Gutsy Changes

pcre3, 7.4-0ubuntu0.7.10.2

Ubuntu Installer — Thu, 21 Feb 2008 18:56:02 +0000

pcre3 (7.4-0ubuntu0.7.10.2)

SECURITY UPDATE: stack overflow when handling long UTF8 strings.
pcre_compile.c, testdata/test{in,out}put4: upstream changes from 7.6 backported, thanks to Tomas Hoger and Florian Weimer.
References CVE-2008-0674

cacti, 0.8.6j-1.1ubuntu0.2

Ubuntu Installer — Fri, 22 Feb 2008 02:55:38 +0000

cacti (0.8.6j-1.1ubuntu0.2)

SECURITY UPDATE: (LP: #192199)
- CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login.
- CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch)
References: CVE-2008-0783 CVE-2008-0784

glabels 2.1.3-1ubuntu0.1

Andrea Colangelo — Fri, 22 Feb 2008 09:49:16 +0000

glabels (2.1.3-1ubuntu0.1)

debian/patches/20_fix_paper_size_switch_crash.patch: add to avoid crash when switching paper size in template selector dialog (LP: #129518).
Modify Maintainer value to match the DebianMaintainerField specification.

parallels 2.2.2224-1gutsy1

Brian Thomason — Fri, 22 Feb 2008 19:50:12 +0000

parallels (2.2.2224-1gutsy1)

New upstream release
Closes: #187974, #187972

lighttpd, 1.4.18-1ubuntu1.1

Ubuntu Installer — Wed, 27 Feb 2008 14:55:57 +0000

lighttpd (1.4.18-1ubuntu1.1)

SECURITY UPDATE:
- debian/patches/90_maxfds_crash_fix.dpatch:
  - added patch from upstream to fix the maxfds issue (LP: #195380)
References
- http://trac.lighttpd.net/trac/ticket/1562

thunderbird, 2.0.0.12+nobinonly-0ubuntu0.7.10.0

Ubuntu Installer — Fri, 29 Feb 2008 00:56:41 +0000

thunderbird (2.0.0.12+nobinonly-0ubuntu0.7.10.0)

USN-582-1 - 2.0.0.12 security/stability update
drop keep_version patch previously applied to unbreak homepage which didn't exist for *pre versions
- drop debian/patches/keep_version_2006.patch
- update debian/patches/series
update autoconf-regen patch
- update debian/patches/autoconf-regen

gthumb 3:2.10.6-0ubuntu1.1

Tormod Volden — Wed, 05 Mar 2008 08:31:48 +0000

gthumb (3:2.10.6-0ubuntu1.1)

21_dont_skip_file_type.dpatch: Saving .bmp images silently fails (LP: #165174)
22_paper_size_free.dpatch: Printing often crashes with custom paper size (LP: #173082)
add Build-depends on libltdl3-dev to allow building from scratch (LP: #151696)

ubuntu-docs 7.10.5

Matthew East — Wed, 05 Mar 2008 09:08:34 +0000

ubuntu-docs (7.10.5)

Updating translations from Rosetta

evolution, 2.12.1-0ubuntu1.1

Ubuntu Installer — Wed, 05 Mar 2008 18:56:25 +0000

evolution (2.12.1-0ubuntu1.1)

SECURITY UPDATE: code execution via format string in encrypted emails.
Add 99_00_encryption_format_string_fix.patch: upstream fixes from Srinivasa Ragavan.
References CVE-2008-0072

openldap2.3, 2.3.35-1ubuntu0.2

Ubuntu Installer — Wed, 05 Mar 2008 20:56:05 +0000

openldap2.3 (2.3.35-1ubuntu0.2)

SECURITY UPDATE: slapd crash when using the bdb backend and processing crafted modrdn requests
debian/patches/SECURITY_CVE-2008-0658.patch: patch to back-bdb/modrdn.c to properly check for NOOP option
References: CVE-2008-0658 LP: #197077

phpmyadmin, 4:2.10.3-1ubuntu0.2

Ubuntu Installer — Thu, 06 Mar 2008 00:55:21 +0000

phpmyadmin (4:2.10.3-1ubuntu0.2)

SECURITY UPDATE:
debian/patches/050_CVE-2008-1149.dpatch
- Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service. (LP: #198745)
References:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

tzdata 2007k-0ubuntu0.7.10.1

Martin Pitt — Thu, 06 Mar 2008 10:32:34 +0000

tzdata (2007k-0ubuntu0.7.10.1)

Add debian/patches/chile-dst2008.patch: Update DST rules for Chile to incorporate short-term DST change for 2008 (delayed for three weeks from March 08 to March 29). (LP: #198129)

parallels 2.2.2226-1gutsy1

Brian Thomason — Fri, 07 Mar 2008 09:05:14 +0000

parallels (2.2.2226-1gutsy1)

New upstream release
Removed setuid executables

lighttpd, 1.4.18-1ubuntu1.2

Ubuntu Installer — Fri, 07 Mar 2008 18:56:24 +0000

lighttpd (1.4.18-1ubuntu1.2)

SECURITY UPDATE:
debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731)
References
http://trac.lighttpd.net/trac/changeset/2107
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

python2.4, 2.4.4-6ubuntu4.1

Ubuntu Installer — Mon, 10 Mar 2008 21:56:15 +0000

python2.4 (2.4.4-6ubuntu4.1)

SECURITY UPDATE: code execution via integer overflows.
debian/rules, debian/patches/CVE-2007-4965-int-overflow.dpatch: upstream changes, thanks to Stephan Hermann.
References http://bugs.python.org/file8592/python-2.5.CVE-2007-4965-int-overflow.patch CVE-2007-4965

python2.5, 2.5.1-5ubuntu5.1

Ubuntu Installer — Mon, 10 Mar 2008 21:58:01 +0000

python2.5 (2.5.1-5ubuntu5.1)

SECURITY UPDATE: code execution via integer overflows.
debian/rules, debian/patches/CVE-2007-4965-int-overflow.dpatch: upstream changes, thanks to Stephan Hermann.
References http://bugs.python.org/file8592/python-2.5.CVE-2007-4965-int-overflow.patch CVE-2007-4965

lighttpd, 1.4.18-1ubuntu1.3

Ubuntu Installer — Tue, 11 Mar 2008 19:55:56 +0000

lighttpd (1.4.18-1ubuntu1.3)

SECURITY UPDATE: (LP: #200987)
debian/patches/91_CVE-2008-1270.dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
References
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
http://trac.lighttpd.net/trac/ticket/1587
http://trac.lighttpd.net/trac/changeset/2120

mysql-dfsg-5.0 5.0.45-1ubuntu3.2

Jamie Strandboge — Wed, 12 Mar 2008 08:08:56 +0000

mysql-dfsg-5.0 (5.0.45-1ubuntu3.2)

SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978)
SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements
debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039)
debian/patches/97_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing
References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303

tzdata 2008a-0ubuntu0.7.10

Martin Pitt — Wed, 12 Mar 2008 09:22:19 +0000

tzdata (2008a-0ubuntu0.7.10)

Replace tzdata2007k.tar.gz with new version tzdata2008a:
- Fixes Chile DST properly, our patch switched it on a day too early.
- Drop debian/patches/chile-dst2008.patch.
- LP: #198129

vlc, 0.8.6.release.c-0ubuntu5.1

Ubuntu Installer — Wed, 12 Mar 2008 17:57:12 +0000

vlc (0.8.6.release.c-0ubuntu5.1)

SECURITY UPDATE:
- debian/patches/031_CVE-2008-0984.diff (LP: #195949)
- VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
  - suffers from an arbitrary memory overwrite vulnerability when using
  - crash the player instance.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
- http://www.videolan.org/security/sa0802.html

mailman, 1:2.1.9-8ubuntu0.1

Ubuntu Installer — Fri, 14 Mar 2008 18:56:14 +0000

mailman (1:2.1.9-8ubuntu0.1)

debian/control:
updated maintainer field
SECURITY UPDATE:
debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
- Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
http://bugs.gentoo.org/show_bug.cgi?id=208710

wml, 2.0.11-2ubuntu0.1

Ubuntu Installer — Fri, 14 Mar 2008 20:55:50 +0000

wml (2.0.11-2ubuntu0.1)

debian/control
updated maintainer field
SECURITY UPDATE: (LP: #191205)
wml_backend/p1_ipp/ipp.src (CVE-2008-0665)
- in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666)
- Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907

cherrypy3,cherrypy3 3.0.2-1ubuntu0.1

Ubuntu Installer — Fri, 14 Mar 2008 20:56:27 +0000

cherrypy3 (3.0.2-1ubuntu0.1)

SECURITY UPDATE: directory traversal via session cookie ID.
- debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path generated from the session ID is within the session directory. Patch from upstream SVN. (LP: #187481)
- References:
  - CVE-2008-0252
Modify Maintainer value to match the DebianMaintainerField specification.

python-cherrypy, 2.2.1-3ubuntu1.7.10

Ubuntu Installer — Fri, 14 Mar 2008 20:56:47 +0000

python-cherrypy (2.2.1-3ubuntu1.7.10)

SECURITY UPDATE: directory traversal via session cookie ID.
- debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path generated from the session ID is within the session directory. Patch from upstream SVN. (LP: #187481)
- References:
  - CVE-2008-0252

mailman, 1:2.1.9-8ubuntu0.2

Ubuntu Installer — Sat, 15 Mar 2008 16:55:39 +0000

mailman (1:2.1.9-8ubuntu0.2)

debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code line which caused the code to become invalid and the package to not be installable. (LP: #202332)

postgresql-8.2 8.2.7-0ubuntu0.7.10

Martin Pitt — Tue, 18 Mar 2008 22:57:04 +0000

postgresql-8.2 (8.2.7-0ubuntu0.7.10)

New upstream bug fix release: (LP: #203734)
- Repair potential deadlock between concurrent "VACUUM FULL" operations on different system catalogs.
- Fix longstanding "LISTEN"/"NOTIFY" race condition.
- Disallow "LISTEN" and "UNLISTEN" within a prepared transaction. This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted.
- Disallow dropping a temporary table within a prepared transaction This was correctly disallowed by 8.1, but the check was inadvertently broken in 8.2.
- Fix rare crash when an error occurs during a query using a hash index.
- Fix memory leaks in certain usages of set-returning functions.
- Fix input of datetime values for February 29 in years BC.
- Fix "unrecognized node type" error in some variants of "ALTER OWNER".
- Ensure pg_stat_activity.waiting flag is cleared when a lock wait is aborted.
- Fix pg_ctl to correctly extract the postmaster's port number from command-line options. (See Debian #358546)
- Use "-fwrapv" to defend against possible misoptimization in recent gcc versions.
- Correctly enforce statement_timeout values longer than INT_MAX microseconds (about 35 minutes).
- Fix "unexpected PARAM_SUBLINK ID" planner error when constant-folding simplifies a sub-select.
- Fix logical errors in constraint-exclusion handling of IS NULL and NOT expressions.
- Fix another cause of "failed to build any N-way joins" planner errors.
- Fix incorrect constant propagation in outer-join planning.
- Fix display of constant expressions in ORDER BY and GROUP BY.
- Fix libpq to handle NOTICE messages correctly during COPY OUT.
Remove debian/patches/00upstream-clauseless-joins-regression.patch, upstream now.

krb5, 1.6.dfsg.1-7ubuntu0.1

Ubuntu Installer — Tue, 18 Mar 2008 23:56:55 +0000

krb5 (1.6.dfsg.1-7ubuntu0.1)

SECURITY UPDATE: arbitrary code execution via freed pointer and memory overflows.
src/kdc/{kerberos_v4,dispatch,network}.c: upstream fixes patched inline (MITKRB5-SA-2008-001: CVE-2008-0062, CVE-2008-0063).
src/lib/rpc/{svc,svc_tcp}.c: upstream fixed patched inline (MITKRB5-SA-2008-002: CVE-2008-0947)

mysql-dfsg-5.0, 5.0.45-1ubuntu3.3

Ubuntu Installer — Thu, 20 Mar 2008 10:57:39 +0000

mysql-dfsg-5.0 (5.0.45-1ubuntu3.3)

no change build for -security upload

mysql-dfsg-5.0 (5.0.45-1ubuntu3.2)

SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978)
SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements
debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039)
debian/patches/97_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing
References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303

unzip, 5.52-10ubuntu1.1

Ubuntu Installer — Thu, 20 Mar 2008 17:55:19 +0000

unzip (5.52-10ubuntu1.1)

SECURITY UPDATE: arbitrary code execution via heap corruption.
inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
References CVE-2008-0888

smarty,smarty 2.6.18-1ubuntu2.1

Ubuntu Installer — Mon, 24 Mar 2008 12:55:49 +0000

smarty (2.6.18-1ubuntu2.1)

SECURITY UPDATE: (LP: #202422)
libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492

mplayer, 2:1.0~rc1-0ubuntu13.2

Ubuntu Installer — Mon, 24 Mar 2008 15:56:12 +0000

mplayer (2:1.0~rc1-0ubuntu13.2)

SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header parser, and URL parser. (LP: #191488)
stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c, stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c, stream/url.c: Patches from upstream.
References:
- CVE-2008-0225
- CVE-2008-0238
- CVE-2008-0485
- CVE-2008-0486
- CVE-2008-0629
- CVE-2008-0630

bzip2, 1.0.4-0ubuntu2.1

Ubuntu Installer — Mon, 24 Mar 2008 17:56:21 +0000

bzip2 (1.0.4-0ubuntu2.1)

SECURITY UPDATE: denial of service via heap memory corruption.
bzlib.c, bzlib_private.h: upstream patch from 1.0.5 applied inline.
References CVE-2008-1372

icu, 3.6-3ubuntu0.1

Ubuntu Installer — Mon, 24 Mar 2008 17:57:24 +0000

icu (3.6-3ubuntu0.1)

SECURITY UPDATE: possible read from and write to out of bounds memory locations via back reference '\0' in regular expressions
SECURITY UPDATE: denial of service due to memory exhaustion via a crafted regular expression
debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to return error on invalid back reference. fix rematch.cpp, uvectr32.h and uvectr32.cpp to return error when capacity is greater than maxCapacity
References CVE-2007-4770 CVE-2007-4771
Modify Maintainer value to match the DebianMaintainerField specification.

icedtea-java7 7~b21-1.4+20071007-0ubuntu7

Matthias Klose — Wed, 26 Mar 2008 00:05:38 +0000

icedtea-java7 (7~b21-1.4+20071007-0ubuntu7)

Move rt.jar into the icedtea-java7-bin package; sun/awt/X11 class files differ between amd64 and i386. LP: #152362, #177514, #191075.
Install all desktop files in /usr/share/applications.
Install icons in /usr/share/pixmaps, not /usr/share/icons.
debian/rules: Call dh_icons.
icedtea-java7-jre: Provide java-virtual-machine. LP: #189953.

dspam, 3.6.8-5ubuntu1.2

Ubuntu Installer — Wed, 26 Mar 2008 03:56:28 +0000

dspam (3.6.8-5ubuntu1.2)

SECURITY UPDATE: The libdspam7-drv-mysql cron job includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
debian/libdspam7-drv-mysql.cron.daily: applied patch from Debian to use a password file instead.
References
- LP: #195691
- CVE-2007-6418

firefox, 2.0.0.13+1nobinonly-0ubuntu0.7.10

Ubuntu Installer — Wed, 26 Mar 2008 13:03:50 +0000

firefox (2.0.0.13+1nobinonly-0ubuntu0.7.10)

New security/stability upstream release (v2.0.0.13)
- see USN-592-1

libnet-dns-perl, 0.60-1ubuntu0.1

Ubuntu Installer — Wed, 26 Mar 2008 17:56:37 +0000

libnet-dns-perl (0.60-1ubuntu0.1)

SECURITY UPDATE:
debian/patches/42_CVE-2007-6341.dpatch (LP: #201454)
- used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6341
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457445

dovecot, 1:1.0.5-1ubuntu2.2

Ubuntu Installer — Wed, 26 Mar 2008 17:55:26 +0000

dovecot (1:1.0.5-1ubuntu2.2)

SECURITY UPDATE: mailboxes of other users could be read via symlinks.
Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes to avoid future issues in underlying passdb (CVE-2008-1218).
References http://dovecot.org/list/dovecot-news/2008-March/000060.html http://dovecot.org/list/dovecot-news/2008-March/000064.html

sdl-image1.2, 1.2.5-3ubuntu0.1

Ubuntu Installer — Wed, 26 Mar 2008 18:55:51 +0000

sdl-image1.2 (1.2.5-3ubuntu0.1)

SECURITY UPDATE: Buffer overflow in GIF handling; possible denial of service and arbitrary code execution.
SECURITY UPDATE: Buffer overflow in IFF ILBM handling; possible denial of service and arbitrary code execution.
Added patches to prevent buffer overflow in IMG_gif.c and IMG_lbm.c. Patches prepared from sdl-image1.2_1.2.5-2etch1 update in debian. Applied inline. (LP: #185782)
References: http://www.debian.org/security/2008/dsa-1493 CVE-2007-6697 and CVE-2008-0544

ruby1.8, 1.8.6.36-1ubuntu3.1

Ubuntu Installer — Wed, 26 Mar 2008 18:57:15 +0000

ruby1.8 (1.8.6.36-1ubuntu3.1)

SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed.
debian/patches/100_CVE-2007-5162.dpatch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
debian/patches/101_CVE-2007-5770.dpatch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
References: CVE-2007-5162 CVE-2007-5770 (LP: #149616)

horde3, 3.1.4-1ubuntu0.1

Ubuntu Installer — Thu, 27 Mar 2008 16:55:47 +0000

horde3 (3.1.4-1ubuntu0.1)

SECURITY UPDATE: (LP: #203456)
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
- and Groupware Webmail Edition before 1.0.6, when running with certain
- configurations, allows remote authenticated users to read and execute arbitrary
- files via ".." sequences and a null byte in the theme name.
- Fix directory traversal vulnerability in Registry.php which allows
- an attacker to read and execute arbitrary local files via crafted
- path sequences.
References
http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
http://www.debian.org/security/2008/dsa-1519

dspam, 3.6.8-5ubuntu1.3

Ubuntu Installer — Fri, 28 Mar 2008 00:56:03 +0000

dspam (3.6.8-5ubuntu1.3)

debian/libdspam7-drv-mysql.cron.daily: Fix bashism introduced in previous security update (s/echo -e/printf/) (LP: #207579)

gosa 2.5.11a-1ubuntu1

Emanuele Gentili — Tue, 01 Apr 2008 10:06:49 +0000

gosa (2.5.11a-1ubuntu1)

debian/control
Switch Maintainer to Ubuntu Motu Developers
debian/rules (LP: #157406)
Fixed fatal error on Call function get_template_patch() in
- /usr/share/gosa/include

openssh, 1:4.6p1-5ubuntu0.2

Ubuntu Installer — Tue, 01 Apr 2008 22:56:06 +0000

openssh (1:4.6p1-5ubuntu0.2)

SECURITY UPDATE: X11 forward hijacking via alternate address families.
channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel (LP: #210175).
References CVE-2008-1483

cupsys, 1.3.2-1ubuntu7.6

Ubuntu Installer — Wed, 02 Apr 2008 21:56:31 +0000

cupsys (1.3.2-1ubuntu7.6)

debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch.
debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters
debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size
References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656

ca-certificates 20070303-0ubuntu0.7.10

James Westby — Fri, 04 Apr 2008 12:15:28 +0000

ca-certificates (20070303-0ubuntu0.7.10)

Fix up generation of the /etc/ssl/certs/ca-certificates.crt file for those users who installed the package in a pt_BR locale (LP: #153625). A mistake in the translation template meant that the choices were not available in this locale, and so the file was always empty.
- If you were affected and have not tried to reconfigure this package, then the problem should be corrected for you automatically.
- If you were affected and have tried to reconfigure the package you may be shown a debconf question to allow you to select the certificates that you want.
- The only users who were not affected by this bug but may be affected by this fix are those who installed in a different locale, and then reconfigured the package so that no certificates are trusted, and who now run in a pt_BR locale. They will have to deselect all of the certificates again.

zim 0.19-1ubuntu1

Jerome Guelfucci — Fri, 04 Apr 2008 12:24:20 +0000

zim (0.19-1ubuntu1)

Applied upstream patch to fix the three following bugs (LP #156432):
- infinite loop after "Link" on some platforms
- possible corruption of links when updating links after move
- bug with TrayIcon menu
debian/control: updated maintainer field as per spec.

cacti, 0.8.6j-1.1ubuntu0.3

Ubuntu Installer — Fri, 04 Apr 2008 18:55:19 +0000

cacti (0.8.6j-1.1ubuntu0.3)

Cacti frontend fails with 'Invalid PHP_SELF Path' (LP: #194687)
debian/patches/11_php_self_nonstandard_dir.dpatch

opera 9.27-20080331.6gutsy1

Brian Thomason — Fri, 04 Apr 2008 22:00:15 +0000

opera (9.27-20080331.6gutsy1)

New upstream release
See http://www.opera.com/docs/changelogs/ for details

ghostscript, 8.61.dfsg.1~svn8187-0ubuntu3.4

Ubuntu Installer — Wed, 09 Apr 2008 18:55:30 +0000

ghostscript (8.61.dfsg.1~svn8187-0ubuntu3.4)

SECURITY UPDATE: buffer overflow in color space handling code
debian/patches/43_CVE-2008-0411.dpatch: fix zseticcspace() to perform range checks
References CVE-2008-0411

flashplugin-nonfree 9.0.124.0ubuntu1~gutsy1

Andy Matteson — Wed, 09 Apr 2008 20:26:39 +0000

flashplugin-nonfree (9.0.124.0ubuntu1~gutsy1)

Update md5sum and package version for Flash 9.0.124.0.

rsync, 2.6.9-5ubuntu1.1

Ubuntu Installer — Fri, 11 Apr 2008 05:55:25 +0000

rsync (2.6.9-5ubuntu1.1)

SECURITY UPDATE: code execution via ACL overflow.
debian/patches/xattr-security.diff: upstream fixes for ACL/xattr, thanks to Debian.
References CVE-2008-1720

squid, 2.6.14-1ubuntu2.2

Ubuntu Installer — Mon, 14 Apr 2008 14:56:03 +0000

squid (2.6.14-1ubuntu2.2)

SECURITY UPDATE: off by one assertion could cause a denial of service
debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in lib/Array.c to properly check a->capacity

update-manager 1:0.81.3

Michael Vogt — Tue, 15 Apr 2008 09:08:12 +0000

update-manager (1:0.81.3)

DistUpgrade/DistUpgradeController.py:
- honor APT::Get::AllowUnauthenticated setting and do not abort the upgrade if it is set (LP: #195419)

lighttpd, 1.4.18-1ubuntu1.4

Ubuntu Installer — Thu, 17 Apr 2008 13:55:46 +0000

lighttpd (1.4.18-1ubuntu1.4)

SECURITY UPDATE: (LP: #209627)
debian/patches/91_CVE-2008-1531.dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
References
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
http://trac.lighttpd.net/trac/changeset/2136
http://trac.lighttpd.net/trac/changeset/2139

poppler, 0.6-0ubuntu2.2

Ubuntu Installer — Thu, 17 Apr 2008 15:56:24 +0000

poppler (0.6-0ubuntu2.2)

SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger type-checking added.
References CVE-2008-1693

koffice, 1:1.6.3-0ubuntu5.2

Ubuntu Installer — Thu, 17 Apr 2008 16:04:24 +0000

koffice (1:1.6.3-0ubuntu5.2)

SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
debian/patches/40_pdf2-embedded-font-fixes.diff: stronger type-checking added.
References CVE-2008-1693

gnumeric, 1.7.11-1ubuntu3.1

Ubuntu Installer — Tue, 22 Apr 2008 00:56:05 +0000

gnumeric (1.7.11-1ubuntu3.1)

SECURITY UPDATE: arbitrary code execution via integer overflow in Excel spreadsheet HLINK processing.
plugins/excel/ms-excel-read.c: backported upstream fixes thanks to Debian, with an additional bugfix.
References CVE-2008-0668

firefox, 2.0.0.14+2nobinonly-0ubuntu0.7.10

Ubuntu Installer — Tue, 22 Apr 2008 01:06:53 +0000

firefox (2.0.0.14+2nobinonly-0ubuntu0.7.10)

New security/stability upstream release (v2.0.0.14)
- see USN-602-1

ca-certificates 20070303-0ubuntu0.7.10.1

James Westby — Thu, 24 Apr 2008 10:00:29 +0000

ca-certificates (20070303-0ubuntu0.7.10.1)

Fix up generation of the /etc/ssl/certs/ca-certificates.crt file for those users who installed the package in a pt_BR locale (LP: #153625). A mistake in the translation template meant that the choices were not available in this locale, and so the file was always empty.
- If you were affected and have not tried to reconfigure this package, then the problem should be corrected for you automatically.
- If you were affected and have tried to reconfigure the package you may be shown a debconf question to allow you to select the certificates that you want.
- The only users who were not affected by this bug but may be affected by this fix are those who installed in a different locale, and then reconfigured the package so that no certificates are trusted, and who now run in a pt_BR locale. They will have to deselect all of the certificates again.
In addition to the previous version this version prevents the question being asked multiple times for those who appear to have been hit by this issue.

cupsys, 1.3.2-1ubuntu7.7

Ubuntu Installer — Mon, 05 May 2008 11:56:29 +0000

cupsys (1.3.2-1ubuntu7.7)

SECURITY UPDATE: Denial of service and possibly arbitrary code execution
debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in filter/image-png.c. Taken from Debian SVN Head.
References CVE-2008-1722 LP: #219491 http://www.cups.org/str.php?L2790

thunderbird, 2.0.0.14+nobinonly-0ubuntu0.7.10.0

Ubuntu Installer — Mon, 05 May 2008 17:55:41 +0000

thunderbird (2.0.0.14+nobinonly-0ubuntu0.7.10.0)

2.0.0.14 security/stability update (USN-605-1)

xemacs21, 21.4.20-1.1ubuntu0.1

Ubuntu Installer — Mon, 05 May 2008 17:56:59 +0000

xemacs21 (21.4.20-1.1ubuntu0.1)

SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/21_vcdiff-tmp-race.dpatch: update lib-src/vcdiff to use mktemp
References CVE-2008-1694

emacs21, 21.4a+1-5ubuntu4.1

Ubuntu Installer — Mon, 05 May 2008 17:58:17 +0000

emacs21 (21.4a+1-5ubuntu4.1)

SECURITY UPDATE: buffer overflow in format function
debian/patches/fix-format-overflow.diff: fix src/editfns.c to account for precision in integer formatting (LP: #174177)
SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp
References CVE-2007-6109 CVE-2008-1694

emacs22, 22.1-0ubuntu5.2

Ubuntu Installer — Mon, 05 May 2008 17:59:31 +0000

emacs22 (22.1-0ubuntu5.2)

SECURITY UPDATE: buffer overflow in format function
debian/patches/fix-format-overflow.diff: fix src/editfns.c to account for precision in integer formatting (LP: #174177)
SECURITY UPDATE: temporary file race condition in vcdiff
debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use mktemp
References CVE-2007-6109 CVE-2008-1694

clamav, 0.91.2-3ubuntu2.4

Ubuntu Installer — Mon, 05 May 2008 18:55:52 +0000

clamav (0.91.2-3ubuntu2.4)

SECURITY UPDATE: Possible heap corruprion
Added 31_mew.c-CVE-2008-0728.dpatch
References: CVE-2008-0728 ( LP: #213500 )

kdelibs, 4:3.5.8-0ubuntu3.4

Ubuntu Installer — Mon, 05 May 2008 18:58:34 +0000

kdelibs (4:3.5.8-0ubuntu3.4)

SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit processing of user-influenceable input is faulty. A local user might be able to send unix signals to other processes, cause a denial of service or even possibly execute arbitrary code.
Add kubuntu_9903_kinit_integer_overflow.diff, edits kinit/start_kdeinit.c, patch from upstream KDE
References http://www.kde.org/info/security/advisory-20080426-2.txt CVE-2008-1671

realplay 10.0.9-1gutsy1

Brian Thomason — Tue, 06 May 2008 16:48:17 +0000

realplay (10.0.9-1gutsy1)

Initial upload to gutsy
Referenced licenses properly in copyright file
Removed ad-hoc patch mechanism and replaced with dpatch

kde4libs, 3.94.0-0ubuntu1.1

Ubuntu Installer — Tue, 06 May 2008 19:57:59 +0000

kde4libs (3.94.0-0ubuntu1.1)

SECURITY UPDATE: KHTML's PNG loader can be tricked into overrunning a heap allocated memory buffer by loading a specially encoded image. A remote site could cause a denial of service and possibly execute arbitrary code in the context of the user.
Add patch kubuntu_07_khtml_png_loader_memory_overrun.diff from KDE upstream, adds extra checks to khtml/imload/decoders/pngloader.cpp
References http://www.kde.org/info/security/advisory-20080426-1.txt CVE-2008-1670

hsqldb, 1.8.0.8-1ubuntu1.1

Ubuntu Installer — Tue, 06 May 2008 21:55:18 +0000

hsqldb (1.8.0.8-1ubuntu1.1)

SECURITY UPDATE: arbitrary Java methods via SQL.
Add debian/patches/90_method-whitelist.patch: upstream changes backported, thanks to Debian.
References CVE-2007-4575

openoffice.org, 1:2.3.0-1ubuntu5.4

Ubuntu Installer — Tue, 06 May 2008 22:04:22 +0000

openoffice.org (1:2.3.0-1ubuntu5.4)

Chris Cheney
ooo-build/patches/src680/workspace.fwk82.diff, ooo-build/patches/src680/workspace.sjfixes03.diff: fix CVE-2007-5745, CVE-2007-5746,CVE-2007-5747 and CVE-2008-0320
ooo-build/patches/src680/cws-jl85.diff: fix XML signing problem where the document can be manipulated so that the signature dialog display a false issuer
Kees Cook
ooo-build/patches/src680/workspace.hsql1808.diff: upstream fixes for HSQLDB Java method calling (CVE-2007-4575), thanks to Caolan McNamara.

ltsp, 5.0.39.1

Ubuntu Installer — Tue, 06 May 2008 22:55:56 +0000

ltsp (5.0.39.1)

fix CVE-2008-1293 (LP: #227295) that made unauthenticated access to the local X server on the client possible.

speex, 1.1.12-3ubuntu0.7.10.1

Ubuntu Installer — Thu, 08 May 2008 17:55:32 +0000

speex (1.1.12-3ubuntu0.7.10.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
fix for libspeex/speex_header.c to properly validate its input
References CVE-2008-1686

vorbis-tools, 1.1.1-13ubuntu0.1

Ubuntu Installer — Thu, 08 May 2008 19:55:09 +0000

vorbis-tools (1.1.1-13ubuntu0.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input
References CVE-2008-1686

gst-plugins-good0.10, 0.10.6-0ubuntu4.1

Ubuntu Installer — Thu, 08 May 2008 20:55:43 +0000

gst-plugins-good0.10 (0.10.6-0ubuntu4.1)

SECURITY UPDATE: array index vulnerability (LP: #218652)
debian/patches/04_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input
References CVE-2008-1686