UbuntuUpdates.org

Package "monodoc-base"

Name: monodoc-base

Description:

shared MonoDoc binaries

Latest version: 2.10.8.1-1ubuntu2.3
Release: precise (12.04)
Level: updates
Repository: main
Head package: mono
Homepage: http://www.mono-project.com/

Links


Download "monodoc-base"


Other versions of "monodoc-base" in Precise

Repository Area Version
base main 2.10.8.1-1ubuntu2
security main 2.10.8.1-1ubuntu2.3

Changelog

Version: 2.10.8.1-1ubuntu2.3 2015-03-24 15:06:38 UTC

  mono (2.10.8.1-1ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2011-0992.patch: fix access to freed members of a
      dead thread in mono/metadata/threads.c.
    - CVE-2011-0992
  * SECURITY UPDATE: denial of service via hash collision
    - debian/patches/CVE-2012-3543.patch: add a better hash provider to
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
      mcs/class/System.Web/System.Web.dll.sources,
      mcs/class/System.Web/System.Web/WebROCollection.cs.
    - CVE-2012-3543
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.
 -- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 14:30:11 -0400

Source diff to previous version
CVE-2011-0992 Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of serv
CVE-2015-2318 SKIP-TLS issue
CVE-2015-2319 FREAK issue
CVE-2015-2320 Related to "remove the client-side SSLv2 fallback"

Version: 2.10.8.1-1ubuntu2.2 2012-07-25 21:07:13 UTC

  mono (2.10.8.1-1ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.patch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382
 -- Marc Deslauriers <email address hidden> Tue, 24 Jul 2012 13:29:38 -0400

Source diff to previous version
CVE-2012-3382 Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and

Version: 2.10.8.1-1ubuntu2.1 2012-06-14 01:06:46 UTC

  mono (2.10.8.1-1ubuntu2.1) precise-proposed; urgency=low

  * configure.in: search multiarch paths for libX11 (LP: #1008212)
    changes the dllmap in /etc/mono/config to the versioned library
 -- Julian Taylor <email address hidden> Sun, 03 Jun 2012 22:46:30 +0200

1008212 x11 dllmap points to unversioned library



About   -   Send Feedback to @ubuntu_updates