gmane.linux.ubuntu.devel.changes.karmic http://blog.gmane.org/gmane.linux.ubuntu.devel.changes.karmic hourly 1 1901-01-01T00:00+00:00 Gmane http://gmane.org/img/gmane-25t.png http://gmane.org [ubuntu/karmic-security]php5_5.2.10.dfsg.1-2ubuntu6.10_lpia_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_armel_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_sparc_translations.tar.gz (delayed),php5_5.2.10.dfsg.1-2ubuntu6.10_i386_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_amd64_translations.tar.gz, php5,php5_5.2.10.dfsg.1-2ubuntu6.10_ia64_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.10_powerpc_translations.tar.gz5.2.10.dfsg.1-2ubuntu6.10 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12254 <pre>php5 (5.2.10.dfsg.1-2ubuntu6.10) karmic-security; urgency=low * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) Date: Mon, 02 May 2011 09:21:27 -0700 Changed-By: Steve Beattie &lt;sbeattie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/php5/5.2.10.dfsg.1-2ubuntu6.10 Format: 1.8 Date: Mon, 02 May 2011 09:21:27 -0700 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.2.10.dfsg.1-2ubuntu6.10 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Steve Beattie &lt;sbeattie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.2.10.dfsg.1-2ubuntu6.10) karmic-security; urgency=low . * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) Checksums-Sha1: 0569690480c9d080789f0fd70bd4f78fe184e7d8 3169 php5_5.2.10.dfsg.1-2ubuntu6.10.dsc f4f3f735bf7ed336bac31767393a2146217a5ac6 996997 php5_5.2.10.dfsg.1-2ubuntu6.10.diff.gz Checksums-Sha256: 7506f22ceba3f11ea45084888eadaf7f358dec4b42017decb21e4eef6d2a9d28 3169 php5_5.2.10.dfsg.1-2ubuntu6.10.dsc f9b29b7dc514aa6a77d5bd65be5dde19d1ef372c09120e9abf29a2b796bd839a 996997 php5_5.2.10.dfsg.1-2ubuntu6.10.diff.gz Files: 3c99fcb5e63473a8296e4d3264ada8a4 3169 php optional php5_5.2.10.dfsg.1-2ubuntu6.10.dsc 4a503f73d5e9d22d8f7d64617e999054 996997 php optional php5_5.2.10.dfsg.1-2ubuntu6.10.diff.gz Launchpad-Bugs-Fixed: 774452 Original-Maintainer: Debian PHP Maintainers &lt;pkg-php-maint-XbBxUvOt3X2LieD7tvxI8g&lt; at &gt;public.gmane.orgian.org&gt; </pre> Ubuntu Installer 2011-05-04T22:03:28 [ubuntu/karmic-security]php5_5.2.10.dfsg.1-2ubuntu6.9_amd64_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_ia64_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_powerpc_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_lpia_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_sparc_translations.tar.gz (delayed),php5, php5_5.2.10.dfsg.1-2ubuntu6.9_armel_translations.tar.gz,php5_5.2.10.dfsg.1-2ubuntu6.9_i386_translations.tar.gz5.2.10.dfsg.1-2ubuntu6.9 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12253 <pre>php5 (5.2.10.dfsg.1-2ubuntu6.9) karmic-security; urgency=low * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files. - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 * SECURITY UPDATE: symlink tmp races in pear install - debian/patches/php5-pear-CVE-2011-1072.patch: improved tempfile handling. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1072 * SECURITY UPDATE: more symlink races in pear install - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save file handler. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1144 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2010-4697.patch: retain reference to object until getter/setter are done. - CVE-2010-4697 * SECURITY UPDATE: denial of service through application crash with invalid images - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing steps are either 4 or 16. - CVE-2010-4698 * SECURITY UPDATE: denial of service through application crash - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully when handling zero sized zipfile with the FL_UNCHANGED argument - CVE-2011-0421 * SECURITY UPDATE: denial of service through application crash when handling images with invalid exif tags - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking - CVE-2011-0708 * SECURITY UPDATE: denial of service and possible data disclosure through integer overflow - debian/patches/php5-CVE-2011-1092.patch: better boundary condition checks in shmop_read() - CVE-2011-1092 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2011-1148.patch: improve reference counting - CVE-2011-1148 * SECURITY UPDATE: denial of service through buffer overflow crash (code execution mitigated by compilation with Fortify Source) - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision to ensure fitting within MAX_BUF_SIZE - CVE-2011-1464 * SECURITY UPDATE: denial of service through application crash via integer overflow. - debian/patches/php5-CVE-2011-1466.patch: improve boundary condition checking in SdnToJulian() - CVE-2011-1466 * SECURITY UPDATE: denial of service through application crash when using HTTP proxy with the FTP wrapper - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling - CVE-2011-1469 * SECURITY UPDATE: denial of service through application crash when handling ziparchive streams - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of the meta data structure - CVE-2011-1470 * SECURITY UPDATE: denial of service through application crash when handling malformed zip files - debian/patches/php5-CVE-2011-1471.patch: correct integer signedness error when handling zip_fread() return value. - CVE-2011-1471 Date: Thu, 28 Apr 2011 05:37:29 -0700 Changed-By: Steve Beattie &lt;sbeattie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/php5/5.2.10.dfsg.1-2ubuntu6.9 Format: 1.8 Date: Thu, 28 Apr 2011 05:37:29 -0700 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.2.10.dfsg.1-2ubuntu6.9 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Steve Beattie &lt;sbeattie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.2.10.dfsg.1-2ubuntu6.9) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files. - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 * SECURITY UPDATE: symlink tmp races in pear install - debian/patches/php5-pear-CVE-2011-1072.patch: improved tempfile handling. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1072 * SECURITY UPDATE: more symlink races in pear install - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save file handler. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1144 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2010-4697.patch: retain reference to object until getter/setter are done. - CVE-2010-4697 * SECURITY UPDATE: denial of service through application crash with invalid images - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing steps are either 4 or 16. - CVE-2010-4698 * SECURITY UPDATE: denial of service through application crash - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully when handling zero sized zipfile with the FL_UNCHANGED argument - CVE-2011-0421 * SECURITY UPDATE: denial of service through application crash when handling images with invalid exif tags - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking - CVE-2011-0708 * SECURITY UPDATE: denial of service and possible data disclosure through integer overflow - debian/patches/php5-CVE-2011-1092.patch: better boundary condition checks in shmop_read() - CVE-2011-1092 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2011-1148.patch: improve reference counting - CVE-2011-1148 * SECURITY UPDATE: denial of service through buffer overflow crash (code execution mitigated by compilation with Fortify Source) - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision to ensure fitting within MAX_BUF_SIZE - CVE-2011-1464 * SECURITY UPDATE: denial of service through application crash via integer overflow. - debian/patches/php5-CVE-2011-1466.patch: improve boundary condition checking in SdnToJulian() - CVE-2011-1466 * SECURITY UPDATE: denial of service through application crash when using HTTP proxy with the FTP wrapper - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling - CVE-2011-1469 * SECURITY UPDATE: denial of service through application crash when handling ziparchive streams - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of the meta data structure - CVE-2011-1470 * SECURITY UPDATE: denial of service through application crash when handling malformed zip files - debian/patches/php5-CVE-2011-1471.patch: correct integer signedness error when handling zip_fread() return value. - CVE-2011-1471 Checksums-Sha1: 1d5b29a4ecbbea067e9b256d230fa1010c10c49c 3165 php5_5.2.10.dfsg.1-2ubuntu6.9.dsc 65ed269ae661bf7c4f1d0752b40db7e87019dfde 996525 php5_5.2.10.dfsg.1-2ubuntu6.9.diff.gz Checksums-Sha256: 9c79d89902f9a7df8c06b42bfa1a9a52141c723797d522df41241037e006c358 3165 php5_5.2.10.dfsg.1-2ubuntu6.9.dsc 2adb7b3e70e394dd8c34811bff29ef8e3579c9240eca1799593917cd29378245 996525 php5_5.2.10.dfsg.1-2ubuntu6.9.diff.gz Files: b10d7914090cf20ab35ae270d430a88e 3165 php optional php5_5.2.10.dfsg.1-2ubuntu6.9.dsc 6de24534da33b686d675ccf3f5bde0f7 996525 php optional php5_5.2.10.dfsg.1-2ubuntu6.9.diff.gz Original-Maintainer: Debian PHP Maintainers &lt;pkg-php-maint-XbBxUvOt3X2LieD7tvxI8g&lt; at &gt;public.gmane.orgian.org&gt; </pre> Ubuntu Installer 2011-04-29T06:05:10 [ubuntu/karmic-security] pcsc-lite (delayed),pcsc-lite 1.5.3-1ubuntu1.2 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12252 <pre>pcsc-lite (1.5.3-1ubuntu1.2) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via long attribute value - src/atrhandler.c: verify against maximum attribute size. - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html - CVE-2010-4531 Date: Thu, 14 Apr 2011 09:39:10 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/pcsc-lite/1.5.3-1ubuntu1.2 Format: 1.8 Date: Thu, 14 Apr 2011 09:39:10 -0400 Source: pcsc-lite Binary: pcscd libpcsclite-dev libpcsclite1 Architecture: source Version: 1.5.3-1ubuntu1.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libpcsclite-dev - Middleware to access a smart card using PC/SC (development files) libpcsclite1 - Middleware to access a smart card using PC/SC (library) pcscd - Middleware to access a smart card using PC/SC (daemon side) Changes: pcsc-lite (1.5.3-1ubuntu1.2) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via long attribute value - src/atrhandler.c: verify against maximum attribute size. - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html - CVE-2010-4531 Checksums-Sha1: cc8f15724b03f8fd3677e0bfca3a7db278d6b383 1987 pcsc-lite_1.5.3-1ubuntu1.2.dsc b6aac372b618a06ed1d115c70e2dfc46ca4278fe 14903 pcsc-lite_1.5.3-1ubuntu1.2.diff.gz Checksums-Sha256: a42804fcfb0cfb1609d7afd57260dbafa21cb3367d1c8a408e59c90c539c86c9 1987 pcsc-lite_1.5.3-1ubuntu1.2.dsc 84fa56ec34e169b3c67b461e9c3cc51e663d943efa809dc3bb99260599405e75 14903 pcsc-lite_1.5.3-1ubuntu1.2.diff.gz Files: 08f42a5615025d1e7738f454ada2bdca 1987 misc extra pcsc-lite_1.5.3-1ubuntu1.2.dsc d6cd568220a62501ed9bf42d571e0536 14903 misc extra pcsc-lite_1.5.3-1ubuntu1.2.diff.gz Original-Maintainer: Ludovic Rousseau &lt;rousseau-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-27T20:03:46 [ubuntu/karmic-security] rsync,rsync (delayed) 3.0.6-1ubuntu1.1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12251 <pre>rsync (3.0.6-1ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: denial of service and possible arbitrary code execution via malformed data - debian/patches/security-CVE-2011-1097.diff: introduce and use FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*. - CVE-2011-1097 Date: Fri, 08 Apr 2011 10:18:37 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/rsync/3.0.6-1ubuntu1.1 Format: 1.8 Date: Fri, 08 Apr 2011 10:18:37 -0400 Source: rsync Binary: rsync Architecture: source Version: 3.0.6-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: rsync - fast remote file copy program (like rcp) Changes: rsync (3.0.6-1ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: denial of service and possible arbitrary code execution via malformed data - debian/patches/security-CVE-2011-1097.diff: introduce and use FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*. - CVE-2011-1097 Checksums-Sha1: 058fb050a28b97020494032412144e5a18ac27c0 1704 rsync_3.0.6-1ubuntu1.1.dsc fc899247263c2e4502eb29e3da9b764fc3023dc5 23615 rsync_3.0.6-1ubuntu1.1.diff.gz Checksums-Sha256: b59e50650c1ef60957fa3c50a16728e2fe421b1ad65d6c5ab8a42f43c2409982 1704 rsync_3.0.6-1ubuntu1.1.dsc b1f6738e15ad2ddb5f30cde7284911cc1768b4469ffb186d10380d9735c21d98 23615 rsync_3.0.6-1ubuntu1.1.diff.gz Files: 8016bf7448aaf9bcb69cd7714e746c02 1704 net optional rsync_3.0.6-1ubuntu1.1.dsc 4c99f7313c83059e4ef36690b3813c72 23615 net optional rsync_3.0.6-1ubuntu1.1.diff.gz Original-Maintainer: Paul Slootman &lt;paul-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-27T15:03:29 [ubuntu/karmic-proposed] landscape-client 11.02-0ubuntu0.9.10.1(Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12250 <pre>landscape-client (11.02-0ubuntu0.9.10.1) karmic-proposed; urgency=low * debian/control, debian/rules: Add quilt * debian/patches/fix-landscape-monitor.patch: Fix landscape monitoring with gir1.0-gudev-1.0 installed. (LP: #747498) landscape-client (11.02-0ubuntu0.9.10.0) karmic-proposed; urgency=low * New upstream version (LP: #727324) - Exit gracefully instead of crashing when the filesystem is read-only (LP: #649997). - Drop hal requirement (LP: #708502). - Enable HTTP compression in Curl (LP: #297623). - Explicitly name log files that need to be rotated (LP: #634236). - Assorted test suite fixes. - Use a better load check for the sysinfo wrapper, taking into account the number of cores (LP: #643565). - Add an option to bootstrap cloud instances using cloud-init (LP: #701972). - Fix packaging for Natty (LP: #688115). - Force deletion of all the persist data for the monitoring plugins at resynchronization, instead of relying each one of them to do (LP: #688161). - Don't send the mount-activity message to the server anymore (LP: #688514). - Workaround a new behavior in NetworkManager where getfqdn would report localhost instead of useful hostname (LP: #649142). Date: Tue, 12 Apr 2011 15:15:46 -0400 Changed-By: Chuck Short &lt;zulcss-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Signed-By: Chuck Short &lt;chuck.short-Z7WLFzj8eWMS+FvcfC7Uqw&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/landscape-client/11.02-0ubuntu0.9.10.1 Format: 1.8 Date: Tue, 12 Apr 2011 15:15:46 -0400 Source: landscape-client Binary: landscape-common landscape-client Architecture: source Version: 11.02-0ubuntu0.9.10.1 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Chuck Short &lt;zulcss-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: landscape-client - The Landscape administration system client landscape-common - The Landscape administration system client Launchpad-Bugs-Fixed: 297623 634236 643565 649142 649997 688115 688161 688514 701972 708502 727324 747498 Changes: landscape-client (11.02-0ubuntu0.9.10.1) karmic-proposed; urgency=low . * debian/control, debian/rules: Add quilt * debian/patches/fix-landscape-monitor.patch: Fix landscape monitoring with gir1.0-gudev-1.0 installed. (LP: #747498) . landscape-client (11.02-0ubuntu0.9.10.0) karmic-proposed; urgency=low . * New upstream version (LP: #727324) . - Exit gracefully instead of crashing when the filesystem is read-only (LP: #649997). . - Drop hal requirement (LP: #708502). . - Enable HTTP compression in Curl (LP: #297623). . - Explicitly name log files that need to be rotated (LP: #634236). . - Assorted test suite fixes. . - Use a better load check for the sysinfo wrapper, taking into account the number of cores (LP: #643565). . - Add an option to bootstrap cloud instances using cloud-init (LP: #701972). . - Fix packaging for Natty (LP: #688115). . - Force deletion of all the persist data for the monitoring plugins at resynchronization, instead of relying each one of them to do (LP: #688161). . - Don't send the mount-activity message to the server anymore (LP: #688514). . - Workaround a new behavior in NetworkManager where getfqdn would report localhost instead of useful hostname (LP: #649142). Checksums-Sha1: f00101e5b0ca4a9786ab05709039501a577ea493 1317 landscape-client_11.02-0ubuntu0.9.10.1.dsc 3e87bf85976a9009a0e3111dc7a8b515ede49725 21750 landscape-client_11.02-0ubuntu0.9.10.1.diff.gz Checksums-Sha256: 346bca58ef44ff5de954aec1d92fbaceee19a8296fa3345d6b51ae209406df73 1317 landscape-client_11.02-0ubuntu0.9.10.1.dsc 5f52446d06fbdd509e9be311997fcd5c64f6d45b722cc2d3e2413e22168bbb99 21750 landscape-client_11.02-0ubuntu0.9.10.1.diff.gz Files: 786c3598091419bf7910d083cfdb44a3 1317 admin optional landscape-client_11.02-0ubuntu0.9.10.1.dsc 4f1c37b5392e656900456a747c5a487f 21750 admin optional landscape-client_11.02-0ubuntu0.9.10.1.diff.gz Original-Maintainer: Landscape Team &lt;landscape-team-Z7WLFzj8eWMS+FvcfC7Uqw&lt; at &gt;public.gmane.org&gt; </pre> Chuck Short 2011-04-26T17:18:13 [ubuntu/karmic-security]openslp-dfsg_1.2.1-7.5ubuntu0.1_lpia_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_amd64_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_armel_translations.tar.gz,openslp-dfsg,openslp-dfsg_1.2.1-7.5ubuntu0.1_sparc_translations.tar.gz (delayed),openslp-dfsg_1.2.1-7.5ubuntu0.1_i386_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_powerpc_translations.tar.gz,openslp-dfsg_1.2.1-7.5ubuntu0.1_ia64_translations.tar.gz1.2.1-7.5ubuntu0.1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12249 <pre>openslp-dfsg (1.2.1-7.5ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: denial of service via circular reference - common/slp_message.c: detect circular reference. Patch thanks to SUSE. - CVE-2010-3609 Date: Tue, 05 Apr 2011 15:02:25 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/openslp-dfsg/1.2.1-7.5ubuntu0.1 Format: 1.8 Date: Tue, 05 Apr 2011 15:02:25 -0400 Source: openslp-dfsg Binary: slpd openslp-doc libslp1 slptool libslp-dev Architecture: source Version: 1.2.1-7.5ubuntu0.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libslp-dev - OpenSLP development libraries libslp1 - OpenSLP libraries openslp-doc - OpenSLP documentation slpd - OpenSLP Server (slpd) slptool - SLP command line tool Changes: openslp-dfsg (1.2.1-7.5ubuntu0.1) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via circular reference - common/slp_message.c: detect circular reference. Patch thanks to SUSE. - CVE-2010-3609 Checksums-Sha1: b5e9ecce7ecd35fe2da14cd7d4c84e1145a852e6 1863 openslp-dfsg_1.2.1-7.5ubuntu0.1.dsc a97cc5bd010cea5c6b12b5ac97d53b0ecddab188 252583 openslp-dfsg_1.2.1-7.5ubuntu0.1.diff.gz Checksums-Sha256: 7fedaea059f0e54b9f27e298961cff86e7dd9b644e863e26ba903cd0c6f91ab9 1863 openslp-dfsg_1.2.1-7.5ubuntu0.1.dsc 7722f10271c70f15248385255a19de8e669344b4c141d96938af3d54b5d04fc3 252583 openslp-dfsg_1.2.1-7.5ubuntu0.1.diff.gz Files: 82212b67a1a180ee19371901a8a353e0 1863 net extra openslp-dfsg_1.2.1-7.5ubuntu0.1.dsc dbe4142702b9b9c82e83d7fc9ae3c1f7 252583 net extra openslp-dfsg_1.2.1-7.5ubuntu0.1.diff.gz Original-Maintainer: Ganesan Rajagopal &lt;rganesan-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-20T13:03:43 [ubuntu/karmic-security]policykit-1_0.94-1ubuntu1.1_lpia_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_amd64_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_sparc_translations.tar.gz (delayed),policykit-1_0.94-1ubuntu1.1_powerpc_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_ia64_translations.tar.gz,policykit-1_0.94-1ubuntu1.1_armel_translations.tar.gz, policykit-1,policykit-1_0.94-1ubuntu1.1_i386_translations.tar.gz 0.94-1ubuntu1.1(Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12248 <pre>policykit-1 (0.94-1ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: avoid /proc race conditions when checking privileges for pkexec. - 10_fix_proc_race.patch - CVE-2011-1485 Date: Tue, 19 Apr 2011 13:06:21 -0700 Changed-By: Kees Cook &lt;kees-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/policykit-1/0.94-1ubuntu1.1 Format: 1.8 Date: Tue, 19 Apr 2011 13:06:21 -0700 Source: policykit-1 Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev Architecture: source Version: 0.94-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Kees Cook &lt;kees-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-backend-1-0 - PolicyKit backend API libpolkit-backend-1-dev - PolicyKit backend API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files policykit-1 - framework for managing administrative policies and privileges policykit-1-doc - documentation for PolicyKit-1 Changes: policykit-1 (0.94-1ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: avoid /proc race conditions when checking privileges for pkexec. - 10_fix_proc_race.patch - CVE-2011-1485 Checksums-Sha1: 82e21b6f0fef958b9e636b44bdc877c1f8746b4d 2414 policykit-1_0.94-1ubuntu1.1.dsc f4b0c4260014882952dd25e1d7b17eded3538925 19841 policykit-1_0.94-1ubuntu1.1.diff.gz Checksums-Sha256: 5b760b3ac5e08ef6f06d159f4252cbe5656f5f59906ac666899fc5d67408fdb2 2414 policykit-1_0.94-1ubuntu1.1.dsc f3cab3a394fdc132b4985b1f26d28bfc56594dac0a295f5376c3f08c8bf83651 19841 policykit-1_0.94-1ubuntu1.1.diff.gz Files: 3aa9466530a98ea3375228818e626ba9 2414 admin optional policykit-1_0.94-1ubuntu1.1.dsc 9bf4378335c2d4258af84394ecf3024c 19841 admin optional policykit-1_0.94-1ubuntu1.1.diff.gz Original-Maintainer: Utopia Maintenance Team &lt;pkg-utopia-maintainers&lt; at &gt;lists.alioth.debian.org&gt; </pre> Ubuntu Installer 2011-04-19T23:03:57 [ubuntu/karmic-security] krb5,krb5_1.7dfsg~beta3-1ubuntu0.13_amd64_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_armel_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_powerpc_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_lpia_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_sparc_translations.tar.gz (delayed),krb5_1.7dfsg~beta3-1ubuntu0.13_ia64_translations.tar.gz,krb5_1.7dfsg~beta3-1ubuntu0.13_i386_translations.tar.gz1.7dfsg~beta3-1ubuntu0.13 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12247 <pre>krb5 (1.7dfsg~beta3-1ubuntu0.13) karmic-security; urgency=low * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 Date: Mon, 18 Apr 2011 15:40:41 -0700 Changed-By: Kees Cook &lt;kees-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/krb5/1.7dfsg~beta3-1ubuntu0.13 Format: 1.8 Date: Mon, 18 Apr 2011 15:40:41 -0700 Source: krb5 Binary: krb5-user krb5-clients krb5-rsh-server krb5-ftpd krb5-telnetd krb5-kdc krb5-kdc-ldap krb5-admin-server libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv6 libkadm5clnt6 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.7dfsg~beta3-1ubuntu0.13 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Kees Cook &lt;kees-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-clients - Secure replacements for ftp, telnet and rsh using MIT Kerberos krb5-doc - Documentation for MIT Kerberos krb5-ftpd - Secure FTP server supporting MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-rsh-server - Secure replacements for rshd and rlogind using MIT Kerberos krb5-telnetd - Secure telnet server supporting MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt6 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv6 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.7dfsg~beta3-1ubuntu0.13) karmic-security; urgency=low . * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 Checksums-Sha1: 018cac2dfd3527de00aab78582b7b0a48e63053f 2419 krb5_1.7dfsg~beta3-1ubuntu0.13.dsc 9d9c3566e3ceede47852cd8a68d8e25532373bc9 119678 krb5_1.7dfsg~beta3-1ubuntu0.13.diff.gz Checksums-Sha256: c2096bd737111cde1e58bb402dc606b6a13b7be9676b936389069276165c0936 2419 krb5_1.7dfsg~beta3-1ubuntu0.13.dsc de5afff73997b75b92db7801d754ba7b21721b5938111acefe565fb9d98a0621 119678 krb5_1.7dfsg~beta3-1ubuntu0.13.diff.gz Files: eb6e5391687a6f897fe52e1624b79ddc 2419 net standard krb5_1.7dfsg~beta3-1ubuntu0.13.dsc 37bb41b8c9bdd87c9609002cd598a137 119678 net standard krb5_1.7dfsg~beta3-1ubuntu0.13.diff.gz Original-Maintainer: Sam Hartman &lt;hartmans-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-19T21:05:09 [ubuntu/karmic-security] ia32-libs (delayed),ia32-libs 2.7ubuntu17.1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12246 <pre>ia32-libs (2.7ubuntu17.1) karmic-security; urgency=low * SECURITY UPDATE: Refresh packages to pull in security fixes, including: - lcms: buffer overflow, CVE-2009-0793 (LP: #700198) - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245, and CVE-2010-2939 - libpango1.0: multiple DoS, possible code execution issues: CVE-2010-0421, CVE-2011-0020, CVE-2011-0064 - libfreetype: multiple DoS, possible code execution issues: CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527 - nss: many issues Date: Tue, 12 Apr 2011 02:08:26 -0700 Changed-By: Steve Beattie &lt;sbeattie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/ia32-libs/2.7ubuntu17.1 Format: 1.8 Date: Tue, 12 Apr 2011 02:08:26 -0700 Source: ia32-libs Binary: ia32-libs ia32-libs-dev lib32gcc1 Architecture: source Version: 2.7ubuntu17.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Steve Beattie &lt;sbeattie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: ia32-libs - ia32 shared libraries for use on amd64 and ia64 systems ia32-libs-dev - ia32 development libraries and headers for use on ia32/ia64 syste lib32gcc1 - GCC support library (ia32) Changes: ia32-libs (2.7ubuntu17.1) karmic-security; urgency=low . * SECURITY UPDATE: Refresh packages to pull in security fixes, including: - lcms: buffer overflow, CVE-2009-0793 (LP: #700198) - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245, and CVE-2010-2939 - libpango1.0: multiple DoS, possible code execution issues: CVE-2010-0421, CVE-2011-0020, CVE-2011-0064 - libfreetype: multiple DoS, possible code execution issues: CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527 - nss: many issues Checksums-Sha1: c6bbf7f1e968008299e65950b9885d80d47babcf 1711 ia32-libs_2.7ubuntu17.1.dsc e2d013ca83baa0782d946ed3115b65a747ddd65d 648327833 ia32-libs_2.7ubuntu17.1.tar.gz Checksums-Sha256: 76f64ab2562fce48ffce57d78327d16b306aef26e4c675c966ec88638641c266 1711 ia32-libs_2.7ubuntu17.1.dsc e7b0298ce35ffe980d03ea73a741e33be18ab90947648edfe43a483b77d60e5a 648327833 ia32-libs_2.7ubuntu17.1.tar.gz Files: 81fc767c663a6cff19302e53cc462736 1711 libs extra ia32-libs_2.7ubuntu17.1.dsc 7b95ff9d2ae5a3535a0bc8c105934b95 648327833 libs extra ia32-libs_2.7ubuntu17.1.tar.gz Launchpad-Bugs-Fixed: 700198 Original-Maintainer: Debian ia32-libs Team &lt;pkg-ia32-libs-maintainers&lt; at &gt;lists.alioth.debian.org&gt; </pre> Ubuntu Installer 2011-04-19T19:07:01 [ubuntu/karmic-security] dhcp3,dhcp3_3.1.2-1ubuntu7.3_sparc_translations.tar.gz (delayed),dhcp3_3.1.2-1ubuntu7.3_ia64_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_powerpc_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_lpia_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_armel_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_i386_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.3_amd64_translations.tar.gz 3.1.2-1ubuntu7.3(Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12245 <pre>dhcp3 (3.1.2-1ubuntu7.3) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted hostname - Patch for CVE-2011-0997 was getting reverted during the build because of special quilt handling in debian/rules for the ldap patches. - debian/patches/00list: move CVE-2011-0997 patch before the ldap patches, and add comment. - CVE-2011-0997 Date: Tue, 19 Apr 2011 09:25:29 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/dhcp3/3.1.2-1ubuntu7.3 Format: 1.8 Date: Tue, 19 Apr 2011 09:25:29 -0400 Source: dhcp3 Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay Architecture: source Version: 3.1.2-1ubuntu7.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: dhcp-client - DHCP client transitional package dhcp3-client - DHCP client dhcp3-client-udeb - DHCP Client for debian-installer (udeb) dhcp3-common - common files used by all the dhcp3* packages dhcp3-dev - API for accessing and modifying the DHCP server and client state dhcp3-relay - DHCP relay daemon dhcp3-server - DHCP server for automatic IP address assignment dhcp3-server-ldap - DHCP server able to use LDAP as backend Changes: dhcp3 (3.1.2-1ubuntu7.3) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted hostname - Patch for CVE-2011-0997 was getting reverted during the build because of special quilt handling in debian/rules for the ldap patches. - debian/patches/00list: move CVE-2011-0997 patch before the ldap patches, and add comment. - CVE-2011-0997 Checksums-Sha1: e524645cccd67d4511fb4d14620a620ad75edf90 1955 dhcp3_3.1.2-1ubuntu7.3.dsc ae54fbd5345ea0e58c9db3da201ed3839fe4c3ec 141749 dhcp3_3.1.2-1ubuntu7.3.diff.gz Checksums-Sha256: 25689dc82467cdab569697d1f3b17334b7714be41c8c928a23a3d8e6e3abf5bd 1955 dhcp3_3.1.2-1ubuntu7.3.dsc dfb72f05fa44e11ec136d101d500b638b72f073eb4b8739cf3b8b0e63860b8ba 141749 dhcp3_3.1.2-1ubuntu7.3.diff.gz Files: b475ab0108aefa66a6293e96db101fa1 1955 net important dhcp3_3.1.2-1ubuntu7.3.dsc d798b12718b01c7d2dd37130b83cd48a 141749 net important dhcp3_3.1.2-1ubuntu7.3.diff.gz Original-Maintainer: Andrew Pollock &lt;apollock-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-19T18:03:58 [ubuntu/karmic-security]kdenetwork_4.3.2-0ubuntu4.5_armel_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_sparc_translations.tar.gz (delayed),kdenetwork_4.3.2-0ubuntu4.5_i386_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_lpia_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_amd64_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_powerpc_translations.tar.gz,kdenetwork_4.3.2-0ubuntu4.5_ia64_translations.tar.gz,kdenetwork 4:4.3.2-0ubuntu4.5 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12244 <pre>kdenetwork (4:4.3.2-0ubuntu4.5) karmic-security; urgency=low * SECURITY UPDATE: fix directory traversal in kget - debian/patches/kubuntu_06_CVE-2010-1000b.diff: more input validation due to incomplete fix for CVE-2010-1000 - CVE-2011-XXXX - LP: #757526 Date: Fri, 15 Apr 2011 09:13:14 -0500 Changed-By: Jamie Strandboge &lt;jamie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Kubuntu Developers &lt;kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/kdenetwork/4:4.3.2-0ubuntu4.5 Format: 1.8 Date: Fri, 15 Apr 2011 09:13:14 -0500 Source: kdenetwork Binary: kdenetwork kdenetwork-filesharing kget libkopete4 kopete libkopete-dev kppp krdc krfb kdenetwork-dbg kde-zeroconf kopete-plugin-otr-kde4 Architecture: source Version: 4:4.3.2-0ubuntu4.5 Distribution: karmic-security Urgency: low Maintainer: Kubuntu Developers &lt;kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Jamie Strandboge &lt;jamie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: kde-zeroconf - zeroconf plugins and kio slaves for KDE 4 kdenetwork - networking applications from the official KDE 4 release kdenetwork-dbg - debugging symbols for the KDE 4 networking module kdenetwork-filesharing - network filesharing configuration module for KDE 4 kget - download manager for KDE 4 kopete - instant messenger for KDE 4 kopete-plugin-otr-kde4 - Transitional package kppp - modem dialer for KDE 4 krdc - Remote Desktop Connection client for KDE 4 krfb - Desktop Sharing for KDE 4 libkopete-dev - development files for the KDE 4 networking module libkopete4 - main Kopete library Changes: kdenetwork (4:4.3.2-0ubuntu4.5) karmic-security; urgency=low . * SECURITY UPDATE: fix directory traversal in kget - debian/patches/kubuntu_06_CVE-2010-1000b.diff: more input validation due to incomplete fix for CVE-2010-1000 - CVE-2011-XXXX - LP: #757526 Checksums-Sha1: 1003603d3c5c5e7cd2dda6f77f293799bd93107d 2976 kdenetwork_4.3.2-0ubuntu4.5.dsc 455f93b2708c467aac0cb2b8c153bcbdcdc59a7c 8303321 kdenetwork_4.3.2.orig.tar.gz f7b44b7b4045ec0d9ea55f27f75edd0e2c5cd11f 51822 kdenetwork_4.3.2-0ubuntu4.5.diff.gz Checksums-Sha256: 2ec64eafba306082dac4e4d6207da4f556912abbd03d7611bad85df09a7eed10 2976 kdenetwork_4.3.2-0ubuntu4.5.dsc f7a9011df3c5d52d019d5168780ca02ae16bda87545a2cab78378c537f5eaa66 8303321 kdenetwork_4.3.2.orig.tar.gz 27fc5929ffa15f11194120fd06e528c0e69f79023e1cd07801976d22613026fc 51822 kdenetwork_4.3.2-0ubuntu4.5.diff.gz Files: 632ed4167b7537e87e426f132b9a6eaa 2976 kde optional kdenetwork_4.3.2-0ubuntu4.5.dsc b973ab4f9d005e8af52f42d3d3989f78 8303321 kde optional kdenetwork_4.3.2.orig.tar.gz 3a0f3484d10150e25dca2b4f143472d9 51822 kde optional kdenetwork_4.3.2-0ubuntu4.5.diff.gz Launchpad-Bugs-Fixed: 757526 Original-Maintainer: Debian Qt/KDE Maintainers &lt;debian-qt-kde-0aAXYlwwYIKrKVvWRXNRGw&lt; at &gt;public.gmane.orgorg&gt; </pre> Ubuntu Installer 2011-04-18T21:05:40 [ubuntu/karmic-security]postfix_2.6.5-3ubuntu0.1_lpia_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_sparc_translations.tar.gz (delayed),postfix, postfix_2.6.5-3ubuntu0.1_armel_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_ia64_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_powerpc_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_i386_translations.tar.gz,postfix_2.6.5-3ubuntu0.1_amd64_translations.tar.gz 2.6.5-3ubuntu0.1(Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12243 <pre>postfix (2.6.5-3ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: man-in-the-middle via plaintext command injection - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the stream buffer so there is no pending plaintext. - Origin: backported from postfix-2.6-patch09.gz - CVE-2011-0411 Date: Fri, 15 Apr 2011 10:27:41 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/postfix/2.6.5-3ubuntu0.1 Format: 1.8 Date: Fri, 15 Apr 2011 10:27:41 -0400 Source: postfix Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql postfix-pgsql postfix-dev postfix-doc Architecture: source Version: 2.6.5-3ubuntu0.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-dev - Loadable modules development environment for Postfix postfix-doc - Documentation for Postfix postfix-ldap - LDAP map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix Changes: postfix (2.6.5-3ubuntu0.1) karmic-security; urgency=low . * SECURITY UPDATE: man-in-the-middle via plaintext command injection - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the stream buffer so there is no pending plaintext. - Origin: backported from postfix-2.6-patch09.gz - CVE-2011-0411 Checksums-Sha1: 20089df34e18c9f4f0120db81fa7ff939e09aadc 2192 postfix_2.6.5-3ubuntu0.1.dsc df9c614edb7f9c2b0bbf8bba22b68d98a149e177 218787 postfix_2.6.5-3ubuntu0.1.diff.gz Checksums-Sha256: e2adb513b67f94b08683ae06eb18bf8515c8a07b71d8be0669c179f725949051 2192 postfix_2.6.5-3ubuntu0.1.dsc 44a86991f3139d8082bb5be9d34b8ba5015a29225c44bcc731133d6b5c1dda7b 218787 postfix_2.6.5-3ubuntu0.1.diff.gz Files: 0f99a14ea5dc8895b2cd7f0dd926a686 2192 mail extra postfix_2.6.5-3ubuntu0.1.dsc a4cf89525bdc4824a9e3706f70d31401 218787 mail extra postfix_2.6.5-3ubuntu0.1.diff.gz Original-Maintainer: LaMont Jones &lt;lamont-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-18T15:04:03 [ubuntu/karmic-security] flashplugin-nonfree,flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1_lpia_translations.tar.gz(delayed),flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1_i386_translations.tar.gz10.2.159.1ubuntu0.9.10.1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12242 <pre>flashplugin-nonfree (10.2.159.1ubuntu0.9.10.1) karmic-security; urgency=low * SECURITY UPDATE: New upstream release 10.2.159.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0611 Date: Sat, 16 Apr 2011 07:38:40 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/flashplugin-nonfree/10.2.159.1ubuntu0.9.10.1 Format: 1.8 Date: Sat, 16 Apr 2011 07:38:40 -0400 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.2.159.1ubuntu0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.2.159.1ubuntu0.9.10.1) karmic-security; urgency=low . * SECURITY UPDATE: New upstream release 10.2.159.1 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0611 Checksums-Sha1: 69389e69f0e3ffe9ed88bcb526ab59fe5f09cb94 1631 flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1.dsc e71598639c5e5cc4e466bf6da23ae1fedd620f8e 26563 flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1.tar.gz Checksums-Sha256: 697b38900a1c705bca1f3d3486d47e0d1f05c977e8f1232fbfa710d06aa469d5 1631 flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1.dsc 8ac568e24b7f1693b07462b1145d14515fb4d4114304de96081e246512c81334 26563 flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1.tar.gz Files: be80b1eabe45aa5c0c2acd30b9229e1e 1631 contrib/web optional flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1.dsc 2e30dac57235fdb056824e27e7fa228b 26563 contrib/web optional flashplugin-nonfree_10.2.159.1ubuntu0.9.10.1.tar.gz Original-Maintainer: Bart Martens &lt;bartm-G5fbxRU7pDI&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-17T01:03:34 adobe-flashplugin 10.2.159.1-0karmic1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12241 <pre>adobe-flashplugin (10.2.159.1-0karmic1) karmic; urgency=low * Initial release of 10.2.159.1 for Karmic Date: Fri, 15 Apr 2011 14:10:19 -0400 Changed-By: Brian Thomason &lt;brian.thomason-Z7WLFzj8eWMS+FvcfC7Uqw&lt; at &gt;public.gmane.org&gt; Maintainer: DL-Flash Player Ubuntu &lt;FlashPlayerUbuntu-dv/VyGpifdQAvxtiuMwx3w&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/adobe-flashplugin/10.2.159.1-0karmic1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 15 Apr 2011 14:10:19 -0400 Source: adobe-flashplugin Binary: adobe-flashplugin Architecture: source Version: 10.2.159.1-0karmic1 Distribution: karmic Urgency: low Maintainer: DL-Flash Player Ubuntu &lt;FlashPlayerUbuntu-dv/VyGpifdQAvxtiuMwx3w&lt; at &gt;public.gmane.org&gt; Changed-By: Brian Thomason &lt;brian.thomason-Z7WLFzj8eWMS+FvcfC7Uqw&lt; at &gt;public.gmane.org&gt; Description: adobe-flashplugin - Adobe Flash Player plugin version 10 Changes: adobe-flashplugin (10.2.159.1-0karmic1) karmic; urgency=low . * Initial release of 10.2.159.1 for Karmic Checksums-Sha1: 7f45b42a5b137429bfa26111d3fa0fac390f820d 1157 adobe-flashplugin_10.2.159.1-0karmic1.dsc e06016907c02f21a53df1e4f2a87eb58862575a9 3682 adobe-flashplugin_10.2.159.1-0karmic1.diff.gz Checksums-Sha256: c80062a724f6090c2fb09c2127a6440245ad502235b1c207299b5963c362ab1f 1157 adobe-flashplugin_10.2.159.1-0karmic1.dsc 4dabf23a91a6e2e3555fffd896dd6531d9bd7526c5d69de50134c2752d2054f2 3682 adobe-flashplugin_10.2.159.1-0karmic1.diff.gz Files: 71011422f979b844294d522017c8ff07 1157 partner/web optional adobe-flashplugin_10.2.159.1-0karmic1.dsc 87001050849972d3d6588f92e9a8f0b8 3682 partner/web optional adobe-flashplugin_10.2.159.1-0karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2oiiEACgkQOb4zNfJqN5eQrgCfa8NVNa9M3HnpckTP0/8UMrpe e1UAn37lj6lIvx4ZWwCChagCd3q1lk5+ =KE5R -----END PGP SIGNATURE----- </pre> Brian Thomason 2011-04-15T18:15:28 [ubuntu/karmic-security] kde4libs,kde4libs_4.3.2-0ubuntu7.3_sparc_translations.tar.gz (delayed),kde4libs_4.3.2-0ubuntu7.3_amd64_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_ia64_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_i386_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_lpia_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_armel_translations.tar.gz,kde4libs_4.3.2-0ubuntu7.3_powerpc_translations.tar.gz4:4.3.2-0ubuntu7.3 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12240 <pre>kde4libs (4:4.3.2-0ubuntu7.3) karmic-security; urgency=low * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages - debian/patches/security_03_CVE-2011-1168.diff: upstream patch - CVE-2011-1168 - LP: #743669 * SECURITY UPDATE: fix certificate verification for certificates issued against an IP address - debian/patches/security_04_CVE-2011-1094.diff: based on upstream patch - CVE-2011-1094 Date: Mon, 11 Apr 2011 10:19:40 -0500 Changed-By: Jamie Strandboge &lt;jamie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Kubuntu Developers &lt;kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/kde4libs/4:4.3.2-0ubuntu7.3 Format: 1.8 Date: Mon, 11 Apr 2011 10:19:40 -0500 Source: kde4libs Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs-bin libplasma3 kdelibs5-dbg Architecture: source Version: 4:4.3.2-0ubuntu7.3 Distribution: karmic-security Urgency: low Maintainer: Kubuntu Developers &lt;kubuntu-devel-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Jamie Strandboge &lt;jamie-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: kdelibs-bin - executables for all KDE 4 core applications kdelibs5 - core libraries for all KDE 4 applications kdelibs5-data - core shared data for all KDE 4 applications kdelibs5-dbg - debugging symbols for the KDE 4 libraries module kdelibs5-dev - development files for the KDE 4 core libraries libplasma3 - library for the KDE 4 Plasma desktop Changes: kde4libs (4:4.3.2-0ubuntu7.3) karmic-security; urgency=low . * SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages - debian/patches/security_03_CVE-2011-1168.diff: upstream patch - CVE-2011-1168 - LP: #743669 * SECURITY UPDATE: fix certificate verification for certificates issued against an IP address - debian/patches/security_04_CVE-2011-1094.diff: based on upstream patch - CVE-2011-1094 Checksums-Sha1: 9c433ae2b3fd7f2cac89752f2e0897b78bfdbfd7 2942 kde4libs_4.3.2-0ubuntu7.3.dsc 41f02511f7bee017ec194ed49e2013f19c508779 160578 kde4libs_4.3.2-0ubuntu7.3.diff.gz Checksums-Sha256: 9c34822bbb7c025f0820540318cfd45cc90e5b5585df48febea62d6f31c15a99 2942 kde4libs_4.3.2-0ubuntu7.3.dsc b3a065900efe015688d8a0ef24d9dafa2b95da3f380d7d09a59d6c01c7c081dd 160578 kde4libs_4.3.2-0ubuntu7.3.diff.gz Files: 7d9e8935f673a0f0214b843a7bdaa62a 2942 libs optional kde4libs_4.3.2-0ubuntu7.3.dsc fcb60b314228534784fc4e1fb59feae4 160578 libs optional kde4libs_4.3.2-0ubuntu7.3.diff.gz Launchpad-Bugs-Fixed: 743669 Original-Maintainer: Debian Qt/KDE Maintainers &lt;debian-qt-kde-0aAXYlwwYIKrKVvWRXNRGw&lt; at &gt;public.gmane.orgorg&gt; </pre> Ubuntu Installer 2011-04-13T17:05:30 [ubuntu/karmic-security]gimp_2.6.7-1ubuntu1.2_sparc_translations.tar.gz (delayed),gimp_2.6.7-1ubuntu1.2_armel_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_ia64_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_lpia_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_amd64_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_i386_translations.tar.gz,gimp_2.6.7-1ubuntu1.2_powerpc_translations.tar.gz,gimp 2.6.7-1ubuntu1.2 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12239 <pre>gimp (2.6.7-1ubuntu1.2) karmic-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malformed plugin configuration files - debian/patches/06_security_CVE-2010-454x.patch: fix format strings in plug-ins/{common/sphere-designer,gfig/gfig-style, lighting/lighting-ui}.c. - CVE-2010-4540 - CVE-2010-4541 - CVE-2010-4542 * SECURITY UPDATE: denial of service and possible code execution via malformed PSP image file - debian/patches/07_security_CVE-2010-4543.patch: fix buffer overflow in plug-ins/common/file-psp.c. - CVE-2010-4543 Date: Thu, 07 Apr 2011 13:24:12 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Desktop Team &lt;ubuntu-desktop-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/gimp/2.6.7-1ubuntu1.2 Format: 1.8 Date: Thu, 07 Apr 2011 13:24:12 -0400 Source: gimp Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg Architecture: source Version: 2.6.7-1ubuntu1.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Desktop Team &lt;ubuntu-desktop-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: gimp - The GNU Image Manipulation Program gimp-data - Data files for GIMP gimp-dbg - Debugging symbols for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Changes: gimp (2.6.7-1ubuntu1.2) karmic-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via malformed plugin configuration files - debian/patches/06_security_CVE-2010-454x.patch: fix format strings in plug-ins/{common/sphere-designer,gfig/gfig-style, lighting/lighting-ui}.c. - CVE-2010-4540 - CVE-2010-4541 - CVE-2010-4542 * SECURITY UPDATE: denial of service and possible code execution via malformed PSP image file - debian/patches/07_security_CVE-2010-4543.patch: fix buffer overflow in plug-ins/common/file-psp.c. - CVE-2010-4543 Checksums-Sha1: 6cec35256914ca013554f972474ea630d2baaa75 2609 gimp_2.6.7-1ubuntu1.2.dsc cf00643ec85cd17ce5d3996ddec66edf3edbfbe9 47720 gimp_2.6.7-1ubuntu1.2.diff.gz Checksums-Sha256: f86f81dc7c16be6fb5c4f51687ba35236d6662250ed970f57fe84ca914e0c404 2609 gimp_2.6.7-1ubuntu1.2.dsc 4ab7432d7bcf3d6da85fae52c77a5adbcf0df6068cddaa109cc49afb10e33f3f 47720 gimp_2.6.7-1ubuntu1.2.diff.gz Files: 42b9e5c4ca2e09df9177cabf118424ed 2609 graphics optional gimp_2.6.7-1ubuntu1.2.dsc db8669f2c0e85484f657449e583d4886 47720 graphics optional gimp_2.6.7-1ubuntu1.2.diff.gz Original-Maintainer: Ari Pollak &lt;ari-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-13T13:11:11 [ubuntu/karmic-security] dhcp3,dhcp3_3.1.2-1ubuntu7.2_ia64_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_armel_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_lpia_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_i386_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_amd64_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_powerpc_translations.tar.gz,dhcp3_3.1.2-1ubuntu7.2_sparc_translations.tar.gz (delayed)3.1.2-1ubuntu7.2 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12238 <pre>dhcp3 (3.1.2-1ubuntu7.2) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted hostname - debian/patches/CVE-2011-0997.dpatch: filter strings in client/dhclient.c, common/options.c. - CVE-2011-0997 Date: Mon, 11 Apr 2011 08:58:41 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/dhcp3/3.1.2-1ubuntu7.2 Format: 1.8 Date: Mon, 11 Apr 2011 08:58:41 -0400 Source: dhcp3 Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay Architecture: source Version: 3.1.2-1ubuntu7.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: dhcp-client - DHCP client transitional package dhcp3-client - DHCP client dhcp3-client-udeb - DHCP Client for debian-installer (udeb) dhcp3-common - common files used by all the dhcp3* packages dhcp3-dev - API for accessing and modifying the DHCP server and client state dhcp3-relay - DHCP relay daemon dhcp3-server - DHCP server for automatic IP address assignment dhcp3-server-ldap - DHCP server able to use LDAP as backend Changes: dhcp3 (3.1.2-1ubuntu7.2) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted hostname - debian/patches/CVE-2011-0997.dpatch: filter strings in client/dhclient.c, common/options.c. - CVE-2011-0997 Checksums-Sha1: 0cebe8871c7dd5b829f73ef56e6aaf16b799a4a8 1955 dhcp3_3.1.2-1ubuntu7.2.dsc ca45277c6e2f92eeac2eb019c4954df984c7096f 141611 dhcp3_3.1.2-1ubuntu7.2.diff.gz Checksums-Sha256: 30771e7626234270d45d4fa1bc2dcd5cf38fadde87ca358c8189afd8cf5cde09 1955 dhcp3_3.1.2-1ubuntu7.2.dsc 997cda66489ef7e02906947d00b9c59826ec7f9599196b88e2061a9fee090306 141611 dhcp3_3.1.2-1ubuntu7.2.diff.gz Files: a26905456538cd0d30e924e488302fc4 1955 net important dhcp3_3.1.2-1ubuntu7.2.dsc 0cab5bee752928f3c9f0c8e1ded26167 141611 net important dhcp3_3.1.2-1ubuntu7.2.diff.gz Original-Maintainer: Andrew Pollock &lt;apollock-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-11T20:03:57 [ubuntu/karmic-security] ffmpeg-extra,ffmpeg-extra (delayed) 4:0.5+svn20090706-2ubuntu3.1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12237 <pre>ffmpeg-extra (4:0.5+svn20090706-2ubuntu3.1) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 * SECURITY UPDATE: Fix a multitude of security issues - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream existence before assignment - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap indexes - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook value - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for per-packet mode indexes and per-header mode mapping indexes - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook index and subclass book index. - debian/patches/CVE-2009-46XX/security-issue08.patch: check res_setup-&gt;books - debian/patches/CVE-2009-46XX/security-issue09.patch: check begin/end/partition_size - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity of channels &amp; samplerate - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx check - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks for magnitude and angle - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -&gt; == typo - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions against 0 too - debian/patches/CVE-2009-46XX/security-issue15.patch: fix init_get_bits() buffer size - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that all memory allocations succeed - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible buffer over-read in vorbis_comment - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to 0 to avoid having it uninitialized - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing for ogg streams where no ogg header was found - CVE-2009-4632 - CVE-2009-4633 - CVE-2009-4634 - CVE-2009-4635 - CVE-2009-4637 - CVE-2009-4639 - CVE-2009-4640 Date: Tue, 05 Apr 2011 19:09:22 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/ffmpeg-extra/4:0.5+svn20090706-2ubuntu3.1 Format: 1.8 Date: Tue, 05 Apr 2011 19:09:22 -0400 Source: ffmpeg-extra Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0 Architecture: source Version: 4:0.5+svn20090706-2ubuntu3.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libavcodec-extra-52 - ffmpeg codec library libavcodec-unstripped-52 - ffmpeg utility library - transitional package libavdevice-extra-52 - ffmpeg device handling library libavdevice-unstripped-52 - ffmpeg utility library - transitional package libavfilter-extra-0 - ffmpeg video filtering library libavfilter-unstripped-0 - ffmpeg utility library - transitional package libavformat-extra-52 - ffmpeg file format library libavformat-unstripped-52 - ffmpeg utility library - transitional package libavutil-extra-49 - ffmpeg utility library libavutil-unstripped-49 - ffmpeg utility library - transitional package libpostproc-extra-51 - ffmpeg video postprocessing library libpostproc-unstripped-51 - ffmpeg utility library - transitional package libswscale-extra-0 - ffmpeg video scaling library libswscale-unstripped-0 - ffmpeg utility library - transitional package Changes: ffmpeg-extra (4:0.5+svn20090706-2ubuntu3.1) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 * SECURITY UPDATE: Fix a multitude of security issues - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream existence before assignment - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap indexes - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook value - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for per-packet mode indexes and per-header mode mapping indexes - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook index and subclass book index. - debian/patches/CVE-2009-46XX/security-issue08.patch: check res_setup-&gt;books - debian/patches/CVE-2009-46XX/security-issue09.patch: check begin/end/partition_size - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity of channels &amp; samplerate - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx check - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks for magnitude and angle - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -&gt; == typo - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions against 0 too - debian/patches/CVE-2009-46XX/security-issue15.patch: fix init_get_bits() buffer size - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that all memory allocations succeed - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible buffer over-read in vorbis_comment - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to 0 to avoid having it uninitialized - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing for ogg streams where no ogg header was found - CVE-2009-4632 - CVE-2009-4633 - CVE-2009-4634 - CVE-2009-4635 - CVE-2009-4637 - CVE-2009-4639 - CVE-2009-4640 Checksums-Sha1: 6c9e56bb7ca2666208b0a32ec87174903be90608 3305 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.dsc 934bd88511af73c37d68733da4ffd1cd840585b6 112328 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.diff.gz Checksums-Sha256: 9088203392130449809fc76bebba09e181a29303ff244dc42fda07528de04bce 3305 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.dsc 18305c83fb21b2f22338afca778c40b552625c3f217d321747c4e2d5de92d146 112328 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.diff.gz Files: f7e0715f032dbb19a800051c449205be 3305 libs optional ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.dsc 90f057fb16fe9e93a86b11a616ad5f71 112328 libs optional ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.diff.gz Launchpad-Bugs-Fixed: 690169 690169 690169 Original-Maintainer: Debian multimedia packages maintainers &lt;pkg-multimedia-maintainers-XbBxUvOt3X2LieD7tvxI8l/i77bcL1HB&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-11T13:04:39 [ubuntu/karmic-security] x11-xserver-utils,x11-xserver-utils (delayed) 7.4+2ubuntu3.1 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12236 <pre>x11-xserver-utils (7.4+2ubuntu3.1) karmic-security; urgency=low * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315) - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp case. - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 - CVE-2011-0465 Date: Wed, 06 Apr 2011 17:38:54 +0300 Changed-By: Timo Aaltonen &lt;tjaalton-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/x11-xserver-utils/7.4+2ubuntu3.1 Format: 1.8 Date: Wed, 06 Apr 2011 17:38:54 +0300 Source: x11-xserver-utils Binary: x11-xserver-utils Architecture: source Version: 7.4+2ubuntu3.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Timo Aaltonen &lt;tjaalton-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: x11-xserver-utils - X server utilities Changes: x11-xserver-utils (7.4+2ubuntu3.1) karmic-security; urgency=low . * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315) - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp case. - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 - CVE-2011-0465 Checksums-Sha1: 310c191b968796eef21fee7b2fab8b976d3eff7f 2098 x11-xserver-utils_7.4+2ubuntu3.1.dsc 11f55d3d96d933dbdd5be794a4ac0c3c047b488a 2027496 x11-xserver-utils_7.4+2ubuntu3.1.tar.gz Checksums-Sha256: d624699b13ad83cb5304ab8b0c4622c7e334717fd79dbfb7c2a716a39072d1f4 2098 x11-xserver-utils_7.4+2ubuntu3.1.dsc 0b566099886b3d484d9b7eb38fd47dc7295e1d6f8ca21190f946d24d5752bc44 2027496 x11-xserver-utils_7.4+2ubuntu3.1.tar.gz Files: a8f51b5ddeb65b629fb7d3e37921bdb7 2098 x11 optional x11-xserver-utils_7.4+2ubuntu3.1.dsc 28363c3d291c9f299e40757abbd2ec11 2027496 x11 optional x11-xserver-utils_7.4+2ubuntu3.1.tar.gz Launchpad-Bugs-Fixed: 752315 Original-Maintainer: Debian X Strike Force &lt;debian-x-0aAXYlwwYIJuHlm7Suoebg&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-06T18:08:29 [ubuntu/karmic-security] ffmpeg (delayed),ffmpeg 4:0.5+svn20090706-2ubuntu2.3 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12235 <pre>ffmpeg (4:0.5+svn20090706-2ubuntu2.3) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 Date: Thu, 31 Mar 2011 13:39:29 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/ffmpeg/4:0.5+svn20090706-2ubuntu2.3 Format: 1.8 Date: Thu, 31 Mar 2011 13:39:29 -0400 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: source Version: 4:0.5+svn20090706-2ubuntu2.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: ffmpeg - multimedia player, server and encoder ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API libavcodec-dev - development files for libavcodec libavcodec52 - ffmpeg codec library libavdevice-dev - development files for libavdevice libavdevice52 - ffmpeg device handling library libavfilter-dev - development files for libavfilter libavfilter0 - ffmpeg video filtering library libavformat-dev - development files for libavformat libavformat52 - ffmpeg file format library libavutil-dev - development files for libavutil libavutil49 - ffmpeg utility library libpostproc-dev - development files for libpostproc libpostproc51 - ffmpeg video postprocessing library libswscale-dev - development files for libswscale libswscale0 - ffmpeg video scaling library Changes: ffmpeg (4:0.5+svn20090706-2ubuntu2.3) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted flic file - debian/patches/CVE-2010-3429.patch: add checks to libavcodec/flicvideo.c. - CVE-2010-3429 * SECURITY UPDATE: arbitrary code execution via crafted wmv file (LP: #690169) - debian/patches/CVE-2010-3908.patch: properly calculate size in libavcodec/utils.c. - CVE-2010-3908 * SECURITY UPDATE: denial of service via crafted .ogg file - debian/patches/CVE-2010-4704.patch: validate codebook in libavcodec/vorbis_dec.c. - CVE-2010-4704 * SECURITY UPDATE: denial of service and possible code execution via crafted WebM file - debian/patches/CVE-2011-0480.patch: check rangebits in libavcodec/vorbis_dec.c. - CVE-2011-0480 * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file (LP: #690169) - debian/patches/CVE-2011-0722.patch: set dimensions in libavcodec/rv34.c. - CVE-2011-0722 * SECURITY UPDATE: denial of service and possible code execution via crafted VC1 file (LP: #690169) - debian/patches/CVE-2011-0723.patch: fix invalid reads in libavcodec/vc1dec.c. - CVE-2011-0723 Checksums-Sha1: 5250d6316b8f588ea1858ec004f717c13a19b40f 2953 ffmpeg_0.5+svn20090706-2ubuntu2.3.dsc 78838b15bcaf068fd344652c018ab41fdb647029 111300 ffmpeg_0.5+svn20090706-2ubuntu2.3.diff.gz Checksums-Sha256: a34d01762142ca1d087893c0f150783c52b79988d260ff39c5384982073b413a 2953 ffmpeg_0.5+svn20090706-2ubuntu2.3.dsc 8a7415ba67aa8be239b34bbffc9a8119c918dc8de632dce4efc8fd8135108b7c 111300 ffmpeg_0.5+svn20090706-2ubuntu2.3.diff.gz Files: 5f1e3e832d294af39c41e7464c081d9a 2953 libs optional ffmpeg_0.5+svn20090706-2ubuntu2.3.dsc 4a7279d5e5adeeab99c8956309fc12a8 111300 libs optional ffmpeg_0.5+svn20090706-2ubuntu2.3.diff.gz Launchpad-Bugs-Fixed: 690169 690169 690169 Original-Maintainer: Debian multimedia packages maintainers &lt;pkg-multimedia-maintainers-XbBxUvOt3X2LieD7tvxI8l/i77bcL1HB&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-04T17:17:00 [ubuntu/karmic-security] tiff (delayed),tiff 3.8.2-13ubuntu0.6 (Accepted) http://comments.gmane.org/gmane.linux.ubuntu.devel.changes.karmic/12234 <pre>tiff (3.8.2-13ubuntu0.6) karmic-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted THUNDER_2BITDELTAS data - debian/patches/CVE-2011-1167.patch: validate bitspersample and make sure npixels is sane in libtiff/tif_thunder.c. - CVE-2011-1167 Date: Wed, 30 Mar 2011 13:20:44 -0400 Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; https://launchpad.net/ubuntu/karmic/+source/tiff/3.8.2-13ubuntu0.6 Format: 1.8 Date: Wed, 30 Mar 2011 13:20:44 -0400 Source: tiff Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 3.8.2-13ubuntu0.6 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers &lt;ubuntu-devel-discuss-nLRlyDuq1AZFpShjVBNYrg&lt; at &gt;public.gmane.org&gt; Changed-By: Marc Deslauriers &lt;marc.deslauriers-GeWIH/nMZzLQT0dZR+AlfA&lt; at &gt;public.gmane.org&gt; Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4 - Tag Image File Format (TIFF) library libtiff4-dev - Tag Image File Format library (TIFF), development files libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (3.8.2-13ubuntu0.6) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted THUNDER_2BITDELTAS data - debian/patches/CVE-2011-1167.patch: validate bitspersample and make sure npixels is sane in libtiff/tif_thunder.c. - CVE-2011-1167 Checksums-Sha1: bdb08ead5c191015753b8126ac4fa62237291e4c 1940 tiff_3.8.2-13ubuntu0.6.dsc dadecb820923b8109489ef47ea3cfdfe6f9b15bc 44136 tiff_3.8.2-13ubuntu0.6.diff.gz Checksums-Sha256: efd6b7dc439133b49257c744e307a34013446f342051540a5a344c46b24d2db4 1940 tiff_3.8.2-13ubuntu0.6.dsc 3f660bf16dd9adb19b6ba9f4fa8f6f1883aa338a9a7d48880672aecd639a5924 44136 tiff_3.8.2-13ubuntu0.6.diff.gz Files: db9fef1e5db0ec75b45767087ecaa0a2 1940 libs optional tiff_3.8.2-13ubuntu0.6.dsc bbbfbcdfcafd8b87559ca592fe195330 44136 libs optional tiff_3.8.2-13ubuntu0.6.diff.gz Original-Maintainer: Jay Berkenbilt &lt;qjb-8fiUuRrzOP0dnm+yROfE0A&lt; at &gt;public.gmane.org&gt; </pre> Ubuntu Installer 2011-04-04T17:04:04 Search Engine Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.ubuntu.devel.changes.karmic