Branches for Saucy

Author: Richard Hansen
Revision Date: 2013-08-14 22:43:14 UTC

Merge tag '2:1.14.2.901-2ubuntu1'

Author: Anton Keks
Revision Date: 2016-12-25 13:32:12 UTC

add readme for myself on how to pusblish to ppa

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:16:44 UTC

maint/bzr_push.sh Auto copy, commit and push for: control.snapshot (snapshot)

Author: PS Jenkins bot
Revision Date: 2013-10-03 09:40:57 UTC

[ Thomi Richards ]
* Fix attribute error in click package support.
* Remove a spurious log message. (LP: #1227852)
* Fix several functional tests.
* Fix a missing test dependency, and add more logging when a process
  exits before we find the introspection interface. (LP: #1229034)
* Add a warning when an autopilot query returns many items, and should
  probably be optimised. (LP: #1227830)

[ Jamie Strandboge ]
* Adds the apparmor rule needed for click package testing.

[ Christopher Lee ]
* Backout additions for logging when a process dies.
* Changes how the proxy objects are created so the inheritance is
  correct. (LP: #1230046)
* Fixes issue where a classes _Backend can be None causes uncaught
  exceptions. (LP: #1233972)

[ Ubuntu daily release ]
* Automatic snapshot from revision 343

Author: Brian Smith
Revision Date: 2014-10-18 21:22:50 UTC

Brief one sentence summary of change goes here

Author: Michael Vogt
Revision Date: 2014-07-29 21:37:01 UTC

* apt-pkg/packagemanager.cc:
  - fix incorrect configure ordering in the SmartConfigure step
    by skiping packages that do not need immediate action
    (LP: #1347721)

Author: Michael Vogt
Revision Date: 2014-07-29 21:37:01 UTC

* apt-pkg/packagemanager.cc:
  - fix incorrect configure ordering in the SmartConfigure step
    by skiping packages that do not need immediate action
    (LP: #1347721)

Author: Andy Whitcroft
Revision Date: 2014-07-16 18:45:42 UTC

Bump ABI

Author: Andy Whitcroft
Revision Date: 2014-07-16 18:45:42 UTC

Bump ABI

Author: Andy Whitcroft
Revision Date: 2014-07-16 18:45:42 UTC

Bump ABI

Author: Marc Deslauriers
Revision Date: 2014-06-26 16:26:14 UTC

* SECURITY UPDATE: denial of service via buffer overflow
  - miniwget.c: properly check length
  - https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
  - CVE-2014-3985

Author: Marc Deslauriers
Revision Date: 2014-06-26 16:26:14 UTC

* SECURITY UPDATE: denial of service via buffer overflow
  - miniwget.c: properly check length
  - https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
  - CVE-2014-3985

Author: Marc Deslauriers
Revision Date: 2014-07-15 07:31:39 UTC

Update to 0.8.13 to fix multiple security issues (LP: #1341216)

Author: Marc Deslauriers
Revision Date: 2014-07-15 09:44:07 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Marc Deslauriers
Revision Date: 2014-07-15 09:44:07 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Marc Deslauriers
Revision Date: 2014-07-15 07:31:39 UTC

Update to 0.8.13 to fix multiple security issues (LP: #1341216)

Author: Scott Kitterman
Revision Date: 2014-07-15 01:08:10 UTC

No-change backport to saucy (LP: #1341962)

Author: Luis Henriques
Revision Date: 2014-07-14 13:56:52 UTC

Version 3.11.0-26.45

Author: Luis Henriques
Revision Date: 2014-07-14 13:56:52 UTC

Version 3.11.0-26.45

Author: Luis Henriques
Revision Date: 2014-07-14 13:56:52 UTC

Version 3.11.0-26.45

Author: Kaj Ailomaa
Revision Date: 2014-07-08 09:18:54 UTC

Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-07-08 09:18:54 UTC

Bump ABI

Author: Kaj Ailomaa
Revision Date: 2014-07-08 09:18:54 UTC

Bump ABI

Author: Luis Henriques
Revision Date: 2014-07-07 13:28:21 UTC

linux ABI 3.11.0-26

Author: Luis Henriques
Revision Date: 2014-07-07 13:28:21 UTC

linux ABI 3.11.0-26

Author: Luis Henriques
Revision Date: 2014-07-07 13:28:21 UTC

linux ABI 3.11.0-26

Author: Stuart Bishop
Revision Date: 2014-07-03 15:55:01 UTC

Fix build

Author: Louis Bouchard
Revision Date: 2014-06-18 12:22:48 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.
* Bring up to date with latest security patches from Ubuntu 10.04:
  (LP: #1331452)
* SECURITY UPDATE: MITM via change cipher spec
  - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
    when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
    ssl/ssl3.h.
  - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
    secrets in ssl/s3_pkt.c.
  - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
    ssl/s3_clnt.c.
  - CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
  - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
    recursion in ssl/d1_both.c.
  - CVE-2014-0221
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
  - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
    fragments in ssl/d1_both.c.
  - CVE-2014-0195
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169
* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  - errors in PKCS7_decrypt and initialize tkeylen properly when
    encrypting CMS messages.

Author: Louis Bouchard
Revision Date: 2014-06-18 12:22:48 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.
* Bring up to date with latest security patches from Ubuntu 10.04:
  (LP: #1331452)
* SECURITY UPDATE: MITM via change cipher spec
  - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
    when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
    ssl/ssl3.h.
  - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
    secrets in ssl/s3_pkt.c.
  - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
    ssl/s3_clnt.c.
  - CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
  - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
    recursion in ssl/d1_both.c.
  - CVE-2014-0221
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
  - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
    fragments in ssl/d1_both.c.
  - CVE-2014-0195
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169
* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  - errors in PKCS7_decrypt and initialize tkeylen properly when
    encrypting CMS messages.

Author: Marc Deslauriers
Revision Date: 2014-06-27 11:06:38 UTC

* SECURITY UPDATE: denial of service or arbitrary code execution via
  sprintf
  - debian/patches/CVE-2014-1545.patch: use snprintf and check values
    without using PR_ASSERT in mozilla/nsprpub/pr/src/io/prprf.c, added
    tests to mozilla/nsprpub/pr/tests/{Makefile.in,prfdbl.c}.
  - CVE-2014-1545

Author: Marc Deslauriers
Revision Date: 2014-06-27 11:06:38 UTC

* SECURITY UPDATE: denial of service or arbitrary code execution via
  sprintf
  - debian/patches/CVE-2014-1545.patch: use snprintf and check values
    without using PR_ASSERT in mozilla/nsprpub/pr/src/io/prprf.c, added
    tests to mozilla/nsprpub/pr/tests/{Makefile.in,prfdbl.c}.
  - CVE-2014-1545

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:20:05 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:20:05 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Marc Deslauriers
Revision Date: 2014-06-26 08:28:58 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Marc Deslauriers
Revision Date: 2014-06-26 08:28:58 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Jamie Strandboge
Revision Date: 2014-06-18 16:15:47 UTC

* SECURITY UPDATE: specify /etc/neutron/rootwrap.conf for use with
  neutron-rootwrap
  - CVE-2013-6433 (LP: #1185019)
* SECURITY UPDATE: Validate CIDR given as ip-prefix in
  security-group-rule-create
  - CVE-2014-0187
  - LP: #1300785
* debian/patches/CVE-2014-0187b.patch: update for python-netaddr <= 0.7.10
* SECURITY UPDATE: Install SNAT rules for ipv4 only
  - CVE-2014-4167
  - LP: #1309195

Author: Kees Cook
Revision Date: 2014-06-11 16:15:34 UTC

* New upstream micro release.
  - Fixes user-agent and certificate chain (LP: #1325723).

Author: Marc Deslauriers
Revision Date: 2014-06-20 13:56:05 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Author: Marc Deslauriers
Revision Date: 2014-06-20 13:56:05 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Author: Jorge Niedbalski
Revision Date: 2014-06-04 14:58:23 UTC

Backport upstream patch to fix regression introduced by the addslot
function, which caused biosdevname to return identical names for two
different devices (LP: #1324558).

Author: Jamie Strandboge
Revision Date: 2014-06-18 16:15:47 UTC

* SECURITY UPDATE: specify /etc/neutron/rootwrap.conf for use with
  neutron-rootwrap
  - CVE-2013-6433 (LP: #1185019)
* SECURITY UPDATE: Validate CIDR given as ip-prefix in
  security-group-rule-create
  - CVE-2014-0187
  - LP: #1300785
* debian/patches/CVE-2014-0187b.patch: update for python-netaddr <= 0.7.10
* SECURITY UPDATE: Install SNAT rules for ipv4 only
  - CVE-2014-4167
  - LP: #1309195

Author: Michael Vogt
Revision Date: 2014-06-12 14:02:26 UTC

* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
  - warn if not authenticated in cmdline/apt-get.cc, added regression
    test to test/integration/test-apt-get-source-authenticated,
    test/integration/framework.
  - CVE-2014-0478

Author: Adam Conrad
Revision Date: 2014-06-13 18:05:19 UTC

New upstream release, with urgent timezone updates for
Egypt on June 26 and Morocco on June 28 (LP: #1326902)

Author: Adam Conrad
Revision Date: 2014-06-13 18:05:19 UTC

New upstream release, with urgent timezone updates for
Egypt on June 26 and Morocco on June 28 (LP: #1326902)

Author: Adam Conrad
Revision Date: 2014-06-13 18:05:19 UTC

New upstream release, with urgent timezone updates for
Egypt on June 26 and Morocco on June 28 (LP: #1326902)

Author: Marc Deslauriers
Revision Date: 2014-06-13 08:34:17 UTC

* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
  - debian/patches/lp1321869.patch: use upstream commit which includes
    additional regression fixes to parser.c.

Author: Marc Deslauriers
Revision Date: 2014-06-13 08:34:17 UTC

* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
  - debian/patches/lp1321869.patch: use upstream commit which includes
    additional regression fixes to parser.c.

Author: Marc Deslauriers
Revision Date: 2014-06-03 15:16:17 UTC

* SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
  - debian/patches/CVE-2013-6370.patch: check lengths and add warnings to
    json_tokener.*.
  - CVE-2013-6370
* SECURITY UPDATE: denial of service via hash collision (LP: #1311397)
  - debian/patches/CVE-2013-6371.patch: added better random seed and hash
    functions to Makefile.am, config.h.in, linkhash.c, random_seed.*,
    configure.in.
  - debian/libjson-c2.symbols: added new symbol.
  - CVE-2013-6371

Author: Marc Deslauriers
Revision Date: 2014-06-03 15:16:17 UTC

* SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
  - debian/patches/CVE-2013-6370.patch: check lengths and add warnings to
    json_tokener.*.
  - CVE-2013-6370
* SECURITY UPDATE: denial of service via hash collision (LP: #1311397)
  - debian/patches/CVE-2013-6371.patch: added better random seed and hash
    functions to Makefile.am, config.h.in, linkhash.c, random_seed.*,
    configure.in.
  - debian/libjson-c2.symbols: added new symbol.
  - CVE-2013-6371

Author: Kees Cook
Revision Date: 2014-06-11 16:15:34 UTC

* New upstream micro release.
  - Fixes user-agent and certificate chain (LP: #1325723).

Author: Martin Pitt
Revision Date: 2014-06-02 10:27:41 UTC

Add current software-properties translations to fix the "{licence} →
{license}" crash and get some updated translations. (LP: #1319257)

Author: Marc Deslauriers
Revision Date: 2014-06-04 08:59:45 UTC

* SECURITY UPDATE: root escalation via missing quotes in slapper()
  - debian/patches/CVE-2014-0476.patch: make sure file_port is properly
    quoted in chkrootkit.
  - CVE-2014-0476

Author: Marc Deslauriers
Revision Date: 2014-06-04 08:59:45 UTC

* SECURITY UPDATE: root escalation via missing quotes in slapper()
  - debian/patches/CVE-2014-0476.patch: make sure file_port is properly
    quoted in chkrootkit.
  - CVE-2014-0476

Author: James Page
Revision Date: 2014-06-03 18:38:39 UTC

New upstream stable point release (LP: #1326032).

Author: Aron Xu
Revision Date: 2014-04-03 00:59:24 UTC

* debian/patches/0004-add-a-context-variable-to-disable-punc.patch:
  - Add a context variable to disable punc module (LP: #1290786).

Author: Rafael David Tinoco
Revision Date: 2014-05-05 09:44:37 UTC

Fix file descriptor leak when reloading daemon. (LP: #1316125)

Author: Martin Pitt
Revision Date: 2014-06-02 10:27:41 UTC

Add current software-properties translations to fix the "{licence} →
{license}" crash and get some updated translations. (LP: #1319257)

Author: Marc Deslauriers
Revision Date: 2014-06-01 11:04:16 UTC

* SECURITY UPDATE: memory corruption due to server hello parsing
  - debian/patches/CVE-2014-3466.patch: validate session_id_len in
    lib/gnutls_handshake.c.
  - CVE-2014-3466

Author: Marc Deslauriers
Revision Date: 2014-06-01 11:04:16 UTC

* SECURITY UPDATE: memory corruption due to server hello parsing
  - debian/patches/CVE-2014-3466.patch: validate session_id_len in
    lib/gnutls_handshake.c.
  - CVE-2014-3466

Author: Felix Geyer
Revision Date: 2014-05-22 22:32:39 UTC

* SECURITY UPDATE: Fix possibility of local privilege escalation when
  using daemon mode. (LP: #1322338)
  - Only systems running kernel versions >= 2.6 and < 3.1 are affected.
  - CVE-2014-0240
  - debian/patches/CVE-2014-0240.patch: backport upstream commit

Author: Felix Geyer
Revision Date: 2014-05-22 22:32:39 UTC

* SECURITY UPDATE: Fix possibility of local privilege escalation when
  using daemon mode. (LP: #1322338)
  - Only systems running kernel versions >= 2.6 and < 3.1 are affected.
  - CVE-2014-0240
  - debian/patches/CVE-2014-0240.patch: backport upstream commit

Author: dobey
Revision Date: 2014-05-22 21:15:10 UTC

* debian/patches/00_farewell-u1.patch:
  - Pop up a notice when connecting the service will stop on June 1 2014.
  - Avoid trying to connect after June 1 2014. (LP: #1306225)

Author: dobey
Revision Date: 2014-05-22 21:15:10 UTC

* debian/patches/00_farewell-u1.patch:
  - Pop up a notice when connecting the service will stop on June 1 2014.
  - Avoid trying to connect after June 1 2014. (LP: #1306225)

Author: dobey
Revision Date: 2014-04-15 16:37:49 UTC

* debian/patches/00_bzr-use-system-certs.patch:
  - Load all the system SSL certificates. (LP: #1307549)
* debian/control, debian/rules:
  - Need language-pack-en and to run the tests under en_US.UTF-8 now.

Author: Marc Deslauriers
Revision Date: 2014-03-31 13:12:34 UTC

* SECURITY UPDATE: information disclosure or arbitrary code execution via
  crafted XSLT programs
  - debian/patches/CVE-2014-0107.patch: disable external general
    entities, foreign attributes and access to the system properties in
    src/org/apache/xalan/transformer/TransformerImpl.java,
    src/org/apache/xalan/processor/XSLTElementProcessor.java,
    src/org/apache/xalan/processor/TransformerFactoryImpl.java,
    src/org/apache/xpath/functions/FuncSystemProperty.java.
  - CVE-2014-0107

Author: Marc Deslauriers
Revision Date: 2014-03-31 13:12:34 UTC

* SECURITY UPDATE: information disclosure or arbitrary code execution via
  crafted XSLT programs
  - debian/patches/CVE-2014-0107.patch: disable external general
    entities, foreign attributes and access to the system properties in
    src/org/apache/xalan/transformer/TransformerImpl.java,
    src/org/apache/xalan/processor/XSLTElementProcessor.java,
    src/org/apache/xalan/processor/TransformerFactoryImpl.java,
    src/org/apache/xpath/functions/FuncSystemProperty.java.
  - CVE-2014-0107

Author: Marc Deslauriers
Revision Date: 2014-05-16 15:30:54 UTC

* SECURITY UPDATE: XSS via control characters
  - adjust filter in src/lxml/html/clean.py, add test to
    src/lxml/html/tests/test_clean.txt.
  - e86b294f1f81b899a59925123560ff924a72f1cc
  - CVE-2014-3146

Author: Marc Deslauriers
Revision Date: 2014-05-16 15:30:54 UTC

* SECURITY UPDATE: XSS via control characters
  - adjust filter in src/lxml/html/clean.py, add test to
    src/lxml/html/tests/test_clean.txt.
  - e86b294f1f81b899a59925123560ff924a72f1cc
  - CVE-2014-3146

Author: Marc Deslauriers
Revision Date: 2014-05-20 08:30:44 UTC

* SECURITY UPDATE: memory corruption via crafted message from file relay
  server
  - debian/patches/CVE-2014-3775.patch: check relay_count in src/dcc7.c.
  - CVE-2014-3775

Author: Marc Deslauriers
Revision Date: 2014-05-20 08:30:44 UTC

* SECURITY UPDATE: memory corruption via crafted message from file relay
  server
  - debian/patches/CVE-2014-3775.patch: check relay_count in src/dcc7.c.
  - CVE-2014-3775

Author: Brian Murray
Revision Date: 2014-05-01 09:52:55 UTC

software-properties-dbus: force C.utf-8 locale if C is used
to ensure utf-8 support when reading sources.list LP: #1069019

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:17:19 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:17:19 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Seth Arnold
Revision Date: 2014-05-14 11:00:30 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_5.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_5.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.

Author: Seth Arnold
Revision Date: 2014-05-14 11:00:30 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_5.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_5.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.

Author: Kamal Mostafa
Revision Date: 2014-05-13 18:07:13 UTC

Ubuntu-3.5.0-242

Author: Daniel Echeverry
Revision Date: 2013-05-10 11:58:26 UTC

* Debconf templates and debian/control reviewed by the debian-l10n-
  english team as part of the Smith review project. Closes: #707562
* [Debconf translation updates]
* Indonesian (Mahyuddin Susanto). Closes: #711295
* Czech (Michal Simunek). Closes: #711509
* French (Julien Patriarca). Closes: #711857
* Russian (Yuri Kozlov). Closes: #711885
* Portuguese (Pedro Ribeiro). Closes: #712135
* German (Chris Leick). Closes: #712276
* Italian (Beatrice Torracca). Closes: #712480
* Swedish (Martin Bagge / brother). Closes: #712651
* Japanese (victory). Closes: #712874
* Polish (Michał Kułach). Closes: #712922

Author: Jon Bernard
Revision Date: 2013-05-11 22:18:14 UTC

* [d02363c] Include upstream fix for FTBFS on GNU/FreeBSD.
  Thanks to Petr Salinger (Closes: #705827)
* [0887037] Add symbols files for libbabeltrace0 and libbabeltrace-ctf0

Author: Marc Deslauriers
Revision Date: 2014-05-13 12:03:42 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

Author: Marc Deslauriers
Revision Date: 2014-05-13 12:03:42 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

Author: Steve Langasek
Revision Date: 2013-10-24 15:33:27 UTC

Add ohci_pci to the list of USB host modules included in the initramfs,
needed on some systems and not a built-in driver in Ubuntu.
LP: #1238194.

Author: Steve Langasek
Revision Date: 2013-10-24 15:33:27 UTC

Add ohci_pci to the list of USB host modules included in the initramfs,
needed on some systems and not a built-in driver in Ubuntu.
LP: #1238194.

Author: takaki
Revision Date: 2013-05-13 10:10:01 UTC

[ Jakub Wilk ]
* Use canonical URIs for Vcs-* fields.

[ TANIGUCHI Takaki ]
* debian/control: Change Maintainer to Python Module Team. (Closes: #705279)
  + Remove "Daniel Watkins <daniel@daniel-watkins.co.uk>" from Maintainer.

Author: Russ Allbery
Revision Date: 2013-06-23 12:33:04 UTC

* Apply upstream patch to add AM_PROG_AR to configure.ac, now apparently
  required by Automake for the binutils in unstable. (Closes: #713296)
* Apply upstream patch to build with largefile support. This is
  probably pointless for this module, but consistency is good.
* Canonicalize the Vcs-Git and Vcs-Browser URLs.
* Update standards version to 3.9.4 (no changes required).

Author: Clint Adams
Revision Date: 2013-02-09 10:56:55 UTC

New upstream version.

Author: Rafael David Tinoco
Revision Date: 2014-04-24 10:56:19 UTC

Fixed init script nfnetlink_queue detection for newer kernels. (LP: #1250439)

Author: Marc Deslauriers
Revision Date: 2014-03-14 14:25:35 UTC

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

Author: Marc Deslauriers
Revision Date: 2014-05-05 15:30:09 UTC

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

Author: Jamie Strandboge
Revision Date: 2014-05-05 13:39:33 UTC

* SECURITY UPDATE: fix XSS in Heat template description and outputs
  parameters
  - LP: #1289033
  - CVE-2014-0157

Author: Marc Deslauriers
Revision Date: 2014-05-05 15:30:09 UTC

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

Author: Robert Ancell
Revision Date: 2014-01-22 17:22:32 UTC

* New upstream release:
  - Fix issue where VTs are double used when switching sessions.
    (LP: #1256150)

Author: Jamie Strandboge
Revision Date: 2014-05-05 13:39:33 UTC

* SECURITY UPDATE: fix XSS in Heat template description and outputs
  parameters
  - LP: #1289033
  - CVE-2014-0157

Author: Marc Deslauriers
Revision Date: 2014-04-15 14:33:46 UTC

* SECURITY UPDATE: denial of service or possible code execution in
  libjbig
  - debian/patches/CVE-2013-6369.patch: check sizes in libjbig/jbig.c.
  - CVE-2013-6369

Author: Marc Deslauriers
Revision Date: 2014-04-15 14:33:46 UTC

* SECURITY UPDATE: denial of service or possible code execution in
  libjbig
  - debian/patches/CVE-2013-6369.patch: check sizes in libjbig/jbig.c.
  - CVE-2013-6369

Author: Brian Murray
Revision Date: 2014-04-23 10:32:42 UTC

Fix translations (hr, id, eo, ug) of check-new-release-gtk dialog
which cause a crash and users not to be notified of the new version.
(LP: #1311396)

Author: Brian Murray
Revision Date: 2013-10-25 20:22:01 UTC

releasing package update-manager version 1:0.194.1

Author: Rafael David Tinoco
Revision Date: 2014-04-24 10:56:19 UTC

Fixed init script nfnetlink_queue detection for newer kernels. (LP: #1250439)

Author: Marc Deslauriers
Revision Date: 2014-04-19 20:45:09 UTC

* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  - CVE-2014-0001
  - CVE-2014-0384
  - CVE-2014-2419
  - CVE-2014-2430
  - CVE-2014-2431
  - CVE-2014-2432
  - CVE-2014-2436
  - CVE-2014-2438
  - CVE-2014-2440
* Drop creation of insecure database permissions:
  - d/p/33_scripts__mysql_create_system_tables__no_test.patch,
    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
    package, inadvertently dropped in 5.5 transition. This
    removes the global anonymous access to the database which
    is a security concern.

Author: Brian Murray
Revision Date: 2014-04-23 13:30:08 UTC

Add Ubuntu 14.10, Utopic Unicorn.