Ubuntu
freexl package

[DSA 3208-2] freexl regression update

Bug #1516257 reported by Bas Couwenberg
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freexl (Ubuntu)
Invalid
High
Unassigned
Trusty
Fix Released
High
Unassigned
Vivid
Fix Released
High
Unassigned

Bug Description

As reported in #1437087, the fix for that issue caused a regression as discussed on the debian-gis list:

 https://lists.debian.org/debian-gis/2015/11/msg00013.html

In Debian this has been fixed for jessie in freexl (1.0.0g-1+deb8u3) and wheezy in freexl (1.0.0b-1+deb7u3) with [DSA 3208-2] freexl regression update (https://lists.debian.org/debian-security-announce/2015/msg00302.html).

Ubuntu needs the same regression fix for trusty & vivid.

I've prepared updates for the Ubuntu packages in git:

 http://anonscm.debian.org/cgit/pkg-grass/freexl.git/?h=ubuntu/trusty
 http://anonscm.debian.org/cgit/pkg-grass/freexl.git/?h=ubuntu/vivid

Besides the fix for the regression introduced by afl-vulnerabilitities.patch, they also contain 32bit-multiplication-overflow.patch that was included in freexl (1.0.0g-1+deb8u2) for jessie-security and freexl (1.0.0b-1+deb7u2) for wheezy-security. 32bit-multiplication-overflow.patch was backported from FreeXL 1.0.2 and already included in wily & xenial.

See original description
Bas Couwenberg (sebastic)
information type: Private Security → Public Security
Mathew Hodson (mhodson)
tags: added: regression-update
Changed in freexl (Ubuntu):
importance: Undecided → High
tags: added: trusty vivid
Mathew Hodson (mhodson)
Changed in freexl (Ubuntu Trusty):
importance: Undecided → High
Changed in freexl (Ubuntu Vivid):
importance: Undecided → High
Bas Couwenberg (sebastic)
description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks for the git trees! I'm in the process of sponsoring the updates.

I made some minor changes to the changelogs:

 - Mention this bug number so that the bug gets autoclosed
 - Add the usual 'SECURITY UPDATE' header and mention the patches added
 - Set the distribution (was UNRELEASED)
 - Adjust the Vivid version to match the usual security update versioning
  + https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging

Changed in freexl (Ubuntu):
status: New → Invalid
Changed in freexl (Ubuntu Trusty):
status: New → Confirmed
Changed in freexl (Ubuntu Vivid):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freexl - 1.0.0g-1ubuntu0.14.04.2

---------------
freexl (1.0.0g-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix issues in previous security update (LP: #1516257)
    - afl-vulnerabilitities-regression.patch: Fix regression introduced by
      afl-vulnerabilitities.patch.
    - 32bit-multiplication-overflow.patch: Fix 32 bit multiplication overflow

 -- Bas Couwenberg <email address hidden> Thu, 12 Nov 2015 22:04:49 +0100

Changed in freexl (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freexl - 1.0.0h-1~exp1ubuntu1.1

---------------
freexl (1.0.0h-1~exp1ubuntu1.1) vivid-security; urgency=medium

  * SECURITY UPDATE: Fix issues in previous security update (LP: #1516257)
    - afl-vulnerabilitities-regression.patch: Fix regression introduced by
      afl-vulnerabilitities.patch.
    - 32bit-multiplication-overflow.patch: Fix 32 bit multiplication overflow

 -- Bas Couwenberg <email address hidden> Thu, 12 Nov 2015 22:04:49 +0100

Changed in freexl (Ubuntu Vivid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.