[Bug 729700] Re: SQL injections in DTC
Thomas, I went ahead and tweaked the format of the changelog and adjusted the maverick and lucid versions (as well as the release distro) to be more consistent with our style for security updates, and have pushed them to the respective security pockets. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 729700] Re: SQL injections in DTC
Bah, forgot to add the the launchpad bug number to the changelog; manually closing the tasks. ** Changed in: dtc (Ubuntu Lucid) Status: In Progress = Fix Released ** Changed in: dtc (Ubuntu Maverick) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 729700] Re: SQL injections in DTC
Thomas, thanks, I'll review and push these out. ** Changed in: dtc (Ubuntu Karmic) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: dtc (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: dtc (Ubuntu Maverick) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: dtc (Ubuntu Karmic) Status: Confirmed = In Progress ** Changed in: dtc (Ubuntu Lucid) Status: Confirmed = Triaged ** Changed in: dtc (Ubuntu Lucid) Status: Triaged = In Progress ** Changed in: dtc (Ubuntu Maverick) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 729700] Re: SQL injections in DTC
Karmic was fixed with the 0.29.17-1+lenny1build0.9.10.1 security-fake- sync. ** Changed in: dtc (Ubuntu Karmic) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 729700] Re: SQL injections in DTC
Hi, Patched versions have been made. Here's the details: Hardy: http://ftparchive.gplhost.com/pub/dtc/ubuntu-fixes/hardy/dtc_0.25.3-2ubuntu2.dsc karmic: http://ftp.debian.org/debian/pool/main/d/dtc/dtc_0.29.17-1+lenny1.dsc (directly from Debian) lucid: http://ftparchive.gplhost.com/pub/dtc/ubuntu-fixes/lucid/dtc_0.30.10-1+ubuntu1.dsc maverik: http://ftparchive.gplhost.com/pub/dtc/ubuntu-fixes/maverik/dtc_0.30.18-1+ubuntu1.dsc natty: http://ftp.debian.org/debian/pool/main/d/dtc/dtc_0.32.10-1.dsc (directly from Debian) While Natty has been updated, other flavors of Ubuntu shall also get an update ASAP. Thomas -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 729700] Re: SQL injections in DTC
[Updating] dtc (0.32.5-1 [Ubuntu] 0.32.10-1 [Debian]) * Trying to add dtc... 2011-03-11 16:55:06 INFO - dtc_0.32.10.orig.tar.gz: downloading from http://ftp.debian.org/debian/ 2011-03-11 16:55:10 INFO - dtc_0.32.10-1.diff.gz: downloading from http://ftp.debian.org/debian/ 2011-03-11 16:55:11 INFO - dtc_0.32.10-1.dsc: downloading from http://ftp.debian.org/debian/ I: dtc [universe] - dtc-common_0.32.5-1 [universe]. I: dtc [universe] - dtc-dos-firewall_0.32.5-1 [universe]. I: dtc [universe] - dtc-postfix-dovecot_0.32.5-1 [universe]. I: dtc [universe] - dtc-core_0.32.5-1 [universe]. I: dtc [universe] - dtc-cyrus_0.32.5-1 [universe]. I: dtc [universe] - dtc-postfix-courier_0.32.5-1 [universe]. I: dtc [universe] - dtc-stats-daemon_0.32.5-1 [universe]. I: dtc [universe] - dtc-toaster_0.32.5-1 [universe]. I: dtc [universe] - dtc-autodeploy_0.32.5-1 [universe]. ** Also affects: dtc (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: dtc (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: dtc (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: dtc (Ubuntu Natty) Importance: Medium Status: Confirmed ** Changed in: dtc (Ubuntu Lucid) Status: New = Confirmed ** Changed in: dtc (Ubuntu Maverick) Status: New = Confirmed ** Changed in: dtc (Ubuntu Karmic) Importance: Undecided = Medium ** Changed in: dtc (Ubuntu Lucid) Importance: Undecided = Medium ** Changed in: dtc (Ubuntu Karmic) Status: New = Confirmed ** Changed in: dtc (Ubuntu Maverick) Importance: Undecided = Medium ** Changed in: dtc (Ubuntu Natty) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 729700] Re: SQL injections in DTC
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0434 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0435 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0436 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0437 ** Changed in: dtc (Ubuntu) Status: New = Confirmed ** Changed in: dtc (Ubuntu) Importance: Undecided = Medium ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/729700 Title: SQL injections in DTC -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs