Hey Otto,
sorry, I was off for a few days. So should I go ahead with the sponsor
or do you want to merge things first? Either work well for me and I can
continue with the sponsoring this week still.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
This is now released as mentioned in:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/comments/14
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/comments/15
** Changed in: openscap (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: openscap
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062389
Title:
[SRU] Fix segfault in systemdunitdependency probe
To manage notifications about this bug go to:
Hey Otto,
sorry for the delay, the branches look good, and I could successfully build the
package and check the diff with the PR, but I again had to bypass that issue
with gbp not generating the orig tarball correctly.
I'm investigating this issue a bit more to see what is going on.
--
You
Hi Otto,
Thanks for preparing the updates!
I will be taking a look at the PRs between today and tomorrow
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067125
Title:
CVE-2024-21096 et al affects
On Ubuntu 20.04, following the tests outlined in the description, below
is the result:
$ uname -a
Linux sec-focal-amd64 5.4.0-181-generic #201-Ubuntu SMP Thu Mar 28 15:39:01 UTC
2024 x86_64 x86_64 x86_64 GNU/Linux
$ dpkg -l | grep libopenscap
ii libopenscap8
On Ubuntu 22.04, following the tests outlined in the description, below
is the result:
$ uname -a
Linux sec-jammy-amd64 6.5.0-28-generic #29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Thu Apr 4 14:39:20 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
# Check that current version of openscap is installed
$ dpkg
Hey @phausman,
could you please try to reproduce by using the openscap -proposed?
For more information:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/comments/10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: openscap (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: openscap (Ubuntu Mantic)
Importance: Undecided
Status: New
** Changed in: openscap (Ubuntu Mantic)
Status: New => Fix Released
** Changed in: openscap (Ubuntu Noble)
** Patch added: "openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767572/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Patch added: "openscap_1.2.16-2ubuntu3.4.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767571/+files/openscap_1.2.16-2ubuntu3.4.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I've create the SRU ticket here:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060345
Title:
oscap crashes during audit on the
** Patch added: "openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767559/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff
** Description changed:
[ Impact ]
- * This issue causes a crash in openscap when there's a
** Patch added: "openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767558/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Patch added: "openscap_1.2.16-2ubuntu3.4.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767557/+files/openscap_1.2.16-2ubuntu3.4.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: "oval file for ubuntu 20.04"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767555/+files/ssg-ubuntu2004-oval.xml
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: "oval file for ubuntu 22.04"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767556/+files/ssg-ubuntu2204-oval.xml
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
[ Impact ]
* This issue causes a crash in openscap when there's a circular
dependency in systemd services, and currently affects both Ubuntu 20.04
and 22.04.
* This indirectly is affecting the usage of USG (Ubuntu Security Guide)
for CIS auditing in systems with ceph-mds.
** Changed in: openscap (Ubuntu)
Status: New => Confirmed
** Changed in: openscap (Ubuntu Focal)
Status: New => In Progress
** Changed in: openscap (Ubuntu Jammy)
Status: New => In Progress
** Changed in: openscap (Ubuntu Focal)
Assignee: (unassigned) => Edua
@phausman I won't be doing the SRU. Since Peter is investigating it, it
is best if it comes from him.
If you are building from source and it does not produce a crash, then the bug
mentioned by Peter is not really necessary and something else might be the
issue.
As the circular dependency does
Peter, do note that this fix never landed on 1.2 openscap, it will require some
backporting.
To land this fix it should be done through an SRU process.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: openscap
Importance: Undecided
Status: New
** No longer affects: openscap
** Also affects: openscap (Ubuntu)
Importance: Undecided
Status: New
** Changed in: usg
Status: New => Invalid
--
You received this bug notification because you are a member
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Could you please run with --debug and upload the logs?
** Changed in: openscap (Ubuntu)
Status: New => Incomplete
** Package changed: openscap (Ubuntu) => usg
** Summary changed:
- openscap fails in multiple tests when auditing on fresh Jammy
+ usg fails in multiple tests when auditing
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2036595
Title:
vulnerability in libcue affects tracker-extract (GHSL-2023-197)
To
** Changed in: systemd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055270
Title:
Buy Tramadol Online At Lowest Prices
To manage notifications about this
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
This patch is not acceptable as you are trying to fix a security issue (already
fixed) and a bug issue. Please only upload a debdiff for the bug issue.
Also create a new ticket for that, as this one if for the security issue and
that was already fixed.
--
You received this bug notification
That is already fixed under Ubuntu Pro:
https://ubuntu.com/security/notices/USN-5245-1
https://ubuntu.com/security/notices/USN-5239-1
** Changed in: maven (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: httpcomponents-client (Ubuntu)
Status: Confirmed => Fix Released
--
Hi Keath,
It takes time because it is a newer version update. As you can see in comment
#4 it is currently available for testing on security-proposed ppa. If you could
test it and give us a feedback that it is working properly that would be much
appreciated. Also we are currently having issues
Thanks for taking the time to report this bug and helping to make Ubuntu
better.
This is low priority CVE for us, it will only get patched if a higher
priority CVE for libsdl2 in 22.04 shows up. Right now there are none,
therefore no ETA.
** Information type changed from Private Security to
Thanks for taking the time to report this bug and helping to make Ubuntu
better.
This is low priority CVE for us, it will only get patched if a higher
priority CVE for sqlite3 in 22.04 shows up. Right now there are none,
therefore no ETA.
** Description changed:
I have ubuntu 22.04 on my
** Changed in: zutty (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2000848
Title:
CVE-2022-41138: Unreleased in zutty
To manage notifications about
** Information type changed from Private Security to Public Security
** Changed in: cups (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1995402
Title:
Hi Olivier,
Do you have any updates on line for thunderbird?
We got a similar question last week on IRC.
** Information type changed from Private Security to Public Security
** Changed in: thunderbird (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you
Luis, you keep updating the description but you haven't replied to comment 36.
Please provide the information requested.
** Changed in: wpewebkit (Ubuntu)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
my colleague Spyros will be taking a look if he can bring kinetic's
version to Jammy and Focal.
** Changed in: wpewebkit (Ubuntu Focal)
Assignee: (unassigned) => Spyros Seimenis (sespiros)
** Changed in: wpewebkit (Ubuntu Jammy)
Assignee: (unassigned) => Spyros Seimenis (sespiros)
--
** Description changed:
- I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to
- fix security issues and other bugs, as well as adding features that
- increase compatibility with current websites.
+ I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix
+ security
** Description changed:
- I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix
- security issues and other bugs, as well as adding features that increase
- compatibility with current websites.
+ I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to
+ fix security
Just adding some notes about this request:
1. 200MB debdiff, really hard to verify/validate/test. We need to think
on a good way to guarantee that we are not introducing issues.
2. On Luis' PPA the package fails to build in some architectures. Luis
is going to trigger another build and see if it
** Also affects: wpewebkit (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: wpewebkit (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
Hi Luís,
As my colleague mentioned to you previously, except for a few
exceptions, such as ffmpeg, we generally don't accept new upstream
maintenance releases into the security sponsoring process.
As you can see on bug #1973814, the diff between the versions you want
to upgrade are too big and
Hi Luis,
Thanks for testing!
Regarding 18.04 test failure, I tried to reproduce here and it is passing fine:
`...
GEN tests/data/vsynth_lena.yuv
TESTvsynth_lena-amv
TESTvsynth_lena-asv1
TESTvsynth_lena-asv2
TESTvsynth_lena-cinepak
TESTvsynth_lena-cljr
TEST
Hi Luis,
I've uploaded the binaries to -proposed, could you please test them?
Thanks
** Changed in: ffmpeg (Ubuntu Bionic)
Status: In Progress => Fix Committed
** Changed in: ffmpeg (Ubuntu Focal)
Status: In Progress => Fix Committed
** Changed in: ffmpeg (Ubuntu Impish)
: New
** Changed in: ffmpeg (Ubuntu Bionic)
Assignee: (unassigned) => Eduardo Barretto (ebarretto)
** Changed in: ffmpeg (Ubuntu Focal)
Assignee: (unassigned) => Eduardo Barretto (ebarretto)
** Changed in: ffmpeg (Ubuntu Impish)
Assignee: (unassigned) => Eduardo Barretto (
We asked around the server team, and no one over there has any experience with
etcd either.
What should we do next?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1959757
Title:
[SRU] etcd FTBFS on
We just published today a no-change version of openscap to Xenial ESM
ppas to solve this issue.
** Changed in: openscap (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: openjdk-lts (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1966338
Title:
openjdk11 update breaks customers
To manage notifications
** Changed in: etcd (Ubuntu Focal)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1959757
Title:
[SRU] etcd FTBFS on Focal
To manage notifications about this bug go
** Attachment added: "golang-etcd-server-dev_amd64.txt"
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+attachment/5572184/+files/golang-etcd-server-dev_amd64.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: "etcd-server_amd64.txt"
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+attachment/5572183/+files/etcd-server_amd64.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The test suite is passing fine.
If I compare binaries of current version and with debdiff applied I get the
following attached files.
** Attachment added: "etcd_amd64.txt"
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+attachment/5572181/+files/etcd_amd64.txt
--
You received
** Attachment added: "etcd-client_amd64.txt"
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+attachment/5572182/+files/etcd-client_amd64.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1959757
Title:
[SRU] etcd FTBFS on Focal
To manage notifications about this bug go to:
** Patch added: "focal debdiff"
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+attachment/5558744/+files/etcd_3.2.26+dfsg-6ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
[Impact]
etcd version 3.2.26+dfsg-5 had its dependency on golang-github-
prometheus-client-golang-dev updated to (>= 1.0.0~) but during Focal
development cycle golang-github-prometheus-client-golang-dev >= 1.0.0
never got out of -proposed, staying on version 0.9.2-0ubuntu3.
** Changed in: ntp (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
To manage notifications about this bug go to:
If you're trying to bring latest release of subversion to Ubuntu, then
you need to check the SRU page mentioned by Seth. The SRU has its own
whole process and there will be a need for a good reason to have the SRU
approved, it is not that simple.
Ubuntu is based on delivering a stable system to
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the packages referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
** Information type changed from Private Security to Public Security
** Changed in: firefox (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925188
Title:
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Your bug report is more likely to get attention if it is made in
English, since this is the language understood by the majority of Ubuntu
developers. Additionally, please only mark a bug as "security" if it
shows
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Your bug report is more likely to get attention if it is made in
English, since this is the language understood by the majority of Ubuntu
developers. Additionally, please only mark a bug as "security" if it
shows
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.
Submitting the bug about the proper source package is essential. For
help see
Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.
Submitting the bug about the proper source package is essential. For
help see
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Tags removed: verification-needed verification-needed-bionic
verification-needed-focal verification-needed-groovy verification-needed-xenial
** Tags added: verification-done verification-done-bionic
verification-done-focal verification-done-groovy verification-done-xenial
--
You received
Hey Brian,
I ran the following test on Xenial, Bionic, Focal and Groovy with archive
openscap and openscap from -proposed and compared the results:
$ wget
https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.$(lsb_release
-cs).cve.oval.xml.bz2
$ bunzip2 com.ubuntu.$(lsb_release
** Patch added: "hirsute.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453540/+files/hirsute.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "groovy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453539/+files/groovy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453538/+files/focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453537/+files/bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
The following debdiffs added the requests from Marc.
** Description changed:
[Impact]
Openscap didn't implement Debian package version comparison algorithm.
This can cause a user/client to get false positive results when running
oscap.
For example, we have a system running
** Patch added: "hirsute.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453050/+files/hirsute.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "groovy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453049/+files/groovy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453048/+files/focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453047/+files/bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
** Patch added: "xenial.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791/+attachment/5453046/+files/xenial.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911791
Public bug reported:
[Impact]
Openscap didn't implement Debian package version comparison algorithm.
This can cause a user/client to get false positive results when running
oscap.
For example, we have a system running Bionic, with package "foo" version
1.2.3-4ubuntu1~18.04.1 installed. Ubuntu
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Information type changed from Private Security to Public Security
** Changed in: sshguard (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1899765
Title:
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
1 - 100 of 161 matches
Mail list logo
