[ubuntu/lucid-security] xpdf, xpdf (delayed) 3.02-2ubuntu1.1 (Accepted)
xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. (LP: #701220) - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3702 * SECURITY UPDATE: FoFiType1::parse function allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. (LP: #701220) - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3704 Date: Thu, 20 Jan 2011 16:49:30 -0500 Changed-By: Brian Thomason brian.thoma...@canonical.com Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/xpdf/3.02-2ubuntu1.1 Format: 1.8 Date: Thu, 20 Jan 2011 16:49:30 -0500 Source: xpdf Binary: xpdf xpdf-common xpdf-reader xpdf-utils Architecture: source Version: 3.02-2ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Brian Thomason brian.thoma...@canonical.com Description: xpdf - Portable Document Format (PDF) suite xpdf-common - Portable Document Format (PDF) suite -- common files xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11 xpdf-utils - Portable Document Format (PDF) suite -- utilities Launchpad-Bugs-Fixed: 701220 701220 Changes: xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. (LP: #701220) - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3702 * SECURITY UPDATE: FoFiType1::parse function allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. (LP: #701220) - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) - CVE-2010-3704 Checksums-Sha1: 26525da9aa5a2d9fbbbd56101165d21d85eedd44 2076 xpdf_3.02-2ubuntu1.1.dsc 5dfe873a44f6152f8cba13832cbcce77bfc35cbc 59861 xpdf_3.02-2ubuntu1.1.debian.tar.gz Checksums-Sha256: 2b0509ad1ee4e67d560468f24aa7bce802ad2de24bc72c8fe247eee0aa9ff8b4 2076 xpdf_3.02-2ubuntu1.1.dsc 6162b2b0b905c2cdffd0f7cdbe202d818d84d435c39a15329b9c53ddad6305bd 59861 xpdf_3.02-2ubuntu1.1.debian.tar.gz Files: 6e0ba37a8b31fde9b8eda5281e331c5d 2076 text optional xpdf_3.02-2ubuntu1.1.dsc 9629b96bed87639ab211b12a92105702 59861 text optional xpdf_3.02-2ubuntu1.1.debian.tar.gz Original-Maintainer: Michael Gilbert michael.s.gilb...@gmail.com -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] asterisk (delayed), asterisk 1:1.6.2.5-0ubuntu1.3 (Accepted)
asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 Date: Thu, 20 Jan 2011 23:31:55 + Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com Maintainer: Ubuntu MOTU Developers ubuntu-m...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/asterisk/1:1.6.2.5-0ubuntu1.3 Format: 1.8 Date: Thu, 20 Jan 2011 23:31:55 + Source: asterisk Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: source Version: 1:1.6.2.5-0ubuntu1.3 Distribution: lucid-security Urgency: low Maintainer: Ubuntu MOTU Developers ubuntu-m...@lists.ubuntu.com Changed-By: Dave Walker (Daviey) davewal...@ubuntu.com Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h323 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Launchpad-Bugs-Fixed: 705014 Changes: asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low . * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 Checksums-Sha1: 010f082e46b48dc6a2fb612fadc95fec44865d98 2683 asterisk_1.6.2.5-0ubuntu1.3.dsc 382a1d55efed3f8ed541fa852ad4229b11715e34 62648 asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz Checksums-Sha256: 00af7418a7f4545675c1d168ae803303ab08e42b5902f930a36f6b2809cda27c 2683 asterisk_1.6.2.5-0ubuntu1.3.dsc 53bc8c7612bc9b81c7449b8975610d8f42eb131b834585fb22870fa4ed3d9104 62648 asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz Files: ca634dee9a2a0a59b18a8932229fdf6e 2683 comm optional asterisk_1.6.2.5-0ubuntu1.3.dsc 9e8955f86da0ee0a4cec1622e2309ddc 62648 comm optional asterisk_1.6.2.5-0ubuntu1.3.debian.tar.gz Original-Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-security] mumble_1.2.2-1ubuntu1.1_ia64_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_i386_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_amd64_translations.tar.gz, mumble_1.2.2-1ubuntu1.1_p
mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674) - debian/mumble-server.postinst: Set permissions of mumble-server.ini to 0640 and the owner to root:mumble-server. Date: Thu, 20 Jan 2011 12:56:28 +0100 Changed-By: Felix Geyer debfx-...@fobos.de Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/mumble/1.2.2-1ubuntu1.1 Format: 1.8 Date: Thu, 20 Jan 2011 12:56:28 +0100 Source: mumble Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web Architecture: source Version: 1.2.2-1ubuntu1.1 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Felix Geyer debfx-...@fobos.de Description: mumble - Low latency VoIP client mumble-11x - Low latency VoIP client (1.1.x) mumble-dbg - Low latency VoIP client (debugging symbols) mumble-server - Low latency VoIP server mumble-server-web - Web scripts for mumble-server Launchpad-Bugs-Fixed: 704674 Changes: mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low . * SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674) - debian/mumble-server.postinst: Set permissions of mumble-server.ini to 0640 and the owner to root:mumble-server. Checksums-Sha1: fcb82333c22f7440f5e6c135b97400ca73f97a24 2657 mumble_1.2.2-1ubuntu1.1.dsc f12c604a33682507ae3337090e187c6e00e8f8f1 26916 mumble_1.2.2-1ubuntu1.1.debian.tar.gz Checksums-Sha256: c95bc113f1231f9eb6011da9e96509a58b600c9c208d7ad0195afc89772d1dbb 2657 mumble_1.2.2-1ubuntu1.1.dsc 4687b816c3dc61a2985c36ed6f34b4d9c2dd3120b275e83b8521a4e9764d4294 26916 mumble_1.2.2-1ubuntu1.1.debian.tar.gz Files: 3278e12c874a79bd9e587897b9f408e1 2657 sound optional mumble_1.2.2-1ubuntu1.1.dsc 32330c916aea3fd85670e5c9b59dfd35 26916 sound optional mumble_1.2.2-1ubuntu1.1.debian.tar.gz Original-Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes
[ubuntu/lucid-proposed] eglibc 2.11.1-0ubuntu7.8 (Accepted)
eglibc (2.11.1-0ubuntu7.8) lucid-proposed; urgency=low [ Matthias Klose ] * Fix issue #12077, __strncmp_ssse3 can segfault when it over-reads its buffer. LP: #702190. [ Clint Byrum ] * do not run 'telinit u' on upgrade, as this will break upstart. touch /var/run/init.upgraded instead, which will force a re-exec just before remounting root read-only. LP: #672177, LP: #694772. Date: Wed, 19 Jan 2011 03:06:52 +0100 Changed-By: Matthias Klose d...@ubuntu.com Maintainer: Ubuntu Core developers ubuntu-devel-disc...@lists.ubuntu.com https://launchpad.net/ubuntu/lucid/+source/eglibc/2.11.1-0ubuntu7.8 Format: 1.8 Date: Wed, 19 Jan 2011 03:06:52 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-sparcv9v libc6-sparcv9v2 libc6-sparc64b libc6-sparc64v libc6-sparc64v2 libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source Version: 2.11.1-0ubuntu7.8 Distribution: lucid-proposed Urgency: low Maintainer: Ubuntu Core developers ubuntu-devel-disc...@lists.ubuntu.com Changed-By: Matthias Klose d...@ubuntu.com Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1- Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3- Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparc64b - GNU C Library: 64bit Shared libraries for UltraSPARC [v9b optimiz libc6-sparc64v - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v optimiz libc6-sparc64v2 - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v2 optimi libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized] libc6-sparcv9v - GNU C Library: Shared libraries [v9v optimized] libc6-sparcv9v2 - GNU C Library: Shared libraries [v9v2 optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - GNU C Library: Shared libraries [Xen
[ubuntu/lucid-proposed] upstart 0.6.5-8 (Accepted)
upstart (0.6.5-8) lucid-proposed; urgency=low * Re-add upstream r977 to allow proper re-exec on shutdown (LP: #672177) * debian/control: adding Breaks on eglibc version that disables telinit u to avoid accidentally installing a version of libc6 that will cause upstart to re-exec and lose its state. Date: Fri, 21 Jan 2011 08:21:18 -0800 Changed-By: Clint Byrum cl...@ubuntu.com Maintainer: Scott James Remnant sc...@ubuntu.com Signed-By: Matthias Klose d...@ubuntu.com https://launchpad.net/ubuntu/lucid/+source/upstart/0.6.5-8 Format: 1.8 Date: Fri, 21 Jan 2011 08:21:18 -0800 Source: upstart Binary: upstart Architecture: source Version: 0.6.5-8 Distribution: lucid-proposed Urgency: low Maintainer: Scott James Remnant sc...@ubuntu.com Changed-By: Clint Byrum cl...@ubuntu.com Description: upstart- event-based init daemon Launchpad-Bugs-Fixed: 672177 Changes: upstart (0.6.5-8) lucid-proposed; urgency=low . * Re-add upstream r977 to allow proper re-exec on shutdown (LP: #672177) * debian/control: adding Breaks on eglibc version that disables telinit u to avoid accidentally installing a version of libc6 that will cause upstart to re-exec and lose its state. Checksums-Sha1: 198f8d981204ce28be0b02fa214b39b8135ed4a9 1166 upstart_0.6.5-8.dsc cdafa343896e640230a13bf05c64dfb7b58ab133 33149 upstart_0.6.5-8.diff.gz Checksums-Sha256: dc238ba7e09c8af2bbc1cd1f3f466cdd2d35b530dd2c6a42e46658b2346b14c6 1166 upstart_0.6.5-8.dsc 415c71d83f0f02c1a867bb77ace1725661c643f799763282a3c0c816bbac0ba5 33149 upstart_0.6.5-8.diff.gz Files: 79a7aec709326985f5c25e8735837a10 1166 admin required upstart_0.6.5-8.dsc 8ee6d9d84ef068eab4adcbadef87ac82 33149 admin required upstart_0.6.5-8.diff.gz -- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes