Branches for Natty

Name Status Last Modified Last Commit
lp:ubuntu/natty-security/rssh Mature 2012-08-22 16:44:16 UTC 2012-08-22
13. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-08-22 11:23:49 UTC

fake sync from Debian

lp:ubuntu/natty-security/extplorer Mature 2012-08-22 16:42:27 UTC 2012-08-22
7. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-08-22 11:30:43 UTC

fake sync from Debian

lp:ubuntu/natty-proposed/gnupg Mature 2012-08-21 17:06:04 UTC 2012-08-21
36. debian/patches/long-keyids.dpatch: Us...

Author: Marc Deslauriers
Revision Date: 2012-08-14 08:37:40 UTC

debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.

lp:ubuntu/natty-proposed/gnupg2 Mature 2012-08-21 16:59:51 UTC 2012-08-21
17. debian/patches/long-keyids.diff: Use ...

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:31:24 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

lp:ubuntu/natty-updates/mdadm Mature 2012-08-21 16:57:14 UTC 2012-08-21
59. pass --test to mdadm to enable result...

Author: Clint Byrum
Revision Date: 2011-04-27 15:05:14 UTC

pass --test to mdadm to enable result codes for degraded arrays.
(LP: #761971)

lp:ubuntu/natty-proposed/mdadm bug Mature 2012-08-21 16:57:05 UTC 2012-08-21
61. d/initramfs/mdadm-functions: Record i...

Author: Clint Byrum
Revision Date: 2011-08-24 12:50:11 UTC

d/initramfs/mdadm-functions: Record in /tmp when boot-degraded
question has been asked so that it is only asked once (LP: #820111)
Backported from oneiric, replacing /run with /tmp since neither
/run nor /var/run are available this early in natty's boot.

lp:ubuntu/natty-updates/libconfig-inifiles-perl Mature 2012-08-21 11:52:53 UTC 2012-08-21
9. * SECURITY UPDATE: insecure temporary...

Author: Jamie Strandboge
Revision Date: 2012-08-17 08:11:55 UTC

* SECURITY UPDATE: insecure temporary file usage
  - debian/patches/CVE-2012-2451.patch: adjust to use tempfile()
  - CVE-2012-2451

lp:ubuntu/natty-security/libconfig-inifiles-perl Mature 2012-08-21 11:52:40 UTC 2012-08-21
9. * SECURITY UPDATE: insecure temporary...

Author: Jamie Strandboge
Revision Date: 2012-08-17 08:11:55 UTC

* SECURITY UPDATE: insecure temporary file usage
  - debian/patches/CVE-2012-2451.patch: adjust to use tempfile()
  - CVE-2012-2451

lp:ubuntu/natty-updates/globus-gridftp-server-control Mature 2012-08-21 11:18:22 UTC 2012-08-21
6. * SECURITY UPDATE: Wrong user mapping...

Author: Mattias Ellert
Revision Date: 2012-07-19 07:20:20 UTC

* SECURITY UPDATE: Wrong user mapping on badly configured server
  (LP: #1027323)
  - debian/patches/globus-gridftp-server-control-pw195.patch: backported
    from upstream
  - CVE-2012-3292

lp:ubuntu/natty-security/globus-gridftp-server-control bug Mature 2012-08-21 11:18:12 UTC 2012-08-21
6. * SECURITY UPDATE: Wrong user mapping...

Author: Mattias Ellert
Revision Date: 2012-07-19 07:20:20 UTC

* SECURITY UPDATE: Wrong user mapping on badly configured server
  (LP: #1027323)
  - debian/patches/globus-gridftp-server-control-pw195.patch: backported
    from upstream
  - CVE-2012-3292

lp:ubuntu/natty-updates/globus-gridftp-server Mature 2012-08-21 11:10:49 UTC 2012-08-21
7. * SECURITY UPDATE: Wrong user mapping...

Author: Mattias Ellert
Revision Date: 2012-07-19 07:07:16 UTC

* SECURITY UPDATE: Wrong user mapping on badly configured server
  (LP: #1027324)
  - debian/patches/globus-gridftp-server-pw195.patch: backported from
    upstream
  - CVE-2012-3292

lp:ubuntu/natty-security/globus-gridftp-server bug Mature 2012-08-21 11:10:42 UTC 2012-08-21
7. * SECURITY UPDATE: Wrong user mapping...

Author: Mattias Ellert
Revision Date: 2012-07-19 07:07:16 UTC

* SECURITY UPDATE: Wrong user mapping on badly configured server
  (LP: #1027324)
  - debian/patches/globus-gridftp-server-pw195.patch: backported from
    upstream
  - CVE-2012-3292

lp:ubuntu/natty-proposed/icedtea-web bug Mature 2012-08-18 02:57:30 UTC 2012-08-18
21. debian/patches/fix-plugin-error-on-ch...

Author: Steve Beattie
Revision Date: 2012-08-03 15:42:11 UTC

debian/patches/fix-plugin-error-on-chromium.patch: fix plugin
table initialization to check only that the subset of hooks that
it uses exists. (LP: #1025553)

lp:ubuntu/natty-security/imagemagick Mature 2012-08-17 09:56:17 UTC 2012-08-17
29. * SECURITY UPDATE: denial of service ...

Author: Jamie Strandboge
Revision Date: 2012-08-17 09:56:17 UTC

* SECURITY UPDATE: denial of service via large resource consumption
  - debian/patches/CVE-2012-3437.patch: always use correct size argument
    with libpng memory allocation
  - CVE-2012-3437

lp:ubuntu/natty-updates/imagemagick Mature 2012-08-17 09:56:17 UTC 2012-08-17
29. * SECURITY UPDATE: denial of service ...

Author: Jamie Strandboge
Revision Date: 2012-08-17 09:56:17 UTC

* SECURITY UPDATE: denial of service via large resource consumption
  - debian/patches/CVE-2012-3437.patch: always use correct size argument
    with libpng memory allocation
  - CVE-2012-3437

lp:ubuntu/natty-security/postgresql-8.4 bug Mature 2012-08-16 17:10:53 UTC 2012-08-16
25. * New upstream security/bug fix relea...

Author: Jamie Strandboge
Revision Date: 2012-08-16 17:10:53 UTC

* New upstream security/bug fix release:
 - Prevent access to external files/URLs via XML entity references
   (Noah Misch, Tom Lane)
   xml_parse() would attempt to fetch external files or URLs as needed
   to resolve DTD and entity references in an XML value, thus allowing
   unprivileged database users to attempt to fetch data with the
   privileges of the database server. While the external data wouldn't
   get returned directly to the user, portions of it could be exposed
   in error messages if the data didn't parse as valid XML; and in any
   case the mere ability to check existence of a file might be useful
   to an attacker. (CVE-2012-3489)
 - Prevent access to external files/URLs via "contrib/xml2"'s
   xslt_process() (Peter Eisentraut)
   libxslt offers the ability to read and write both files and URLs
   through stylesheet commands, thus allowing unprivileged database
   users to both read and write data with the privileges of the
   database server. Disable that through proper use of libxslt's
   security options. (CVE-2012-3488)
   Also, remove xslt_process()'s ability to fetch documents and
   stylesheets from external files/URLs. While this was a documented
   "feature", it was long regarded as a bad idea. The fix for
   CVE-2012-3489 broke that capability, and rather than expend effort
   on trying to fix it, we're just going to summarily remove it.
 - Prevent too-early recycling of btree index pages (Noah Misch)
   When we allowed read-only transactions to skip assigning XIDs, we
   introduced the possibility that a deleted btree page could be
   recycled while a read-only transaction was still in flight to it.
   This would result in incorrect index search results. The
   probability of such an error occurring in the field seems very low
   because of the timing requirements, but nonetheless it should be
   fixed.
 - Fix crash-safety bug with newly-created-or-reset sequences (Tom
   Lane)
   If "ALTER SEQUENCE" was executed on a freshly created or reset
   sequence, and then precisely one nextval() call was made on it, and
   then the server crashed, WAL replay would restore the sequence to a
   state in which it appeared that no nextval() had been done, thus
   allowing the first sequence value to be returned again by the next
   nextval() call. In particular this could manifest for serial
   columns, since creation of a serial column's sequence includes an
   "ALTER SEQUENCE OWNED BY" step.
 - Ensure the "backup_label" file is fsync'd after pg_start_backup()
   (Dave Kerr)
 - Back-patch 9.1 improvement to compress the fsync request queue
   (Robert Haas)
   This improves performance during checkpoints. The 9.1 change has
   now seen enough field testing to seem safe to back-patch.
 - Only allow autovacuum to be auto-canceled by a directly blocked
   process (Tom Lane)
   The original coding could allow inconsistent behavior in some
   cases; in particular, an autovacuum could get canceled after less
   than deadlock_timeout grace period.
 - Improve logging of autovacuum cancels (Robert Haas)
 - Fix log collector so that log_truncate_on_rotation works during the
   very first log rotation after server start (Tom Lane)
 - Fix WITH attached to a nested set operation
   (UNION/INTERSECT/EXCEPT) (Tom Lane)
 - Ensure that a whole-row reference to a subquery doesn't include any
   extra GROUP BY or ORDER BY columns (Tom Lane)
 - Disallow copying whole-row references in CHECK constraints and
   index definitions during "CREATE TABLE" (Tom Lane)
   This situation can arise in "CREATE TABLE" with LIKE or INHERITS.
   The copied whole-row variable was incorrectly labeled with the row
   type of the original table not the new one. Rejecting the case
   seems reasonable for LIKE, since the row types might well diverge
   later. For INHERITS we should ideally allow it, with an implicit
   coercion to the parent table's row type; but that will require more
   work than seems safe to back-patch.
 - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki
   Linnakangas, Tom Lane)
 - Fix extraction of common prefixes from regular expressions (Tom
   Lane)
   The code could get confused by quantified parenthesized
   subexpressions, such as ^(foo)?bar. This would lead to incorrect
   index optimization of searches for such patterns.
 - Fix bugs with parsing signed "hh":"mm" and "hh":"mm":"ss" fields in
   interval constants (Amit Kapila, Tom Lane)
 - Report errors properly in "contrib/xml2"'s xslt_process() (Tom
   Lane)
 - Update time zone data files to tzdata release 2012e for DST law
   changes in Morocco and Tokelau

lp:ubuntu/natty-security/clamav bug Mature 2012-08-16 07:34:47 UTC 2012-08-16
110. * SECURITY REGRESSION: Fix scanning f...

Author: Scott Kitterman
Revision Date: 2012-08-14 22:07:10 UTC

* SECURITY REGRESSION: Fix scanning failure. (LP: #1015405)
  - Upstream commit 6a879ad98460303b23a6fc119769a3b463a902f8 to fix unpack
    errors for various compressed files including some .bz2, .xls, .doc, and
    PDF

lp:ubuntu/natty-proposed/tzdata bug Mature 2012-08-15 21:00:55 UTC 2012-08-15
83. * New upstream release 2012e: - Fix...

Author: Adam Conrad
Revision Date: 2012-08-14 15:43:23 UTC

* New upstream release 2012e:
  - Fixes timezone data for Port-au-Prince, Haiti (LP: #1031836)
* Update debian/copyright and debian/watch for new upstream.

lp:ubuntu/natty-proposed/firefox bug Mature 2012-08-15 18:30:06 UTC 2012-08-15
98. * Update globalmenu-extension to 3.2....

Author: Chris Coulson
Revision Date: 2012-08-14 21:03:58 UTC

* Update globalmenu-extension to 3.2.7
  - Fix for LP: #1035305 - Crash when switching apps back to Firefox
    with Firebug installed

lp:ubuntu/natty-updates/expat Mature 2012-08-15 13:38:55 UTC 2012-08-15
11. * SECURITY UPDATE: Denial of service ...

Author: Tyler Hicks
Revision Date: 2012-08-09 11:53:57 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

lp:ubuntu/natty-updates/tzdata Mature 2012-08-14 15:43:23 UTC 2012-08-14
83. * New upstream release 2012e: - Fix...

Author: Adam Conrad
Revision Date: 2012-08-14 15:43:23 UTC

* New upstream release 2012e:
  - Fixes timezone data for Port-au-Prince, Haiti (LP: #1031836)
* Update debian/copyright and debian/watch for new upstream.

lp:ubuntu/natty-backports/myunity bug Mature 2012-08-12 11:14:06 UTC 2012-08-12
7. No-change backport to natty (LP: #102...

Author: Micah Gersten
Revision Date: 2012-08-12 04:47:07 UTC

No-change backport to natty (LP: #1023894)

lp:ubuntu/natty-security/expat Mature 2012-08-10 07:39:22 UTC 2012-08-10
11. * SECURITY UPDATE: Denial of service ...

Author: Tyler Hicks
Revision Date: 2012-08-09 11:53:57 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

lp:ubuntu/natty-updates/koffice Mature 2012-08-10 06:42:25 UTC 2012-08-10
76. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2012-08-06 10:55:34 UTC

* SECURITY UPDATE: possible arbitrary code execution via malformed Word
  document (LP: #1032934)
  - debian/patches/wv2_buffer_overflow_fix.diff: don't overflow grupx in
    filters/kword/msword-odf/wv2/src/styles.cpp.
  - CVE number pending

lp:ubuntu/natty-security/koffice bug Mature 2012-08-10 06:42:18 UTC 2012-08-10
76. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2012-08-06 10:55:34 UTC

* SECURITY UPDATE: possible arbitrary code execution via malformed Word
  document (LP: #1032934)
  - debian/patches/wv2_buffer_overflow_fix.diff: don't overflow grupx in
    filters/kword/msword-odf/wv2/src/styles.cpp.
  - CVE number pending

lp:ubuntu/natty-updates/network-manager-applet Mature 2012-08-09 22:27:48 UTC 2012-08-09
67. * SECURITY UPDATE: Insecure WPA AdHoc...

Author: Marc Deslauriers
Revision Date: 2012-06-22 08:48:31 UTC

* SECURITY UPDATE: Insecure WPA AdHoc network creation (LP: #905748)
  - debian/patches/CVE-2012-2736.patch: disable WPA-secured adhoc
    wireless networks.
  - CVE-2012-2736

lp:ubuntu/natty-security/network-manager-applet bug Mature 2012-08-09 22:27:42 UTC 2012-08-09
67. * SECURITY UPDATE: Insecure WPA AdHoc...

Author: Marc Deslauriers
Revision Date: 2012-06-22 08:48:31 UTC

* SECURITY UPDATE: Insecure WPA AdHoc network creation (LP: #905748)
  - debian/patches/CVE-2012-2736.patch: disable WPA-secured adhoc
    wireless networks.
  - CVE-2012-2736

lp:ubuntu/natty-proposed/meld bug Mature 2012-08-09 19:54:25 UTC 2012-08-09
27. * debian/patches/fix-slow-bzr-start.p...

Author: Per Ångström
Revision Date: 2012-04-26 10:56:37 UTC

* debian/patches/fix-slow-bzr-start.patch (LP: #988296)
  - Fix slow meld startup on opening complex Bazaar repositories

lp:ubuntu/natty-security/nvidia-graphics-drivers-173 bug Mature 2012-08-05 10:56:06 UTC 2012-08-05
43. * SECURITY UPDATE: privilege escalati...

Author: Marc Deslauriers
Revision Date: 2012-08-05 10:56:06 UTC

* SECURITY UPDATE: privilege escalation via kernel memory access
  - debian/dkms/patches/blacklist-vga-pmu-registers.patch: blacklist
    more offsets in nv.{c,h}.
  - debian/dkms.conf{.in}: added new patch.
  - CVE number pending

lp:ubuntu/natty-updates/nvidia-graphics-drivers-173 Mature 2012-08-05 10:56:06 UTC 2012-08-05
43. * SECURITY UPDATE: privilege escalati...

Author: Marc Deslauriers
Revision Date: 2012-08-05 10:56:06 UTC

* SECURITY UPDATE: privilege escalation via kernel memory access
  - debian/dkms/patches/blacklist-vga-pmu-registers.patch: blacklist
    more offsets in nv.{c,h}.
  - debian/dkms.conf{.in}: added new patch.
  - CVE number pending

lp:ubuntu/natty-security/nvidia-graphics-drivers bug Mature 2012-08-05 09:45:10 UTC 2012-08-05
42. * SECURITY UPDATE: privilege escalati...

Author: Marc Deslauriers
Revision Date: 2012-08-05 09:45:10 UTC

* SECURITY UPDATE: privilege escalation via kernel memory access
  - debian/dkms/patches/blacklist-vga-pmu-registers.patch: blacklist
    more offsets in nv.{c,h}.
  - debian/dkms.conf{.in}: added new patch.
  - CVE number pending

lp:ubuntu/natty-updates/nvidia-graphics-drivers Mature 2012-08-05 09:45:10 UTC 2012-08-05
42. * SECURITY UPDATE: privilege escalati...

Author: Marc Deslauriers
Revision Date: 2012-08-05 09:45:10 UTC

* SECURITY UPDATE: privilege escalation via kernel memory access
  - debian/dkms/patches/blacklist-vga-pmu-registers.patch: blacklist
    more offsets in nv.{c,h}.
  - debian/dkms.conf{.in}: added new patch.
  - CVE number pending

lp:ubuntu/natty-updates/libapache-mod-security Mature 2012-08-04 07:40:04 UTC 2012-08-04
9. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-08-03 11:56:14 UTC

fake sync from Debian

lp:ubuntu/natty-security/libapache-mod-security Mature 2012-08-04 07:39:58 UTC 2012-08-04
9. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-08-03 11:56:14 UTC

fake sync from Debian

lp:ubuntu/natty-security/icedtea-web bug Mature 2012-08-03 15:42:11 UTC 2012-08-03
21. debian/patches/fix-plugin-error-on-ch...

Author: Steve Beattie
Revision Date: 2012-08-03 15:42:11 UTC

debian/patches/fix-plugin-error-on-chromium.patch: fix plugin
table initialization to check only that the subset of hooks that
it uses exists. (LP: #1025553)

lp:ubuntu/natty-security/krb5 bug Development 2012-07-31 19:06:28 UTC 2012-07-31
40. * SECURITY UPDATE: KDC heap corruptio...

Author: Steve Beattie
Revision Date: 2012-07-23 22:15:03 UTC

* SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
  - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c,
    src/lib/kdb/kdb_default.c: initialize pointers both at allocation
    and assignment time
  - CVE-2012-1015
* SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
  - src/lib/kadm5/srv/svr_principal.c: check for null password
  - CVE-2012-1013

lp:ubuntu/natty-security/nss bug Mature 2012-07-30 14:25:20 UTC 2012-07-30
30. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-07-30 14:25:20 UTC

* SECURITY UPDATE: denial of service in QuickDER decoder
  - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
    constraints and zero-length fields in
    nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
    nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
    nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
    nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
    nss/mozilla/security/nss/lib/util/quickder.c.
  - CVE-2012-0441
* debian/rules: added a workaround to get package built on more recent
  kernels.

lp:ubuntu/natty-updates/nss Mature 2012-07-30 14:25:20 UTC 2012-07-30
30. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-07-30 14:25:20 UTC

* SECURITY UPDATE: denial of service in QuickDER decoder
  - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
    constraints and zero-length fields in
    nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
    nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
    nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
    nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
    nss/mozilla/security/nss/lib/util/quickder.c.
  - CVE-2012-0441
* debian/rules: added a workaround to get package built on more recent
  kernels.

lp:ubuntu/natty-updates/mono Mature 2012-07-27 14:21:53 UTC 2012-07-27
29. * SECURITY UPDATE: cross-site scripti...

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:34:56 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
    escape error message.
  - CVE-2012-3382

lp:ubuntu/natty-updates/hg-git Mature 2012-07-26 06:15:15 UTC 2012-07-26
8. 000-fix-line-split-error-on-bad-data-...

Author: Julian Taylor
Revision Date: 2012-04-30 18:40:28 UTC

000-fix-line-split-error-on-bad-data-from-rebase.diff:
fix crash when bad data from rebase is in the log (LP: #986279)

lp:ubuntu/natty-security/mono Mature 2012-07-25 19:54:14 UTC 2012-07-25
29. * SECURITY UPDATE: cross-site scripti...

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:34:56 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
    escape error message.
  - CVE-2012-3382

lp:ubuntu/natty-security/isc-dhcp Mature 2012-07-25 17:28:23 UTC 2012-07-25
25. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-07-25 17:28:23 UTC

* SECURITY UPDATE: denial of service via malformed client identifiers
  - debian/patches/CVE-2012-3571.dpatch: validate packets in
    common/options.{c,h}.
  - CVE-2012-3571.dpatch
* SECURITY UPDATE: denial of service via memory leaks
  - debian/patches/CVE-2012-3954.dpatch: properly manage memory in
    common/options.c and server/dhcpv6.c.
  - CVE-2012-3954

lp:ubuntu/natty-updates/isc-dhcp Mature 2012-07-25 17:28:23 UTC 2012-07-25
25. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-07-25 17:28:23 UTC

* SECURITY UPDATE: denial of service via malformed client identifiers
  - debian/patches/CVE-2012-3571.dpatch: validate packets in
    common/options.{c,h}.
  - CVE-2012-3571.dpatch
* SECURITY UPDATE: denial of service via memory leaks
  - debian/patches/CVE-2012-3954.dpatch: properly manage memory in
    common/options.c and server/dhcpv6.c.
  - CVE-2012-3954

lp:~bzr/ubuntu/natty/bzr/beta-ppa Development 2012-07-25 08:30:54 UTC 2012-07-25
169. Fix mangled duplication in debian/pat...

Author: Max Bowsher
Revision Date: 2012-07-25 08:30:54 UTC

Fix mangled duplication in debian/patches/03_spurious_test_failure

lp:ubuntu/natty-proposed/moon bug Mature 2012-07-24 12:02:31 UTC 2012-07-24
11. * Upload for compatibility with Firef...

Author: Chris Coulson
Revision Date: 2011-06-17 14:59:49 UTC

* Upload for compatibility with Firefox 5 (LP: #798484)
* Make it possible to build without the Firefox bridge
  - add debian/patches/no-mozilla.patch
  - update debian/patches/series
* Don't build with --with-ff3 and drop the xulrunner-dev build-depend,
  therefore switching off the Firefox bridge
  - update debian/rules
  - update debian/control
  - remove debian/patches/xulrunner_20.patch
  - update debian/patches/series
  - remove debian/moonlight-plugin-mozilla.install
* Move the curl bridge from mozilla-plugin-chromium to mozilla-plugin-core,
  for sharing with Firefox
  - update debian/control
  - remove debian/moonlight-plugin-chromium.install
  - update debian/moonlight-plugin-core.install

lp:ubuntu/natty/moon bug Mature 2012-07-24 11:58:30 UTC 2012-07-24
10. * Fix LP: #538796 - cannot open Firef...

Author: Chris Coulson
Revision Date: 2011-01-31 16:04:45 UTC

* Fix LP: #538796 - cannot open Firefox/Chromium/Chrome when moonlight
  is installed, due to a symbol collision with the icedtea plugin. Thanks
  to Evan Martin and Chris Toshok for figuring this out
  - add debian/patches/avoid_icedtea_symbol_collision.patch
  - update debian/patches/series
* Fix build with xulrunner 2.0
  - add debian/patches/xulrunner_20.patch
  - update debian/patches/series

lp:ubuntu/natty-updates/krb5 Mature 2012-07-23 22:15:03 UTC 2012-07-23
40. * SECURITY UPDATE: KDC heap corruptio...

Author: Steve Beattie
Revision Date: 2012-07-23 22:15:03 UTC

* SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
  - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c,
    src/lib/kdb/kdb_default.c: initialize pointers both at allocation
    and assignment time
  - CVE-2012-1015
* SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
  - src/lib/kadm5/srv/svr_principal.c: check for null password
  - CVE-2012-1013

lp:ubuntu/natty-proposed/nss-pam-ldapd bug Mature 2012-07-23 20:51:15 UTC 2012-07-23
15. increase buffer used for pam_authz_se...

Author: Chris J Arges
Revision Date: 2012-07-16 08:39:03 UTC

increase buffer used for pam_authz_search (LP: #951343)

lp:ubuntu/natty-updates/libexif Mature 2012-07-23 19:08:07 UTC 2012-07-23
12. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-07-19 13:46:27 UTC

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.patch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.patch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.patch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.patch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841

lp:ubuntu/natty-security/libexif bug Mature 2012-07-23 18:52:18 UTC 2012-07-23
12. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-07-19 13:46:27 UTC

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.patch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.patch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.patch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.patch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841

lp:~bzr/ubuntu/natty/bzr/bzr-ppa bug Development 2012-07-20 20:49:49 UTC 2012-07-20
169. Actually add debian/patches/07_revert...

Author: Max Bowsher
Revision Date: 2012-07-20 20:49:05 UTC

Actually add debian/patches/07_revert_no_tty

lp:ubuntu/natty-updates/lfm Mature 2012-07-18 16:48:13 UTC 2012-07-18
9. Fix a crash at startup, because of Un...

Author: Bruno Bigras
Revision Date: 2011-09-17 22:19:56 UTC

Fix a crash at startup, because of UnicodeDecodeError (LP: #786491)

lp:ubuntu/natty-updates/insserv Mature 2012-07-18 14:43:36 UTC 2012-07-18
17. Only try to move links in /etc/rc{0,6...

Author: Steve Langasek
Revision Date: 2012-04-13 22:07:25 UTC

Only try to move links in /etc/rc{0,6}.d that match "S0*". LP: #941867.

lp:ubuntu/natty-updates/bluez Mature 2012-07-18 04:12:10 UTC 2012-07-18
60. [ Keng-Yu Lin ] * Add patches/03-More...

Author: Robert Ancell
Revision Date: 2011-08-16 12:26:56 UTC

[ Keng-Yu Lin ]
* Add patches/03-More-retries-when-initialising-the-device.patch
  - Fix the bug of bluetooth staying disabled on resume (LP: #812132)

lp:ubuntu/natty-updates/thunderbird bug Mature 2012-07-17 21:15:05 UTC 2012-07-17
80. * New upstream stable release (THUNDE...

Author: Chris Coulson
Revision Date: 2012-07-13 23:08:02 UTC

* New upstream stable release (THUNDERBIRD_14_0_BUILD1)
  - see LP: #1024564 for USN information

[ Chris Coulson <chris.coulson@canonical.com> ]
* Update globalmenu-extension to 3.2.5
  - Fix a crash in uGlobalMenu::RecycleList::~RecycleList()
  - Fix LP: #1010580 - update the window event timestamp when handling
    menu events
* Drop patches fixed upstream
  - remove debian/patches/revert-bmo621446-investigation.patch
  - update debian/patches/series
* Refresh patches
  - update debian/patches/add-syspref-dir.patch
* Update desktop file translations
  - update debian/thunderbird.desktop.in
* Add application/x-xpinstall to the MimeType field of the desktop file
  - update debian/thunderbird.desktop.in
* Drop almost all mimetypes from the desktop file. Thunderbird won't display
  any of them if you invoke it with files of these types. It will just
  open a Compose window and add the file as an attachment
  - update debian/thunderbird.desktop.in
* Drop the ability to select between tree/system libraries using a single
  option in debian/rules. It adds additional complexity and was never used
  - update debian/config/mozconfig.in
  - update debian/control.in
  - update debian/thunderbird-dev.links.in
  - update debian/rules
* Shuffle the order of google-breakpad/src/common/dwarf/Makefile.in to fix a
  variable substitution issue, which was causing some objects to be built with
  the wrong compiler flags, resulting in dump_syms crashing (LP: #1002590)
  - add debian/patches/fix-makefile-substitution-bug.patch
* Don't set LD_LIBRARY_PATH in our shell wrapper, and install
  dependentlibs.list instead now
  - update debian/thunderbird.sh.in
  - update debian/thunderbird.install.in
* Drop StartupWMClass from the desktop file now that WM_CLASS is the same
  as the binary name (also fixes LP: #1012158)
  - update debian/thunderbird.desktop.in
  - update debian/rules
* Apport hook improvements:
  - Sort preferences alphabetically in the apport data
  - Treat preferences set in default addons as default prefs so that
    they don't show up in apport data, unless the preference files have
    been modified
  - Support random pref files dropped in to the Thunderbird install folder,
    and preferences from application bundles
  - Fix ordering issues when loading preferences
* Update the Apport blacklist file after dropping thunderbird-bin
  - update debian/apport/blacklist.in

[ Ben Collins <ben.collins@ubuntu.com> ]
* Cherry pick patch from aurora to use YARR interpreter on ppc
  - update debian/patches/fix-build-failure-without-yarr-jit.patch
  - update debian/patches/series
* Fix ppc build due to new dtoa library
  - add debian/patches/fix-dtoa-build-on-ppc.patch
  - update debian/patches/series

lp:ubuntu/natty-security/tiff bug Mature 2012-07-16 09:50:58 UTC 2012-07-16
24. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2012-07-16 09:50:58 UTC

* SECURITY UPDATE: possible arbitrary code execution via heap overflow
  in tiff2pdf.
  - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
    tools/tiff2pdf.c.
  - CVE-2012-3401

lp:ubuntu/natty-updates/tiff Mature 2012-07-16 09:50:58 UTC 2012-07-16
24. * SECURITY UPDATE: possible arbitrary...

Author: Marc Deslauriers
Revision Date: 2012-07-16 09:50:58 UTC

* SECURITY UPDATE: possible arbitrary code execution via heap overflow
  in tiff2pdf.
  - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
    tools/tiff2pdf.c.
  - CVE-2012-3401

lp:ubuntu/natty-updates/firefox Mature 2012-07-13 22:47:26 UTC 2012-07-13
103. * New upstream stable release (FIREFO...

Author: Chris Coulson
Revision Date: 2012-07-13 22:47:26 UTC

* New upstream stable release (FIREFOX_14_0_1_BUILD1)
  - see LP: #1024562 for USN information

[ Chris Coulson <chris.coulson@canonical.com> ]
* Update globalmenu-extension to 3.2.5
  - Fix LP: #1010580 - No choice of folder when adding a bookmark from
    the bookmark menu
  - Fix a crash in uGlobalMenu::RecycleList::~RecycleList()
* Refresh patches
  - update debian/patches/ubuntu-codes-google.patch
  - update debian/patches/allow-lockPref-everywhere.patch
  - update debian/patches/plugin-for-mimetype-pref.patch
  - update debian/patches/firefox-kde.patch
* Drop patches fixed upstream
  - remove debian/patches/revert-bmo-621446-investigation.patch
  - update debian/patches/series
* Update desktop file translations
  - update debian/firefox.sh.in
* Drop the application/vnd.mozilla.xul+xml mimetype from the desktop file.
  Firefox hasn't been able to view XUL files from non-chrome URI's since
  version 4.0
  - update debian/firefox.desktop.in
* Add application/x-xpinstall to the MimeType field of the desktop file
  - update debian/firefox.desktop.in
* Drop the ability to select between tree/system libraries using a single
  option in debian/rules. It adds additional complexity and was never used
  - update debian/config/mozconfig.in
  - update debian/control.in
  - update debian/firefox-dev.install.in
  - update debian/firefox-dev.links.in
  - update debian/pkgconfig/libxul.pc.in
  - update debian/rules
* Fix make-makefile test failure when the build directory contains
  perl regexp control characters
  - add debian/patches/make-makefile-test-fix.patch
  - update debian/patches/series
* Shuffle the order of google-breakpad/src/common/dwarf/Makefile.in to fix a
  variable substitution issue, which was causing some objects to be built with
  the wrong compiler flags, resulting in dump_syms crashing (LP: #1002590)
  - add debian/patches/fix-makefile-substitution-bug.patch
* Update StartupWMClass to the correct name
  - update debian/firefox.desktop.in
  - update debian/rules
* Add search plugin for DuckDuckGo
* Fix LP: #1000820 - firefox-dev conflicts with xulrunner-1.9-dev for
  people with the latter still installed
  - update debian/control{,.in}
* Add Fulah to locales.blacklist
* Fix LP: #1013186 - install our vendor preferences as application
  defaults rather than GRE defaults, so that they are loaded after
  the upstream defaults again. The upstream defaults were also moved
  as part of the webapp runtime work (which has it's own application
  defaults)
  - update debian/firefox.install.in
  - update debian/firefox.links.in
* Apport hook improvements:
  - Sort preferences alphabetically in the apport data
  - Treat preferences set in default addons as default prefs so that
    they don't show up in apport data, unless the preference files have
    been modified
  - Support random pref files dropped in to the Firefox install folder, and
    preferences from application bundles
  - Fix ordering issues when loading preferences
* Drop debian/patches/plugin-for-mimetype-pref.patch. The burden of
  carrying this is starting to outweigh the benefits of it

[ Ben Collins <ben.collins@ubuntu.com> ]
* Cherry pick patch from aurora to use YARR interpreter on ppc
  - update debian/patches/fix-build-failure-without-yarr-jit.patch
  - update debian/patches/series
* Fix ppc build due to new dtoa library
  - add debian/patches/fix-dtoa-build-on-ppc.patch
  - update debian/patches/series

lp:ubuntu/natty-security/puppet bug Mature 2012-07-10 08:24:35 UTC 2012-07-10
57. * SECURITY UPDATE: multiple July 2012...

Author: Marc Deslauriers
Revision Date: 2012-07-10 08:24:35 UTC

* SECURITY UPDATE: multiple July 2012 security issues
  - debian/patches/2.6.4-Puppet-July-2012-CVE-fixes.patch: fix multiple
    security issues. Patch from upstream, with an additional fix to
    lib/puppet/reports/store.rb.
  - CVE-2012-3864: arbitrary file read on master from authenticated
    clients
  - CVE-2012-3865: arbitrary file delete or denial of service on master
    from authenticated clients
  - CVE-2012-3867: insufficient input validation for agent cert hostnames

lp:ubuntu/natty-updates/puppet bug Mature 2012-07-10 08:24:35 UTC 2012-07-10
57. * SECURITY UPDATE: multiple July 2012...

Author: Marc Deslauriers
Revision Date: 2012-07-10 08:24:35 UTC

* SECURITY UPDATE: multiple July 2012 security issues
  - debian/patches/2.6.4-Puppet-July-2012-CVE-fixes.patch: fix multiple
    security issues. Patch from upstream, with an additional fix to
    lib/puppet/reports/store.rb.
  - CVE-2012-3864: arbitrary file read on master from authenticated
    clients
  - CVE-2012-3865: arbitrary file delete or denial of service on master
    from authenticated clients
  - CVE-2012-3867: insufficient input validation for agent cert hostnames

lp:ubuntu/natty-security/qt4-x11 bug Mature 2012-07-09 17:40:00 UTC 2012-07-09
152. * SECURITY UPDATE: fix buffer overflo...

Author: Jamie Strandboge
Revision Date: 2012-07-09 17:40:00 UTC

* SECURITY UPDATE: fix buffer overflow in HarfBuzz
  - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
    harfbuzz-gpos.c to properly perform input validation when processing
    certain fonts
  - CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
  - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
    properly calculate the bits per pixel for greyscale TIFF images
  - CVE-2011-3194

lp:ubuntu/natty-updates/qt4-x11 Mature 2012-07-09 17:40:00 UTC 2012-07-09
152. * SECURITY UPDATE: fix buffer overflo...

Author: Jamie Strandboge
Revision Date: 2012-07-09 17:40:00 UTC

* SECURITY UPDATE: fix buffer overflow in HarfBuzz
  - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
    harfbuzz-gpos.c to properly perform input validation when processing
    certain fonts
  - CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
  - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
    properly calculate the bits per pixel for greyscale TIFF images
  - CVE-2011-3194

lp:ubuntu/natty-updates/apport Mature 2012-07-06 05:25:20 UTC 2012-07-06
252. * Include bug fixes from upstream -...

Author: Brian Murray
Revision Date: 2011-07-29 10:45:59 UTC

* Include bug fixes from upstream
  - report.py: Fix bug patterns to correctly match against compressed report
    (LP: #814729)
  - generic hook: Don't report package installation failures due to
    segfaulting maintainer scripts. We want the actual crash report only.
    (LP: #814727)

lp:ubuntu/natty-proposed/apport bug Mature 2012-07-06 05:25:16 UTC 2012-07-06
252. * Include bug fixes from upstream -...

Author: Brian Murray
Revision Date: 2011-07-29 10:45:59 UTC

* Include bug fixes from upstream
  - report.py: Fix bug patterns to correctly match against compressed report
    (LP: #814729)
  - generic hook: Don't report package installation failures due to
    segfaulting maintainer scripts. We want the actual crash report only.
    (LP: #814727)

lp:ubuntu/natty/apport bug Mature 2012-07-06 05:24:57 UTC 2012-07-06
251. [ Kees Cook ] * debian/rules: really ...

Author: Kees Cook
Revision Date: 2011-04-20 16:27:06 UTC

[ Kees Cook ]
* debian/rules: really ignore "start" result at install (LP: #767829).

[ Brian Murray ]
* Only prepend linux bug titles with [STAGING] if a title exists
  (LP: #767864).

lp:ubuntu/natty/mason Mature 2012-07-05 03:02:32 UTC 2012-07-05
9. * Non-maintainer upload. * Fix pendin...

Author: Christian Perrier
Revision Date: 2010-10-19 07:23:41 UTC

* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
  - Spanish (Omar Campagne). Closes: #589495
  - Italian (Vincenzo Campanella). Closes: #600439
  - Spanish (Omar Campagne). Closes: #600535
  - Finnish (Esko Arajärvi). Closes: #600635

lp:ubuntu/natty-updates/libreoffice-l10n Mature 2012-07-04 18:35:00 UTC 2012-07-04
12. * SECURITY UPDATE: fix integer overfl...

Author: Jamie Strandboge
Revision Date: 2012-06-20 16:58:25 UTC

* SECURITY UPDATE: fix integer overflows in graphic loading code
  - debian/patches/CVE-2012-1149.patch: adjust vcl/source/gdi/pngread.cxx to
    fail earlier on oversized images and properly verify chunks. Also adjust
    basebmp/source/bitmapdevice.cxx to to properly verify height and width.
    Properly verify width and height in
    svtools/source/filter.vcl/jpeg/jpeg.cxx
  - CVE-2012-1149
* SECURITY UPDATE: fix integer overflow when processing Escher graphics
  records in PowerPoint documents
  - debian/patches/CVE-2012-2334.patch: properly verify record lengths in
    filter/source/msfilter/msdffimp.cxx and msdffimp.hxx
  - CVE-2012-2334

lp:ubuntu/natty-proposed/libreoffice-l10n Mature 2012-07-04 18:34:27 UTC 2012-07-04
11. * merged all changes up to 3.3.3-1ubu...

Author: Björn Michaelsen
Revision Date: 2011-07-05 11:26:41 UTC

* merged all changes up to 3.3.3-1ubuntu1
* regenerate control

lp:ubuntu/natty-security/libreoffice-l10n Mature 2012-07-04 17:39:05 UTC 2012-07-04
11. * SECURITY UPDATE: fix integer overfl...

Author: Jamie Strandboge
Revision Date: 2012-06-20 16:58:25 UTC

* SECURITY UPDATE: fix integer overflows in graphic loading code
  - debian/patches/CVE-2012-1149.patch: adjust vcl/source/gdi/pngread.cxx to
    fail earlier on oversized images and properly verify chunks. Also adjust
    basebmp/source/bitmapdevice.cxx to to properly verify height and width.
    Properly verify width and height in
    svtools/source/filter.vcl/jpeg/jpeg.cxx
  - CVE-2012-1149
* SECURITY UPDATE: fix integer overflow when processing Escher graphics
  records in PowerPoint documents
  - debian/patches/CVE-2012-2334.patch: properly verify record lengths in
    filter/source/msfilter/msdffimp.cxx and msdffimp.hxx
  - CVE-2012-2334

lp:ubuntu/natty/libreoffice-l10n bug Development 2012-07-04 17:39:02 UTC 2012-07-04
10. merged all changes from ubuntu-natty-...

Author: Björn Michaelsen
Revision Date: 2011-04-18 11:55:37 UTC

merged all changes from ubuntu-natty-3.3.1 up to 3.3.2-1ubuntu3

lp:ubuntu/natty-updates/debian-installer-utils Mature 2012-07-04 17:27:57 UTC 2012-07-04
53. [ Scott Moser ] Add --quiet to dpkg-d...

Author: Colin Watson
Revision Date: 2012-01-06 12:29:11 UTC

[ Scott Moser ]
Add --quiet to dpkg-divert calls in chroot_setup.

lp:ubuntu/natty-updates/base-installer Mature 2012-07-04 12:55:16 UTC 2012-07-04
85. Honour apt-setup/security_path when c...

Author: Colin Watson
Revision Date: 2011-08-16 11:36:25 UTC

Honour apt-setup/security_path when constructing initial security
entries in sources.list (LP: #820306).

lp:ubuntu/natty-proposed/base-files bug Mature 2012-07-03 19:04:50 UTC 2012-07-03
72. Call date -s $(date -R) on upgrade, t...

Author: Steve Langasek
Revision Date: 2012-07-03 10:37:13 UTC

Call date -s $(date -R) on upgrade, to resync any clocks that might
be desynced (and causing pthread spinning in the kernel) due to the leap
second. LP: #1020285.

lp:ubuntu/natty-updates/deja-dup Mature 2012-06-30 11:09:58 UTC 2012-06-30
40. * debian/patches/stop-forgetting-exte...

Author: Michael Terry
Revision Date: 2011-06-17 10:36:34 UTC

* debian/patches/stop-forgetting-external-drives.patch:
  - Fix "Preferences aren't saved" (LP: #774897)

lp:ubuntu/natty-proposed/deja-dup bug Mature 2012-06-30 11:09:52 UTC 2012-06-30
40. * debian/patches/stop-forgetting-exte...

Author: Michael Terry
Revision Date: 2011-06-17 10:36:34 UTC

* debian/patches/stop-forgetting-external-drives.patch:
  - Fix "Preferences aren't saved" (LP: #774897)

lp:ubuntu/natty-updates/gsettings-desktop-schemas Mature 2012-06-29 21:12:47 UTC 2012-06-29
14. * Fix LP: #956961 - Firefox 11 doesn'...

Author: Chris Coulson
Revision Date: 2012-03-23 09:52:28 UTC

* Fix LP: #956961 - Firefox 11 doesn't use system proxy settings anymore
  in Ubuntu 11.04. By default in Ubuntu 11.04, we install the proxy settings
  schema even though it isn't consumed by anything. Now that Firefox uses
  gsettings for the proxy settings (if the schema exists), having the schema
  installed breaks things in 11.04. Note that the same is also true for the
  background settings, so we drop both the proxy and background schemas
  from this package
  - update debian/rules

lp:ubuntu/natty-security/gsettings-desktop-schemas bug Mature 2012-06-29 21:12:37 UTC 2012-06-29
14. * Fix LP: #956961 - Firefox 11 doesn'...

Author: Chris Coulson
Revision Date: 2012-03-23 09:52:28 UTC

* Fix LP: #956961 - Firefox 11 doesn't use system proxy settings anymore
  in Ubuntu 11.04. By default in Ubuntu 11.04, we install the proxy settings
  schema even though it isn't consumed by anything. Now that Firefox uses
  gsettings for the proxy settings (if the schema exists), having the schema
  installed breaks things in 11.04. Note that the same is also true for the
  background settings, so we drop both the proxy and background schemas
  from this package
  - update debian/rules

lp:ubuntu/natty-security/mantis Mature 2012-06-29 07:28:16 UTC 2012-06-29
19. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-06-29 07:28:16 UTC

fake sync from Debian

lp:ubuntu/natty-updates/mantis Mature 2012-06-29 07:28:16 UTC 2012-06-29
19. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-06-29 07:28:16 UTC

fake sync from Debian

lp:ubuntu/natty-updates/python-crypto Mature 2012-06-28 18:37:15 UTC 2012-06-28
15. * SECURITY UPDATE: incorrect ElGamal ...

Author: Marc Deslauriers
Revision Date: 2012-06-27 15:24:10 UTC

* SECURITY UPDATE: incorrect ElGamal key generation
  - debian/patches/CVE-2012-2417.patch: generate safe prime numbers in
    lib/Crypto/PublicKey/ElGamal.py, backport getRandomRange() to
    lib/Crypto/Util/number.py.
  - CVE-2012-2417

lp:ubuntu/natty-security/python-crypto Mature 2012-06-28 18:22:00 UTC 2012-06-28
15. * SECURITY UPDATE: incorrect ElGamal ...

Author: Marc Deslauriers
Revision Date: 2012-06-27 15:24:10 UTC

* SECURITY UPDATE: incorrect ElGamal key generation
  - debian/patches/CVE-2012-2417.patch: generate safe prime numbers in
    lib/Crypto/PublicKey/ElGamal.py, backport getRandomRange() to
    lib/Crypto/Util/number.py.
  - CVE-2012-2417

lp:ubuntu/natty-updates/linux-firmware Mature 2012-06-28 18:19:59 UTC 2012-06-28
54. no change upload with version differe...

Author: Tim Gardner
Revision Date: 2011-09-12 19:28:14 UTC

no change upload with version difference.

lp:ubuntu/natty-security/linux-firmware Mature 2012-06-28 18:19:51 UTC 2012-06-28
54. no change upload with version differe...

Author: Tim Gardner
Revision Date: 2011-09-12 19:28:14 UTC

no change upload with version difference.

lp:~svn/ubuntu/natty/serf/ppa Development 2012-06-27 23:01:25 UTC 2012-06-27
13. * Backport: - Remove multiarch supp...

Author: Max Bowsher
Revision Date: 2012-06-27 22:54:46 UTC

* Backport:
  - Remove multiarch support.

lp:ubuntu/natty-security/ubufox bug Mature 2012-06-27 20:29:51 UTC 2012-06-27
57. * New upstream release v2.1.1 - Dro...

Author: Chris Coulson
Revision Date: 2012-06-27 20:29:51 UTC

* New upstream release v2.1.1
  - Drop the alternative plugin selector, as it depends on a patch that
    we no longer carry in Firefox

lp:ubuntu/natty-updates/ubufox bug Mature 2012-06-27 20:29:51 UTC 2012-06-27
57. * New upstream release v2.1.1 - Dro...

Author: Chris Coulson
Revision Date: 2012-06-27 20:29:51 UTC

* New upstream release v2.1.1
  - Drop the alternative plugin selector, as it depends on a patch that
    we no longer carry in Firefox

lp:ubuntu/natty-security/unity-2d bug Mature 2012-06-27 03:45:06 UTC 2012-06-27
22. [ Chris Coulson ] * Set the correct s...

Author: Micah Gersten
Revision Date: 2012-06-25 12:59:34 UTC

[ Chris Coulson ]
* Set the correct startup timestamp when launching applications; This an
  additional fix for the issue of Firefox/Thunderbird changing the
  way that they handle windows based on timestamps (LP: #1016386)
  - update launcher/UnityApplications/launcherapplication.cpp

lp:ubuntu/natty-updates/unity-2d bug Mature 2012-06-25 12:59:34 UTC 2012-06-25
22. [ Chris Coulson ] * Set the correct s...

Author: Micah Gersten
Revision Date: 2012-06-25 12:59:34 UTC

[ Chris Coulson ]
* Set the correct startup timestamp when launching applications; This an
  additional fix for the issue of Firefox/Thunderbird changing the
  way that they handle windows based on timestamps (LP: #1016386)
  - update launcher/UnityApplications/launcherapplication.cpp

lp:ubuntu/natty-updates/openconnect Mature 2012-06-19 05:56:37 UTC 2012-06-19
8. fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-06-18 16:53:32 UTC

fake sync from Debian

lp:ubuntu/natty-security/openconnect Mature 2012-06-19 05:56:32 UTC 2012-06-19
8. fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-06-18 16:53:32 UTC

fake sync from Debian

lp:ubuntu/natty-updates/raptor Mature 2012-06-18 16:07:55 UTC 2012-06-18
24. * SECURITY UPDATE: Fix XML External E...

Author: Jamie Strandboge
Revision Date: 2012-06-08 11:27:50 UTC

* SECURITY UPDATE: Fix XML External Entity (XXE) attack
 - debian/patches/02-CVE-2012-0037.patch: Enforce entity loading policy in
   raptor_libxml_resolveEntity and raptor_libxml_getEntity by checking for
   file URIs and network URIs.
 - CVE-2012-0037

lp:ubuntu/natty-security/raptor Mature 2012-06-18 15:50:37 UTC 2012-06-18
24. * SECURITY UPDATE: Fix XML External E...

Author: Jamie Strandboge
Revision Date: 2012-06-08 11:27:50 UTC

* SECURITY UPDATE: Fix XML External Entity (XXE) attack
 - debian/patches/02-CVE-2012-0037.patch: Enforce entity loading policy in
   raptor_libxml_resolveEntity and raptor_libxml_getEntity by checking for
   file URIs and network URIs.
 - CVE-2012-0037

lp:ubuntu/natty-security/libav bug Mature 2012-06-18 12:53:33 UTC 2012-06-18
5. * Update to 0.7.6 to fix multiple sec...

Author: Marc Deslauriers
Revision Date: 2012-06-12 10:26:36 UTC

* Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3945
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2012-0850
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947

lp:ubuntu/natty-security/apt bug Mature 2012-06-15 21:40:44 UTC 2012-06-15
146. * SECURITY UPDATE: Disable apt-key ne...

Author: Jamie Strandboge
Revision Date: 2012-06-15 07:59:17 UTC

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is still insecure
  - cmdline/apt-key: exit 1 immediately in net_update()
  - CVE-2012-0954
  - LP: #1013639

lp:ubuntu/natty-updates/apt bug Mature 2012-06-15 07:59:17 UTC 2012-06-15
146. * SECURITY UPDATE: Disable apt-key ne...

Author: Jamie Strandboge
Revision Date: 2012-06-15 07:59:17 UTC

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is still insecure
  - cmdline/apt-key: exit 1 immediately in net_update()
  - CVE-2012-0954
  - LP: #1013639

lp:ubuntu/natty-updates/nginx Mature 2012-06-13 18:07:01 UTC 2012-06-13
40. * Security update (closes LP: #956150...

Author: Thomas Ward
Revision Date: 2012-05-20 13:05:42 UTC

* Security update (closes LP: #956150):
  * Patch to fix 'Use-after-free vulnerability' (CVE-2012-1180).
  * Patch to fix 'Heap-based buffer overflow in compression-pointer
    processing in core/ngx_resolver.c' (CVE-2011-4315).

lp:ubuntu/natty-security/nginx bug Mature 2012-06-13 17:50:59 UTC 2012-06-13
40. * Security update (closes LP: #956150...

Author: Thomas Ward
Revision Date: 2012-05-20 13:05:42 UTC

* Security update (closes LP: #956150):
  * Patch to fix 'Use-after-free vulnerability' (CVE-2012-1180).
  * Patch to fix 'Heap-based buffer overflow in compression-pointer
    processing in core/ngx_resolver.c' (CVE-2011-4315).

lp:ubuntu/natty-security/libav-extra Mature 2012-06-13 14:57:45 UTC 2012-06-13
4. Rebuild against libav security update

Author: Marc Deslauriers
Revision Date: 2012-06-13 14:57:45 UTC

Rebuild against libav security update

lp:ubuntu/natty-updates/libav-extra Mature 2012-06-13 14:57:45 UTC 2012-06-13
4. Rebuild against libav security update

Author: Marc Deslauriers
Revision Date: 2012-06-13 14:57:45 UTC

Rebuild against libav security update

lp:ubuntu/natty-updates/apparmor Mature 2012-06-13 01:20:03 UTC 2012-06-13
124. * fix LP: #989184 - Firefox 12's laun...

Author: Micah Gersten
Revision Date: 2012-06-05 01:54:14 UTC

* fix LP: #989184 - Firefox 12's launcher script is not allowed in
  abstractions/ubuntu-browsers; This was a regression from the firefox
  path changing to a non-versioned path in the Firefox 12 packaging
  - add debian/patches/0016-lp989184.patch
  - update debian/patches/series
* fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
  This was a regression from the Thunderbird path changing to a non-versioned
  path in the Thunderbird 12 packaging
  - add debian/patches/0015-lp990931.patch
  - update debian/patches/series

101200 of 24287 results