Branches for Oneiric

Name Status Last Modified Last Commit
lp:ubuntu/oneiric-proposed/ecryptfs-utils bug Mature 2013-01-31 18:21:27 UTC 2013-01-31
77. * Fix encrypted home/private race con...

Author: Tyler Hicks
Revision Date: 2012-12-04 14:13:46 UTC

* Fix encrypted home/private race condition that could result in encrypted
  filenames not being decrypted, despite the directory being mounted
  correctly otherwise. (LP: #1052038)
  - debian/patches/fix-private-mount-race.patch: Fix race condition by only
    opening the signature file once, rather than opening, reading, and
    closing it for each key signature.

lp:ubuntu/oneiric-updates/whois Mature 2013-01-31 11:13:55 UTC 2013-01-31
24. * Backport changes to fix whois doesn...

Author: Chris J Arges
Revision Date: 2012-12-05 15:22:30 UTC

* Backport changes to fix whois doesn't properly query .hr/.sx/.pe TLDs
  and incorrect format for whois.arin.net (LP: #943502)
  - Add the "+" flag by default to queries to whois.arin.net if the
    argument looks like an IP address. Also add the "a" and "n" flags.
    No thanks to ARIN for breaking every whois client.
  - Updated the .hr TLD server. (Closes: #646572)
  - Added the .sx TLD server.
  - Updated the .pe TLD server, this time for real. (Closes: #653105)

lp:ubuntu/oneiric-updates/inkscape Mature 2013-01-30 16:26:04 UTC 2013-01-30
60. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2013-01-29 13:40:53 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML external entity
  - debian/patches/CVE-2012-5656.dpatch: disable loading external
    entities in src/preferences-skeleton.h,
    src/ui/dialog/ocaldialogs.cpp, src/xml/repr-io.cpp.
  - CVE-2012-5656
* SECURITY UPDATE: possible file loading from /tmp
  - debian/patches/CVE-2012-6076.dpatch: make sure filename is absolute
    in src/extension/implementation/script.cpp.
  - CVE-2012-6076

lp:ubuntu/oneiric-security/inkscape Mature 2013-01-30 16:06:10 UTC 2013-01-30
60. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2013-01-29 13:40:53 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML external entity
  - debian/patches/CVE-2012-5656.dpatch: disable loading external
    entities in src/preferences-skeleton.h,
    src/ui/dialog/ocaldialogs.cpp, src/xml/repr-io.cpp.
  - CVE-2012-5656
* SECURITY UPDATE: possible file loading from /tmp
  - debian/patches/CVE-2012-6076.dpatch: make sure filename is absolute
    in src/extension/implementation/script.cpp.
  - CVE-2012-6076

lp:ubuntu/oneiric-security/xen bug Mature 2013-01-30 13:37:48 UTC 2013-01-30
29. * Applying Xen Security Advisories: ...

Author: Stefan Bader
Revision Date: 2013-01-30 13:37:48 UTC

* Applying Xen Security Advisories:
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device-vector-map.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  Also fixes issues on AMD systems which could cause Dom0 to loose disks
  under heavy I/O (because PCI-E devices could use the same IOAPIC vector
  as the SMBus).

lp:ubuntu/oneiric-updates/xen bug Mature 2013-01-30 13:37:48 UTC 2013-01-30
30. * Applying Xen Security Advisories: ...

Author: Stefan Bader
Revision Date: 2013-01-30 13:37:48 UTC

* Applying Xen Security Advisories:
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device-vector-map.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  Also fixes issues on AMD systems which could cause Dom0 to loose disks
  under heavy I/O (because PCI-E devices could use the same IOAPIC vector
  as the SMBus).

lp:ubuntu/oneiric-security/squid3 bug Mature 2013-01-30 10:45:17 UTC 2013-01-30
31. * SECURITY UPDATE: denial of service ...

Author: Seth Arnold
Revision Date: 2013-01-30 10:45:17 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.dpatch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

lp:ubuntu/oneiric-updates/squid3 Mature 2013-01-30 10:45:17 UTC 2013-01-30
31. * SECURITY UPDATE: denial of service ...

Author: Seth Arnold
Revision Date: 2013-01-30 10:45:17 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.dpatch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

lp:ubuntu/oneiric-security/glance Mature 2013-01-30 03:53:07 UTC 2013-01-30
22. * SECURITY UPDATE: information disclo...

Author: Jamie Strandboge
Revision Date: 2013-01-28 14:17:50 UTC

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212
* debian/control: Build-Depends-Indep on python-paste

lp:ubuntu/oneiric-updates/ircd-ratbox Mature 2013-01-28 18:53:15 UTC 2013-01-28
7. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-01-25 16:07:27 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/ircd-ratbox Mature 2013-01-28 17:41:56 UTC 2013-01-28
7. fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-01-25 16:07:27 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/libav bug Mature 2013-01-28 14:36:43 UTC 2013-01-28
17. * SECURITY UPDATE: unspecified securi...

Author: Marc Deslauriers
Revision Date: 2013-01-24 13:31:43 UTC

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
  - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
    before using it in libavcodec/ivi_common.c.
  - CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
  - debian/patches/CVE-2012-5144.patch: fix off-by-one in
    libavcodec/aacdec.c.
  - CVE-2012-5144

lp:ubuntu/oneiric-updates/glance Mature 2013-01-28 14:17:50 UTC 2013-01-28
22. * SECURITY UPDATE: information disclo...

Author: Jamie Strandboge
Revision Date: 2013-01-28 14:17:50 UTC

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212
* debian/control: Build-Depends-Indep on python-paste

lp:ubuntu/oneiric/game-music-emu bug Mature 2013-01-26 07:35:26 UTC 2013-01-26
3. * debian/control, debian/compat, ...

Author: Sebastian Dröge
Revision Date: 2010-03-22 14:29:59 UTC

* debian/control,
  debian/compat,
  debian/source/format,
  debian/rules:
  + Update to source format 3.0 (quilt).
  + Update Standards-Version to 3.8.4.
  + Update to debhelper compat level 7.
* debian/patches/01_symbol-exports.patch:
  + Only export symbols that are meant to be public. Patch
    from upstream SVN.
* debian/libgme0.symbols:
  + Add symbols file.

lp:ubuntu/oneiric-security/libssh Mature 2013-01-25 13:51:57 UTC 2013-01-25
21. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-01-25 13:51:57 UTC

* SECURITY UPDATE: denial of service via NULL dereference
  - debian/patches/CVE-2013-0176.patch: properly handle client that
    doesn't send a matching key in src/server.c.
  - CVE-2013-0176

lp:ubuntu/oneiric-updates/libssh Mature 2013-01-25 13:51:57 UTC 2013-01-25
21. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-01-25 13:51:57 UTC

* SECURITY UPDATE: denial of service via NULL dereference
  - debian/patches/CVE-2013-0176.patch: properly handle client that
    doesn't send a matching key in src/server.c.
  - CVE-2013-0176

lp:ubuntu/oneiric-security/libav-extra Mature 2013-01-25 08:44:47 UTC 2013-01-25
15. Rebuild against libav security update

Author: Marc Deslauriers
Revision Date: 2013-01-25 08:44:47 UTC

Rebuild against libav security update

lp:ubuntu/oneiric-updates/libav-extra Mature 2013-01-25 08:44:47 UTC 2013-01-25
15. Rebuild against libav security update

Author: Marc Deslauriers
Revision Date: 2013-01-25 08:44:47 UTC

Rebuild against libav security update

lp:ubuntu/oneiric-updates/libav Mature 2013-01-24 13:31:43 UTC 2013-01-24
17. * SECURITY UPDATE: unspecified securi...

Author: Marc Deslauriers
Revision Date: 2013-01-24 13:31:43 UTC

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
  - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
    before using it in libavcodec/ivi_common.c.
  - CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
  - debian/patches/CVE-2012-5144.patch: fix off-by-one in
    libavcodec/aacdec.c.
  - CVE-2012-5144

lp:ubuntu/oneiric-proposed/whois bug Mature 2013-01-24 08:44:57 UTC 2013-01-24
24. * Backport changes to fix whois doesn...

Author: Chris J Arges
Revision Date: 2012-12-05 15:22:30 UTC

* Backport changes to fix whois doesn't properly query .hr/.sx/.pe TLDs
  and incorrect format for whois.arin.net (LP: #943502)
  - Add the "+" flag by default to queries to whois.arin.net if the
    argument looks like an IP address. Also add the "a" and "n" flags.
    No thanks to ARIN for breaking every whois client.
  - Updated the .hr TLD server. (Closes: #646572)
  - Added the .sx TLD server.
  - Updated the .pe TLD server, this time for real. (Closes: #653105)

lp:ubuntu/oneiric-security/vino Mature 2013-01-22 13:30:59 UTC 2013-01-22
54. * SECURITY UPDATE: clipboard leak to ...

Author: Marc Deslauriers
Revision Date: 2013-01-18 11:27:36 UTC

* SECURITY UPDATE: clipboard leak to unauthenticated clients
  - debian/patches/CVE-2012-4429.patch: make sure client is authenticated
    in server/libvncserver/rfbserver.c.
  - CVE-2012-4429

lp:ubuntu/oneiric-updates/rpm Mature 2013-01-19 07:16:10 UTC 2013-01-19
38. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-01-17 12:07:16 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  crafted headers
  - debian/patches/CVE-2011-3378.patch: properly validate values in
    lib/header.c.
  - CVE-2011-3378
* SECURITY UPDATE: denial of service and possible code execution via
  invalid region tag
  - debian/patches/CVE-2012-0060.patch: validate region tags in
    lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0060
* SECURITY UPDATE: denial of service and possible code execution via
  large region size
  - debian/patches/CVE-2012-0061.patch: check length in lib/header.c.
  - CVE-2012-0061
* SECURITY UPDATE: denial of service and possible code execution via
  negative value in region offset
  - debian/patches/CVE-2012-0815.patch: properly handle negative values
    in lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0815

lp:ubuntu/oneiric-updates/ruby-activerecord-2.3 Mature 2013-01-18 15:30:57 UTC 2013-01-18
6. * SECURITY UPDATE: unsafe query gener...

Author: Marc Deslauriers
Revision Date: 2013-01-18 08:34:35 UTC

* SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
  - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
  - CVE-2013-0155

lp:ubuntu/oneiric-updates/mplayer2 Mature 2013-01-18 15:21:40 UTC 2013-01-18
7. Enable CPU autodetection on architect...

Author: Julien Lavergne
Revision Date: 2012-12-12 13:57:36 UTC

Enable CPU autodetection on architectures that support it.
LP: #974125

lp:ubuntu/oneiric-security/ruby-activerecord-2.3 bug Mature 2013-01-18 15:17:09 UTC 2013-01-18
6. * SECURITY UPDATE: unsafe query gener...

Author: Marc Deslauriers
Revision Date: 2013-01-18 08:34:35 UTC

* SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
  - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
  - CVE-2013-0155

lp:ubuntu/oneiric-updates/vino Mature 2013-01-18 11:27:36 UTC 2013-01-18
54. * SECURITY UPDATE: clipboard leak to ...

Author: Marc Deslauriers
Revision Date: 2013-01-18 11:27:36 UTC

* SECURITY UPDATE: clipboard leak to unauthenticated clients
  - debian/patches/CVE-2012-4429.patch: make sure client is authenticated
    in server/libvncserver/rfbserver.c.
  - CVE-2012-4429

lp:ubuntu/oneiric-security/rpm Mature 2013-01-17 22:11:54 UTC 2013-01-17
38. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-01-17 12:07:16 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  crafted headers
  - debian/patches/CVE-2011-3378.patch: properly validate values in
    lib/header.c.
  - CVE-2011-3378
* SECURITY UPDATE: denial of service and possible code execution via
  invalid region tag
  - debian/patches/CVE-2012-0060.patch: validate region tags in
    lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0060
* SECURITY UPDATE: denial of service and possible code execution via
  large region size
  - debian/patches/CVE-2012-0061.patch: check length in lib/header.c.
  - CVE-2012-0061
* SECURITY UPDATE: denial of service and possible code execution via
  negative value in region offset
  - debian/patches/CVE-2012-0815.patch: properly handle negative values
    in lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0815

lp:ubuntu/oneiric-updates/xymon Mature 2013-01-15 17:40:37 UTC 2013-01-15
14. * SECURITY UPDATE: Multiple cross sit...

Author: Christian Kuersteiner
Revision Date: 2013-01-14 14:01:38 UTC

* SECURITY UPDATE: Multiple cross site scripting (XSS) vulnerabilities
  (LP: #1092412)
  - debian/patches/8-CVE-2011-1716.patch: show user input as html quoted
    output. Based on upstream changes.
  - CVE-2011-1716

lp:ubuntu/oneiric-security/xymon bug Mature 2013-01-15 17:17:03 UTC 2013-01-15
14. * SECURITY UPDATE: Multiple cross sit...

Author: Christian Kuersteiner
Revision Date: 2013-01-14 14:01:38 UTC

* SECURITY UPDATE: Multiple cross site scripting (XSS) vulnerabilities
  (LP: #1092412)
  - debian/patches/8-CVE-2011-1716.patch: show user input as html quoted
    output. Based on upstream changes.
  - CVE-2011-1716

lp:ubuntu/oneiric-security/freetype Mature 2013-01-11 13:47:14 UTC 2013-01-11
44. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:47:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

lp:ubuntu/oneiric-updates/freetype Mature 2013-01-11 13:47:14 UTC 2013-01-11
44. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:47:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

lp:ubuntu/oneiric-proposed/mplayer2 bug Mature 2013-01-10 20:14:39 UTC 2013-01-10
7. Enable CPU autodetection on architect...

Author: Julien Lavergne
Revision Date: 2012-12-12 13:57:36 UTC

Enable CPU autodetection on architectures that support it.
LP: #974125

lp:ubuntu/oneiric-security/tomcat6 Mature 2013-01-10 10:00:07 UTC 2013-01-10
42. * SECURITY UPDATE: security-constrain...

Author: Marc Deslauriers
Revision Date: 2013-01-10 10:00:07 UTC

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

lp:ubuntu/oneiric-updates/tomcat6 Mature 2013-01-10 10:00:07 UTC 2013-01-10
42. * SECURITY UPDATE: security-constrain...

Author: Marc Deslauriers
Revision Date: 2013-01-10 10:00:07 UTC

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

lp:ubuntu/oneiric-security/gnupg2 Mature 2013-01-08 15:37:01 UTC 2013-01-08
20. * SECURITY UPDATE: keyring corruption...

Author: Marc Deslauriers
Revision Date: 2013-01-08 15:37:01 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

lp:ubuntu/oneiric-updates/gnupg2 Mature 2013-01-08 15:37:01 UTC 2013-01-08
20. * SECURITY UPDATE: keyring corruption...

Author: Marc Deslauriers
Revision Date: 2013-01-08 15:37:01 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

lp:ubuntu/oneiric-security/gnupg Mature 2013-01-08 10:54:13 UTC 2013-01-08
37. * SECURITY UPDATE: keyring corruption...

Author: Marc Deslauriers
Revision Date: 2013-01-08 10:54:13 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

lp:ubuntu/oneiric-updates/gnupg Mature 2013-01-08 10:54:13 UTC 2013-01-08
37. * SECURITY UPDATE: keyring corruption...

Author: Marc Deslauriers
Revision Date: 2013-01-08 10:54:13 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

lp:ubuntu/oneiric-security/moin Mature 2012-12-29 18:18:00 UTC 2012-12-29
36. * SECURITY UPDATE: arbitrary code exe...

Author: Jamie Strandboge
Revision Date: 2012-12-29 18:18:00 UTC

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY

lp:ubuntu/oneiric-updates/moin Mature 2012-12-29 18:18:00 UTC 2012-12-29
36. * SECURITY UPDATE: arbitrary code exe...

Author: Jamie Strandboge
Revision Date: 2012-12-29 18:18:00 UTC

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY

lp:ubuntu/oneiric-updates/apparmor bug Mature 2012-12-19 23:02:05 UTC 2012-12-19
13. * debian/patches/0001-add-chromium-br...

Author: Jamie Strandboge
Revision Date: 2012-12-18 11:53:38 UTC

* debian/patches/0001-add-chromium-browser.patch:
  - add various accesses for newer chromium versions (LP: #1091862)
  - add a child profile for xdgsettings (LP: #1045986)
* debian/put-all-profiles-in-complain-mode.sh: deal with existing flags

lp:ubuntu/oneiric-updates/dtach Mature 2012-12-19 15:07:54 UTC 2012-12-19
5. * SECURITY-UPDATE: information disclo...

Author: Christian Kuersteiner
Revision Date: 2012-12-15 22:43:09 UTC

* SECURITY-UPDATE: information disclosure on unclean disconnect
  (LP: #1088355)
  - attach.c(attach_main): Clean check of read operation. Based on upstream
    patch
    (http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812)
  - CVE-2012-3368

lp:ubuntu/oneiric-security/dtach bug Mature 2012-12-19 14:16:40 UTC 2012-12-19
5. * SECURITY-UPDATE: information disclo...

Author: Christian Kuersteiner
Revision Date: 2012-12-15 22:43:09 UTC

* SECURITY-UPDATE: information disclosure on unclean disconnect
  (LP: #1088355)
  - attach.c(attach_main): Clean check of read operation. Based on upstream
    patch
    (http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812)
  - CVE-2012-3368

lp:ubuntu/oneiric-security/apparmor bug Mature 2012-12-18 11:53:38 UTC 2012-12-18
13. * debian/patches/0001-add-chromium-br...

Author: Jamie Strandboge
Revision Date: 2012-12-18 11:53:38 UTC

* debian/patches/0001-add-chromium-browser.patch:
  - add various accesses for newer chromium versions (LP: #1091862)
  - add a child profile for xdgsettings (LP: #1045986)
* debian/put-all-profiles-in-complain-mode.sh: deal with existing flags

lp:ubuntu/oneiric-updates/bogofilter Mature 2012-12-17 19:17:06 UTC 2012-12-17
26. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-12-17 09:38:09 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via heap corruption
  - debian/patches/CVE-2012-5468.patch: properly check outbytesleft, add
    tests in src/iconvert.c, src/tests/t.crash-invalid-base64,
    src/test/Makefile.*.
  - CVE-2012-5468

lp:ubuntu/oneiric-security/bogofilter Mature 2012-12-17 18:59:30 UTC 2012-12-17
26. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2012-12-17 09:38:09 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via heap corruption
  - debian/patches/CVE-2012-5468.patch: properly check outbytesleft, add
    tests in src/iconvert.c, src/tests/t.crash-invalid-base64,
    src/test/Makefile.*.
  - CVE-2012-5468

lp:ubuntu/oneiric-security/aptdaemon bug Mature 2012-12-17 14:15:47 UTC 2012-12-17
86. * SECURITY UPDATE: check downloaded k...

Author: Michael Vogt
Revision Date: 2012-10-12 16:20:20 UTC

* SECURITY UPDATE: check downloaded keyid (LP: #1052789)
  - CVE-2012-0962

lp:ubuntu/oneiric-proposed/owncloud bug Mature 2012-12-12 05:48:44 UTC 2012-12-12
3. * Replace OwnCloud with placeholder p...

Author: Jonathan Riddell
Revision Date: 2012-11-28 11:50:13 UTC

* Replace OwnCloud with placeholder page to remove the package.
  Requested by upstream and 4.0 can not be backported
 - LP: #1079150

lp:ubuntu/oneiric-updates/cups-pk-helper Mature 2012-12-10 17:44:55 UTC 2012-12-10
5. * SECURITY UPDATE: CUPS function call...

Author: Jeremy Bicha
Revision Date: 2012-11-26 22:39:36 UTC

* SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
  could be used to upload sensitive data to a CUPS resource, or overwrite
  specific files with the content of a CUPS resource. The user would have
  to explicitly approve the action. (LP: #1083416)
  - CVE-2012-4510
  - debian/patches/cups-pk-helper-CVE-2012-4510.patch: Copied from Fedora 16

lp:ubuntu/oneiric-proposed/postgresql-9.1 bug Mature 2012-12-10 15:04:42 UTC 2012-12-10
15. * New upstream bug fix release: (LP: ...

Author: Martin Pitt
Revision Date: 2012-12-10 15:04:42 UTC

* New upstream bug fix release: (LP: #1088393)
  - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
    Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
    changing the state of an index's pg_index row. This prevents race
    conditions that could cause concurrent sessions to miss updating
    the target index, thus resulting in corrupt concurrently-created
    indexes.
    Also, fix various other operations to ensure that they ignore
    invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
    command. The most important of these is "VACUUM", because an
    auto-vacuum could easily be launched on the table before corrective
    action can be taken to fix or remove the invalid index.
  - Fix buffer locking during WAL replay.
    The WAL replay code was insufficiently careful about locking
    buffers when replaying WAL records that affect more than one page.
    This could result in hot standby queries transiently seeing
    inconsistent states, resulting in wrong answers or unexpected
    failures.
  - See HISTORY/changelog.gz for the other bug fixes.

lp:ubuntu/oneiric-updates/pgbouncer Mature 2012-12-08 14:02:05 UTC 2012-12-08
16. * SECURITY UPDATE: denial of service ...

Author: Christian Kuersteiner
Revision Date: 2012-12-06 12:46:08 UTC

* SECURITY UPDATE: denial of service when too long db name is provided
  (LP: #1083414)
  - debian/patches/3-CVE-2012-4575.patch: objects.c(add_database): fail
    gracefully if too long db name. Based on upstream patch.
  - CVE-2012-4575

lp:ubuntu/oneiric-security/pgbouncer bug Mature 2012-12-08 13:43:33 UTC 2012-12-08
16. * SECURITY UPDATE: denial of service ...

Author: Christian Kuersteiner
Revision Date: 2012-12-06 12:46:08 UTC

* SECURITY UPDATE: denial of service when too long db name is provided
  (LP: #1083414)
  - debian/patches/3-CVE-2012-4575.patch: objects.c(add_database): fail
    gracefully if too long db name. Based on upstream patch.
  - CVE-2012-4575

lp:ubuntu/oneiric-security/gimp Mature 2012-12-06 13:33:56 UTC 2012-12-06
68. * SECURITY UPDATE: code execution via...

Author: Marc Deslauriers
Revision Date: 2012-12-06 13:33:56 UTC

* SECURITY UPDATE: code execution via malformed xwd files
  - debian/patches/CVE-2012-5576.patch: validate sizes in
    plug-ins/common/file-xwd.c.
  - CVE-2012-5576

lp:ubuntu/oneiric-updates/gimp Mature 2012-12-06 13:33:56 UTC 2012-12-06
68. * SECURITY UPDATE: code execution via...

Author: Marc Deslauriers
Revision Date: 2012-12-06 13:33:56 UTC

* SECURITY UPDATE: code execution via malformed xwd files
  - debian/patches/CVE-2012-5576.patch: validate sizes in
    plug-ins/common/file-xwd.c.
  - CVE-2012-5576

lp:ubuntu/oneiric-security/cups Mature 2012-12-05 19:05:49 UTC 2012-12-05
74. * SECURITY UPDATE: privilege escalati...

Author: Marc Deslauriers
Revision Date: 2012-12-03 09:14:13 UTC

* SECURITY UPDATE: privilege escalation via config file editing
  - debian/patches/CVE-2012-5519.patch: split configuration file into
    two, to isolate options that have a security impact.
  - debian/cups.install: also install cups-files.conf
  - debian/patches/removecvstag.patch: updated to remove tag from
    cups-files.conf.
  - CVE-2012-5519
* NOTE: this package does _not_ include the changes from 1.5.0-8ubuntu7
  in oneiric-proposed.

lp:ubuntu/oneiric-updates/ecryptfs-utils Mature 2012-12-04 14:13:46 UTC 2012-12-04
77. * Fix encrypted home/private race con...

Author: Tyler Hicks
Revision Date: 2012-12-04 14:13:46 UTC

* Fix encrypted home/private race condition that could result in encrypted
  filenames not being decrypted, despite the directory being mounted
  correctly otherwise. (LP: #1052038)
  - debian/patches/fix-private-mount-race.patch: Fix race condition by only
    opening the signature file once, rather than opening, reading, and
    closing it for each key signature.

lp:ubuntu/oneiric-security/tiff bug Mature 2012-12-03 12:42:59 UTC 2012-12-03
27. * SECURITY UPDATE: denial of service ...

Author: Seth Arnold
Revision Date: 2012-12-03 12:42:59 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
  - debian/patches/CVE-2012-5581.patch: remove special cases of tags,
    improve DOTRANGE tag case
  - CVE-2012-5581

lp:ubuntu/oneiric-updates/tiff Mature 2012-12-03 12:42:59 UTC 2012-12-03
27. * SECURITY UPDATE: denial of service ...

Author: Seth Arnold
Revision Date: 2012-12-03 12:42:59 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
  - debian/patches/CVE-2012-5581.patch: remove special cases of tags,
    improve DOTRANGE tag case
  - CVE-2012-5581

lp:ubuntu/oneiric-updates/pymol Mature 2012-12-03 11:16:05 UTC 2012-12-03
22. Include shaders in the package. Avoid...

Author: Stefano Rivera
Revision Date: 2012-04-29 16:51:52 UTC

Include shaders in the package. Avoids a segfault on startup, on machines
with OpenGL 2. (LP: #991117)

lp:ubuntu/oneiric-updates/iso-codes Mature 2012-12-03 11:14:37 UTC 2012-12-03
35. Mark package as "Multi-Arch: foreign"...

Author: Colin Watson
Revision Date: 2012-11-22 23:46:41 UTC

Mark package as "Multi-Arch: foreign" (LP: #1082170).

lp:ubuntu/oneiric-updates/cups bug Mature 2012-12-03 09:14:13 UTC 2012-12-03
74. * SECURITY UPDATE: privilege escalati...

Author: Marc Deslauriers
Revision Date: 2012-12-03 09:14:13 UTC

* SECURITY UPDATE: privilege escalation via config file editing
  - debian/patches/CVE-2012-5519.patch: split configuration file into
    two, to isolate options that have a security impact.
  - debian/cups.install: also install cups-files.conf
  - debian/patches/removecvstag.patch: updated to remove tag from
    cups-files.conf.
  - CVE-2012-5519
* NOTE: this package does _not_ include the changes from 1.5.0-8ubuntu7
  in oneiric-proposed.

lp:ubuntu/oneiric-proposed/cups-pk-helper bug Mature 2012-11-30 19:15:19 UTC 2012-11-30
5. * SECURITY UPDATE: CUPS function call...

Author: Jeremy Bicha
Revision Date: 2012-11-26 22:39:36 UTC

* SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
  could be used to upload sensitive data to a CUPS resource, or overwrite
  specific files with the content of a CUPS resource. The user would have
  to explicitly approve the action. (LP: #1083416)
  - CVE-2012-4510
  - debian/patches/cups-pk-helper-CVE-2012-4510.patch: Copied from Fedora 16

lp:ubuntu/oneiric-updates/lynx-cur Mature 2012-11-29 21:39:53 UTC 2012-11-29
39. * SECURITY UPDATE: properly perform c...

Author: Jamie Strandboge
Revision Date: 2012-11-19 08:41:55 UTC

* SECURITY UPDATE: properly perform certificate verification
  - debian/patches/CVE-2012-5821.dpatch: setup verification flags before
    verifying the certificate and prompt on self-signed certificates
  - CVE-2012-5821

lp:ubuntu/oneiric-security/lynx-cur Mature 2012-11-29 21:26:36 UTC 2012-11-29
39. * SECURITY UPDATE: properly perform c...

Author: Jamie Strandboge
Revision Date: 2012-11-19 08:41:55 UTC

* SECURITY UPDATE: properly perform certificate verification
  - debian/patches/CVE-2012-5821.dpatch: setup verification flags before
    verifying the certificate and prompt on self-signed certificates
  - CVE-2012-5821

lp:ubuntu/oneiric-updates/request-tracker3.8 Mature 2012-11-27 16:24:08 UTC 2012-11-27
17. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection

lp:ubuntu/oneiric-security/request-tracker3.8 Mature 2012-11-27 15:14:54 UTC 2012-11-27
17. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection

lp:ubuntu/oneiric-updates/im-switch Mature 2012-11-26 19:28:23 UTC 2012-11-26
12. * 80im-switch: - Delay the start of...

Author: Gunnar Hjalmarsson
Revision Date: 2012-10-30 19:06:00 UTC

* 80im-switch:
  - Delay the start of an input method framework with 10 seconds
    to increase the chances that its icon (e.g. an iBus icon) is
    shown in Unity's menu bar (LP: #875435).
    Thanks to Aron Xu for reviewing and improving the patch!

lp:ubuntu/oneiric-updates/grub2 Mature 2012-11-26 19:25:01 UTC 2012-11-26
133. [ Ben Howard ] Parameterization of re...

Author: Louis Bouchard
Revision Date: 2012-10-02 13:50:50 UTC

[ Ben Howard ]
Parameterization of recordfail setting. This allows users to define the
default time out of GRUB when recordfail has been set. The current
setting causes hangs on headless and appliances where access to the
console is limited or prohibited. (LP: #669481)

lp:ubuntu/oneiric-updates/nss-pam-ldapd Mature 2012-11-26 08:17:26 UTC 2012-11-26
15. increase buffer used for pam_authz_se...

Author: Chris J Arges
Revision Date: 2012-07-16 08:39:03 UTC

increase buffer used for pam_authz_search (LP: #951343)

lp:ubuntu/oneiric-proposed/grub2 bug Mature 2012-11-23 22:58:17 UTC 2012-11-23
133. [ Ben Howard ] Parameterization of re...

Author: Louis Bouchard
Revision Date: 2012-10-02 13:50:50 UTC

[ Ben Howard ]
Parameterization of recordfail setting. This allows users to define the
default time out of GRUB when recordfail has been set. The current
setting causes hangs on headless and appliances where access to the
console is limited or prohibited. (LP: #669481)

lp:ubuntu/oneiric-proposed/iso-codes bug Mature 2012-11-23 01:16:32 UTC 2012-11-23
35. Mark package as "Multi-Arch: foreign"...

Author: Colin Watson
Revision Date: 2012-11-22 23:46:41 UTC

Mark package as "Multi-Arch: foreign" (LP: #1082170).

lp:ubuntu/oneiric-security/ubufox bug Mature 2012-11-21 18:23:09 UTC 2012-11-21
64. * New upstream release v2.6. - see ...

Author: Chris Coulson
Revision Date: 2012-11-12 13:34:07 UTC

* New upstream release v2.6.
  - see LP: #1080211 for USN information
  - Make the startpage work again in Firefox 17
  - Fix a crash that occurs when the apt cache is broken
  - Fix a whole bunch of memory leaks in the plugin installer
  - Don't poll for file changes, but use inotify instead to determine
    when we need to display a restart notification

lp:ubuntu/oneiric-security/enigmail bug Mature 2012-11-21 18:03:09 UTC 2012-11-21
40. * New upstream release v1.4.6 - see...

Author: Chris Coulson
Revision Date: 2012-11-12 16:36:01 UTC

* New upstream release v1.4.6
  - see LP: #1080212 for USN information
* Drop unneeded patches
  - remove debian/patches/correct-version-number.diff
  - remove debian/patches/dont_register_cids_multiple_times.diff
  - update debian/patches/series
* Support building in an objdir
  - update debian/rules

lp:ubuntu/oneiric-security/lightning-extension bug Mature 2012-11-21 18:02:13 UTC 2012-11-21
24. * New upstream stable release to supp...

Author: Chris Coulson
Revision Date: 2012-11-08 10:00:06 UTC

* New upstream stable release to support Thunderbird 17 (CALENDAR_1_9_BUILD1)
  - see LP: #1080212 for USN information

lp:ubuntu/oneiric-updates/viewvc Mature 2012-11-21 17:19:08 UTC 2012-11-21
8. fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:45:18 UTC

fake sync from Debian

lp:ubuntu/oneiric-updates/radsecproxy Mature 2012-11-21 17:15:29 UTC 2012-11-21
4. fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:43:00 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/viewvc Mature 2012-11-21 16:46:51 UTC 2012-11-21
8. fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:45:18 UTC

fake sync from Debian

lp:ubuntu/oneiric-security/radsecproxy Mature 2012-11-21 16:42:28 UTC 2012-11-21
4. fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:43:00 UTC

fake sync from Debian

lp:ubuntu/oneiric-updates/python-keyring Mature 2012-11-20 18:45:48 UTC 2012-11-20
10. * SECURITY UPDATE: CryptedFileKeyring...

Author: Marc Deslauriers
Revision Date: 2012-11-19 12:54:34 UTC

* SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
  - Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
    for Ubuntu 11.10.
  - debian/patches/crypto_compat.patch: include PBKDF2() directly to be
    compatible with the older version of python-crypto in Ubuntu 11.10.
  - debian/control, debian/rules, debian/*install: get rid of
    python3-keyring binary package as it didn't ship in Ubuntu 11.10.
  - CVE-2012-4571
* SECURITY UPDATE: insecure default file permissions (LP: #1031465)
  - debian/patches/file_permissions.patch: set appropriate permissions on
    database directory.
  - CVE number pending
* debian/patches/fix_migration.patch: fix migration code so old
  databases get upgraded when a key is read. (LP: #1042754)
* debian/patches/fix_unlock.patch: fix unlocking an existing keyring.

lp:ubuntu/oneiric-security/python-keyring bug Mature 2012-11-20 18:14:34 UTC 2012-11-20
10. * SECURITY UPDATE: CryptedFileKeyring...

Author: Marc Deslauriers
Revision Date: 2012-11-19 12:54:34 UTC

* SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
  - Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
    for Ubuntu 11.10.
  - debian/patches/crypto_compat.patch: include PBKDF2() directly to be
    compatible with the older version of python-crypto in Ubuntu 11.10.
  - debian/control, debian/rules, debian/*install: get rid of
    python3-keyring binary package as it didn't ship in Ubuntu 11.10.
  - CVE-2012-4571
* SECURITY UPDATE: insecure default file permissions (LP: #1031465)
  - debian/patches/file_permissions.patch: set appropriate permissions on
    database directory.
  - CVE number pending
* debian/patches/fix_migration.patch: fix migration code so old
  databases get upgraded when a key is read. (LP: #1042754)
* debian/patches/fix_unlock.patch: fix unlocking an existing keyring.

lp:ubuntu/oneiric-updates/emesene Mature 2012-11-19 20:12:58 UTC 2012-11-19
23. Add 02-Use-DBus-for-the-UnityLauncher...

Author: Devid Antonio Filoni
Revision Date: 2011-10-31 21:48:43 UTC

Add 02-Use-DBus-for-the-UnityLauncher.diff patch from sbte to fix
Unity Launcher support (LP: #881674).

lp:ubuntu/oneiric-updates/live-manual Mature 2012-11-16 12:11:08 UTC 2012-11-16
28. fix FTBFS by adding a build dependenc...

Author: Matt Fischer
Revision Date: 2012-03-03 21:36:04 UTC

fix FTBFS by adding a build dependency on language-pack-en and setting the
LC_ALL to en_US.UTF-8 in debian/rules (LP: #831392)

lp:ubuntu/oneiric-proposed/im-switch bug Mature 2012-11-15 22:12:55 UTC 2012-11-15
12. * 80im-switch: - Delay the start of...

Author: Gunnar Hjalmarsson
Revision Date: 2012-10-30 19:06:00 UTC

* 80im-switch:
  - Delay the start of an input method framework with 10 seconds
    to increase the chances that its icon (e.g. an iBus icon) is
    shown in Unity's menu bar (LP: #875435).
    Thanks to Aron Xu for reviewing and improving the patch!

lp:ubuntu/oneiric-updates/ncurses Mature 2012-11-15 17:47:01 UTC 2012-11-15
40. Install missing tinfo.pc file into li...

Author: Benjamin Drung
Revision Date: 2012-09-01 01:59:17 UTC

Install missing tinfo.pc file into libtinfo-dev (LP: #900635).

lp:ubuntu/oneiric-updates/egenix-mx-base Mature 2012-11-15 17:43:38 UTC 2012-11-15
29. * Backport to Oneiric as an SRU to fi...

Author: Evan Broder
Revision Date: 2012-03-06 10:31:01 UTC

* Backport to Oneiric as an SRU to fix segfault. (LP: #884619)
* No other source changes required.

lp:~ubuntu-core-dev/ubuntu/oneiric/grub2/oneiric bug Development 2012-11-14 22:04:59 UTC 2012-11-14
2210. Parameterization of recordfail settin...

Author: Dimitri John Ledkov
Revision Date: 2012-11-14 22:04:43 UTC

Parameterization of recordfail setting. This allows users to define the
default time out of GRUB when recordfail has been set. The current
setting causes hangs on headless and appliances where access to the
console is limited or prohibited. (LP: #669481)

lp:ubuntu/oneiric-updates/asterisk Mature 2012-11-14 21:51:57 UTC 2012-11-14
62. * debian/patches/backport-r312866.dif...

Author: Paul Belanger
Revision Date: 2012-03-11 00:40:50 UTC

* debian/patches/backport-r312866.diff
- Responding to OPTIONS packet with 404 because Asterisk not looking for
   "s" extension (LP: #920020)

lp:ubuntu/oneiric-proposed/request-tracker3.8 bug Mature 2012-11-14 14:44:52 UTC 2012-11-14
17. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection

lp:ubuntu/oneiric-updates/enigmail bug Mature 2012-11-12 16:36:01 UTC 2012-11-12
40. * New upstream release v1.4.6 - see...

Author: Chris Coulson
Revision Date: 2012-11-12 16:36:01 UTC

* New upstream release v1.4.6
  - see LP: #1080212 for USN information
* Drop unneeded patches
  - remove debian/patches/correct-version-number.diff
  - remove debian/patches/dont_register_cids_multiple_times.diff
  - update debian/patches/series
* Support building in an objdir
  - update debian/rules

lp:ubuntu/oneiric-updates/libproxy Mature 2012-11-12 16:32:22 UTC 2012-11-12
15. * SECURITY UPDATE: possible remote co...

Author: Marc Deslauriers
Revision Date: 2012-11-06 09:37:33 UTC

* SECURITY UPDATE: possible remote code execution via buffer overflow
  - debian/patches/02_CVE-2012-4505.patch: validate maximum pac size in
    src/lib/pac.c.
  - CVE-2012-4505

lp:ubuntu/oneiric-security/libproxy Mature 2012-11-12 16:12:46 UTC 2012-11-12
15. * SECURITY UPDATE: possible remote co...

Author: Marc Deslauriers
Revision Date: 2012-11-06 09:37:33 UTC

* SECURITY UPDATE: possible remote code execution via buffer overflow
  - debian/patches/02_CVE-2012-4505.patch: validate maximum pac size in
    src/lib/pac.c.
  - CVE-2012-4505

lp:ubuntu/oneiric-updates/ubufox bug Mature 2012-11-12 13:34:07 UTC 2012-11-12
64. * New upstream release v2.6. - see ...

Author: Chris Coulson
Revision Date: 2012-11-12 13:34:07 UTC

* New upstream release v2.6.
  - see LP: #1080211 for USN information
  - Make the startpage work again in Firefox 17
  - Fix a crash that occurs when the apt cache is broken
  - Fix a whole bunch of memory leaks in the plugin installer
  - Don't poll for file changes, but use inotify instead to determine
    when we need to display a restart notification

lp:ubuntu/oneiric-updates/virtualbox Mature 2012-11-12 10:24:15 UTC 2012-11-12
8. * SECURITY UPDATE: Missing privilege ...

Author: Felix Geyer
Revision Date: 2012-10-26 14:15:42 UTC

* SECURITY UPDATE: Missing privilege check for task gate switches
  (LP: #1044634)
  - debian/patches/cve-2012-3221.patch: patch from upstream
  - CVE-2012-3221

lp:ubuntu/oneiric-security/virtualbox bug Mature 2012-11-09 21:57:09 UTC 2012-11-09
8. * SECURITY UPDATE: Missing privilege ...

Author: Felix Geyer
Revision Date: 2012-10-26 14:15:42 UTC

* SECURITY UPDATE: Missing privilege check for task gate switches
  (LP: #1044634)
  - debian/patches/cve-2012-3221.patch: patch from upstream
  - CVE-2012-3221

lp:ubuntu/oneiric-updates/lightning-extension Mature 2012-11-08 10:00:06 UTC 2012-11-08
24. * New upstream stable release to supp...

Author: Chris Coulson
Revision Date: 2012-11-08 10:00:06 UTC

* New upstream stable release to support Thunderbird 17 (CALENDAR_1_9_BUILD1)
  - see LP: #1080212 for USN information

lp:ubuntu/oneiric-updates/jabberd2 Mature 2012-11-06 19:51:01 UTC 2012-11-06
23. * SECURITY UPDATE: Fixed possibility ...

Author: Jamie Strandboge
Revision Date: 2012-08-23 08:15:54 UTC

* SECURITY UPDATE: Fixed possibility of Unsolicited Dialback Attacks
  - debian/patches/CVE-2012-3525.dpatch: check Verify Response and
    Authorization Response in s2s sessions
  - CVE-2012-3525

lp:ubuntu/oneiric-security/jabberd2 Mature 2012-11-06 18:47:15 UTC 2012-11-06
23. * SECURITY UPDATE: Fixed possibility ...

Author: Jamie Strandboge
Revision Date: 2012-08-23 08:15:54 UTC

* SECURITY UPDATE: Fixed possibility of Unsolicited Dialback Attacks
  - debian/patches/CVE-2012-3525.dpatch: check Verify Response and
    Authorization Response in s2s sessions
  - CVE-2012-3525

lp:ubuntu/oneiric-updates/munin Mature 2012-11-05 15:54:22 UTC 2012-11-05
38. * SECURITY UPDATE: symlink vulnerabil...

Author: Marc Deslauriers
Revision Date: 2012-10-17 08:26:39 UTC

* SECURITY UPDATE: symlink vulnerability in qmailscan plugin
  - debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
    plugins/node.d/qmailscan.in.
  - CVE-2012-2103
* SECURITY UPDATE: privilege escalation via root running plugins
  - debian/patches/CVE-2012-3512.patch: run each plugin in their own
    state directory in Makefile, Makefile.config,
    node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
    plugins/node.d/*.in,plugins/node.d.linux/*.in.
  - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
    MUNIN_PLUGSTATE being in the environment as these scripts also get
    run by a cron job in plugins/node.d.linux/apt_all.in,
    plugins/node.d.linux/apt.in.
  - CVE-2012-3512
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Remove old plugin state directory
  override, also remove new plugin state directory.

lp:ubuntu/oneiric-security/munin Mature 2012-11-05 14:45:39 UTC 2012-11-05
38. * SECURITY UPDATE: symlink vulnerabil...

Author: Marc Deslauriers
Revision Date: 2012-10-17 08:26:39 UTC

* SECURITY UPDATE: symlink vulnerability in qmailscan plugin
  - debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
    plugins/node.d/qmailscan.in.
  - CVE-2012-2103
* SECURITY UPDATE: privilege escalation via root running plugins
  - debian/patches/CVE-2012-3512.patch: run each plugin in their own
    state directory in Makefile, Makefile.config,
    node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
    plugins/node.d/*.in,plugins/node.d.linux/*.in.
  - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
    MUNIN_PLUGSTATE being in the environment as these scripts also get
    run by a cron job in plugins/node.d.linux/apt_all.in,
    plugins/node.d.linux/apt.in.
  - CVE-2012-3512
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Remove old plugin state directory
  override, also remove new plugin state directory.

lp:ubuntu/oneiric-updates/xdiagnose Mature 2012-11-01 19:11:52 UTC 2012-11-01
29. * apport/source_xorg.py: - Drop que...

Author: Bryce Harrington
Revision Date: 2012-06-27 10:47:58 UTC

* apport/source_xorg.py:
  - Drop question to allow flagging regressions
    following updates, since bug reporters have been using it incorrectly,
    resulting in too many false positives.
    (LP: #1018510)
  - Clarify question about "willing to do whatever it takes" to specify
    that the debugging work may require gdb or git bisection work.
  - Link to all technical support options, not just to Ask Ubuntu.
    (LP: #991602)

101200 of 24482 results