http://blog.gmane.org/gmane.linux.ubuntu.devel.changes.dapper hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12913 <pre>apache2 (2.0.55-4ubuntu2.13) dapper-security; urgency=low * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via apache's mod_index - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite apr_fnmatch to have a better time bounds on execution. - CVE-2011-0419 - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible DoS introduced by patch for CVE-2011-0419. - CVE-2011-1928 Date: Sun, 22 May 2011 21:17:32 -0700 Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Maintainer: Debian Apache Maintainers &lt;debian-apache&lt; at &gt;lists.debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/apache2/2.0.55-4ubuntu2.13 Format: 1.7 Date: Sun, 22 May 2011 21:17:32 -0700 Source: apache2 Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild Architecture: source Version: 2.0.55-4ubuntu2.13 Distribution: dapper-security Urgency: low Maintainer: Debian Apache Maintainers &lt;debian-apache&lt; at &gt;lists.debian.org&gt; Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Description: apache2 - next generation, scalable, extendable web server apache2-common - next generation, scalable, extendable web server apache2-doc - documentation for apache2 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2 apache2-mpm-prefork - traditional model for Apache2 apache2-mpm-worker - high speed threaded model for Apache2 apache2-prefork-dev - development headers for apache2 apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers libapr0 - the Apache Portable Runtime libapr0-dev - development headers for libapr Changes: apache2 (2.0.55-4ubuntu2.13) dapper-security; urgency=low . * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via apache's mod_index - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite apr_fnmatch to have a better time bounds on execution. - CVE-2011-0419 - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible DoS introduced by patch for CVE-2011-0419. - CVE-2011-1928 Files: c83b6a6795065c007da7a1764347bf3d 1823 net optional apache2_2.0.55-4ubuntu2.13.dsc e1bed19dc3827f4e375d1fbb87693cbf 141485 net optional apache2_2.0.55-4ubuntu2.13.diff.gz </pre> Ubuntu Installer 2011-05-24T19:04:01 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12912 <pre>postfix (2.2.10-1ubuntu0.4) dapper-security; urgency=low * SECURITY UPDATE: SASL memory corruption - debian/patches/CVE-2011-1720.dpatch: don't reuse the SASL handle after auth failure in src/smtpd/smtpd_sasl_proto.c. - CVE-2011-1720 Date: Tue, 10 May 2011 08:46:31 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: LaMont Jones &lt;lamont&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/postfix/2.2.10-1ubuntu0.4 Format: 1.7 Date: Tue, 10 May 2011 08:46:31 -0400 Source: postfix Binary: postfix-doc postfix-pgsql postfix-ldap postfix-dev postfix-pcre postfix postfix-mysql Architecture: source Version: 2.2.10-1ubuntu0.4 Distribution: dapper-security Urgency: low Maintainer: LaMont Jones &lt;lamont&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: postfix - A high-performance mail transport agent postfix-dev - Postfix loadable modules development environment postfix-doc - Postfix documentation postfix-ldap - LDAP map support for Postfix postfix-mysql - MYSQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PGSQL map support for Postfix Changes: postfix (2.2.10-1ubuntu0.4) dapper-security; urgency=low . * SECURITY UPDATE: SASL memory corruption - debian/patches/CVE-2011-1720.dpatch: don't reuse the SASL handle after auth failure in src/smtpd/smtpd_sasl_proto.c. - CVE-2011-1720 Files: c4f021075da493e253581cad6c33ad06 1538 mail extra postfix_2.2.10-1ubuntu0.4.dsc 0f4ef5db2859aea31aedaaa494e344d2 158339 mail extra postfix_2.2.10-1ubuntu0.4.diff.gz </pre> Ubuntu Installer 2011-05-11T09:04:13 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12911 <pre>php5 (5.1.2-1ubuntu3.24) dapper-security; urgency=low * debian/patches/pear/php5-pear-CVE-2011-1144_regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) * debian/patches/php5-CVE-2010-4697_regression.patch: fix regression in reference counting added by fix for CVE-2010-4697 (LP: #776642) Date: Wed, 04 May 2011 00:46:19 -0700 Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Maintainer: Debian PHP Maintainers &lt;pkg-php-maint&lt; at &gt;lists.alioth.debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/php5/5.1.2-1ubuntu3.24 Format: 1.7 Date: Wed, 04 May 2011 00:46:19 -0700 Source: php5 Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite Architecture: source Version: 5.1.2-1ubuntu3.24 Distribution: dapper-security Urgency: low Maintainer: Debian PHP Maintainers &lt;pkg-php-maint&lt; at &gt;lists.alioth.debian.org&gt; Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (meta-package) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-mysqli - MySQL Improved module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.1.2-1ubuntu3.24) dapper-security; urgency=low . * debian/patches/pear/php5-pear-CVE-2011-1144_regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) * debian/patches/php5-CVE-2010-4697_regression.patch: fix regression in reference counting added by fix for CVE-2010-4697 (LP: #776642) Files: 7c4b4909432453817a247e57f92fc983 2417 web optional php5_5.1.2-1ubuntu3.24.dsc 744c3886bc9c5f717de9f87542f262f3 174470 web optional php5_5.1.2-1ubuntu3.24.diff.gz </pre> Ubuntu Installer 2011-05-04T21:10:20 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12910 <pre>perl (5.8.7-10ubuntu1.3) dapper-security; urgency=low * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm - debian/patches/71_CVE-2010-1168: update Safe.pm to version 2.29 to fix multiple issues. - CVE-2010-1168 - CVE-2010-1447 * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary, and CRLF injections. - debian/patches/72_cgi-multiline-header: fix issues with patch obtained from (5.10.1-17). - CVE-2010-2716 - CVE-2010-4410 - CVE-2010-4411 Date: Fri, 22 Apr 2011 13:05:34 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Brendan O'Dea &lt;bod&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/perl/5.8.7-10ubuntu1.3 Format: 1.7 Date: Fri, 22 Apr 2011 13:05:34 -0400 Source: perl Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl libperl5.8 perl-suid perl-doc Architecture: source Version: 5.8.7-10ubuntu1.3 Distribution: dapper-security Urgency: low Maintainer: Brendan O'Dea &lt;bod&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: libcgi-fast-perl - CGI::Fast Perl module libperl-dev - Perl library: development files libperl5.8 - Shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - The Pathologically Eclectic Rubbish Lister perl-debug - Debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules perl-suid - Runs setuid Perl scripts Changes: perl (5.8.7-10ubuntu1.3) dapper-security; urgency=low . * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm - debian/patches/71_CVE-2010-1168: update Safe.pm to version 2.29 to fix multiple issues. - CVE-2010-1168 - CVE-2010-1447 * SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary, and CRLF injections. - debian/patches/72_cgi-multiline-header: fix issues with patch obtained from (5.10.1-17). - CVE-2010-2716 - CVE-2010-4410 - CVE-2010-4411 Files: d4a948e14d81e87777d3cee4eccf8b79 1386 perl standard perl_5.8.7-10ubuntu1.3.dsc 58bb9802f6496e8b675690012e697e01 187915 perl standard perl_5.8.7-10ubuntu1.3.diff.gz </pre> Ubuntu Installer 2011-05-03T14:05:02 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12909 <pre>php5 (5.1.2-1ubuntu3.22) dapper-security; urgency=low * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files. - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 * SECURITY UPDATE: symlink tmp races in pear install - debian/patches/php5-pear-CVE-2011-1072.patch: improved tempfile handling. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1072 * SECURITY UPDATE: more symlink races in pear install - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save file handler. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1144 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2010-4697.patch: retain reference to object until getter/setter are done. - CVE-2010-4697 * SECURITY UPDATE: denial of service through application crash with invalid images - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing steps are either 4 or 16. - CVE-2010-4698 * SECURITY UPDATE: denial of service through application crash when handling images with invalid exif tags - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking - CVE-2011-0708 * SECURITY UPDATE: denial of service and possible data disclosure through integer overflow - debian/patches/php5-CVE-2011-1092.patch: better boundary condition checks in shmop_read() - CVE-2011-1092 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2011-1148.patch: improve reference counting - CVE-2011-1148 * SECURITY UPDATE: denial of service through buffer overflow crash (code execution mitigated by compilation with Fortify Source) - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision to ensure fitting within MAX_BUF_SIZE - CVE-2011-1464 * SECURITY UPDATE: denial of service through application crash via integer overflow. - debian/patches/php5-CVE-2011-1466.patch: improve boundary condition checking in SdnToJulian() - CVE-2011-1466 * SECURITY UPDATE: denial of service through application crash when using HTTP proxy with the FTP wrapper - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling - CVE-2011-1469 Date: Thu, 28 Apr 2011 10:17:34 -0700 Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Maintainer: Debian PHP Maintainers &lt;pkg-php-maint&lt; at &gt;lists.alioth.debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/php5/5.1.2-1ubuntu3.22 Format: 1.7 Date: Thu, 28 Apr 2011 10:17:34 -0700 Source: php5 Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite Architecture: source Version: 5.1.2-1ubuntu3.22 Distribution: dapper-security Urgency: low Maintainer: Debian PHP Maintainers &lt;pkg-php-maint&lt; at &gt;lists.alioth.debian.org&gt; Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (meta-package) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-mysqli - MySQL Improved module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.1.2-1ubuntu3.22) dapper-security; urgency=low . * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files. - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 * SECURITY UPDATE: symlink tmp races in pear install - debian/patches/php5-pear-CVE-2011-1072.patch: improved tempfile handling. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1072 * SECURITY UPDATE: more symlink races in pear install - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save file handler. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1144 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2010-4697.patch: retain reference to object until getter/setter are done. - CVE-2010-4697 * SECURITY UPDATE: denial of service through application crash with invalid images - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing steps are either 4 or 16. - CVE-2010-4698 * SECURITY UPDATE: denial of service through application crash when handling images with invalid exif tags - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking - CVE-2011-0708 * SECURITY UPDATE: denial of service and possible data disclosure through integer overflow - debian/patches/php5-CVE-2011-1092.patch: better boundary condition checks in shmop_read() - CVE-2011-1092 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2011-1148.patch: improve reference counting - CVE-2011-1148 * SECURITY UPDATE: denial of service through buffer overflow crash (code execution mitigated by compilation with Fortify Source) - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision to ensure fitting within MAX_BUF_SIZE - CVE-2011-1464 * SECURITY UPDATE: denial of service through application crash via integer overflow. - debian/patches/php5-CVE-2011-1466.patch: improve boundary condition checking in SdnToJulian() - CVE-2011-1466 * SECURITY UPDATE: denial of service through application crash when using HTTP proxy with the FTP wrapper - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling - CVE-2011-1469 Files: 55f0b5db6b700a59a84c891ff684dd67 2417 web optional php5_5.1.2-1ubuntu3.22.dsc a15fdb512324baf97e7026cb6d3b9fd7 173464 web optional php5_5.1.2-1ubuntu3.22.diff.gz </pre> Ubuntu Installer 2011-04-29T06:06:48 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12908 <pre>langpack-locales (2.3.18.45) dapper-proposed; urgency=low * Replace tzdata2011e.tar.gz with tzdata2011g.tar.gz: - Egypt abandons DST in 2011 (and forward) (thanks to Alexander Krivenyshev) - LP: #770622 Date: Tue, 26 Apr 2011 11:14:22 -0400 Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Signed-By: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.45 Format: 1.7 Date: Tue, 26 Apr 2011 11:14:22 -0400 Source: langpack-locales Binary: locales Architecture: source Version: 2.3.18.45 Distribution: dapper-proposed Urgency: low Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Description: locales - common files for locale support Changes: langpack-locales (2.3.18.45) dapper-proposed; urgency=low . * Replace tzdata2011e.tar.gz with tzdata2011g.tar.gz: - Egypt abandons DST in 2011 (and forward) (thanks to Alexander Krivenyshev) - LP: #770622 Files: c930d84a5fa032bdd811f6642eb62dd9 1178 base important langpack-locales_2.3.18.45.dsc 5da11bdde8de34a1e56b63dba94e5070 3212209 base important langpack-locales_2.3.18.45.tar.gz </pre> Gary Lasker 2011-04-26T20:25:26 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12907 <pre>openslp (1.2.1-5ubuntu0.2) dapper-security; urgency=low * SECURITY UPDATE: denial of service via circular reference - common/slp_message.c: detect circular reference. Patch thanks to SUSE. - CVE-2010-3609 Date: Tue, 05 Apr 2011 15:05:36 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Ganesan Rajagopal &lt;rganesan&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/openslp/1.2.1-5ubuntu0.2 Format: 1.7 Date: Tue, 05 Apr 2011 15:05:36 -0400 Source: openslp Binary: libslp-dev slptool libslp1 openslp-doc slpd Architecture: source Version: 1.2.1-5ubuntu0.2 Distribution: dapper-security Urgency: low Maintainer: Ganesan Rajagopal &lt;rganesan&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: libslp-dev - OpenSLP development libraries libslp1 - OpenSLP libraries openslp-doc - OpenSLP documentation slpd - OpenSLP Server (slpd) slptool - SLP command line tool Changes: openslp (1.2.1-5ubuntu0.2) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via circular reference - common/slp_message.c: detect circular reference. Patch thanks to SUSE. - CVE-2010-3609 Files: 1846dd18218f52e3f3c7928f5e77480d 1342 net extra openslp_1.2.1-5ubuntu0.2.dsc 77b81cc75bcdaa30c499607f9935ce7e 20504 net extra openslp_1.2.1-5ubuntu0.2.diff.gz </pre> Ubuntu Installer 2011-04-20T13:04:09 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12906 <pre>postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low * SECURITY UPDATE: man-in-the-middle via plaintext command injection - debian/patches/CVE-2011-0411.dpatch: Discard the contents of the stream buffer so there is no pending plaintext in src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge() in src/util/vstream.*. - CVE-2011-0411 * SECURITY UPDATE: symlink attack via incorrect pid dir permissions - debian/postfix.postinst: create pid dir with appropriate permissions. - CVE-2009-2939 Date: Fri, 15 Apr 2011 10:55:16 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: LaMont Jones &lt;lamont&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/postfix/2.2.10-1ubuntu0.3 Format: 1.7 Date: Fri, 15 Apr 2011 10:55:16 -0400 Source: postfix Binary: postfix-doc postfix-pgsql postfix-ldap postfix-dev postfix-pcre postfix postfix-mysql Architecture: source Version: 2.2.10-1ubuntu0.3 Distribution: dapper-security Urgency: low Maintainer: LaMont Jones &lt;lamont&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: postfix - A high-performance mail transport agent postfix-dev - Postfix loadable modules development environment postfix-doc - Postfix documentation postfix-ldap - LDAP map support for Postfix postfix-mysql - MYSQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PGSQL map support for Postfix Changes: postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low . * SECURITY UPDATE: man-in-the-middle via plaintext command injection - debian/patches/CVE-2011-0411.dpatch: Discard the contents of the stream buffer so there is no pending plaintext in src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge() in src/util/vstream.*. - CVE-2011-0411 * SECURITY UPDATE: symlink attack via incorrect pid dir permissions - debian/postfix.postinst: create pid dir with appropriate permissions. - CVE-2009-2939 Files: f214cde47d490fc2c800520e75936b67 1538 mail extra postfix_2.2.10-1ubuntu0.3.dsc e6f700cb0c5641a9812c8da60bf34158 157955 mail extra postfix_2.2.10-1ubuntu0.3.diff.gz </pre> Ubuntu Installer 2011-04-18T15:04:37 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12905 <pre>dhcp3 (3.0.3-6ubuntu7.2) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted hostname - debian/patches/CVE-2011-0997.dpatch: filter strings in client/dhclient.c, common/options.c. - CVE-2011-0997 Date: Mon, 11 Apr 2011 09:04:51 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Eloy A. Paris &lt;peloy&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/dhcp3/3.0.3-6ubuntu7.2 Format: 1.7 Date: Mon, 11 Apr 2011 09:04:51 -0400 Source: dhcp3 Binary: dhcp3-client-udeb dhcp3-common dhcp3-relay dhcp3-dev dhcp3-client dhcp3-server Architecture: source Version: 3.0.3-6ubuntu7.2 Distribution: dapper-security Urgency: low Maintainer: Eloy A. Paris &lt;peloy&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: dhcp3-client - DHCP Client dhcp3-client-udeb - DHCP Client for debian-installer dhcp3-common - Common files used by all the dhcp3* packages dhcp3-dev - API for accessing and modifying the DHCP server and client state dhcp3-relay - DHCP Relay dhcp3-server - DHCP server for automatic IP address assignment Changes: dhcp3 (3.0.3-6ubuntu7.2) dapper-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted hostname - debian/patches/CVE-2011-0997.dpatch: filter strings in client/dhclient.c, common/options.c. - CVE-2011-0997 Files: 2fe76544defdfa3d4ab61d548ea5bc03 1428 net standard dhcp3_3.0.3-6ubuntu7.2.dsc b4a36d1b44e8276211cef0b9bfbb6ea5 68426 net standard dhcp3_3.0.3-6ubuntu7.2.diff.gz Package-Type: udeb </pre> Ubuntu Installer 2011-04-11T20:04:20 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12904 <pre>tiff (3.7.4-1ubuntu3.11) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted THUNDER_2BITDELTAS data - debian/patches/z_CVE-2011-1167.patch: validate bitspersample and make sure npixels is sane in libtiff/tif_thunder.c. - CVE-2011-1167 Date: Wed, 30 Mar 2011 13:34:17 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Jay Berkenbilt &lt;qjb&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.11 Format: 1.7 Date: Wed, 30 Mar 2011 13:34:17 -0400 Source: tiff Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev Architecture: source Version: 3.7.4-1ubuntu3.11 Distribution: dapper-security Urgency: low Maintainer: Jay Berkenbilt &lt;qjb&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.7.4-1ubuntu3.11) dapper-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted THUNDER_2BITDELTAS data - debian/patches/z_CVE-2011-1167.patch: validate bitspersample and make sure npixels is sane in libtiff/tif_thunder.c. - CVE-2011-1167 Files: 9a6dfe139833d6bfb8b2fbc67716220c 1407 libs optional tiff_3.7.4-1ubuntu3.11.dsc 5a188132e4b15d2799285c1c48941cb3 25828 libs optional tiff_3.7.4-1ubuntu3.11.diff.gz </pre> Ubuntu Installer 2011-04-04T17:04:34 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12903 <pre>langpack-locales (2.3.18.44) dapper-proposed; urgency=low * Replace tzdata2011d.tar.gz with tzdata2011e.tar.gz: - africa: Add start and end of DST in 2011 in Morocco. - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th - LP: #747946 Date: Sat, 02 Apr 2011 17:22:26 -0400 Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Signed-By: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.44 Format: 1.7 Date: Sat, 02 Apr 2011 17:22:26 -0400 Source: langpack-locales Binary: locales Architecture: source Version: 2.3.18.44 Distribution: dapper-proposed Urgency: low Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Description: locales - common files for locale support Changes: langpack-locales (2.3.18.44) dapper-proposed; urgency=low . * Replace tzdata2011d.tar.gz with tzdata2011e.tar.gz: - africa: Add start and end of DST in 2011 in Morocco. - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th - LP: #747946 Files: cd49177f5a9df3d21a82fcbe6f1d03fc 1178 base important langpack-locales_2.3.18.44.dsc 13609de49ea7d6e61080ccdb53f2f330 3211273 base important langpack-locales_2.3.18.44.tar.gz </pre> Gary Lasker 2011-04-04T07:56:07 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12902 <pre>vsftpd (2.0.4-0ubuntu4.1) dapper-security; urgency=low * SECURITY UPDATE: denial of service via crafted glob expressions - access.c, defs.h, ls.*: limit number of iterations. - changes extracted from 2.3.3 and 2.3.4 releases. - CVE-2011-0762 Date: Fri, 25 Mar 2011 14:55:46 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Daniel Jacobowitz &lt;dan&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/vsftpd/2.0.4-0ubuntu4.1 Format: 1.7 Date: Fri, 25 Mar 2011 14:55:46 -0400 Source: vsftpd Binary: vsftpd Architecture: source Version: 2.0.4-0ubuntu4.1 Distribution: dapper-security Urgency: low Maintainer: Daniel Jacobowitz &lt;dan&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: vsftpd - The Very Secure FTP Daemon Changes: vsftpd (2.0.4-0ubuntu4.1) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via crafted glob expressions - access.c, defs.h, ls.*: limit number of iterations. - changes extracted from 2.3.3 and 2.3.4 releases. - CVE-2011-0762 Files: eb89a19684ca4c38ff9ff16278d79ade 1277 net extra vsftpd_2.0.4-0ubuntu4.1.dsc 71b3cbf76635b427b4882c4c80aa3339 9002 net extra vsftpd_2.0.4-0ubuntu4.1.diff.gz </pre> Ubuntu Installer 2011-03-29T17:20:37 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12901 <pre>quagga (0.99.2-1ubuntu3.8) dapper-security; urgency=low * SECURITY UPDATE: denial of service via malformed extended communities - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended communities in bgpd/bgp_attr.c. - CVE-2010-1674 Date: Wed, 23 Mar 2011 16:45:49 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Christian Hammers &lt;ch&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/quagga/0.99.2-1ubuntu3.8 Format: 1.7 Date: Wed, 23 Mar 2011 16:45:49 -0400 Source: quagga Binary: quagga quagga-doc Architecture: source Version: 0.99.2-1ubuntu3.8 Distribution: dapper-security Urgency: low Maintainer: Christian Hammers &lt;ch&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: quagga - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon quagga-doc - documentation files for quagga Changes: quagga (0.99.2-1ubuntu3.8) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via malformed extended communities - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended communities in bgpd/bgp_attr.c. - CVE-2010-1674 Files: 87fd7a9171f7c4a4783ad4dc0805f1e1 1411 net optional quagga_0.99.2-1ubuntu3.8.dsc 1eb66fc5a3782ce0589f2b282e696be2 36113 net optional quagga_0.99.2-1ubuntu3.8.diff.gz </pre> Ubuntu Installer 2011-03-29T17:06:51 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12900 <pre>subversion (1.3.1-3ubuntu1.4) dapper-security; urgency=low * SECURITY UPDATE: denial of service via request containing lock token - debian/patches/CVE-2011-0715.patch: correctly handle locks being passed when authn isn't enabled in subversion/mod_dav_svn/repos.c, subversion/mod_dav_svn/version.c. - CVE-2011-0715 Date: Tue, 22 Mar 2011 08:25:32 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Guilherme de S. Pastore &lt;guilherme.pastore&lt; at &gt;terra.com.br&gt; https://launchpad.net/ubuntu/dapper/+source/subversion/1.3.1-3ubuntu1.4 Format: 1.7 Date: Tue, 22 Mar 2011 08:25:32 -0400 Source: subversion Binary: libsvn-core-perl libsvn0 libsvn-javahl python2.4-subversion libsvn-doc libsvn-ruby libsvn-ruby1.8 libapache2-svn python-subversion subversion-tools subversion libsvn0-dev Architecture: source Version: 1.3.1-3ubuntu1.4 Distribution: dapper-security Urgency: low Maintainer: Guilherme de S. Pastore &lt;guilherme.pastore&lt; at &gt;terra.com.br&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: libapache2-svn - apache modules for Subversion (aka. svn) libsvn-core-perl - perl bindings for Subversion (aka. svn) libsvn-doc - development documentation for Subversion (aka. svn) libraries libsvn-javahl - java bindings for Subversion (aka. svn) libsvn-ruby - ruby modules for interfacing with Subversion (aka. svn) libsvn-ruby1.8 - ruby modules for interfacing with Subversion (aka. svn) libsvn0 - shared libraries used by Subversion (aka. svn) libsvn0-dev - development files for Subversion (aka. svn) libraries python-subversion - python modules for interfacing with Subversion (aka. svn) python2.4-subversion - Transitional package to upgrade to python-subversion subversion - advanced version control system (aka. svn) subversion-tools - assorted tools related to Subversion (aka. svn) Changes: subversion (1.3.1-3ubuntu1.4) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via request containing lock token - debian/patches/CVE-2011-0715.patch: correctly handle locks being passed when authn isn't enabled in subversion/mod_dav_svn/repos.c, subversion/mod_dav_svn/version.c. - CVE-2011-0715 Files: f13fd3c6b9263f38a2e8dac505c32ac0 1835 devel optional subversion_1.3.1-3ubuntu1.4.dsc 3f9819904f9113678ff70f4f57a89f53 53398 devel optional subversion_1.3.1-3ubuntu1.4.diff.gz </pre> Ubuntu Installer 2011-03-29T17:06:30 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12899 <pre>langpack-locales (2.3.18.43) dapper-proposed; urgency=low * Replace tzdata2011c.tar.gz with tzdata2011d.tar.gz: - Samoa: Update DST rules (effective April 2nd, 2011) - Cuba: Update DST rules (effective March 13th, 2011) - Turkey: Update DST rules (effective March 27th, 2011) - LP: #735058 Date: Mon, 14 Mar 2011 17:36:51 -0400 Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Signed-By: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.43 Format: 1.7 Date: Mon, 14 Mar 2011 17:36:51 -0400 Source: langpack-locales Binary: locales Architecture: source Version: 2.3.18.43 Distribution: dapper-proposed Urgency: low Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Description: locales - common files for locale support Changes: langpack-locales (2.3.18.43) dapper-proposed; urgency=low . * Replace tzdata2011c.tar.gz with tzdata2011d.tar.gz: - Samoa: Update DST rules (effective April 2nd, 2011) - Cuba: Update DST rules (effective March 13th, 2011) - Turkey: Update DST rules (effective March 27th, 2011) - LP: #735058 Files: 98b886741976eb9a612c48a5a18bb89a 1178 base important langpack-locales_2.3.18.43.dsc 838d1a67c4fe571333efccff807b06e5 3210878 base important langpack-locales_2.3.18.43.tar.gz </pre> Gary Lasker 2011-03-16T09:11:38 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12898 <pre>tiff (3.7.4-1ubuntu3.10) dapper-security; urgency=low * debian/patches/CVE-2011-0192.patch: update for regression in processing of certain CCITTFAX4 files (LP: #731540). - http://bugzilla.maptools.org/show_bug.cgi?id=2297 Date: Mon, 14 Mar 2011 10:56:27 -0700 Changed-By: Kees Cook &lt;kees&lt; at &gt;ubuntu.com&gt; Maintainer: Jay Berkenbilt &lt;qjb&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.10 Format: 1.7 Date: Mon, 14 Mar 2011 10:56:27 -0700 Source: tiff Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev Architecture: source Version: 3.7.4-1ubuntu3.10 Distribution: dapper-security Urgency: low Maintainer: Jay Berkenbilt &lt;qjb&lt; at &gt;debian.org&gt; Changed-By: Kees Cook &lt;kees&lt; at &gt;ubuntu.com&gt; Description: libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.7.4-1ubuntu3.10) dapper-security; urgency=low . * debian/patches/CVE-2011-0192.patch: update for regression in processing of certain CCITTFAX4 files (LP: #731540). - http://bugzilla.maptools.org/show_bug.cgi?id=2297 Files: 19186c480eda8ade1d4fd194a7e08bf6 1445 libs optional tiff_3.7.4-1ubuntu3.10.dsc 92ee677a20237cfdb17b5dcbe024fc81 24707 libs optional tiff_3.7.4-1ubuntu3.10.diff.gz </pre> Ubuntu Installer 2011-03-15T02:04:42 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12897 <pre>langpack-locales (2.3.18.42) dapper-proposed; urgency=low * Replace tzdata2011b.tar.gz with tzdata2011c.tar.gz: - leapseconds: Update notice from IERS (change to commentary only) - northamerica, zone.tab: Replace Juneau with Juneau, Sitka, and Metlakatla - southamerica: For Chile, delay end of DST in 2011 from March 12th to April 2nd - LP: #730873 Date: Mon, 07 Mar 2011 17:20:45 -0500 Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Signed-By: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; https://launchpad.net/ubuntu/dapper/+source/langpack-locales/2.3.18.42 Format: 1.7 Date: Mon, 07 Mar 2011 17:20:45 -0500 Source: langpack-locales Binary: locales Architecture: source Version: 2.3.18.42 Distribution: dapper-proposed Urgency: low Maintainer: Martin Pitt &lt;martin.pitt&lt; at &gt;ubuntu.com&gt; Changed-By: Gary Lasker &lt;gary.lasker&lt; at &gt;canonical.com&gt; Description: locales - common files for locale support Changes: langpack-locales (2.3.18.42) dapper-proposed; urgency=low . * Replace tzdata2011b.tar.gz with tzdata2011c.tar.gz: - leapseconds: Update notice from IERS (change to commentary only) - northamerica, zone.tab: Replace Juneau with Juneau, Sitka, and Metlakatla - southamerica: For Chile, delay end of DST in 2011 from March 12th to April 2nd - LP: #730873 Files: 6cdf72d61a76cdc0dfaecfc3ba318f1e 1178 base important langpack-locales_2.3.18.42.dsc fd8a614051d000ad4f9dda7a28321c92 3209304 base important langpack-locales_2.3.18.42.tar.gz </pre> Gary Lasker 2011-03-08T08:59:41 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12896 <pre>tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite values - debian/patches/z_CVE-2010-2595.patch: validate values in libtiff/tif_color.c. - CVE-2010-2595 * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067) - debian/patches/z_CVE-2010-2597.patch: properly initialize fields in libtiff/tif_strip.c. - CVE-2010-2597 - CVE-2010-2598 * SECURITY UPDATE: denial of service via out-of-order tags - debian/patches/z_CVE-2010-2630.patch: correctly handle order in libtiff/tif_dirread.c. - CVE-2010-2630 * SECURITY UPDATE: denial of service and possible code exection via YCBCRSUBSAMPLING tag - debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in libtiff/tif_dir.c. - CVE-2011-0191 * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in Fax4Decode - debian/patches/z_CVE-2011-0192.patch: check length in libtiff/tif_fax3.h. - CVE-2011-0192 Date: Fri, 04 Mar 2011 10:09:48 -0500 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Jay Berkenbilt &lt;qjb&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.9 Format: 1.7 Date: Fri, 04 Mar 2011 10:09:48 -0500 Source: tiff Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev Architecture: source Version: 3.7.4-1ubuntu3.9 Distribution: dapper-security Urgency: low Maintainer: Jay Berkenbilt &lt;qjb&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite values - debian/patches/z_CVE-2010-2595.patch: validate values in libtiff/tif_color.c. - CVE-2010-2595 * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067) - debian/patches/z_CVE-2010-2597.patch: properly initialize fields in libtiff/tif_strip.c. - CVE-2010-2597 - CVE-2010-2598 * SECURITY UPDATE: denial of service via out-of-order tags - debian/patches/z_CVE-2010-2630.patch: correctly handle order in libtiff/tif_dirread.c. - CVE-2010-2630 * SECURITY UPDATE: denial of service and possible code exection via YCBCRSUBSAMPLING tag - debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in libtiff/tif_dir.c. - CVE-2011-0191 * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in Fax4Decode - debian/patches/z_CVE-2011-0192.patch: check length in libtiff/tif_fax3.h. - CVE-2011-0192 Files: cecd72b7ff2bcb007ca1113dd983f0a2 1405 libs optional tiff_3.7.4-1ubuntu3.9.dsc 3cf3842eea7eb46f37c7ad2b6f700184 24369 libs optional tiff_3.7.4-1ubuntu3.9.diff.gz </pre> Ubuntu Installer 2011-03-07T15:10:09 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12895 <pre>logwatch (7.1-2ubuntu0.1) dapper-security; urgency=low * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&amp;revision=26 (backported to dapper) - CVE-2011-1018 Date: Mon, 28 Feb 2011 14:03:55 -0800 Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Maintainer: Willi Mann &lt;willi&lt; at &gt;wm1.at&gt; https://launchpad.net/ubuntu/dapper/+source/logwatch/7.1-2ubuntu0.1 Format: 1.7 Date: Mon, 28 Feb 2011 14:03:55 -0800 Source: logwatch Binary: logwatch Architecture: source Version: 7.1-2ubuntu0.1 Distribution: dapper-security Urgency: low Maintainer: Willi Mann &lt;willi&lt; at &gt;wm1.at&gt; Changed-By: Steve Beattie &lt;sbeattie&lt; at &gt;ubuntu.com&gt; Description: logwatch - log analyser with nice output written in Perl Changes: logwatch (7.1-2ubuntu0.1) dapper-security; urgency=low . * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&amp;revision=26 (backported to dapper) - CVE-2011-1018 Files: 06bc2fc23f59bd7f2a106744dd890f62 1227 admin optional logwatch_7.1-2ubuntu0.1.dsc feaedc24b671d584db32273ba34c010d 14719 admin optional logwatch_7.1-2ubuntu0.1.diff.gz </pre> Ubuntu Installer 2011-03-01T00:04:04 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12894 <pre>samba (3.0.22-1ubuntu3.14) dapper-security; urgency=low * SECURITY UPDATE: denial of service via missing range checks on file descriptors - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous file descriptors. - CVE-2011-0719 Date: Thu, 24 Feb 2011 13:11:08 -0500 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Eloy A. Paris &lt;peloy&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/samba/3.0.22-1ubuntu3.14 Format: 1.7 Date: Thu, 24 Feb 2011 13:11:08 -0500 Source: samba Binary: samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat winbind smbclient samba python2.4-samba libsmbclient-dev samba-common samba-dbg smbfs Architecture: source Version: 3.0.22-1ubuntu3.14 Distribution: dapper-security Urgency: low Maintainer: Eloy A. Paris &lt;peloy&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: libpam-smbpass - pluggable authentication module for SMB/CIFS password database libsmbclient - shared library that allows applications to talk to SMB/CIFS serve libsmbclient-dev - libsmbclient static libraries and headers python2.4-samba - Python bindings that allow access to various aspects of Samba samba - a LanManager-like file and printer server for Unix samba-common - Samba common files used by both the server and the client samba-dbg - Samba debugging symbols samba-doc - Samba documentation samba-doc-pdf - Samba documentation (PDF format) smbclient - a LanManager-like simple client for Unix smbfs - mount and umount commands for the smbfs (for kernels &gt;= than 2.2. swat - Samba Web Administration Tool winbind - service to resolve user and group information from Windows NT ser Changes: samba (3.0.22-1ubuntu3.14) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via missing range checks on file descriptors - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous file descriptors. - CVE-2011-0719 Files: 14e3c068c7690f01b8cbb32e50e6c11f 1846 net optional samba_3.0.22-1ubuntu3.14.dsc 0ece5aa29a3f84eebda13c6d64b49248 169665 net optional samba_3.0.22-1ubuntu3.14.diff.gz </pre> Ubuntu Installer 2011-02-28T18:10:42 http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.dapper/12893 <pre>mailman (2.1.5-9ubuntu4.4) dapper-security; urgency=low * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py - debian/patches/101_CVE-2011-0707.dpatch: properly clean strings in Mailman/Cgi/confirm.py. - CVE-2011-0707 * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list information and description fields - debian/patches/102_CVE-2010-3089.dpatch: properly clean strings in Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py. - CVE-2010-3089 Date: Thu, 17 Feb 2011 10:14:56 -0500 Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Maintainer: Tollef Fog Heen &lt;tfheen&lt; at &gt;debian.org&gt; https://launchpad.net/ubuntu/dapper/+source/mailman/2.1.5-9ubuntu4.4 Format: 1.7 Date: Thu, 17 Feb 2011 10:14:56 -0500 Source: mailman Binary: mailman Architecture: source Version: 2.1.5-9ubuntu4.4 Distribution: dapper-security Urgency: low Maintainer: Tollef Fog Heen &lt;tfheen&lt; at &gt;debian.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers&lt; at &gt;ubuntu.com&gt; Description: mailman - Powerful, web-based mailing list manager Changes: mailman (2.1.5-9ubuntu4.4) dapper-security; urgency=low . * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py - debian/patches/101_CVE-2011-0707.dpatch: properly clean strings in Mailman/Cgi/confirm.py. - CVE-2011-0707 * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list information and description fields - debian/patches/102_CVE-2010-3089.dpatch: properly clean strings in Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py. - CVE-2010-3089 Files: 5c7aff5e4724b0f37e73165c57174819 1275 mail optional mailman_2.1.5-9ubuntu4.4.dsc f863a1a24aa3b324374c5ef6c73d40e8 233552 mail optional mailman_2.1.5-9ubuntu4.4.diff.gz </pre> Ubuntu Installer 2011-02-22T20:07:04 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.ubuntu.devel.changes.dapper