UbuntuUpdates.org

chromium-browser (6.0.472.53~r57914-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #628924)
    This release fixes the following security issues:
    - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
      Google Chrome Security Team (Inferno) and “ironfist99”.
    - [37201] Medium, URL bar visual spoofing with homographic sequences.
      Credit to Chris Weber of Casaba Security.
    - [41654] Medium, Apply more restrictions on setting clipboard content.
      Credit to Brook Novak.
    - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
      the Google Security Team.
    - [45876] Medium, Possible installed extension enumeration. Credit to
      Lostmon.
    - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
      Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
      and Keith Campbell.
    - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
      Glazunov.
    - [50839] High, Notification permissions memory corruption. Credit to
      Michal Zalewski of the Google Security Team and Google Chrome Security
      Team (SkyLined).
    - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
      Campbell and Google Chrome Security Team (Cris Neckar).
    - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
    - [51727] Low, Avoid storing excessive autocomplete entries. Credit to
      Google Chrome Security Team (Inferno).
    - [52443] High, Stale pointer in focus handling. Credit to VUPEN
      Vulnerability Research Team (VUPEN-SR-2010-249).
    - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
      Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
    - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
  * Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
    is installed, the set of usable codecs (at runtime) will still vary.
    This is now done by setting proprietary_codecs=1 so we can drop our patch
    - update debian/rules
    - drop debian/patches/html5_video_mimetypes.patch
    - update debian/patches/series
  * Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API
    - update debian/control
  * Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
    This is needed for Cloud Printing
    - update debian/control
  * Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and
    DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS
    - update debian/rules
  * Install resources.pak in the main deb, and remove all resources/ accordingly
    - update debian/chromium-browser.install
  * Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME
    Keyring and KWallet integration. See http://crbug.com/12351
    - update debian/control
  * Ship empty policy dirs (for now) in /etc/chromium-browser/policies
    - update debian/rules
    - update debian/chromium-browser.dirs
  * Bump build-deps for gyp to >= 0.1~svn837
    - update debian/control
  * Drop the icedtea6-plugin workaround, it's no longer needed and it may cause
    troubles when the default xulrunner contains older nss/nspr libs
    - update debian/chromium-browser.sh.in

 -- Fabien Tassin   Thu, 02 Sep 2010 17:03:41 +0200

multistrap (2.1.6ubuntu2) maverick; urgency=low

  * Better flat aptftparcive-style URL implementation
  * Make flat URL regexp more explicit/correct.  LP: #625059

 -- Wookey   Fri, 27 Aug 2010 03:15:41 +0100

kdebase-workspace (4:4.5.1-0ubuntu1) maverick; urgency=low

  [ Felix Geyer ]
  * New upstream release.
  * Drop patches that are applied upstream:
    - kubuntu_115_loginscreen_kcm_no_rootonly.diff
    - kubuntu_117_no_malloc_check.diff
  * Update install and symbols files.

  [ Harald Sitter ]
  * Drop CVE-2010-0436_fix_kdm_local_exploit.diff for good, the remaining
    portion of this patch was applied at another position within the same
    file which essentially made the variable set twice.
  * Update kubuntu_34_kdm_plymouth_transition.diff to quit plymouth when
    startServerSuccess is called, which should be called whenever successful
    startup was archived. (LP: #618450)

 -- Harald Sitter   Wed, 01 Sep 2010 23:57:59 +0200

kdenetwork (4:4.5.1-0ubuntu1) maverick; urgency=low

  [ Alessandro Ghersi ]
  * New upstream release
    - Bump build-depends

  [ Harald Sitter ]
  * Fix name of kubuntu_03_no_mediastramer_in_wlm.diff to
    kubuntu_03_no_mediastreamer_in_wlm.diff (s/stramer/streamer)

 -- Harald Sitter   Thu, 02 Sep 2010 11:11:57 +0200

kdewebdev (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release

 -- Harald Sitter   Mon, 30 Aug 2010 21:52:02 +0200

kdegames (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release

 -- Harald Sitter   Mon, 30 Aug 2010 17:31:41 +0200

kdeartwork (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release
    - Bump kde-sc-dev-latest to 4.5.0

 -- Alessandro Ghersi   Mon, 30 Aug 2010 19:36:47 +0200

kdebindings (4:4.5.1-0ubuntu2) maverick; urgency=low

  * Unbump build-dep version on libqt4-opengl-dev so we can actually build the
    package in the archive

 -- Scott Kitterman   Thu, 02 Sep 2010 21:25:59 -0400

kdetoys (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release

 -- Harald Sitter   Mon, 30 Aug 2010 21:11:08 +0200

kdebase-runtime (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release.
  * Drop kubuntu_08_network_ioslave_lockup.diff, applied upstream.
  * Update install files.

 -- Felix Geyer   Mon, 30 Aug 2010 16:58:47 +0200

kdesdk (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release.
  * Update install files.

 -- Felix Geyer   Mon, 30 Aug 2010 19:04:10 +0200

kdebase-workspace (4:4.5.1-0ubuntu1) maverick; urgency=low

  [ Felix Geyer ]
  * New upstream release.
  * Drop patches that are applied upstream:
    - kubuntu_115_loginscreen_kcm_no_rootonly.diff
    - kubuntu_117_no_malloc_check.diff
  * Update install and symbols files.

  [ Harald Sitter ]
  * Drop CVE-2010-0436_fix_kdm_local_exploit.diff for good, the remaining
    portion of this patch was applied at another position within the same
    file which essentially made the variable set twice.
  * Update kubuntu_34_kdm_plymouth_transition.diff to quit plymouth when
    startServerSuccess is called, which should be called whenever successful
    startup was archived. (LP: #618450)

 -- Harald Sitter   Wed, 01 Sep 2010 23:57:59 +0200

kdemultimedia (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release

 -- Harald Sitter   Mon, 30 Aug 2010 17:35:15 +0200

ntlmaps (0.9.9.0.1-11.1ubuntu1) maverick; urgency=low

  * Merge from debian unstable, remaining changes:
    - Made debconf ask questions about domain and proxy port during postinst.
      (LP: #85495)
    - Set SO_REUSEADDR on server socket, allowing for a quick restart
      (Closes: #584438) 

 -- Lorenzo De Liso   Thu, 02 Sep 2010 19:12:24 +0200

csound (1:5.12.1~dfsg-5) unstable; urgency=medium

  * Do not print error message when RAWwAVE_PATH is undefined
  * Build documentation at install stage to avoid building in buildds.
     Really Closes: #590948
  * Urgency medium to speed up jackd transition.

 -- Felipe Sateler   Thu, 05 Aug 2010 12:04:49 -0400

chromium-codecs-ffmpeg (0.6+svn20100811r55740+56137-0ubuntu1) maverick; urgency=low

  * New upstream snapshot (LP: #628924)
  * Drop the sse2 patch, it has been applied upstream, and set disable_sse2
    - drop debian/patches/*
    - update debian/rules
  * Unpack the sources during pre-build so quilt has access to all source files
    and set QUILT_PATCHES (for hardy)
    - update debian/rules
  * Add libvpx-dev to Build-Depends and set the use_system_vpx gyp knob
    - update debian/control
    - update debian/rules
  * Re-do the get-orig-source rule with 2 repos instead of 3 following
    the upstream reorganization and follow the revision requested by
    Chromium for now on
    - update debian/rules
  * FTBFS when an upstream patch fails to apply, as it could lead to weird
    situations
    - update debian/rules
  * Bump build-deps for gyp to >= 0.1~svn837
    - update debian/control

 -- Fabien Tassin   Sun, 15 Aug 2010 04:00:02 +0200

ampache (3.5.4-7ubuntu1) maverick; urgency=low

  * Merged from debian, remaining changes: (LP: #620259)
  * Removed $webserver variable from apache_install and ampache_remove 
    function calls in postinst and postrm.  After hardcoding the symlink
    creation having this variable causes the function to fail.
  * Added updated it.po. Thx  Luca Monducci
  * Added updated ta.po. Thx Dr.T.Vasudevan
  * Added updated zh_TW.po.  Thx Kan-Ru Chen

 -- Charlie Smotherman   Wed, 1 Sep 2010 16:01:54 -0500

gyp (0.1~svn840-0ubuntu1) maverick; urgency=low
  
    * New upstream snapshot (LP: #628924)
  
 -- Fabien Tassin   Thu, 02 Sep 2010 17:03:41 +0200

meta-kde (5:63ubuntu5) maverick; urgency=low

  * Bump MINIMUM_KDE_VERSION and DEV_LATEST_VERSION to 4:4.5.1

 -- Harald Sitter   Wed, 01 Sep 2010 14:33:20 +0200

kde-l10n-fy (4:4.5.1-0ubuntu1) maverick; urgency=low

  * New upstream release

 -- Harald Sitter   Thu, 02 Sep 2010 12:03:13 +0200