Dapper Changes

python-uncertainities 0.001-3.1ubuntu1.1

Luca Falavigna — Wed, 13 Feb 2008 17:50:44 +0000

python-uncertainities (0.001-3.1ubuntu1.1)

SRU for LP: #55706, list of changes:
- debian/{dirs,rules}: move to python2.4 to avoid errors during postinst phase.

vmware-player-kernel-2.6.15, 2.6.15.11-14

Ubuntu Installer — Thu, 14 Feb 2008 00:33:39 +0000

vmware-player-kernel-2.6.15 (2.6.15.11-14)

Rebuild against new ABI (51)

linux-source-2.6.15, 2.6.15-51.66

Ubuntu Installer — Thu, 14 Feb 2008 00:54:32 +0000

linux-source-2.6.15 (2.6.15-51.66)

Copy lds linker file (ia64) to headers package.

linux-backports-modules-2.6.15, 2.6.15-51.9

Ubuntu Installer — Thu, 14 Feb 2008 00:54:35 +0000

linux-backports-modules-2.6.15 (2.6.15-51.9)

Add hppa gcc dependency to fix FTBS.

linux-restricted-modules-2.6.15, 2.6.15.12-51.2

Ubuntu Installer — Thu, 14 Feb 2008 00:54:40 +0000

linux-restricted-modules-2.6.15 (2.6.15.12-51.2)

Security update

clamav, 0.92~dfsg-2~dapper1ubuntu0.1

Ubuntu Installer — Thu, 14 Feb 2008 00:54:56 +0000

clamav (0.92~dfsg-2~dapper1ubuntu0.1)

SECURITY UPDATE: possible integer overflow and tempfile symlink
- vulnerability
Added : 27_others.c.CVE-2007-6595.dpatch Fixes Tempfile symlink
- vulnerability
Added 26_pe.c.CVE-2008-0318.dpatch: Fixes posible integer overflow
References CVE-2007-6595 CVE-2008-0318 (LP: 191150)

update-manager-core 0.56~dapper4

Michael Vogt — Fri, 15 Feb 2008 09:41:46 +0000

update-manager-core (0.56~dapper4)

fix bug when meta-release file was already on disk and wouldn't be reread (thanks to the forum for investigating)

libcdio, 0.76-1ubuntu1.6.06.1

Ubuntu Installer — Wed, 20 Feb 2008 14:55:42 +0000

libcdio (0.76-1ubuntu1.6.06.1)

SECURITY UPDATE:
- CVE-2007-6613: a stack-based buffer overflow in the print_iso9660_recurse function could lead to cause a denial of service or arbitrary code execution if the iso-info tool is used with a crafted iso image (LP: #191216)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129

pcre3, 7.4-0ubuntu0.6.06.2

Ubuntu Installer — Thu, 21 Feb 2008 18:55:26 +0000

pcre3 (7.4-0ubuntu0.6.06.2)

SECURITY UPDATE: stack overflow when handling long UTF8 strings.
pcre_compile.c, testdata/test{in,out}put4: upstream changes from 7.6 backported, thanks to Tomas Hoger and Florian Weimer.
References CVE-2008-0674

cacti, 0.8.6h-1ubuntu3.2

Ubuntu Installer — Fri, 22 Feb 2008 02:55:15 +0000

cacti (0.8.6h-1ubuntu3.2)

SECURITY UPDATE: (LP: #192199)
- CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login.
- CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
debian/patches/10_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. Backported from 0.8.6j (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch)
References: CVE-2008-0783 CVE-2008-0784

lighttpd, 1.4.11-3ubuntu3.6

Ubuntu Installer — Wed, 27 Feb 2008 14:55:20 +0000

lighttpd (1.4.11-3ubuntu3.6)

SECURITY UPDATE:
- debian/patches/90_maxfds_crash_fix.dpatch:
  - added patch from upstream to fix the maxfds issue (LP: #195380)
References
- http://trac.lighttpd.net/trac/ticket/1562

lookup-el,lookup-el 1.4-4ubuntu0.6.06

Ubuntu Installer — Wed, 27 Feb 2008 14:56:07 +0000

lookup-el (1.4-4ubuntu0.6.06)

SECURITY UPDATE:
- lisp/ndeb-binary.el: Make a temporary subdirectory securely. (LP: #176931)
References
- http://www.debian.org/security/2007/dsa-1269
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0237

mozilla-thunderbird, 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0

Ubuntu Installer — Fri, 29 Feb 2008 04:55:44 +0000

gnatsweb,gnatsweb 4.00-1ubuntu0.6.06

Ubuntu Installer — Tue, 04 Mar 2008 18:55:14 +0000

gnatsweb (4.00-1ubuntu0.6.06)

SECURITY UPDATE:
gnatsweb.pl (LP: #191196)
- Fixed missing escaping of the database parameter which leads to a cross-site scripting vulnerability (XSS) via this parameter (CVE-2007-2808).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156

evolution, 2.6.1-0ubuntu7.2

Ubuntu Installer — Wed, 05 Mar 2008 18:56:59 +0000

evolution (2.6.1-0ubuntu7.2)

SECURITY UPDATE: code execution via format string in encrypted emails.
Add 99_00_encryption_format_string_fix.patch: upstream fixes from Srinivasa Ragavan.
References CVE-2008-0072

openldap2.2, 2.2.26-5ubuntu2.6

Ubuntu Installer — Wed, 05 Mar 2008 20:55:22 +0000

openldap2.2 (2.2.26-5ubuntu2.6)

version bump for -proposed version conflict

openldap2.2 (2.2.26-5ubuntu2.5)

SECURITY UPDATE: slapd crash when using the bdb backend and processing crafted modify and modrdn requests
patch to back-bdb/add.c, back-bdb/ctxcsn.c, back-bdb/delete.c, back-bdb/modify.c, back-bdb/modrdn.c to properly check for NOOP option
References: CVE-2007-6698 CVE-2008-0658 LP: #197077

langpack-locales 2.3.18.9

Martin Pitt — Thu, 06 Mar 2008 10:36:45 +0000

langpack-locales (2.3.18.9)

debian/tzdata2007k+chiledst.tar.gz: Update original 2007k tarball to incorporate short-term DST rule change in Chile for 2008 (delayed for three weeks from March 08 to March 29). (LP: #198129)

mozilla-thunderbird, 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1

Ubuntu Installer — Thu, 06 Mar 2008 14:56:00 +0000

mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1)

fix memory access regression (LP: #197504)
- add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
- update debian/patches/00list

lighttpd, 1.4.11-3ubuntu3.7

Ubuntu Installer — Fri, 07 Mar 2008 18:55:27 +0000

lighttpd (1.4.11-3ubuntu3.7)

SECURITY UPDATE:
debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731)
References
http://trac.lighttpd.net/trac/changeset/2107
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

python2.4, 2.4.3-0ubuntu6.1

Ubuntu Installer — Mon, 10 Mar 2008 21:55:30 +0000

python2.4 (2.4.3-0ubuntu6.1)

SECURITY UPDATE: code execution via integer overflows, information leak via strxfrm.
debian/rules, debian/patches/CVE-2007-4965-int-overflow.dpatch: upstream changes, thanks to Stephan Hermann.
debian/rules, debian/patches/strxfrm-leak.dpatch: upstream changes.
References http://bugs.python.org/file8592/python-2.5.CVE-2007-4965-int-overflow.patch CVE-2007-4965 CVE-2007-2052

lighttpd, 1.4.11-3ubuntu3.8

Ubuntu Installer — Tue, 11 Mar 2008 19:55:17 +0000

lighttpd (1.4.11-3ubuntu3.8)

SECURITY UPDATE: (LP: #200987)
debian/patches/91_CVE-2008-1270.dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
References
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
http://trac.lighttpd.net/trac/ticket/1587
http://trac.lighttpd.net/trac/changeset/2120

mysql-dfsg-5.0 5.0.22-0ubuntu6.06.7

Jamie Strandboge — Wed, 12 Mar 2008 08:15:37 +0000

mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.7)

SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). Note that while this patch is included, mysql on Ubuntu 6.06 is not compiled with yassl enabled.
SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements
debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream bug #21080, which was needed to keep VIEW definitions in sync.
SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table
debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
debian/patches/102_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing
SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines
debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. This patch also fixes upstream bug #18681, which was needed to properly check view security.
References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2006-7232 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 http://bugs.mysql.com/bug.php?id=18681 http://bugs.mysql.com/bug.php?id=21080

langpack-locales 2.3.18.10

Martin Pitt — Wed, 12 Mar 2008 09:30:59 +0000

langpack-locales (2.3.18.10)

Replace debian/tzdata2007k+chiledst.tar.gz with new upstream version tzdata2008a.tar.gz: Fixes Chile DST properly, our patch switched it on a day too early. (LP: #198129)

vlc, 0.8.4.debian-1ubuntu6.2

Ubuntu Installer — Wed, 12 Mar 2008 17:55:49 +0000

vlc (0.8.4.debian-1ubuntu6.2)

SECURITY UPDATE:
- debian/patches/CVE-2008-0984.dpatch (LP: #195949)
- VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
  - suffers from an arbitrary memory overwrite vulnerability when using
  - crash the player instance.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
- http://www.videolan.org/security/sa0802.html

mailman, 2.1.5-9ubuntu4.2

Ubuntu Installer — Fri, 14 Mar 2008 18:55:23 +0000

mailman (2.1.5-9ubuntu4.2)

SECURITY UPDATE:
debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
- Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
http://bugs.gentoo.org/show_bug.cgi?id=208710

phpmyadmin, 4:2.8.0.3-1ubuntu0.1

Ubuntu Installer — Fri, 14 Mar 2008 20:55:16 +0000

phpmyadmin (4:2.8.0.3-1ubuntu0.1)

SECURITY UPDATE:
debian/patches/050_CVE-2008-1149.patch
- Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service. (LP: #198745)
References:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

wml, 2.0.8-11ubuntu0.6.06

Ubuntu Installer — Fri, 14 Mar 2008 20:55:58 +0000

wml (2.0.8-11ubuntu0.6.06)

SECURITY UPDATE: (LP: #191205)
wml_backend/p1_ipp/ipp.src (CVE-2008-0665)
- in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666)
- Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907

krb5, 1.4.3-5ubuntu0.7

Ubuntu Installer — Tue, 18 Mar 2008 23:55:43 +0000

krb5 (1.4.3-5ubuntu0.7)

SECURITY UPDATE: arbitrary code execution via freed pointer and memory overflows.
src/kdc/{kerberos_v4,dispatch,network}.c: backported upstream fixes patched inline (MITKRB5-SA-2008-001: CVE-2008-0062, CVE-2008-0063).
src/lib/rpc/{svc,svc_tcp}.c: upstream fixed patched inline (MITKRB5-SA-2008-002: CVE-2008-0947)

mysql-dfsg-5.0, 5.0.22-0ubuntu6.06.8

Ubuntu Installer — Thu, 20 Mar 2008 10:55:53 +0000

mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.8)

no change build for -security upload

mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.7)

SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). Note that while this patch is included, mysql on Ubuntu 6.06 is not compiled with yassl enabled.
SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements
debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream bug #21080, which was needed to keep VIEW definitions in sync.
SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table
debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
debian/patches/102_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing
SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines
debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. This patch also fixes upstream bug #18681, which was needed to properly check view security.
References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2006-7232 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 http://bugs.mysql.com/bug.php?id=18681 http://bugs.mysql.com/bug.php?id=21080

unzip, 5.52-6ubuntu4.1

Ubuntu Installer — Thu, 20 Mar 2008 17:55:27 +0000

unzip (5.52-6ubuntu4.1)

SECURITY UPDATE: arbitrary code execution via heap corruption.
inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
References CVE-2008-0888

smarty,smarty 2.6.11-1ubuntu0.1

Ubuntu Installer — Mon, 24 Mar 2008 12:55:29 +0000

smarty (2.6.11-1ubuntu0.1)

SECURITY UPDATE: (LP: #202422)
libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492

mplayer, 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2

Ubuntu Installer — Mon, 24 Mar 2008 15:55:44 +0000

mplayer (2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2)

SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, and URL parser. (LP: #191488)
debian/patches/{64_CVE-2008-0225_0238,65_CVE-2008-0485,66_CVE-2008-0629, 67_CVE-2008-0630}.dpatch: Patches from upstream.
References:
- CVE-2008-0225
- CVE-2008-0238
- CVE-2008-0485
- CVE-2008-0629
- CVE-2008-0630

bzip2, 1.0.3-0ubuntu2.1

Ubuntu Installer — Mon, 24 Mar 2008 17:55:23 +0000

bzip2 (1.0.3-0ubuntu2.1)

SECURITY UPDATE: denial of service via heap memory corruption.
bzlib.c, bzlib_private.h: upstream patch from 1.0.5 applied inline.
References CVE-2008-1372

icu, 3.4.1a-1ubuntu1.6.06.1

Ubuntu Installer — Mon, 24 Mar 2008 17:56:37 +0000

icu (3.4.1a-1ubuntu1.6.06.1)

SECURITY UPDATE: possible read from and write to out of bounds memory locations via back reference '\0' in regular expressions
SECURITY UPDATE: denial of service due to memory exhaustion via a crafted regular expression
debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to return error on invalid back reference. fix rematch.cpp, uvectr32.h and uvectr32.cpp to return error when capacity is greater than maxCapacity
References CVE-2007-4770 CVE-2007-4771

dspam, 3.6.4-4ubuntu0.1

Ubuntu Installer — Wed, 26 Mar 2008 03:55:42 +0000

dspam (3.6.4-4ubuntu0.1)

SECURITY UPDATE: The libdspam7-drv-mysql cron job includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
debian/libdspam7-drv-mysql.cron.daily: applied patch from Debian to use a password file instead.
References
- LP: #195691
- CVE-2007-6418

firefox, 1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1

Ubuntu Installer — Wed, 26 Mar 2008 12:59:28 +0000

firefox (1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1)

release backports for security issues disclosed in 2.0.0.13
- see USN-592-1
patches on top of 1.8.0 branch cvs checkout are in patches/series
fix greasemonkey regression (bmo 417617) introduced by bmo 403168
- add patches/417617_attachment_306518.patch (in orig sources)
- update and apply patches/series (in orig sources)

libnet-dns-perl, 0.53-2ubuntu1.1

Ubuntu Installer — Wed, 26 Mar 2008 17:56:10 +0000

libnet-dns-perl (0.53-2ubuntu1.1)

SECURITY UPDATE:
debian/patches/42_CVE-2007-6341.dpatch (LP: #201454)
- used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6341
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457445

sdl-image1.2, 1.2.4-1ubuntu0.1

Ubuntu Installer — Wed, 26 Mar 2008 18:55:24 +0000

sdl-image1.2 (1.2.4-1ubuntu0.1)

SECURITY UPDATE: Buffer overflow in GIF handling; possible denial of service and arbitrary code execution.
SECURITY UPDATE: Buffer overflow in IFF ILBM handling; possible denial of service and arbitrary code execution.
Added patches to prevent buffer overflow in IMG_gif.c and IMG_lbm.c. Patches prepared from sdl-image1.2_1.2.5-2etch1 update in debian. Applied inline. (LP: #185782)
References: http://www.debian.org/security/2008/dsa-1493 CVE-2007-6697 and CVE-2008-0544

ruby1.8, 1.8.4-1ubuntu1.4

Ubuntu Installer — Wed, 26 Mar 2008 18:56:13 +0000

ruby1.8 (1.8.4-1ubuntu1.4)

SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed.
debian/patches/915_CVE-2007-5162.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
debian/patches/915_CVE-2007-5770.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
References: CVE-2007-5162 CVE-2007-5770 (LP: #149616)

dovecot, 1.0.beta3-3ubuntu5.6

Ubuntu Installer — Wed, 26 Mar 2008 17:55:40 +0000

dovecot (1.0.beta3-3ubuntu5.6)

SECURITY UPDATE: mailboxes of other users could be read via symlinks.
Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes to avoid future issues in underlying passdb (CVE-2008-1218).
References http://dovecot.org/list/dovecot-news/2008-March/000060.html http://dovecot.org/list/dovecot-news/2008-March/000064.html

horde3, 3.1.1-1ubuntu0.1

Ubuntu Installer — Thu, 27 Mar 2008 16:55:21 +0000

horde3 (3.1.1-1ubuntu0.1)

SECURITY UPDATE: (LP: #203456)
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
- and Groupware Webmail Edition before 1.0.6, when running with certain
- configurations, allows remote authenticated users to read and execute arbitrary
- files via ".." sequences and a null byte in the theme name.
- Fix directory traversal vulnerability in Registry.php which allows
- an attacker to read and execute arbitrary local files via crafted
- path sequences.
References
http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
http://www.debian.org/security/2008/dsa-1519

dspam, 3.6.4-4ubuntu0.2

Ubuntu Installer — Fri, 28 Mar 2008 00:55:21 +0000

dspam (3.6.4-4ubuntu0.2)

debian/libdspam7-drv-mysql.cron.daily: Fix bashism introduced in previous security update (s/echo -e/printf/) (LP: #207579)

sun-java5 1.5.0-15-0ubuntu0.6.06

Matthias Klose — Fri, 28 Mar 2008 08:15:31 +0000

sun-java5 (1.5.0-15-0ubuntu0.6.06)

New upstream bug fix release. For a list of changes see http://java.sun.com/j2se/1.5.0/ReleaseNotes.html.
Install icons in /usr/share/pixmaps.
Install all desktop files in /usr/share/applications.

openssh, 1:4.2p1-7ubuntu3.3

Ubuntu Installer — Tue, 01 Apr 2008 22:55:30 +0000

openssh (1:4.2p1-7ubuntu3.3)

SECURITY UPDATE: X11 forward hijacking via alternate address families.
channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel (LP: #210175).
References CVE-2008-1483

mysql-dfsg-5.0, 5.0.22-0ubuntu6.06.9

Ubuntu Installer — Wed, 02 Apr 2008 19:56:02 +0000

mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.9)

Fix for upstream bug #20482: Creation of a view as a join of views or tables could fail if the views or tables are in different databases. This bug was introduced in the update for CVE-2007-2692, which had more restrictive privilege checks. (LP: #209699)

cupsys, 1.2.2-0ubuntu0.6.06.8

Ubuntu Installer — Wed, 02 Apr 2008 21:55:36 +0000

cupsys (1.2.2-0ubuntu0.6.06.8)

debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch.
debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters
debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size
References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656

ca-certificates 20050804-0ubuntu0.6.06

James Westby — Fri, 04 Apr 2008 11:44:08 +0000

ca-certificates (20050804-0ubuntu0.6.06)

Fix up generation of the /etc/ssl/certs/ca-certificates.crt file for those users who installed the package in a pt_BR locale (LP: #153625). A mistake in the translation template meant that the choices were not available in this locale, and so the file was always empty.
- If you were affected and have not tried to reconfigure this package, then the problem should be corrected for you automatically.
- If you were affected and have tried to reconfigure the package you may be shown a debconf question to allow you to select the certificates that you want.
- The only users who were not affected by this bug but may be affected by this fix are those who installed in a different locale, and then reconfigured the package so that no certificates are trusted, and who now run in a pt_BR locale. They will have to deselect all of the certificates again.

cacti, 0.8.6h-1ubuntu3.3

Ubuntu Installer — Sat, 05 Apr 2008 13:55:21 +0000

cacti (0.8.6h-1ubuntu3.3)

debian/patches/10_CVE-2008-0783_CVE-2008-0784_regression.dpatch: fix 'Invalid PHP_SELF Path' regression (LP: #194687)

opera 9.27-20080331.6dapper1

Brian Thomason — Mon, 07 Apr 2008 21:20:23 +0000

opera (9.27-20080331.6dapper1)

New upstream release
See http://www.opera.com/docs/changelogs/ for details

update-manager-core 0.56~dapper5

Michael Vogt — Tue, 08 Apr 2008 09:36:19 +0000

update-manager-core (0.56~dapper5)

fix fetch problem when a meta-release file already got downloaded (LP: #211978)

gs-esp, 8.15.2.dfsg.0ubuntu1-0ubuntu1.1

Ubuntu Installer — Wed, 09 Apr 2008 18:55:58 +0000

gs-esp (8.15.2.dfsg.0ubuntu1-0ubuntu1.1)

SECURITY UPDATE: buffer overflow in color space handling code
debian/patches/05_CVE-2008-0411.dpatch: fix zseticcspace() to perform range checks
References CVE-2008-0411

gs-gpl, 8.15-4ubuntu3.1

Ubuntu Installer — Wed, 09 Apr 2008 18:56:40 +0000

gs-gpl (8.15-4ubuntu3.1)

SECURITY UPDATE: buffer overflow in color space handling code
debian/patches/23_CVE-2008-0411.dpatch: fix zseticcspace() to perform range checks
References CVE-2008-0411

squid, 2.5.12-4ubuntu2.4

Ubuntu Installer — Mon, 14 Apr 2008 14:55:33 +0000

squid (2.5.12-4ubuntu2.4)

SECURITY UPDATE: off by one assertion could cause a denial of service
debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in lib/Array.c to properly check a->capacity

mysql-dfsg-5.0 5.0.22-0ubuntu6.06.10

Jamie Strandboge — Wed, 16 Apr 2008 10:58:32 +0000

mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.10)

RELIABILITY UPDATE: fix for upstream bug #20908
debian/patches/105_upstream_20908.dpatch: fix MYSQLlex() in sql_lex.cc to ABORT_SYM on zero-length variable names
References LP: #217772 http://bugs.mysql.com/bug.php?id=20908

poppler, 0.5.1-0ubuntu7.4

Ubuntu Installer — Thu, 17 Apr 2008 15:55:24 +0000

poppler (0.5.1-0ubuntu7.4)

SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger type-checking added.
References CVE-2008-1693

koffice, 1:1.5.0-0ubuntu9.4

Ubuntu Installer — Thu, 17 Apr 2008 15:58:30 +0000

koffice (1:1.5.0-0ubuntu9.4)

SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
debian/patches/40_pdf2-embedded-font-fixes.diff: stronger type-checking added.
References CVE-2008-1693

gnumeric, 1.6.3-0ubuntu4.1

Ubuntu Installer — Tue, 22 Apr 2008 00:55:25 +0000

gnumeric (1.6.3-0ubuntu4.1)

SECURITY UPDATE: arbitrary code execution via integer overflow in Excel spreadsheet HLINK processing.
plugins/excel/ms-excel-read.c: backported upstream fixes thanks to Debian, with an additional bugfix.
References CVE-2008-0668

firefox, 1.5.dfsg+1.5.0.15~prepatch080417a-0ubuntu1

Ubuntu Installer — Tue, 22 Apr 2008 00:59:28 +0000

firefox (1.5.dfsg+1.5.0.15~prepatch080417a-0ubuntu1)

release backports for security issues disclosed in 2.0.0.14
- see USN-602-1
patches on top of 1.8.0 branch cvs checkout (17 apr 08) are in patches/series

ca-certificates 20050804-0ubuntu0.6.06.1

James Westby — Thu, 24 Apr 2008 09:53:13 +0000

ca-certificates (20050804-0ubuntu0.6.06.1)

Fix up generation of the /etc/ssl/certs/ca-certificates.crt file for those users who installed the package in a pt_BR locale (LP: #153625). A mistake in the translation template meant that the choices were not available in this locale, and so the file was always empty.
- If you were affected and have not tried to reconfigure this package, then the problem should be corrected for you automatically.
- If you were affected and have tried to reconfigure the package you may be shown a debconf question to allow you to select the certificates that you want.
- The only users who were not affected by this bug but may be affected by this fix are those who installed in a different locale, and then reconfigured the package so that no certificates are trusted, and who now run in a pt_BR locale. They will have to deselect all of the certificates again.
In addition to the previous version this version prevents the question being asked multiple times for those who appear to have been hit by this issue.

xorg-server 1:1.0.2-0ubuntu10.11

Timo Aaltonen — Thu, 24 Apr 2008 13:18:16 +0000

xorg-server (1:1.0.2-0ubuntu10.11)

xkb-and-loathing.dpatch: Ignore SIGALRM around calls to Popen()/Pclose() to fix a hang when opening menus in OpenOffice.org. (LP: #113679)

cupsys, 1.2.2-0ubuntu0.6.06.9

Ubuntu Installer — Mon, 05 May 2008 11:55:32 +0000

cupsys (1.2.2-0ubuntu0.6.06.9)

SECURITY UPDATE: Denial of service and possibly arbitrary code execution
debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in filter/image-png.c. Taken from Debian SVN Head.
References CVE-2008-1722 LP: #219491 http://www.cups.org/str.php?L2790

mozilla-thunderbird, 1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1

Ubuntu Installer — Mon, 05 May 2008 11:56:51 +0000

mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1)

RELEASE security/stability backports for tbird 1.5 as of 2.0.0.14 (USN-605-1)
- http://people.ubuntu.com/~asac/mozilla-security/1.8.1.14/moz_1.8.0.15prepatches080417a.tar.gz
drop patches applied upstream from debian/patches
- 0071_279505-attachment-297724-fix-396613-regression.dpatch

xemacs21, 21.4.18-1ubuntu1.1

Ubuntu Installer — Mon, 05 May 2008 17:56:19 +0000

xemacs21 (21.4.18-1ubuntu1.1)

SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/21_vcdiff-tmp-race.dpatch: update lib-src/vcdiff to use mktemp
References CVE-2008-1694

emacs21, 21.4a-3ubuntu2.2

Ubuntu Installer — Mon, 05 May 2008 17:58:31 +0000

emacs21 (21.4a-3ubuntu2.2)

SECURITY UPDATE: buffer overflow in format function
debian/patches/fix-format-overflow.dpatch: fix src/editfns.c to account for precision in integer formatting (LP: #174177)
SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/vcdiff-tmp-race.dpatch: update lib-src/vcdiff to use mktemp
References CVE-2007-6109 CVE-2008-1694

clamav, 0.92~dfsg-2~dapper1ubuntu0.2

Ubuntu Installer — Mon, 05 May 2008 18:56:11 +0000

clamav (0.92~dfsg-2~dapper1ubuntu0.2)

SECURITY UPDATE: Possible heap corruption
Added 28_mew.c.CVE-2008-0728.dpatch
References: CVE-2008-0728 ( LP: #213500 )

openldap2.2 2.2.26-5ubuntu2.7

Mathias Gug — Tue, 06 May 2008 07:57:14 +0000

openldap2.2 (2.2.26-5ubuntu2.7)

The config scripts are run twice, this causes the password in slapd/internal/adminpw to be empty. This fixes the issue with having an empty password in the ldap database. Fixes: LP #66925.

cyrus-sasl2 2.1.19.dfsg1-0.1ubuntu3

Andrew Pollock — Tue, 06 May 2008 11:00:47 +0000

cyrus-sasl2 (2.1.19.dfsg1-0.1ubuntu3)

debian/rules: configure with --with-devrandom=/dev/urandom to avoid hanging/blocking applications when entropy is exhausted. (LP: #225333)

hsqldb, 1.8.0.2-1ubuntu1.1

Ubuntu Installer — Tue, 06 May 2008 21:55:10 +0000

hsqldb (1.8.0.2-1ubuntu1.1)

SECURITY UPDATE: arbitrary Java methods via SQL.
Add debian/patches/90_method-whitelist.patch: upstream changes backported.
References CVE-2007-4575

openoffice.org-amd64, 2.0.2-2ubuntu12.6-1

Ubuntu Installer — Tue, 06 May 2008 21:56:01 +0000

openoffice.org-amd64 (2.0.2-2ubuntu12.6-1)

Chris Cheney
ooo-build/patches/src680/workspace.fwk82.diff, ooo-build/patches/src680/workspace.sjfixes03.diff: fix CVE-2007-5745, CVE-2007-5746,CVE-2007-5747 and CVE-2008-0320
ooo-build/patches/src680/cws-jl85.diff: fix XML signing problem where the document can be manipulated so that the signature dialog display a false issuer
Kees Cook
ooo-build/patches/src680/workspace.hsql1808.diff: upstream fixes backported for HSQLDB Java method calling (CVE-2007-4575).

openoffice.org, 2.0.2-2ubuntu12.6

Ubuntu Installer — Tue, 06 May 2008 21:57:49 +0000

openoffice.org (2.0.2-2ubuntu12.6)

Chris Cheney
ooo-build/patches/src680/workspace.fwk82.diff, ooo-build/patches/src680/workspace.sjfixes03.diff: fix CVE-2007-5745, CVE-2007-5746,CVE-2007-5747 and CVE-2008-0320
ooo-build/patches/src680/cws-jl85.diff: fix XML signing problem where the document can be manipulated so that the signature dialog display a false issuer
Kees Cook
ooo-build/patches/src680/workspace.hsql1808.diff: upstream fixes backported for HSQLDB Java method calling (CVE-2007-4575).

ltsp, 0.87.1

Ubuntu Installer — Tue, 06 May 2008 22:55:28 +0000

ltsp (0.87.1)

fix CVE-2008-1293 (LP: #227295) that made unauthenticated access to the local X server on the client possible.

gzip 1.3.5-12ubuntu0.2

Martin Pitt — Wed, 07 May 2008 06:52:16 +0000

gzip (1.3.5-12ubuntu0.2)

gzip.c: Remove the input file after successfully closing the output file. Before, copy_stat() removed the output file already, and close() was called afterwards. However, close() can fail on network file systems, and thus you would previously end up with a deleted input file and no output file. Patch backported from version 1.3.12-1 (applied in Edgy and later). (LP: #69510)

speex, 1.1.11.1-1ubuntu0.3

Ubuntu Installer — Thu, 08 May 2008 17:55:16 +0000

speex (1.1.11.1-1ubuntu0.3)

SECURITY UPDATE: array index vulnerability (LP: #218652)
fix for libspeex/speex_header.c to properly validate its input
References CVE-2008-1686

vorbis-tools, 1.1.1-3ubuntu0.1

Ubuntu Installer — Thu, 08 May 2008 19:55:18 +0000

vorbis-tools (1.1.1-3ubuntu0.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input
References CVE-2008-1686

gst-plugins-good0.10, 0.10.3-0ubuntu4.1

Ubuntu Installer — Thu, 08 May 2008 20:55:25 +0000

gst-plugins-good0.10 (0.10.3-0ubuntu4.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
debian/patches/09_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input
References CVE-2008-1686