Created
April 17, 2012 19:43
-
-
Save sjovang/2408542 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apticron report [Tue, 17 Apr 2012 21:40:08 +0200] | |
======================================================================== | |
apticron has detected that some packages need upgrading on: | |
<hostname>.online.no | |
[ 127.0.1.1 <ip> ] | |
The following packages are currently pending an upgrade: | |
apache2-mpm-prefork 2.2.14-5ubuntu8.9 | |
apache2-utils 2.2.14-5ubuntu8.9 | |
apache2.2-bin 2.2.14-5ubuntu8.9 | |
apache2.2-common 2.2.14-5ubuntu8.9 | |
apt 0.7.25.3ubuntu9.11 | |
apt-transport-https 0.7.25.3ubuntu9.11 | |
apt-utils 0.7.25.3ubuntu9.11 | |
base-files 5.0.0ubuntu20.10.04.5 | |
consolekit 0.4.1-3ubuntu3 | |
cpp-4.4 4.4.3-4ubuntu5.1 | |
cron 3.0pl1-106ubuntu6 | |
gcc-4.4-base 4.4.3-4ubuntu5.1 | |
grub-common 1.98-1ubuntu13 | |
grub-pc 1.98-1ubuntu13 | |
initscripts 2.87dsf-4ubuntu17.5 | |
js-debian-tools 1.3 | |
libapache2-mod-php5 5.3.2-1ubuntu4.14 | |
libc-bin 2.11.1-0ubuntu7.10 | |
libc6 2.11.1-0ubuntu7.10 | |
libck-connector0 0.4.1-3ubuntu3 | |
libfreetype6 2.3.11-1ubuntu2.6 | |
libgcc1 1:4.4.3-4ubuntu5.1 | |
libgnutls26 2.8.5-2ubuntu0.1 | |
libldap-2.4-2 2.4.21-0ubuntu5.7 | |
libmysqlclient16 5.1.61-0ubuntu0.10.04.1 | |
libpam-ck-connector 0.4.1-3ubuntu3 | |
libpng12-0 1.2.42-1ubuntu2.5 | |
libssl0.9.8 0.9.8k-7ubuntu8.8 | |
libstdc++6 4.4.3-4ubuntu5.1 | |
libt1-5 5.1.2-3ubuntu0.10.04.2 | |
libwbclient0 2:3.4.7~dfsg-1ubuntu3.9 | |
libxml2 2.7.6.dfsg-1ubuntu1.4 | |
linux-headers-2.6.32-40 2.6.32-40.87 | |
linux-headers-2.6.32-40-server 2.6.32-40.87 | |
linux-headers-server 2.6.32.40.47 | |
linux-image-2.6.32-40-server 2.6.32-40.87 | |
linux-image-server 2.6.32.40.47 | |
linux-server 2.6.32.40.47 | |
mysql-client 5.1.61-0ubuntu0.10.04.1 | |
mysql-client-5.1 5.1.61-0ubuntu0.10.04.1 | |
mysql-client-core-5.1 5.1.61-0ubuntu0.10.04.1 | |
mysql-common 5.1.61-0ubuntu0.10.04.1 | |
openssl 0.9.8k-7ubuntu8.8 | |
php-pear 5.3.2-1ubuntu4.14 | |
php5-cli 5.3.2-1ubuntu4.14 | |
php5-common 5.3.2-1ubuntu4.14 | |
php5-curl 5.3.2-1ubuntu4.14 | |
php5-gd 5.3.2-1ubuntu4.14 | |
php5-mysql 5.3.2-1ubuntu4.14 | |
php5-snmp 5.3.2-1ubuntu4.14 | |
procps 1:3.2.8-1ubuntu4.2 | |
python-httplib2 0.7.2-1ubuntu2~0.10.04.1 | |
python-lazr.restfulclient 0.9.11-1ubuntu1.3 | |
python-pam 0.4.2-12.1ubuntu1.10.04.1 | |
python-software-properties 0.75.10.2 | |
python-wadllib 1.1.4-1ubuntu1.1 | |
samba-common 2:3.4.7~dfsg-1ubuntu3.9 | |
samba-common-bin 2:3.4.7~dfsg-1ubuntu3.9 | |
smbfs 2:3.4.7~dfsg-1ubuntu3.9 | |
sysv-rc 2.87dsf-4ubuntu17.5 | |
sysvinit-utils 2.87dsf-4ubuntu17.5 | |
tzdata 2012b-0ubuntu0.10.04 | |
unattended-upgrades 0.55ubuntu7 | |
update-manager-core 1:0.134.12.1 | |
======================================================================== | |
Package Details: | |
Reading changelogs... | |
--- Changes for python-httplib2 --- | |
python-httplib2 (0.7.2-1ubuntu2~0.10.04.1) lucid-security; urgency=low | |
* SECURITY UPDATE: Incorrect SSL certificate validation (LP: #882030) | |
- Backport 0.7.2 as a security update to get proper SSL certificate | |
validation support and prevent MITM attacks. | |
- debian/control: adjust to work with older dependencies. | |
- debian/{control,rules}: get rid of python3 package. | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 16 Jan 2012 14:07:20 -0500 | |
python-httplib2 (0.7.2-1ubuntu2) precise; urgency=low | |
* debian/patches/use_system_cacerts.patch: Use better patch. | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Dec 2011 14:22:29 -0500 | |
python-httplib2 (0.7.2-1ubuntu1) precise; urgency=low | |
* debian/patches/use_system_cacerts.patch: Use system ca certificates, | |
not the bundled ones (LP: #882027) | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 14 Dec 2011 14:28:01 -0500 | |
python-httplib2 (0.7.2-1) unstable; urgency=low | |
* New upstream release. | |
* debian/patches/ssl-validation.patch: | |
- Removed, applied upstream. | |
* debian/patches/godaddy-certificate.patch: | |
- Removed, applied upstream. | |
-- Luca Falavigna <dktrkranz@debian.org> Mon, 14 Nov 2011 21:07:54 +0100 | |
python-httplib2 (0.7.1-2) unstable; urgency=low | |
* debian/patches/ssl-validation.patch: | |
- Cherry-pick patch from upstream hg to fix incorrect checks for | |
SSL certificate domain names. | |
-- Luca Falavigna <dktrkranz@debian.org> Tue, 13 Sep 2011 20:32:44 +0200 | |
python-httplib2 (0.7.1-1) unstable; urgency=low | |
* New upstream release. | |
- Install cacerts.txt file (Closes: #631841). | |
* debian/patches/godaddy-certificate.patch: | |
- Cherry-pick GoDaddy root certificate from upstream to fix access | |
to Launchpad services (Closes: #631164). | |
-- Luca Falavigna <dktrkranz@debian.org> Tue, 28 Jun 2011 21:53:34 +0200 | |
python-httplib2 (0.7.0-1) unstable; urgency=low | |
* New upstream release. | |
- Do not hardcode $Rev$ in the User-Agent field (Closes: #609576). | |
* debian/copyright: | |
- Update copyright information. | |
-- Luca Falavigna <dktrkranz@debian.org> Mon, 13 Jun 2011 23:47:18 +0200 | |
python-httplib2 (0.6.0-5) unstable; urgency=low | |
* Python transition: | |
- Add support for python2.7 | |
- Drop support for python2.5 | |
* debian/control: | |
- Bump Standards-Version to 3.9.2, no changes required. | |
-- Luca Falavigna <dktrkranz@debian.org> Sat, 16 Apr 2011 15:15:29 +0200 | |
python-httplib2 (0.6.0-4) unstable; urgency=low | |
* Team upload. | |
[ Luca Falavigna ] | |
* debian/control: | |
- Add Breaks: ${python:Breaks} to generate correct dependencies, this | |
also makes lintian override useless now. | |
[ Piotr Ożarowski ] | |
* Bump minimum required python3-all version to 3.1.2-10 | |
(and rebuild for /usr/lib/python3/dist-packages transtion) | |
-- Piotr Ożarowski <piotr@debian.org> Sun, 26 Sep 2010 22:10:33 +0200 | |
python-httplib2 (0.6.0-3) unstable; urgency=medium | |
* debian/control: | |
- Depend on ${python3:Depends} for python3-httplib2 to generate | |
correct dependencies for Python 3.X (Closes: #591956). | |
- Bump Standards-Version to 3.9.1, no changes required. | |
* debian/python-httplib2.lintian-overrides: | |
- Override old-versioned-python-dependency, needs fixing in Lintian. | |
-- Luca Falavigna <dktrkranz@debian.org> Sat, 07 Aug 2010 15:39:46 +0200 | |
python-httplib2 (0.6.0-2) unstable; urgency=low | |
* Switch to format 3.0 (quilt). | |
* Switch to dh_python2. | |
* debian/control: | |
- Add python3-httplib2 package. | |
- Bump Standards-Version to 3.8.4, no changes required. | |
* debian/rules: | |
- Install files for python3-httplib2 package. | |
* debian/watch: | |
- Use googlecode.debian.net provider. | |
-- Luca Falavigna <dktrkranz@debian.org> Sun, 27 Jun 2010 10:59:40 +0200 | |
--- Changes for apache2 (apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common) --- | |
apache2 (2.2.14-5ubuntu8.9) lucid-proposed; urgency=low | |
* debian/patches/99-fix-mod-dav-permissions.dpatch: Fix webdav permissions, | |
backported from trunk Thanks to James M. Leady (LP: #540747) | |
-- Chuck Short <zulcss@ubuntu.com> Fri, 02 Mar 2012 14:43:08 -0500 | |
apache2 (2.2.14-5ubuntu8.8) lucid-security; urgency=low | |
* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf | |
directive (LP: #811422) | |
- debian/patches/215_CVE-2011-3607.dpatch: validate length in | |
server/util.c. | |
- CVE-2011-3607 | |
* SECURITY UPDATE: another mod_proxy reverse proxy exposure | |
- debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in | |
modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, | |
server/protocol.c. | |
- CVE-2011-4317 | |
* SECURITY UPDATE: denial of service and possible code execution via | |
type field modification within a scoreboard shared memory segment | |
- debian/patches/218_CVE-2012-0031.dpatch: check type field in | |
server/scoreboard.c. | |
- CVE-2012-0031 | |
* SECURITY UPDATE: cookie disclosure via Bad Request errors | |
- debian/patches/219_CVE-2012-0053.dpatch: check lengths in | |
server/protocol.c. | |
- CVE-2012-0053 | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 Feb 2012 10:36:43 -0500 | |
--- Changes for apt (apt apt-transport-https apt-utils) --- | |
apt (0.7.25.3ubuntu9.11) lucid-proposed; urgency=low | |
* New patch from upstream ftparchive-fix-filemode-settings.patch: | |
- Ensure that BinDirectory as well as Tree settings get the correct | |
default FileMode setting (LP: #917845, Closes: #595922) | |
-- Leo Iannacone <l3on@ubuntu.com> Tue, 31 Jan 2012 15:38:41 +0100 | |
apt (0.7.25.3ubuntu9.10) lucid-proposed; urgency=low | |
* apt-pkg/algorithms.cc: Iterate Breaks the same way as Conflicts, so that | |
we resolve virtual package Breaks more effectively (LP: #922485). | |
* apt-pkg/algorithms.{cc,h}: Use an int to represent resolver scores, not | |
a signed short, because large upgrades can result in an overflow for | |
core packages (LP: #917173). | |
-- Colin Watson <cjwatson@ubuntu.com> Mon, 30 Jan 2012 13:35:04 +0000 | |
--- Changes for base-files --- | |
base-files (5.0.0ubuntu20.10.04.5) lucid-proposed; urgency=low | |
* /etc/lsb-release, /etc/issue, /etc/issue.net: Bump version number to | |
10.04.4 in preparation for the point release. | |
-- Colin Watson <cjwatson@ubuntu.com> Mon, 30 Jan 2012 17:30:35 +0000 | |
--- Changes for consolekit (consolekit libck-connector0 libpam-ck-connector) --- | |
consolekit (0.4.1-3ubuntu3) lucid-proposed; urgency=low | |
* Add 00git_truncate_frequent.patch: ck-history: don't truncate --frequent | |
output to 8 chars. (Closes: #660171, LP: #476811) | |
-- Martin Pitt <martin.pitt@ubuntu.com> Fri, 24 Feb 2012 09:13:03 +0000 | |
--- Changes for cron --- | |
cron (3.0pl1-106ubuntu6) lucid-proposed; urgency=low | |
* Cherry-pick fix from Debian: database.c, cron.c, cron.h | |
: | |
- Check orphaned crontabs for adoption. Fix taken from Fedora cronie. | |
Closes: #634926, LP: #27520. | |
-- Adam Stokes <adam.stokes@canonical.com> Thu, 19 Jan 2012 08:26:59 -0500 | |
--- Changes for eglibc (libc-bin libc6) --- | |
eglibc (2.11.1-0ubuntu7.10) lucid-security; urgency=low | |
* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961) | |
- debian/patches/any/glibc-CVE-2009-5029.patch: Check values from | |
TZ file header | |
- CVE-2009-5029 | |
* SECURITY UPDATE: memory consumption denial of service in fnmatch | |
- debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much | |
stack use in fnmatch. | |
- CVE-2011-1071 | |
* SECURITY UPDATE: /etc/mtab corruption denial of service | |
- debian/patches/any/glibc-CVE-2011-1089.patch: Report write | |
error in addmnt even for cached streams | |
- CVE-2011-1089 | |
* SECURITY UPDATE: insufficient locale environment sanitization | |
- debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of | |
LANG environment variable. | |
- CVE-2011-1095 | |
* SECURITY UPDATE: ld.so insecure handling of privileged programs' | |
RPATHs with $ORIGIN | |
- debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of | |
RPATH and ORIGIN | |
- CVE-2011-1658 | |
* SECURITY UPDATE: fnmatch integer overflow | |
- debian/patches/any/glibc-CVE-2011-1659.patch: check size of | |
pattern in wide character representation | |
- CVE-2011-1659 | |
* SECURITY UPDATE: signedness bug in memcpy_ssse3 | |
- debian/patches/any/glibc-CVE-2011-2702.patch: use unsigned | |
comparison instructions | |
- CVE-2011-2702 | |
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716) | |
- debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too | |
many open fds is detected | |
- CVE-2011-4609 | |
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY | |
check bypass | |
- debian/patches/any/glibc-CVE-2012-0864.patch: check for integer | |
overflow | |
- CVE-2012-0864 | |
* debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc, | |
debian/testsuite-checking/expected-results-i686-linux-gnu-i386, | |
debian/testsuite-checking/expected-results-arm-linux-gnueabi-libc: | |
update for pre-existing testsuite failures that prevents FTBFS | |
when the testsuite is enabled. | |
-- Steve Beattie <sbeattie@ubuntu.com> Wed, 07 Mar 2012 10:28:32 -0800 | |
--- Changes for freetype (libfreetype6) --- | |
freetype (2.3.11-1ubuntu2.6) lucid-security; urgency=low | |
* SECURITY UPDATE: Denial of service via crafted BDF font | |
- debian/patches-freetype/CVE-2012-1126.patch: Perform better input | |
sanitization when parsing properties. Based on upstream patch. | |
- CVE-2012-1126 | |
* SECURITY UPDATE: Denial of service via crafted BDF font | |
- debian/patches-freetype/CVE-2012-1127.patch: Perform better input | |
sanitization when parsing glyphs. Based on upstream patch. | |
- CVE-2012-1127 | |
* SECURITY UPDATE: Denial of service via crafted TrueType font | |
- debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid | |
NULL pointer dereference. Based on upstream patch. | |
- CVE-2012-1128 | |
* SECURITY UPDATE: Denial of service via crafted Type42 font | |
- debian/patches-freetype/CVE-2012-1129.patch: Perform better input | |
sanitization when parsing SFNT strings. Based on upstream patch. | |
- CVE-2012-1129 | |
* SECURITY UPDATE: Denial of service via crafted PCF font | |
- debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to | |
properly NULL-terminate parsed properties strings. Based on upstream | |
patch. | |
- CVE-2012-1130 | |
* SECURITY UPDATE: Denial of service via crafted TrueType font | |
- debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to | |
prevent integer truncation on 64 bit systems when rendering fonts. Based | |
on upstream patch. | |
- CVE-2012-1131 | |
* SECURITY UPDATE: Denial of service via crafted Type1 font | |
- debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of | |
appropriate length when loading Type1 fonts. Based on upstream patch. | |
- CVE-2012-1132 | |
* SECURITY UPDATE: Denial of service and arbitrary code execution via | |
crafted BDF font | |
- debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative | |
glyph encoding values to prevent invalid array indexes. Based on | |
upstream patch. | |
- CVE-2012-1133 | |
* SECURITY UPDATE: Denial of service and arbitrary code execution via | |
crafted Type1 font | |
- debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1 | |
private dictionary size to prevent writing past array bounds. Based on | |
upstream patch. | |
- CVE-2012-1134 | |
* SECURITY UPDATE: Denial of service via crafted TrueType font | |
- debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds | |
checks when interpreting TrueType bytecode. Based on upstream patch. | |
- CVE-2012-1135 | |
* SECURITY UPDATE: Denial of service and arbitrary code execution via | |
crafted BDF font | |
- debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is | |
defined when parsing glyphs. Based on upstream patch. | |
- CVE-2012-1136 | |
* SECURITY UPDATE: Denial of service via crafted BDF font | |
- debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number | |
of array elements to prevent reading past array bounds. Based on | |
upstream patch. | |
- CVE-2012-1137 | |
* SECURITY UPDATE: Denial of service via crafted TrueType font | |
- debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in | |
invalid read from wrong memory location. Based on upstream patch. | |
- CVE-2012-1138 | |
* SECURITY UPDATE: Denial of service via crafted BDF font | |
- debian/patches-freetype/CVE-2012-1139.patch: Check array index values to | |
prevent reading invalid memory. Based on upstream patch. | |
- CVE-2012-1139 | |
* SECURITY UPDATE: Denial of service via crafted PostScript font | |
- debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in | |
boundary checks. Based on upstream patch. | |
- CVE-2012-1140 | |
* SECURITY UPDATE: Denial of service via crafted BDF font | |
- debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements | |
to prevent invalid read. Based on upstream patch. | |
- CVE-2012-1141 | |
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font | |
- debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization | |
on first and last character code fields. Based on upstream patch. | |
- CVE-2012-1142 | |
* SECURITY UPDATE: Denial of service via crafted font | |
- debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by | |
zero when dealing with 32 bit types. Based on upstream patch. | |
- CVE-2012-1143 | |
* SECURITY UPDATE: Denial of service and arbitrary code execution via | |
crafted TrueType font | |
- debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization | |
on the first glyph outline point value. Based on upstream patch. | |
- CVE-2012-1144 | |
-- Tyler Hicks <tyhicks@canonical.com> Wed, 21 Mar 2012 19:57:51 -0500 | |
--- Changes for gcc-4.4 (cpp-4.4 gcc-4.4-base libgcc1 libstdc++6) --- | |
gcc-4.4 (4.4.3-4ubuntu5.1) lucid; urgency=low | |
* Fix PR tree-optimization/52430, taken from the 4.4 branch. LP: #931637. | |
-- Matthias Klose <doko@ubuntu.com> Thu, 08 Mar 2012 20:34:00 +0100 | |
--- Changes for gnutls26 (libgnutls26) --- | |
gnutls26 (2.8.5-2ubuntu0.1) lucid-security; urgency=low | |
* SECURITY UPDATE: Denial of service in client application | |
- debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying | |
session data. Based on upstream patch. | |
- CVE-2011-4128 | |
* SECURITY UPDATE: Denial of service via crafted TLS record | |
- debian/patches/CVE-2012-1573.patch: Validate the size of a | |
GenericBlockCipher structure as it is processed. Based on upstream | |
patch. | |
- CVE-2012-1573 | |
-- Tyler Hicks <tyhicks@canonical.com> Wed, 04 Apr 2012 11:13:02 -0500 | |
--- Changes for grub2 (grub-common grub-pc) --- | |
grub2 (1.98-1ubuntu13) lucid-proposed; urgency=low | |
[ Colin Watson ] | |
* Handle partition devices without corresponding disk devices | |
(LP: #623609). | |
[ Ken Stailey ] | |
* Backport upstream patch to skip LVM snapshots (LP: #563895). | |
-- Colin Watson <cjwatson@ubuntu.com> Fri, 20 Jan 2012 12:08:36 +0000 | |
--- Changes for lazr.restfulclient (python-lazr.restfulclient) --- | |
lazr.restfulclient (0.9.11-1ubuntu1.3) lucid-proposed; urgency=low | |
* Move test dependencies to extras_require so that setuptools doesn't think | |
they are needed for the code to work. (LP: #918307) | |
. | |
Having them listed in requires, but not in the package dependencies leads | |
to having a package installed that setuptools thinks is broken. This | |
breaks any code that relies on lazr.restfulclient (or launchpadlib) and | |
uses setuptools/pkg_resources. | |
-- James Westby <james.westby@canonical.com> Wed, 18 Jan 2012 12:16:35 -0500 | |
lazr.restfulclient (0.9.11-1ubuntu1.2) lucid-proposed; urgency=low | |
* debian/control: | |
- Always require python-simplejson as python 2.6 does not provide it | |
and lazr.restfulclient.resource does not use json on error instead. | |
(LP: #803475) | |
-- Rodney Dawes <rodney.dawes@ubuntu.com> Thu, 14 Jul 2011 15:55:51 +0200 | |
--- Changes for libpng (libpng12-0) --- | |
libpng (1.2.42-1ubuntu2.5) lucid-security; urgency=low | |
* SECURITY UPDATE: denial of service and possible code execution via | |
memory corruption issue. | |
- debian/patches/CVE-2011-3048.patch: correctly restore to previous | |
condition in pngset.c. | |
- CVE-2011-3048 | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Apr 2012 08:43:48 -0400 | |
libpng (1.2.42-1ubuntu2.4) lucid-security; urgency=low | |
* SECURITY UPDATE: denial of service and possible code execution via | |
incorrect type. | |
- debian/patches/09-CVE-2011-3045.patch: use correct type, properly | |
handle odd chunk lengths, fix off-by-one in pngrutil.c. | |
- CVE-2011-3045 | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Mar 2012 13:38:15 -0400 | |
libpng (1.2.42-1ubuntu2.3) lucid-security; urgency=low | |
* SECURITY UPDATE: fix integer overflow / truncation | |
- debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size | |
when allocating memory in png_decompress_chunk() | |
- CVE-2011-3026 | |
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 15 Feb 2012 21:22:27 -0600 | |
--- Changes for libxml2 --- | |
libxml2 (2.7.6.dfsg-1ubuntu1.4) lucid-security; urgency=low | |
* SECURITY UPDATE: add randomization to dictionaries with hash tables | |
help prevent denial of service via hash algorithm collision | |
- configure.in: lookup for rand, srand and time | |
- dict.c: add randomization to dictionaries hash tables | |
- hash.c: add randomization to normal hash tables | |
- 8973d58b7498fa5100a876815476b81fd1a2412a | |
- CVE-2012-0841 | |
-- Jamie Strandboge <jamie@ubuntu.com> Fri, 24 Feb 2012 15:17:42 -0600 | |
libxml2 (2.7.6.dfsg-1ubuntu1.3) lucid-security; urgency=low | |
* SECURITY UPDATE: fix off-by-one leading to denial of service | |
- encoding.c: adjust calculation of space available | |
- 69f04562f75212bfcabecd190ea8b06ace28ece2 | |
- CVE-2011-0216 | |
* SECURITY UPDATE: fix double free in XPath evaluation | |
- xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when | |
entering a function or a scoped evaluation | |
- f5048b3e71fc30ad096970b8df6e7af073bae4cb | |
- CVE-2011-2821 | |
* SECURITY UPDATE: fix double free in XPath evaluation | |
- xpath.c: fix missing error status in XPath evaluation | |
- 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd | |
- CVE-2011-2834 | |
* SECURITY UPDATE: fix out of bounds read | |
- parser.c: make sure the parser returns when getting a Stop order | |
- 77404b8b69bc122d12231807abf1a837d121b551 | |
- CVE-2011-3905 | |
* SECURITY UPDATE: fix heap overflow | |
- parser.c: fix an allocation error when copying entities | |
- 5bd3c061823a8499b27422aee04ea20aae24f03e | |
- CVE-2011-3919 | |
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 18 Jan 2012 13:48:59 -0600 | |
--- Changes for linux-meta (linux-headers-server linux-image-server linux-server) --- | |
linux-meta (2.6.32.40.47) lucid-proposed; urgency=low | |
* Bump ABI | |
-- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> Mon, 05 Mar 2012 17:23:02 -0300 | |
linux-meta (2.6.32.39.46) lucid-proposed; urgency=low | |
* Bump ABI | |
-- Brad Figg <brad.figg@canonical.com> Mon, 13 Feb 2012 13:44:56 -0800 | |
linux-meta (2.6.32.38.45) lucid-proposed; urgency=low | |
[ Leann Ogasawara ] | |
* Add compat-wireless v3.2 meta package | |
- LP: #918351 | |
-- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> Wed, 25 Jan 2012 15:34:49 -0200 | |
linux-meta (2.6.32.38.44) lucid-proposed; urgency=low | |
* Bump ABI | |
-- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> Mon, 02 Jan 2012 17:44:14 -0200 | |
--- Changes for mysql-dfsg-5.1 (libmysqlclient16 mysql-client mysql-client-5.1 mysql-client-core-5.1 mysql-common) --- | |
mysql-dfsg-5.1 (5.1.61-0ubuntu0.10.04.1) lucid-security; urgency=low | |
* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues | |
(LP: #937869) | |
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | |
- CVE-2011-2262 | |
- CVE-2012-0075 | |
- CVE-2012-0112 | |
- CVE-2012-0113 | |
- CVE-2012-0114 | |
- CVE-2012-0115 | |
- CVE-2012-0116 | |
- CVE-2012-0117 | |
- CVE-2012-0118 | |
- CVE-2012-0119 | |
- CVE-2012-0120 | |
- CVE-2012-0484 | |
- CVE-2012-0485 | |
- CVE-2012-0486 | |
- CVE-2012-0487 | |
- CVE-2012-0488 | |
- CVE-2012-0489 | |
- CVE-2012-0490 | |
- CVE-2012-0491 | |
- CVE-2012-0492 | |
- CVE-2012-0493 | |
- CVE-2012-0494 | |
- CVE-2012-0495 | |
- CVE-2012-0496 | |
* Dropped patches unnecessary with 5.1.61: | |
- debian/patches/90_mysql_safer_strmov.dpatch | |
- debian/patches/51_ssl_test_certs.dpatch | |
- debian/patches/52_CVE-2009-4030.dpatch | |
- debian/patches/53_CVE-2009-4484.dpatch | |
- debian/patches/54_CVE-2008-7247.dpatch | |
- debian/patches/55_CVE-2010-1621.dpatch | |
- debian/patches/56_CVE-2010-1850.dpatch | |
- debian/patches/57_CVE-2010-1849.dpatch | |
- debian/patches/58_CVE-2010-1848.dpatch | |
- debian/patches/59_CVE-2010-1626.dpatch | |
- debian/patches/60_CVE-2010-2008.dpatch | |
- debian/patches/60_CVE-2010-3677.dpatch | |
- debian/patches/60_CVE-2010-3678.dpatch | |
- debian/patches/60_CVE-2010-3679.dpatch | |
- debian/patches/60_CVE-2010-3680.dpatch | |
- debian/patches/60_CVE-2010-3681.dpatch | |
- debian/patches/60_CVE-2010-3682.dpatch | |
- debian/patches/60_CVE-2010-3683.dpatch | |
- debian/patches/60_CVE-2010-3833.dpatch | |
- debian/patches/60_CVE-2010-3834.dpatch | |
- debian/patches/60_CVE-2010-3835.dpatch | |
- debian/patches/60_CVE-2010-3836.dpatch | |
- debian/patches/60_CVE-2010-3837.dpatch | |
- debian/patches/60_CVE-2010-3838.dpatch | |
- debian/patches/60_CVE-2010-3839.dpatch | |
- debian/patches/60_CVE-2010-3840.dpatch | |
- debian/patches/61_disable_longfilename_test.dpatch | |
- debian/patches/62_alter_table_fix.dpatch | |
- debian/patches/63_cherrypick-upstream-49479.dpatch | |
- debian/patches/10_readline_build_fix.dpatch | |
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file | |
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs, | |
debian/libmysqlclient-dev.docs: removed, no longer necessary. | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 22 Feb 2012 22:33:55 -0500 | |
--- Changes for openldap (libldap-2.4-2) --- | |
openldap (2.4.21-0ubuntu5.7) lucid-proposed; urgency=low | |
* Fix replication when attr has no matching rule (LP: #903901): | |
- debian/patches/fix-syncrepl-when-attr-has-no-matching-rule.patch: | |
backport fix from upstream | |
- debian/patches/fix-syncrepl-when-attr-has-no-matching-rule-test.patch: | |
backport test from upstream | |
-- Robie Basak <robie.basak@ubuntu.com> Wed, 14 Dec 2011 14:05:18 +0000 | |
--- Changes for openssl (libssl0.9.8 openssl) --- | |
openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low | |
* SECURITY UPDATE: ECDSA private key timing attack | |
- debian/patches/CVE-2011-1945.patch: compute with fixed scalar | |
length | |
- CVE-2011-1945 | |
* SECURITY UPDATE: ECDH ciphersuite denial of service | |
- debian/patches/CVE-2011-3210.patch: fix memory usage for thread | |
safety | |
- CVE-2011-3210 | |
* SECURITY UPDATE: DTLS plaintext recovery attack | |
- debian/patches/CVE-2011-4108.patch: perform all computations | |
before discarding messages | |
- CVE-2011-4108 | |
* SECURITY UPDATE: policy check double free vulnerability | |
- debian/patches/CVE-2011-4019.patch: only free domain policyin | |
one location | |
- CVE-2011-4019 | |
* SECURITY UPDATE: SSL 3.0 block padding exposure | |
- debian/patches/CVE-2011-4576.patch: clear bytes used for block | |
padding of SSL 3.0 records. | |
- CVE-2011-4576 | |
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack | |
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 | |
data from triggering an assertion failure | |
- CVE-2011-4577 | |
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service | |
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake | |
restart for SSL/TLS. | |
- CVE-2011-4619 | |
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack | |
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC | |
- CVE-2012-0050 | |
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests | |
* debian/libssl0.9.8.postinst: Only issue the reboot notification for | |
servers by testing that the X server is not running (LP: #244250) | |
-- Steve Beattie <sbeattie@ubuntu.com> Tue, 31 Jan 2012 01:41:34 -0800 | |
--- Changes for php5 (libapache2-mod-php5 php-pear php5-cli php5-common php5-curl php5-gd php5-mysql php5-snmp) --- | |
php5 (5.3.2-1ubuntu4.14) lucid-security; urgency=low | |
* debian/patches/php5-CVE-2012-0831-regression.patch: fix | |
magic_quotes_gpc ini setting regression introduced by patch for | |
CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115) | |
-- Steve Beattie <sbeattie@ubuntu.com> Fri, 10 Feb 2012 15:07:08 -0800 | |
php5 (5.3.2-1ubuntu4.13) lucid-security; urgency=low | |
* SECURITY UPDATE: memory allocation failure denial of service | |
- debian/patches/php5-CVE-2011-4153.patch: check result of | |
zend_strdup() and calloc() for failed allocations | |
- CVE-2011-4153 | |
* SECURITY UPDATE: predictable hash collision denial of service | |
(LP: #910296) | |
- debian/patches/php5-CVE-2011-4885.patch: add max_input_vars | |
directive with default limit of 1000 | |
- ATTENTION: this update changes previous php5 behavior by | |
limiting the number of external input variables to 1000. | |
This may be increased by adding a "max_input_vars" | |
directive to the php.ini configuration file. See | |
http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars | |
for more information. | |
- CVE-2011-4885 | |
* SECURITY UPDATE: remote code execution vulnerability introduced by | |
the fix for CVE-2011-4885 (LP: #925772) | |
- debian/patches/php5-CVE-2012-0830.patch: return rather than | |
continuing if max_input_vars limit is reached | |
- CVE-2012-0830 | |
* SECURITY UPDATE: XSLT arbitrary file overwrite attack | |
- debian/patches/php5-CVE-2012-0057.patch: add xsl.security_prefs | |
ini option to define forbidden operations within XSLT stylesheets | |
- CVE-2012-0057 | |
* SECURITY UPDATE: PDORow session denial of service | |
- debian/patches/php5-CVE-2012-0788.patch: fail gracefully when | |
attempting to serialize PDORow instances | |
- CVE-2012-0788 | |
* SECURITY UPDATE: magic_quotes_gpc remote disable vulnerability | |
- debian/patches/php5-CVE-2012-0831.patch: always restore | |
magic_quote_gpc on request shutdown | |
- CVE-2012-0831 | |
* SECURITY UPDATE: arbitrary files removal via cronjob | |
- debian/php5-common.php5.cron.d: take greater care when removing | |
session files (overlooked in a previous update). | |
- http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 | |
- CVE-2011-0441 | |
-- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 Feb 2012 20:55:57 -0800 | |
--- Changes for procps --- | |
procps (1:3.2.8-1ubuntu4.2) lucid-proposed; urgency=low | |
* Make procps job run twice: as early as possible (for kernel | |
parameters such as kernel.printk) and then after all network | |
interfaces are up (to account for any kernel parameters relating | |
to recently loaded networking modules) (LP: #771372). | |
-- James Hunt <james.hunt@ubuntu.com> Wed, 07 Dec 2011 14:53:24 +0000 | |
procps (1:3.2.8-1ubuntu4.1) lucid-proposed; urgency=low | |
[ James Hunt ] | |
* Make procps job run twice: as early as possible (for kernel | |
parameters such as kernel.printk) and then after all network | |
interfaces are up (to account for any kernel parameters relating | |
to recently loaded networking modules) (LP: #771372). | |
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 17 Nov 2011 13:07:06 -0800 | |
--- Changes for python-pam --- | |
python-pam (0.4.2-12.1ubuntu1.10.04.1) lucid-security; urgency=low | |
* SECURITY UPDATE: possible code execution via double-free (LP: #949218) | |
- PAMmodule.c: prevent double free in PyPAM_conv(). | |
- Thanks to Markus Vervier for the notification and the patch. | |
- CVE-2012-1502 | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 08 Mar 2012 09:42:55 -0500 | |
--- Changes for python-wadllib --- | |
python-wadllib (1.1.4-1ubuntu1.1) lucid-proposed; urgency=low | |
* Removed dependency on elementtree from the egg-info dir as it is part of | |
python from 2.6 onwards. The package doesn't depend on it anyway, so | |
it won't make a difference to what is installed. (LP: #681394) | |
. | |
Having it listed in requires.txt meant that pkg_resources would error out | |
when used with anything that depends on python-wadllib, breaking other | |
software without cause. | |
-- James Westby <james.westby@canonical.com> Wed, 18 Jan 2012 11:18:05 -0500 | |
--- Changes for samba (libwbclient0 samba-common samba-common-bin smbfs) --- | |
samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low | |
* SECURITY UPDATE: Unauthenticated remote code execution via | |
RPC calls (LP: #978458) | |
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code | |
that uses the same value for array allocation and array length checks. | |
Based on upstream patch. | |
- debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with | |
the patched PIDL compiler | |
- CVE-2012-1182 | |
-- Tyler Hicks <tyhicks@canonical.com> Thu, 12 Apr 2012 05:28:44 -0500 | |
--- Changes for software-properties (python-software-properties) --- | |
software-properties (0.75.10.2) lucid-security; urgency=low | |
* SECURITY UPDATE: incorrect ssl certificate validation (LP: #915210) | |
- softwareproperties/ppa.py: use pycurl to download the signing key | |
fingerprint. | |
- debian/control: add python-pycurl dependency. | |
- CVE-2011-4407 | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 26 Jan 2012 11:20:28 -0500 | |
--- Changes for sysvinit (initscripts sysv-rc sysvinit-utils) --- | |
sysvinit (2.87dsf-4ubuntu17.5) lucid-proposed; urgency=low | |
* debian/initscripts/etc/init.d/umountnfs.sh: emit a new event, | |
unmounted-remote-filesystems, to allow stopping portmap | |
and others. (LP: #711425) | |
-- Clint Byrum <clint@ubuntu.com> Fri, 20 Jan 2012 01:15:42 -0800 | |
--- Changes for t1lib (libt1-5) --- | |
t1lib (5.1.2-3ubuntu0.10.04.2) lucid-security; urgency=low | |
* SECURITY UPDATE: fix denial of service via oversized fonts | |
- debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to | |
address remaining crashes | |
- CVE-2011-1552 | |
- CVE-2011-1553 | |
- CVE-2011-1554 | |
* SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser | |
- debian/patches/CVE-2010-2642_2011-0433.patch: verify array boundaries in | |
lib/t1lib/parseAFM.c | |
- CVE-2010-2642 | |
- CVE-2011-0433 | |
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 17 Jan 2012 14:38:43 -0600 | |
--- Changes for tzdata --- | |
tzdata (2012b-0ubuntu0.10.04) lucid-proposed; urgency=low | |
* New upstream release 2012b: | |
- Update DST rules for Chile (LP: #948328), Armenia, Samoa, Cuba, | |
Falkland. | |
- Fix historic DST rules for Canada. | |
- Add leap seconds for June 2012. | |
-- Martin Pitt <martin.pitt@ubuntu.com> Fri, 09 Mar 2012 08:40:50 +0000 | |
--- Changes for unattended-upgrades --- | |
unattended-upgrades (0.55ubuntu7) lucid-proposed; urgency=low | |
* backport lp:~mvo/unattended-upgrades/unshadow-versions | |
to fix versions in -updates shadowing versions in -security | |
(LP: #891747) | |
* print conffile hold-backs to stdout to ensure its part of | |
the cron mail (LP: #773007), thanks to Jean-Baptiste Lallement | |
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Nov 2011 09:34:06 +0100 | |
--- Changes for update-manager (update-manager-core) --- | |
update-manager (1:0.134.12.1) lucid-proposed; urgency=low | |
* Add in an apport source package hook to ensure that bugs reported about | |
update-manager include details regarding the upgrade process (LP: #927979) | |
-- Brian Murray <brian@ubuntu.com> Fri, 17 Feb 2012 10:23:31 -0800 | |
update-manager (1:0.134.11.2) lucid-security; urgency=low | |
* REGRESSION FIX: | |
- DistUpgrade/DistUpgradeViewKDE.py: fix regression caused by improper | |
return value handling. (LP: #933225) | |
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 15 Feb 2012 22:47:06 -0500 | |
======================================================================== | |
You can perform the upgrade by issuing the command: | |
aptitude full-upgrade | |
as root on vdox-lab-mgmt02.online.no | |
-- | |
apticron |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment