-
Committer:
Package Import Robot
-
Author(s):
Tyler Hicks
-
Date:
2012-02-21 16:28:51 UTC
-
Revision ID:
package-import@ubuntu.com-20120221162851-dl49woaq6at1uhbd
Tags: 1.8.7.299-2ubuntu0.1
* SECURITY UPDATE: Cross-site scripting via HTTP error responses
- debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
set for HTTP error responses. Based on upstream patch.
- CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/CVE-2011-2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/CVE-2011-2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815