[Group.of.nepali.translators] [Bug 1852298] Re: xenial/linux-kvm: 4.4.0-1063.70 -proposed tracker
4.4.0-1063.70 - kvm Regression test CMPL, RTB. Issue to note in amd64: ubuntu_ecryptfs - miscdev-bad-count.sh and lp-994247 on 5 filesystems (bug 1837523) ubuntu_kernel_selftests - psock_tpacket in net failed (bug 1812176) test_bpf in net (bug 1812189) test_user_copy return code in user (bug 1812352) ubuntu_kvm_unit_tests - apic timeouted (bug 1748103) debug (bug 1821906) memory (bug 1845687) port80 (bug 1748105) vmx (bug 1821394) vmx_apic_passthrough_thread (bug 1822309) vmx_hlt_with_rvi_test (bug 1822308) ubuntu_ltp_syscalls - fanotify06 (bug 1833028) fanotify10 (bug 1802454) msgstress03 (bug 1783881) pivot_root01 (bug 1852966) sync_file_range02 (bug 1853422) pkey01 failure cannot be reproduced ubuntu_lxc - ERROR: Unable to fetch GPG key from keyserver. proxy issue for Intel Cloud (bug 1838966) ubuntu_xfstests* - no scratch drive available for the test Skipped / blacklisted: * ubuntu_blktrace_smoke_test * ubuntu_bpf * ubuntu_fan_smoke_test * ubuntu_ftrace_smoke_test * ubuntu_ltp * ubuntu_lttng_smoke_test * ubuntu_seccomp * ubuntu_sysdig_smoke_test ** Changed in: kernel-sru-workflow/regression-testing Status: In Progress => Fix Released ** Changed in: kernel-sru-workflow/regression-testing Assignee: Canonical Kernel Team (canonical-kernel-team) => Po-Hsu Lin (cypressyew) ** Tags added: regression-testing-passed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1852298 Title: xenial/linux-kvm: 4.4.0-1063.70 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: In Progress Status in Kernel SRU Workflow verification-testing series: In Progress Status in linux-kvm package in Ubuntu: Invalid Status in linux-kvm source package in Xenial: Confirmed Bug description: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1852306 packages: main: linux-kvm meta: linux-meta-kvm phase: Testing phase-changed: Friday, 15. November 2019 11:46 UTC proposed-announcement-sent: true proposed-testing-requested: true reason: security-signoff: Stalled -- waiting for signoff verification-testing: Ongoing -- testing in progress variant: debs To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1852298/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1853063] Re: SQL injection and Persistent XSS in textile formatting
This bug was fixed in the package redmine - 3.2.1-2ubuntu0.2 --- redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: persistent XSS exists due to textile formatting - debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way that html tags are identified to be escaped. (LP: #1853063) - CVE-2019-17427 - https://www.cvedetails.com/cve/CVE-2019-17427/ - Redmine Defect #31520 * SECURITY UPDATE: SQL injection vulnerability - debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each because it casts the values to integer and return a new array. (LP: #1853063) - CVE-2019-18890 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890 - Redmine Defect #32374 -- Lucas Kanashiro Mon, 18 Nov 2019 18:15:09 -0300 ** Changed in: redmine (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1853063 Title: SQL injection and Persistent XSS in textile formatting Status in redmine package in Ubuntu: New Status in redmine source package in Precise: Invalid Status in redmine source package in Trusty: Invalid Status in redmine source package in Xenial: Fix Released Bug description: Two important CVEs were released and addressed by upstream: * Redmine Defect #31520: Persistent XSS in textile formatting (CVE-2019-17427) * Redmine Defect #32374: SQL injection vulnerability in Redmine < 3.4.0 (CVE-2019-18890) Those vulnerabilities were fixed in version 3.3.10. Here is the upstream changelog: https://www.redmine.org/projects/redmine/wiki/Changelog_3_3 Here is the diff of my Debian Stretch security update: https://salsa.debian.org/ruby- team/redmine/compare/debian%2F3.3.1-4+deb9u2...debian%2F3.3.1-4+deb9u3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/1853063/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1844853] Re: IBus no longer works in Qt applications after upgrade
** Changed in: glib2.0 (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1844853 Title: IBus no longer works in Qt applications after upgrade Status in GLib: Fix Released Status in ibus: Fix Released Status in glib2.0 package in Ubuntu: Fix Released Status in ibus package in Ubuntu: Fix Released Status in glib2.0 source package in Xenial: Fix Committed Status in glib2.0 source package in Bionic: Fix Committed Status in glib2.0 source package in Disco: Fix Committed Status in glib2.0 source package in Eoan: Fix Committed Status in glib2.0 source package in Focal: Fix Released Status in ibus source package in Focal: Fix Released Status in glib2.0 package in Debian: Fix Released Bug description: [Impact] IBus was broken for Qt applications as a regression due to the fix of CVE-2019-14822. As a result the IBus patch was disabled temporarily, which fixed IBus from a usability POV. The real fix has been made in glib2.0, and the updates in -proposed will allow the IBus patch to be re-enabled. [Test Case] * On a standard Ubuntu {eoan,disco,bionic,xenial} installation - Upgrade the glib2.0 packages from {eoan,disco,bionic,xenial}-proposed - Upgrade the ibus packages from https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa - Install some IBus input method, e.g. ibus-libpinyin - Install some Qt application, e.g. Kate * Relogin (maybe reboot) * Add the input method to the input sources * Open the Qt app and try to input something using the IBus IM => Find that the transliteration works as expected [Regression Potential] The applicable patches origin from glib upstream: https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 Consequently the changes have been reviewed by the glib maintainer, but also tested by the IBus maintainer, by me (gunnarhj), and - of course - the author Simon McVittie. The changes have been in Debian unstable since 2019-10-30. [Original description] Kubuntu Release 18.04.3 LTS Expected behavior: ibus continues working as before after applying security update 1.5.17-ubuntu5.1 from version 1.5.17-ubuntu5. Observed behavior: ibus is not usable anymore in Qt applications. After updating ibus and the related packages ibus-gtk, ibus-gtk3, libibus-1.0-5 and gir1.2-ibus-1.0 all from version 1.5.17-ubuntu5 to 1.5.17-ubuntu5.1, I can no longer use ibus in Qt applications. Using shift-space no longer changes the selected input method and even when i switch to the mozc input method in a gtk application, i can not use it in any Qt applications. When starting qtconfig in a terminal, I also get the following message: Bus::open: Connect ibus failed! IBusInputContext::createInputContext: no connection to ibus-daemon This bug was not present in version 1.5.17-3ubuntu5 and I also confirmed that downgrading the packages to version 1.5.17-3ubuntu4 restores ibus functionality in Qt applications. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: ibus 1.5.17-3ubuntu5.1 ProcVersionSignature: Ubuntu 5.0.0-30.32~18.04.1-generic 5.0.21 Uname: Linux 5.0.0-30-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.7 Architecture: amd64 CurrentDesktop: KDE Date: Sat Sep 21 07:58:56 2019 InstallationDate: Installed on 2019-06-28 (84 days ago) InstallationMedia: Kubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) SourcePackage: ibus UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/glib/+bug/1844853/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1852282] Re: xenial/linux-azure: 4.15.0-1064.69 -proposed tracker
** Changed in: kernel-sru-workflow/promote-to-proposed Status: In Progress => Fix Committed ** Changed in: kernel-sru-workflow/promote-to-proposed Status: Fix Committed => Fix Released ** Changed in: kernel-sru-workflow/regression-testing Status: Confirmed => In Progress ** Description changed: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1852289 packages: main: linux-azure meta: linux-meta-azure signed: linux-signed-azure - phase: Promote to Proposed - phase-changed: Wednesday, 20. November 2019 08:01 UTC + phase: Testing + phase-changed: Monday, 25. November 2019 12:36 UTC + proposed-announcement-sent: true + proposed-testing-requested: true reason: - promote-to-proposed: Stalled -- copy FAILED regression-testing: Ongoing -- testing in progress security-signoff: Stalled -- waiting for signoff stakeholder-signoff: Stalled -- waiting for signoff verification-testing: Ongoing -- testing in progress trackers: trusty/linux-azure: bug 1852281 xenial/linux-azure-edge: bug 1852280 xenial/linux-azure/azure-kernel: bug 1852279 variant: debs -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1852282 Title: xenial/linux-azure: 4.15.0-1064.69 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: In Progress Status in Kernel SRU Workflow security-signoff series: In Progress Status in Kernel SRU Workflow stakeholder-signoff series: Confirmed Status in Kernel SRU Workflow verification-testing series: In Progress Status in linux-azure package in Ubuntu: Invalid Status in linux-azure source package in Xenial: Confirmed Bug description: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1852289 packages: main: linux-azure meta: linux-meta-azure signed: linux-signed-azure phase: Testing phase-changed: Monday, 25. November 2019 12:36 UTC proposed-announcement-sent: true proposed-testing-requested: true reason: regression-testing: Ongoing -- testing in progress security-signoff: Stalled -- waiting for signoff stakeholder-signoff: Stalled -- waiting for signoff verification-testing: Ongoing -- testing in progress trackers: trusty/linux-azure: bug 1852281 xenial/linux-azure-edge: bug 1852280 xenial/linux-azure/azure-kernel: bug 1852279 variant: debs To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1852282/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1852303] Re: xenial/linux-fips: 4.4.0-1026.31 -proposed tracker
** Description changed: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1852306 packages: main: linux-fips meta: linux-meta-fips signed: linux-signed-fips - phase: Ready for Promote to Proposed - phase-changed: Friday, 22. November 2019 19:02 UTC + phase: Promote to Proposed + phase-changed: Monday, 25. November 2019 12:31 UTC reason: - promote-signing-to-proposed: Stalled -- ready for review + promote-signing-to-proposed: Stalled -- review in progress variant: debs ** Changed in: kernel-sru-workflow/promote-signing-to-proposed Status: In Progress => Fix Committed ** Changed in: kernel-sru-workflow/regression-testing Status: New => Confirmed ** Changed in: kernel-sru-workflow/verification-testing Status: New => Confirmed ** Changed in: kernel-sru-workflow/promote-signing-to-proposed Status: Fix Committed => Fix Released ** Changed in: kernel-sru-workflow/regression-testing Status: Confirmed => In Progress ** Changed in: kernel-sru-workflow/verification-testing Status: Confirmed => In Progress ** Description changed: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1852306 packages: main: linux-fips meta: linux-meta-fips signed: linux-signed-fips - phase: Promote to Proposed - phase-changed: Monday, 25. November 2019 12:31 UTC + phase: Testing + phase-changed: Monday, 25. November 2019 12:37 UTC + proposed-announcement-sent: true + proposed-testing-requested: true reason: - promote-signing-to-proposed: Stalled -- review in progress + regression-testing: Ongoing -- testing in progress + verification-testing: Ongoing -- testing in progress variant: debs -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1852303 Title: xenial/linux-fips: 4.4.0-1026.31 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Invalid Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-signing-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: Invalid Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: In Progress Status in Kernel SRU Workflow security-signoff series: Invalid Status in Kernel SRU Workflow verification-testing series: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Invalid Bug description: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1852306 packages: main: linux-fips meta: linux-meta-fips signed: linux-signed-fips phase: Testing phase-changed: Monday, 25. November 2019 12:37 UTC proposed-announcement-sent: true proposed-testing-requested: true reason: regression-testing: Ongoing -- testing in progress verification-testing: Ongoing -- testing in progress variant: debs To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1852303/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1849004] Re: update-manager stopped loading update descriptions / changelog
This bug was fixed in the package update-manager - 1:16.04.17 --- update-manager (1:16.04.17) xenial; urgency=medium * Correctly detect the usage of a username in changelog URIs. (LP: #1849004) -- Brian Murray Mon, 11 Nov 2019 18:54:28 -0800 ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1849004 Title: update-manager stopped loading update descriptions / changelog Status in update-manager package in Ubuntu: Fix Released Status in update-manager source package in Xenial: Fix Released Bug description: Some time ago (~1-2 weeks) I notice, that update-manager no longer load description of updates. Message "Загрузка списка изменений..." (Russian message, do not know how it looks in English) never disappears. See screenshot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1849004/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1847815] Re: storage autopkgtest is flaky
This bug was fixed in the package systemd - 240-6ubuntu5.8 --- systemd (240-6ubuntu5.8) disco; urgency=medium [ Victor Tapia ] * d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch Fix regression introduced by resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch when DNSSEC=yes (LP: #1796501) [ Dan Streetman ] * d/p/lp1840640-shared-seccomp-add-sync_file_range2.patch: allow sync_file_range2 in nspawn container (LP: #1840640) * d/p/lp1847527-journal-remote-do-not-request-Content-Length-if-Tran.patch: do not request Content-Length if Transfer-Encoding is chunked (LP: #1847527) * d/t/storage: fix flaky test (LP: #1847815) * d/p/lp1843381-dell_passthrough_skip_rename_retry.patch, debian/extra/rules/73-usb-net-by-mac.rules: fix rename delay for systems using "Dell MAC passthrough" (LP: #1843381) * d/p/lp1849733/0001-resolved-if-we-can-t-append-EDNS-OPT-RR-then-indicat.patch, d/p/lp1849733/0002-resolved-don-t-let-EDNS0-OPT-dgram-size-affect-TCP.patch: ignore EDNS0 payload limit when responding over TCP (LP: #1849733) * d/p/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch: - Fix bug in refcounting TCP stream types (LP: #1849658) * d/extra/dhclient-enter-resolved-hook: - only restart resolved if dhclient conf changed (LP: #1805183) [ Balint Reczey ] * d/p/test-execute-Filter-dev-.lxc-in-exec-dynamicuser-statedir.patch: fix test breakage due to running in nested lxd container (LP: #1845337) -- Dan Streetman Fri, 04 Oct 2019 09:06:58 -0400 ** Changed in: systemd (Ubuntu Disco) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1847815 Title: storage autopkgtest is flaky Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Invalid Status in systemd source package in Bionic: Invalid Status in systemd source package in Disco: Fix Released Status in systemd source package in Eoan: Fix Released Bug description: [impact] the systemd autopkgtest 'storage' is flaky. [test case] look at the autopkgtest test log and see some of them are failures due to failing 'storage' test; on re-running the test is passes. [regression potential] only an autopkgtest fix; very low if any. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1847815/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1848716] Re: Add Ubuntu Focal as a known release
This bug was fixed in the package debootstrap - 1.0.95ubuntu0.5 --- debootstrap (1.0.95ubuntu0.5) bionic; urgency=medium * Add (Ubuntu) focal as a symlink to gutsy. (LP: #1848716) -- Łukasz 'sil2100' Zemczak Fri, 18 Oct 2019 14:14:04 +0100 ** Changed in: debootstrap (Ubuntu Bionic) Status: Fix Committed => Fix Released ** Changed in: debootstrap (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1848716 Title: Add Ubuntu Focal as a known release Status in debootstrap package in Ubuntu: Fix Released Status in debootstrap source package in Xenial: Fix Released Status in debootstrap source package in Bionic: Fix Released Status in debootstrap source package in Disco: Fix Released Status in debootstrap source package in Eoan: Fix Released Bug description: [Impact] Without this update users cannot generate focal chroots for development. [Test Case] Attempt to debootstrap focal. [Regression Potential] Very low, this simply introduces a suite specific script which is not used unless you attempt to create and Ubuntu Focal chroot. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1848716/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1853861] Re: [SRU] Unattended-upgrades silently does not apply updates when MinimalSteps is disabled and there are autoremovable kernels
** Also affects: unattended-upgrades (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: unattended-upgrades (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: unattended-upgrades (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: unattended-upgrades (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: unattended-upgrades (Ubuntu) Status: Confirmed => Fix Released ** Changed in: unattended-upgrades (Ubuntu Disco) Status: New => Fix Released ** Changed in: unattended-upgrades (Ubuntu Eoan) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1853861 Title: [SRU] Unattended-upgrades silently does not apply updates when MinimalSteps is disabled and there are autoremovable kernels Status in unattended-upgrades package in Ubuntu: Fix Released Status in unattended-upgrades source package in Xenial: New Status in unattended-upgrades source package in Bionic: New Status in unattended-upgrades source package in Disco: Fix Released Status in unattended-upgrades source package in Eoan: Fix Released Bug description: [Impact] * When autoremovable kernel packages are present on the system, there are updates to apply and Unattended-Upgrade::MinimalSteps is set to "false", the autoremovable kernel packages are not removed and the updates are not applied. * The root cause is u-u not cleaning the dirty cache between operations and also relying on having a cache with packages marked to be installed when applying updates in one shot. * The fix is clearing the cache between operations and marking packages before installing them in one shot. [Test Case] * Install kernel-related packages, mark them as automatically installed to make them auto-removable ones. * Downgrade a few packages to a version lower than what is present in the security pocket. * Set Unattended-Upgrade::MinimalSteps to "false": # echo 'Unattended-Upgrade::MinimalSteps "false";' > /etc/apt/apt.conf.d/51unattended-upgrades-oneshot * Run u-u: # unattended-upgrade --verbose --debug * Observe fixed versions removing the kernel packages properly and also upgrading packages. [Regression Potential] * The changes introduce marking packages to install/upgrade and clearing the cache more often. The added operations slow down u-u, but clearing the cache adds a few 100 milliseconds on typical hardware and marking upgradable packages is also in the same range. * Functional regressions are unlikely due to those changes since the fixes are present in 19.04 and later releases and the extensive autopkgtest also covers when upgrades are performed in minimal steps. [Other Info] * While this bug has a security impact by holding back installation of security updates I don't recommend releasing the fix via the security pocket because this bug occurs only when the local configuration file of u-u is changed and u-u does not hold back upgrades with UCF-managed config file conflicts. See: https://github.com/mvo5/unattended-upgrades/issues/168 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1853861/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1853881] [NEW] Xenial update: 4.4.203 upstream stable release
Public bug reported: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: 4.4.203 upstream stable release from git://git.kernel.org/ ** Affects: linux (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux (Ubuntu Xenial) Importance: Medium Assignee: Connor Kuehl (connork) Status: In Progress ** Tags: kernel-stable-tracking-bug ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Tags added: kernel-stable-tracking-bug ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: Confirmed => Invalid ** Changed in: linux (Ubuntu Xenial) Status: New => In Progress ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Connor Kuehl (connork) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1853881 Title: Xenial update: 4.4.203 upstream stable release Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: In Progress Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: 4.4.203 upstream stable release from git://git.kernel.org/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1853881/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1853063] Re: SQL injection and Persistent XSS in textile formatting
This bug was fixed in the package redmine - 3.4.4-1ubuntu0.1 --- redmine (3.4.4-1ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: persistent XSS exists due to textile formatting - debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way that html tags are identified to be escaped. (LP: #1853063) - CVE-2019-17427 - https://www.cvedetails.com/cve/CVE-2019-17427/ - Redmine Defect #31520 -- Paulo Flabiano Smorigo Mon, 25 Nov 2019 20:17:10 + ** Changed in: redmine (Ubuntu) Status: New => Fix Released ** Changed in: redmine (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1853063 Title: SQL injection and Persistent XSS in textile formatting Status in redmine package in Ubuntu: Fix Released Status in redmine source package in Precise: Invalid Status in redmine source package in Trusty: Invalid Status in redmine source package in Xenial: Fix Released Bug description: Two important CVEs were released and addressed by upstream: * Redmine Defect #31520: Persistent XSS in textile formatting (CVE-2019-17427) * Redmine Defect #32374: SQL injection vulnerability in Redmine < 3.4.0 (CVE-2019-18890) Those vulnerabilities were fixed in version 3.3.10. Here is the upstream changelog: https://www.redmine.org/projects/redmine/wiki/Changelog_3_3 Here is the diff of my Debian Stretch security update: https://salsa.debian.org/ruby- team/redmine/compare/debian%2F3.3.1-4+deb9u2...debian%2F3.3.1-4+deb9u3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/1853063/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp