Branches for Oneiric

Name Status Last Modified Last Commit
lp:~pali/ubuntu/oneiric/initramfs-tools/initramfs-tools bug(Has a merge proposal) Development 2015-11-17 13:22:11 UTC 2015-11-17
241. Fixed writing messages to plymouth

Author: Pali
Revision Date: 2011-07-17 09:11:48 UTC

Fixed writing messages to plymouth

lp:~qtjambi-community/ubuntu/oneiric/qtjambi-snapshot/debian Development 2015-06-02 17:16:44 UTC 2015-06-02
266. maint/bzr_push.sh Auto copy, commit a...

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:16:44 UTC

maint/bzr_push.sh Auto copy, commit and push for: control.snapshot (snapshot)

lp:ubuntu/oneiric-security/dbus bug Mature 2014-01-15 15:15:49 UTC 2014-01-15
108. * REGRESSION FIX: some applications l...

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:02:41 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

lp:ubuntu/oneiric-proposed/eog bug Mature 2013-12-09 20:53:37 UTC 2013-12-09
125. Update gesture framework patch for ne...

Author: Francis Ginther
Revision Date: 2012-09-06 13:26:03 UTC

Update gesture framework patch for new name (LP: #1046058)

lp:ubuntu/oneiric/cloud-init bug Mature 2013-08-30 14:53:47 UTC 2013-08-30
177. DataSourceEc2: catch a socket timeout...

Author: Scott Moser
Revision Date: 2011-10-06 17:11:29 UTC

DataSourceEc2: catch a socket timeout when with a slow metadata
service (LP: #869492).

lp:ubuntu/oneiric-updates/cloud-init Development 2013-08-28 11:32:26 UTC 2013-08-28
163. * add ability to configure Acquire::h...

Author: Ben Howard
Revision Date: 2012-03-16 15:44:50 UTC

* add ability to configure Acquire::http::Pipeline-Depth via
  cloud-config setting 'apt_pipelining' (LP: #948461)
* debian/cloud-init.postinst: address population of apt_pipeline
  setting on installation.

lp:ubuntu/oneiric-proposed/cloud-init bug Development 2013-08-28 11:32:18 UTC 2013-08-28
163. * add ability to configure Acquire::h...

Author: Ben Howard
Revision Date: 2012-03-16 15:44:50 UTC

* add ability to configure Acquire::http::Pipeline-Depth via
  cloud-config setting 'apt_pipelining' (LP: #948461)
* debian/cloud-init.postinst: address population of apt_pipeline
  setting on installation.

lp:ubuntu/oneiric/eglibc bug Mature 2013-08-28 09:59:24 UTC 2013-08-28
239. libc6-dev: Don't break the current {g...

Author: Matthias Klose
Revision Date: 2011-10-04 17:48:26 UTC

libc6-dev: Don't break the current {gnat,gcj}-4.4-base versons. LP: #853688.

lp:ubuntu/oneiric-security/apt bug Mature 2013-07-15 06:04:31 UTC 2013-07-15
174. * SECURITY UPDATE: InRelease verifica...

Author: Marc Deslauriers
Revision Date: 2013-03-13 11:32:35 UTC

* SECURITY UPDATE: InRelease verification bypass
  - CVE-2013-1051

[ David Kalnischk ]
[ Michael Vogt ]
* apt-pkg/deb/debmetaindex.cc,
  test/integration/test-bug-595691-empty-and-broken-archive-files,
  test/integration/test-releasefile-verification:
  - disable InRelease downloading until the verification issue is
    fixed, thanks to Ansgar Burchardt for finding the flaw

lp:ubuntu/oneiric-proposed/duplicity bug Development 2013-06-07 07:33:54 UTC 2013-06-07
26. * debian/patches/09volcorruption.dpat...

Author: Michael Terry
Revision Date: 2013-01-11 11:42:00 UTC

* debian/patches/09volcorruption.dpatch:
  - Fix some data-corruption issues when resuming an interrupted
    backup (LP: #1091269)

lp:~ubuntu-branches/ubuntu/oneiric/openafs/oneiric-201305130334 (Has a merge proposal) Development 2013-05-13 03:35:02 UTC 2013-05-13
33. * New upstream stable release. - Rx...

Author: Russ Allbery
Revision Date: 2011-09-01 18:43:02 UTC

* New upstream stable release.
  - Rx NAT pings are not enabled until peer has answered
  - Numerous fixes to command argument parsing
  - Avoid crashing on host table exhaustion and defer clients instead
  - Rx connection reference counting is enabled
  - An Rx connection reference count leak is fixed in bulkstat
  - Handle unparsable directory objects
  - Handle Kerberos credential cache errors in aklog
* Generate stub header files that include the actual system header when
  building libuafs instead of symlinking h to the appropriate directory.
  Fixes build failures now that Debian has switched to multiarch and
  moved some of the system headers. (Closes: #639063, LP #831287)
* Fix another Doxygen call to generate a configuration file, and remove
  the generated configuration files after Doxygen runs.
* Update CellServDB to the 2011-08-14 release.

lp:ubuntu/oneiric-security/linux-ti-omap4 bug Mature 2013-05-08 02:31:25 UTC 2013-05-08
61. * Release Tracking Bug - LP: #11370...

Author: Paolo Pisati
Revision Date: 2013-03-01 14:25:01 UTC

* Release Tracking Bug
  - LP: #1137045

[ Paolo Pisati ]

* rebased on Ubuntu-3.0.0-32.50

[ Ubuntu: 3.0.0-32.50 ]

* Release Tracking Bug
  - LP: #1136175
* SAUCE: xen/netback: shutdown the ring if it contains garbage.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: netback: correct netbk_tx_err to handle wrap around.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: xen/netback: don't leak pages on failure in
  xen_netbk_tx_check_gop.
  - LP: #1117331
  - CVE-2013-0217
* SAUCE: xen/netback: free already allocated memory on failure in
  xen_netbk_get_requests
  - LP: #1117331
  - CVE-2013-0217
* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
  failure once
  - LP: #1128840
* can: c_can: fix invalid error codes
  - LP: #1116259
* can: ti_hecc: fix invalid error codes
  - LP: #1116259
* can: pch_can: fix invalid error codes
  - LP: #1116259
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1116259
* ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
  sparsemem
  - LP: #1116259
* Bluetooth: Fix sending HCI commands after reset
  - LP: #1116259
* ath9k_htc: Fix memory leak
  - LP: #1116259
* ath9k: fix double-free bug on beacon generate failure
  - LP: #1116259
* ALSA: usb-audio: fix invalid length check for RME and other UAC 2
  devices
  - LP: #1116259
* EDAC: Test correct variable in ->store function
  - LP: #1116259
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1116259
* smp: Fix SMP function call empty cpu mask race
  - LP: #1116259
* x86/msr: Add capabilities check
  - LP: #1116259
* efi, x86: Pass a proper identity mapping in efi_call_phys_prelog
  - LP: #1116259
* x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
  - LP: #1116259
* Linux 3.0.62
  - LP: #1116259
* drm/radeon/evergreen+: wait for the MC to settle after MC blackout
  - LP: #1122313
* drm/radeon: add quirk for RV100 board
  - LP: #1122313
* drm/radeon: Calling object_unrefer() when creating fb failure
  - LP: #1122313
* x86-64: Replace left over sti/cli in ia32 audit exit code
  - LP: #1122313
* nilfs2: fix fix very long mount time issue
  - LP: #1122313
* drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq
  handler
  - LP: #1122313
* USB: ftdi_sio: add Zolix FTDI PID
  - LP: #1122313
* USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II
  - LP: #1122313
* USB: option: add support for Telit LE920
  - LP: #1122313
* USB: option: add Changhong CH690
  - LP: #1122313
* USB: qcserial: add Telit Gobi QDL device
  - LP: #1122313
* USB: EHCI: fix bug in scheduling periodic split transfers
  - LP: #1122313
* USB: storage: Define a new macro for USB storage match rules
  - LP: #1122313
* USB: storage: optimize to match the Huawei USB storage devices and
  support new switch command
  - LP: #1122313
* xhci: Fix isoc TD encoding.
  - LP: #1122313
* USB: XHCI: fix memory leak of URB-private data
  - LP: #1122313
* Linux 3.0.63
  - LP: #1122313
* rtlwifi: Fix the usage of the wrong variable in usb.c
  - LP: #1126189
* virtio_console: Don't access uninitialized data.
  - LP: #1126189
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1126189
* mac80211: synchronize scan off/on-channel and PS states
  - LP: #1126189
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1126189
* MAINTAINERS: Stephen Hemminger email change
  - LP: #1126189
* isdn/gigaset: fix zero size border case in debug dump
  - LP: #1126189
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1126189
* net: loopback: fix a dst refcounting issue
  - LP: #1126189
* pktgen: correctly handle failures when adding a device
  - LP: #1126189
* ipv6: do not create neighbor entries for local delivery
  - LP: #1126189
* packet: fix leakage of tx_ring memory
  - LP: #1126189
* atm/iphase: rename fregt_t -> ffreg_t
  - LP: #1126189
* sctp: refactor sctp_outq_teardown to insure proper re-initalization
  - LP: #1126189
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1126189
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1126189
* tcp: frto should not set snd_cwnd to 0
  - LP: #1126189
* tcp: fix for zero packets_in_flight was too broad
  - LP: #1126189
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1126189
* bridge: Pull ip header into skb->data before looking into ip header.
  - LP: #1126189
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1126189
* tg3: Fix crc errors on jumbo frame receive
  - LP: #1126189
* Linux 3.0.64
  - LP: #1126189
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1130182
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1130182
* PCI/PM: Clean up PME state when removing a device
  - LP: #1130182
* igb: Remove artificial restriction on RQDPC stat reading
  - LP: #1130182
* Linux 3.0.65
  - LP: #1130182
* vhost: fix length for cross region descriptor
  - LP: #1130951
  - CVE-2013-0311
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

lp:ubuntu/oneiric-updates/libotr Mature 2013-05-07 13:25:04 UTC 2013-05-07
11. * SECURITY UPDATE: multiple heap-base...

Author: Felix Geyer
Revision Date: 2012-08-09 15:30:03 UTC

* SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
  - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
    apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
    6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
    1902baee5d4b056850274ed0fa8c2409f1187435
  - CVE-2012-3461

lp:ubuntu/oneiric-security/libotr bug Mature 2013-05-07 13:24:58 UTC 2013-05-07
11. * SECURITY UPDATE: multiple heap-base...

Author: Felix Geyer
Revision Date: 2012-08-09 15:30:03 UTC

* SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
  - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
    apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
    6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
    1902baee5d4b056850274ed0fa8c2409f1187435
  - CVE-2012-3461

lp:ubuntu/oneiric-security/python-django bug Mature 2013-05-07 04:30:28 UTC 2013-05-07
39. * SECURITY UPDATE: host header poison...

Author: Marc Deslauriers
Revision Date: 2013-03-04 10:33:54 UTC

* SECURITY UPDATE: host header poisoning (LP: #1089337)
  - debian/patches/fix_get_host.patch: tighten host header validation in
    django/http/__init__.py, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
  - debian/patches/fix_redirect_poisoning.patch: tighten validation in
    django/contrib/auth/views.py,
    django/contrib/comments/views/comments.py,
    django/contrib/comments/views/moderation.py,
    django/contrib/comments/views/utils.py, django/utils/http.py,
    django/views/i18n.py, add tests to
    tests/regressiontests/comment_tests/tests/comment_view_tests.py,
    tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
    tests/regressiontests/views/tests/i18n.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
  - debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
    to django/conf/global_settings.py,
    django/conf/project_template/settings.py,
    django/http/__init__.py, django/test/utils.py, add docs to
    docs/ref/settings.txt, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
  - debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
    and external entities/DTDs in
    django/core/serializers/xml_serializer.py, add tests to
    tests/regressiontests/serializers_regress/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
  - debian/patches/CVE-2013-0305.patch: add permission checks to history
    view in django/contrib/admin/options.py, add tests to
    tests/regressiontests/admin_views/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
  - debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
    django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
    docs/topics/forms/modelforms.txt, add tests to
    tests/regressiontests/forms/tests/formsets.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0306

lp:ubuntu/oneiric-updates/poppler Mature 2013-05-04 09:38:39 UTC 2013-05-04
101. * SECURITY UPDATE: invalid memory acc...

Author: Marc Deslauriers
Revision Date: 2013-03-27 09:33:46 UTC

* SECURITY UPDATE: invalid memory access issues
  - debian/patches/CVE-2013-1788.patch: add checks in poppler/Function.cc,
    poppler/Stream.cc, splash/Splash.cc.
  - CVE-2013-1788
* SECURITY UPDATE: uninitialized memory read
  - debian/patches/CVE-2013-1790.patch: properly handle refLine in
    poppler/Stream.cc.
  - CVE-2013-1790

lp:ubuntu/oneiric-security/poppler Mature 2013-05-04 09:38:33 UTC 2013-05-04
101. * SECURITY UPDATE: invalid memory acc...

Author: Marc Deslauriers
Revision Date: 2013-03-27 09:33:46 UTC

* SECURITY UPDATE: invalid memory access issues
  - debian/patches/CVE-2013-1788.patch: add checks in poppler/Function.cc,
    poppler/Stream.cc, splash/Splash.cc.
  - CVE-2013-1788
* SECURITY UPDATE: uninitialized memory read
  - debian/patches/CVE-2013-1790.patch: properly handle refLine in
    poppler/Stream.cc.
  - CVE-2013-1790

lp:ubuntu/oneiric-security/postgresql-9.1 bug Mature 2013-05-04 07:02:44 UTC 2013-05-04
15. * New upstream security/bug fix relea...

Author: Martin Pitt
Revision Date: 2013-04-02 12:24:32 UTC

* New upstream security/bug fix release: (LP: #1163184)
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899]
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.

lp:ubuntu/oneiric-updates/clamav bug Mature 2013-05-04 06:57:44 UTC 2013-05-04
117. [ Seth Arnold ] * SECURITY UPDATE: Up...

Author: Scott Kitterman
Revision Date: 2013-04-25 23:41:55 UTC

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

lp:ubuntu/oneiric-security/clamav bug Mature 2013-05-04 06:57:41 UTC 2013-05-04
116. [ Seth Arnold ] * SECURITY UPDATE: Up...

Author: Scott Kitterman
Revision Date: 2013-04-25 23:41:55 UTC

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

lp:ubuntu/oneiric-security/mysql-5.1 bug Mature 2013-04-24 23:42:44 UTC 2013-04-24
33. * SECURITY UPDATE: Update to 5.1.69 t...

Author: Seth Arnold
Revision Date: 2013-04-18 17:10:57 UTC

* SECURITY UPDATE: Update to 5.1.69 to fix security issues (LP: #1170516)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

lp:ubuntu/oneiric-security/icedtea-web bug Mature 2013-04-23 22:22:33 UTC 2013-04-23
35. Revert PR1161: X509VariableTrustManag...

Author: Jamie Strandboge
Revision Date: 2013-04-23 09:13:00 UTC

Revert PR1161: X509VariableTrustManager does not work correctly with
OpenJDK7. The fix for PR1161 is needed for IcedTea 2.3.x and not 1.12.
We need to keep this patch reverted as long as we build icedtea-web
against 1.12 (LP: #1171506)

lp:ubuntu/oneiric-updates/icedtea-web Mature 2013-04-23 09:13:00 UTC 2013-04-23
35. Revert PR1161: X509VariableTrustManag...

Author: Jamie Strandboge
Revision Date: 2013-04-23 09:13:00 UTC

Revert PR1161: X509VariableTrustManager does not work correctly with
OpenJDK7. The fix for PR1161 is needed for IcedTea 2.3.x and not 1.12.
We need to keep this patch reverted as long as we build icedtea-web
against 1.12 (LP: #1171506)

lp:ubuntu/oneiric-security/libapache-mod-security Mature 2013-04-22 11:19:54 UTC 2013-04-22
10. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-22 11:19:54 UTC

fake sync from Debian

lp:ubuntu/oneiric-updates/libapache-mod-security Mature 2013-04-22 11:19:54 UTC 2013-04-22
10. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-22 11:19:54 UTC

fake sync from Debian

lp:ubuntu/oneiric-updates/mysql-5.1 Mature 2013-04-18 17:10:57 UTC 2013-04-18
33. * SECURITY UPDATE: Update to 5.1.69 t...

Author: Seth Arnold
Revision Date: 2013-04-18 17:10:57 UTC

* SECURITY UPDATE: Update to 5.1.69 to fix security issues (LP: #1170516)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

lp:ubuntu/oneiric-updates/haproxy Mature 2013-04-15 19:03:14 UTC 2013-04-15
15. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-04-05 10:22:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via non-default global.tune.bufsize.
  - debian/patches/CVE-2012-2942.patch: check buffer sizes in
    include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
    src/dumpstats.c, src/haproxy.c, src/proto_http.c,
    tests/0000-debug-stats.diff.
  - CVE-2012-2942
* SECURITY UPDATE: denial of service via HTTP information in tcp-request
  - debian/patches/CVE-2013-1912.patch: properly handle buffers in
    src/proto_http.c.
  - CVE-2013-1912

lp:ubuntu/oneiric-security/haproxy Mature 2013-04-15 18:48:14 UTC 2013-04-15
15. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-04-05 10:22:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via non-default global.tune.bufsize.
  - debian/patches/CVE-2012-2942.patch: check buffer sizes in
    include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
    src/dumpstats.c, src/haproxy.c, src/proto_http.c,
    tests/0000-debug-stats.diff.
  - CVE-2012-2942
* SECURITY UPDATE: denial of service via HTTP information in tcp-request
  - debian/patches/CVE-2013-1912.patch: properly handle buffers in
    src/proto_http.c.
  - CVE-2013-1912

lp:ubuntu/oneiric-security/curl Mature 2013-04-11 13:55:41 UTC 2013-04-11
55. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-11 13:55:41 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:ubuntu/oneiric-updates/curl Mature 2013-04-11 13:55:41 UTC 2013-04-11
55. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-11 13:55:41 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:ubuntu/oneiric-security/xorg-server Mature 2013-04-11 08:43:44 UTC 2013-04-11
227. * SECURITY UPDATE: input event leak v...

Author: Marc Deslauriers
Revision Date: 2013-04-11 08:43:44 UTC

* SECURITY UPDATE: input event leak via inactive VT
  - debian/patches/CVE-2013-1940.patch: fix flush input to work with
    Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
  - CVE-2013-1940

lp:ubuntu/oneiric-updates/xorg-server Mature 2013-04-11 08:43:44 UTC 2013-04-11
227. * SECURITY UPDATE: input event leak v...

Author: Marc Deslauriers
Revision Date: 2013-04-11 08:43:44 UTC

* SECURITY UPDATE: input event leak via inactive VT
  - debian/patches/CVE-2013-1940.patch: fix flush input to work with
    Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
  - CVE-2013-1940

lp:ubuntu/oneiric-updates/postgresql-9.1 Mature 2013-04-02 12:24:32 UTC 2013-04-02
15. * New upstream security/bug fix relea...

Author: Martin Pitt
Revision Date: 2013-04-02 12:24:32 UTC

* New upstream security/bug fix release: (LP: #1163184)
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899]
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.

lp:ubuntu/oneiric-updates/smokeping Mature 2013-04-01 21:49:30 UTC 2013-04-01
8. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:22:12 UTC

fake sync from Debian

lp:ubuntu/oneiric-updates/openjpeg Mature 2013-04-01 21:45:22 UTC 2013-04-01
5. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:23:30 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/smokeping Mature 2013-04-01 21:22:17 UTC 2013-04-01
8. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:22:12 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/openjpeg Mature 2013-04-01 21:21:32 UTC 2013-04-01
5. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:23:30 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/bind9 Mature 2013-03-28 15:25:23 UTC 2013-03-28
46. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-03-28 15:25:23 UTC

* SECURITY UPDATE: denial of service via regex syntax checking
  - configure,configure.in,config.h.in: remove check for regex.h to
    disable regex syntax checking.
  - CVE-2013-2266

lp:ubuntu/oneiric-updates/bind9 Mature 2013-03-28 15:25:23 UTC 2013-03-28
46. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-03-28 15:25:23 UTC

* SECURITY UPDATE: denial of service via regex syntax checking
  - configure,configure.in,config.h.in: remove check for regex.h to
    disable regex syntax checking.
  - CVE-2013-2266

lp:ubuntu/oneiric-security/libxslt Mature 2013-03-28 13:07:58 UTC 2013-03-28
25. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-03-28 13:07:58 UTC

* SECURITY UPDATE: denial of service via malformed stylesheet
  - libxslt/functions.c, libxslt/keys.c: check for empty values
    tests/*: add tests
  - dc11b6b379a882418093ecc8adf11f6166682e8d
  - 6c99c519d97e5fcbec7a9537d190efb442e4e833
  - CVE-2012-6139

lp:ubuntu/oneiric-updates/libxslt Mature 2013-03-28 13:07:58 UTC 2013-03-28
25. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-03-28 13:07:58 UTC

* SECURITY UPDATE: denial of service via malformed stylesheet
  - libxslt/functions.c, libxslt/keys.c: check for empty values
    tests/*: add tests
  - dc11b6b379a882418093ecc8adf11f6166682e8d
  - 6c99c519d97e5fcbec7a9537d190efb442e4e833
  - CVE-2012-6139

lp:ubuntu/oneiric-security/libxml2 Mature 2013-03-26 10:25:45 UTC 2013-03-26
48. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:25:45 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

lp:ubuntu/oneiric-updates/libxml2 Mature 2013-03-26 10:25:45 UTC 2013-03-26
48. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:25:45 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

lp:ubuntu/oneiric-updates/kstars Mature 2013-03-24 23:43:50 UTC 2013-03-24
7. New upstream bugfix release (LP: #913...

Author: Scott Kitterman
Revision Date: 2012-01-11 10:41:14 UTC

New upstream bugfix release (LP: #913928)

lp:ubuntu/oneiric-proposed/kstars bug Mature 2013-03-24 23:43:43 UTC 2013-03-24
7. New upstream bugfix release (LP: #913...

Author: Scott Kitterman
Revision Date: 2012-01-11 10:41:14 UTC

New upstream bugfix release (LP: #913928)

lp:ubuntu/oneiric-updates/ktouch Mature 2013-03-24 23:06:01 UTC 2013-03-24
6. [ Philip Muškovac ] New upstream bug...

Author: Scott Kitterman
Revision Date: 2011-12-08 22:37:23 UTC

[ Philip Muškovac ]
New upstream bugfix release (LP: #901975)

lp:ubuntu/oneiric-proposed/ktouch bug Mature 2013-03-24 23:05:54 UTC 2013-03-24
6. [ Philip Muškovac ] New upstream bug...

Author: Scott Kitterman
Revision Date: 2011-12-08 22:37:23 UTC

[ Philip Muškovac ]
New upstream bugfix release (LP: #901975)

lp:~svn/ubuntu/oneiric/subversion/ppa Development 2013-03-23 23:25:04 UTC 2013-03-23
63. Merge 1.7.8-0svn2

Author: Max Bowsher
Revision Date: 2013-03-23 23:25:04 UTC

Merge 1.7.8-0svn2

lp:ubuntu/oneiric-updates/gnome-online-accounts Mature 2013-03-21 14:37:12 UTC 2013-03-21
9. * SECURITY UPDATE: incorrect ssl cert...

Author: Marc Deslauriers
Revision Date: 2013-03-21 14:37:12 UTC

* SECURITY UPDATE: incorrect ssl cert validation (LP: #1117411)
  - debian/patches/CVE-2013-0240.patch: properly validate ssl certs in
    src/goabackend/{goaoauthprovider,goaoauth2provider}.c.
  - CVE-2013-0240

lp:ubuntu/oneiric-security/nova bug Mature 2013-03-20 20:17:39 UTC 2013-03-20
57. * SECURITY UPDATE: fix denial of serv...

Author: Jamie Strandboge
Revision Date: 2013-03-20 09:48:07 UTC

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468

lp:ubuntu/oneiric-updates/nova Mature 2013-03-20 09:48:07 UTC 2013-03-20
57. * SECURITY UPDATE: fix denial of serv...

Author: Jamie Strandboge
Revision Date: 2013-03-20 09:48:07 UTC

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468

lp:ubuntu/oneiric-updates/tomcat7 Mature 2013-03-16 08:11:22 UTC 2013-03-16
8. [Christian Kuersteiner] * SECURITY UP...

Author: Christian Kuersteiner
Revision Date: 2013-03-15 15:40:27 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
    upstream patch.
  - CVE-2012-0022, CVE-2011-4858
  - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
    on upstream patch.
  - CVE-2011-3375
  - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
    upstream patch.
  - CVE-2011-3376
  - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite

lp:ubuntu/oneiric-security/tomcat7 bug Mature 2013-03-16 07:41:57 UTC 2013-03-16
8. [Christian Kuersteiner] * SECURITY UP...

Author: Christian Kuersteiner
Revision Date: 2013-03-15 15:40:27 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
    upstream patch.
  - CVE-2012-0022, CVE-2011-4858
  - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
    on upstream patch.
  - CVE-2011-3375
  - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
    upstream patch.
  - CVE-2011-3376
  - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite

lp:ubuntu/oneiric-security/nss Mature 2013-03-13 13:12:05 UTC 2013-03-13
35. * SECURITY UPDATE: New upstream relea...

Author: Jamie Strandboge
Revision Date: 2013-03-13 13:12:05 UTC

* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
  attacks
  - CVE-2013-1620
* Remaining changes:
  - 98_ckbi-1.93.patch: Dropped (included upstream)
  - 01_dont_build_nspr.patch
  - 38_kbsd.patch: refresh/update
  - 80_security_build.patch
  - 85_security_load.patch
  - 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols

lp:ubuntu/oneiric-updates/nss Mature 2013-03-13 13:12:05 UTC 2013-03-13
35. * SECURITY UPDATE: New upstream relea...

Author: Jamie Strandboge
Revision Date: 2013-03-13 13:12:05 UTC

* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
  attacks
  - CVE-2013-1620
* Remaining changes:
  - 98_ckbi-1.93.patch: Dropped (included upstream)
  - 01_dont_build_nspr.patch
  - 38_kbsd.patch: refresh/update
  - 80_security_build.patch
  - 85_security_load.patch
  - 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols

lp:ubuntu/oneiric-updates/apt Mature 2013-03-13 11:32:35 UTC 2013-03-13
174. * SECURITY UPDATE: InRelease verifica...

Author: Marc Deslauriers
Revision Date: 2013-03-13 11:32:35 UTC

* SECURITY UPDATE: InRelease verification bypass
  - CVE-2013-1051

[ David Kalnischk ]
[ Michael Vogt ]
* apt-pkg/deb/debmetaindex.cc,
  test/integration/test-bug-595691-empty-and-broken-archive-files,
  test/integration/test-releasefile-verification:
  - disable InRelease downloading until the verification issue is
    fixed, thanks to Ansgar Burchardt for finding the flaw

lp:ubuntu/oneiric-security/nspr Mature 2013-03-13 10:31:02 UTC 2013-03-13
25. * New upstream release to support sec...

Author: Jamie Strandboge
Revision Date: 2013-03-13 10:31:02 UTC

* New upstream release to support security fixes in nss.
  - debian/patches/30_config_64bits.patch: refresh
  - debian/patches/99_configure.patch: regenerate per debian/rules

lp:ubuntu/oneiric-updates/nspr Mature 2013-03-13 10:31:02 UTC 2013-03-13
25. * New upstream release to support sec...

Author: Jamie Strandboge
Revision Date: 2013-03-13 10:31:02 UTC

* New upstream release to support security fixes in nss.
  - debian/patches/30_config_64bits.patch: refresh
  - debian/patches/99_configure.patch: regenerate per debian/rules

lp:ubuntu/oneiric-security/puppet Mature 2013-03-11 12:49:11 UTC 2013-03-11
59. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2013-03-11 12:49:11 UTC

* SECURITY UPDATE: Multiple security issues
  - debian/patches/security-mar-2013.patch: upstream patch to fix
    multiple security issues.
  - CVE-2013-1640 - Remote code execution on master from authenticated clients
  - CVE-2013-1652 - Insufficient input validation
  - CVE-2013-1653 - Remote code execution
  - CVE-2013-1654 - Protocol downgrade
  - CVE-2013-1655 - Unauthenticated remote code execution risk
  - CVE-2013-2275 - Incorrect default report ACL

lp:ubuntu/oneiric-updates/puppet Mature 2013-03-11 12:49:11 UTC 2013-03-11
59. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2013-03-11 12:49:11 UTC

* SECURITY UPDATE: Multiple security issues
  - debian/patches/security-mar-2013.patch: upstream patch to fix
    multiple security issues.
  - CVE-2013-1640 - Remote code execution on master from authenticated clients
  - CVE-2013-1652 - Insufficient input validation
  - CVE-2013-1653 - Remote code execution
  - CVE-2013-1654 - Protocol downgrade
  - CVE-2013-1655 - Unauthenticated remote code execution risk
  - CVE-2013-2275 - Incorrect default report ACL

lp:ubuntu/oneiric-security/php5 bug Mature 2013-03-08 16:32:19 UTC 2013-03-08
102. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2013-03-08 16:32:19 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  - debian/patches/CVE-2013-1643.patch: disable the entity loader in
    ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
  - CVE-2013-1643

lp:ubuntu/oneiric-updates/php5 bug Mature 2013-03-08 16:32:19 UTC 2013-03-08
102. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2013-03-08 16:32:19 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  - debian/patches/CVE-2013-1643.patch: disable the entity loader in
    ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
  - CVE-2013-1643

lp:ubuntu/oneiric-updates/python-django bug Mature 2013-03-04 10:33:54 UTC 2013-03-04
39. * SECURITY UPDATE: host header poison...

Author: Marc Deslauriers
Revision Date: 2013-03-04 10:33:54 UTC

* SECURITY UPDATE: host header poisoning (LP: #1089337)
  - debian/patches/fix_get_host.patch: tighten host header validation in
    django/http/__init__.py, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
  - debian/patches/fix_redirect_poisoning.patch: tighten validation in
    django/contrib/auth/views.py,
    django/contrib/comments/views/comments.py,
    django/contrib/comments/views/moderation.py,
    django/contrib/comments/views/utils.py, django/utils/http.py,
    django/views/i18n.py, add tests to
    tests/regressiontests/comment_tests/tests/comment_view_tests.py,
    tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
    tests/regressiontests/views/tests/i18n.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
  - debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
    to django/conf/global_settings.py,
    django/conf/project_template/settings.py,
    django/http/__init__.py, django/test/utils.py, add docs to
    docs/ref/settings.txt, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
  - debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
    and external entities/DTDs in
    django/core/serializers/xml_serializer.py, add tests to
    tests/regressiontests/serializers_regress/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
  - debian/patches/CVE-2013-0305.patch: add permission checks to history
    view in django/contrib/admin/options.py, add tests to
    tests/regressiontests/admin_views/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
  - debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
    django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
    docs/topics/forms/modelforms.txt, add tests to
    tests/regressiontests/forms/tests/formsets.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0306

lp:ubuntu/oneiric-proposed/linux-ti-omap4 bug Mature 2013-03-01 14:25:01 UTC 2013-03-01
61. * Release Tracking Bug - LP: #11370...

Author: Paolo Pisati
Revision Date: 2013-03-01 14:25:01 UTC

* Release Tracking Bug
  - LP: #1137045

[ Paolo Pisati ]

* rebased on Ubuntu-3.0.0-32.50

[ Ubuntu: 3.0.0-32.50 ]

* Release Tracking Bug
  - LP: #1136175
* SAUCE: xen/netback: shutdown the ring if it contains garbage.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: netback: correct netbk_tx_err to handle wrap around.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: xen/netback: don't leak pages on failure in
  xen_netbk_tx_check_gop.
  - LP: #1117331
  - CVE-2013-0217
* SAUCE: xen/netback: free already allocated memory on failure in
  xen_netbk_get_requests
  - LP: #1117331
  - CVE-2013-0217
* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
  failure once
  - LP: #1128840
* can: c_can: fix invalid error codes
  - LP: #1116259
* can: ti_hecc: fix invalid error codes
  - LP: #1116259
* can: pch_can: fix invalid error codes
  - LP: #1116259
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1116259
* ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
  sparsemem
  - LP: #1116259
* Bluetooth: Fix sending HCI commands after reset
  - LP: #1116259
* ath9k_htc: Fix memory leak
  - LP: #1116259
* ath9k: fix double-free bug on beacon generate failure
  - LP: #1116259
* ALSA: usb-audio: fix invalid length check for RME and other UAC 2
  devices
  - LP: #1116259
* EDAC: Test correct variable in ->store function
  - LP: #1116259
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1116259
* smp: Fix SMP function call empty cpu mask race
  - LP: #1116259
* x86/msr: Add capabilities check
  - LP: #1116259
* efi, x86: Pass a proper identity mapping in efi_call_phys_prelog
  - LP: #1116259
* x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
  - LP: #1116259
* Linux 3.0.62
  - LP: #1116259
* drm/radeon/evergreen+: wait for the MC to settle after MC blackout
  - LP: #1122313
* drm/radeon: add quirk for RV100 board
  - LP: #1122313
* drm/radeon: Calling object_unrefer() when creating fb failure
  - LP: #1122313
* x86-64: Replace left over sti/cli in ia32 audit exit code
  - LP: #1122313
* nilfs2: fix fix very long mount time issue
  - LP: #1122313
* drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq
  handler
  - LP: #1122313
* USB: ftdi_sio: add Zolix FTDI PID
  - LP: #1122313
* USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II
  - LP: #1122313
* USB: option: add support for Telit LE920
  - LP: #1122313
* USB: option: add Changhong CH690
  - LP: #1122313
* USB: qcserial: add Telit Gobi QDL device
  - LP: #1122313
* USB: EHCI: fix bug in scheduling periodic split transfers
  - LP: #1122313
* USB: storage: Define a new macro for USB storage match rules
  - LP: #1122313
* USB: storage: optimize to match the Huawei USB storage devices and
  support new switch command
  - LP: #1122313
* xhci: Fix isoc TD encoding.
  - LP: #1122313
* USB: XHCI: fix memory leak of URB-private data
  - LP: #1122313
* Linux 3.0.63
  - LP: #1122313
* rtlwifi: Fix the usage of the wrong variable in usb.c
  - LP: #1126189
* virtio_console: Don't access uninitialized data.
  - LP: #1126189
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1126189
* mac80211: synchronize scan off/on-channel and PS states
  - LP: #1126189
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1126189
* MAINTAINERS: Stephen Hemminger email change
  - LP: #1126189
* isdn/gigaset: fix zero size border case in debug dump
  - LP: #1126189
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1126189
* net: loopback: fix a dst refcounting issue
  - LP: #1126189
* pktgen: correctly handle failures when adding a device
  - LP: #1126189
* ipv6: do not create neighbor entries for local delivery
  - LP: #1126189
* packet: fix leakage of tx_ring memory
  - LP: #1126189
* atm/iphase: rename fregt_t -> ffreg_t
  - LP: #1126189
* sctp: refactor sctp_outq_teardown to insure proper re-initalization
  - LP: #1126189
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1126189
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1126189
* tcp: frto should not set snd_cwnd to 0
  - LP: #1126189
* tcp: fix for zero packets_in_flight was too broad
  - LP: #1126189
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1126189
* bridge: Pull ip header into skb->data before looking into ip header.
  - LP: #1126189
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1126189
* tg3: Fix crc errors on jumbo frame receive
  - LP: #1126189
* Linux 3.0.64
  - LP: #1126189
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1130182
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1130182
* PCI/PM: Clean up PME state when removing a device
  - LP: #1130182
* igb: Remove artificial restriction on RQDPC stat reading
  - LP: #1130182
* Linux 3.0.65
  - LP: #1130182
* vhost: fix length for cross region descriptor
  - LP: #1130951
  - CVE-2013-0311
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

lp:ubuntu/oneiric-updates/linux-ti-omap4 Mature 2013-03-01 14:25:01 UTC 2013-03-01
61. * Release Tracking Bug - LP: #11370...

Author: Paolo Pisati
Revision Date: 2013-03-01 14:25:01 UTC

* Release Tracking Bug
  - LP: #1137045

[ Paolo Pisati ]

* rebased on Ubuntu-3.0.0-32.50

[ Ubuntu: 3.0.0-32.50 ]

* Release Tracking Bug
  - LP: #1136175
* SAUCE: xen/netback: shutdown the ring if it contains garbage.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: netback: correct netbk_tx_err to handle wrap around.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: xen/netback: don't leak pages on failure in
  xen_netbk_tx_check_gop.
  - LP: #1117331
  - CVE-2013-0217
* SAUCE: xen/netback: free already allocated memory on failure in
  xen_netbk_get_requests
  - LP: #1117331
  - CVE-2013-0217
* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
  failure once
  - LP: #1128840
* can: c_can: fix invalid error codes
  - LP: #1116259
* can: ti_hecc: fix invalid error codes
  - LP: #1116259
* can: pch_can: fix invalid error codes
  - LP: #1116259
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1116259
* ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
  sparsemem
  - LP: #1116259
* Bluetooth: Fix sending HCI commands after reset
  - LP: #1116259
* ath9k_htc: Fix memory leak
  - LP: #1116259
* ath9k: fix double-free bug on beacon generate failure
  - LP: #1116259
* ALSA: usb-audio: fix invalid length check for RME and other UAC 2
  devices
  - LP: #1116259
* EDAC: Test correct variable in ->store function
  - LP: #1116259
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1116259
* smp: Fix SMP function call empty cpu mask race
  - LP: #1116259
* x86/msr: Add capabilities check
  - LP: #1116259
* efi, x86: Pass a proper identity mapping in efi_call_phys_prelog
  - LP: #1116259
* x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
  - LP: #1116259
* Linux 3.0.62
  - LP: #1116259
* drm/radeon/evergreen+: wait for the MC to settle after MC blackout
  - LP: #1122313
* drm/radeon: add quirk for RV100 board
  - LP: #1122313
* drm/radeon: Calling object_unrefer() when creating fb failure
  - LP: #1122313
* x86-64: Replace left over sti/cli in ia32 audit exit code
  - LP: #1122313
* nilfs2: fix fix very long mount time issue
  - LP: #1122313
* drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq
  handler
  - LP: #1122313
* USB: ftdi_sio: add Zolix FTDI PID
  - LP: #1122313
* USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II
  - LP: #1122313
* USB: option: add support for Telit LE920
  - LP: #1122313
* USB: option: add Changhong CH690
  - LP: #1122313
* USB: qcserial: add Telit Gobi QDL device
  - LP: #1122313
* USB: EHCI: fix bug in scheduling periodic split transfers
  - LP: #1122313
* USB: storage: Define a new macro for USB storage match rules
  - LP: #1122313
* USB: storage: optimize to match the Huawei USB storage devices and
  support new switch command
  - LP: #1122313
* xhci: Fix isoc TD encoding.
  - LP: #1122313
* USB: XHCI: fix memory leak of URB-private data
  - LP: #1122313
* Linux 3.0.63
  - LP: #1122313
* rtlwifi: Fix the usage of the wrong variable in usb.c
  - LP: #1126189
* virtio_console: Don't access uninitialized data.
  - LP: #1126189
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1126189
* mac80211: synchronize scan off/on-channel and PS states
  - LP: #1126189
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1126189
* MAINTAINERS: Stephen Hemminger email change
  - LP: #1126189
* isdn/gigaset: fix zero size border case in debug dump
  - LP: #1126189
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1126189
* net: loopback: fix a dst refcounting issue
  - LP: #1126189
* pktgen: correctly handle failures when adding a device
  - LP: #1126189
* ipv6: do not create neighbor entries for local delivery
  - LP: #1126189
* packet: fix leakage of tx_ring memory
  - LP: #1126189
* atm/iphase: rename fregt_t -> ffreg_t
  - LP: #1126189
* sctp: refactor sctp_outq_teardown to insure proper re-initalization
  - LP: #1126189
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1126189
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1126189
* tcp: frto should not set snd_cwnd to 0
  - LP: #1126189
* tcp: fix for zero packets_in_flight was too broad
  - LP: #1126189
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1126189
* bridge: Pull ip header into skb->data before looking into ip header.
  - LP: #1126189
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1126189
* tg3: Fix crc errors on jumbo frame receive
  - LP: #1126189
* Linux 3.0.64
  - LP: #1126189
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1130182
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1130182
* PCI/PM: Clean up PME state when removing a device
  - LP: #1130182
* igb: Remove artificial restriction on RQDPC stat reading
  - LP: #1130182
* Linux 3.0.65
  - LP: #1130182
* vhost: fix length for cross region descriptor
  - LP: #1130951
  - CVE-2013-0311
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

lp:ubuntu/oneiric-proposed/linux-meta-ti-omap4 bug Mature 2013-03-01 09:05:51 UTC 2013-03-01
34. linux-ti-omap4 3.0.0-1222.36

Author: Brad Figg
Revision Date: 2013-03-01 09:05:51 UTC

linux-ti-omap4 3.0.0-1222.36

lp:ubuntu/oneiric-security/linux-meta-ti-omap4 Mature 2013-03-01 09:05:51 UTC 2013-03-01
34. linux-ti-omap4 3.0.0-1222.36

Author: Brad Figg
Revision Date: 2013-03-01 09:05:51 UTC

linux-ti-omap4 3.0.0-1222.36

lp:ubuntu/oneiric-updates/linux-meta-ti-omap4 Mature 2013-03-01 09:05:51 UTC 2013-03-01
34. linux-ti-omap4 3.0.0-1222.36

Author: Brad Figg
Revision Date: 2013-03-01 09:05:51 UTC

linux-ti-omap4 3.0.0-1222.36

lp:ubuntu/oneiric-proposed/linux-backports-modules-3.0.0 bug Mature 2013-02-28 14:03:30 UTC 2013-02-28
25. Bump ABI - Oneiric ABI 32

Author: Brad Figg
Revision Date: 2013-02-28 14:03:30 UTC

Bump ABI - Oneiric ABI 32

lp:ubuntu/oneiric-security/linux-backports-modules-3.0.0 Mature 2013-02-28 14:03:30 UTC 2013-02-28
25. Bump ABI - Oneiric ABI 32

Author: Brad Figg
Revision Date: 2013-02-28 14:03:30 UTC

Bump ABI - Oneiric ABI 32

lp:ubuntu/oneiric-updates/linux-backports-modules-3.0.0 Mature 2013-02-28 14:03:30 UTC 2013-02-28
25. Bump ABI - Oneiric ABI 32

Author: Brad Figg
Revision Date: 2013-02-28 14:03:30 UTC

Bump ABI - Oneiric ABI 32

lp:ubuntu/oneiric-proposed/linux-meta bug Mature 2013-02-28 13:57:00 UTC 2013-02-28
261. [ Brad Figg ] Bump ABI

Author: Brad Figg
Revision Date: 2013-02-28 13:57:00 UTC

[ Brad Figg ]

Bump ABI

lp:ubuntu/oneiric-security/linux-meta Mature 2013-02-28 13:57:00 UTC 2013-02-28
261. [ Brad Figg ] Bump ABI

Author: Brad Figg
Revision Date: 2013-02-28 13:57:00 UTC

[ Brad Figg ]

Bump ABI

lp:ubuntu/oneiric-updates/linux-meta Mature 2013-02-28 13:57:00 UTC 2013-02-28
261. [ Brad Figg ] Bump ABI

Author: Brad Figg
Revision Date: 2013-02-28 13:57:00 UTC

[ Brad Figg ]

Bump ABI

lp:ubuntu/oneiric-updates/dbus-glib Mature 2013-02-27 19:03:17 UTC 2013-02-27
28. * SECURITY UPDATE: possible privilege...

Author: Marc Deslauriers
Revision Date: 2013-02-22 15:36:12 UTC

* SECURITY UPDATE: possible privilege escalation via source spoofing
  - debian/patches/CVE-2013-0292.patch: verify sender of NameOwnerChanged
    signals in dbus/dbus-gproxy.c.
  - CVE-2013-0292

lp:ubuntu/oneiric-security/dbus-glib Mature 2013-02-27 18:49:15 UTC 2013-02-27
28. * SECURITY UPDATE: possible privilege...

Author: Marc Deslauriers
Revision Date: 2013-02-22 15:36:12 UTC

* SECURITY UPDATE: possible privilege escalation via source spoofing
  - debian/patches/CVE-2013-0292.patch: verify sender of NameOwnerChanged
    signals in dbus/dbus-gproxy.c.
  - CVE-2013-0292

lp:ubuntu/oneiric-security/sudo Mature 2013-02-27 13:38:01 UTC 2013-02-27
53. * SECURITY UPDATE: authentication byp...

Author: Marc Deslauriers
Revision Date: 2013-02-27 13:38:01 UTC

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in check.c.
  - CVE-2013-1775

lp:ubuntu/oneiric-updates/sudo Mature 2013-02-27 13:38:01 UTC 2013-02-27
53. * SECURITY UPDATE: authentication byp...

Author: Marc Deslauriers
Revision Date: 2013-02-27 13:38:01 UTC

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in check.c.
  - CVE-2013-1775

lp:ubuntu/oneiric-updates/portmidi bug Mature 2013-02-26 09:21:48 UTC 2013-02-26
7. pm_linux/Makefile: Fix linking order,...

Author: Alessio Treglia
Revision Date: 2013-02-03 03:06:30 UTC

pm_linux/Makefile: Fix linking order, regression introduced
by the previous upload. (LP: #1110326)

lp:ubuntu/oneiric-security/gnutls26 Mature 2013-02-25 11:52:02 UTC 2013-02-25
30. * SECURITY UPDATE: "Lucky Thirteen" t...

Author: Marc Deslauriers
Revision Date: 2013-02-25 11:52:02 UTC

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-1619.patch: avoid timing attacks in
    lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
  - CVE-2013-1619

lp:ubuntu/oneiric-updates/gnutls26 Mature 2013-02-25 11:52:02 UTC 2013-02-25
31. * SECURITY UPDATE: "Lucky Thirteen" t...

Author: Marc Deslauriers
Revision Date: 2013-02-25 11:52:02 UTC

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-1619.patch: avoid timing attacks in
    lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
  - CVE-2013-1619

lp:ubuntu/oneiric-updates/libupnp Mature 2013-02-21 20:06:12 UTC 2013-02-21
8. * SECURITY UPDATE: patch from Debian ...

Author: Jamie Strandboge
Revision Date: 2013-02-13 15:05:15 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964

lp:ubuntu/oneiric-security/libupnp Mature 2013-02-21 20:06:06 UTC 2013-02-21
8. * SECURITY UPDATE: patch from Debian ...

Author: Jamie Strandboge
Revision Date: 2013-02-13 15:05:15 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964

lp:ubuntu/oneiric-updates/libupnp4 Mature 2013-02-21 20:05:15 UTC 2013-02-21
8. * SECURITY UPDATE: patch from Debian ...

Author: Jamie Strandboge
Revision Date: 2013-02-13 14:37:59 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964
  - CVE-2012-5965

lp:ubuntu/oneiric-security/libupnp4 Mature 2013-02-21 20:05:11 UTC 2013-02-21
8. * SECURITY UPDATE: patch from Debian ...

Author: Jamie Strandboge
Revision Date: 2013-02-13 14:37:59 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964
  - CVE-2012-5965

lp:ubuntu/oneiric-updates/ruby-activesupport-2.3 bug Mature 2013-02-21 18:22:04 UTC 2013-02-21
6. * SECURITY UPDATE: Add an OkJson back...

Author: Jamie Strandboge
Revision Date: 2013-02-13 10:48:42 UTC

* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
  resolve improper conversion of JSON to YAML (LP: #1119256)
  - debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6
  - CVE-2013-0333

lp:ubuntu/oneiric-updates/jquery Mature 2013-02-21 18:12:14 UTC 2013-02-21
19. * SECURITY UPDATE: cross-site scripti...

Author: Marc Deslauriers
Revision Date: 2013-02-05 10:47:26 UTC

* SECURITY UPDATE: cross-site scripting issue via location.hash
  - debian/patches/CVE-2011-4969.patch: prioritize #id over <tag> in
    src/core.js and dist/jquery.js.
  - CVE-2011-4969

lp:ubuntu/oneiric-security/jquery Mature 2013-02-21 18:12:08 UTC 2013-02-21
19. * SECURITY UPDATE: cross-site scripti...

Author: Marc Deslauriers
Revision Date: 2013-02-05 10:47:26 UTC

* SECURITY UPDATE: cross-site scripting issue via location.hash
  - debian/patches/CVE-2011-4969.patch: prioritize #id over <tag> in
    src/core.js and dist/jquery.js.
  - CVE-2011-4969

lp:ubuntu/oneiric-security/openssl Mature 2013-02-18 14:55:40 UTC 2013-02-18
66. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-02-18 14:55:40 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

lp:ubuntu/oneiric-updates/openssl Mature 2013-02-18 14:55:40 UTC 2013-02-18
66. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-02-18 14:55:40 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

lp:ubuntu/oneiric-security/ruby-activesupport-2.3 bug Mature 2013-02-13 10:48:42 UTC 2013-02-13
6. * SECURITY UPDATE: Add an OkJson back...

Author: Jamie Strandboge
Revision Date: 2013-02-13 10:48:42 UTC

* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
  resolve improper conversion of JSON to YAML (LP: #1119256)
  - debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6
  - CVE-2013-0333

lp:ubuntu/oneiric-updates/cfingerd Mature 2013-02-08 20:38:26 UTC 2013-02-08
8. * SECURITY UPDATE: fix buffer overflo...

Author: Malcolm Scott
Revision Date: 2013-01-24 20:19:56 UTC

* SECURITY UPDATE: fix buffer overflow in rfc1413 (ident) client
  (LP: #1104425).
  - CVE-2013-1049

lp:ubuntu/oneiric-security/cfingerd bug Mature 2013-02-08 20:16:02 UTC 2013-02-08
8. * SECURITY UPDATE: fix buffer overflo...

Author: Malcolm Scott
Revision Date: 2013-01-24 20:19:56 UTC

* SECURITY UPDATE: fix buffer overflow in rfc1413 (ident) client
  (LP: #1104425).
  - CVE-2013-1049

lp:ubuntu/oneiric-proposed/tomboy bug Mature 2013-02-07 21:51:00 UTC 2013-02-07
87. * debian/patches/02_sync_save_button_...

Author: dobey
Revision Date: 2013-02-04 15:04:45 UTC

* debian/patches/02_sync_save_button_sensitive.patch:
* debian/patches/03_u1_as_default_sync.patch:
* debian/patches/05_add_start_u1_note.patch:
* debian/patches/06_use_ubuntu_sso.patch:
  - Remove patches to default to Ubuntu One for notes sync. (LP: #1115460)

lp:ubuntu/oneiric-updates/firebird2.5 Mature 2013-02-07 13:38:07 UTC 2013-02-07
20. * SECURITY UPDATE: Fix for NULL point...

Author: Christian Kuersteiner
Revision Date: 2013-02-06 11:25:54 UTC

* SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
  (LP: #1115902)
  - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
    upstream patch.
  - CVE-2012-5529

lp:ubuntu/oneiric-security/firebird2.5 bug Mature 2013-02-07 13:15:06 UTC 2013-02-07
20. * SECURITY UPDATE: Fix for NULL point...

Author: Christian Kuersteiner
Revision Date: 2013-02-06 11:25:54 UTC

* SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
  (LP: #1115902)
  - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
    upstream patch.
  - CVE-2012-5529

lp:ubuntu/oneiric-updates/xserver-xorg-video-qxl Mature 2013-02-05 14:15:46 UTC 2013-02-05
9. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-02-04 09:45:37 UTC

* SECURITY UPDATE: denial of service via sync i/o commands
  - debian/patches/CVE-2013-0241.patch: use new async IO calls in
    src/qxl.h, src/qxl_driver.c, src/qxl_surface.c.
  - Thanks to Red Hat for backported patch.
  - CVE-2013-0241

lp:ubuntu/oneiric-security/xserver-xorg-video-qxl Mature 2013-02-05 13:41:31 UTC 2013-02-05
9. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-02-04 09:45:37 UTC

* SECURITY UPDATE: denial of service via sync i/o commands
  - debian/patches/CVE-2013-0241.patch: use new async IO calls in
    src/qxl.h, src/qxl_driver.c, src/qxl_surface.c.
  - Thanks to Red Hat for backported patch.
  - CVE-2013-0241

lp:ubuntu/oneiric-updates/tomboy Mature 2013-02-04 15:04:45 UTC 2013-02-04
87. * debian/patches/02_sync_save_button_...

Author: dobey
Revision Date: 2013-02-04 15:04:45 UTC

* debian/patches/02_sync_save_button_sensitive.patch:
* debian/patches/03_u1_as_default_sync.patch:
* debian/patches/05_add_start_u1_note.patch:
* debian/patches/06_use_ubuntu_sso.patch:
  - Remove patches to default to Ubuntu One for notes sync. (LP: #1115460)

lp:ubuntu/oneiric-proposed/portmidi bug Mature 2013-02-03 03:06:30 UTC 2013-02-03
7. pm_linux/Makefile: Fix linking order,...

Author: Alessio Treglia
Revision Date: 2013-02-03 03:06:30 UTC

pm_linux/Makefile: Fix linking order, regression introduced
by the previous upload. (LP: #1110326)

1100 of 24483 results