xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference. (LP: #701220)
- cve-2010-3702.dpatch: Patch
asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low
* SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
- debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
to the ast_uri_encode function is now properly respected in main/utils.c.
mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
- debian/mumble-server.postinst: Set permissions of mumble-server.ini to
0640 and the owner to root:mumble-server.
Date: Thu, 20 Jan 2011 12:56:28 +0100
eglibc (2.11.1-0ubuntu7.8) lucid-proposed; urgency=low
[ Matthias Klose ]
* Fix issue #12077, __strncmp_ssse3 can segfault when it over-reads
its buffer. LP: #702190.
[ Clint Byrum ]
* do not run 'telinit u' on upgrade, as this will break upstart.
touch /var/run/init.upgraded
upstart (0.6.5-8) lucid-proposed; urgency=low
* Re-add upstream r977 to allow proper re-exec on shutdown (LP: #672177)
* debian/control: adding Breaks on eglibc version that disables
telinit u to avoid accidentally installing a version of libc6 that
will cause upstart to re-exec and