Tuesday, 28 May 2013

Patch pilot report 2013-05-29

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRpZ2cAAoJEFHb3FjMVZVztaIP/3LXMZQA3qobiciprBJy8RTr
XFIB15W0hY9s9v2Sq4GBuYvqojjxL60YNy1fgeEgFJG6CsHPe49GMFJ7MRu23IkM
2UXFSaJTHAehIl2FUnt/Joa7c7zFJSAnAjWR/RPcgs4E8ZUWxlT+su853A++i+fR
R7k3KGHc9Kr0meoIQX0wEuLtatNVvfafXJWHNoWrL7tnYv7S8NrDg6QEoaIC37jE
dDi4OvEbVDXlspuioiAnqCi8KZiEjRf9+fY3IYhiE7bidcfbJeIhX+y+8yo/twi+
5yKg8YC/1THSms0h4MSbUn1GGTriL3pAv2u9KQfp6YhpQo0g4eQ0MHo4RvtTw4k8
+VFvJr/qNFYS4sv+Hc52OKcVUnHABH017PPs6B12mPuzfpkHIt5cRZI7DMXrctJ+
g2UQtb/hDyRjCeNiTze5//Ig3TglwnvbZXjave61+sy7JWyswj3lhal4LjG7zYrX
GXj1DCFLoS46tbuNLF9FrA3izkx4O8xrxmCL+PX5VZkOtPGZmXpkeMO3YQxj4AI8
zNF0fbQhbZcWX0AgPh4XRK2ZtljQb5vGLEpM+m4shUJWITUdV01G0I/Lap3ZWP0/
OKrFxqfe3zuZLkLI3MH/b5D78WbxwQcchqjuBErJ3mOSB1H4Ftd7nWjn/HQnezox
Snyg+x0+k/bBQczODcbg
=Z6J6
-----END PGP SIGNATURE-----
* LP: 1182586 - CVE-2013-2070: nginx proxy_pass buffer overflow
vulnerability
- precise: review, build, ACK, upload, publish
- quantal: review, build, ACK, upload, publish
- raring: review, build, ACK, upload, publish
* LP: 1166649 - Multiple open vulnerabilities in tomcat6: review 5
patches for 12.10. NAK as is due to what seemed to be hand-applied
patch errors (mostly whitespace changes)
- take appropriate patches from the submitter and add patches from
the precise version
- build, test in QRT, publish
* LP: #1178286 - Security advisory from KDE upstream (kde4libs)
- precise: review, build, ACK, upload
- quantal: review, build, ACK, upload
- raring: review, build, ACK, upload
- work for a while to find a reproducer to test the fix (upstream
report hinted at one, and it looked simple, but it was elusive
and there just wasn't enough info in the upstream bug (even for
upstream))

I'm still testing/working on the kde4libs update, but it should go out
later today.

--
Jamie Strandboge http://www.ubuntu.com/