Branches for Precise

Name Status Last Modified Last Commit
lp:ubuntu/precise-security/libxrandr Mature 2015-04-13 17:37:55 UTC 2015-04-13
28. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:15:51 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-security/libxv Mature 2015-04-13 17:37:42 UTC 2015-04-13
17. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:20:34 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-security/libxrender Mature 2015-04-13 17:31:04 UTC 2015-04-13
13. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:23:37 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE number pending

lp:ubuntu/precise-security/libx11 Mature 2015-04-13 17:29:11 UTC 2015-04-13
60. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:01:09 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/patches/makebigreq_overflow.patch: don't move the last word in
    MakeBigReq in include/X11/Xlibint.h.
  - CVE number pending

lp:ubuntu/precise-security/ntp Mature 2015-04-13 09:06:54 UTC 2015-04-13
63. * SECURITY UPDATE: symmetric key unau...

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:06:54 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

lp:ubuntu/precise-updates/ntp Mature 2015-04-13 09:06:54 UTC 2015-04-13
63. * SECURITY UPDATE: symmetric key unau...

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:06:54 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

lp:ubuntu/precise-updates/xserver-xorg-video-vmware Mature 2015-04-13 08:44:10 UTC 2015-04-13
38. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:44:10 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-updates/libxp Mature 2015-04-13 08:40:40 UTC 2015-04-13
12. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:40:40 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-updates/libxv Mature 2015-04-13 08:20:34 UTC 2015-04-13
17. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:20:34 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-updates/libxrandr Mature 2015-04-13 08:15:51 UTC 2015-04-13
28. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:15:51 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-updates/libxfixes Mature 2015-04-13 08:09:50 UTC 2015-04-13
18. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:09:50 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-updates/libxext Mature 2015-04-13 07:52:26 UTC 2015-04-13
26. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-13 07:52:26 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - No change rebuild against libx11 in release pocket
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

lp:ubuntu/precise-updates/libxrender Mature 2015-04-08 08:23:37 UTC 2015-04-08
13. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:23:37 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE number pending

lp:ubuntu/precise-updates/x11proto-core Mature 2015-04-08 08:05:09 UTC 2015-04-08
20. No change rebuild in the -security po...

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:05:09 UTC

No change rebuild in the -security pocket

lp:ubuntu/precise-updates/libx11 Mature 2015-04-08 08:01:09 UTC 2015-04-08
60. * SECURITY UPDATE: buffer overflow in...

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:01:09 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/patches/makebigreq_overflow.patch: don't move the last word in
    MakeBigReq in include/X11/Xlibint.h.
  - CVE number pending

lp:ubuntu/precise-updates/eglibc bug Mature 2015-04-08 07:27:45 UTC 2015-04-08
319. * cvs-vfprintf-multibyte.diff: Fix "m...

Author: Adam Conrad
Revision Date: 2015-03-25 13:28:41 UTC

* cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
  longer parsing %s format arguments as multibyte strings (LP: #1109327)
* cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
  feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
* cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
  to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
* cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)

lp:~pali/ubuntu/precise/lsb/lsb-messages Development 2015-04-05 18:47:09 UTC 2015-04-05
46. * bzr merge lp:ubuntu/precise-updates...

Author: Pali
Revision Date: 2015-04-05 18:27:32 UTC

* bzr merge lp:ubuntu/precise-updates/lsb

lp:~pali/ubuntu/precise/initramfs-tools/initramfs-tools-messages Development 2015-04-05 18:46:44 UTC 2015-04-05
242. * bzr merge lp:ubuntu/precise-updates...

Author: Pali
Revision Date: 2015-04-05 18:13:56 UTC

* bzr merge lp:ubuntu/precise-updates/initramfs-tools

lp:~pali/ubuntu/precise/kubuntu-default-settings-pali/kubuntu-default-settings-pali-messages Development 2015-04-05 18:46:14 UTC 2015-04-05
311. * bzr merge lp:ubuntu/precise/kubuntu...

Author: Pali
Revision Date: 2015-04-05 18:00:44 UTC

* bzr merge lp:ubuntu/precise/kubuntu-default-settings

lp:~pali/ubuntu/precise/plymouth/plymouth-messages Development 2015-04-05 18:45:50 UTC 2015-04-05
1407. * bzr merge lp:ubuntu/precise-updates...

Author: Pali
Revision Date: 2015-04-05 17:14:06 UTC

* bzr merge lp:ubuntu/precise-updates/plymouth

lp:ubuntu/precise-security/tiff bug Mature 2015-04-01 20:25:11 UTC 2015-04-01
32. * SECURITY REGRESSION: regression whe...

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:08:49 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

lp:ubuntu/precise-updates/lightdm bug Mature 2015-04-01 17:58:20 UTC 2015-04-01
77. * debian/patches/15_gsources.patch: ...

Author: Robert Ancell
Revision Date: 2015-03-17 14:21:43 UTC

* debian/patches/15_gsources.patch:
  - Correctly remove GSources on finalize (LP: #1431654)

lp:ubuntu/precise-proposed/cloud-init bug Mature 2015-04-01 15:16:38 UTC 2015-04-01
215. Backport support for fetching passwor...

Author: Dan Watkins
Revision Date: 2015-03-11 16:56:20 UTC

Backport support for fetching passwords in CloudStack (LP: #1422388).

lp:ubuntu/precise-updates/tiff Mature 2015-04-01 14:08:49 UTC 2015-04-01
32. * SECURITY REGRESSION: regression whe...

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:08:49 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

lp:ubuntu/precise-security/gnupg2 bug Mature 2015-04-01 14:03:14 UTC 2015-04-01
23. * Screen responses from keyservers (L...

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:20:03 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

lp:ubuntu/precise-updates/gnupg2 Mature 2015-03-27 08:20:03 UTC 2015-03-27
23. * Screen responses from keyservers (L...

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:20:03 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

lp:ubuntu/precise-proposed/eglibc bug Mature 2015-03-26 19:27:29 UTC 2015-03-26
314. * cvs-vfprintf-multibyte.diff: Fix "m...

Author: Adam Conrad
Revision Date: 2015-03-25 13:28:41 UTC

* cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
  longer parsing %s format arguments as multibyte strings (LP: #1109327)
* cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
  feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
* cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
  to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
* cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)

lp:ubuntu/precise-security/libgcrypt11 Mature 2015-03-26 08:51:49 UTC 2015-03-26
35. * SECURITY UPDATE: sidechannel attack...

Author: Marc Deslauriers
Revision Date: 2015-03-26 08:51:49 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/CVE-2015-0837.patch: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

lp:ubuntu/precise-updates/libgcrypt11 Mature 2015-03-26 08:51:49 UTC 2015-03-26
35. * SECURITY UPDATE: sidechannel attack...

Author: Marc Deslauriers
Revision Date: 2015-03-26 08:51:49 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/CVE-2015-0837.patch: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

lp:ubuntu/precise-updates/batik Mature 2015-03-25 13:05:29 UTC 2015-03-25
12. * SECURITY UPDATE: XML external entit...

Author: Marc Deslauriers
Revision Date: 2015-03-24 10:52:23 UTC

* SECURITY UPDATE: XML external entity information disclosure
  - debian/patches/cve_2015_0250.patch: disable external entities in
    sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
  - Thanks to Debian for the patch backport.
  - CVE-2015-0250

lp:ubuntu/precise-security/batik Mature 2015-03-25 12:53:12 UTC 2015-03-25
12. * SECURITY UPDATE: XML external entit...

Author: Marc Deslauriers
Revision Date: 2015-03-24 10:52:23 UTC

* SECURITY UPDATE: XML external entity information disclosure
  - debian/patches/cve_2015_0250.patch: disable external entities in
    sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
  - Thanks to Debian for the patch backport.
  - CVE-2015-0250

lp:ubuntu/precise-security/gnutls26 Mature 2015-03-20 09:26:34 UTC 2015-03-20
41. * SECURITY UPDATE: signature forgery ...

Author: Marc Deslauriers
Revision Date: 2015-03-20 09:26:34 UTC

* SECURITY UPDATE: signature forgery issue
  - debian/patches/CVE-2015-0282.patch: make sure the signature
    algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
    lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h,
    lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c,
    lib/x509/x509.c, lib/x509/x509_int.h.
  - CVE-2015-0282
* SECURITY UPDATE: certificate algorithm consistency issue
  - debian/patches/CVE-2015-0294.patch: make sure the two signature
    algorithms match on cert import in lib/x509/x509.c.
  - CVE-2015-0294

lp:ubuntu/precise-updates/gnutls26 Mature 2015-03-20 09:26:34 UTC 2015-03-20
41. * SECURITY UPDATE: signature forgery ...

Author: Marc Deslauriers
Revision Date: 2015-03-20 09:26:34 UTC

* SECURITY UPDATE: signature forgery issue
  - debian/patches/CVE-2015-0282.patch: make sure the signature
    algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
    lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h,
    lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c,
    lib/x509/x509.c, lib/x509/x509_int.h.
  - CVE-2015-0282
* SECURITY UPDATE: certificate algorithm consistency issue
  - debian/patches/CVE-2015-0294.patch: make sure the two signature
    algorithms match on cert import in lib/x509/x509.c.
  - CVE-2015-0294

lp:ubuntu/precise-proposed/network-manager-applet bug Mature 2015-03-19 20:13:42 UTC 2015-03-19
94. Backport foo_client_setup from 0.9.8....

Author: Seyeong Kim
Revision Date: 2015-03-16 08:18:00 UTC

Backport foo_client_setup from 0.9.8.8 src/applet.c (LP: #1424119)

lp:ubuntu/precise-proposed/lightdm bug Development 2015-03-19 20:12:49 UTC 2015-03-19
78. * debian/patches/15_gsources.patch: ...

Author: Robert Ancell
Revision Date: 2015-03-17 14:21:43 UTC

* debian/patches/15_gsources.patch:
  - Correctly remove GSources on finalize (LP: #1431654)

lp:~crunch.io/ubuntu/precise/awscli/unstable Development 2015-03-18 19:13:52 UTC 2015-03-18
10. Backport to precise

Author: Joseph S Tate
Revision Date: 2015-03-18 19:10:04 UTC

Backport to precise

lp:ubuntu/precise-security/libxfont Mature 2015-03-18 07:33:04 UTC 2015-03-18
31. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:04 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

lp:ubuntu/precise-updates/libxfont Mature 2015-03-18 07:33:04 UTC 2015-03-18
31. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:04 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

lp:ubuntu/precise-security/libav bug Mature 2015-03-17 13:42:42 UTC 2015-03-17
31. * Update to 0.8.17 to fix multiple se...

Author: Marc Deslauriers
Revision Date: 2015-03-16 08:10:23 UTC

* Update to 0.8.17 to fix multiple security issues (LP: #1432610)
  - CVE-2014-8542
  - CVE-2014-8543
  - CVE-2014-8544
  - CVE-2014-8547
  - CVE-2014-8548
  - CVE-2014-9604

lp:ubuntu/precise-security/libav-extra Mature 2015-03-16 09:16:01 UTC 2015-03-16
32. * Rebuild against new libav - debia...

Author: Marc Deslauriers
Revision Date: 2015-03-16 09:16:01 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

lp:ubuntu/precise-updates/libav-extra Mature 2015-03-16 09:16:01 UTC 2015-03-16
32. * Rebuild against new libav - debia...

Author: Marc Deslauriers
Revision Date: 2015-03-16 09:16:01 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

lp:ubuntu/precise-updates/network-manager-applet Mature 2015-03-16 08:18:00 UTC 2015-03-16
94. Backport foo_client_setup from 0.9.8....

Author: Seyeong Kim
Revision Date: 2015-03-16 08:18:00 UTC

Backport foo_client_setup from 0.9.8.8 src/applet.c (LP: #1424119)

lp:ubuntu/precise-updates/libav Mature 2015-03-16 08:10:23 UTC 2015-03-16
31. * Update to 0.8.17 to fix multiple se...

Author: Marc Deslauriers
Revision Date: 2015-03-16 08:10:23 UTC

* Update to 0.8.17 to fix multiple security issues (LP: #1432610)
  - CVE-2014-8542
  - CVE-2014-8543
  - CVE-2014-8544
  - CVE-2014-8547
  - CVE-2014-8548
  - CVE-2014-9604

lp:ubuntu/precise-updates/tntnet Mature 2015-03-13 01:03:17 UTC 2015-03-13
13. SECURITY UPDATE: Fixed default config...

Author: Christian Hertel
Revision Date: 2015-03-11 16:07:14 UTC

SECURITY UPDATE: Fixed default configuration to prevent exposing
files from /. (LP: #1430750)

lp:ubuntu/precise-security/tntnet bug Mature 2015-03-13 00:22:55 UTC 2015-03-13
13. SECURITY UPDATE: Fixed default config...

Author: Christian Hertel
Revision Date: 2015-03-11 16:07:14 UTC

SECURITY UPDATE: Fixed default configuration to prevent exposing
files from /. (LP: #1430750)

lp:ubuntu/precise-security/sudo bug Mature 2015-03-12 11:32:42 UTC 2015-03-12
58. * SECURITY UPDATE: arbitrary file acc...

Author: Marc Deslauriers
Revision Date: 2015-03-12 11:32:42 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
    configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
    pathnames.h.in, plugins/sudoers/env.c.
  - CVE-2014-9680

lp:ubuntu/precise-updates/sudo Mature 2015-03-12 11:32:42 UTC 2015-03-12
58. * SECURITY UPDATE: arbitrary file acc...

Author: Marc Deslauriers
Revision Date: 2015-03-12 11:32:42 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
    configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
    pathnames.h.in, plugins/sudoers/env.c.
  - CVE-2014-9680

lp:~jamesodhunt/ubuntu/precise/upstart/bug-1430403 bug Development 2015-03-11 14:01:13 UTC 2015-03-11
1399. releasing package upstart version 1.5...

Author: James Hunt
Revision Date: 2015-03-11 14:01:13 UTC

releasing package upstart version 1.5-0ubuntu7.3

lp:~jamesodhunt/ubuntu/precise/upstart/precise-proposed Development 2015-03-11 09:07:04 UTC 2015-03-11
1397. Cherry-pick newer test code to fix te...

Author: James Hunt
Revision Date: 2013-01-17 11:40:36 UTC

Cherry-pick newer test code to fix test failure seen
on ARM (LP: #980917).

lp:ubuntu/precise-security/ecryptfs-utils bug Mature 2015-03-11 00:37:10 UTC 2015-03-11
83. * SECURITY UPDATE: Mount passphrase w...

Author: Tyler Hicks
Revision Date: 2015-03-04 16:38:14 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the wrap-unwrap.sh and
    v1-to-v2-wrapped-passphrase.sh test scripts that were created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

lp:ubuntu/precise-updates/rrdtool Mature 2015-03-09 02:12:40 UTC 2015-03-09
34. Fix "fails to install, postinst, invo...

Author: Bryan Quigley
Revision Date: 2015-02-25 15:51:46 UTC

Fix "fails to install, postinst, invoke-rc.d rrdcached start, start-
stop-daemon, segfault":
(re-)create /var/lib/rrdcached/{journal,db} in init script.
(LP: #985341)

lp:ubuntu/precise-updates/apt Mature 2015-03-06 10:47:36 UTC 2015-03-06
197. fix auto-removal behavior (thanks to ...

Author: Michael Vogt
Revision Date: 2015-03-06 10:47:36 UTC

fix auto-removal behavior (thanks to Adam Conrad)
LP: #1429041

lp:ubuntu/precise-proposed/openssl bug Mature 2015-03-05 17:56:45 UTC 2015-03-05
84. * Fix DTLS handshake on amd64 (LP: #1...

Author: Marc Deslauriers
Revision Date: 2015-02-26 13:05:15 UTC

* Fix DTLS handshake on amd64 (LP: #1425914)
  - debian/patches/lp1425914.patch: backport upstream patch that fixes
    alignment issue causing an assert in ssl/ssl_ciph.c.

lp:ubuntu/precise-updates/ecryptfs-utils Mature 2015-03-04 16:38:14 UTC 2015-03-04
83. * SECURITY UPDATE: Mount passphrase w...

Author: Tyler Hicks
Revision Date: 2015-03-04 16:38:14 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the wrap-unwrap.sh and
    v1-to-v2-wrapped-passphrase.sh test scripts that were created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

lp:ubuntu/precise-proposed/rrdtool bug Mature 2015-02-26 19:14:35 UTC 2015-02-26
34. Fix "fails to install, postinst, invo...

Author: Bryan Quigley
Revision Date: 2015-02-25 15:51:46 UTC

Fix "fails to install, postinst, invoke-rc.d rrdcached start, start-
stop-daemon, segfault":
(re-)create /var/lib/rrdcached/{journal,db} in init script.
(LP: #985341)

lp:ubuntu/precise-security/eglibc bug Mature 2015-02-25 09:12:22 UTC 2015-02-25
316. * SECURITY UPDATE: getaddrinfo writes...

Author: Marc Deslauriers
Revision Date: 2015-02-25 09:12:22 UTC

* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
  high load
  - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
    after calling reopen in resolv/res_send.c.
  - CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
  - debian/patches/any/cvs-wscanf.diff: calculate correct size in
    stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
  - CVE-2015-1472
  - CVE-2015-1473

lp:ubuntu/precise-security/freetype Mature 2015-02-24 10:35:56 UTC 2015-02-24
49. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-24 10:35:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

lp:ubuntu/precise-updates/freetype Mature 2015-02-24 10:35:56 UTC 2015-02-24
49. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-24 10:35:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

lp:ubuntu/precise-updates/e2fsprogs Mature 2015-02-23 19:32:03 UTC 2015-02-23
60. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:45:56 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - debian/patches/CVE-2015-0247.patch: limit first_meta_bg in
    lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - debian/patches/CVE-2015-1572.patch: properly check against
    fs->desc_blocks in lib/ext2fs/closefs.c.
  - CVE-2015-1572

lp:ubuntu/precise-security/e2fsprogs Mature 2015-02-23 19:10:20 UTC 2015-02-23
60. * SECURITY UPDATE: heap overflow via ...

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:45:56 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - debian/patches/CVE-2015-0247.patch: limit first_meta_bg in
    lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - debian/patches/CVE-2015-1572.patch: properly check against
    fs->desc_blocks in lib/ext2fs/closefs.c.
  - CVE-2015-1572

lp:ubuntu/precise-security/ca-certificates bug Mature 2015-02-23 18:43:20 UTC 2015-02-23
31. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:21:16 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

lp:ubuntu/precise-proposed/postfix bug Development 2015-02-20 16:07:26 UTC 2015-02-20
54. support postfix/protocols (LP: #583216)

Author: Seyeong Kim
Revision Date: 2015-02-17 08:01:59 UTC

support postfix/protocols (LP: #583216)

lp:ubuntu/precise-updates/ca-certificates Mature 2015-02-20 08:21:16 UTC 2015-02-20
31. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:21:16 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

lp:ubuntu/precise-security/bind9 Mature 2015-02-18 07:41:24 UTC 2015-02-18
56. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-18 07:41:24 UTC

* SECURITY UPDATE: denial of service via revoking a managed trust anchor
  and supplying an untrusted replacement
  - lib/dns/zone.c: avoid crash due to managed-key rollover
  - Based on patch supplied by Evan Hunt <each@isc.org>
  - CVE-2015-1349

lp:ubuntu/precise-updates/bind9 Mature 2015-02-18 07:41:24 UTC 2015-02-18
56. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-02-18 07:41:24 UTC

* SECURITY UPDATE: denial of service via revoking a managed trust anchor
  and supplying an untrusted replacement
  - lib/dns/zone.c: avoid crash due to managed-key rollover
  - Based on patch supplied by Evan Hunt <each@isc.org>
  - CVE-2015-1349

lp:ubuntu/precise-security/unzip Mature 2015-02-17 14:19:20 UTC 2015-02-17
24. * SECURITY UPDATE: heap overflow in c...

Author: Marc Deslauriers
Revision Date: 2015-02-17 14:19:20 UTC

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/04-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

lp:ubuntu/precise-updates/unzip Mature 2015-02-17 14:19:20 UTC 2015-02-17
24. * SECURITY UPDATE: heap overflow in c...

Author: Marc Deslauriers
Revision Date: 2015-02-17 14:19:20 UTC

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/04-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

lp:ubuntu/precise-updates/postfix Mature 2015-02-17 08:01:59 UTC 2015-02-17
54. support postfix/protocols (LP: #583216)

Author: Seyeong Kim
Revision Date: 2015-02-17 08:01:59 UTC

support postfix/protocols (LP: #583216)

lp:ubuntu/precise-security/xorg-server-lts-trusty Mature 2015-02-12 09:44:55 UTC 2015-02-12
5. * SECURITY UPDATE: information leak a...

Author: Marc Deslauriers
Revision Date: 2015-02-12 09:44:55 UTC

* SECURITY UPDATE: information leak and denial of service in
  XkbSetGeometry
  - debian/patches/CVE-2015-0255.patch: properly check lengths in
    xkb/xkb.c.
  - CVE-2015-0255
* debian/patches/CVE-2014-8xxx/0038-CVE-2014-8092-*: fix regression in
  previous security update by allowing zero-height PutImage requests in
  dix/dispatch.c.

lp:ubuntu/precise-updates/xorg-server-lts-trusty bug Mature 2015-02-12 09:44:55 UTC 2015-02-12
5. * SECURITY UPDATE: information leak a...

Author: Marc Deslauriers
Revision Date: 2015-02-12 09:44:55 UTC

* SECURITY UPDATE: information leak and denial of service in
  XkbSetGeometry
  - debian/patches/CVE-2015-0255.patch: properly check lengths in
    xkb/xkb.c.
  - CVE-2015-0255
* debian/patches/CVE-2014-8xxx/0038-CVE-2014-8092-*: fix regression in
  previous security update by allowing zero-height PutImage requests in
  dix/dispatch.c.

lp:ubuntu/precise-proposed/nginx bug Mature 2015-02-11 15:29:30 UTC 2015-02-11
58. * d/modules/nginx-http-push: Apply up...

Author: Thomas Ward
Revision Date: 2015-02-09 12:02:52 UTC

* d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817)
  * src/ngx_http_push_module_setup.c: Modify push module code with
    upstream changes to fix an issue with initialization when using
    `fastcgi_cache` or `proxy_cache`.
  * tests/nginx-cachemanager.conf: (new file) Include upstream change
    of adding an nginx-cachemanager.conf file to the tests.

lp:ubuntu/precise-updates/procps bug Mature 2015-02-10 23:49:55 UTC 2015-02-10
64. ignore_erofs.patch: Same as ignore_ea...

Author: St├ęphane Graber
Revision Date: 2015-02-10 13:42:15 UTC

ignore_erofs.patch: Same as ignore_eaccess but for the case where
part of /proc is read/only. (LP: #1419554)

lp:ubuntu/precise-proposed/procps bug Mature 2015-02-10 20:23:57 UTC 2015-02-10
64. ignore_erofs.patch: Same as ignore_ea...

Author: St├ęphane Graber
Revision Date: 2015-02-10 13:42:15 UTC

ignore_erofs.patch: Same as ignore_eaccess but for the case where
part of /proc is read/only. (LP: #1419554)

lp:~pali/ubuntu/precise/libva/libva Development 2015-02-10 16:20:30 UTC 2015-02-10
27. Remove upstream patch va_enc_jpeg.h.p...

Author: Pali
Revision Date: 2015-02-10 16:20:30 UTC

Remove upstream patch va_enc_jpeg.h.patch

lp:ubuntu/precise-updates/libfcgi Mature 2015-02-09 13:33:23 UTC 2015-02-09
10. Applying patch to swap select with po...

Author: Joe Damato
Revision Date: 2015-02-05 16:28:53 UTC

Applying patch to swap select with poll to handle more than 1024
connections and avoid data corruption or a segfault. (LP: #1418778).

lp:ubuntu/precise-security/libfcgi bug Mature 2015-02-09 12:58:13 UTC 2015-02-09
10. Applying patch to swap select with po...

Author: Joe Damato
Revision Date: 2015-02-05 16:28:53 UTC

Applying patch to swap select with poll to handle more than 1024
connections and avoid data corruption or a segfault. (LP: #1418778).

lp:~ubuntu-cloud-archive/ubuntu/precise/juju-core/precise-ctools bug Development 2015-02-06 15:52:44 UTC 2015-02-06
36. releasing package juju-core version 1...

Author: Scott Moser
Revision Date: 2015-02-06 15:51:12 UTC

releasing package juju-core version 1.20.11-0ubuntu0.14.04.1~ctools0

lp:ubuntu/precise-proposed/unity-greeter bug Mature 2015-02-05 19:27:55 UTC 2015-02-05
44. * Show network manager applet in gree...

Author: Seyeong Kim
Revision Date: 2015-01-20 11:11:41 UTC

* Show network manager applet in greeter: (LP: #1240088)
* debian/control:
  - Recommend network-manager-gnome version that supports working in greeter
* debian/install:
* debian/unity-greeter.pkla:
  - Install PolicyKit policy for unity-greeter
* debian/patches/show-nm-applet.patch:
  - Show network manager applet

lp:ubuntu/precise-proposed/udev bug Mature 2015-02-04 18:19:55 UTC 2015-02-04
226. Add load-modules-for-bound-devices.pa...

Author: Martin Pitt
Revision Date: 2015-01-23 08:22:52 UTC

Add load-modules-for-bound-devices.patch: Always probe modules, even when
a driver is already bound to a device. Fixes some modules not loading
automatically when using kernel backports > 3.11. Patch backported from
upstream commit and adjusted to use modprobe. (LP: #1404509)

lp:ubuntu/precise/maatkit bug Mature 2015-02-02 10:01:23 UTC 2015-02-02
23. New upstream release (7540). (Closes:...

Author: Dario Minnucci
Revision Date: 2011-06-09 02:13:03 UTC

New upstream release (7540). (Closes: #629826)

lp:ubuntu/precise-updates/landscape-client bug Mature 2015-01-29 19:15:29 UTC 2015-01-29
49. * New upstream version (LP: #1401523)...

Author: Chris Glass
Revision Date: 2014-12-15 09:24:30 UTC

* New upstream version (LP: #1401523):
  - Fix regression occurring when performing Landscape-driven release
    upgrades (LP: #1389686)
  - Fix regression occurring when switching the client between different
    Landscape servers (LP: #1376134)
  - Support reporting QEMU virtualization (LP: #1374501)
  - Bump Juju integration message format (LP: #1369635, LP: #1362506)
  - Drop provisioning registration message (LP: #1344054)
  - Drop cloud registration message (LP: #1342646)
  - Fix handling broken packages (LP: #1326940)
  - Add new Swift usage message type (LP: #1320236)
  - Fix platform detection on POWER machines (LP: #1271615)
  - Fix platform detection for arm64 machines (LP: #1306824)
  - Added a mechanism to set the client's user-agent (LP: #1399139)
  - Fixed release-upgrader not asking for a seesion ID before attempting to
    send a message (LP: #1401867)

lp:~henrix/ubuntu/precise/open-vm-dkms/lp-1416003 Development 2015-01-29 17:03:28 UTC 2015-01-29
28. * Upstream v3.2.66 porting (LP: #1416...

Author: Luis Henriques
Revision Date: 2015-01-29 17:00:44 UTC

* Upstream v3.2.66 porting (LP: #1416003):
  - follow move of d_alias to d_u

lp:ubuntu/precise-updates/spamassassin Mature 2015-01-28 18:19:26 UTC 2015-01-28
33. d/p/disable-ahbl: disable AHBL DNS bl...

Author: Robie Basak
Revision Date: 2015-01-28 02:29:29 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

lp:ubuntu/precise-proposed/spamassassin bug Mature 2015-01-28 04:14:48 UTC 2015-01-28
33. d/p/disable-ahbl: disable AHBL DNS bl...

Author: Robie Basak
Revision Date: 2015-01-28 02:29:29 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

lp:ubuntu/precise-updates/udev Mature 2015-01-23 08:22:52 UTC 2015-01-23
226. Add load-modules-for-bound-devices.pa...

Author: Martin Pitt
Revision Date: 2015-01-23 08:22:52 UTC

Add load-modules-for-bound-devices.patch: Always probe modules, even when
a driver is already bound to a device. Fixes some modules not loading
automatically when using kernel backports > 3.11. Patch backported from
upstream commit and adjusted to use modprobe. (LP: #1404509)

lp:ubuntu/precise-security/jasper Mature 2015-01-22 13:00:54 UTC 2015-01-22
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:00:54 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

lp:ubuntu/precise-updates/jasper Mature 2015-01-22 13:00:54 UTC 2015-01-22
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:00:54 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

lp:ubuntu/precise-updates/unity-greeter Mature 2015-01-20 11:11:41 UTC 2015-01-20
44. * Show network manager applet in gree...

Author: Seyeong Kim
Revision Date: 2015-01-20 11:11:41 UTC

* Show network manager applet in greeter: (LP: #1240088)
* debian/control:
  - Recommend network-manager-gnome version that supports working in greeter
* debian/install:
* debian/unity-greeter.pkla:
  - Install PolicyKit policy for unity-greeter
* debian/patches/show-nm-applet.patch:
  - Show network manager applet

lp:ubuntu/precise-security/rpm Mature 2015-01-16 12:00:17 UTC 2015-01-16
41. * SECURITY UPDATE: code execution via...

Author: Marc Deslauriers
Revision Date: 2015-01-16 12:00:17 UTC

* SECURITY UPDATE: code execution via insecure temp file use
  - debian/patches/CVE-2013-6435.patch: create file with proper
    permissions in lib/fsm.c.
  - CVE-2013-6435

lp:ubuntu/precise-updates/rpm Mature 2015-01-16 12:00:17 UTC 2015-01-16
41. * SECURITY UPDATE: code execution via...

Author: Marc Deslauriers
Revision Date: 2015-01-16 12:00:17 UTC

* SECURITY UPDATE: code execution via insecure temp file use
  - debian/patches/CVE-2013-6435.patch: create file with proper
    permissions in lib/fsm.c.
  - CVE-2013-6435

lp:ubuntu/precise-updates/nagios3 Mature 2015-01-15 19:04:12 UTC 2015-01-15
24. Don't retain host aliases or display ...

Author: Evan Broder
Revision Date: 2014-12-08 18:32:34 UTC

Don't retain host aliases or display names (LP: #1234376)

lp:ubuntu/precise-updates/gparted Mature 2015-01-14 21:28:21 UTC 2015-01-14
48. * SECURITY UPDATE: arbitrary command ...

Author: Marc Deslauriers
Revision Date: 2015-01-07 15:37:02 UTC

* SECURITY UPDATE: arbitrary command execution via crafted fs label
  - debian/patches/CVE-2014-7208-1.patch: stop executing external
    commands via a shell process in src/Utils.cc.
  - debian/patches/CVE-2014-7208-2.patch: resolve dependencies which
    relied on shell execution in src/Utils.cc, src/fat16.cc,
    src/fat32.cc, src/jfs.cc, src/reiserfs.cc, src/xfs.cc.
  - CVE-2014-7208

lp:ubuntu/precise-security/coreutils Mature 2015-01-14 21:24:55 UTC 2015-01-14
31. * SECURITY UPDATE: infinite loop or c...

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:30 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/parse-datetime.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471

lp:ubuntu/precise-security/gparted Mature 2015-01-14 20:29:51 UTC 2015-01-14
48. * SECURITY UPDATE: arbitrary command ...

Author: Marc Deslauriers
Revision Date: 2015-01-07 15:37:02 UTC

* SECURITY UPDATE: arbitrary command execution via crafted fs label
  - debian/patches/CVE-2014-7208-1.patch: stop executing external
    commands via a shell process in src/Utils.cc.
  - debian/patches/CVE-2014-7208-2.patch: resolve dependencies which
    relied on shell execution in src/Utils.cc, src/fat16.cc,
    src/fat32.cc, src/jfs.cc, src/reiserfs.cc, src/xfs.cc.
  - CVE-2014-7208

lp:ubuntu/precise-updates/ubufox bug Mature 2015-01-14 19:40:18 UTC 2015-01-14
70. * New upstream release - Delete the...

Author: Chris Coulson
Revision Date: 2015-01-09 19:47:40 UTC

* New upstream release
  - Delete the plugin installer wizard implementation and associated code.
    Upstream have disabled PFS and removed their plugin installer wizard now
  - Drop the search engine defaults - these have moved to Firefox
    (LP: #1398174)

lp:ubuntu/precise-security/ubufox bug Mature 2015-01-14 18:49:59 UTC 2015-01-14
69. * New upstream release - Delete the...

Author: Chris Coulson
Revision Date: 2015-01-09 19:47:40 UTC

* New upstream release
  - Delete the plugin installer wizard implementation and associated code.
    Upstream have disabled PFS and removed their plugin installer wizard now
  - Drop the search engine defaults - these have moved to Firefox
    (LP: #1398174)

lp:~utlemming/ubuntu/precise/cloud-init/lp1383794 bug Development 2015-01-14 13:51:11 UTC 2015-01-14
214. debian/patches/lp-1383794-gce-short_n...

Author: Ben Howard
Revision Date: 2015-01-14 13:51:11 UTC

debian/patches/lp-1383794-gce-short_name.patch: Use shortname over FQDN
for GCE (LP: #1383794).

lp:ubuntu/precise-updates/coreutils Mature 2015-01-13 19:31:30 UTC 2015-01-13
31. * SECURITY UPDATE: infinite loop or c...

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:30 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/parse-datetime.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471

lp:ubuntu/precise-updates/pyyaml Mature 2015-01-12 22:36:11 UTC 2015-01-12
22. * SECURITY UPDATE: denial of service ...

Author: Steve Beattie
Revision Date: 2015-01-08 18:23:27 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - lib/yaml/scanner.py, lib3/yaml/scanner.py: remove assertion
  - origin: upstream commit
    https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc
  - CVE-2014-9130

lp:ubuntu/precise-security/pyyaml Mature 2015-01-12 21:49:45 UTC 2015-01-12
22. * SECURITY UPDATE: denial of service ...

Author: Steve Beattie
Revision Date: 2015-01-08 18:23:27 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - lib/yaml/scanner.py, lib3/yaml/scanner.py: remove assertion
  - origin: upstream commit
    https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc
  - CVE-2014-9130

101200 of 28314 results