Copy candidates:
libsodium 1.0.8-5 in xenial
libsodium-dbg 1.0.8-5 in xenial amd64
libsodium-dbg 1.0.8-5 in xenial arm64
libsodium-dbg 1.0.8-5 in xenial armhf
libsodium-dbg 1.0.8-5 in xenial i386
libsodium-dbg 1.0.8-5 in xenial powerpc
Override component to main
libsodium 1.0.8-5~ubuntu14.04.1 in trusty: universe/libs -> main
libsodium-dbg 1.0.8-5~ubuntu14.04.1 in trusty amd64: universe/debug/extra/100%
-> main
libsodium-dbg 1.0.8-5~ubuntu14.04.1 in trusty arm64: universe/debug/extra/100%
-> main
libsodium-dbg
I reviewed libsodium version 1.0.8-5 as checked into xenial, looking for
any deviations from Seth's original review since this is a different
version.
- No CVE history in our database
- libsodium provides a programmer- and packager-friendly library around
the NaCl family of cryptography APIs.
-
Actually in this case of three packages only bug 1746772 is complete already,
this one here waits for the Security Team ack before being fully complete - but
all other blockers are passed.
But the Security Team is already aware, so no need to change anything yet.
@Security Team - once review is
The package is now in trusty-proposed (universe) and ready for promotion
once the ubuntu-advantage-tools upload pulling it in appears in
-proposed.
Updating the state of the bug per
https://wiki.ubuntu.com/MIRTeam#Process_states
--
You received this bug notification because you are a member of
I proved the (re)build quality for Xenial (to be sure) and since it will
be new for Trusty as well.
Xenial: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3667
Trusty: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3668
Both releases build logs seem sane, no FTBFS and
This is a special case, as we have the newer versions already in main in Bionic.
Therefore the evaluation checks if the older version has CVEs, packaging issues
and such - but is no full re-evaluation.
[Duplication]
No duplication, it is one of the more common python backends for cryptography.
I added tasks for Xenial and Trusty, the main task I set back to fix
released as that is truly complete and didn't change. This is "just" for
the time-warping back for X/T which we will have to evaluate.
I'll start on the MIR evaluation of those later on today
** Also affects: libsodium (Ubuntu
This is an ack request to include libsodium18 in main for trusty needed
as a dependency of ubuntu-advantage-tools through it's use of
python3-pymacaroons.
The dependency chain is as follows:
ubuntu-advantage-tools -> python3-pymacaroons (0.9.2) -> python3-libnacl ->
libsodium18
libsodium18
For UA Client the server team would like to request pulling back
libsodium to trusty as well.
** Changed in: libsodium (Ubuntu)
Status: Fix Released => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Override component to main
libsodium 1.0.14-1 in bionic: universe/misc -> main
libsodium-dbg 1.0.14-1 in bionic amd64: universe/debug/extra/100% -> main
libsodium-dbg 1.0.14-1 in bionic arm64: universe/debug/extra/100% -> main
libsodium-dbg 1.0.14-1 in bionic armhf: universe/debug/extra/100% ->
** Changed in: libsodium (Ubuntu)
Status: Fix Released => Won't Fix
** Changed in: libsodium (Ubuntu)
Status: Won't Fix => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libsodium in Ubuntu.
** Changed in: libsodium (Ubuntu)
Status: Fix Released => Won't Fix
** Changed in: libsodium (Ubuntu)
Status: Won't Fix => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
php7.2-cli has grown a dependency on libsodium. We have subscribed
~ubuntu-server to it for the purpose of re-implementing this MIR for
18.04.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1621386
Override component to main
libsodium 1.0.11-1 in yakkety: universe/misc -> main
libsodium-dbg 1.0.11-1 in yakkety amd64: universe/debug/extra/100% -> main
libsodium-dbg 1.0.11-1 in yakkety arm64: universe/debug/extra/100% -> main
libsodium-dbg 1.0.11-1 in yakkety armhf: universe/debug/extra/100%
** Changed in: libsodium (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1621386
Title:
[MIR] libsodium
To manage notifications about this bug go to:
unity-api-team subscribed now
** Changed in: libsodium (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1621386
Title:
[MIR] libsodium
To manage
- Needs a team bug subscriber.
Otherwise, looks great!
** Changed in: libsodium (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1621386
Title:
[MIR]
I reviewed libsodium version 1.0.10-1 as checked into yakkety. This
shouldn't be considered a full security audit but rather a quick check of
maintainability. Furthermore this is not an audit of the fitness for
purpose of the cryptography in libsodium.
- No CVE history in our database
- libsodium
** Changed in: libsodium (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1621386
Title:
[MIR] libsodium
To manage
20 matches
Mail list logo