[ubuntu/trusty-updates] apport 2.14.1-0ubuntu3.18 (Accepted)
apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids random test failures due to leaking paths from previous test cases. * SECURITY FIX: When determining the path of a Python module for a program like "python -m module_name", avoid actually importing and running the module; this could lead to local root privilege escalation. Thanks to Gabriel Campana for discovering this and the fix! (CVE-2015-1341, LP: #1507480) apport (2.14.1-0ubuntu3.17) trusty-proposed; urgency=medium * Consistently intercept "report file already exists" errors in all writers of report files (package_hook, kernel_crashdump, and similar) to avoid unhandled exceptions on those. (LP: #1500450) Date: 2015-10-23 17:29:13.071218+00:00 Changed-By: Martin PittSigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] mysql-5.6 5.6.27-0ubuntu0.14.04.1 (Accepted)
mysql-5.6 (5.6.27-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Update to 5.6.27 to fix security issues (LP: #1508441) - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html * debian/patches/fix_testsuite_date.patch: fix test suite failure caused by arbitrary date in the future no longer being in the future. * debian/rules: remove -fno-exceptions to fix ftbfs with new version. * debian/rules: fix ftbfs by building the sql directory first so the required files are generated. Date: 2015-10-26 22:10:12.584159+00:00 Changed-By: Marc Deslauriershttps://launchpad.net/ubuntu/+source/mysql-5.6/5.6.27-0ubuntu0.14.04.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] mysql-5.6 5.6.27-0ubuntu0.14.04.1 (Accepted)
mysql-5.6 (5.6.27-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Update to 5.6.27 to fix security issues (LP: #1508441) - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html * debian/patches/fix_testsuite_date.patch: fix test suite failure caused by arbitrary date in the future no longer being in the future. * debian/rules: remove -fno-exceptions to fix ftbfs with new version. * debian/rules: fix ftbfs by building the sql directory first so the required files are generated. Date: 2015-10-26 22:10:12.584159+00:00 Changed-By: Marc DeslauriersSigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.27-0ubuntu0.14.04.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] apport 2.14.1-0ubuntu3.18 (Accepted)
apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids random test failures due to leaking paths from previous test cases. * SECURITY FIX: When determining the path of a Python module for a program like "python -m module_name", avoid actually importing and running the module; this could lead to local root privilege escalation. Thanks to Gabriel Campana for discovering this and the fix! (CVE-2015-1341, LP: #1507480) apport (2.14.1-0ubuntu3.17) trusty-proposed; urgency=medium * Consistently intercept "report file already exists" errors in all writers of report files (package_hook, kernel_crashdump, and similar) to avoid unhandled exceptions on those. (LP: #1500450) apport (2.14.1-0ubuntu3.16) trusty-proposed; urgency=medium * Add data/general-hooks/powerpc.py: Collect some PowerPC[64] information. Thanks to Thierry FAUCK! (LP: #1336462) Date: 2015-10-23 17:29:13.071218+00:00 Changed-By: Martin PittSigned-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 (Accepted)
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via crafted NUL-byte in configuration directive - debian/patches/CVE-2015-5146.patch: properly validate command in ntpd/ntp_control.c. - CVE-2015-5146 * SECURITY UPDATE: denial of service via malformed logconfig commands - debian/patches/CVE-2015-5194.patch: fix logconfig logic in ntpd/ntp_parser.y. - CVE-2015-5194 * SECURITY UPDATE: denial of service via disabled statistics type - debian/patches/CVE-2015-5195.patch: handle unrecognized types in ntpd/ntp_config.c. - CVE-2015-5195 * SECURITY UPDATE: file overwrite via remote pidfile and driftfile configuration directives - debian/patches/CVE-2015-5196.patch: disable remote configuration in ntpd/ntp_parser.y. - CVE-2015-5196 - CVE-2015-7703 * SECURITY UPDATE: denial of service via precision value conversion - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in include/ntp.h. - CVE-2015-5219 * SECURITY UPDATE: timeshifting by reboot issue - debian/patches/CVE-2015-5300.patch: disable panic in ntpd/ntp_loopfilter.c. - CVE-2015-5300 * SECURITY UPDATE: incomplete autokey data packet length checks - debian/patches/CVE-2015-7691.patch: add length and size checks to ntpd/ntp_crypto.c. - CVE-2015-7691 - CVE-2015-7692 - CVE-2015-7702 * SECURITY UPDATE: memory leak in CRYPTO_ASSOC - debian/patches/CVE-2015-7701.patch: add missing free in ntpd/ntp_crypto.c. - CVE-2015-7701 * SECURITY UPDATE: denial of service by spoofed KoD - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c. - CVE-2015-7704 - CVE-2015-7705 * SECURITY UPDATE: denial of service via same logfile and keyfile - debian/patches/CVE-2015-7850.patch: rate limit errors in include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c, libntp/msyslog.c. - CVE-2015-7850 * SECURITY UPDATE: ntpq atoascii memory corruption - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in ntpq/ntpq.c. - CVE-2015-7852 * SECURITY UPDATE: buffer overflow via custom refclock driver - debian/patches/CVE-2015-7853.patch: properly calculate length in ntpd/ntp_io.c. - CVE-2015-7853 * SECURITY UPDATE: denial of service via ASSERT in decodenetnum - debian/patches/CVE-2015-7855.patch: simply return fail in libntp/decodenetnum.c. - CVE-2015-7855 * SECURITY UPDATE: symmetric association authentication bypass via crypto-NAK - debian/patches/CVE-2015-7871.patch: drop unhandled packet in ntpd/ntp_proto.c. - CVE-2015-7871 * debian/control: add bison to Build-Depends. * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly regenerated for some reason. * This package does _not_ contain the changes from (1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed. Date: 2015-10-23 16:41:13.356223+00:00 Changed-By: Marc Deslauriershttps://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 (Accepted)
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via crafted NUL-byte in configuration directive - debian/patches/CVE-2015-5146.patch: properly validate command in ntpd/ntp_control.c. - CVE-2015-5146 * SECURITY UPDATE: denial of service via malformed logconfig commands - debian/patches/CVE-2015-5194.patch: fix logconfig logic in ntpd/ntp_parser.y. - CVE-2015-5194 * SECURITY UPDATE: denial of service via disabled statistics type - debian/patches/CVE-2015-5195.patch: handle unrecognized types in ntpd/ntp_config.c. - CVE-2015-5195 * SECURITY UPDATE: file overwrite via remote pidfile and driftfile configuration directives - debian/patches/CVE-2015-5196.patch: disable remote configuration in ntpd/ntp_parser.y. - CVE-2015-5196 - CVE-2015-7703 * SECURITY UPDATE: denial of service via precision value conversion - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in include/ntp.h. - CVE-2015-5219 * SECURITY UPDATE: timeshifting by reboot issue - debian/patches/CVE-2015-5300.patch: disable panic in ntpd/ntp_loopfilter.c. - CVE-2015-5300 * SECURITY UPDATE: incomplete autokey data packet length checks - debian/patches/CVE-2015-7691.patch: add length and size checks to ntpd/ntp_crypto.c. - CVE-2015-7691 - CVE-2015-7692 - CVE-2015-7702 * SECURITY UPDATE: memory leak in CRYPTO_ASSOC - debian/patches/CVE-2015-7701.patch: add missing free in ntpd/ntp_crypto.c. - CVE-2015-7701 * SECURITY UPDATE: denial of service by spoofed KoD - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c. - CVE-2015-7704 - CVE-2015-7705 * SECURITY UPDATE: denial of service via same logfile and keyfile - debian/patches/CVE-2015-7850.patch: rate limit errors in include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c, libntp/msyslog.c. - CVE-2015-7850 * SECURITY UPDATE: ntpq atoascii memory corruption - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in ntpq/ntpq.c. - CVE-2015-7852 * SECURITY UPDATE: buffer overflow via custom refclock driver - debian/patches/CVE-2015-7853.patch: properly calculate length in ntpd/ntp_io.c. - CVE-2015-7853 * SECURITY UPDATE: denial of service via ASSERT in decodenetnum - debian/patches/CVE-2015-7855.patch: simply return fail in libntp/decodenetnum.c. - CVE-2015-7855 * SECURITY UPDATE: symmetric association authentication bypass via crypto-NAK - debian/patches/CVE-2015-7871.patch: drop unhandled packet in ntpd/ntp_proto.c. - CVE-2015-7871 * debian/control: add bison to Build-Depends. * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly regenerated for some reason. * This package does _not_ contain the changes from (1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed. Date: 2015-10-23 16:41:13.356223+00:00 Changed-By: Marc DeslauriersSigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-proposed] systemd 204-5ubuntu20.16 (Accepted)
systemd (204-5ubuntu20.16) trusty-proposed; urgency=medium * debian/patches/avocent-sc-secure-kvm.patch: Disable USB autosuspend for the Avocent SC Secure KVM. (LP: #1371403) Date: Thu, 22 Oct 2015 13:39:41 -0700 Changed-By: Bryce HarringtonMaintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/systemd/204-5ubuntu20.16 Format: 1.8 Date: Thu, 22 Oct 2015 13:39:41 -0700 Source: systemd Binary: systemd systemd-sysv systemd-services libpam-systemd libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libsystemd-id128-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb libgudev-1.0-0 gir1.2-gudev-1.0 libgudev-1.0-dev python-systemd Architecture: source Version: 204-5ubuntu20.16 Distribution: trusty-proposed Urgency: medium Maintainer: Ubuntu Developers Changed-By: Bryce Harrington Description: gir1.2-gudev-1.0 - libgudev-1.0 introspection data libgudev-1.0-0 - GObject-based wrapper library for libudev libgudev-1.0-dev - libgudev-1.0 development files libpam-systemd - system and service manager - PAM module libsystemd-daemon-dev - systemd utility library - development files libsystemd-daemon0 - systemd utility library libsystemd-id128-0 - systemd 128 bit ID utility library libsystemd-id128-dev - systemd 128 bit ID utility library - development files libsystemd-journal-dev - systemd journal utility library - development files libsystemd-journal0 - systemd journal utility library libsystemd-login-dev - systemd login utility library - development files libsystemd-login0 - systemd login utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) python-systemd - python bindings for systemd systemd- system and service manager systemd-services - systemd runtime services systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Launchpad-Bugs-Fixed: 1371403 Changes: systemd (204-5ubuntu20.16) trusty-proposed; urgency=medium . * debian/patches/avocent-sc-secure-kvm.patch: Disable USB autosuspend for the Avocent SC Secure KVM. (LP: #1371403) Checksums-Sha1: 8c5c66dac3de1f858847275212e5954e94b042e7 3136 systemd_204-5ubuntu20.16.dsc 37b45766a44a95a6b6a7cdf4b587c151375b2053 2186264 systemd_204.orig.tar.xz fedb867c7f9cfb73adb153898d722b4e12f90bc0 164955 systemd_204-5ubuntu20.16.debian.tar.gz Checksums-Sha256: 81c6a82491c18187b9093242856953684505558b9a31d3800a04dc3df57cf3c3 3136 systemd_204-5ubuntu20.16.dsc 072c393503c7c1e55ca7acf3db659cbd28c7fe5fa94fab3db95360bafd96731b 2186264 systemd_204.orig.tar.xz 868ab59c5e58b2adb4717bf24f234e75af4865e9d152269498b256ab9d47b821 164955 systemd_204-5ubuntu20.16.debian.tar.gz Files: 26a09e11204c909609242a248e5a7fb2 3136 admin optional systemd_204-5ubuntu20.16.dsc a07619bb19f48164fbf0761d12fd39a8 2186264 admin optional systemd_204.orig.tar.xz 456dd3f3fbd0dd8f2203ac2d9a0052ba 164955 admin optional systemd_204-5ubuntu20.16.debian.tar.gz Original-Maintainer: Debian systemd Maintainers -- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-proposed] distro-info-data 0.18ubuntu0.4 (Accepted)
distro-info-data (0.18ubuntu0.4) trusty; urgency=medium * Copy data from 0.28 (LP: #1508759) - Update Ubuntu 15.10 release date. - Add Ubuntu 16.04, with a provisional release date. Date: Wed, 21 Oct 2015 20:11:45 -0700 Changed-By: Stefano RiveraMaintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/distro-info-data/0.18ubuntu0.4 Format: 1.8 Date: Wed, 21 Oct 2015 20:11:45 -0700 Source: distro-info-data Binary: distro-info-data Architecture: source Version: 0.18ubuntu0.4 Distribution: trusty Urgency: medium Maintainer: Ubuntu Developers Changed-By: Stefano Rivera Description: distro-info-data - information about the distributions' releases (data files) Launchpad-Bugs-Fixed: 1508759 Changes: distro-info-data (0.18ubuntu0.4) trusty; urgency=medium . * Copy data from 0.28 (LP: #1508759) - Update Ubuntu 15.10 release date. - Add Ubuntu 16.04, with a provisional release date. Checksums-Sha1: b98d30ef3d1b9aace23ffc588641e698410145fb 1397 distro-info-data_0.18ubuntu0.4.dsc a50c722f159b6cb4a5ad1e081ce6541d72178ede 6104 distro-info-data_0.18ubuntu0.4.tar.xz Checksums-Sha256: 58e8160876ca2777ba5ee23e682d68e27abb43550b8497af6fe8aad338f61a97 1397 distro-info-data_0.18ubuntu0.4.dsc 1991a5b1f851179798ba835e92590257ba7ea05b5c2184f2434365f8d4df6beb 6104 distro-info-data_0.18ubuntu0.4.tar.xz Files: 8ae2b8226ff31a309de39cc07bc539b9 1397 devel optional distro-info-data_0.18ubuntu0.4.dsc 239504cb503e925d22b2a05b742078a4 6104 devel optional distro-info-data_0.18ubuntu0.4.tar.xz Original-Maintainer: Benjamin Drung -- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes