Branches for Quantal

Name Status Last Modified Last Commit
lp:~qtjambi-community/ubuntu/quantal/qtjambi-snapshot/debian Development 2015-06-02 17:16:44 UTC 2015-06-02
266. maint/bzr_push.sh Auto copy, commit a...

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:16:44 UTC

maint/bzr_push.sh Auto copy, commit and push for: control.snapshot (snapshot)

lp:~ubuntu-branches/ubuntu/quantal/landscape-client/quantal-201411191733 (Has a merge proposal) Development 2014-11-19 17:33:44 UTC 2014-11-19
47. releasing version 12.05-0ubuntu1

Author: St├ęphane Graber
Revision Date: 2012-06-06 20:08:48 UTC

releasing version 12.05-0ubuntu1

lp:ubuntu/quantal-security/linux-signed bug Mature 2014-05-15 22:31:46 UTC 2014-05-15
45. Version 3.5.0-51.76

Author: Brad Figg
Revision Date: 2014-05-15 22:31:46 UTC

Version 3.5.0-51.76

lp:ubuntu/quantal-updates/linux-signed Mature 2014-05-15 22:31:46 UTC 2014-05-15
45. Version 3.5.0-51.76

Author: Brad Figg
Revision Date: 2014-05-15 22:31:46 UTC

Version 3.5.0-51.76

lp:ubuntu/quantal-proposed/linux-signed Development 2014-05-15 22:31:46 UTC 2014-05-15
45. Version 3.5.0-51.76

Author: Brad Figg
Revision Date: 2014-05-15 22:31:46 UTC

Version 3.5.0-51.76

lp:ubuntu/quantal-updates/dovecot Mature 2014-05-15 15:47:50 UTC 2014-05-15
94. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:14 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

lp:ubuntu/quantal-security/dovecot Mature 2014-05-15 15:21:41 UTC 2014-05-15
94. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:14 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

lp:ubuntu/quantal-security/python-django bug Mature 2014-05-15 01:16:34 UTC 2014-05-15
47. * SECURITY UPDATE: cache coherency pr...

Author: Seth Arnold
Revision Date: 2014-05-14 11:05:38 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.

lp:ubuntu/quantal-updates/python-django Mature 2014-05-14 11:05:38 UTC 2014-05-14
47. * SECURITY UPDATE: cache coherency pr...

Author: Seth Arnold
Revision Date: 2014-05-14 11:05:38 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.

lp:ubuntu/quantal-proposed/tzdata bug Mature 2014-05-13 18:07:59 UTC 2014-05-13
91. New upstream release, critical urgenc...

Author: Adam Conrad
Revision Date: 2014-05-13 11:21:44 UTC

New upstream release, critical urgency due to Egypt zone
changes happening on May 15th, in two days (LP: #1319122)

lp:ubuntu/quantal-proposed/linux-meta-ti-omap4 bug Mature 2014-05-13 18:07:13 UTC 2014-05-13
73. Ubuntu-3.5.0-242

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

lp:ubuntu/quantal-security/linux-meta-ti-omap4 Mature 2014-05-13 18:07:13 UTC 2014-05-13
73. Ubuntu-3.5.0-242

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

lp:ubuntu/quantal-updates/linux-meta-ti-omap4 Mature 2014-05-13 18:07:13 UTC 2014-05-13
73. Ubuntu-3.5.0-242

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

lp:ubuntu/quantal-security/libxfont Mature 2014-05-13 12:04:55 UTC 2014-05-13
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-13 12:04:55 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

lp:ubuntu/quantal-updates/libxfont Mature 2014-05-13 12:04:55 UTC 2014-05-13
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-13 12:04:55 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

lp:ubuntu/quantal-updates/tzdata Mature 2014-05-13 11:21:44 UTC 2014-05-13
91. New upstream release, critical urgenc...

Author: Adam Conrad
Revision Date: 2014-05-13 11:21:44 UTC

New upstream release, critical urgency due to Egypt zone
changes happening on May 15th, in two days (LP: #1319122)

lp:ubuntu/quantal-updates/initramfs-tools Mature 2014-05-13 09:11:57 UTC 2014-05-13
270. * SECURITY UPDATE: incorrect tmpfs mo...

Author: Marc Deslauriers
Revision Date: 2014-03-21 12:45:59 UTC

* SECURITY UPDATE: incorrect tmpfs mount options (LP: #1152744)
  - init: Sync the mount options for /run from /lib/init/fstab.

lp:ubuntu/quantal-proposed/initramfs-tools Mature 2014-05-13 09:11:49 UTC 2014-05-13
270. src/wait-for-root.c: udev_monitor_rec...

Author: Chris J Arges
Revision Date: 2013-09-05 16:17:52 UTC

src/wait-for-root.c: udev_monitor_receive_device() might still
return NULL even with a blocking socket if recvmsg() fails with
ENOBUFS. Retry every second in that case. Thanks to Tetsuo Handa for
debugging this and the patch! (LP: #1215911)

lp:ubuntu/quantal-security/initramfs-tools bug Mature 2014-05-13 09:11:39 UTC 2014-05-13
270. * SECURITY UPDATE: incorrect tmpfs mo...

Author: Marc Deslauriers
Revision Date: 2014-03-21 12:45:59 UTC

* SECURITY UPDATE: incorrect tmpfs mount options (LP: #1152744)
  - init: Sync the mount options for /run from /lib/init/fstab.

lp:~ubuntu-branches/ubuntu/quantal/libpam-krb5/quantal-201405130549 (Has a merge proposal) Development 2014-05-13 05:49:05 UTC 2014-05-13
24. * Enable bindnow hardening flags and ...

Author: Russ Allbery
Revision Date: 2012-02-04 13:27:02 UTC

* Enable bindnow hardening flags and fix the syntax of the
  DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
  longer experimental.
* Move single-debian-patch to local-options and patch-header to
  local-patch-header so that they only apply to the packages I build and
  NMUs get regular version-numbered patches.

lp:ubuntu/quantal-proposed/linux-meta-lowlatency bug Mature 2014-05-10 22:31:42 UTC 2014-05-10
48. Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-05-10 22:31:42 UTC

Bump ABI

lp:ubuntu/quantal-security/linux-meta-lowlatency Mature 2014-05-10 22:31:42 UTC 2014-05-10
48. Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-05-10 22:31:42 UTC

Bump ABI

lp:ubuntu/quantal-updates/linux-meta-lowlatency Mature 2014-05-10 22:31:42 UTC 2014-05-10
48. Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-05-10 22:31:42 UTC

Bump ABI

lp:ubuntu/quantal-security/libxml2 bug Mature 2014-05-08 14:29:41 UTC 2014-05-08
64. * SECURITY UPDATE: resource exhaustio...

Author: Marc Deslauriers
Revision Date: 2014-05-08 14:29:41 UTC

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

lp:ubuntu/quantal-updates/libxml2 Mature 2014-05-08 14:29:41 UTC 2014-05-08
64. * SECURITY UPDATE: resource exhaustio...

Author: Marc Deslauriers
Revision Date: 2014-05-08 14:29:41 UTC

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

lp:ubuntu/quantal-proposed/linux-backports-modules-3.5.0 bug Mature 2014-05-07 15:47:30 UTC 2014-05-07
30. [ Kamal Mostafa ] Bump ABI for Quant...

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:47:30 UTC

[ Kamal Mostafa ]

Bump ABI for Quantal 3.5.0-51

lp:ubuntu/quantal-security/linux-backports-modules-3.5.0 bug Mature 2014-05-07 15:47:30 UTC 2014-05-07
30. [ Kamal Mostafa ] Bump ABI for Quant...

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:47:30 UTC

[ Kamal Mostafa ]

Bump ABI for Quantal 3.5.0-51

lp:ubuntu/quantal-updates/linux-backports-modules-3.5.0 Mature 2014-05-07 15:47:30 UTC 2014-05-07
30. [ Kamal Mostafa ] Bump ABI for Quant...

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:47:30 UTC

[ Kamal Mostafa ]

Bump ABI for Quantal 3.5.0-51

lp:ubuntu/quantal-proposed/linux-meta bug Mature 2014-05-07 15:37:59 UTC 2014-05-07
326. [ Kamal Mostafa ] Bump ABI

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:37:59 UTC

[ Kamal Mostafa ]

Bump ABI

lp:ubuntu/quantal-security/linux-meta Mature 2014-05-07 15:37:59 UTC 2014-05-07
326. [ Kamal Mostafa ] Bump ABI

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:37:59 UTC

[ Kamal Mostafa ]

Bump ABI

lp:ubuntu/quantal-updates/linux-meta Mature 2014-05-07 15:37:59 UTC 2014-05-07
326. [ Kamal Mostafa ] Bump ABI

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:37:59 UTC

[ Kamal Mostafa ]

Bump ABI

lp:ubuntu/quantal-security/quantum Mature 2014-05-06 21:34:00 UTC 2014-05-06
27. * SECURITY UPDATE: ssl not enforced w...

Author: Marc Deslauriers
Revision Date: 2014-03-19 14:41:59 UTC

* SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
  - debian/patches/CVE-2013-6491.patch: set the right parameter in
    quantum/openstack/common/rpc/impl_qpid.py.
  - CVE-2013-6491

lp:ubuntu/quantal-updates/gnu-efi Mature 2014-05-05 23:50:30 UTC 2014-05-05
18. Backport gnu-efi from saucy to quanta...

Author: Steve Langasek
Revision Date: 2013-09-24 14:21:08 UTC

Backport gnu-efi from saucy to quantal to support new versions of
shim. LP: #1229572.

lp:ubuntu/quantal-proposed/gnu-efi bug Mature 2014-05-05 23:50:20 UTC 2014-05-05
18. Backport gnu-efi from saucy to quanta...

Author: Steve Langasek
Revision Date: 2013-09-24 14:21:08 UTC

Backport gnu-efi from saucy to quantal to support new versions of
shim. LP: #1229572.

lp:ubuntu/quantal-security/tiff Mature 2014-05-05 15:36:13 UTC 2014-05-05
31. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-05 15:36:13 UTC

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

lp:ubuntu/quantal-updates/tiff Mature 2014-05-05 15:36:13 UTC 2014-05-05
31. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-05 15:36:13 UTC

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

lp:ubuntu/quantal-updates/jbigkit Mature 2014-05-04 02:24:51 UTC 2014-05-04
5. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-04-15 14:35:59 UTC

* SECURITY UPDATE: denial of service or possible code execution in
  libjbig
  - debian/patches/CVE-2013-6369.patch: check sizes in libjbig/jbig.c.
  - CVE-2013-6369

lp:ubuntu/quantal-security/jbigkit Mature 2014-05-04 02:24:45 UTC 2014-05-04
5. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-04-15 14:35:59 UTC

* SECURITY UPDATE: denial of service or possible code execution in
  libjbig
  - debian/patches/CVE-2013-6369.patch: check sizes in libjbig/jbig.c.
  - CVE-2013-6369

lp:ubuntu/quantal-security/openssl bug Mature 2014-05-02 15:27:44 UTC 2014-05-02
92. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

lp:ubuntu/quantal-updates/openssl Mature 2014-05-02 15:27:44 UTC 2014-05-02
92. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

lp:ubuntu/quantal-proposed/distro-info-data bug Mature 2014-04-23 13:34:49 UTC 2014-04-23
11. Add Ubuntu 14.10, Utopic Unicorn.

Author: Brian Murray
Revision Date: 2014-04-23 13:34:49 UTC

Add Ubuntu 14.10, Utopic Unicorn.

lp:ubuntu/quantal-security/distro-info-data Mature 2014-04-23 13:34:49 UTC 2014-04-23
11. Add Ubuntu 14.10, Utopic Unicorn.

Author: Brian Murray
Revision Date: 2014-04-23 13:34:49 UTC

Add Ubuntu 14.10, Utopic Unicorn.

lp:ubuntu/quantal-updates/distro-info-data Mature 2014-04-23 13:34:49 UTC 2014-04-23
11. Add Ubuntu 14.10, Utopic Unicorn.

Author: Brian Murray
Revision Date: 2014-04-23 13:34:49 UTC

Add Ubuntu 14.10, Utopic Unicorn.

lp:ubuntu/quantal-security/mysql-5.5 bug Mature 2014-04-23 13:30:43 UTC 2014-04-23
29. * SECURITY UPDATE: Update to 5.5.37 t...

Author: Marc Deslauriers
Revision Date: 2014-04-20 09:15:17 UTC

* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  - CVE-2014-0001
  - CVE-2014-0384
  - CVE-2014-2419
  - CVE-2014-2430
  - CVE-2014-2431
  - CVE-2014-2432
  - CVE-2014-2436
  - CVE-2014-2438
  - CVE-2014-2440
* Drop creation of insecure database permissions:
  - d/p/33_scripts__mysql_create_system_tables__no_test.patch,
    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
    package, inadvertently dropped in 5.5 transition. This
    removes the global anonymous access to the database which
    is a security concern.

lp:ubuntu/quantal-updates/mysql-5.5 Mature 2014-04-20 09:15:17 UTC 2014-04-20
29. * SECURITY UPDATE: Update to 5.5.37 t...

Author: Marc Deslauriers
Revision Date: 2014-04-20 09:15:17 UTC

* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  - CVE-2014-0001
  - CVE-2014-0384
  - CVE-2014-2419
  - CVE-2014-2430
  - CVE-2014-2431
  - CVE-2014-2432
  - CVE-2014-2436
  - CVE-2014-2438
  - CVE-2014-2440
* Drop creation of insecure database permissions:
  - d/p/33_scripts__mysql_create_system_tables__no_test.patch,
    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
    package, inadvertently dropped in 5.5 transition. This
    removes the global anonymous access to the database which
    is a security concern.

lp:ubuntu/quantal-updates/python-imaging Mature 2014-04-15 14:37:57 UTC 2014-04-15
29. * SECURITY UPDATE: insecure use of te...

Author: Marc Deslauriers
Revision Date: 2014-03-31 10:23:57 UTC

* SECURITY UPDATE: insecure use of temporary files
  - PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
    PIL/JpegImagePlugin.py: use tempfile.mkstemp().
  - https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66
  - CVE-2014-1932
  - CVE-2014-1933

lp:ubuntu/quantal-security/python-imaging Mature 2014-04-15 14:20:19 UTC 2014-04-15
29. * SECURITY UPDATE: insecure use of te...

Author: Marc Deslauriers
Revision Date: 2014-03-31 10:23:57 UTC

* SECURITY UPDATE: insecure use of temporary files
  - PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
    PIL/JpegImagePlugin.py: use tempfile.mkstemp().
  - https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66
  - CVE-2014-1932
  - CVE-2014-1933

lp:ubuntu/quantal-updates/net-snmp Mature 2014-04-14 13:24:06 UTC 2014-04-14
58. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-03-11 09:57:44 UTC

* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285
* SECURITY UPDATE: denial of service via multiple-object requests
  - debian/patches/CVE-2014-2310.patch: fix lengths in
    agent/mibgroup/agentx/protocol.c.
  - CVE-2014-2310

lp:ubuntu/quantal-security/net-snmp Mature 2014-04-14 13:14:23 UTC 2014-04-14
58. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-03-11 09:57:44 UTC

* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285
* SECURITY UPDATE: denial of service via multiple-object requests
  - debian/patches/CVE-2014-2310.patch: fix lengths in
    agent/mibgroup/agentx/protocol.c.
  - CVE-2014-2310

lp:~ubuntu-branches/ubuntu/quantal/psensor/quantal-201404080726 (Has a merge proposal) Development 2014-04-08 07:27:06 UTC 2014-04-08
16. Manually reverse patch. bzr and quilt...

Author: Iain Lane
Revision Date: 2012-10-02 14:10:04 UTC

Manually reverse patch. bzr and quilt /o\

lp:ubuntu/quantal-backports/exfat-utils bug Mature 2014-04-04 21:42:34 UTC 2014-04-04
6. No-change backport to quantal (LP: #1...

Author: Felix Geyer
Revision Date: 2014-04-04 23:23:30 UTC

No-change backport to quantal (LP: #1301531)

lp:ubuntu/quantal-backports/fuse-exfat bug Mature 2014-04-04 21:42:32 UTC 2014-04-04
6. No-change backport to quantal (LP: #1...

Author: Felix Geyer
Revision Date: 2014-04-04 23:27:07 UTC

No-change backport to quantal (LP: #1301530)

lp:ubuntu/quantal-updates/libyaml-libyaml-perl Mature 2014-04-03 15:04:38 UTC 2014-04-03
11. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-04-02 14:40:46 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  large yaml documents
  - debian/patches/CVE-2013-6393.patch: fix integer overflows in
    LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
    LibYAML/yaml_private.h.
  - CVE-2013-6393
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    LibYAML/scanner.c, LibYAML/yaml_private.h.
  - CVE-2014-2525

lp:ubuntu/quantal-security/libyaml-libyaml-perl Mature 2014-04-03 14:29:05 UTC 2014-04-03
11. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-04-02 14:40:46 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  large yaml documents
  - debian/patches/CVE-2013-6393.patch: fix integer overflows in
    LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
    LibYAML/yaml_private.h.
  - CVE-2013-6393
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    LibYAML/scanner.c, LibYAML/yaml_private.h.
  - CVE-2014-2525

lp:ubuntu/quantal-updates/nss bug Mature 2014-04-02 18:10:03 UTC 2014-04-02
45. * SECURITY UPDATE: incorrect IDNA wil...

Author: Marc Deslauriers
Revision Date: 2014-04-02 10:21:09 UTC

* SECURITY UPDATE: incorrect IDNA wildcard handling
  - debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
    nss/lib/certdb/certdb.c.
  - CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
  - removed debian/patches/95_add_spi+cacert_ca_certs.patch
  - added debian/patches/95_add_spi_certs.patch

lp:ubuntu/quantal-security/libyaml bug Mature 2014-04-02 11:43:57 UTC 2014-04-02
10. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-04-02 11:43:57 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    src/scanner.c, src/yaml_private.h.
  - CVE-2014-2525

lp:ubuntu/quantal-updates/libyaml Mature 2014-04-02 11:43:57 UTC 2014-04-02
10. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-04-02 11:43:57 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    src/scanner.c, src/yaml_private.h.
  - CVE-2014-2525

lp:ubuntu/quantal-security/curl bug Mature 2014-04-01 09:59:44 UTC 2014-04-01
70. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:59:44 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

lp:ubuntu/quantal-updates/curl Mature 2014-04-01 09:59:44 UTC 2014-04-01
70. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:59:44 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

lp:ubuntu/quantal-updates/udev Mature 2014-03-31 07:23:19 UTC 2014-03-31
222. hyperv-hwaddrs.patch: update ethernet...

Author: Ben Howard
Revision Date: 2014-03-12 15:54:56 UTC

hyperv-hwaddrs.patch: update ethernet exclusions for Hyper-V
(LP: #1274348).

lp:ubuntu/quantal-updates/postfixadmin Mature 2014-03-28 16:48:31 UTC 2014-03-28
4. fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-03-28 08:30:48 UTC

fake sync from Debian

lp:ubuntu/quantal-security/postfixadmin Mature 2014-03-28 16:48:25 UTC 2014-03-28
4. fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-03-28 08:30:48 UTC

fake sync from Debian

lp:ubuntu/quantal-security/clamav bug(Has a merge proposal) Mature 2014-03-27 18:22:53 UTC 2014-03-27
124. Rebuild as a security update (LP: #12...

Author: Marc Deslauriers
Revision Date: 2014-03-27 08:54:58 UTC

Rebuild as a security update (LP: #1296856)

lp:ubuntu/quantal-updates/clamav Mature 2014-03-27 08:54:58 UTC 2014-03-27
124. Rebuild as a security update (LP: #12...

Author: Marc Deslauriers
Revision Date: 2014-03-27 08:54:58 UTC

Rebuild as a security update (LP: #1296856)

lp:ubuntu/quantal-backports/opendmarc bug Mature 2014-03-26 04:43:19 UTC 2014-03-26
10. No-change backport to quantal (LP: #1...

Author: Scott Kitterman
Revision Date: 2014-03-26 00:27:23 UTC

No-change backport to quantal (LP: #1297616)

lp:ubuntu/quantal-updates/ca-certificates Mature 2014-03-24 19:46:34 UTC 2014-03-24
32. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:23:27 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - No longer ship obsolete debconf.org certificates
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

lp:ubuntu/quantal-security/ca-certificates Mature 2014-03-24 19:03:11 UTC 2014-03-24
32. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:23:27 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - No longer ship obsolete debconf.org certificates
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

lp:ubuntu/quantal-proposed/udev bug Development 2014-03-21 19:54:07 UTC 2014-03-21
222. hyperv-hwaddrs.patch: update ethernet...

Author: Ben Howard
Revision Date: 2014-03-12 15:54:56 UTC

hyperv-hwaddrs.patch: update ethernet exclusions for Hyper-V
(LP: #1274348).

lp:ubuntu/quantal-backports/clamav bug Mature 2014-03-19 15:51:58 UTC 2014-03-19
38. No-change backport to quantal (LP: #1...

Author: Scott Kitterman
Revision Date: 2014-03-19 11:02:58 UTC

No-change backport to quantal (LP: #1292943)

lp:ubuntu/quantal-updates/quantum bug Mature 2014-03-19 14:41:59 UTC 2014-03-19
27. * SECURITY UPDATE: ssl not enforced w...

Author: Marc Deslauriers
Revision Date: 2014-03-19 14:41:59 UTC

* SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
  - debian/patches/CVE-2013-6491.patch: set the right parameter in
    quantum/openstack/common/rpc/impl_qpid.py.
  - CVE-2013-6491

lp:ubuntu/quantal-updates/librsvg Mature 2014-03-17 12:15:39 UTC 2014-03-17
61. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2014-03-14 08:56:35 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  (XXE) issue.
  - debian/patches/CVE-2013-1881.patch: implement stricter policy in
    rsvg-base.c, rsvg-css.c, rsvg-io.c, rsvg-private.h.
  - debian/control*: added appropriate Breaks as this updates requires
    a fix to also be added to gtk+3.0.
  - CVE-2013-1881

lp:ubuntu/quantal-security/librsvg Mature 2014-03-17 12:05:48 UTC 2014-03-17
61. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2014-03-14 08:56:35 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  (XXE) issue.
  - debian/patches/CVE-2013-1881.patch: implement stricter policy in
    rsvg-base.c, rsvg-css.c, rsvg-io.c, rsvg-private.h.
  - debian/control*: added appropriate Breaks as this updates requires
    a fix to also be added to gtk+3.0.
  - CVE-2013-1881

lp:ubuntu/quantal-security/swift bug Mature 2014-03-14 14:27:42 UTC 2014-03-14
46. * SECURITY UPDATE: timing side-channe...

Author: Marc Deslauriers
Revision Date: 2014-03-14 14:27:42 UTC

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

lp:ubuntu/quantal-updates/swift Mature 2014-03-14 14:27:42 UTC 2014-03-14
46. * SECURITY UPDATE: timing side-channe...

Author: Marc Deslauriers
Revision Date: 2014-03-14 14:27:42 UTC

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

lp:ubuntu/quantal-updates/mutt Mature 2014-03-13 21:56:13 UTC 2014-03-13
40. * SECURITY UPDATE: buffer overflow in...

Author: Steve Beattie
Revision Date: 2014-03-12 21:33:35 UTC

* SECURITY UPDATE: buffer overflow in header processing after
  address expansion.
  - debian/patches/ubuntu/mutt-CVE-2014-0467.patch
  - CVE-2014-0467

lp:ubuntu/quantal-security/mutt Mature 2014-03-13 21:34:04 UTC 2014-03-13
40. * SECURITY UPDATE: buffer overflow in...

Author: Steve Beattie
Revision Date: 2014-03-12 21:33:35 UTC

* SECURITY UPDATE: buffer overflow in header processing after
  address expansion.
  - debian/patches/ubuntu/mutt-CVE-2014-0467.patch
  - CVE-2014-0467

lp:ubuntu/quantal-security/sudo bug Mature 2014-03-13 14:29:38 UTC 2014-03-13
61. debian/sudo.sudo.init, debian/sudo-ld...

Author: Marc Deslauriers
Revision Date: 2014-03-11 07:58:51 UTC

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

lp:ubuntu/quantal-security/cups-filters Mature 2014-03-12 12:05:52 UTC 2014-03-12
33. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-03-11 11:01:42 UTC

* SECURITY UPDATE: arbitrary code execution via overflows in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: use gmallocn and gmallocn3 in
    filter/pdftoopvp/{oprs/OPVPSplash.cxx,OPVPOutputDev.cxx}.
  - CVE-2013-6474
  - CVE-2013-6475
* SECURITY UPDATE: arbitrary code execution via driver in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: restrict driver path in
    filter/pdftoopvp/oprs/OPVPWrapper.cxx.
  - CVE-2013-6476

lp:ubuntu/quantal-updates/cups-filters Mature 2014-03-11 11:01:42 UTC 2014-03-11
33. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-03-11 11:01:42 UTC

* SECURITY UPDATE: arbitrary code execution via overflows in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: use gmallocn and gmallocn3 in
    filter/pdftoopvp/{oprs/OPVPSplash.cxx,OPVPOutputDev.cxx}.
  - CVE-2013-6474
  - CVE-2013-6475
* SECURITY UPDATE: arbitrary code execution via driver in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: restrict driver path in
    filter/pdftoopvp/oprs/OPVPWrapper.cxx.
  - CVE-2013-6476

lp:ubuntu/quantal-updates/sudo Mature 2014-03-11 07:58:51 UTC 2014-03-11
61. debian/sudo.sudo.init, debian/sudo-ld...

Author: Marc Deslauriers
Revision Date: 2014-03-11 07:58:51 UTC

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

lp:ubuntu/quantal-updates/udisks Mature 2014-03-10 12:38:52 UTC 2014-03-10
36. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:26:56 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/mount-monitor.c.
  - CVE-2014-0004

lp:ubuntu/quantal-security/udisks bug Mature 2014-03-10 12:06:47 UTC 2014-03-10
36. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:26:56 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/mount-monitor.c.
  - CVE-2014-0004

lp:ubuntu/quantal-security/udisks2 bug Mature 2014-03-10 12:04:32 UTC 2014-03-10
13. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:24:22 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/udisksmountmonitor.c.
  - CVE-2014-0004

lp:ubuntu/quantal-security/libssh Mature 2014-03-10 09:57:31 UTC 2014-03-10
23. * SECURITY UPDATE: PRNG state reuse o...

Author: Marc Deslauriers
Revision Date: 2014-03-10 09:57:31 UTC

* SECURITY UPDATE: PRNG state reuse on forking servers
  - debian/patches/CVE-2014-0017.patch: force reseed after fork in
    include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
    src/libgcrypt.c.
  - CVE-2014-0017

lp:ubuntu/quantal-updates/libssh Mature 2014-03-10 09:57:31 UTC 2014-03-10
23. * SECURITY UPDATE: PRNG state reuse o...

Author: Marc Deslauriers
Revision Date: 2014-03-10 09:57:31 UTC

* SECURITY UPDATE: PRNG state reuse on forking servers
  - debian/patches/CVE-2014-0017.patch: force reseed after fork in
    include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
    src/libgcrypt.c.
  - CVE-2014-0017

lp:ubuntu/quantal-security/imagemagick bug Mature 2014-03-06 11:20:37 UTC 2014-03-06
40. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-03-06 11:20:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via psd
  images processing rle decoding buffer overflow
  - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
  - CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
  crafted restart markers
  - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
    coders/psd.c.
  - CVE-2014-2030

lp:ubuntu/quantal-updates/imagemagick Mature 2014-03-06 11:20:37 UTC 2014-03-06
40. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-03-06 11:20:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via psd
  images processing rle decoding buffer overflow
  - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
  - CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
  crafted restart markers
  - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
    coders/psd.c.
  - CVE-2014-2030

lp:ubuntu/quantal-proposed/ca-certificates bug Mature 2014-03-05 13:33:22 UTC 2014-03-05
32. * Update ca-certificates database to ...

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:23:27 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - No longer ship obsolete debconf.org certificates
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

lp:ubuntu/quantal-security/tomcat7 bug Mature 2014-03-04 10:45:20 UTC 2014-03-04
24. * SECURITY UPDATE: request smuggling ...

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:45:20 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
* d/p/0018-update-test-certificates.patch: remove binary parts to
  support newer quilt.

lp:ubuntu/quantal-updates/tomcat7 Mature 2014-03-04 10:45:20 UTC 2014-03-04
24. * SECURITY UPDATE: request smuggling ...

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:45:20 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
* d/p/0018-update-test-certificates.patch: remove binary parts to
  support newer quilt.

lp:ubuntu/quantal-security/gnutls26 Mature 2014-03-03 14:15:34 UTC 2014-03-03
40. * SECURITY UPDATE: certificate valida...

Author: Marc Deslauriers
Revision Date: 2014-03-03 14:15:34 UTC

* SECURITY UPDATE: certificate validation bypass
  - debian/patches/CVE-2014-0092.patch: correct return codes in
    lib/x509/verify.c.
  - CVE-2014-0092

lp:ubuntu/quantal-updates/gnutls26 Mature 2014-03-03 14:15:34 UTC 2014-03-03
40. * SECURITY UPDATE: certificate valida...

Author: Marc Deslauriers
Revision Date: 2014-03-03 14:15:34 UTC

* SECURITY UPDATE: certificate validation bypass
  - debian/patches/CVE-2014-0092.patch: correct return codes in
    lib/x509/verify.c.
  - CVE-2014-0092

lp:ubuntu/quantal-backports/scratch bug Mature 2014-03-02 19:29:09 UTC 2014-03-02
4. No-change backport to quantal (LP: #1...

Author: Iain Lane
Revision Date: 2014-03-02 18:55:48 UTC

No-change backport to quantal (LP: #1285394)

lp:ubuntu/quantal-proposed/d-rats bug Mature 2014-02-27 21:27:51 UTC 2014-02-27
5. Depend on python-glade2 to fix crash ...

Author: Logan Rosen
Revision Date: 2014-02-22 23:16:02 UTC

Depend on python-glade2 to fix crash upon opening (LP: #917204).

lp:ubuntu/quantal-proposed/iproute bug Mature 2014-02-27 20:39:18 UTC 2014-02-27
36. Fix performance issues with large num...

Author: Chris J Arges
Revision Date: 2014-02-24 11:42:46 UTC

Fix performance issues with large numbers of interfaces. (LP: #1281366)

lp:ubuntu/quantal-security/python3.3 Mature 2014-02-27 14:34:05 UTC 2014-02-27
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:34:05 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

lp:ubuntu/quantal-updates/python3.3 Mature 2014-02-27 14:34:05 UTC 2014-02-27
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:34:05 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

lp:ubuntu/quantal-security/python3.2 Mature 2014-02-27 14:25:53 UTC 2014-02-27
46. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:25:53 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

lp:ubuntu/quantal-updates/python3.2 Mature 2014-02-27 14:25:53 UTC 2014-02-27
46. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:25:53 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

lp:ubuntu/quantal-security/python2.7 Mature 2014-02-27 09:14:11 UTC 2014-02-27
64. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-02-27 09:14:11 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

1100 of 26576 results