Client entry to re...

Author: Adam Conrad
Revision Date: 2012-03-14 20:32:04 UTC

Update VMware View Client entry to remove "Tech Preview" (LP: #950993)

lp:~smoser/ubuntu/maverick/cloud-init/lp942961-apt-pipeline bug(Has a merge proposal) Development 2012-03-14 19:25:33 UTC
58. fix typo in postinst causing pipelini...

Author: Scott Moser
Revision Date: 2012-03-14 18:54:23 UTC

fix typo in postinst causing pipelining to run more than desired

lp:ubuntu/maverick-security/gdm-guest-session bug Mature 2012-03-13 13:39:27 UTC
22. * SECURITY UPDATE: Guest session arbi...

Author: Marc Deslauriers
Revision Date: 2012-03-12 11:16:50 UTC

* SECURITY UPDATE: Guest session arbitrary file deletion (LP: #953044)
  - gdm/guest-session-cleanup.sh: Use find/xargs with 0 separators
    instead of spaces. Thanks to Martin Pitt for the fix.
  - Thanks to Ryan Lortie for reporting this issue.
  - CVE-2012-0943

lp:ubuntu/maverick-updates/xulrunner-1.9.2 Mature 2012-03-13 01:15:10 UTC
29. * New upstream release v1.9.2.28 (FIR...

Author: Micah Gersten
Revision Date: 2012-03-13 01:15:10 UTC

* New upstream release v1.9.2.28 (FIREFOX_3_6_28_BUILD1)
  - see LP: #953736 for USN information

lp:ubuntu/maverick-updates/thunderbird Mature 2012-03-13 00:31:49 UTC
57. * New upstream release v3.1.20 (THUND...

Author: Micah Gersten
Revision Date: 2012-03-13 00:31:49 UTC

* New upstream release v3.1.20 (THUNDERBIRD_3_1_20_BUILD1)
  - see LP: #953720 for USN information

lp:ubuntu/maverick-updates/gdm-guest-session Mature 2012-03-12 11:16:50 UTC
22. * SECURITY UPDATE: Guest session arbi...

Author: Marc Deslauriers
Revision Date: 2012-03-12 11:16:50 UTC

* SECURITY UPDATE: Guest session arbitrary file deletion (LP: #953044)
  - gdm/guest-session-cleanup.sh: Use find/xargs with 0 separators
    instead of spaces. Thanks to Martin Pitt for the fix.
  - Thanks to Ryan Lortie for reporting this issue.
  - CVE-2012-0943

lp:~bzr/ubuntu/maverick/bzr-svn/bzr-ppa Development 2012-03-11 22:53:55 UTC
430. For maverick and earlier, generate a ...

Author: Max Bowsher
Revision Date: 2012-03-11 22:47:56 UTC

For maverick and earlier, generate a C.UTF-8 locale before using it to run
the tests.

lp:ubuntu/maverick-updates/firefox Mature 2012-03-10 19:25:32 UTC
87. * New upstream stable release (FIREFO...

Author: Chris Coulson
Revision Date: 2012-03-10 19:25:32 UTC

* New upstream stable release (FIREFOX_11_0_BUILD1)
  - see LP: #951250 for USN information

* Rebuilt against updated gcc to fix LP: #931637
* Ensure that the crash reporter is disabled if rebuilt by Ubuntu
  derivatives, as there will be no crash symbols for those
  - update debian/rules
* Only add "Ubuntu" to the UA string when being built for Ubuntu
  - update debian/rules
* Temporarily disable ipdl tests due to build failures. These aren't
  enabled upstream, anyway
  - update debian/config/mozconfig.in
* Always set the update channel - not setting it at build-time on release
  builds breaks the extensions.checkCompatibility pref. The only things
  using it at runtime are nsBlocklistService, Test Pilot (beta + aurora)
  and the about dialog (where the channel is hidden anyway)
  - update debian/rules
  - update debian/firefox.install.in
* Fix LP: #898883 - IPC xpcshell tests hang the buildd's. Give all
  xpcshell tests an X display, as plugin-container won't work without one
  - update debian/build/testsuite.mk
* Turn on all IPC xpcshell tests again
  - update debian/build/testsute.mk
* Drop the default-apps xml file - there is already one provided by
  gnome-control-center, so ours duplicates this. We never used to install
  it for Firefox 3.6
  - remove debian/firefox.xml.in
  - update debian/firefox-gnome-support.install.in
  - update debian/rules
* Ship Test Pilot as a distribution addon, like upstream. This means
  that the addon manager can update it. It does also mean that it will
  remain installed in users profiles if they try the beta or aurora
  builds, but the Feedback button is disabled on release builds
  - update debian/firefox.install.in
  - fixes LP: #913357
* Drop patches fixed upstream
  - remove debian/patches/fix-cursor-handling.patch
  - update debian/patches/series
* Call xvfb-run with "-a" in case there are other servers running on the
  builder
  - update debian/build/testsuite.mk
* Really fix LP: #898883 - IPC xpcshell tests hang the build. What was
  actually happening is plugin-container would fail to start because all
  available X connections had been used up by many instances of dbus-launch,
  spawned each time an xpcshell tried to talk to the session bus. Because
  we run all of the xpcshell tests with one Xvfb instance, the buses
  accumulate until the available X connections all run out. To fix this, run
  all tests requiring a display inside dbus-launch, so we create just a
  single bus for all xpcshell tests
  - update debian/build/testsuite.mk
  - update debian/control{,.in}
* Add Ligurian to locale blacklist, as we don't support this in Ubuntu
  - update debian/config/locales.blacklist
* Fix LP: #918763 - Revert the temporary investigation patch for
  bmo: #621446, as it breaks GCC4.4
  - add debian/patches/revert-bmo621446-investigation.patch
  - update debian/patches/series
* Refresh patches
  - update debian/patches/ubuntu-ua-string-changes.patch
  - update debian/patches/mozilla-kde.patch
  - update debian/patches/firefox-kde.patch
* Fix LP: #915895 - Just set autoDisableScopes to 0. Other distributions
  are already doing this, and we already made this feature pretty much
  useless by allowing extensions in the application directory, so that our
  language packs aren't disabled by default
  - update debian/vendor.js
* Drop the solid white separators from the addressbar autocomplete dropdown,
  and increase padding so that it doesn't look so bad with dark themes
  - add debian/patches/autocomplete-theme-tweak.patch
  - update debian/patches/series
* Fix LP: #926495 - Add patch based on one from bmo: #691898 to enable
  building on ppc again
  - add debian/patches/fix-build-failure-without-yarr-jit.patch
  - update debian/patches/series
* Fix LP: #926495 - Disable the SPS profiler on unsupported architectures
  - add debian/patches/no-sps-profiler-on-unsupported-archs.patch
  - update debian/patches/series
* Add a missing include in gfx/angle/src/compiler/Types.h (backported
  from Aurora)
  - add debian/patches/fix-missing-stl-include-in-angle.patch
  - update debian/patches/series

lp:ubuntu/maverick-updates/libxml-atom-perl Mature 2012-03-10 13:18:56 UTC
16. fake sync from Debian

Author: Tyler Hicks
Revision Date: 2012-03-09 14:38:28 UTC

fake sync from Debian

lp:ubuntu/maverick-security/libxml-atom-perl Mature 2012-03-10 13:18:52 UTC
16. fake sync from Debian

Author: Tyler Hicks
Revision Date: 2012-03-09 14:38:28 UTC

fake sync from Debian

lp:ubuntu/maverick-backports/puppet Mature 2012-03-09 17:35:50 UTC
45. Automated backport upload; no source ...

Author: Micah Gersten
Revision Date: 2012-03-09 17:35:50 UTC

Automated backport upload; no source changes.

lp:ubuntu/maverick-updates/tzdata bug Mature 2012-03-09 08:47:09 UTC
79. * New upstream release 2012b: - Upd...

Author: Martin Pitt
Revision Date: 2012-03-09 08:47:09 UTC

* New upstream release 2012b:
  - Update DST rules for Chile (LP: #948328), Armenia, Samoa, Cuba,
    Falkland.
  - Fix historic DST rules for Canada.
  - Add leap seconds for June 2012.

lp:ubuntu/maverick-security/python-pam bug Mature 2012-03-09 07:01:20 UTC
12. * SECURITY UPDATE: possible code exec...

Author: Marc Deslauriers
Revision Date: 2012-03-08 09:11:03 UTC

* SECURITY UPDATE: possible code execution via double-free (LP: #949218)
  - PAMmodule.c: prevent double free in PyPAM_conv().
  - Thanks to Markus Vervier for the notification and the patch.
  - CVE-2012-1502

lp:ubuntu/maverick-updates/python-pam Mature 2012-03-09 07:00:41 UTC
12. * SECURITY UPDATE: possible code exec...

Author: Marc Deslauriers
Revision Date: 2012-03-08 09:11:03 UTC

* SECURITY UPDATE: possible code execution via double-free (LP: #949218)
  - PAMmodule.c: prevent double free in PyPAM_conv().
  - Thanks to Markus Vervier for the notification and the patch.
  - CVE-2012-1502

lp:ubuntu/maverick-updates/plib Mature 2012-03-08 07:33:22 UTC
9. fake sync from Debian

Author: Tyler Hicks
Revision Date: 2012-03-07 14:11:19 UTC

fake sync from Debian

lp:ubuntu/maverick-security/plib Mature 2012-03-08 07:14:02 UTC
9. fake sync from Debian

Author: Tyler Hicks
Revision Date: 2012-03-07 14:11:19 UTC

fake sync from Debian

lp:ubuntu/maverick-updates/linux-meta-mvl-dove Mature 2012-03-07 15:44:26 UTC
31. linux-mvl-dove 2.6.32-424.43

Author: Herton R. Krzesinski
Revision Date: 2012-03-07 15:44:26 UTC

linux-mvl-dove 2.6.32-424.43

lp:ubuntu/maverick-updates/eglibc Mature 2012-03-06 12:12:55 UTC
58. * SECURITY UPDATE: timezone header pa...

Author: Steve Beattie
Revision Date: 2012-03-06 12:12:55 UTC

* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
  - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
    TZ file header
  - CVE-2009-5029
* SECURITY UPDATE: memory consumption denial of service in fnmatch
  - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
    stack use in fnmatch.
  - CVE-2011-1071
* SECURITY UPDATE: /etc/mtab corruption denial of service
  - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
    error in addmnt even for cached streams
  - CVE-2011-1089
* SECURITY UPDATE: insufficient locale environment sanitization
  - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
    LANG environment variable.
  - CVE-2011-1095
* SECURITY UPDATE: ld.so insecure handling of privileged programs'
  RPATHs with $ORIGIN
  - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
    RPATH and ORIGIN
  - CVE-2011-1658
* SECURITY UPDATE: fnmatch integer overflow
  - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
    pattern in wide character representation
  - CVE-2011-1659
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
  - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
    many open fds is detected
  - CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
  check bypass
  - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
    overflow
  - CVE-2012-0864

lp:ubuntu/maverick-updates/rpy Mature 2012-03-05 18:43:56 UTC
14. No-change rebuild for R 2.11.1 (LP: #...

Author: Stefano Rivera
Revision Date: 2011-10-28 21:07:03 UTC

No-change rebuild for R 2.11.1 (LP: #883204)

lp:ubuntu/maverick-updates/ubufox Mature 2012-03-02 22:47:21 UTC
48. * New upstream release. - Drop Ask....

Author: Chris Coulson
Revision Date: 2012-03-02 22:47:21 UTC

* New upstream release.
  - Drop Ask.com searchplugin
  - LP: #951250
* Refresh debian/patches/addon_installer.patch
* Move back out of the application directory now that LP: #915895 is fixed.
  The original solution didn't really make much sense
  - update debian/rules

lp:ubuntu/maverick-proposed/mysql-5.1 bug Mature 2012-03-01 19:45:28 UTC
20. * SECURITY UPDATE: Update to 5.1.61 t...

Author: Marc Deslauriers
Revision Date: 2012-02-22 14:16:05 UTC

* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
  (LP: #937869)
  - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
  - CVE-2011-2262
  - CVE-2012-0075
  - CVE-2012-0112
  - CVE-2012-0113
  - CVE-2012-0114
  - CVE-2012-0115
  - CVE-2012-0116
  - CVE-2012-0117
  - CVE-2012-0118
  - CVE-2012-0119
  - CVE-2012-0120
  - CVE-2012-0484
  - CVE-2012-0485
  - CVE-2012-0486
  - CVE-2012-0487
  - CVE-2012-0488
  - CVE-2012-0489
  - CVE-2012-0490
  - CVE-2012-0491
  - CVE-2012-0492
  - CVE-2012-0493
  - CVE-2012-0494
  - CVE-2012-0495
  - CVE-2012-0496
* Dropped patches unnecessary with 5.1.61:
  - debian/patches/61_CVE-2010-3833.dpatch
  - debian/patches/61_CVE-2010-3834.dpatch
  - debian/patches/61_CVE-2010-3835.dpatch
  - debian/patches/61_CVE-2010-3836.dpatch
  - debian/patches/61_CVE-2010-3837.dpatch
  - debian/patches/61_CVE-2010-3838.dpatch
  - debian/patches/61_CVE-2010-3839.dpatch
  - debian/patches/61_CVE-2010-3840.dpatch
  - debian/patches/60_abi-check-include.dpatch
  - debian/patches/62_disable_longfilename_test.dpatch
  - debian/patches/90_fix_testsuite_for_installed_env.dpatch
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
  debian/libmysqlclient-dev.docs: removed, no longer necessary.

lp:ubuntu/maverick-proposed/kexec-tools bug Mature 2012-02-29 17:21:09 UTC
40. * Backport changes to fix kdump funct...

Author: Chris J Arges
Revision Date: 2012-01-18 15:32:08 UTC

* Backport changes to fix kdump functionality. LP: #828731.
  - debian/kdump.initramfs: call /usr/bin/makedumpfile via a chroot command,
    so that if makedumpfile is statically linked, we get proper library
    resolution. Thanks to Louis Bouchard <louis.bouchard@canonical.com> for
    the patch. LP: #785425.
  - debian/kdump.initramfs: handle the possibility that /usr, /boot, or
    /var is on a separate filesystem and needs to be manually mounted before
    calling makedumpfile. LP: #828731.
  - Depend on makedumpfile, without which the initramfs script doesn't work.
  - Fix an unnecessary bashism.
  - Only install the kdump initramfs script and depend on makedumpfile on
    architectures that makedumpfile supports.

lp:ubuntu/maverick-security/postgresql-8.4 bug Development 2012-02-28 17:01:18 UTC
17. * New upstream bug fix/security relea...

Author: Martin Pitt
Revision Date: 2012-02-27 15:13:58 UTC

* New upstream bug fix/security release: (LP: #941912)
  - Require execute permission on the trigger function for "CREATE
    TRIGGER".
    This missing check could allow another user to execute a trigger
    function with forged input data, by installing it on a table he
    owns. This is only of significance for trigger functions marked
    SECURITY DEFINER, since otherwise trigger functions run as the
    table owner anyway. (CVE-2012-0866)
  - Remove arbitrary limitation on length of common name in SSL
    certificates.
    Both libpq and the server truncated the common name extracted from
    an SSL certificate at 32 bytes. Normally this would cause nothing
    worse than an unexpected verification failure, but there are some
    rather-implausible scenarios in which it might allow one
    certificate holder to impersonate another. The victim would have to
    have a common name exactly 32 bytes long, and the attacker would
    have to persuade a trusted CA to issue a certificate in which the
    common name has that string as a prefix. Impersonating a server
    would also require some additional exploit to redirect client
    connections. (CVE-2012-0867)
  - Convert newlines to spaces in names written in pg_dump comments.
    pg_dump was incautious about sanitizing object names that are
    emitted within SQL comments in its output script. A name containing
    a newline would at least render the script syntactically incorrect.
    Maliciously crafted object names could present a SQL injection risk
    when the script is reloaded. (CVE-2012-0868)
  - Fix btree index corruption from insertions concurrent with
    vacuuming.
    An index page split caused by an insertion could sometimes cause a
    concurrently-running "VACUUM" to miss removing index entries that
    it should remove. After the corresponding table rows are removed,
    the dangling index entries would cause errors (such as "could not
    read block N in file ...") or worse, silently wrong query results
    after unrelated rows are re-inserted at the now-free table
    locations. This bug has been present since release 8.2, but occurs
    so infrequently that it was not diagnosed until now. If you have
    reason to suspect that it has happened in your database, reindexing
    the affected index will fix things.
  - Update per-column permissions, not only per-table permissions, when
    changing table owner.
    Failure to do this meant that any previously granted column
    permissions were still shown as having been granted by the old
    owner. This meant that neither the new owner nor a superuser could
    revoke the now-untraceable-to-table-owner permissions.
  - Allow non-existent values for some settings in "ALTER USER/DATABASE
    SET".
    Allow default_text_search_config, default_tablespace, and
    temp_tablespaces to be set to names that are not known. This is
    because they might be known in another database where the setting
    is intended to be used, or for the tablespace cases because the
    tablespace might not be created yet. The same issue was previously
    recognized for search_path, and these settings now act like that
    one.
  - Avoid crashing when we have problems deleting table files
    post-commit.
    Dropping a table should lead to deleting the underlying disk files
    only after the transaction commits. In event of failure then (for
    instance, because of wrong file permissions) the code is supposed
    to just emit a warning message and go on, since it's too late to
    abort the transaction. This logic got broken as of release 8.4,
    causing such situations to result in a PANIC and an unrestartable
    database.
  - Track the OID counter correctly during WAL replay, even when it
    wraps around.
    Previously the OID counter would remain stuck at a high value until
    the system exited replay mode. The practical consequences of that
    are usually nil, but there are scenarios wherein a standby server
    that's been promoted to master might take a long time to advance
    the OID counter to a reasonable value once values are needed.
  - Fix regular expression back-references with - attached.
    Rather than enforcing an exact string match, the code would
    effectively accept any string that satisfies the pattern
    sub-expression referenced by the back-reference symbol.
    A similar problem still afflicts back-references that are embedded
    in a larger quantified expression, rather than being the immediate
    subject of the quantifier. This will be addressed in a future
    PostgreSQL release.
  - Fix recently-introduced memory leak in processing of inet/cidr
    values.
  - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a
    SQL-language function.
    In most cases this only led to an assertion failure in
    assert-enabled builds, but worse consequences seem possible.
  - Fix I/O-conversion-related memory leaks in plpgsql.
  - Improve pg_dump's handling of inherited table columns.
    pg_dump mishandled situations where a child column has a different
    default expression than its parent column. If the default is
    textually identical to the parent's default, but not actually the
    same (for instance, because of schema search path differences) it
    would not be recognized as different, so that after dump and
    restore the child would be allowed to inherit the parent's default.
    Child columns that are NOT NULL where their parent is not could
    also be restored subtly incorrectly.
  - Fix pg_restore's direct-to-database mode for INSERT-style table
    data.
    Direct-to-database restores from archive files made with
    "--inserts" or "--column-inserts" options fail when using
    pg_restore from a release dated September or December 2011, as a
    result of an oversight in a fix for another problem. The archive
    file itself is not at fault, and text-mode output is okay.
  - Allow AT option in ecpg DEALLOCATE statements.
    The infrastructure to support this has been there for awhile, but
    through an oversight there was still an error check rejecting the
    case.
  - Fix error in "contrib/intarray"'s int[] & int[] operator.
    If the smallest integer the two input arrays have in common is 1,
    and there are smaller values in either array, then 1 would be
    incorrectly omitted from the result.
  - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and
    decrypt_iv().
    These functions failed to report certain types of invalid-input
    errors, and would instead return random garbage values for
    incorrect input.
  - Fix one-byte buffer overrun in "contrib/test_parser".
    The code would try to read one more byte than it should, which
    would crash in corner cases. Since "contrib/test_parser" is only
    example code, this is not a security issue in itself, but bad
    example code is still bad.
  - Use __sync_lock_test_and_set() for spinlocks on ARM, if available.
    This function replaces our previous use of the SWPB instruction,
    which is deprecated and not available on ARMv6 and later. Reports
    suggest that the old code doesn't fail in an obvious way on recent
    ARM boards, but simply doesn't interlock concurrent accesses,
    leading to bizarre failures in multiprocess operation.
  - Use "-fexcess-precision=standard" option when building with gcc
    versions that accept it.
    This prevents assorted scenarios wherein recent versions of gcc
    will produce creative results.
  - Allow use of threaded Python on FreeBSD.
    Our configure script previously believed that this combination
    wouldn't work; but FreeBSD fixed the problem, so remove that error
    check.
* Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch: applied upstream.

lp:ubuntu/maverick-security/linux-ti-omap4 bug Mature 2012-02-28 14:33:28 UTC
31. [Herton R. Krzesinski] * Release Tra...

Author: Herton R. Krzesinski
Revision Date: 2012-02-28 14:33:28 UTC

[Herton R. Krzesinski]

* Release Tracking Bug
  - LP: #942766

[ Paolo Pisati ]

* [Config] Move to a 3G/1G memory split
  - LP: #861296

lp:ubuntu/maverick-updates/linux-ti-omap4 Mature 2012-02-28 14:33:28 UTC
31. [Herton R. Krzesinski] * Release Tra...

Author: Herton R. Krzesinski
Revision Date: 2012-02-28 14:33:28 UTC

[Herton R. Krzesinski]

* Release Tracking Bug
  - LP: #942766

[ Paolo Pisati ]

* [Config] Move to a 3G/1G memory split
  - LP: #861296

lp:ubuntu/maverick-updates/postgresql-8.4 bug Mature 2012-02-27 15:13:58 UTC
17. * New upstream bug fix/security relea...

Author: Martin Pitt
Revision Date: 2012-02-27 15:13:58 UTC

* New upstream bug fix/security release: (LP: #941912)
  - Require execute permission on the trigger function for "CREATE
    TRIGGER".
    This missing check could allow another user to execute a trigger
    function with forged input data, by installing it on a table he
    owns. This is only of significance for trigger functions marked
    SECURITY DEFINER, since otherwise trigger functions run as the
    table owner anyway. (CVE-2012-0866)
  - Remove arbitrary limitation on length of common name in SSL
    certificates.
    Both libpq and the server truncated the common name extracted from
    an SSL certificate at 32 bytes. Normally this would cause nothing
    worse than an unexpected verification failure, but there are some
    rather-implausible scenarios in which it might allow one
    certificate holder to impersonate another. The victim would have to
    have a common name exactly 32 bytes long, and the attacker would
    have to persuade a trusted CA to issue a certificate in which the
    common name has that string as a prefix. Impersonating a server
    would also require some additional exploit to redirect client
    connections. (CVE-2012-0867)
  - Convert newlines to spaces in names written in pg_dump comments.
    pg_dump was incautious about sanitizing object names that are
    emitted within SQL comments in its output script. A name containing
    a newline would at least render the script syntactically incorrect.
    Maliciously crafted object names could present a SQL injection risk
    when the script is reloaded. (CVE-2012-0868)
  - Fix btree index corruption from insertions concurrent with
    vacuuming.
    An index page split caused by an insertion could sometimes cause a
    concurrently-running "VACUUM" to miss removing index entries that
    it should remove. After the corresponding table rows are removed,
    the dangling index entries would cause errors (such as "could not
    read block N in file ...") or worse, silently wrong query results
    after unrelated rows are re-inserted at the now-free table
    locations. This bug has been present since release 8.2, but occurs
    so infrequently that it was not diagnosed until now. If you have
    reason to suspect that it has happened in your database, reindexing
    the affected index will fix things.
  - Update per-column permissions, not only per-table permissions, when
    changing table owner.
    Failure to do this meant that any previously granted column
    permissions were still shown as having been granted by the old
    owner. This meant that neither the new owner nor a superuser could
    revoke the now-untraceable-to-table-owner permissions.
  - Allow non-existent values for some settings in "ALTER USER/DATABASE
    SET".
    Allow default_text_search_config, default_tablespace, and
    temp_tablespaces to be set to names that are not known. This is
    because they might be known in another database where the setting
    is intended to be used, or for the tablespace cases because the
    tablespace might not be created yet. The same issue was previously
    recognized for search_path, and these settings now act like that
    one.
  - Avoid crashing when we have problems deleting table files
    post-commit.
    Dropping a table should lead to deleting the underlying disk files
    only after the transaction commits. In event of failure then (for
    instance, because of wrong file permissions) the code is supposed
    to just emit a warning message and go on, since it's too late to
    abort the transaction. This logic got broken as of release 8.4,
    causing such situations to result in a PANIC and an unrestartable
    database.
  - Track the OID counter correctly during WAL replay, even when it
    wraps around.
    Previously the OID counter would remain stuck at a high value until
    the system exited replay mode. The practical consequences of that
    are usually nil, but there are scenarios wherein a standby server
    that's been promoted to master might take a long time to advance
    the OID counter to a reasonable value once values are needed.
  - Fix regular expression back-references with - attached.
    Rather than enforcing an exact string match, the code would
    effectively accept any string that satisfies the pattern
    sub-expression referenced by the back-reference symbol.
    A similar problem still afflicts back-references that are embedded
    in a larger quantified expression, rather than being the immediate
    subject of the quantifier. This will be addressed in a future
    PostgreSQL release.
  - Fix recently-introduced memory leak in processing of inet/cidr
    values.
  - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a
    SQL-language function.
    In most cases this only led to an assertion failure in
    assert-enabled builds, but worse consequences seem possible.
  - Fix I/O-conversion-related memory leaks in plpgsql.
  - Improve pg_dump's handling of inherited table columns.
    pg_dump mishandled situations where a child column has a different
    default expression than its parent column. If the default is
    textually identical to the parent's default, but not actually the
    same (for instance, because of schema search path differences) it
    would not be recognized as different, so that after dump and
    restore the child would be allowed to inherit the parent's default.
    Child columns that are NOT NULL where their parent is not could
    also be restored subtly incorrectly.
  - Fix pg_restore's direct-to-database mode for INSERT-style table
    data.
    Direct-to-database restores from archive files made with
    "--inserts" or "--column-inserts" options fail when using
    pg_restore from a release dated September or December 2011, as a
    result of an oversight in a fix for another problem. The archive
    file itself is not at fault, and text-mode output is okay.
  - Allow AT option in ecpg DEALLOCATE statements.
    The infrastructure to support this has been there for awhile, but
    through an oversight there was still an error check rejecting the
    case.
  - Fix error in "contrib/intarray"'s int[] & int[] operator.
    If the smallest integer the two input arrays have in common is 1,
    and there are smaller values in either array, then 1 would be
    incorrectly omitted from the result.
  - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and
    decrypt_iv().
    These functions failed to report certain types of invalid-input
    errors, and would instead return random garbage values for
    incorrect input.
  - Fix one-byte buffer overrun in "contrib/test_parser".
    The code would try to read one more byte than it should, which
    would crash in corner cases. Since "contrib/test_parser" is only
    example code, this is not a security issue in itself, but bad
    example code is still bad.
  - Use __sync_lock_test_and_set() for spinlocks on ARM, if available.
    This function replaces our previous use of the SWPB instruction,
    which is deprecated and not available on ARMv6 and later. Reports
    suggest that the old code doesn't fail in an obvious way on recent
    ARM boards, but simply doesn't interlock concurrent accesses,
    leading to bizarre failures in multiprocess operation.
  - Use "-fexcess-precision=standard" option when building with gcc
    versions that accept it.
    This prevents assorted scenarios wherein recent versions of gcc
    will produce creative results.
  - Allow use of threaded Python on FreeBSD.
    Our configure script previously believed that this combination
    wouldn't work; but FreeBSD fixed the problem, so remove that error
    check.
* Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch: applied upstream.

1100 of 23010 results