[Bug 757526] Re: Updated fix for CVE-2010-1000
What about the startsWith('/') part? This suggests previous patch may
have failed to block absolute paths. Jamie, you seem to have some
reproducer available, can you check that?
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdenetwork in Ubuntu.
https://bugs.launchpad.net/bugs/757526
Title:
Updated fix for CVE-2010-1000
--
kubuntu-bugs mailing list
kubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 599439] Re: evince crashed with SIGSEGV in JPXStream::readTilePartData()
** Package changed: openjpeg (Ubuntu) = poppler (Ubuntu) -- evince crashed with SIGSEGV in JPXStream::readTilePartData() https://bugs.launchpad.net/bugs/599439 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 599439] Re: evince crashed with SIGSEGV in JPXStream::readTilePartData()
Guessing from: http://packages.ubuntu.com/lucid/libpoppler5 Ubuntu poppler packages don't seem to use openjpeg (yet?, as it's in universe). Attached file triggers different crash in non-openjpeg poppler too. openjpeg issues triggered by the file are detailed in: https://bugzilla.redhat.com/show_bug.cgi?id=579548#c5 https://bugzilla.redhat.com/show_bug.cgi?id=609385 ** Bug watch added: Red Hat Bugzilla #579548 https://bugzilla.redhat.com/show_bug.cgi?id=579548 ** Bug watch added: Red Hat Bugzilla #609385 https://bugzilla.redhat.com/show_bug.cgi?id=609385 -- evince crashed with SIGSEGV in JPXStream::readTilePartData() https://bugs.launchpad.net/bugs/599439 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 599439] Re: evince crashed with SIGSEGV in JPXStream::readTilePartData()
** Bug watch removed: Red Hat Bugzilla #579548 https://bugzilla.redhat.com/show_bug.cgi?id=579548 ** Bug watch removed: Red Hat Bugzilla #609385 https://bugzilla.redhat.com/show_bug.cgi?id=609385 -- evince crashed with SIGSEGV in JPXStream::readTilePartData() https://bugs.launchpad.net/bugs/599439 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 599454] Re: evince crashes in JBIG2Bitmap::getSlice
Upstream commit: http://cgit.freedesktop.org/poppler/poppler/commit/?id=16e15ac845 -- evince crashes in JBIG2Bitmap::getSlice https://bugs.launchpad.net/bugs/599454 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 599454] Re: evince crashes in JBIG2Bitmap::getSlice
Wrong guess ;). This is not a dupe of launchpad bug #537331 / fdo#28170. Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=28806 ** Bug watch added: freedesktop.org Bugzilla #28806 http://bugs.freedesktop.org/show_bug.cgi?id=28806 ** Bug watch removed: freedesktop.org Bugzilla #28170 http://bugs.freedesktop.org/show_bug.cgi?id=28170 ** Changed in: poppler (Ubuntu) Status: New = Confirmed -- evince crashes in JBIG2Bitmap::getSlice https://bugs.launchpad.net/bugs/599454 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 593067] Re: eog crashed with SIGSEGV in __memset_sse2()
** Changed in: tiff (Ubuntu) Status: New = Confirmed -- eog crashed with SIGSEGV in __memset_sse2() https://bugs.launchpad.net/bugs/593067 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 589145] Re: eog crashed with SIGSEGV in TIFFVGetField()
This is not really related to CVE-2010-2065, even tough fixes were committed at the same time. -- eog crashed with SIGSEGV in TIFFVGetField() https://bugs.launchpad.net/bugs/589145 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 537331] Re: evince crashed with SIGSEGV in __memset_sse2() when opening a PDF
Upstream bug is resolved, following commit was applied in upstream git: http://cgit.freedesktop.org/poppler/poppler/commit/?id=30ea3ab -- evince crashed with SIGSEGV in __memset_sse2() when opening a PDF https://bugs.launchpad.net/bugs/537331 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 537331] Re: evince crashed with SIGSEGV in __memset_sse2() when opening a PDF
** Package changed: evince (Ubuntu) = poppler (Ubuntu) -- evince crashed with SIGSEGV in __memset_sse2() when opening a PDF https://bugs.launchpad.net/bugs/537331 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 537331] Re: evince crashed with SIGSEGV in __memset_sse2() when opening a PDF
** Bug watch added: freedesktop.org Bugzilla #28170 http://bugs.freedesktop.org/show_bug.cgi?id=28170 ** Also affects: evince via http://bugs.freedesktop.org/show_bug.cgi?id=28170 Importance: Unknown Status: Unknown -- evince crashed with SIGSEGV in __memset_sse2() when opening a PDF https://bugs.launchpad.net/bugs/537331 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 546009] Re: Multiple memory corruption vulnerabilities in Ghostscript
dynamic_save() overflow in 2 should be: http://bugs.ghostscript.com/show_bug.cgi?id=690902 http://code.google.com/p/ghostscript/source/detail?r=10312 ** Bug watch added: Ghostscript (AFPL) Bugzilla #690902 http://bugs.ghostscript.com/show_bug.cgi?id=690902 -- Multiple memory corruption vulnerabilities in Ghostscript https://bugs.launchpad.net/bugs/546009 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 537331] Re: evince crashed with SIGSEGV in __memset_sse2() when opening a PDF
** Project changed: evince = poppler -- evince crashed with SIGSEGV in __memset_sse2() when opening a PDF https://bugs.launchpad.net/bugs/537331 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 157760] cvs: consider building with gssapi / krb5 support
Public bug reported: Binary package hint: cvs Please consider building cvs package with GSSAPI / krb5 support to make it possible to use :gserver: type repositories. It should be enough to move libkrb5-dev from Build-Conflicts to Build- Depends in debian/control and change --without-gssapi to --with-gssapi in debian/rules. This should not introduce new dependencies which are not usually satisfied on users' systems, as openssh already depends on Kerberos libraries. Procedure above yields working cvs with GSSAPI support both on Feisty and Gutsy. ** Affects: cvs (Ubuntu) Importance: Undecided Status: New -- cvs: consider building with gssapi / krb5 support https://bugs.launchpad.net/bugs/157760 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 58559] Fails to remove usplash rc.d symlink on removal
Public bug reported: When usplash is purged from system, symlinks in /etc/rcX.d/ are not removed. postinst scripts calls update-rc.d to install those symlinks, postrm, however, fails to call 'update-rc.d usplash remove' to remove them. Problem was identified on Dapper with usplash 0.2-4, current version in Edgy (0.4-15) seems to be affected too. ** Affects: usplash (Ubuntu) Importance: Untriaged Status: Unconfirmed -- Fails to remove usplash rc.d symlink on removal https://launchpad.net/bugs/58559 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 30536] Re: Missing dependency and a small typo
I've missed one other way to build ucspi-tcp: (fakeroot|sudo) apt-get source -b ucspi-tcp Sources are part of Ubuntu archive, binary *-src package is not, because it simply failed to build. -- Missing dependency and a small typo https://launchpad.net/bugs/30536 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 30536] Re: Missing dependency and a small typo
To be more specific, axfrdns needs tcpserver to listen for incomming connections (see run script in service directory) and tcprules to compile access rules for tcpserver (see Makefile in service directory). Package ucspi-tcp can be build from ucspi-tcp-src package available in Debian (http://packages.debian.org/ucspi-tcp-src). This package seems to have been (partially) imported to Ubuntu, but actual debs are not built from sources: http://packages.ubuntu.com/cgi- bin/search_packages.pl?version=allkeywords=ucspi- tcpsearchon=sourcenames Can anyone from Ubuntu infrastructure gurus check why? Same problem seems to affect qmail-src package. djbdns-installer builds djbdns package with same version as it has, so answer to Phil's question is 1.05-11. -- Missing dependency and a small typo https://launchpad.net/bugs/30536 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56836] Fails to remove vbesave rc.d symlink on removal
Public bug reported: When acpi-support package is purged, symlinks for vbesave are left in /etc/rcX.d directories. Postrm script should call 'update-rc.d vbesave remove' to remove symlinks installed in postinst. Problem was fixed in Raphael Hertzog's Debian version of package 0.84-1. Following postrm was added to sources: #!/bin/sh #DEBHELPER# if [ $1 = purge ] ; then update-rc.d vbesave remove /dev/null || exit $? fi ** Affects: acpi-support (Ubuntu) Importance: Untriaged Status: Unconfirmed -- Fails to remove vbesave rc.d symlink on removal https://launchpad.net/bugs/56836 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 45374] Re: Banner messages should be suppresed with -q switch on ifup and ifdown invocations
Problem was fixed in 3.0.4-5 (Debian) / 3.0.4-6ubuntu1 (Ubuntu). Latest version in Edgy is not affected. Problem was not fixed by using -q switch, but by redirecting also stderr to /dev/null, not just stdout. ** Changed in: dhcp3 (Ubuntu) Status: Unconfirmed = Confirmed -- Banner messages should be suppresed with -q switch on ifup and ifdown invocations https://launchpad.net/bugs/45374 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 55800] dhcp3-server: minor initscript update
Public bug reported: Attached patch implements following improvements to dhcp3-server init script: - use log_daemon_msg for consistent start / stop messages, which also look good when only Debian lsb logging functions are used - fix indentation inconsistencies - use only tabs for indenting, not spaces - incorporate patch proposed in Bug #54417 ** Affects: dhcp3 (Ubuntu) Importance: Untriaged Status: Unconfirmed -- dhcp3-server: minor initscript update https://launchpad.net/bugs/55800 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 55800] Re: dhcp3-server: minor initscript update
Attachment - patch against initscript in 3.0.4-6ubuntu4 -- dhcp3-server: minor initscript update https://launchpad.net/bugs/55800 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
