Ubuntu Feisty Fawn archive upload notification list

Ubuntu Installer | 15 Oct 22:55

[ubuntu/feisty-security] cupsys_1.2.8-0ubuntu8.6_sparc_translations.tar.gz, cupsys_1.2.8-0ubuntu8.6_i386_translations.tar.gz, cupsys_1.2.8-0ubuntu8.6_ia64_translations.tar.gz, cupsys_1.2.8-0ubuntu8.6_powerpc_translations.tar.gz, cupsys, cupsys_1.2.8-0ubuntu8.6_amd64_translations.tar.gz 1.2.8-0ubuntu8.6 (Accepted)

cupsys (1.2.8-0ubuntu8.6) feisty-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/105_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to
      properly check for xsize. Taken from Debian patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/106_CVE-2008-3640.dpatch: adjust textcommon.c and
      texttops.c to check for too large or negative page metrics. Based on
      Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/107_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly
      check for an invalid number of pens. Also includes fix for regression in
      orginal upstream patch which changed the color mapping and an off-by-one
      loop error. Taken from Debian patch by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641

Date: Tue, 14 Oct 2008 14:02:18 -0500
Changed-By: Jamie Strandboge <jamie@...>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
https://launchpad.net/ubuntu/feisty/+source/cupsys/1.2.8-0ubuntu8.6

(Continue reading)

Ubuntu Installer | 15 Oct 18:55

[ubuntu/feisty-security] libspf2 1.2.5-4ubuntu3.1 (Accepted)

libspf2 (1.2.5-4ubuntu3.1) feisty-security; urgency=high

  * SECURITY UPDATE:
  * References CVE2008-2469
  * Add 50_dns_resolv_bufoverflow.dpatch to fix buffer overflows handling DNS
    responses. (LP: #271025)

Date: Wed, 15 Oct 2008 00:28:47 -0400
Changed-By: Scott Kitterman <scott@...>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
https://launchpad.net/ubuntu/feisty/+source/libspf2/1.2.5-4ubuntu3.1

Format: 1.7
Date: Wed, 15 Oct 2008 00:28:47 -0400
Source: libspf2
Binary: libspf2-2 libspf2-dev spfquery
Architecture: amd64 i386 ia64 powerpc source sparc
Version: 1.2.5-4ubuntu3.1
Distribution: feisty-security
Urgency: high
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
Changed-By: Scott Kitterman <scott@...>
Description:
 libspf2-2  - Sender Policy Framework library, written in C
 libspf2-dev - Header and development libraries for libspf2
 spfquery   - Sender Policy Framework library, written in C
Changes:
 libspf2 (1.2.5-4ubuntu3.1) feisty-security; urgency=high
 .

(Continue reading)

Ubuntu Installer | 15 Oct 03:55

[ubuntu/feisty-security] exiv2 0.12-0ubuntu2.1 (Accepted)

exiv2 (0.12-0ubuntu2.1) feisty-security; urgency=low

  * SECURITY UPDATE: crash with invalid EXIF lense information.
    - src/nikonmn.cpp: backported fix from upstream,
      http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1398&r2=1399
    - CVE-2008-2696
  * SECURITY UPDATE: crash with invalid EXIF headers.
    - src/exif.cpp: backported fix from upstream,
      http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/exif.cpp?r1=1231&r2=1346&pathrev=1346
    - CVE-2007-6353

Date: Tue, 14 Oct 2008 16:31:51 -0700
Changed-By: Kees Cook <kees@...>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
https://launchpad.net/ubuntu/feisty/+source/exiv2/0.12-0ubuntu2.1

Format: 1.7
Date: Tue, 14 Oct 2008 16:31:51 -0700
Source: exiv2
Binary: exiv2 libexiv2-0.12 libexiv2-dev libexiv2-doc
Architecture: all amd64 all i386 all ia64 all powerpc source all sparc
Version: 0.12-0ubuntu2.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
Changed-By: Kees Cook <kees@...>
Description:
 exiv2      - EXIF/IPTC metadata manipulation tool
 libexiv2-0.12 - EXIF/IPTC metadata manipulation library

(Continue reading)

Ubuntu Installer | 15 Oct 00:55

[ubuntu/feisty-security] libexif_0.6.13-5ubuntu0.3_ia64_translations.tar.gz, libexif_0.6.13-5ubuntu0.3_sparc_translations.tar.gz, libexif, libexif_0.6.13-5ubuntu0.3_i386_translations.tar.gz, libexif_0.6.13-5ubuntu0.3_powerpc_translations.tar.gz, libexif_0.6.13-5ubuntu0.3_amd64_translations.tar.gz 0.6.13-5ubuntu0.3 (Accepted)

libexif (0.6.13-5ubuntu0.3) feisty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via exif reading/writing.
    - libexif/exif-{loader,data}.c: upstream fixes, thanks to Nico Golde.
    - libexif/exif-data.c: upstream anti-crash fixes, thanks to Moritz
      Muehlenhoff.
    - CVE-2007-6351 CVE-2007-6352

Date: Tue, 14 Oct 2008 11:53:36 -0700
Changed-By: Kees Cook <kees@...>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
https://launchpad.net/ubuntu/feisty/+source/libexif/0.6.13-5ubuntu0.3

Format: 1.7
Date: Tue, 14 Oct 2008 11:53:36 -0700
Source: libexif
Binary: libexif-dev libexif12
Architecture: amd64_translations amd64 i386_translations i386 ia64_translations ia64
powerpc_translations powerpc source sparc_translations sparc
Version: 0.6.13-5ubuntu0.3
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
Changed-By: Kees Cook <kees@...>
Description:
 libexif-dev - library to parse EXIF files (development files)
 libexif12  - library to parse EXIF files
Changes:
 libexif (0.6.13-5ubuntu0.3) feisty-security; urgency=low

(Continue reading)

Ubuntu Installer | 14 Oct 18:55

[ubuntu/feisty-security] dbus 1.0.2-1ubuntu4.2 (Accepted)

dbus (1.0.2-1ubuntu4.2) feisty-security; urgency=low

  * SECURITY UPDATE: policy bypass with NULL interfaces.
    - Add 82-NULL-policy-bypass.patch: upstream fixes.
    - CVE-2008-0595
  * SECURITY UPDATE: application crash via corrupt signatures.
    - Add 83-signature-validation.patch: upstream fixes.
    - CVE-2008-3834

Date: Mon, 13 Oct 2008 19:48:09 -0700
Changed-By: Kees Cook <kees@...>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
https://launchpad.net/ubuntu/feisty/+source/dbus/1.0.2-1ubuntu4.2

Format: 1.7
Date: Mon, 13 Oct 2008 19:48:09 -0700
Source: dbus
Binary: dbus dbus-1-doc dbus-1-utils libdbus-1-3 libdbus-1-dev
Architecture: amd64 all i386 ia64 powerpc source sparc
Version: 1.0.2-1ubuntu4.2
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@...>
Changed-By: Kees Cook <kees@...>
Description:
 dbus       - simple interprocess messaging system
 dbus-1-utils - simple interprocess messaging system (utilities)
 libdbus-1-3 - simple interprocess messaging system
 libdbus-1-dev - simple interprocess messaging system (development headers)

(Continue reading)

Ubuntu Installer | 10 Oct 03:56

[ubuntu/feisty-security] ruby1.8 1.8.5-4ubuntu2.3 (Accepted)

ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low

  * SECURITY UPDATE: denial of service via resource exhaustion in the REXML
    module (LP: #261459)
    - debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and
      rexml/entity.rb to use expansion limits
    - CVE-2008-3790
  * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
    service (LP: #246818)
    - debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly
      check argument length
    - CVE-2008-2376
  * SECURITY UPDATE: denial of service via multiple long requests to a Ruby
    socket
    - debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby
      managed memory and check for allocation failures
    - CVE-2008-3443
  * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
    - debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to
      properly check paths ending with '.'
    - CVE-2008-3656
  * SECURITY UPDATE: predictable transaction id and source port for DNS
    requests (separate vulnerability from CVE-2008-1447)
    - debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use
      SecureRandom for transaction id and source port
    - CVE-2008-3905
  * SECURITY UPDATE: safe level bypass via DL.dlopen
    - debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and
      rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
      propogate taint and check taintness of DLPtrData

(Continue reading)

Martin Pitt | 7 Oct 12:02

[ubuntu/feisty-proposed] tzdata 2008g-0ubuntu0.7.04 (Accepted)

tzdata (2008g-0ubuntu0.7.04) feisty-proposed; urgency=low

  * New tzdata 2008g:
    - Updates DST rules for Argentinia (LP: #278419).
    - Other DST rule updates.
    - No time zone changes.

Date: Tue, 07 Oct 2008 11:54:57 +0200
Changed-By: Martin Pitt <martin.pitt@...>
https://edge.launchpad.net/ubuntu/feisty/+source/tzdata/2008g-0ubuntu0.7.04


Format: 1.8
Date: Tue, 07 Oct 2008 11:54:57 +0200
Source: tzdata
Binary: tzdata
Architecture: source
Version: 2008g-0ubuntu0.7.04
Distribution: feisty-proposed
Urgency: low
Maintainer: Martin Pitt <martin.pitt@...>
Changed-By: Martin Pitt <martin.pitt@...>
Description: 
 tzdata     - Time Zone and Daylight Saving Time Data
Launchpad-Bugs-Fixed: 278419
Changes: 
 tzdata (2008g-0ubuntu0.7.04) feisty-proposed; urgency=low
 .
   * New tzdata 2008g:

(Continue reading)

Ubuntu Installer | 6 Oct 23:55

[ubuntu/feisty-security] faad2 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1 (Accepted)

faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code via a
    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
  * 11_CVE-2008-4201.diff
    - Patch supplied by upstream modified slightly to patch cleanly
      and address vulnerability.
  * References
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
    http://www.audiocoding.com/patch/main_overflow.diff
    CVE-2008-4201

Date: Fri, 03 Oct 2008 10:55:41 +0200
Changed-By: Stefan Lesicnik <stefan@...>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
https://launchpad.net/ubuntu/feisty/+source/faad2/2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1

Format: 1.7
Date: Fri, 03 Oct 2008 10:55:41 +0200
Source: faad2
Binary: bmp-mp4 faad libfaad2-0 libfaad2-dev libmp4v2-0 libmp4v2-dev xmms-mp4
Architecture: amd64 i386 ia64 powerpc source sparc
Version: 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
Changed-By: Stefan Lesicnik <stefan@...>

(Continue reading)

Ubuntu Installer | 2 Oct 19:55

[ubuntu/feisty-security] cpio_2.6-17ubuntu0.7.04.1_sparc_translations.tar.gz, cpio_2.6-17ubuntu0.7.04.1_i386_translations.tar.gz, cpio_2.6-17ubuntu0.7.04.1_powerpc_translations.tar.gz, cpio, cpio_2.6-17ubuntu0.7.04.1_ia64_translations.tar.gz, cpio_2.6-17ubuntu0.7.04.1_amd64_translations.tar.gz 2.6-17ubuntu0.7.04.1 (Accepted)

cpio (2.6-17ubuntu0.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU
    cpio has unspecified attack vectors and impact, resulting in a "crashing
    stack."
  * src/copyin.c: patch copyin.c to correct an allocation weakness in
    safer_name_suffix() which could lead to a crash. Thanks to Stephan Hermann
  * References:
    CVE-2007-4476
    LP: #161173

Date: Mon, 29 Sep 2008 16:58:13 -0500
Changed-By: Jamie Strandboge <jamie@...>
Maintainer: Clint Adams <schizo@...>
https://launchpad.net/ubuntu/feisty/+source/cpio/2.6-17ubuntu0.7.04.1

Format: 1.7
Date: Mon, 29 Sep 2008 16:58:13 -0500
Source: cpio
Binary: cpio
Architecture: amd64_translations amd64 i386_translations i386 ia64_translations ia64
powerpc_translations powerpc source sparc_translations sparc
Version: 2.6-17ubuntu0.7.04.1
Distribution: feisty-security
Urgency: low
Maintainer: Clint Adams <schizo@...>
Changed-By: Jamie Strandboge <jamie@...>
Description:
 cpio       - GNU cpio -- a program to manage archives of files

(Continue reading)

Ubuntu Installer | 1 Oct 23:55

[ubuntu/feisty-security] openssh_4.3p2-8ubuntu1.5_sparc_translations.tar.gz, openssh, openssh_4.3p2-8ubuntu1.5_ia64_translations.tar.gz, openssh_4.3p2-8ubuntu1.5_i386_translations.tar.gz, openssh_4.3p2-8ubuntu1.5_powerpc_translations.tar.gz, openssh_4.3p2-8ubuntu1.5_amd64_translations.tar.gz 1:4.3p2-8ubuntu1.5 (Accepted)

openssh (1:4.3p2-8ubuntu1.5) feisty-security; urgency=low

  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

Date: Mon, 29 Sep 2008 11:20:12 -0700
Changed-By: Kees Cook <kees@...>
Maintainer: Colin Watson <cjwatson@...>
https://launchpad.net/ubuntu/feisty/+source/openssh/1:4.3p2-8ubuntu1.5

Format: 1.7
Date: Mon, 29 Sep 2008 11:20:12 -0700
Source: openssh
Binary: openssh-client openssh-client-udeb openssh-server openssh-server-udeb ssh
ssh-askpass-gnome ssh-krb5
Architecture: amd64_translations amd64 i386_translations i386 all ia64_translations ia64
powerpc_translations powerpc source sparc_translations sparc
Version: 1:4.3p2-8ubuntu1.5
Distribution: feisty-security
Urgency: low
Maintainer: Colin Watson <cjwatson@...>
Changed-By: Kees Cook <kees@...>
Description:
 openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - Secure shell client for the Debian installer (udeb)
 openssh-server - Secure shell server, an rshd replacement
 openssh-server-udeb - Secure shell server for the Debian installer (udeb)

(Continue reading)

Ubuntu Installer | 30 Sep 17:56

[ubuntu/feisty-security] vlc_0.8.6.release-0ubuntu4.2_i386_translations.tar.gz, vlc_0.8.6.release-0ubuntu4.2_amd64_translations.tar.gz, vlc, vlc_0.8.6.release-0ubuntu4.2_sparc_translations.tar.gz, vlc_0.8.6.release-0ubuntu4.2_ia64_translations.tar.gz, vlc_0.8.6.release-0ubuntu4.2_powerpc_translations.tar.gz 0.8.6.release-0ubuntu4.2 (Accepted)

vlc (0.8.6.release-0ubuntu4.2) feisty-security; urgency=low

  * SECURITY UPDATE: (LP: #207284)
   + debian/patches/031_CVE-2008-1489.diff
    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
      remote attackers to cause a denial of service (crash) and possibly
      execute arbitrary code via a crafted MP4 RDRF box that triggers a
      heap-based buffer overflow.

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

Date: Tue, 01 Apr 2008 02:58:30 +0200
Changed-By: Emanuele Gentili <emgent@...>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
https://launchpad.net/ubuntu/feisty/+source/vlc/0.8.6.release-0ubuntu4.2

Format: 1.7
Date: Tue, 01 Apr 2008 02:58:30 +0200
Source: vlc
Binary: libvlc0 libvlc0-dev mozilla-plugin-vlc vlc vlc-nox vlc-plugin-alsa vlc-plugin-arts
vlc-plugin-esd vlc-plugin-ggi vlc-plugin-glide vlc-plugin-sdl vlc-plugin-svgalib wxvlc
Architecture: amd64_translations amd64 i386_translations i386 all ia64_translations ia64
powerpc_translations powerpc source sparc_translations sparc
Version: 0.8.6.release-0ubuntu4.2
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>

(Continue reading)

Group

gmane.linux.ubuntu.devel.changes.feisty.

Project Web Page

Ubuntu Feisty Fawn archive upload notification list

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

May 2012

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[ubuntu/feisty-security] cupsys_1.2.8-0ubuntu8.6_sparc_translations.ta (15 Oct 22:55)
[ubuntu/feisty-security] libspf2 1.2.5-4ubuntu3.1 (Accepted) (15 Oct 18:55)
[ubuntu/feisty-security] exiv2 0.12-0ubuntu2.1 (Accepted) (15 Oct 03:55)
[ubuntu/feisty-security] libexif_0.6.13-5ubuntu0.3_ia64_translations.t (15 Oct 00:55)
[ubuntu/feisty-security] dbus 1.0.2-1ubuntu4.2 (Accepted) (14 Oct 18:55)
[ubuntu/feisty-security] ruby1.8 1.8.5-4ubuntu2.3 (Accepted) (10 Oct 03:56)
[ubuntu/feisty-proposed] tzdata 2008g-0ubuntu0.7.04 (Accepted) (7 Oct 12:02)
[ubuntu/feisty-security] faad2 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7. (6 Oct 23:55)
[ubuntu/feisty-security] cpio_2.6-17ubuntu0.7.04.1_sparc_translations. (2 Oct 19:55)
[ubuntu/feisty-security] openssh_4.3p2-8ubuntu1.5_sparc_translations.t (1 Oct 23:55)
[ubuntu/feisty-security] vlc_0.8.6.release-0ubuntu4.2_i386_translation (30 Sep 17:56)
[ubuntu/feisty-security] wordnet 1:2.1-4ubuntu0.1 (Accepted) (30 Sep 17:55)
[ubuntu/feisty-security] mozilla-thunderbird, mozilla-thunderbird_1.5. (26 Sep 01:55)
[ubuntu/feisty-security] firefox 2.0.0.17+0nobinonly-0ubuntu0.7.4 (Acc (24 Sep 03:58)
Accepted: rdesktop, rdesktop, rdesktop, rdesktop, rdesktop, rdesktop 1 (18 Sep 20:55)
Accepted: python-django, python-django, python-django_0.95.1-1ubuntu1. (16 Sep 19:55)
Accepted: libxml2, libxml2, libxml2, libxml2, libxml2, libxml2 2.6.27. (11 Sep 23:56)
Accepted: freetype, freetype, freetype, freetype, freetype, freetype 2 (11 Sep 23:55)
Accepted: ipsec-tools, ipsec-tools, ipsec-tools, ipsec-tools, ipsec-to (9 Sep 01:55)
Accepted: libxml2, libxml2, libxml2, libxml2, libxml2, libxml2 2.6.27. (3 Sep 23:55)
Accepted: tiff, tiff, tiff, tiff, tiff, tiff 3.8.2-6ubuntu1 (source, (2 Sep 20:55)

Archives

10	October 2008
11	September 2008
12	August 2008
16	July 2008
30	June 2008
25	May 2008
16	April 2008
33	March 2008
21	February 2008
32	January 2008
17	December 2007
15	November 2007
28	October 2007
35	September 2007
31	August 2007
30	July 2007
26	June 2007
42	May 2007
635	April 2007
1899	March 2007
1513	February 2007
1668	January 2007
1236	December 2006
1366	November 2006

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template