Branches for Quantal

Author: Marc Deslauriers
Revision Date: 2014-02-27 09:14:11 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Mattia Rizzolo
Revision Date: 2014-01-31 17:54:58 UTC

SRU: debian/control: zendframework is named zend-framework in Ubuntu.
Update Depends accordingly (LP: #993070)

Author: Marc Deslauriers
Revision Date: 2014-02-24 09:17:15 UTC

* SECURITY UPDATE: incorrect password expiration check
  - debian/patches/CVE-2011-4966.patch: check for both account and
    password expiration in src/modules/rlm_unix/rlm_unix.c.
  - CVE-2011-4966
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in rlm_pap module
  - debian/patches/CVE-2013-2015.patch: properly handle buffer size in
    src/modules/rlm_pap/rlm_pap.c.
  - CVE-2014-2015

Author: Marc Deslauriers
Revision Date: 2014-02-24 09:17:15 UTC

* SECURITY UPDATE: incorrect password expiration check
  - debian/patches/CVE-2011-4966.patch: check for both account and
    password expiration in src/modules/rlm_unix/rlm_unix.c.
  - CVE-2011-4966
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in rlm_pap module
  - debian/patches/CVE-2013-2015.patch: properly handle buffer size in
    src/modules/rlm_pap/rlm_pap.c.
  - CVE-2014-2015

Author: Chris J Arges
Revision Date: 2014-02-14 12:57:01 UTC

d/p/0011-netdev-linux-Get-carrier-from-ioctl-instead-of-sysfs.patch:
d/p/0012-netdev-linux-Cache-flags-using-netlink.patch:
Fix latency issues between VMs using OVS. (LP: #1280370)

Author: Harald Sitter
Revision Date: 2013-12-10 15:28:47 UTC

Add kubuntu_fix_udev_property_access.patch to fix a crash when accessing
the NAME property of mice (LP: #737856)

Author: Christoph Mathys
Revision Date: 2012-09-11 13:14:37 UTC

[ Christoph Mathys ]
* Kill runsvdir with SIGHUP when entering runlevel [016]. Fixes LP: #245728,
  LP: #315541 & LP: #539567.

[ Francis Russell ]
* Remove installation of runsvdir.conf in obsolete location /etc/event.d.
* Modify postinst script so that it doesn't to try to grep /etc/inittab on
  initial package install if it doesn't exist.

Author: Mattia Rizzolo
Revision Date: 2014-01-31 17:54:58 UTC

SRU: debian/control: zendframework is named zend-framework in Ubuntu.
Update Depends accordingly (LP: #993070)

Author: Seth Arnold
Revision Date: 2014-02-11 12:07:50 UTC

* SECURITY UPDATE: incorrect Content-type header allowed cross-site
  scripting vulnerability if an unknown API was used. (LP: #1251336)
  - debian/patches/CVE-2013-1070.patch: Use Content-type text/plain to force
    browsers to not render error messages as HTML.
  - CVE-2013-1070
* SECURITY UPDATE: /etc/maas/txlongpoll.yaml contained a publicly readable
  password. (LP: #1254034)
  - debian/maas-region-controller.postinst: chown and chmod
    /etc/maas/txlongpoll.yaml with correct permissions
  - CVE-2013-1069

Author: Seth Arnold
Revision Date: 2014-02-11 12:07:50 UTC

* SECURITY UPDATE: incorrect Content-type header allowed cross-site
  scripting vulnerability if an unknown API was used. (LP: #1251336)
  - debian/patches/CVE-2013-1070.patch: Use Content-type text/plain to force
    browsers to not render error messages as HTML.
  - CVE-2013-1070
* SECURITY UPDATE: /etc/maas/txlongpoll.yaml contained a publicly readable
  password. (LP: #1254034)
  - debian/maas-region-controller.postinst: chown and chmod
    /etc/maas/txlongpoll.yaml with correct permissions
  - CVE-2013-1069

Author: Marc Deslauriers
Revision Date: 2014-02-06 12:09:43 UTC

Update to 0.8.10 to fix multiple security issues (LP: #1277173)

Author: Marc Deslauriers
Revision Date: 2014-02-11 09:29:00 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Marc Deslauriers
Revision Date: 2014-02-11 09:29:00 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Marc Deslauriers
Revision Date: 2014-02-07 09:09:08 UTC

* SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
  - debian/patches/CVE-2013-6487.patch: limit length in src/http.c.
  - CVE-2013-6487

Author: Marc Deslauriers
Revision Date: 2014-02-07 09:09:08 UTC

* SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
  - debian/patches/CVE-2013-6487.patch: limit length in src/http.c.
  - CVE-2013-6487

Author: Daniel Holbach
Revision Date: 2013-08-05 11:05:20 UTC

debian/patches/99_add_microsoft_mice.patch: add Microsoft Sculpt/Wedge
mouse (LP: #1094744, LP: #1158462). Thanks, Marcos Barbosa, Anton Anikin
and Anthony Wong for the patch.

Author: Marc Deslauriers
Revision Date: 2014-02-06 12:09:43 UTC

Update to 0.8.10 to fix multiple security issues (LP: #1277173)

Author: Marc Deslauriers
Revision Date: 2014-01-28 07:42:48 UTC

* SECURITY UPDATE: arbitrary code execution via NTLM auth (LP: #1150150)
  - debian/patches/CVE-2013-1762.patch: properly handle length in
    src/protocol.c.
  - CVE-2013-1762

Author: Marc Deslauriers
Revision Date: 2014-01-28 07:42:48 UTC

* SECURITY UPDATE: arbitrary code execution via NTLM auth (LP: #1150150)
  - debian/patches/CVE-2013-1762.patch: properly handle length in
    src/protocol.c.
  - CVE-2013-1762

Author: Thomas Ward
Revision Date: 2014-01-24 12:48:42 UTC

* New upstream patch:
  + debian/patches/fix-ffmpeg-media-handler.patch:
    - Include upstream patch and changes to fix an issue where the ffmpeg
      media handler does not work due to deprecated api. (LP: #1253468)

Author: Colin Watson
Revision Date: 2013-11-08 12:44:14 UTC

Preseed netcfg/disable_autoconfig rather than deprecated
netcfg/disable_dhcp (LP: #879605).

Author: Marc Deslauriers
Revision Date: 2014-01-22 16:00:51 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  integer overflow in PL_ArenaAllocate
  - debian/patches/CVE-2013-5607.patch: properly check size in
    mozilla/nsprpub/lib/ds/plarena.c.
  - CVE-2013-5607

Author: Marc Deslauriers
Revision Date: 2014-01-22 16:00:51 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  integer overflow in PL_ArenaAllocate
  - debian/patches/CVE-2013-5607.patch: properly check size in
    mozilla/nsprpub/lib/ds/plarena.c.
  - CVE-2013-5607

Author: Marc Deslauriers
Revision Date: 2014-01-22 15:16:14 UTC

* SECURITY UPDATE: MITM attack via TLS False Start
  - CVE-2013-1740
* Adjusted packaging for new upstream release 3.15.4:
  - debian/patches/*: refreshed.
  - debian/libnss3.symbols: added new symbols.

Author: Marc Deslauriers
Revision Date: 2014-01-10 13:00:40 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-10 13:00:40 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Dave Chiluk
Revision Date: 2014-01-21 13:09:30 UTC

[ Eduardo Damato ]
Fix upstart script to account for datadir disk shortage (LP: #1121874)

Author: Felix Geyer
Revision Date: 2014-01-16 21:44:27 UTC

* SECURITY UPDATE: clients can access backlogs belonging to other users
  - debian/patches/CVE-2013-6404.patch: add upstream patch
  - CVE-2013-6404
  - LP: #1255362

Author: Felix Geyer
Revision Date: 2014-01-16 21:44:27 UTC

* SECURITY UPDATE: clients can access backlogs belonging to other users
  - debian/patches/CVE-2013-6404.patch: add upstream patch
  - CVE-2013-6404
  - LP: #1255362

Author: Marc Deslauriers
Revision Date: 2014-01-20 10:56:11 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.patch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402
* SECURITY UPDATE: insecure upgrade feature
  - debian/non-shipped-files.txt, debian/hplip.install: don't ship
    hp-upgrade and upgrade.py.
  - CVE-2013-6427

Author: Marc Deslauriers
Revision Date: 2014-01-20 10:56:11 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.patch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402
* SECURITY UPDATE: insecure upgrade feature
  - debian/non-shipped-files.txt, debian/hplip.install: don't ship
    hp-upgrade and upgrade.py.
  - CVE-2013-6427

Author: Marc Deslauriers
Revision Date: 2014-01-14 13:35:47 UTC

* SECURITY UPDATE: buffer overflow in yyerror()
  - debian/patches/CVE-2014-0978.patch: don't overflow buf in
    lib/cgraph/scan.l.
  - CVE-2014-0978
* SECURITY UPDATE: buffer overflow in yyerror() security fix
  - debian/patches/CVE-2014-1235.patch: once again, don't overflow buf
    in lib/cgraph/scan.l.
  - CVE-2014-1235
* SECURITY UPDATE: buffer overflow in chkNum of scanner
  - debian/patches/CVE-2014-1236.patch: don't overflow buf in
    lib/cgraph/scan.l.
  - CVE-2014-1236

Author: Marc Deslauriers
Revision Date: 2014-01-14 13:35:47 UTC

* SECURITY UPDATE: buffer overflow in yyerror()
  - debian/patches/CVE-2014-0978.patch: don't overflow buf in
    lib/cgraph/scan.l.
  - CVE-2014-0978
* SECURITY UPDATE: buffer overflow in yyerror() security fix
  - debian/patches/CVE-2014-1235.patch: once again, don't overflow buf
    in lib/cgraph/scan.l.
  - CVE-2014-1235
* SECURITY UPDATE: buffer overflow in chkNum of scanner
  - debian/patches/CVE-2014-1236.patch: don't overflow buf in
    lib/cgraph/scan.l.
  - CVE-2014-1236

Author: Barry Warsaw
Revision Date: 2013-06-07 15:20:31 UTC

debian/patches/atomic-pyc-rename.diff: Add patch to fix possible race
conditions when writing .pyc/.pyo files in py_compile.py.
Issue #13146. LP: #1058884

Author: Johan Van de Wauw
Revision Date: 2014-01-12 21:21:10 UTC

Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
msPostGISLayerSetTimeFilter function in mappostgis.c. (LP: #1267616)

Author: Johan Van de Wauw
Revision Date: 2014-01-12 21:21:10 UTC

Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
msPostGISLayerSetTimeFilter function in mappostgis.c. (LP: #1267616)

Author: Felix Geyer
Revision Date: 2014-01-10 18:08:44 UTC

No-change backport to quantal (LP: #1247541)

Author: Marc Deslauriers
Revision Date: 2014-01-10 09:43:20 UTC

* SECURITY UPDATE: denial of service when processing NSEC3-signed zone
  queries
  - debian/patches/CVE-2014-0591.patch: don't call memcpy with
    overlapping ranges in bin/named/query.c.
  - patch backported from 9.8.6-P2.
  - CVE-2014-0591

Author: Marc Deslauriers
Revision Date: 2014-01-10 09:43:20 UTC

* SECURITY UPDATE: denial of service when processing NSEC3-signed zone
  queries
  - debian/patches/CVE-2014-0591.patch: don't call memcpy with
    overlapping ranges in bin/named/query.c.
  - patch backported from 9.8.6-P2.
  - CVE-2014-0591

Author: Marc Deslauriers
Revision Date: 2014-01-09 07:55:18 UTC

* SECURITY REGRESSION: Incorrect default file mode (LP: #1267385)
  - debian/patches/CVE-2013-4969-regression.patch: fix incorrect file
    mode in lib/puppet/type/file.rb, lib/puppet/util.rb,
    spec/unit/type/file_spec.rb.
  - CVE-2013-4969

Author: Marc Deslauriers
Revision Date: 2014-01-09 07:55:18 UTC

* SECURITY REGRESSION: Incorrect default file mode (LP: #1267385)
  - debian/patches/CVE-2013-4969-regression.patch: fix incorrect file
    mode in lib/puppet/type/file.rb, lib/puppet/util.rb,
    spec/unit/type/file_spec.rb.
  - CVE-2013-4969

Author: Chris J Arges
Revision Date: 2014-01-08 13:54:40 UTC

d/p/0010-datapath_ip_select_ident_fix.patch: linux commit 703133de changes
the first parameter of ip_select_ident from iph to skb (LP: #1262692)

Author: Chris J Arges
Revision Date: 2013-10-15 14:50:24 UTC

Fix ip netns delete failures. (LP: #1238981)

Author: Maarten Lankhorst
Revision Date: 2013-12-10 13:26:08 UTC

Copy saucy package back to quantal. (LP: #1253041)

Author: Jamie Strandboge
Revision Date: 2013-12-03 16:17:27 UTC

* SECURITY UPDATE: XSS in Volumes and Network Topology pages
  - debian/patches/CVE-2013-6406: html.escape() various items in
    volumes/tables.py and volume_snapshots/tables.py
  - CVE-2013-6406 (also referred to as CVE-2013-6858)
  - LP: #1247675

Author: Marc Deslauriers
Revision Date: 2013-11-22 09:02:08 UTC

* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_sos function (LP: #1252912)
  - debian/patches/CVE-2013-6629.patch: check for duplications in
    jdmarker.c.
  - CVE-2013-6629
* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_dht function (LP: #1252912)
  - debian/patches/CVE-2013-6630.patch: properly clear out memory in
    jdmarker.c.
  - CVE-2013-6630

Author: Marc Deslauriers
Revision Date: 2013-11-22 10:00:21 UTC

* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_sos function (LP: #1252912)
  - debian/patches/CVE-2013-6629.patch: check for duplications in
    jdmarker.c.
  - CVE-2013-6629
* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_dht function (LP: #1252912)
  - debian/patches/CVE-2013-6630.patch: properly clear out memory in
    jdmarker.c.
  - CVE-2013-6630

Author: Marc Deslauriers
Revision Date: 2013-11-22 09:02:08 UTC

* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_sos function (LP: #1252912)
  - debian/patches/CVE-2013-6629.patch: check for duplications in
    jdmarker.c.
  - CVE-2013-6629
* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_dht function (LP: #1252912)
  - debian/patches/CVE-2013-6630.patch: properly clear out memory in
    jdmarker.c.
  - CVE-2013-6630

Author: Marc Deslauriers
Revision Date: 2013-11-22 10:00:21 UTC

* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_sos function (LP: #1252912)
  - debian/patches/CVE-2013-6629.patch: check for duplications in
    jdmarker.c.
  - CVE-2013-6629
* SECURITY UPDATE: information disclosure via uninitialized memory in
  the get_dht function (LP: #1252912)
  - debian/patches/CVE-2013-6630.patch: properly clear out memory in
    jdmarker.c.
  - CVE-2013-6630

Author: Marc Deslauriers
Revision Date: 2013-12-18 11:15:37 UTC

* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
  Cryptanalysis attack
  - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
    operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
    MPIs used as input to secret key functions in cipher/dsa.c,
    cipher/elgamal.c, cipher/rsa.c.
  - CVE-2013-4576

Author: Marc Deslauriers
Revision Date: 2013-12-18 11:15:37 UTC

* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
  Cryptanalysis attack
  - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
    operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
    MPIs used as input to secret key functions in cipher/dsa.c,
    cipher/elgamal.c, cipher/rsa.c.
  - CVE-2013-4576

Author: Marc Deslauriers
Revision Date: 2013-12-18 09:28:58 UTC

* SECURITY UPDATE: multiple denial of service issues
  - debian/patches/CVE-2013-6xxx.patch: apply fixes from upstream to
    master/lib/Munin/Master/{HTMLConfig,Node}.pm.
  - CVE-2013-6048
  - CVE-2013-6359

Author: Marc Deslauriers
Revision Date: 2013-12-18 09:28:58 UTC

* SECURITY UPDATE: multiple denial of service issues
  - debian/patches/CVE-2013-6xxx.patch: apply fixes from upstream to
    master/lib/Munin/Master/{HTMLConfig,Node}.pm.
  - CVE-2013-6048
  - CVE-2013-6359

Author: Brian Murray
Revision Date: 2013-12-16 15:55:39 UTC

[ Chris Wulff ]
Initialise threads, before starting background task thread. (LP:
#915626)

Author: Maarten Lankhorst
Revision Date: 2013-11-27 14:02:28 UTC

* Copy package from saucy, but keep libdrm-nouveau1a. (LP: #1253041)
* Drop pci-id patches, upstream.

Author: Maarten Lankhorst
Revision Date: 2013-12-10 13:26:08 UTC

Copy saucy package back to quantal. (LP: #1253041)

Author: Marc Deslauriers
Revision Date: 2013-09-27 13:49:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  strcoll overflows
  - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
    string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
    string/Makefile.
  - CVE-2012-4412
  - CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
  - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
    posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
  - CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
  - debian/patches/any/CVE-2013-1914.diff: fix overflow in
    sysdeps/posix/getaddrinfo.c.
  - CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
  readdir_r
  - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
    sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
    sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
    GETDENTS_64BIT_ALIGNED from
    sysdeps/unix/sysv/linux/i386/readdir64_r.c,
    sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
  - CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
  overflows in memory allocator
  - debian/patches/any/CVE-2013-4332.diff: check for overflows in
    malloc/malloc.c.
  - CVE-2013-4332

Author: Harald Sitter
Revision Date: 2013-12-10 15:28:47 UTC

Add kubuntu_fix_udev_property_access.patch to fix a crash when accessing
the NAME property of mice (LP: #737856)

Author: Steve Langasek
Revision Date: 2013-12-11 22:51:10 UTC

Null merge of fixed up commits

Author: Camm Maguire
Revision Date: 2012-04-20 12:59:26 UTC

* Bug fix: "unowned file /usr/local/share/texmf/ls-R after purge (policy
  6.8, 9.1.2)", thanks to Andreas Beckmann (Closes: #669380).
* Bug fix: "FTBFS: | /«PKGBUILDDIR»/books/tools/defsum.c:7456:5: error:
  expected expression before ')' token", thanks to Lucas
  Nussbaum (Closes: #669442). Build-dep on latest gcl

Author: Seth Arnold
Revision Date: 2013-06-03 18:13:33 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

Author: Simon Kelley
Revision Date: 2012-03-06 19:45:43 UTC

 * New upstream.
 * Provide "dump-stats" initscript method. (closes: #654656)
 * Add (empty) build-indep and build-arch rules targets.
 * Bump standards-version to 3.9.3
 * Add port option to example dnsmasq.conf (closes: #668386)

Author: Steve Langasek
Revision Date: 2013-01-16 17:12:54 UTC

Ensure callbacks are called directly when running with --no-events,
otherwise the "event" handling of the non-events never finishes and
mountall hangs. LP: #1099349.

Author: Steve Langasek
Revision Date: 2013-01-16 17:12:54 UTC

Ensure callbacks are called directly when running with --no-events,
otherwise the "event" handling of the non-events never finishes and
mountall hangs. LP: #1099349.

Author: Marc Deslauriers
Revision Date: 2013-03-21 13:37:59 UTC

* SECURITY UPDATE: incorrect ssl cert validation (LP: #1117411)
  - debian/patches/CVE-2013-0240.patch: properly validate ssl certs and
    fix cancellation in src/goa/goaenums.h, src/goa/goaerror.c,
    src/goabackend/goaewsclient.c, src/goabackend/goaewsclient.h,
    src/goabackend/goaexchangeprovider.c,
    src/goabackend/goagoogleprovider.c, src/goabackend/goautils.*,
    src/goabackend/goawebview.c.
  - debian/libgoa-1.0-0.symbols: updated with new symbol.
  - CVE-2013-0240
  - CVE-2013-1799

Author: Marc Deslauriers
Revision Date: 2013-03-21 13:37:59 UTC

* SECURITY UPDATE: incorrect ssl cert validation (LP: #1117411)
  - debian/patches/CVE-2013-0240.patch: properly validate ssl certs and
    fix cancellation in src/goa/goaenums.h, src/goa/goaerror.c,
    src/goabackend/goaewsclient.c, src/goabackend/goaewsclient.h,
    src/goabackend/goaexchangeprovider.c,
    src/goabackend/goagoogleprovider.c, src/goabackend/goautils.*,
    src/goabackend/goawebview.c.
  - debian/libgoa-1.0-0.symbols: updated with new symbol.
  - CVE-2013-0240
  - CVE-2013-1799

Author: Marc Deslauriers
Revision Date: 2013-12-06 13:27:24 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  huge color maps in xwd plugin
  - debian/patches/CVE-2013-1913.patch: limit number of color map entries
    in plug-ins/common/file-xwd.c.
  - CVE-2013-1913
* SECURITY UPDATE: denial of service and possible code execution via
  large number of color map entries in xwd plugin
  - debian/patches/CVE-2013-1978.patch: validate number of color map
    entries in plug-ins/common/file-xwd.c
  - CVE-2013-1978

Author: Marc Deslauriers
Revision Date: 2013-12-06 13:27:24 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  huge color maps in xwd plugin
  - debian/patches/CVE-2013-1913.patch: limit number of color map entries
    in plug-ins/common/file-xwd.c.
  - CVE-2013-1913
* SECURITY UPDATE: denial of service and possible code execution via
  large number of color map entries in xwd plugin
  - debian/patches/CVE-2013-1978.patch: validate number of color map
    entries in plug-ins/common/file-xwd.c
  - CVE-2013-1978

Author: Jamie Strandboge
Revision Date: 2013-12-03 12:11:32 UTC

* SECURITY UPDATE: Fix underflow when bottom is close to MIN_INT
  - debian/patches/security-lp1197921.patch: verify (t)->bottom > (t)->top)
  - LP: #1197921
  - CVE-YYYY-NNNN

Author: Jamie Strandboge
Revision Date: 2013-12-03 16:17:27 UTC

* SECURITY UPDATE: XSS in Volumes and Network Topology pages
  - debian/patches/CVE-2013-6406: html.escape() various items in
    volumes/tables.py and volume_snapshots/tables.py
  - CVE-2013-6406 (also referred to as CVE-2013-6858)
  - LP: #1247675

Author: Ben Howard
Revision Date: 2013-11-22 12:14:36 UTC

Backport from trusty to quantal for Joyent IaaS (LP: #1248000).

Author: Benjamin Drung
Revision Date: 2013-11-21 15:35:35 UTC

Remove broken .la files (Closes: #730108, LP: #1253656).

Author: Hao-Ran Liu
Revision Date: 2013-11-04 15:39:45 UTC

(Weird version number to stay smaller than the 13.04 version)
Add support for hybrid in-kernel suspend (Linux >= 3.6) (LP: #1172692)

Author: Iain Lane
Revision Date: 2013-11-27 11:45:24 UTC

No-change backport to quantal (LP: #1252729)

Author: Graham Inggs
Revision Date: 2013-07-06 11:07:07 UTC

* Backport the following changes from gnome-keyring in Raring:
  - Move the PKCS#11 module into a separate package. (LP: #1094319)
  - Convert gnome-keyring to multi-arch. (LP: #859600)

Author: Chris J Arges
Revision Date: 2013-11-22 11:47:09 UTC

debian/patches/203-bugfix-segfault-on-startup-if-actionqueuefilename-wa.patch:
upstream fix for segfault when spool is corrupted. (LP: #1233441)

Author: Marc Deslauriers
Revision Date: 2013-11-26 12:53:19 UTC

* SECURITY UPDATE: safe level restriction bypass via DL and Fiddle
  - debian/patches/CVE-2013-2065.patch: perform taint checking in
    ext/dl/lib/dl/func.rb, ext/fiddle/function.c.
  - CVE-2013-2065
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in floating point parsing.
  - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
    test to test/ruby/test_float.rb.
  - CVE-2013-4164

Author: Marc Deslauriers
Revision Date: 2013-11-26 12:53:19 UTC

* SECURITY UPDATE: safe level restriction bypass via DL and Fiddle
  - debian/patches/CVE-2013-2065.patch: perform taint checking in
    ext/dl/lib/dl/func.rb, ext/fiddle/function.c.
  - CVE-2013-2065
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in floating point parsing.
  - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
    test to test/ruby/test_float.rb.
  - CVE-2013-4164

Author: Brian Murray
Revision Date: 2013-11-06 10:31:34 UTC

Fix incorrectly displayed file names with UTF-8 characters.
Add -DNO_WORKING_ISPRINT to build flags. (LP: #1199239, LP: #580961)

Author: Ben Howard
Revision Date: 2013-11-22 12:14:36 UTC

Backport from trusty to quantal for Joyent IaaS (LP: #1248000).

Author: Chris J Arges
Revision Date: 2013-11-22 11:47:09 UTC

debian/patches/203-bugfix-segfault-on-startup-if-actionqueuefilename-wa.patch:
upstream fix for segfault when spool is corrupted. (LP: #1233441)

Author: Thomas Ward
Revision Date: 2013-11-21 13:19:37 UTC

* SECURITY UPDATE: ACL bypass via space character (LP: #1253691)
  - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c
    to account for a space character, fixing an issue which could result in
    security restrictions being bypassed
  - CVE-2013-4547

Author: Michael Terry
Revision Date: 2013-11-19 10:13:14 UTC

* debian/patches/11-dont-skip-first-chunk-on-restart.dpatch:
  - When restarting a backup, if the file we were in the middle of
    backing up is now deleted, don't skip the first 65k chunk of the
    next file. Patch backported from upstream trunk. LP: #1252484

Author: Benjamin Drung
Revision Date: 2013-11-21 15:35:35 UTC

Remove broken .la files (Closes: #730108, LP: #1253656).

Author: Thomas Ward
Revision Date: 2013-11-21 13:19:37 UTC

* SECURITY UPDATE: ACL bypass via space character (LP: #1253691)
  - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c
    to account for a space character, fixing an issue which could result in
    security restrictions being bypassed
  - CVE-2013-4547

Author: Felix Geyer
Revision Date: 2013-11-15 19:39:38 UTC

No-change backport to quantal (LP: #1251694)

Author: Marc Deslauriers
Revision Date: 2013-10-25 11:40:28 UTC

debian/patches/9005_ubuntu_releases.patch: update list of Ubuntu
releases. (LP: #1192290)

Author: Marc Deslauriers
Revision Date: 2013-11-07 09:47:09 UTC

* SECURITY UPDATE: arbitrary file overwrite via poison null byte
  - debian/patches/CVE-2013-2186.patch: properly validate repository in
    src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
  - CVE-2013-2186

Author: Hao-Ran Liu
Revision Date: 2013-11-04 15:39:45 UTC

(Weird version number to stay smaller than the 13.04 version)
Add support for hybrid in-kernel suspend (Linux >= 3.6) (LP: #1172692)

Author: Marc Deslauriers
Revision Date: 2013-11-07 09:47:09 UTC

* SECURITY UPDATE: arbitrary file overwrite via poison null byte
  - debian/patches/CVE-2013-2186.patch: properly validate repository in
    src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
  - CVE-2013-2186

Author: Colin Watson
Revision Date: 2013-11-08 12:44:14 UTC

Preseed netcfg/disable_autoconfig rather than deprecated
netcfg/disable_dhcp (LP: #879605).

Author: Dave Chiluk
Revision Date: 2013-11-08 11:06:30 UTC

* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
  socket, and never close the connection. (LP: #1247888)
  - debian/patches/sslfailurefdleak.patch: properly close connection in
    src/connection.c.
  - CVE number pending

Author: Dave Chiluk
Revision Date: 2013-11-08 11:06:30 UTC

* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
  socket, and never close the connection. (LP: #1247888)
  - debian/patches/sslfailurefdleak.patch: properly close connection in
    src/connection.c.
  - CVE number pending

Author: Steve Langasek
Revision Date: 2013-11-08 10:36:26 UTC

Backport to Ubuntu 12.10.

Author: Steve Langasek
Revision Date: 2013-11-08 10:36:26 UTC

Backport to Ubuntu 12.10.

Author: Mathieu Trudel-Lapierre
Revision Date: 2013-03-21 11:53:01 UTC

* New upstream release. (LP: #1158354)
  - Crash in Contacts calendar backend (LP: #1039594)
  - Empty name selector dialog on open (LP: #1072442)

Author: Steve Langasek
Revision Date: 2013-09-24 14:35:28 UTC

Backport to update SecureBoot support. LP: #1229572.

Author: Brian Murray
Revision Date: 2013-11-06 10:31:34 UTC

Fix incorrectly displayed file names with UTF-8 characters.
Add -DNO_WORKING_ISPRINT to build flags. (LP: #1199239, LP: #580961)

Author: Iain Lane
Revision Date: 2013-11-07 16:35:12 UTC

No-change backport to quantal (LP: #1244340)

Author: Mathieu Trudel-Lapierre
Revision Date: 2013-02-22 15:01:50 UTC

debian/patches/concurrency_fixes_rev_122.patch: backport rev 122: Creates
AtomicFileCache as a parent class for MultipleRepresentationCache to
handle concurrent use issues. (LP: #459418)