-
mono (2.10.8.1-1ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2011-0992.patch: fix access to freed members of a
dead thread in mono/metadata/threads.c.
- CVE-2011-0992
* SECURITY UPDATE: denial of service via hash collision
- debian/patches/CVE-2012-3543.patch: add a better hash provider to
mcs/class/System.Web/System.Web.UI/Page.cs,
mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
mcs/class/System.Web/System.Web.dll.sources,
mcs/class/System.Web/System.Web/WebROCollection.cs.
- CVE-2012-3543
* SECURITY UPDATE: TLS impersonation attack
- debian/patches/CVE-2015-2318.patch: add handshake state validation to
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
- CVE-2015-2318
* SECURITY UPDATE: FREAK attack vulnerability
- debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
- CVE-2015-2319
* SECURITY UPDATE: SSLv2 support
- debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
- CVE-2015-2320
* debian/source/options: Don't use single-debian-patch for Ubuntu.
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 14:30:11 -0400
-
mono (2.10.8.1-1ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2012-3382.patch: properly escape error message in
mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
- CVE-2012-3382
-- Marc Deslauriers <email address hidden> Tue, 24 Jul 2012 13:29:38 -0400
-
mono (2.10.8.1-1ubuntu2.1) precise-proposed; urgency=low
* configure.in: search multiarch paths for libX11 (LP: #1008212)
changes the dllmap in /etc/mono/config to the versioned library
-- Julian Taylor <email address hidden> Sun, 03 Jun 2012 22:46:30 +0200
-
mono (2.10.8.1-1ubuntu2) precise; urgency=low
* debian/monodoc-base.postinst: Add '|| true' to the update-monodoc call
so that it doesn't cause upgrades to fail due to the trigger being called
prior to GTK# being upgraded (LP: #972751)
-- Andrew Mitchell <email address hidden> Wed, 04 Apr 2012 18:08:25 +1200
-
mono (2.10.8.1-1ubuntu1) precise; urgency=low
* debian/mono.runtime-script: Don't use File::Basename, because it's not
actually being *used*, and the 'use' statement causes failures if this
script is called while perl-base and perl-modules are not in a consistent
state. LP: #948848.
-- Steve Langasek <email address hidden> Thu, 22 Mar 2012 23:00:53 -0700
-
mono (2.10.8.1-1) unstable; urgency=low
[ Jb Evain ]
* [b31e994] [mono-api-info] try to read local files before using the resolver
[ Mirco Bauer ]
* [e6134cc] Imported Upstream version 2.10.8.1
* [e8b34c9] Added s390x specific symbols to libmono-2.0-1.symbols.s390x
* [ad7a051] Copied armel specific symbols to libmono-2.0-1.symbols.armhf
* [1001d95] Added new symbol to libmono-2.0-1.symbols
* [c17bea6] Build mono-api-diff and MonoGetAssemblyName with dmcs
instead of gmcs
* [1388ad0] Bumped clilibs of libmono-system4.0-cil,
libmono-sqlite{2,4}.0-cil and
libmono-microsoft-build-framework4.0-cil to >= 2.10.7
* [7bb7153] Added -a switch (ABI) to mono-api-check
* [b35dd98] Imported Upstream version 2.10.8.1
* [a251cb0] Fixed typo in package short description of
libmono-webmatrix-data4.0-cil (closes: #656671)
* [b35dd98] Imported Upstream version 2.10.8.1
* [03f5030] Updated RUN_MONO variable for a 4.0 runtime
-- Mirco Bauer <email address hidden> Sun, 05 Feb 2012 19:21:10 +0100
-
mono (2.10.5-1ubuntu1) precise; urgency=low
* Copy libmono-2.0-1.symbols.armel to libmono-2.0-1.symbols.armhf
-- Adam Conrad <email address hidden> Tue, 29 Nov 2011 16:13:17 -0700
-
mono (2.10.5-1) experimental; urgency=low
* [854fa78] Imported Upstream version 2.10.5
-- Mirco Bauer <email address hidden> Thu, 25 Aug 2011 22:26:08 +0200
