[ubuntu/trusty-updates] apport 2.14.1-0ubuntu3.18 (Accepted)

[Ubuntu Archive Robot]

apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium

  * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
  * SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)

apport (2.14.1-0ubuntu3.17) trusty-proposed; urgency=medium

  * Consistently intercept "report file already exists" errors in all writers
of report files (package_hook, kernel_crashdump, and similar) to avoid
unhandled exceptions on those. (LP: #1500450)

Date: 2015-10-23 17:29:13.071218+00:00
Changed-By: Martin Pitt 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] mysql-5.6 5.6.27-0ubuntu0.14.04.1 (Accepted)

[Marc Deslauriers]

mysql-5.6 (5.6.27-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.27 to fix security issues (LP: #1508441)
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
  * debian/patches/fix_testsuite_date.patch: fix test suite failure caused
by arbitrary date in the future no longer being in the future.
  * debian/rules: remove -fno-exceptions to fix ftbfs with new version.
  * debian/rules: fix ftbfs by building the sql directory first so the
required files are generated.

Date: 2015-10-26 22:10:12.584159+00:00
Changed-By: Marc Deslauriers 
https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.27-0ubuntu0.14.04.1
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-updates] mysql-5.6 5.6.27-0ubuntu0.14.04.1 (Accepted)

[Ubuntu Archive Robot]

mysql-5.6 (5.6.27-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.27 to fix security issues (LP: #1508441)
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
  * debian/patches/fix_testsuite_date.patch: fix test suite failure caused
by arbitrary date in the future no longer being in the future.
  * debian/rules: remove -fno-exceptions to fix ftbfs with new version.
  * debian/rules: fix ftbfs by building the sql directory first so the
required files are generated.

Date: 2015-10-26 22:10:12.584159+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.27-0ubuntu0.14.04.1
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] apport 2.14.1-0ubuntu3.18 (Accepted)

[Marc Deslauriers]

apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium

  * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
  * SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)

apport (2.14.1-0ubuntu3.17) trusty-proposed; urgency=medium

  * Consistently intercept "report file already exists" errors in all writers
of report files (package_hook, kernel_crashdump, and similar) to avoid
unhandled exceptions on those. (LP: #1500450)

apport (2.14.1-0ubuntu3.16) trusty-proposed; urgency=medium

  * Add data/general-hooks/powerpc.py: Collect some PowerPC[64] information.
Thanks to Thierry FAUCK! (LP: #1336462)

Date: 2015-10-23 17:29:13.071218+00:00
Changed-By: Martin Pitt 
Signed-By: Marc Deslauriers 
https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 (Accepted)

[Marc Deslauriers]

ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted NUL-byte in
configuration directive
- debian/patches/CVE-2015-5146.patch: properly validate command in
  ntpd/ntp_control.c.
- CVE-2015-5146
  * SECURITY UPDATE: denial of service via malformed logconfig commands
- debian/patches/CVE-2015-5194.patch: fix logconfig logic in
  ntpd/ntp_parser.y.
- CVE-2015-5194
  * SECURITY UPDATE: denial of service via disabled statistics type
- debian/patches/CVE-2015-5195.patch: handle unrecognized types in
  ntpd/ntp_config.c.
- CVE-2015-5195
  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
configuration directives
- debian/patches/CVE-2015-5196.patch: disable remote configuration in
  ntpd/ntp_parser.y.
- CVE-2015-5196
- CVE-2015-7703
  * SECURITY UPDATE: denial of service via precision value conversion
- debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
  include/ntp.h.
- CVE-2015-5219
  * SECURITY UPDATE: timeshifting by reboot issue
- debian/patches/CVE-2015-5300.patch: disable panic in
  ntpd/ntp_loopfilter.c.
- CVE-2015-5300
  * SECURITY UPDATE: incomplete autokey data packet length checks
- debian/patches/CVE-2015-7691.patch: add length and size checks to
  ntpd/ntp_crypto.c.
- CVE-2015-7691
- CVE-2015-7692
- CVE-2015-7702
  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
- debian/patches/CVE-2015-7701.patch: add missing free in
  ntpd/ntp_crypto.c.
- CVE-2015-7701
  * SECURITY UPDATE: denial of service by spoofed KoD
- debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
- CVE-2015-7704
- CVE-2015-7705
  * SECURITY UPDATE: denial of service via same logfile and keyfile
- debian/patches/CVE-2015-7850.patch: rate limit errors in
  include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
  libntp/msyslog.c.
- CVE-2015-7850
  * SECURITY UPDATE: ntpq atoascii memory corruption
- debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
  ntpq/ntpq.c.
- CVE-2015-7852
  * SECURITY UPDATE: buffer overflow via custom refclock driver
- debian/patches/CVE-2015-7853.patch: properly calculate length in
  ntpd/ntp_io.c.
- CVE-2015-7853
  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
- debian/patches/CVE-2015-7855.patch: simply return fail in
  libntp/decodenetnum.c.
- CVE-2015-7855
  * SECURITY UPDATE: symmetric association authentication bypass via
crypto-NAK
- debian/patches/CVE-2015-7871.patch: drop unhandled packet in
  ntpd/ntp_proto.c.
- CVE-2015-7871
  * debian/control: add bison to Build-Depends.
  * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
regenerated for some reason.
  * This package does _not_ contain the changes from
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed.

Date: 2015-10-23 16:41:13.356223+00:00
Changed-By: Marc Deslauriers 
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-updates] ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 (Accepted)

[Ubuntu Archive Robot]

ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted NUL-byte in
configuration directive
- debian/patches/CVE-2015-5146.patch: properly validate command in
  ntpd/ntp_control.c.
- CVE-2015-5146
  * SECURITY UPDATE: denial of service via malformed logconfig commands
- debian/patches/CVE-2015-5194.patch: fix logconfig logic in
  ntpd/ntp_parser.y.
- CVE-2015-5194
  * SECURITY UPDATE: denial of service via disabled statistics type
- debian/patches/CVE-2015-5195.patch: handle unrecognized types in
  ntpd/ntp_config.c.
- CVE-2015-5195
  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
configuration directives
- debian/patches/CVE-2015-5196.patch: disable remote configuration in
  ntpd/ntp_parser.y.
- CVE-2015-5196
- CVE-2015-7703
  * SECURITY UPDATE: denial of service via precision value conversion
- debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
  include/ntp.h.
- CVE-2015-5219
  * SECURITY UPDATE: timeshifting by reboot issue
- debian/patches/CVE-2015-5300.patch: disable panic in
  ntpd/ntp_loopfilter.c.
- CVE-2015-5300
  * SECURITY UPDATE: incomplete autokey data packet length checks
- debian/patches/CVE-2015-7691.patch: add length and size checks to
  ntpd/ntp_crypto.c.
- CVE-2015-7691
- CVE-2015-7692
- CVE-2015-7702
  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
- debian/patches/CVE-2015-7701.patch: add missing free in
  ntpd/ntp_crypto.c.
- CVE-2015-7701
  * SECURITY UPDATE: denial of service by spoofed KoD
- debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
- CVE-2015-7704
- CVE-2015-7705
  * SECURITY UPDATE: denial of service via same logfile and keyfile
- debian/patches/CVE-2015-7850.patch: rate limit errors in
  include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
  libntp/msyslog.c.
- CVE-2015-7850
  * SECURITY UPDATE: ntpq atoascii memory corruption
- debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
  ntpq/ntpq.c.
- CVE-2015-7852
  * SECURITY UPDATE: buffer overflow via custom refclock driver
- debian/patches/CVE-2015-7853.patch: properly calculate length in
  ntpd/ntp_io.c.
- CVE-2015-7853
  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
- debian/patches/CVE-2015-7855.patch: simply return fail in
  libntp/decodenetnum.c.
- CVE-2015-7855
  * SECURITY UPDATE: symmetric association authentication bypass via
crypto-NAK
- debian/patches/CVE-2015-7871.patch: drop unhandled packet in
  ntpd/ntp_proto.c.
- CVE-2015-7871
  * debian/control: add bison to Build-Depends.
  * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
regenerated for some reason.
  * This package does _not_ contain the changes from
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed.

Date: 2015-10-23 16:41:13.356223+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-proposed] systemd 204-5ubuntu20.16 (Accepted)

[Bryce Harrington]

systemd (204-5ubuntu20.16) trusty-proposed; urgency=medium

  * debian/patches/avocent-sc-secure-kvm.patch: Disable USB autosuspend
for the Avocent SC Secure KVM.
(LP: #1371403)

Date: Thu, 22 Oct 2015 13:39:41 -0700
Changed-By: Bryce Harrington 
Maintainer: Ubuntu Developers 
https://launchpad.net/ubuntu/+source/systemd/204-5ubuntu20.16
Format: 1.8
Date: Thu, 22 Oct 2015 13:39:41 -0700
Source: systemd
Binary: systemd systemd-sysv systemd-services libpam-systemd libsystemd-login0 
libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev 
libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 
libsystemd-id128-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb 
libgudev-1.0-0 gir1.2-gudev-1.0 libgudev-1.0-dev python-systemd
Architecture: source
Version: 204-5ubuntu20.16
Distribution: trusty-proposed
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Bryce Harrington 
Description: 
 gir1.2-gudev-1.0 - libgudev-1.0 introspection data
 libgudev-1.0-0 - GObject-based wrapper library for libudev
 libgudev-1.0-dev - libgudev-1.0 development files
 libpam-systemd - system and service manager - PAM module
 libsystemd-daemon-dev - systemd utility library - development files
 libsystemd-daemon0 - systemd utility library
 libsystemd-id128-0 - systemd 128 bit ID utility library
 libsystemd-id128-dev - systemd 128 bit ID utility library - development files
 libsystemd-journal-dev - systemd journal utility library - development files
 libsystemd-journal0 - systemd journal utility library
 libsystemd-login-dev - systemd login utility library - development files
 libsystemd-login0 - systemd login utility library
 libudev-dev - libudev development files
 libudev1   - libudev shared library
 libudev1-udeb - libudev shared library (udeb)
 python-systemd - python bindings for systemd
 systemd- system and service manager
 systemd-services - systemd runtime services
 systemd-sysv - system and service manager - SysV links
 udev   - /dev/ and hotplug management daemon
 udev-udeb  - /dev/ and hotplug management daemon (udeb)
Launchpad-Bugs-Fixed: 1371403
Changes: 
 systemd (204-5ubuntu20.16) trusty-proposed; urgency=medium
 .
   * debian/patches/avocent-sc-secure-kvm.patch: Disable USB autosuspend
 for the Avocent SC Secure KVM.
 (LP: #1371403)
Checksums-Sha1: 
 8c5c66dac3de1f858847275212e5954e94b042e7 3136 systemd_204-5ubuntu20.16.dsc
 37b45766a44a95a6b6a7cdf4b587c151375b2053 2186264 systemd_204.orig.tar.xz
 fedb867c7f9cfb73adb153898d722b4e12f90bc0 164955 
systemd_204-5ubuntu20.16.debian.tar.gz
Checksums-Sha256: 
 81c6a82491c18187b9093242856953684505558b9a31d3800a04dc3df57cf3c3 3136 
systemd_204-5ubuntu20.16.dsc
 072c393503c7c1e55ca7acf3db659cbd28c7fe5fa94fab3db95360bafd96731b 2186264 
systemd_204.orig.tar.xz
 868ab59c5e58b2adb4717bf24f234e75af4865e9d152269498b256ab9d47b821 164955 
systemd_204-5ubuntu20.16.debian.tar.gz
Files: 
 26a09e11204c909609242a248e5a7fb2 3136 admin optional 
systemd_204-5ubuntu20.16.dsc
 a07619bb19f48164fbf0761d12fd39a8 2186264 admin optional systemd_204.orig.tar.xz
 456dd3f3fbd0dd8f2203ac2d9a0052ba 164955 admin optional 
systemd_204-5ubuntu20.16.debian.tar.gz
Original-Maintainer: Debian systemd Maintainers 

-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-proposed] distro-info-data 0.18ubuntu0.4 (Accepted)

[Stefano Rivera]

distro-info-data (0.18ubuntu0.4) trusty; urgency=medium

  * Copy data from 0.28 (LP: #1508759)
- Update Ubuntu 15.10 release date.
- Add Ubuntu 16.04, with a provisional release date.

Date: Wed, 21 Oct 2015 20:11:45 -0700
Changed-By: Stefano Rivera 
Maintainer: Ubuntu Developers 
https://launchpad.net/ubuntu/+source/distro-info-data/0.18ubuntu0.4
Format: 1.8
Date: Wed, 21 Oct 2015 20:11:45 -0700
Source: distro-info-data
Binary: distro-info-data
Architecture: source
Version: 0.18ubuntu0.4
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Stefano Rivera 
Description:
 distro-info-data - information about the distributions' releases (data files)
Launchpad-Bugs-Fixed: 1508759
Changes:
 distro-info-data (0.18ubuntu0.4) trusty; urgency=medium
 .
   * Copy data from 0.28 (LP: #1508759)
 - Update Ubuntu 15.10 release date.
 - Add Ubuntu 16.04, with a provisional release date.
Checksums-Sha1:
 b98d30ef3d1b9aace23ffc588641e698410145fb 1397 
distro-info-data_0.18ubuntu0.4.dsc
 a50c722f159b6cb4a5ad1e081ce6541d72178ede 6104 
distro-info-data_0.18ubuntu0.4.tar.xz
Checksums-Sha256:
 58e8160876ca2777ba5ee23e682d68e27abb43550b8497af6fe8aad338f61a97 1397 
distro-info-data_0.18ubuntu0.4.dsc
 1991a5b1f851179798ba835e92590257ba7ea05b5c2184f2434365f8d4df6beb 6104 
distro-info-data_0.18ubuntu0.4.tar.xz
Files:
 8ae2b8226ff31a309de39cc07bc539b9 1397 devel optional 
distro-info-data_0.18ubuntu0.4.dsc
 239504cb503e925d22b2a05b742078a4 6104 devel optional 
distro-info-data_0.18ubuntu0.4.tar.xz
Original-Maintainer: Benjamin Drung 
-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes