gmane.linux.ubuntu.devel.changes.karmic

[ubuntu/karmic-security]php5_5.2.10.dfsg.1-2ubuntu6.10_lpia_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_armel_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_sparc_translations.tar.gz (delayed),php5_5.2.10.dfsg.1-2ubuntu6.10_i386_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_amd64_translations.tar.gz, php5,php5_5.2.10.dfsg.1-2ubuntu6.10_ia64_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_powerpc_translations.tar.gz5.2.10.dfsg.1-2ubuntu6.10 (Accepted)

Ubuntu Installer — 2011-05-04T22:03:28

php5 (5.2.10.dfsg.1-2ubuntu6.10) karmic-security; urgency=low

  * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
    mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

Date: Mon, 02 May 2011 09:21:27 -0700
Changed-By: Steve Beattie <sbeattie-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/php5/5.2.10.dfsg.1-2ubuntu6.10
Format: 1.8
Date: Mon, 02 May 2011 09:21:27 -0700
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.2.10.dfsg.1-2ubuntu6.10
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Chan

[ubuntu/karmic-security]php5_5.2.10.dfsg.1-2ubuntu6.9_amd64_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_ia64_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_powerpc_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_lpia_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_sparc_translations.tar.gz (delayed),php5, php5_5.2.10.dfsg.1-2ubuntu6.9_armel_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_i386_translations.tar.gz5.2.10.dfsg.1-2ubuntu6.9 (Accepted)

Ubuntu Installer — 2011-04-29T06:05:10

php5 (5.2.10.dfsg.1-2ubuntu6.9) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary files removal via cronjob
    - debian/php5-common.php5.cron.d: take greater care when removing
      session files.
    - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
    - CVE-2011-0441
  * SECURITY UPDATE: symlink tmp races in pear install
    - debian/patches/php5-pear-CVE-2011-1072.patch: improved
      tempfile handling.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1072
  * SECURITY UPDATE: more symlink races in pear install
    - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
      file handler.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1144
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/php5-CVE-2010-4697.patch: retain reference to
      object until getter/setter are done.
    - CVE-2010-4697
  * SECURITY

[ubuntu/karmic-security] pcsc-lite (delayed),pcsc-lite 1.5.3-1ubuntu1.2 (Accepted)

Ubuntu Installer — 2011-04-27T20:03:46

pcsc-lite (1.5.3-1ubuntu1.2) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long attribute value
    - src/atrhandler.c: verify against maximum attribute size.
    - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
    - CVE-2010-4531

Date: Thu, 14 Apr 2011 09:39:10 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/pcsc-lite/1.5.3-1ubuntu1.2
Format: 1.8
Date: Thu, 14 Apr 2011 09:39:10 -0400
Source: pcsc-lite
Binary: pcscd libpcsclite-dev libpcsclite1
Architecture: source
Version: 1.5.3-1ubuntu1.2
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 libpcsclite-dev - Middleware

[ubuntu/karmic-security] rsync,rsync (delayed) 3.0.6-1ubuntu1.1 (Accepted)

Ubuntu Installer — 2011-04-27T15:03:29

rsync (3.0.6-1ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via malformed data
    - debian/patches/security-CVE-2011-1097.diff: introduce and use
      FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
    - CVE-2011-1097

Date: Fri, 08 Apr 2011 10:18:37 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/rsync/3.0.6-1ubuntu1.1
Format: 1.8
Date: Fri, 08 Apr 2011 10:18:37 -0400
Source: rsync
Binary: rsync
Architecture: source
Version: 3.0.6-1ubuntu1.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 rsync      - fast remote file copy program (like rcp)
Changes:

[ubuntu/karmic-proposed] landscape-client 11.02-0ubuntu0.9.10.1(Accepted)

Chuck Short — 2011-04-26T17:18:13

landscape-client (11.02-0ubuntu0.9.10.1) karmic-proposed; urgency=low

  * debian/control, debian/rules: Add quilt
  * debian/patches/fix-landscape-monitor.patch: Fix landscape
    monitoring with gir1.0-gudev-1.0 installed. (LP: #747498)

landscape-client (11.02-0ubuntu0.9.10.0) karmic-proposed; urgency=low

  * New upstream version (LP: #727324)

    - Exit gracefully instead of crashing when the filesystem is
      read-only (LP: #649997).

    - Drop hal requirement (LP: #708502).

    - Enable HTTP compression in Curl (LP: #297623).

    - Explicitly name log files that need to be rotated (LP: #634236).

    - Assorted test suite fixes.

    - Use a better load check for the sysinfo wrapper, taking into account the
      number of cores (LP: #643565).

    - Add an option to bootstrap cloud instances using cloud-init
      (LP: #701972).

    - Fix packaging for Natty (LP: #688115).

    - Force deletion of all the persist data for the monitoring plugins at
      resynchronization, instead of relying ea

[ubuntu/karmic-security]openslp-dfsg_1.2.1-7.5ubuntu0.1_lpia_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_amd64_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_armel_translations.tar.gz,openslp-dfsg,openslp-dfsg_1.2.1-7.5ubuntu0.1_sparc_translations.tar.gz (delayed),openslp-dfsg_1.2.1-7.5ubuntu0.1_i386_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_powerpc_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_ia64_translations.tar.gz1.2.1-7.5ubuntu0.1 (Accepted)

Ubuntu Installer — 2011-04-20T13:03:43

openslp-dfsg (1.2.1-7.5ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via circular reference
    - common/slp_message.c: detect circular reference. Patch thanks to SUSE.
    - CVE-2010-3609

Date: Tue, 05 Apr 2011 15:02:25 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/openslp-dfsg/1.2.1-7.5ubuntu0.1
Format: 1.8
Date: Tue, 05 Apr 2011 15:02:25 -0400
Source: openslp-dfsg
Binary: slpd openslp-doc libslp1 slptool libslp-dev
Architecture: source
Version: 1.2.1-7.5ubuntu0.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 libslp-dev - OpenSLP development libraries
 libslp1    - OpenSLP libraries
 openslp-doc - Ope

[ubuntu/karmic-security]policykit-1_0.94-1ubuntu1.1_lpia_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_amd64_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_sparc_translations.tar.gz (delayed),policykit-1_0.94-1ubuntu1.1_powerpc_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_ia64_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_armel_translations.tar.gz, policykit-1,policykit-1_0.94-1ubuntu1.1_i386_translations.tar.gz 0.94-1ubuntu1.1(Accepted)

Ubuntu Installer — 2011-04-19T23:03:57

policykit-1 (0.94-1ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: avoid /proc race conditions when checking privileges
    for pkexec.
    - 10_fix_proc_race.patch
    - CVE-2011-1485

Date: Tue, 19 Apr 2011 13:06:21 -0700
Changed-By: Kees Cook <kees-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/policykit-1/0.94-1ubuntu1.1
Format: 1.8
Date: Tue, 19 Apr 2011 13:06:21 -0700
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev
Architecture: source
Version: 0.94-1ubuntu1.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Kees Cook <kees-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 libpolkit-agent-1-0 - PolicyKit Authenticatio

[ubuntu/karmic-security] krb5,krb5_1.7dfsg~beta3-1ubuntu0.13_amd64_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_armel_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_powerpc_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_lpia_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_sparc_translations.tar.gz (delayed),krb5_1.7dfsg~beta3-1ubuntu0.13_ia64_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_i386_translations.tar.gz1.7dfsg~beta3-1ubuntu0.13 (Accepted)

Ubuntu Installer — 2011-04-19T21:05:09

krb5 (1.7dfsg~beta3-1ubuntu0.13) karmic-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
    pointer.
    - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
    - CVE-2011-0285
    - MITKRB5-SA-2011-004

Date: Mon, 18 Apr 2011 15:40:41 -0700
Changed-By: Kees Cook <kees-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/krb5/1.7dfsg~beta3-1ubuntu0.13
Format: 1.8
Date: Mon, 18 Apr 2011 15:40:41 -0700
Source: krb5
Binary: krb5-user krb5-clients krb5-rsh-server krb5-ftpd krb5-telnetd krb5-kdc krb5-kdc-ldap krb5-admin-server libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv6 libkadm5clnt6 libk5crypto3 libkdb5-4 libkrb5support0
Architecture: source
Version: 1.7dfsg~beta3-1ubuntu0.13
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyD

[ubuntu/karmic-security] ia32-libs (delayed),ia32-libs 2.7ubuntu17.1 (Accepted)

Ubuntu Installer — 2011-04-19T19:07:01

ia32-libs (2.7ubuntu17.1) karmic-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms: buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - libfreetype: multiple DoS, possible code execution issues:
      CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797,
      CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807,
      CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
      CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
    - nss: many issues

Date: Tue, 12 Apr 2011 02:08:26 -0700
Changed-By: Steve Beattie <sbeattie-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/ia32-libs/2.7ubuntu17.1
Format

[ubuntu/karmic-security] dhcp3,dhcp3_3.1.2-1ubuntu7.3_sparc_translations.tar.gz (delayed),dhcp3_3.1.2-1ubuntu7.3_ia64_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_powerpc_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_lpia_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_armel_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_i386_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_amd64_translations.tar.gz 3.1.2-1ubuntu7.3(Accepted)

Ubuntu Installer — 2011-04-19T18:03:58

dhcp3 (3.1.2-1ubuntu7.3) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
    - Patch for CVE-2011-0997 was getting reverted during the build
      because of special quilt handling in debian/rules for the ldap
      patches.
    - debian/patches/00list: move CVE-2011-0997 patch before the ldap
      patches, and add comment.
    - CVE-2011-0997

Date: Tue, 19 Apr 2011 09:25:29 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/dhcp3/3.1.2-1ubuntu7.3
Format: 1.8
Date: Tue, 19 Apr 2011 09:25:29 -0400
Source: dhcp3
Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay
Architecture: source
Version: 3.1.2-1ubuntu7.3
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjV

[ubuntu/karmic-security]kdenetwork_4.3.2-0ubuntu4.5_armel_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_sparc_translations.tar.gz (delayed),kdenetwork_4.3.2-0ubuntu4.5_i386_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_lpia_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_amd64_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_powerpc_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_ia64_translations.tar.gz,kdenetwork 4:4.3.2-0ubuntu4.5 (Accepted)

Ubuntu Installer — 2011-04-18T21:05:40

kdenetwork (4:4.3.2-0ubuntu4.5) karmic-security; urgency=low

  * SECURITY UPDATE: fix directory traversal in kget
    - debian/patches/kubuntu_06_CVE-2010-1000b.diff: more input validation due
      to incomplete fix for CVE-2010-1000
    - CVE-2011-XXXX
    - LP: #757526

Date: Fri, 15 Apr 2011 09:13:14 -0500
Changed-By: Jamie Strandboge <jamie-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Kubuntu Developers <kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/kdenetwork/4:4.3.2-0ubuntu4.5
Format: 1.8
Date: Fri, 15 Apr 2011 09:13:14 -0500
Source: kdenetwork
Binary: kdenetwork kdenetwork-filesharing kget libkopete4 kopete libkopete-dev kppp krdc krfb kdenetwork-dbg kde-zeroconf kopete-plugin-otr-kde4
Architecture: source
Version: 4:4.3.2-0ubuntu4.5
Distribution: karmic-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Jamie Strandboge <jamie-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
De

[ubuntu/karmic-security]postfix_2.6.5-3ubuntu0.1_lpia_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_sparc_translations.tar.gz (delayed),postfix, postfix_2.6.5-3ubuntu0.1_armel_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_ia64_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_powerpc_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_i386_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_amd64_translations.tar.gz 2.6.5-3ubuntu0.1(Accepted)

Ubuntu Installer — 2011-04-18T15:04:03

postfix (2.6.5-3ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: man-in-the-middle via plaintext command injection
    - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
      stream buffer so there is no pending plaintext.
    - Origin: backported from postfix-2.6-patch09.gz
    - CVE-2011-0411

Date: Fri, 15 Apr 2011 10:27:41 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/postfix/2.6.5-3ubuntu0.1
Format: 1.8
Date: Fri, 15 Apr 2011 10:27:41 -0400
Source: postfix
Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql postfix-pgsql postfix-dev postfix-doc
Architecture: source
Version: 2.6.5-3ubuntu0.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-G

[ubuntu/karmic-security] flashplugin-nonfree,flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1_lpia_translations.tar.gz(delayed),flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1_i386_translations.tar.gz10.2.159.1ubuntu0.9.10.1 (Accepted)

Ubuntu Installer — 2011-04-17T01:03:34

flashplugin-nonfree (10.2.159.1ubuntu0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.2.159.1
    - debian/config, debian/postinst: Updated sha256sums and path.
    - CVE-2011-0611

Date: Sat, 16 Apr 2011 07:38:40 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/flashplugin-nonfree/10.2.159.1ubuntu0.9.10.1
Format: 1.8
Date: Sat, 16 Apr 2011 07:38:40 -0400
Source: flashplugin-nonfree
Binary: flashplugin-installer flashplugin-nonfree
Architecture: source
Version: 10.2.159.1ubuntu0.9.10.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 flashplugin-installer - Adobe Flash Player plugin installer
 flashplugin-no

adobe-flashplugin 10.2.159.1-0karmic1 (Accepted)

Brian Thomason — 2011-04-15T18:15:28

adobe-flashplugin (10.2.159.1-0karmic1) karmic; urgency=low

  * Initial release of 10.2.159.1 for Karmic

Date: Fri, 15 Apr 2011 14:10:19 -0400
Changed-By: Brian Thomason <brian.thomason-Z7WLFzj8eWMS+FvcfC7Uqw< at >public.gmane.org>
Maintainer: DL-Flash Player Ubuntu <FlashPlayerUbuntu-dv/VyGpifdQAvxtiuMwx3w< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/adobe-flashplugin/10.2.159.1-0karmic1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 15 Apr 2011 14:10:19 -0400
Source: adobe-flashplugin
Binary: adobe-flashplugin
Architecture: source
Version: 10.2.159.1-0karmic1
Distribution: karmic
Urgency: low
Maintainer: DL-Flash Player Ubuntu <FlashPlayerUbuntu-dv/VyGpifdQAvxtiuMwx3w< at >public.gmane.org>
Changed-By: Brian Thomason <brian.thomason-Z7WLFzj8eWMS+FvcfC7Uqw< at >public.gmane.org>
Description: 
 adobe-flashplugin - Adobe Flash Player plugin version 10
Changes: 
 adobe-flashplugin (10.2.159.1-0karmic1) karmic; urgency=low
 .
   * Initial release of 10.2.159.1 for Karmic
Checksums-Sha

[ubuntu/karmic-security] kde4libs,kde4libs_4.3.2-0ubuntu7.3_sparc_translations.tar.gz (delayed),kde4libs_4.3.2-0ubuntu7.3_amd64_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_ia64_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_i386_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_lpia_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_armel_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_powerpc_translations.tar.gz4:4.3.2-0ubuntu7.3 (Accepted)

Ubuntu Installer — 2011-04-13T17:05:30

kde4libs (4:4.3.2-0ubuntu7.3) karmic-security; urgency=low

  * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages
    - debian/patches/security_03_CVE-2011-1168.diff: upstream patch
    - CVE-2011-1168
    - LP: #743669
  * SECURITY UPDATE: fix certificate verification for certificates issued
    against an IP address
    - debian/patches/security_04_CVE-2011-1094.diff: based on upstream patch
    - CVE-2011-1094

Date: Mon, 11 Apr 2011 10:19:40 -0500
Changed-By: Jamie Strandboge <jamie-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Kubuntu Developers <kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/kde4libs/4:4.3.2-0ubuntu7.3
Format: 1.8
Date: Mon, 11 Apr 2011 10:19:40 -0500
Source: kde4libs
Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs-bin libplasma3 kdelibs5-dbg
Architecture: source
Version: 4:4.3.2-0ubuntu7.3
Distribution: karmic-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg< at >public.

[ubuntu/karmic-security]gimp_2.6.7-1ubuntu1.2_sparc_translations.tar.gz (delayed),gimp_2.6.7-1ubuntu1.2_armel_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_ia64_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_lpia_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_amd64_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_i386_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_powerpc_translations.tar.gz,gimp 2.6.7-1ubuntu1.2 (Accepted)

Ubuntu Installer — 2011-04-13T13:11:11

gimp (2.6.7-1ubuntu1.2) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed plugin configuration files
    - debian/patches/06_security_CVE-2010-454x.patch: fix format strings in
      plug-ins/{common/sphere-designer,gfig/gfig-style,
      lighting/lighting-ui}.c.
    - CVE-2010-4540
    - CVE-2010-4541
    - CVE-2010-4542
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed PSP image file
    - debian/patches/07_security_CVE-2010-4543.patch: fix buffer overflow
      in plug-ins/common/file-psp.c.
    - CVE-2010-4543

Date: Thu, 07 Apr 2011 13:24:12 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Desktop Team <ubuntu-desktop-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/gimp/2.6.7-1ubuntu1.2
Format: 1.8
Date: Thu, 07 Apr 2011 13:24:12 -0400
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.

[ubuntu/karmic-security] dhcp3,dhcp3_3.1.2-1ubuntu7.2_ia64_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_armel_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_lpia_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_i386_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_amd64_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_powerpc_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_sparc_translations.tar.gz (delayed)3.1.2-1ubuntu7.2 (Accepted)

Ubuntu Installer — 2011-04-11T20:03:57

dhcp3 (3.1.2-1ubuntu7.2) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
    - debian/patches/CVE-2011-0997.dpatch: filter strings in
      client/dhclient.c, common/options.c.
    - CVE-2011-0997

Date: Mon, 11 Apr 2011 08:58:41 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/dhcp3/3.1.2-1ubuntu7.2
Format: 1.8
Date: Mon, 11 Apr 2011 08:58:41 -0400
Source: dhcp3
Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay
Architecture: source
Version: 3.1.2-1ubuntu7.2
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 dhcp-client - DHCP clie

[ubuntu/karmic-security] ffmpeg-extra,ffmpeg-extra (delayed) 4:0.5+svn20090706-2ubuntu3.1 (Accepted)

Ubuntu Installer — 2011-04-11T13:04:39

ffmpeg-extra (4:0.5+svn20090706-2ubuntu3.1) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
    - debian/patches/CVE-2010-3429.patch: add checks to
      libavcodec/flicvideo.c.
    - CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
    (LP: #690169)
    - debian/patches/CVE-2010-3908.patch: properly calculate size in
      libavcodec/utils.c.
    - CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
    - debian/patches/CVE-2010-4704.patch: validate codebook in
      libavcodec/vorbis_dec.c.
    - CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted WebM file
    - debian/patches/CVE-2011-0480.patch: check rangebits in
      libavcodec/vorbis_dec.c.
    - CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
    (LP: #690169)
    - debian/patches/CVE-2011-0722.patch: set dimensions in
      libavcodec/rv34.c.
    - CVE-2011-0722

[ubuntu/karmic-security] x11-xserver-utils,x11-xserver-utils (delayed) 7.4+2ubuntu3.1 (Accepted)

Ubuntu Installer — 2011-04-06T18:08:29

x11-xserver-utils (7.4+2ubuntu3.1) karmic-security; urgency=low

  * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
    - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
      case.
    - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
    - CVE-2011-0465

Date: Wed, 06 Apr 2011 17:38:54 +0300
Changed-By: Timo Aaltonen <tjaalton-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/x11-xserver-utils/7.4+2ubuntu3.1
Format: 1.8
Date: Wed, 06 Apr 2011 17:38:54 +0300
Source: x11-xserver-utils
Binary: x11-xserver-utils
Architecture: source
Version: 7.4+2ubuntu3.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Timo Aaltonen <tjaalton-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 x11-xserver-utils - X

[ubuntu/karmic-security] ffmpeg (delayed),ffmpeg 4:0.5+svn20090706-2ubuntu2.3 (Accepted)

Ubuntu Installer — 2011-04-04T17:17:00

ffmpeg (4:0.5+svn20090706-2ubuntu2.3) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
    - debian/patches/CVE-2010-3429.patch: add checks to
      libavcodec/flicvideo.c.
    - CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
    (LP: #690169)
    - debian/patches/CVE-2010-3908.patch: properly calculate size in
      libavcodec/utils.c.
    - CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
    - debian/patches/CVE-2010-4704.patch: validate codebook in
      libavcodec/vorbis_dec.c.
    - CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted WebM file
    - debian/patches/CVE-2011-0480.patch: check rangebits in
      libavcodec/vorbis_dec.c.
    - CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
    (LP: #690169)
    - debian/patches/CVE-2011-0722.patch: set dimensions in
      libavcodec/rv34.c.
    - CVE-2011-0722
  * S

[ubuntu/karmic-security] tiff (delayed),tiff 3.8.2-13ubuntu0.6 (Accepted)

Ubuntu Installer — 2011-04-04T17:04:04

tiff (3.8.2-13ubuntu0.6) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted
    THUNDER_2BITDELTAS data
    - debian/patches/CVE-2011-1167.patch: validate bitspersample and
      make sure npixels is sane in libtiff/tif_thunder.c.
    - CVE-2011-1167

Date: Wed, 30 Mar 2011 13:20:44 -0400
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
https://launchpad.net/ubuntu/karmic/+source/tiff/3.8.2-13ubuntu0.6
Format: 1.8
Date: Wed, 30 Mar 2011 13:20:44 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 3.8.2-13ubuntu0.6
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg< at >public.gmane.org>
Changed-By: Marc Deslauriers <marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA< at >public.gmane.org>
Description: 
 libtiff-doc -