Branches for Quantal

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:16:44 UTC

maint/bzr_push.sh Auto copy, commit and push for: control.snapshot (snapshot)

Author: Stéphane Graber
Revision Date: 2012-06-06 20:08:48 UTC

releasing version 12.05-0ubuntu1

Author: Brad Figg
Revision Date: 2014-05-15 22:31:46 UTC

Version 3.5.0-51.76

Author: Brad Figg
Revision Date: 2014-05-15 22:31:46 UTC

Version 3.5.0-51.76

Author: Brad Figg
Revision Date: 2014-05-15 22:31:46 UTC

Version 3.5.0-51.76

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:14 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:14 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Seth Arnold
Revision Date: 2014-05-14 11:05:38 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.

Author: Seth Arnold
Revision Date: 2014-05-14 11:05:38 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.

Author: Adam Conrad
Revision Date: 2014-05-13 11:21:44 UTC

New upstream release, critical urgency due to Egypt zone
changes happening on May 15th, in two days (LP: #1319122)

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

Author: Marc Deslauriers
Revision Date: 2014-05-13 12:04:55 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

Author: Marc Deslauriers
Revision Date: 2014-05-13 12:04:55 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

Author: Adam Conrad
Revision Date: 2014-05-13 11:21:44 UTC

New upstream release, critical urgency due to Egypt zone
changes happening on May 15th, in two days (LP: #1319122)

Author: Marc Deslauriers
Revision Date: 2014-03-21 12:45:59 UTC

* SECURITY UPDATE: incorrect tmpfs mount options (LP: #1152744)
  - init: Sync the mount options for /run from /lib/init/fstab.

Author: Chris J Arges
Revision Date: 2013-09-05 16:17:52 UTC

src/wait-for-root.c: udev_monitor_receive_device() might still
return NULL even with a blocking socket if recvmsg() fails with
ENOBUFS. Retry every second in that case. Thanks to Tetsuo Handa for
debugging this and the patch! (LP: #1215911)

Author: Marc Deslauriers
Revision Date: 2014-03-21 12:45:59 UTC

* SECURITY UPDATE: incorrect tmpfs mount options (LP: #1152744)
  - init: Sync the mount options for /run from /lib/init/fstab.

Author: Russ Allbery
Revision Date: 2012-02-04 13:27:02 UTC

* Enable bindnow hardening flags and fix the syntax of the
  DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
  longer experimental.
* Move single-debian-patch to local-options and patch-header to
  local-patch-header so that they only apply to the packages I build and
  NMUs get regular version-numbered patches.

Author: Kaj Ailomaa
Revision Date: 2014-05-10 22:31:42 UTC

Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-05-10 22:31:42 UTC

Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-05-10 22:31:42 UTC

Bump ABI

Author: Marc Deslauriers
Revision Date: 2014-05-08 14:29:41 UTC

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

Author: Marc Deslauriers
Revision Date: 2014-05-08 14:29:41 UTC

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:47:30 UTC

[ Kamal Mostafa ]

Bump ABI for Quantal 3.5.0-51

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:47:30 UTC

[ Kamal Mostafa ]

Bump ABI for Quantal 3.5.0-51

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:47:30 UTC

[ Kamal Mostafa ]

Bump ABI for Quantal 3.5.0-51

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:37:59 UTC

[ Kamal Mostafa ]

Bump ABI

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:37:59 UTC

[ Kamal Mostafa ]

Bump ABI

Author: Kamal Mostafa
Revision Date: 2014-05-07 15:37:59 UTC

[ Kamal Mostafa ]

Bump ABI

Author: Marc Deslauriers
Revision Date: 2014-03-19 14:41:59 UTC

* SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
  - debian/patches/CVE-2013-6491.patch: set the right parameter in
    quantum/openstack/common/rpc/impl_qpid.py.
  - CVE-2013-6491

Author: Steve Langasek
Revision Date: 2013-09-24 14:21:08 UTC

Backport gnu-efi from saucy to quantal to support new versions of
shim. LP: #1229572.

Author: Steve Langasek
Revision Date: 2013-09-24 14:21:08 UTC

Backport gnu-efi from saucy to quantal to support new versions of
shim. LP: #1229572.

Author: Marc Deslauriers
Revision Date: 2014-05-05 15:36:13 UTC

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

Author: Marc Deslauriers
Revision Date: 2014-05-05 15:36:13 UTC

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

Author: Marc Deslauriers
Revision Date: 2014-04-15 14:35:59 UTC

* SECURITY UPDATE: denial of service or possible code execution in
  libjbig
  - debian/patches/CVE-2013-6369.patch: check sizes in libjbig/jbig.c.
  - CVE-2013-6369

Author: Marc Deslauriers
Revision Date: 2014-04-15 14:35:59 UTC

* SECURITY UPDATE: denial of service or possible code execution in
  libjbig
  - debian/patches/CVE-2013-6369.patch: check sizes in libjbig/jbig.c.
  - CVE-2013-6369

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

Author: Brian Murray
Revision Date: 2014-04-23 13:34:49 UTC

Add Ubuntu 14.10, Utopic Unicorn.

Author: Brian Murray
Revision Date: 2014-04-23 13:34:49 UTC

Add Ubuntu 14.10, Utopic Unicorn.

Author: Brian Murray
Revision Date: 2014-04-23 13:34:49 UTC

Add Ubuntu 14.10, Utopic Unicorn.

Author: Marc Deslauriers
Revision Date: 2014-04-20 09:15:17 UTC

* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  - CVE-2014-0001
  - CVE-2014-0384
  - CVE-2014-2419
  - CVE-2014-2430
  - CVE-2014-2431
  - CVE-2014-2432
  - CVE-2014-2436
  - CVE-2014-2438
  - CVE-2014-2440
* Drop creation of insecure database permissions:
  - d/p/33_scripts__mysql_create_system_tables__no_test.patch,
    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
    package, inadvertently dropped in 5.5 transition. This
    removes the global anonymous access to the database which
    is a security concern.

Author: Marc Deslauriers
Revision Date: 2014-04-20 09:15:17 UTC

* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  - CVE-2014-0001
  - CVE-2014-0384
  - CVE-2014-2419
  - CVE-2014-2430
  - CVE-2014-2431
  - CVE-2014-2432
  - CVE-2014-2436
  - CVE-2014-2438
  - CVE-2014-2440
* Drop creation of insecure database permissions:
  - d/p/33_scripts__mysql_create_system_tables__no_test.patch,
    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
    package, inadvertently dropped in 5.5 transition. This
    removes the global anonymous access to the database which
    is a security concern.

Author: Marc Deslauriers
Revision Date: 2014-03-31 10:23:57 UTC

* SECURITY UPDATE: insecure use of temporary files
  - PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
    PIL/JpegImagePlugin.py: use tempfile.mkstemp().
  - https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66
  - CVE-2014-1932
  - CVE-2014-1933

Author: Marc Deslauriers
Revision Date: 2014-03-31 10:23:57 UTC

* SECURITY UPDATE: insecure use of temporary files
  - PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
    PIL/JpegImagePlugin.py: use tempfile.mkstemp().
  - https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66
  - CVE-2014-1932
  - CVE-2014-1933

Author: Marc Deslauriers
Revision Date: 2014-03-11 09:57:44 UTC

* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285
* SECURITY UPDATE: denial of service via multiple-object requests
  - debian/patches/CVE-2014-2310.patch: fix lengths in
    agent/mibgroup/agentx/protocol.c.
  - CVE-2014-2310

Author: Marc Deslauriers
Revision Date: 2014-03-11 09:57:44 UTC

* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285
* SECURITY UPDATE: denial of service via multiple-object requests
  - debian/patches/CVE-2014-2310.patch: fix lengths in
    agent/mibgroup/agentx/protocol.c.
  - CVE-2014-2310

Author: Iain Lane
Revision Date: 2012-10-02 14:10:04 UTC

Manually reverse patch. bzr and quilt /o\

Author: Felix Geyer
Revision Date: 2014-04-04 23:23:30 UTC

No-change backport to quantal (LP: #1301531)

Author: Felix Geyer
Revision Date: 2014-04-04 23:27:07 UTC

No-change backport to quantal (LP: #1301530)

Author: Marc Deslauriers
Revision Date: 2014-04-02 14:40:46 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  large yaml documents
  - debian/patches/CVE-2013-6393.patch: fix integer overflows in
    LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
    LibYAML/yaml_private.h.
  - CVE-2013-6393
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    LibYAML/scanner.c, LibYAML/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 14:40:46 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  large yaml documents
  - debian/patches/CVE-2013-6393.patch: fix integer overflows in
    LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
    LibYAML/yaml_private.h.
  - CVE-2013-6393
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    LibYAML/scanner.c, LibYAML/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 10:21:09 UTC

* SECURITY UPDATE: incorrect IDNA wildcard handling
  - debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
    nss/lib/certdb/certdb.c.
  - CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
  - removed debian/patches/95_add_spi+cacert_ca_certs.patch
  - added debian/patches/95_add_spi_certs.patch

Author: Marc Deslauriers
Revision Date: 2014-04-02 11:43:57 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    src/scanner.c, src/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 11:43:57 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    src/scanner.c, src/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:59:44 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:59:44 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

Author: Ben Howard
Revision Date: 2014-03-12 15:54:56 UTC

hyperv-hwaddrs.patch: update ethernet exclusions for Hyper-V
(LP: #1274348).

Author: Marc Deslauriers
Revision Date: 2014-03-28 08:30:48 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-03-28 08:30:48 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-03-27 08:54:58 UTC

Rebuild as a security update (LP: #1296856)

Author: Marc Deslauriers
Revision Date: 2014-03-27 08:54:58 UTC

Rebuild as a security update (LP: #1296856)

Author: Scott Kitterman
Revision Date: 2014-03-26 00:27:23 UTC

No-change backport to quantal (LP: #1297616)

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:23:27 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - No longer ship obsolete debconf.org certificates
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:23:27 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - No longer ship obsolete debconf.org certificates
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

Author: Ben Howard
Revision Date: 2014-03-12 15:54:56 UTC

hyperv-hwaddrs.patch: update ethernet exclusions for Hyper-V
(LP: #1274348).

Author: Scott Kitterman
Revision Date: 2014-03-19 11:02:58 UTC

No-change backport to quantal (LP: #1292943)

Author: Marc Deslauriers
Revision Date: 2014-03-19 14:41:59 UTC

* SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
  - debian/patches/CVE-2013-6491.patch: set the right parameter in
    quantum/openstack/common/rpc/impl_qpid.py.
  - CVE-2013-6491

Author: Marc Deslauriers
Revision Date: 2014-03-14 08:56:35 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  (XXE) issue.
  - debian/patches/CVE-2013-1881.patch: implement stricter policy in
    rsvg-base.c, rsvg-css.c, rsvg-io.c, rsvg-private.h.
  - debian/control*: added appropriate Breaks as this updates requires
    a fix to also be added to gtk+3.0.
  - CVE-2013-1881

Author: Marc Deslauriers
Revision Date: 2014-03-14 08:56:35 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  (XXE) issue.
  - debian/patches/CVE-2013-1881.patch: implement stricter policy in
    rsvg-base.c, rsvg-css.c, rsvg-io.c, rsvg-private.h.
  - debian/control*: added appropriate Breaks as this updates requires
    a fix to also be added to gtk+3.0.
  - CVE-2013-1881

Author: Marc Deslauriers
Revision Date: 2014-03-14 14:27:42 UTC

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

Author: Marc Deslauriers
Revision Date: 2014-03-14 14:27:42 UTC

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

Author: Steve Beattie
Revision Date: 2014-03-12 21:33:35 UTC

* SECURITY UPDATE: buffer overflow in header processing after
  address expansion.
  - debian/patches/ubuntu/mutt-CVE-2014-0467.patch
  - CVE-2014-0467

Author: Steve Beattie
Revision Date: 2014-03-12 21:33:35 UTC

* SECURITY UPDATE: buffer overflow in header processing after
  address expansion.
  - debian/patches/ubuntu/mutt-CVE-2014-0467.patch
  - CVE-2014-0467

Author: Marc Deslauriers
Revision Date: 2014-03-11 07:58:51 UTC

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

Author: Marc Deslauriers
Revision Date: 2014-03-11 11:01:42 UTC

* SECURITY UPDATE: arbitrary code execution via overflows in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: use gmallocn and gmallocn3 in
    filter/pdftoopvp/{oprs/OPVPSplash.cxx,OPVPOutputDev.cxx}.
  - CVE-2013-6474
  - CVE-2013-6475
* SECURITY UPDATE: arbitrary code execution via driver in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: restrict driver path in
    filter/pdftoopvp/oprs/OPVPWrapper.cxx.
  - CVE-2013-6476

Author: Marc Deslauriers
Revision Date: 2014-03-11 11:01:42 UTC

* SECURITY UPDATE: arbitrary code execution via overflows in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: use gmallocn and gmallocn3 in
    filter/pdftoopvp/{oprs/OPVPSplash.cxx,OPVPOutputDev.cxx}.
  - CVE-2013-6474
  - CVE-2013-6475
* SECURITY UPDATE: arbitrary code execution via driver in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: restrict driver path in
    filter/pdftoopvp/oprs/OPVPWrapper.cxx.
  - CVE-2013-6476

Author: Marc Deslauriers
Revision Date: 2014-03-11 07:58:51 UTC

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:26:56 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/mount-monitor.c.
  - CVE-2014-0004

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:26:56 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/mount-monitor.c.
  - CVE-2014-0004

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:24:22 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/udisksmountmonitor.c.
  - CVE-2014-0004

Author: Marc Deslauriers
Revision Date: 2014-03-10 09:57:31 UTC

* SECURITY UPDATE: PRNG state reuse on forking servers
  - debian/patches/CVE-2014-0017.patch: force reseed after fork in
    include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
    src/libgcrypt.c.
  - CVE-2014-0017

Author: Marc Deslauriers
Revision Date: 2014-03-10 09:57:31 UTC

* SECURITY UPDATE: PRNG state reuse on forking servers
  - debian/patches/CVE-2014-0017.patch: force reseed after fork in
    include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
    src/libgcrypt.c.
  - CVE-2014-0017

Author: Marc Deslauriers
Revision Date: 2014-03-06 11:20:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via psd
  images processing rle decoding buffer overflow
  - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
  - CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
  crafted restart markers
  - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
    coders/psd.c.
  - CVE-2014-2030

Author: Marc Deslauriers
Revision Date: 2014-03-06 11:20:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via psd
  images processing rle decoding buffer overflow
  - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
  - CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
  crafted restart markers
  - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
    coders/psd.c.
  - CVE-2014-2030

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:23:27 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - No longer ship obsolete debconf.org certificates
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:45:20 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
* d/p/0018-update-test-certificates.patch: remove binary parts to
  support newer quilt.

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:45:20 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
* d/p/0018-update-test-certificates.patch: remove binary parts to
  support newer quilt.

Author: Marc Deslauriers
Revision Date: 2014-03-03 14:15:34 UTC

* SECURITY UPDATE: certificate validation bypass
  - debian/patches/CVE-2014-0092.patch: correct return codes in
    lib/x509/verify.c.
  - CVE-2014-0092

Author: Marc Deslauriers
Revision Date: 2014-03-03 14:15:34 UTC

* SECURITY UPDATE: certificate validation bypass
  - debian/patches/CVE-2014-0092.patch: correct return codes in
    lib/x509/verify.c.
  - CVE-2014-0092

Author: Iain Lane
Revision Date: 2014-03-02 18:55:48 UTC

No-change backport to quantal (LP: #1285394)

Author: Logan Rosen
Revision Date: 2014-02-22 23:16:02 UTC

Depend on python-glade2 to fix crash upon opening (LP: #917204).

Author: Chris J Arges
Revision Date: 2014-02-24 11:42:46 UTC

Fix performance issues with large numbers of interfaces. (LP: #1281366)

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:34:05 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:34:05 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:25:53 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:25:53 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Marc Deslauriers
Revision Date: 2014-02-27 09:14:11 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912