Feisty Changes

flashplugin-nonfree 9.0.48.0.0ubuntu1~7.04.3

Jonathan Riddell — Thu, 07 Feb 2008 18:05:51 +0000

flashplugin-nonfree (9.0.48.0.0ubuntu1~7.04.3)

Update debian/config with new md5sums, stops install error when the old tar is still on the hard disk, LP: #173890

firefox, 2.0.0.12+1nobinonly+2-0ubuntu0.7.4

Ubuntu Installer — Fri, 08 Feb 2008 01:04:55 +0000

firefox (2.0.0.12+1nobinonly+2-0ubuntu0.7.4)

New stability upstream release (v2.0.0.12)
New security/stability upstream release (v2.0.0.12) - 1.8.0.14 prepatches
MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption v1.8.1.12 (Browser crashes)
MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption v1.8.1.12 (javascript crashes)
MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke blocking bugs
MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code Execution (JavaScript privilege escalation bugs)
MFSA 2008-04 aka CVE-2008-0416: Multiple XSS vulnerabilities from character encoding
MFSA 2008-05 aka CVE-2008-0417: Stored password corruption
MFSA 2008-06 aka CVE-2008-0418: Directory traversal via chrome: URI
MFSA 2008-07 aka CVE-2008-0419: Web browsing history and forward navigation stealing
MFSA 2008-08 aka CVE-2008-0420: Possible information disclosure in BMP decoder
MFSA 2008-09 aka CVE-2008-0591: File action dialog tampering
MFSA 2008-10 aka CVE-2008-0592: Mishandling of locally-saved plain text files
MFSA 2008-11 aka CVE-2008-0593: URL token stealing via stylesheet redirect
MFSA 2008-12 aka CVE-2008-0594: Web forgery overwrite with div overlay

linux-source-2.6.20, 2.6.20-16.35

Ubuntu Installer — Tue, 12 Feb 2008 14:00:40 +0000

linux-source-2.6.20 (2.6.20-16.35)

Tim Gardner
splice: fix user pointer access in get_iovec_page_array() (CVE-2008-0600)
- GIT-SHA 9ba4693de4d2e7da123589c3e592ea08eaf9e575

dspam 3.6.8-4ubuntu1.1

dAniel hAhler — Tue, 12 Feb 2008 19:43:13 +0000

dspam (3.6.8-4ubuntu1.1)

debian/dspam.init: make sure directory for PIDFILE (/var/run/dspam) exists (LP: #158252)

clamav, 0.90.2-0ubuntu1.6

Ubuntu Installer — Wed, 13 Feb 2008 12:55:34 +0000

clamav (0.90.2-0ubuntu1.6)

Security UPDATE: (LP: #191150) libclamav/pe.c: possible integer overflow libclamav/others.c: tempfile symlink vulnerability Thanks to Stephen Gran <sgran@debian.org> for the patches
References CVE-2008-0318 CVE-2007-6595

klavaro 1.0.1-1ubuntu1

Jerome Guelfucci — Wed, 13 Feb 2008 17:45:50 +0000

klavaro (1.0.1-1ubuntu1)

Applied upstream patch to fix a crash when fluidness test is completed using the French locale. (LP: #184112)
debian/control: set maintainer field as per spec.

libcdio, 0.76-1ubuntu2.7.04.1

Ubuntu Installer — Wed, 20 Feb 2008 14:55:58 +0000

libcdio (0.76-1ubuntu2.7.04.1)

SECURITY UPDATE:
- CVE-2007-6613: a stack-based buffer overflow in the print_iso9660_recurse function could lead to cause a denial of service or arbitrary code execution if the iso-info tool is used with a crafted iso image (LP: #191216)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129

tikiwiki,tikiwiki 1.9.7+dfsg-1ubuntu1.2

Ubuntu Installer — Wed, 20 Feb 2008 17:55:19 +0000

tikiwiki (1.9.7+dfsg-1ubuntu1.2)

Emanuele Gentili
SECURITY UPDATE: (LP: #180702)
- CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
- CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
- CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving tiki-edit_css.php, tiki-g-admin_shared_source.php.
debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
- Applied patch by upstream
References
- CVE-2007-6526
- CVE-2007-6528
- CVE-2007-6529
Jamie Strandboge
Use dash-compliant syntax in debian/rules

pcre3, 7.4-0ubuntu0.7.04.2

Ubuntu Installer — Thu, 21 Feb 2008 18:55:51 +0000

pcre3 (7.4-0ubuntu0.7.04.2)

SECURITY UPDATE: stack overflow when handling long UTF8 strings.
pcre_compile.c, testdata/test{in,out}put4: upstream changes from 7.6 backported, thanks to Tomas Hoger and Florian Weimer.
References CVE-2008-0674

cacti, 0.8.6i-3ubuntu0.2

Ubuntu Installer — Fri, 22 Feb 2008 02:55:31 +0000

cacti (0.8.6i-3ubuntu0.2)

SECURITY UPDATE: (LP: #192199)
- CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login.
- CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. (backported from 0.8.6j) (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch)
References: CVE-2008-0783 CVE-2008-0784

lighttpd, 1.4.13-9ubuntu4.3

Ubuntu Installer — Wed, 27 Feb 2008 14:55:33 +0000

lighttpd (1.4.13-9ubuntu4.3)

SECURITY UPDATE:
- debian/patches/90_maxfds_crash_fix.dpatch:
  - added patch from upstream to fix the maxfds issue (LP: #195380)
References
- http://trac.lighttpd.net/trac/ticket/1562

lookup-el,lookup-el 1.4-4ubuntu0.7.04

Ubuntu Installer — Wed, 27 Feb 2008 14:56:23 +0000

lookup-el (1.4-4ubuntu0.7.04)

SECURITY UPDATE:
- lisp/ndeb-binary.el: Make a temporary subdirectory securely. (LP: #176931)
References
- http://www.debian.org/security/2007/dsa-1269
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0237

mozilla-thunderbird, 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0

Ubuntu Installer — Fri, 29 Feb 2008 15:56:13 +0000

mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0)

USN-582-1 - release security backports for 1.8.0.12 (including previously not released firefox patches for 1.8.0.10/11)
add distro version patch to indicate post-EOL maintainence release
- add debian/patches/98_ubuntu_eol_distro_version.dpatch
- update debian/patches/00list

gnatsweb,gnatsweb 4.00-1ubuntu0.7.04

Ubuntu Installer — Tue, 04 Mar 2008 18:55:27 +0000

gnatsweb (4.00-1ubuntu0.7.04)

SECURITY UPDATE:
gnatsweb.pl (LP: #191196)
- Fixed missing escaping of the database parameter which leads to a cross-site scripting vulnerability (XSS) via this parameter (CVE-2007-2808).
debian/control
- Switch Maintainer to Ubuntu MOTU Developers
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156

evolution, 2.10.1-0ubuntu2.1

Ubuntu Installer — Wed, 05 Mar 2008 18:55:37 +0000

evolution (2.10.1-0ubuntu2.1)

SECURITY UPDATE: code execution via format string in encrypted emails.
Add 99_00_encryption_format_string_fix.patch: upstream fixes from Srinivasa Ragavan.
References CVE-2008-0072

openldap2.3, 2.3.30-2ubuntu0.2

Ubuntu Installer — Wed, 05 Mar 2008 20:55:49 +0000

openldap2.3 (2.3.30-2ubuntu0.2)

SECURITY UPDATE: slapd crash when using the bdb backend and processing crafted modify and modrdn requests
debian/patches/SECURITY_CVE-2007-6698+CVE-2008-0658.patch: patch to back-bdb/add.c, back-bdb/ctxcsn.c, back-bdb/delete.c, back-bdb/modify.c, back-bdb/modrdn.c to properly check for NOOP option
References: CVE-2007-6698 CVE-2008-0658 LP: #197077

tzdata 2007k-0ubuntu0.7.04.1

Martin Pitt — Thu, 06 Mar 2008 10:33:00 +0000

tzdata (2007k-0ubuntu0.7.04.1)

Add debian/patches/chile-dst2008.patch: Update DST rules for Chile to incorporate short-term DST change for 2008 (delayed for three weeks from March 08 to March 29). (LP: #198129)

mozilla-thunderbird, 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1

Ubuntu Installer — Thu, 06 Mar 2008 18:56:19 +0000

mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1)

fix memory access regression (LP: #197504)
- add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
- update debian/patches/00list

lighttpd, 1.4.13-9ubuntu4.4

Ubuntu Installer — Fri, 07 Mar 2008 18:55:46 +0000

lighttpd (1.4.13-9ubuntu4.4)

SECURITY UPDATE:
debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731)
References
http://trac.lighttpd.net/trac/changeset/2107
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

python2.4, 2.4.4-2ubuntu7.1

Ubuntu Installer — Mon, 10 Mar 2008 21:55:53 +0000

python2.4 (2.4.4-2ubuntu7.1)

SECURITY UPDATE: code execution via integer overflows.
debian/rules, debian/patches/CVE-2007-4965-int-overflow.dpatch: upstream changes, thanks to Stephan Hermann.
References http://bugs.python.org/file8592/python-2.5.CVE-2007-4965-int-overflow.patch CVE-2007-4965

python2.5, 2.5.1-0ubuntu1.1

Ubuntu Installer — Mon, 10 Mar 2008 21:57:34 +0000

python2.5 (2.5.1-0ubuntu1.1)

SECURITY UPDATE: code execution via integer overflows
debian/rules, debian/patches/CVE-2007-4965-int-overflow.dpatch: upstream changes, thanks to Stephan Hermann.
References http://bugs.python.org/file8592/python-2.5.CVE-2007-4965-int-overflow.patch CVE-2007-4965

lighttpd, 1.4.13-9ubuntu4.5

Ubuntu Installer — Tue, 11 Mar 2008 19:55:30 +0000

lighttpd (1.4.13-9ubuntu4.5)

SECURITY UPDATE: (LP: #200987)
debian/patches/91_CVE-2008-1270.dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
References
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
http://trac.lighttpd.net/trac/ticket/1587
http://trac.lighttpd.net/trac/changeset/2120

mysql-dfsg-5.0 5.0.38-0ubuntu1.3

Jamie Strandboge — Wed, 12 Mar 2008 08:10:59 +0000

mysql-dfsg-5.0 (5.0.38-0ubuntu1.3)

SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978).
SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements
debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039)
debian/patches/99_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing
SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines
debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. (LP: #172260)
References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337

tzdata 2008a-0ubuntu0.7.04

Martin Pitt — Wed, 12 Mar 2008 09:22:43 +0000

tzdata (2008a-0ubuntu0.7.04)

Replace tzdata2007k.tar.gz with new version tzdata2008a:
- Fixes Chile DST properly, our patch switched it on a day too early.
- Drop debian/patches/chile-dst2008.patch.
- LP: #198129

vlc, 0.8.6.release-0ubuntu4.1

Ubuntu Installer — Wed, 12 Mar 2008 17:56:40 +0000

vlc (0.8.6.release-0ubuntu4.1)

SECURITY UPDATE:
- debian/patches/031_CVE-2008-0984.diff (LP: #195949)
- VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
  - suffers from an arbitrary memory overwrite vulnerability when using
  - crash the player instance.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
- http://www.videolan.org/security/sa0802.html

mailman, 1:2.1.9-4ubuntu1.1

Ubuntu Installer — Fri, 14 Mar 2008 18:55:57 +0000

mailman (1:2.1.9-4ubuntu1.1)

debian/control:
updated maintainer field
SECURITY UPDATE:
debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
- Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
http://bugs.gentoo.org/show_bug.cgi?id=208710

wml, 2.0.11-1ubuntu0.1

Ubuntu Installer — Fri, 14 Mar 2008 20:55:43 +0000

wml (2.0.11-1ubuntu0.1)

debian/control
updated maintainer field
SECURITY UPDATE: (LP: #191205)
wml_backend/p1_ipp/ipp.src (CVE-2008-0665)
- in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666)
- Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907

phpmyadmin, 4:2.9.1.1-2ubuntu1.2

Ubuntu Installer — Fri, 14 Mar 2008 20:55:33 +0000

phpmyadmin (4:2.9.1.1-2ubuntu1.2)

SECURITY UPDATE:
debian/patches/050_CVE-2008-1149.dpatch
- Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service. (LP: #198745)
References:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

python-cherrypy, 2.2.1-3ubuntu1.7.04

Ubuntu Installer — Fri, 14 Mar 2008 20:56:39 +0000

python-cherrypy (2.2.1-3ubuntu1.7.04)

SECURITY UPDATE: directory traversal via session cookie ID.
- debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path generated from the session ID is within the session directory. Patch from upstream SVN. (LP: #187481)
- References:
  - CVE-2008-0252

mailman, 1:2.1.9-4ubuntu1.2

Ubuntu Installer — Sat, 15 Mar 2008 16:55:21 +0000

mailman (1:2.1.9-4ubuntu1.2)

debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code line which caused the code to become invalid and the package to not be installable. (LP: #202332)

postgresql-8.2 8.2.7-0ubuntu0.7.04

Martin Pitt — Tue, 18 Mar 2008 23:06:47 +0000

postgresql-8.2 (8.2.7-0ubuntu0.7.04)

New upstream bug fix release: (LP: #203734)
- Repair potential deadlock between concurrent "VACUUM FULL" operations on different system catalogs.
- Fix longstanding "LISTEN"/"NOTIFY" race condition.
- Disallow "LISTEN" and "UNLISTEN" within a prepared transaction. This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted.
- Disallow dropping a temporary table within a prepared transaction This was correctly disallowed by 8.1, but the check was inadvertently broken in 8.2.
- Fix rare crash when an error occurs during a query using a hash index.
- Fix memory leaks in certain usages of set-returning functions.
- Fix input of datetime values for February 29 in years BC.
- Fix "unrecognized node type" error in some variants of "ALTER OWNER".
- Ensure pg_stat_activity.waiting flag is cleared when a lock wait is aborted.
- Fix pg_ctl to correctly extract the postmaster's port number from command-line options. (See Debian #358546)
- Use "-fwrapv" to defend against possible misoptimization in recent gcc versions.
- Correctly enforce statement_timeout values longer than INT_MAX microseconds (about 35 minutes).
- Fix "unexpected PARAM_SUBLINK ID" planner error when constant-folding simplifies a sub-select.
- Fix logical errors in constraint-exclusion handling of IS NULL and NOT expressions.
- Fix another cause of "failed to build any N-way joins" planner errors.
- Fix incorrect constant propagation in outer-join planning.
- Fix display of constant expressions in ORDER BY and GROUP BY.
- Fix libpq to handle NOTICE messages correctly during COPY OUT.
Remove debian/patches/00upstream-clauseless-joins-regression.patch, upstream now.

krb5, 1.4.4-5ubuntu3.4

Ubuntu Installer — Tue, 18 Mar 2008 23:56:28 +0000

krb5 (1.4.4-5ubuntu3.4)

SECURITY UPDATE: arbitrary code execution via freed pointer and memory overflows.
src/kdc/{kerberos_v4,dispatch,network}.c: backported upstream fixes patched inline (MITKRB5-SA-2008-001: CVE-2008-0062, CVE-2008-0063).
src/lib/rpc/{svc,svc_tcp}.c: upstream fixed patched inline (MITKRB5-SA-2008-002: CVE-2008-0947)

mysql-dfsg-5.0, 5.0.38-0ubuntu1.4

Ubuntu Installer — Thu, 20 Mar 2008 10:56:54 +0000

mysql-dfsg-5.0 (5.0.38-0ubuntu1.4)

no change build for -security upload

mysql-dfsg-5.0 (5.0.38-0ubuntu1.3)

SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978).
SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements
debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039)
debian/patches/99_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing
SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines
debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. (LP: #172260)
References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337

unzip, 5.52-9ubuntu3.1

Ubuntu Installer — Thu, 20 Mar 2008 17:56:00 +0000

unzip (5.52-9ubuntu3.1)

SECURITY UPDATE: arbitrary code execution via heap corruption.
inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
References CVE-2008-0888

smarty,smarty 2.6.14-1ubuntu0.7.04.1

Ubuntu Installer — Mon, 24 Mar 2008 12:55:42 +0000

smarty (2.6.14-1ubuntu0.7.04.1)

SECURITY UPDATE: (LP: #202422)
libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492

mplayer, 2:1.0~rc1-0ubuntu9.3

Ubuntu Installer — Mon, 24 Mar 2008 15:56:27 +0000

mplayer (2:1.0~rc1-0ubuntu9.3)

SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header parser, and URL parser. (LP: #191488)
stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c, stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c, stream/url.c: Patches from upstream.
References:
- CVE-2008-0225
- CVE-2008-0238
- CVE-2008-0485
- CVE-2008-0486
- CVE-2008-0629
- CVE-2008-0630

bzip2, 1.0.3-6ubuntu0.1

Ubuntu Installer — Mon, 24 Mar 2008 17:55:49 +0000

bzip2 (1.0.3-6ubuntu0.1)

SECURITY UPDATE: denial of service via heap memory corruption.
bzlib.c, bzlib_private.h: upstream patch from 1.0.5 applied inline.
References CVE-2008-1372

icu, 3.6-2ubuntu0.1

Ubuntu Installer — Mon, 24 Mar 2008 17:57:04 +0000

icu (3.6-2ubuntu0.1)

SECURITY UPDATE: possible read from and write to out of bounds memory locations via back reference '\0' in regular expressions
SECURITY UPDATE: denial of service due to memory exhaustion via a crafted regular expression
debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to return error on invalid back reference. fix rematch.cpp, uvectr32.h and uvectr32.cpp to return error when capacity is greater than maxCapacity
References CVE-2007-4770 CVE-2007-4771
Modify Maintainer value to match the DebianMaintainerField specification.

dspam, 3.6.8-4ubuntu1.2

Ubuntu Installer — Wed, 26 Mar 2008 03:56:09 +0000

dspam (3.6.8-4ubuntu1.2)

SECURITY UPDATE: The libdspam7-drv-mysql cron job includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
debian/libdspam7-drv-mysql.cron.daily: applied patch from Debian to use a password file instead.
References
- LP: #195691
- CVE-2007-6418

firefox, 2.0.0.13+0nobinonly-0ubuntu0.7.4

Ubuntu Installer — Wed, 26 Mar 2008 13:02:31 +0000

firefox (2.0.0.13+0nobinonly-0ubuntu0.7.4)

New security/stability upstream release (v2.0.0.13)
- see USN-592-1

libnet-dns-perl, 0.59-1ubuntu0.2

Ubuntu Installer — Wed, 26 Mar 2008 17:56:28 +0000

libnet-dns-perl (0.59-1ubuntu0.2)

SECURITY UPDATE:
debian/patches/42_CVE-2007-6341.dpatch (LP: #201454)
- used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6341
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457445

dovecot, 1.0.rc17-1ubuntu2.3

Ubuntu Installer — Wed, 26 Mar 2008 17:55:51 +0000

dovecot (1.0.rc17-1ubuntu2.3)

SECURITY UPDATE: mailboxes of other users could be read via symlinks.
Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes to avoid future issues in underlying passdb (CVE-2008-1218).
References http://dovecot.org/list/dovecot-news/2008-March/000060.html http://dovecot.org/list/dovecot-news/2008-March/000064.html

sdl-image1.2, 1.2.5-2ubuntu0.7.04.1

Ubuntu Installer — Wed, 26 Mar 2008 18:55:41 +0000

sdl-image1.2 (1.2.5-2ubuntu0.7.04.1)

SECURITY UPDATE: Buffer overflow in GIF handling; possible denial of service and arbitrary code execution.
SECURITY UPDATE: Buffer overflow in IFF ILBM handling; possible denial of service and arbitrary code execution.
Added patches to prevent buffer overflow in IMG_gif.c and IMG_lbm.c. Patches prepared from sdl-image1.2_1.2.5-2etch1 update in debian. Applied inline. (LP: #185782)
References: http://www.debian.org/security/2008/dsa-1493 CVE-2007-6697 and CVE-2008-0544

ruby1.8, 1.8.5-4ubuntu2.1

Ubuntu Installer — Wed, 26 Mar 2008 18:56:49 +0000

ruby1.8 (1.8.5-4ubuntu2.1)

SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed.
debian/patches/950_CVE-2007-5162.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
debian/patches/951_CVE-2007-5770.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
References: CVE-2007-5162 CVE-2007-5770 (LP: #149616)

horde3, 3.1.3-4ubuntu0.1

Ubuntu Installer — Thu, 27 Mar 2008 16:55:39 +0000

horde3 (3.1.3-4ubuntu0.1)

SECURITY UPDATE: (LP: #203456)
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
- and Groupware Webmail Edition before 1.0.6, when running with certain
- configurations, allows remote authenticated users to read and execute arbitrary
- files via ".." sequences and a null byte in the theme name.
- Fix directory traversal vulnerability in Registry.php which allows
- an attacker to read and execute arbitrary local files via crafted
- path sequences.
References
http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
http://www.debian.org/security/2008/dsa-1519

dspam, 3.6.8-4ubuntu1.3

Ubuntu Installer — Fri, 28 Mar 2008 00:55:48 +0000

dspam (3.6.8-4ubuntu1.3)

debian/libdspam7-drv-mysql.cron.daily: Fix bashism introduced in previous security update (s/echo -e/printf/) (LP: #207579)

openssh, 1:4.3p2-8ubuntu1.2

Ubuntu Installer — Tue, 01 Apr 2008 22:55:53 +0000

openssh (1:4.3p2-8ubuntu1.2)

SECURITY UPDATE: X11 forward hijacking via alternate address families.
channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel (LP: #210175).
References CVE-2008-1483

cupsys, 1.2.8-0ubuntu8.3

Ubuntu Installer — Wed, 02 Apr 2008 21:56:10 +0000

cupsys (1.2.8-0ubuntu8.3)

debian/patches/99_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
debian/patches/100_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch.
debian/patches/101_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
debian/patches/102_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters
debian/patches/103_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size
References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656

ca-certificates 20061027-0ubuntu0.1

James Westby — Fri, 04 Apr 2008 12:14:52 +0000

ca-certificates (20061027-0ubuntu0.1)

Fix up generation of the /etc/ssl/certs/ca-certificates.crt file for those users who installed the package in a pt_BR locale (LP: #153625). A mistake in the translation template meant that the choices were not available in this locale, and so the file was always empty.
- If you were affected and have not tried to reconfigure this package, then the problem should be corrected for you automatically.
- If you were affected and have tried to reconfigure the package you may be shown a debconf question to allow you to select the certificates that you want.
- The only users who were not affected by this bug but may be affected by this fix are those who installed in a different locale, and then reconfigured the package so that no certificates are trusted, and who now run in a pt_BR locale. They will have to deselect all of the certificates again.

cacti, 0.8.6i-3ubuntu0.3

Ubuntu Installer — Sat, 05 Apr 2008 13:55:38 +0000

cacti (0.8.6i-3ubuntu0.3)

debian/patches/11_CVE-2008-0783_CVE-2008-0784_regression.dpatch: fix 'Invalid PHP_SELF Path' regression (LP: #194687)

opera 9.27-20080331.6fesity1

Brian Thomason — Mon, 07 Apr 2008 20:30:20 +0000

opera (9.27-20080331.6fesity1)

New upstream release
See http://www.opera.com/docs/changelogs/ for details

gs-esp, 8.15.4.dfsg.1-0ubuntu1.1

Ubuntu Installer — Wed, 09 Apr 2008 18:56:28 +0000

gs-esp (8.15.4.dfsg.1-0ubuntu1.1)

SECURITY UPDATE: buffer overflow in color space handling code
debian/patches/08_CVE-2008-0411.dpatch: fix zseticcspace() to perform range checks
References CVE-2008-0411

gs-gpl, 8.54.dfsg.1-5ubuntu0.2

Ubuntu Installer — Wed, 09 Apr 2008 18:57:04 +0000

gs-gpl (8.54.dfsg.1-5ubuntu0.2)

SECURITY UPDATE: buffer overflow in color space handling code
debian/patches/41_CVE-2008-0411.dpatch: fix zseticcspace() to perform range checks
References CVE-2008-0411

rsync, 2.6.9-3ubuntu1.2

Ubuntu Installer — Fri, 11 Apr 2008 05:55:17 +0000

rsync (2.6.9-3ubuntu1.2)

SECURITY UPDATE: code execution via ACL overflow.
debian/patches/xattr-security.diff: upstream fixes for ACL/xattr, thanks to Debian.
References CVE-2008-1720

squid, 2.6.5-4ubuntu2.2

Ubuntu Installer — Mon, 14 Apr 2008 14:56:15 +0000

squid (2.6.5-4ubuntu2.2)

SECURITY UPDATE: off by one assertion could cause a denial of service
debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in lib/Array.c to properly check a->capacity

libapache2-mod-python 3.2.10-3ubuntu1.1

Matthias Klose — Wed, 16 Apr 2008 11:05:40 +0000

libapache2-mod-python (3.2.10-3ubuntu1.1)

Rebuild for the final python 2.5.1 release. LP: #107149.
Fix a memory lleak. LP: #132520.

lighttpd, 1.4.13-9ubuntu4.6

Ubuntu Installer — Thu, 17 Apr 2008 13:55:22 +0000

lighttpd (1.4.13-9ubuntu4.6)

SECURITY UPDATE: (LP: #209627)
debian/patches/91_CVE-2008-1531.dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
References
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
http://trac.lighttpd.net/trac/changeset/2136
http://trac.lighttpd.net/trac/changeset/2139

poppler, 0.5.4-0ubuntu8.3

Ubuntu Installer — Thu, 17 Apr 2008 15:55:57 +0000

poppler (0.5.4-0ubuntu8.3)

SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger type-checking added.
References CVE-2008-1693

koffice, 1:1.6.2-0ubuntu1.3

Ubuntu Installer — Thu, 17 Apr 2008 16:02:06 +0000

koffice (1:1.6.2-0ubuntu1.3)

SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
debian/patches/40_pdf2-embedded-font-fixes.diff: stronger type-checking added.
References CVE-2008-1693

gnumeric, 1.7.8-0ubuntu1.1

Ubuntu Installer — Tue, 22 Apr 2008 00:56:22 +0000

gnumeric (1.7.8-0ubuntu1.1)

SECURITY UPDATE: arbitrary code execution via integer overflow in Excel spreadsheet HLINK processing.
plugins/excel/ms-excel-read.c: backported upstream fixes thanks to Debian, with an additional bugfix.
References CVE-2008-0668

firefox, 2.0.0.14+1nobinonly-0ubuntu0.7.4

Ubuntu Installer — Tue, 22 Apr 2008 01:05:23 +0000

firefox (2.0.0.14+1nobinonly-0ubuntu0.7.4)

Alexander Sack
New security/stability upstream release (v2.0.0.14)
- see USN-602-1

ca-certificates 20061027-0ubuntu0.2

James Westby — Thu, 24 Apr 2008 09:53:43 +0000

ca-certificates (20061027-0ubuntu0.2)

Fix up generation of the /etc/ssl/certs/ca-certificates.crt file for those users who installed the package in a pt_BR locale (LP: #153625). A mistake in the translation template meant that the choices were not available in this locale, and so the file was always empty.
- If you were affected and have not tried to reconfigure this package, then the problem should be corrected for you automatically.
- If you were affected and have tried to reconfigure the package you may be shown a debconf question to allow you to select the certificates that you want.
- The only users who were not affected by this bug but may be affected by this fix are those who installed in a different locale, and then reconfigured the package so that no certificates are trusted, and who now run in a pt_BR locale. They will have to deselect all of the certificates again.
In addition to the previous version this version prevents the question being asked multiple times for those who appear to have been hit by this issue.

cupsys, 1.2.8-0ubuntu8.4

Ubuntu Installer — Mon, 05 May 2008 11:55:56 +0000

cupsys (1.2.8-0ubuntu8.4)

SECURITY UPDATE: Denial of service and possibly arbitrary code execution
debian/patches/104_CVE-2008-1722.dpatch: fix for two integer overflows in filter/image-png.c. Taken from Debian SVN Head.
References CVE-2008-1722 LP: #219491 http://www.cups.org/str.php?L2790

xemacs21, 21.4.19-2ubuntu0.1

Ubuntu Installer — Mon, 05 May 2008 17:56:41 +0000

xemacs21 (21.4.19-2ubuntu0.1)

SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/21_vcdiff-tmp-race.dpatch: update lib-src/vcdiff to use mktemp
References CVE-2008-1694

emacs21, 21.4a+1-2ubuntu1.2

Ubuntu Installer — Mon, 05 May 2008 17:57:41 +0000

emacs21 (21.4a+1-2ubuntu1.2)

SECURITY UPDATE: buffer overflow in format function
debian/patches/fix-format-overflow.diff: fix src/editfns.c to account for precision in integer formatting (LP: #174177)
SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp
References CVE-2007-6109 CVE-2008-1694

clamav, 0.90.2-0ubuntu1.7

Ubuntu Installer — Mon, 05 May 2008 18:55:31 +0000

clamav (0.90.2-0ubuntu1.7)

SECURITY UPDATE: Possible heap corruption
Added 60_cve-2008-0728.dpatch
References: CVE-2008-0728 ( LP: #213500 )

kdelibs, 4:3.5.6-0ubuntu14.3

Ubuntu Installer — Mon, 05 May 2008 18:57:04 +0000

kdelibs (4:3.5.6-0ubuntu14.3)

SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit processing of user-influenceable input is faulty. A local user might be able to send unix signals to other processes, cause a denial of service or even possibly execute arbitrary code.
Add kubuntu_9903_kinit_integer_overflow.diff, edits kinit/start_kdeinit.c, patch from upstream KDE
References http://www.kde.org/info/security/advisory-20080426-2.txt CVE-2008-1671

mozilla-thunderbird, 1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1

Ubuntu Installer — Tue, 06 May 2008 15:55:33 +0000

mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1)

RELEASE security/stability backports for tbird 1.5 as of 2.0.0.14 (USN-605-1)
- http://people.ubuntu.com/~asac/mozilla-security/1.8.1.14/moz_1.8.0.15prepatches080417a.tar.gz
drop patches applied upstream from debian/patches
- 0071_279505-attachment-297724-fix-396613-regression.dpatch

kde4libs, 3.80.3-0ubuntu4.1

Ubuntu Installer — Tue, 06 May 2008 19:56:15 +0000

kde4libs (3.80.3-0ubuntu4.1)

SECURITY UPDATE: KHTML's PNG loader can be tricked into overrunning a heap allocated memory buffer by loading a specially encoded image. A remote site could cause a denial of service and possibly execute arbitrary code in the context of the user.
Add patch kubuntu_07_khtml_png_loader_memory_overrun.diff from KDE upstream, adds extra checks to khtml/imload/decoders/pngloader.cpp
References http://www.kde.org/info/security/advisory-20080426-1.txt CVE-2008-1670

hsqldb, 1.8.0.7-1ubuntu2.1

Ubuntu Installer — Tue, 06 May 2008 21:55:14 +0000

hsqldb (1.8.0.7-1ubuntu2.1)

SECURITY UPDATE: arbitrary Java methods via SQL.
Add debian/patches/90_method-whitelist.patch: upstream changes backported, thanks to Debian.
References CVE-2007-4575

openoffice.org, 2.2.0-1ubuntu6

Ubuntu Installer — Tue, 06 May 2008 22:00:04 +0000

openoffice.org (2.2.0-1ubuntu6)

Chris Cheney
ooo-build/patches/src680/workspace.fwk82.diff, ooo-build/patches/src680/workspace.sjfixes03.diff: fix CVE-2007-5745, CVE-2007-5746,CVE-2007-5747 and CVE-2008-0320
ooo-build/patches/src680/cws-jl85.diff: fix XML signing problem where the document can be manipulated so that the signature dialog display a false issuer
Kees Cook
ooo-build/patches/src680/workspace.hsql1808.diff: upstream fixes backported for HSQLDB Java method calling (CVE-2007-4575).

ltsp, 5.0.7.1

Ubuntu Installer — Tue, 06 May 2008 22:56:01 +0000

ltsp (5.0.7.1)

fix CVE-2008-1293 (LP: #227295) that made unauthenticated access to the local X server on the client possible.

speex, 1.1.12-3ubuntu0.7.04.1

Ubuntu Installer — Thu, 08 May 2008 17:55:26 +0000

speex (1.1.12-3ubuntu0.7.04.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
fix for libspeex/speex_header.c to properly validate its input
References CVE-2008-1686

vorbis-tools, 1.1.1-6ubuntu0.1

Ubuntu Installer — Thu, 08 May 2008 19:55:20 +0000

vorbis-tools (1.1.1-6ubuntu0.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input
References CVE-2008-1686

gst-plugins-good0.10, 0.10.5-1ubuntu2.1

Ubuntu Installer — Thu, 08 May 2008 20:55:34 +0000

gst-plugins-good0.10 (0.10.5-1ubuntu2.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
debian/patches/02_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input
References CVE-2008-1686