[Bug 1733726] Re: package linux-headers-4.13.0-17-generic 4.13.0-17.20 failed to install/upgrade: subprocess installed post-installation script was killed by signal (Terminated)
sudo dpkg --configure -a Setting up linux-headers-4.13.0-17-generic (4.13.0-17.20) ... Examining /etc/kernel/header_postinst.d. run-parts: executing /etc/kernel/header_postinst.d/dkms 4.13.0-17-generic /boot/vmlinuz-4.13.0-17-generic Seems to stuck for me on a wait4: sudo strace -p9784 strace: Process 9784 attached wait4(9785, kriks: How did you fix this on your installation? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1733726 Title: package linux-headers-4.13.0-17-generic 4.13.0-17.20 failed to install/upgrade: subprocess installed post-installation script was killed by signal (Terminated) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1733726/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1197639] Re: Improper sanitization of terminal emulator escape sequences when displaying build log and build status
Precise debdiff. Tested install/upgrade on clean system. Tested with the testsuite from osc (tests/suite.py). Got some errors in TestCommit. Not sure if it might be a configuration thing. I got the same kind of errors for the patched and unpatched version. ** Patch added: lp1197639-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+attachment/3738442/+files/lp1197639-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197639 Title: Improper sanitization of terminal emulator escape sequences when displaying build log and build status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190491] Re: XML denial of service vulnerability
Quantal ruby-openid is already fixed through https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190491 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1197639] [NEW] Improper sanitization of terminal emulator escape sequences when displaying build log and build status
*** This bug is a security vulnerability *** Public security bug reported: A security flaw was found in the way osc displayed build logs and build status for particular build. A rogue repository server could use this flaw to modify window's title, or possibly execute arbitrary commands or overwrite files via a specially-crafted build log or build status output containing an escape sequence for a terminal emulator. Reference: https://bugzilla.novell.com/show_bug.cgi?id=749335 Upstream patch: https://github.com/openSUSE/osc/commit/effe3835ba65745f51dbb579af4ea3556d2ab597.patch ** Affects: osc (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1095 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197639 Title: Improper sanitization of terminal emulator escape sequences when displaying build log and build status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190491] Re: XML denial of service vulnerability
Precise debdiff. Tests done: - Builds with pbuilder - can install and upgrade cleanly - Tested with examples/rails_openid: creation of new identity worked without a problem. I could not start the second server with 'script/server --port=3001'. The application didn't understand the port part. The behaviour was the same for the patched and unpatched version. ** Patch added: lp1190491-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+attachment/3711870/+files/lp1190491-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190491 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190491] Re: XML denial of service vulnerability
Lucid debdiff. Tests done: - Builds with pbuilder - can install and upgrade cleanly - Tested with examples/rails_openid: creation of new identity and verifying via second instance worked without a problem. ** Patch added: lp1190491-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+attachment/3708618/+files/lp1190491-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190491 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190179] Re: XML denial of service vulnerability
Finally I managed to run the rails_openid example. I created a new empty rails2 application with 'rails openid' and copied the relevant files from the example to the new application. Like this I could start the example application and create a new identity. However I could not start the second server with 'script/server --port=3001'. The application didn't understand the port part. The behaviour was the same for the patched and unpatched version. What do you think? Do we need some additional testing for this patch? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190179 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190491] Re: XML denial of service vulnerability
It's the same vulnerability. As far as I see the package got renamed/moved from libopenid-ruby to ruby-openid on quantal. Since they are different packages I opened two bugs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190491 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190179] Re: XML denial of service vulnerability
New debdiff to correctly set Maintainer in debian/control. ** Patch added: lp1190179-quantal-1.debdiff https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+attachment/3702015/+files/lp1190179-quantal-1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190179 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190491] [NEW] XML denial of service vulnerability
*** This bug is a security vulnerability *** Public security bug reported: libopenid-ruby is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack. See: https://github.com/openid/ruby-openid/pull/43 Patch: https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed ** Affects: libopenid-ruby (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-1812 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190491 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libopenid-ruby/+bug/1190491/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190179] [NEW] XML denial of service vulnerability
*** This bug is a security vulnerability *** Public security bug reported: ruby-openid is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack. See: https://github.com/openid/ruby-openid/pull/43 Patch: https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed Raring and Saucy contain already the patch and are not vulnerable. ** Affects: ruby-openid (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-1812 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190179 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1190179] Re: XML denial of service vulnerability
Debdiff for quantal. Tests done: - Builds with pbuilder. - Can install and upgrade cleanly. ** Patch added: lp1190179-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+attachment/3701416/+files/lp1190179-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1190179 Title: XML denial of service vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-openid/+bug/1190179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1186860] Re: Hash collision vulnerability in xml-light
Precise debdiff with right version. ** Patch added: lp1186860-precise-1.debdiff https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3695033/+files/lp1186860-precise-1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1186860] Re: Hash collision vulnerability in xml-light
Lucid debdiff with right version. Tests done on both debdiffs: Builds with pbuilder. Can install and upgrade cleanly. Parses simple xml files (tests done with included test.ml) ** Patch added: lp1186860-lucid-1.debdiff https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3695043/+files/lp1186860-lucid-1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1186860] Re: Hash collision vulnerability in xml-light
Lucid patch. I'm not sure if the versioning is right, since now precise and lucid have the same version? ** Patch added: lp1186860-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3693335/+files/lp1186860-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1186860] Re: Hash collision vulnerability in xml-light
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3514 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1186860] [NEW] Hash collision vulnerability in xml-light
*** This bug is a security vulnerability *** Public security bug reported: OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors. Note: Quantal, Raring and Saucy are already fixed. ** Affects: xml-light (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1186860] Re: Hash collision vulnerability in xml-light
Precise patch ** Patch added: lp1186860-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3693254/+files/lp1186860-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1182769] Re: Buffer Overflow in MASI loader
Debdiff for Raring. ** Patch added: lp1182769-raring.debdiff https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+attachment/3689473/+files/lp1182769-raring.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1182769 Title: Buffer Overflow in MASI loader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1182769] Re: Buffer Overflow in MASI loader
Debdiff for Precise ** Patch added: lp1182769-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+attachment/3689475/+files/lp1182769-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1182769 Title: Buffer Overflow in MASI loader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1182769] Re: Buffer Overflow in MASI loader
The version in Saucy (3.4.0-3) is already patched. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1182769 Title: Buffer Overflow in MASI loader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1182769] Re: Buffer Overflow in MASI loader
Debdiff for Quantal ** Patch added: lp1182769-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+attachment/3689474/+files/lp1182769-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1182769 Title: Buffer Overflow in MASI loader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1182769] [NEW] Buffer Overflow in MASI loader
*** This bug is a security vulnerability *** Public security bug reported: There is a parsing buffer overflow vulnerability in the MASI loader of xmb. The vulnerability is caused due to a boundary error when parsing MASI files, which can be exploited to cause a buffer overflow. The vulnerability is reported in versions prior to 4.1.0. Changelog: http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view Commit: http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40/ ** Affects: xmp (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-1980 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1182769 Title: Buffer Overflow in MASI loader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmp/+bug/1182769/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1166649] Re: Multiple open vulnerabilities in tomcat6 in quantal and raring
Sitting too long on this patch for quantal and could not really enable the testsuite I thought I just drop it here. Even with some hints from jamespage I could not run the built in tests and didn't really had enough time to look further in it. The changes are all done as in upstream and it builds and installs fine. Didn't see any problems from basic testing. ** Patch added: lp1166649-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+attachment/3682137/+files/lp1166649-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/1166649 Title: Multiple open vulnerabilities in tomcat6 in quantal and raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1166649] Re: Multiple open vulnerabilities in tomcat6 in quantal and raring
Sitting too long on this patch for quantal and could not really enable the testsuite I thought I just drop it here. Even with some hints from jamespage I could not run the built in tests and didn't really had enough time to look further in it. The changes are all done as in upstream and it builds and installs fine. Didn't see any problems from basic testing. ** Patch added: lp1166649-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+attachment/3682137/+files/lp1166649-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1166649 Title: Multiple open vulnerabilities in tomcat6 in quantal and raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1166649] [NEW] Multiple open vulnerabilities in tomcat6 in quantal and raring
*** This bug is a security vulnerability *** Public security bug reported: Tomcat6 on quantal and raring include multiple vulnerabilities. See http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat6.html ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2733 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3546 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4431 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4534 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5885 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5886 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5887 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/1166649 Title: Multiple open vulnerabilities in tomcat6 in quantal and raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1166649] Re: Multiple open vulnerabilities in tomcat6 in quantal and raring
I prepared a patch but want to test it first. Is there a testsuite available in tomcat6 and is it enabled? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/1166649 Title: Multiple open vulnerabilities in tomcat6 in quantal and raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1166649] [NEW] Multiple open vulnerabilities in tomcat6 in quantal and raring
*** This bug is a security vulnerability *** Public security bug reported: Tomcat6 on quantal and raring include multiple vulnerabilities. See http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat6.html ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2733 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3546 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4431 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4534 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5885 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5886 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5887 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1166649 Title: Multiple open vulnerabilities in tomcat6 in quantal and raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1166649] Re: Multiple open vulnerabilities in tomcat6 in quantal and raring
I prepared a patch but want to test it first. Is there a testsuite available in tomcat6 and is it enabled? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1166649 Title: Multiple open vulnerabilities in tomcat6 in quantal and raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1166649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Jamie, There seems to be a problem with the updated package. See https://plus.google.com/112659624466139657672/posts/cMaEhQbcdGL I guess the precise package cause the problem. Was there anything added regarding startup? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Jamie, There seems to be a problem with the updated package. See https://plus.google.com/112659624466139657672/posts/cMaEhQbcdGL I guess the precise package cause the problem. Was there anything added regarding startup? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
This is the precise patch. Hopefully it goes smoother this time ;) Note that I got certificate errors when I run the testsuite (in TestClientCert.BIO.txt, TestClientCert.NIO.txt, TestCustomSSL.BIO.txt, TestCustomSSL.NIO.txt, TestSSL.BIO.txt and TestSSL.NIO.txt). However I got the exact same errors/failures already before my changes applied. ** Patch added: lp1115053-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3586475/+files/lp1115053-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
This is the precise patch. Hopefully it goes smoother this time ;) Note that I got certificate errors when I run the testsuite (in TestClientCert.BIO.txt, TestClientCert.NIO.txt, TestCustomSSL.BIO.txt, TestCustomSSL.NIO.txt, TestSSL.BIO.txt and TestSSL.NIO.txt). However I got the exact same errors/failures already before my changes applied. ** Patch added: lp1115053-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3586475/+files/lp1115053-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1154502] Re: Multiple open vulnerabilities in tinyproxy
quantal and raring are not affected by any of these vulnerabilities. Both already include all the needed fixes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1154502 Title: Multiple open vulnerabilities in tinyproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1154502/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1154502] [NEW] Multiple open vulnerabilities in tinyproxy
*** This bug is a security vulnerability *** Public security bug reported: There are multiple open vulnerabilities (security bypass, DoS) in tinyproxy affecting lucid up to raring. ** Affects: tinyproxy (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1499 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1843 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3505 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1154502 Title: Multiple open vulnerabilities in tinyproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1154502/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1154502] Re: Multiple open vulnerabilities in tinyproxy
Note that CVE-2011-1499 and CVE-2011-1843 don't affect precise (higher version than the vulnerable one). Hence just added patch for CVE-2012-3505. ** Patch added: lp1154502-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1154502/+attachment/3571700/+files/lp1154502-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1154502 Title: Multiple open vulnerabilities in tinyproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1154502/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
I rewrote the description on CVE-2012-3439.patch and fixed the whitespace changes in CVE-2012-0022.patch as far as I saw them. CVE-2012-3439 gave me quite some headache since the testcases upstream changed already before a lot and it was hard to adopt to the oneiric version. Either I would have to try to backport all the changes from upstream which might mean to change more or less the whole TesterDigestAuthenticatorPerformance.java and cause some further errors because of some changes done somewhere else. Or I leave the testcases as they are and just adopt the needed changes made in the methods in DigestAuthenticator.java. I went with the second option since the actual security bug was patched in DigestAuthenticator.java. This let me omit the inclusion of ConcurrentMessageDigest.java since this class is just used in the updated testcases. I think it was the rigth decision but let me know if you think different. This just as an additional information to the DEP-3 description in CVE-2012-3439.patch. ** Patch added: lp1115053-oneiric-5.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3571362/+files/lp1115053-oneiric-5.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
I rewrote the description on CVE-2012-3439.patch and fixed the whitespace changes in CVE-2012-0022.patch as far as I saw them. CVE-2012-3439 gave me quite some headache since the testcases upstream changed already before a lot and it was hard to adopt to the oneiric version. Either I would have to try to backport all the changes from upstream which might mean to change more or less the whole TesterDigestAuthenticatorPerformance.java and cause some further errors because of some changes done somewhere else. Or I leave the testcases as they are and just adopt the needed changes made in the methods in DigestAuthenticator.java. I went with the second option since the actual security bug was patched in DigestAuthenticator.java. This let me omit the inclusion of ConcurrentMessageDigest.java since this class is just used in the updated testcases. I think it was the rigth decision but let me know if you think different. This just as an additional information to the DEP-3 description in CVE-2012-3439.patch. ** Patch added: lp1115053-oneiric-5.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3571362/+files/lp1115053-oneiric-5.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Finally the tests run without any errors. I hope everything is okay now with the patch. Thanks for your patience anyway. ** Patch added: lp1115053-oneiric-4.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3557794/+files/lp1115053-oneiric-4.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Finally the tests run without any errors. I hope everything is okay now with the patch. Thanks for your patience anyway. ** Patch added: lp1115053-oneiric-4.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3557794/+files/lp1115053-oneiric-4.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
I updated the DEP-3 comments according to your input. I hope it's easier now to understand the patches I made. For some patches I didn't find the according upstream bugs so I left them out. As far as I see is the Bug- field optional. The testsuite additions are now included. I got one error (failure in TestAsyncContextImpl) when I run the tests. However I could not determine the error to any changes of my patch. I ran the tests in a VM and wondering if that might cause the problem. Let me know if there are some further problems. Thanks. ** Patch added: lp1115053-oneiric-3.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3549166/+files/lp1115053-oneiric-3.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
I updated the DEP-3 comments according to your input. I hope it's easier now to understand the patches I made. For some patches I didn't find the according upstream bugs so I left them out. As far as I see is the Bug- field optional. The testsuite additions are now included. I got one error (failure in TestAsyncContextImpl) when I run the tests. However I could not determine the error to any changes of my patch. I ran the tests in a VM and wondering if that might cause the problem. Let me know if there are some further problems. Thanks. ** Patch added: lp1115053-oneiric-3.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3549166/+files/lp1115053-oneiric-3.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
I see. Thanks for the further comments. I will see that I can fix this and prepare a new debdiff. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
I see. Thanks for the further comments. I will see that I can fix this and prepare a new debdiff. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Jamie, Thanks for the info. There is a fix for CVE-2012-2733 for tomcat7 from upstream (see http://svn.apache.org/viewvc?view=revisionrevision=1350301). Did you see the new debdiff for oneiric in comment #5? All the fixes for the CVEs I am aware of should be in it (as well CVE-2012-2733). Please let me know if the changelog is okay like that and of course if there are any other improvements/changes I should make. As soon as that one is approved I will upload the precise debdiff. Thanks -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Jamie, Thanks for the info. There is a fix for CVE-2012-2733 for tomcat7 from upstream (see http://svn.apache.org/viewvc?view=revisionrevision=1350301). Did you see the new debdiff for oneiric in comment #5? All the fixes for the CVEs I am aware of should be in it (as well CVE-2012-2733). Please let me know if the changelog is okay like that and of course if there are any other improvements/changes I should make. As soon as that one is approved I will upload the precise debdiff. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Here is an updated debdiff with all the fixes. Please note: CVE-2011-4858 is resolved through patch for CVE-2012-0022. CVE-2012-5568 is seen as a non-issue for tomcat (see http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat) Is the formating of the changelog okay like this? ** Patch added: lp1115053-oneiric-2.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3523657/+files/lp1115053-oneiric-2.debdiff ** Changed in: tomcat7 (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
From CVE-2012-2733 on Precise is affected too. Should I create a new bug for it or add a future debdiff here? As well some CVEs affect as well tomcat6. Same question: new bug or add here? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Here is an updated debdiff with all the fixes. Please note: CVE-2011-4858 is resolved through patch for CVE-2012-0022. CVE-2012-5568 is seen as a non-issue for tomcat (see http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat) Is the formating of the changelog okay like this? ** Patch added: lp1115053-oneiric-2.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3523657/+files/lp1115053-oneiric-2.debdiff ** Changed in: tomcat7 (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
From CVE-2012-2733 on Precise is affected too. Should I create a new bug for it or add a future debdiff here? As well some CVEs affect as well tomcat6. Same question: new bug or add here? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Yeah, I will look that I can prepare one debdiff with all the fixes. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115902] Re: NULL Pointer Denial of Service Vulnerability
Raring fix ** Patch added: lplp1115902-raring.debdiff https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+attachment/3515420/+files/lplp1115902-raring.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115902 Title: NULL Pointer Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115902] Re: NULL Pointer Denial of Service Vulnerability
Daniel, As in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 they have already a patch. Don't really see why it is not applied. ** Bug watch added: Debian Bug tracker #693210 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115902 Title: NULL Pointer Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Yeah, I will look that I can prepare one debdiff with all the fixes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115902] Re: NULL Pointer Denial of Service Vulnerability
Precise fix ** Patch added: lp1115902-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+attachment/3516567/+files/lp1115902-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115902 Title: NULL Pointer Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115902] Re: NULL Pointer Denial of Service Vulnerability
Oneiric fix ** Patch added: lp1115902-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+attachment/3516579/+files/lp1115902-oneiric.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115902 Title: NULL Pointer Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] [NEW] Parameter Handling Denial of Service in Oneiric
*** This bug is a security vulnerability *** Public security bug reported: Oneiric tomcat7 (version 7.0.21-1) has the following vulnerability: Apache Tomcat is prone to a denial-of-service vulnerability. Attacker may leverage this issue to consume an excessive amount of CPU resources, causing a denial-of-service condition. See: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23 This vulnerability effects just oneiric. ** Affects: tomcat7 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0022 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
** Patch added: lp1115053-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3514213/+files/lp1115053-oneiric.debdiff ** Changed in: tomcat7 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] [NEW] Parameter Handling Denial of Service in Oneiric
*** This bug is a security vulnerability *** Public security bug reported: Oneiric tomcat7 (version 7.0.21-1) has the following vulnerability: Apache Tomcat is prone to a denial-of-service vulnerability. Attacker may leverage this issue to consume an excessive amount of CPU resources, causing a denial-of-service condition. See: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23 This vulnerability effects just oneiric. ** Affects: tomcat7 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0022 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
** Patch added: lp1115053-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3514213/+files/lp1115053-oneiric.debdiff ** Changed in: tomcat7 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115902] [NEW] NULL Pointer Denial of Service Vulnerability
*** This bug is a security vulnerability *** Public security bug reported: TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query. Upstream patch: http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702revision=54702view=revision ** Affects: firebird2.5 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5529 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115902 Title: NULL Pointer Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115902] Re: NULL Pointer Denial of Service Vulnerability
Quantal fix ** Patch added: lp1115902-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+attachment/3515331/+files/lp1115902-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115902 Title: NULL Pointer Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1115902/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100188] Re: Unsafe Query Generation Risk in Ruby on Rails
Patch for quantal 3.2.x serie ** Patch added: lp1100188-quantal-3.2.debdiff https://bugs.launchpad.net/ubuntu/+source/ruby-activerecord-3.2/+bug/1100188/+attachment/3485936/+files/lp1100188-quantal-3.2.debdiff ** Changed in: ruby-activerecord-3.2 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100188 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activerecord-3.2/+bug/1100188/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
Patch for quantal ** Patch added: lp1100162-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+attachment/3485947/+files/lp1100162-quantal.debdiff ** Changed in: ruby-actionpack-3.2 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100188] [NEW] Unsafe Query Generation Risk in Ruby on Rails
*** This bug is a security vulnerability *** Public security bug reported: There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. Versions Affected: 3.x series Not affected: 2.x series See also: http://www.openwall.com/lists/oss-security/2013/01/08/13 ** Affects: ruby-activerecord-3.2 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0155 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100188 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activerecord-3.2/+bug/1100188/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100188] Re: Unsafe Query Generation Risk in Ruby on Rails
According to https://groups.google.com/forum/?fromgroups=#!topic /rubyonrails-security/c7jT-EeN9eI all version (as well 2.x) is affected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100188 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-activerecord-3.2/+bug/1100188/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
According to https://groups.google.com/forum/?fromgroups=#!topic /rubyonrails-security/c7jT-EeN9eI all version (as well 2.x) is affected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] [NEW] Unsafe Query Generation Risk in Ruby on Rails
*** This bug is a security vulnerability *** Public security bug reported: There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. Versions Affected: 3.x series Not affected: 2.x series See also: http://www.openwall.com/lists/oss-security/2013/01/08/13 ** Affects: ruby-actionpack-3.2 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1100162] Re: Unsafe Query Generation Risk in Ruby on Rails
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0155 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1100162 Title: Unsafe Query Generation Risk in Ruby on Rails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-3.2/+bug/1100162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
Oneiric patch ** Patch added: lp1092412-oneiric.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/xymon/+bug/1092412/+attachment/3483728/+files/lp1092412-oneiric.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
Lucid patch ** Patch added: lp1092412-lucid.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/xymon/+bug/1092412/+attachment/3483729/+files/lp1092412-lucid.debdiff ** Changed in: xymon (Ubuntu Oneiric) Status: New = Confirmed ** Changed in: xymon (Ubuntu Lucid) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
This is the new patch with the changes according to the feedback. ** Patch added: lp1092412-2-precise.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/xymon/+bug/1092412/+attachment/3479187/+files/lp1092412-2-precise.debdiff ** Changed in: xymon (Ubuntu Precise) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
Thanks for the review. Yes some of the other patches apply with fuzz already before my patch added and there was no change in the behavior befor and after my patch. There is no particular reason for adding my patch at the head of the series other than using 'quilt new x' which put it on top. I will move it down to the bugfix section. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
** Changed in: xymon (Ubuntu Precise) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
This is a backported patch for precise. It's based on the changes made upstream (from 4.3.0 to 4.3.1). I hope I didn't miss anything. As well please check if the new versioning is right. ** Patch added: lp1092412-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+attachment/3472385/+files/lp1092412-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] [NEW] Xymon Multiple XSS
*** This bug is a security vulnerability *** Public security bug reported: Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. ** Affects: xymon (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1092412] Re: Xymon Multiple XSS
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1716 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1092412 Title: Xymon Multiple XSS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1092412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1088355] Re: Information disclosure Vulnerability
Second try for the precise debdiff. Let me know if everything is correct now. Specially with the link to the upstream fix from my comment before. Thanks. ** Patch added: lp1088355-2-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355/+attachment/3462639/+files/lp1088355-2-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1088355 Title: Information disclosure Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1088355] Re: Information disclosure Vulnerability
Thanks for the infos. I will prepare another patch which should reflect your input. One question about your last comment. Did you mean add the link to the upstream fix to the debian/changelog file or create a new debian/changes file since there is no such file yet? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1088355 Title: Information disclosure Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1088355] Re: Information disclosure Vulnerability
Please check the attached precise patch. Since the package doesn't have a patch system. So let me know if I have to change anything. Tested: Upgrading, retested that bug is corrected (unclean disconnect) ** Patch added: lp1088355-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355/+attachment/3458910/+files/lp1088355-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1088355 Title: Information disclosure Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
And the last patch for lucid. Since this is my first security bug fix let me know if I missed something or can improve anything. ** Patch added: lp1083414-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3455964/+files/lp1083414-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1088355] [NEW] Information disclosure Vulnerability
*** This bug is a security vulnerability *** Public security bug reported: There is a information disclosure vulnerability in dtach. There is a upstream fix available (http://sourceforge.net/tracker/download.php?group_id=36489atid=417357file_id=441195aid=3517812). The versions in raring and quantal are not vulnerable since they are on the latest version (0.8-2.1) including the patch for this vulnerability. ** Affects: dtach (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3368 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1088355 Title: Information disclosure Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Patch added: lp1083414-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3453631/+files/lp1083414-oneiric.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Patch added: lp1083414-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3452777/+files/lp1083414-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Patch added: lp1083414-quantal.debdiff https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3450319/+files/lp1083414-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs