gmane.linux.ubuntu.devel.changes.dapper

[ubuntu/dapper-security] apache2 (delayed),apache2 2.0.55-4ubuntu2.13 (Accepted)

Ubuntu Installer — 2011-05-24T19:04:01

apache2 (2.0.55-4ubuntu2.13) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

Date: Sun, 22 May 2011 21:17:32 -0700
Changed-By: Steve Beattie <sbeattie< at >ubuntu.com>
Maintainer: Debian Apache Maintainers <debian-apache< at >lists.debian.org>
https://launchpad.net/ubuntu/dapper/+source/apache2/2.0.55-4ubuntu2.13
Format: 1.7
Date: Sun, 22 May 2011 21:17:32 -0700
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source
Version: 2.0.55-4ubuntu2.13
Distribution: dapper-security
Urgency: low
Maintainer: Debian Apache M

[ubuntu/dapper-security] postfix,postfix (delayed) 2.2.10-1ubuntu0.4 (Accepted)

Ubuntu Installer — 2011-05-11T09:04:13

postfix (2.2.10-1ubuntu0.4) dapper-security; urgency=low

  * SECURITY UPDATE: SASL memory corruption
    - debian/patches/CVE-2011-1720.dpatch: don't reuse the SASL handle
      after auth failure in src/smtpd/smtpd_sasl_proto.c.
    - CVE-2011-1720

Date: Tue, 10 May 2011 08:46:31 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: LaMont Jones <lamont< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/postfix/2.2.10-1ubuntu0.4
Format: 1.7
Date: Tue, 10 May 2011 08:46:31 -0400
Source: postfix
Binary: postfix-doc postfix-pgsql postfix-ldap postfix-dev postfix-pcre postfix postfix-mysql
Architecture: source
Version: 2.2.10-1ubuntu0.4
Distribution: dapper-security
Urgency: low
Maintainer: LaMont Jones <lamont< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 postfix    - A high-performance mail transport agent
 postfix-dev - Postfix loadable modules development environment
 postfix-doc - Postfix documentation
 postfix-ldap - LDAP map support fo

[ubuntu/dapper-security] php5 (delayed),php5 5.1.2-1ubuntu3.24 (Accepted)

Ubuntu Installer — 2011-05-04T21:10:20

php5 (5.1.2-1ubuntu3.24) dapper-security; urgency=low

  * debian/patches/pear/php5-pear-CVE-2011-1144_regression.patch: fix
    mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)
  * debian/patches/php5-CVE-2010-4697_regression.patch: fix regression
    in reference counting added by fix for CVE-2010-4697 (LP: #776642)

Date: Wed, 04 May 2011 00:46:19 -0700
Changed-By: Steve Beattie <sbeattie< at >ubuntu.com>
Maintainer: Debian PHP Maintainers <pkg-php-maint< at >lists.alioth.debian.org>
https://launchpad.net/ubuntu/dapper/+source/php5/5.1.2-1ubuntu3.24
Format: 1.7
Date: Wed, 04 May 2011 00:46:19 -0700
Source: php5
Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite
Architecture: source
Version: 5.1.2-1ubuntu3.24
Distribution: dapper-security
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint< at >lists.alioth.debian.org>

[ubuntu/dapper-security] perl (delayed),perl 5.8.7-10ubuntu1.3 (Accepted)

Ubuntu Installer — 2011-05-03T14:05:02

perl (5.8.7-10ubuntu1.3) dapper-security; urgency=low

  * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
    - debian/patches/71_CVE-2010-1168: update Safe.pm to version 2.29 to
      fix multiple issues.
    - CVE-2010-1168
    - CVE-2010-1447
  * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
    and CRLF injections.
    - debian/patches/72_cgi-multiline-header: fix issues with patch
      obtained from (5.10.1-17).
    - CVE-2010-2716
    - CVE-2010-4410
    - CVE-2010-4411

Date: Fri, 22 Apr 2011 13:05:34 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Brendan O'Dea <bod< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/perl/5.8.7-10ubuntu1.3
Format: 1.7
Date: Fri, 22 Apr 2011 13:05:34 -0400
Source: perl
Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl libperl5.8 perl-suid perl-doc
Architecture: source
Version: 5.8.7-10ubuntu1.3
Distribution: dapper-security
Urgency: low
Maintainer: Brendan O'Dea <bod

[ubuntu/dapper-security] php5 (delayed),php5 5.1.2-1ubuntu3.22 (Accepted)

Ubuntu Installer — 2011-04-29T06:06:48

php5 (5.1.2-1ubuntu3.22) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary files removal via cronjob
    - debian/php5-common.php5.cron.d: take greater care when removing
      session files.
    - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
    - CVE-2011-0441
  * SECURITY UPDATE: symlink tmp races in pear install
    - debian/patches/php5-pear-CVE-2011-1072.patch: improved
      tempfile handling.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1072
  * SECURITY UPDATE: more symlink races in pear install
    - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
      file handler.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1144
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/php5-CVE-2010-4697.patch: retain reference to
      object until getter/setter are done.
    - CVE-2010-4697
  * SECURITY UPDATE:

[ubuntu/dapper-proposed] langpack-locales 2.3.18.45 (Accepted)

Gary Lasker — 2011-04-26T20:25:26

langpack-locales (2.3.18.45) dapper-proposed; urgency=low

  * Replace tzdata2011e.tar.gz with tzdata2011g.tar.gz:
    - Egypt abandons DST in 2011 (and forward)
      (thanks to Alexander Krivenyshev)
    - LP: #770622

Date: Tue, 26 Apr 2011 11:14:22 -0400
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Signed-By: Martin Pitt <martin.pitt< at >ubuntu.com>
https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.45
Format: 1.7
Date: Tue, 26 Apr 2011 11:14:22 -0400
Source: langpack-locales
Binary: locales
Architecture: source
Version: 2.3.18.45
Distribution: dapper-proposed
Urgency: low
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Description: 
 locales    - common files for locale support
Changes: 
 langpack-locales (2.3.18.45) dapper-proposed; urgency=low
 .
   * Replace tzdata2011e.tar.gz with tzdata2011g.tar.gz:
     - Egypt abandons DST in 2011 (and forward)
       (thanks to Alexander Kriv

[ubuntu/dapper-security] openslp,openslp (delayed) 1.2.1-5ubuntu0.2 (Accepted)

Ubuntu Installer — 2011-04-20T13:04:09

openslp (1.2.1-5ubuntu0.2) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via circular reference
    - common/slp_message.c: detect circular reference. Patch thanks to SUSE.
    - CVE-2010-3609

Date: Tue, 05 Apr 2011 15:05:36 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Ganesan Rajagopal <rganesan< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/openslp/1.2.1-5ubuntu0.2
Format: 1.7
Date: Tue, 05 Apr 2011 15:05:36 -0400
Source: openslp
Binary: libslp-dev slptool libslp1 openslp-doc slpd
Architecture: source
Version: 1.2.1-5ubuntu0.2
Distribution: dapper-security
Urgency: low
Maintainer: Ganesan Rajagopal <rganesan< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 libslp-dev - OpenSLP development libraries
 libslp1    - OpenSLP libraries
 openslp-doc - OpenSLP documentation
 slpd       - OpenSLP Server (slpd)
 slptool    - SLP command line tool
Changes: 
 openslp (1.2.1-5ubuntu0.2) dapper-security; urgency=low
 .

[ubuntu/dapper-security] postfix,postfix (delayed) 2.2.10-1ubuntu0.3 (Accepted)

Ubuntu Installer — 2011-04-18T15:04:37

postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low

  * SECURITY UPDATE: man-in-the-middle via plaintext command injection
    - debian/patches/CVE-2011-0411.dpatch: Discard the contents of the
      stream buffer so there is no pending plaintext in
      src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge()
      in src/util/vstream.*.
    - CVE-2011-0411
  * SECURITY UPDATE: symlink attack via incorrect pid dir permissions
    - debian/postfix.postinst: create pid dir with appropriate permissions.
    - CVE-2009-2939

Date: Fri, 15 Apr 2011 10:55:16 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: LaMont Jones <lamont< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/postfix/2.2.10-1ubuntu0.3
Format: 1.7
Date: Fri, 15 Apr 2011 10:55:16 -0400
Source: postfix
Binary: postfix-doc postfix-pgsql postfix-ldap postfix-dev postfix-pcre postfix postfix-mysql
Architecture: source
Version: 2.2.10-1ubuntu0.3
Distribution: dapper-security
Urgency: low
Maintainer: La

[ubuntu/dapper-security] dhcp3,dhcp3 (delayed) 3.0.3-6ubuntu7.2 (Accepted)

Ubuntu Installer — 2011-04-11T20:04:20

dhcp3 (3.0.3-6ubuntu7.2) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
    - debian/patches/CVE-2011-0997.dpatch: filter strings in
      client/dhclient.c, common/options.c.
    - CVE-2011-0997

Date: Mon, 11 Apr 2011 09:04:51 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Eloy A. Paris <peloy< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/dhcp3/3.0.3-6ubuntu7.2
Format: 1.7
Date: Mon, 11 Apr 2011 09:04:51 -0400
Source: dhcp3
Binary: dhcp3-client-udeb dhcp3-common dhcp3-relay dhcp3-dev dhcp3-client dhcp3-server
Architecture: source
Version: 3.0.3-6ubuntu7.2
Distribution: dapper-security
Urgency: low
Maintainer: Eloy A. Paris <peloy< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 dhcp3-client - DHCP Client
 dhcp3-client-udeb - DHCP Client for debian-installer
 dhcp3-common - Common files used by all the dhcp3* packages
 dhcp3-dev  - API for accessing and modifying the DHCP server and

[ubuntu/dapper-security] tiff (delayed),tiff 3.7.4-1ubuntu3.11 (Accepted)

Ubuntu Installer — 2011-04-04T17:04:34

tiff (3.7.4-1ubuntu3.11) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted
    THUNDER_2BITDELTAS data
    - debian/patches/z_CVE-2011-1167.patch: validate bitspersample and
      make sure npixels is sane in libtiff/tif_thunder.c.
    - CVE-2011-1167

Date: Wed, 30 Mar 2011 13:34:17 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Jay Berkenbilt <qjb< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.11
Format: 1.7
Date: Wed, 30 Mar 2011 13:34:17 -0400
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source
Version: 3.7.4-1ubuntu3.11
Distribution: dapper-security
Urgency: low
Maintainer: Jay Berkenbilt <qjb< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - T

[ubuntu/dapper-proposed] langpack-locales 2.3.18.44 (Accepted)

Gary Lasker — 2011-04-04T07:56:07

langpack-locales (2.3.18.44) dapper-proposed; urgency=low

  * Replace tzdata2011d.tar.gz with tzdata2011e.tar.gz:
    - africa: Add start and end of DST in 2011 in Morocco.
    - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th
    - LP: #747946

Date: Sat, 02 Apr 2011 17:22:26 -0400
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Signed-By: Martin Pitt <martin.pitt< at >ubuntu.com>
https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.44
Format: 1.7
Date: Sat, 02 Apr 2011 17:22:26 -0400
Source: langpack-locales
Binary: locales
Architecture: source
Version: 2.3.18.44
Distribution: dapper-proposed
Urgency: low
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Description: 
 locales    - common files for locale support
Changes: 
 langpack-locales (2.3.18.44) dapper-proposed; urgency=low
 .
   * Replace tzdata2011d.tar.gz with tzdata2011e.tar.gz:
     - africa: Add start a

[ubuntu/dapper-security] vsftpd (delayed),vsftpd 2.0.4-0ubuntu4.1 (Accepted)

Ubuntu Installer — 2011-03-29T17:20:37

vsftpd (2.0.4-0ubuntu4.1) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted glob expressions
    - access.c, defs.h, ls.*: limit number of iterations.
    - changes extracted from 2.3.3 and 2.3.4 releases.
    - CVE-2011-0762

Date: Fri, 25 Mar 2011 14:55:46 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Daniel Jacobowitz <dan< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/vsftpd/2.0.4-0ubuntu4.1
Format: 1.7
Date: Fri, 25 Mar 2011 14:55:46 -0400
Source: vsftpd
Binary: vsftpd
Architecture: source
Version: 2.0.4-0ubuntu4.1
Distribution: dapper-security
Urgency: low
Maintainer: Daniel Jacobowitz <dan< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 vsftpd     - The Very Secure FTP Daemon
Changes: 
 vsftpd (2.0.4-0ubuntu4.1) dapper-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via crafted glob expressions
     - access.c, defs.h, ls.*: limit number of iterations.
     - changes extracted

[ubuntu/dapper-security] quagga,quagga (delayed) 0.99.2-1ubuntu3.8 (Accepted)

Ubuntu Installer — 2011-03-29T17:06:51

quagga (0.99.2-1ubuntu3.8) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed extended communities
    - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
      communities in bgpd/bgp_attr.c.
    - CVE-2010-1674

Date: Wed, 23 Mar 2011 16:45:49 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Christian Hammers <ch< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/quagga/0.99.2-1ubuntu3.8
Format: 1.7
Date: Wed, 23 Mar 2011 16:45:49 -0400
Source: quagga
Binary: quagga quagga-doc
Architecture: source
Version: 0.99.2-1ubuntu3.8
Distribution: dapper-security
Urgency: low
Maintainer: Christian Hammers <ch< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 quagga     - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon
 quagga-doc - documentation files for quagga
Changes: 
 quagga (0.99.2-1ubuntu3.8) dapper-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via malformed extende

[ubuntu/dapper-security] subversion,subversion (delayed) 1.3.1-3ubuntu1.4 (Accepted)

Ubuntu Installer — 2011-03-29T17:06:30

subversion (1.3.1-3ubuntu1.4) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via request containing lock token
    - debian/patches/CVE-2011-0715.patch: correctly handle locks being
      passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
      subversion/mod_dav_svn/version.c.
    - CVE-2011-0715

Date: Tue, 22 Mar 2011 08:25:32 -0400
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Guilherme de S. Pastore <guilherme.pastore< at >terra.com.br>
https://launchpad.net/ubuntu/dapper/+source/subversion/1.3.1-3ubuntu1.4
Format: 1.7
Date: Tue, 22 Mar 2011 08:25:32 -0400
Source: subversion
Binary: libsvn-core-perl libsvn0 libsvn-javahl python2.4-subversion libsvn-doc libsvn-ruby libsvn-ruby1.8 libapache2-svn python-subversion subversion-tools subversion libsvn0-dev
Architecture: source
Version: 1.3.1-3ubuntu1.4
Distribution: dapper-security
Urgency: low
Maintainer: Guilherme de S. Pastore <guilherme.pastore< at >terra.com.br>
Changed-By: Marc Deslauriers <marc.desla

[ubuntu/dapper-proposed] langpack-locales 2.3.18.43 (Accepted)

Gary Lasker — 2011-03-16T09:11:38

langpack-locales (2.3.18.43) dapper-proposed; urgency=low

  * Replace tzdata2011c.tar.gz with tzdata2011d.tar.gz:
    - Samoa: Update DST rules (effective April 2nd, 2011)
    - Cuba: Update DST rules (effective March 13th, 2011)
    - Turkey: Update DST rules (effective March 27th, 2011)
    - LP: #735058

Date: Mon, 14 Mar 2011 17:36:51 -0400
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Signed-By: Martin Pitt <martin.pitt< at >ubuntu.com>
https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.43
Format: 1.7
Date: Mon, 14 Mar 2011 17:36:51 -0400
Source: langpack-locales
Binary: locales
Architecture: source
Version: 2.3.18.43
Distribution: dapper-proposed
Urgency: low
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Description: 
 locales    - common files for locale support
Changes: 
 langpack-locales (2.3.18.43) dapper-proposed; urgency=low
 .
   * Replace tzdata2011c.tar.gz with tzdata2011d

[ubuntu/dapper-security] tiff (delayed),tiff 3.7.4-1ubuntu3.10 (Accepted)

Ubuntu Installer — 2011-03-15T02:04:42

tiff (3.7.4-1ubuntu3.10) dapper-security; urgency=low

  * debian/patches/CVE-2011-0192.patch: update for regression in
    processing of certain CCITTFAX4 files (LP: #731540).
    - http://bugzilla.maptools.org/show_bug.cgi?id=2297

Date: Mon, 14 Mar 2011 10:56:27 -0700
Changed-By: Kees Cook <kees< at >ubuntu.com>
Maintainer: Jay Berkenbilt <qjb< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.10
Format: 1.7
Date: Mon, 14 Mar 2011 10:56:27 -0700
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source
Version: 3.7.4-1ubuntu3.10
Distribution: dapper-security
Urgency: low
Maintainer: Jay Berkenbilt <qjb< at >debian.org>
Changed-By: Kees Cook <kees< at >ubuntu.com>
Description: 
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (T

[ubuntu/dapper-proposed] langpack-locales 2.3.18.42 (Accepted)

Gary Lasker — 2011-03-08T08:59:41

langpack-locales (2.3.18.42) dapper-proposed; urgency=low

  * Replace tzdata2011b.tar.gz with tzdata2011c.tar.gz:
    - leapseconds: Update notice from IERS (change to commentary only)
    - northamerica, zone.tab: Replace Juneau with Juneau, Sitka, and Metlakatla
    - southamerica: For Chile, delay end of DST in 2011 from March 12th to
      April 2nd
    - LP: #730873

Date: Mon, 07 Mar 2011 17:20:45 -0500
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Signed-By: Martin Pitt <martin.pitt< at >ubuntu.com>
https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.42
Format: 1.7
Date: Mon, 07 Mar 2011 17:20:45 -0500
Source: langpack-locales
Binary: locales
Architecture: source
Version: 2.3.18.42
Distribution: dapper-proposed
Urgency: low
Maintainer: Martin Pitt <martin.pitt< at >ubuntu.com>
Changed-By: Gary Lasker <gary.lasker< at >canonical.com>
Description: 
 locales    - common files for locale support
Changes: 
 langpack-locales (2.3.18.42) dapper-propose

[ubuntu/dapper-security] tiff (delayed),tiff 3.7.4-1ubuntu3.9 (Accepted)

Ubuntu Installer — 2011-03-07T15:10:09

tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
    values
    - debian/patches/z_CVE-2010-2595.patch: validate values in
      libtiff/tif_color.c.
    - CVE-2010-2595
  * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
    - debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
      libtiff/tif_strip.c.
    - CVE-2010-2597
    - CVE-2010-2598
  * SECURITY UPDATE: denial of service via out-of-order tags
    - debian/patches/z_CVE-2010-2630.patch: correctly handle order in
      libtiff/tif_dirread.c.
    - CVE-2010-2630
  * SECURITY UPDATE: denial of service and possible code exection via
    YCBCRSUBSAMPLING tag
    - debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
      libtiff/tif_dir.c.
    - CVE-2011-0191
  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in Fax4Decode
    - debian/patches/z_CVE-2011-0192.patch: check length in

[ubuntu/dapper-security] logwatch,logwatch (delayed) 7.1-2ubuntu0.1 (Accepted)

Ubuntu Installer — 2011-03-01T00:04:04

logwatch (7.1-2ubuntu0.1) dapper-security; urgency=low

  * SECURITY UPDATE: privileged code execution via badly named logfiles
    - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
      names don't contain '.
    - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26
      (backported to dapper)
    - CVE-2011-1018

Date: Mon, 28 Feb 2011 14:03:55 -0800
Changed-By: Steve Beattie <sbeattie< at >ubuntu.com>
Maintainer: Willi Mann <willi< at >wm1.at>
https://launchpad.net/ubuntu/dapper/+source/logwatch/7.1-2ubuntu0.1
Format: 1.7
Date: Mon, 28 Feb 2011 14:03:55 -0800
Source: logwatch
Binary: logwatch
Architecture: source
Version: 7.1-2ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Willi Mann <willi< at >wm1.at>
Changed-By: Steve Beattie <sbeattie< at >ubuntu.com>
Description: 
 logwatch   - log analyser with nice output written in Perl
Changes: 
 logwatch (7.1-2ubuntu0.1) dapper-security; urgency=low
 .
   * SECURITY UPDATE: privileged code execution via badly named lo

[ubuntu/dapper-security] samba (delayed),samba 3.0.22-1ubuntu3.14 (Accepted)

Ubuntu Installer — 2011-02-28T18:10:42

samba (3.0.22-1ubuntu3.14) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via missing range checks on file
    descriptors
    - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
      file descriptors.
    - CVE-2011-0719

Date: Thu, 24 Feb 2011 13:11:08 -0500
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Eloy A. Paris <peloy< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/samba/3.0.22-1ubuntu3.14
Format: 1.7
Date: Thu, 24 Feb 2011 13:11:08 -0500
Source: samba
Binary: samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat winbind smbclient samba python2.4-samba libsmbclient-dev samba-common samba-dbg smbfs
Architecture: source
Version: 3.0.22-1ubuntu3.14
Distribution: dapper-security
Urgency: low
Maintainer: Eloy A. Paris <peloy< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 libpam-smbpass - pluggable authentication module for SMB/CIFS password database
 libsmbclient - shared library that allows

[ubuntu/dapper-security] mailman,mailman (delayed) 2.1.5-9ubuntu4.4 (Accepted)

Ubuntu Installer — 2011-02-22T20:07:04

mailman (2.1.5-9ubuntu4.4) dapper-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
    - debian/patches/101_CVE-2011-0707.dpatch: properly clean strings in
      Mailman/Cgi/confirm.py.
    - CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
    information and description fields
    - debian/patches/102_CVE-2010-3089.dpatch: properly clean strings in
      Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
    - CVE-2010-3089

Date: Thu, 17 Feb 2011 10:14:56 -0500
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Maintainer: Tollef Fog Heen <tfheen< at >debian.org>
https://launchpad.net/ubuntu/dapper/+source/mailman/2.1.5-9ubuntu4.4
Format: 1.7
Date: Thu, 17 Feb 2011 10:14:56 -0500
Source: mailman
Binary: mailman
Architecture: source
Version: 2.1.5-9ubuntu4.4
Distribution: dapper-security
Urgency: low
Maintainer: Tollef Fog Heen <tfheen< at >debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers< at >ubuntu.com>
Description: 
 mailman    -