[Bug 1844805] Re: virtualbox, virtualbox-dkms, virtualbox-qt fail during upgrade from 19.04 to 19.10
Update: I did *not* run into this bug again while doing do-release- upgrade from 19.04 to 19.10 today -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1844805 Title: virtualbox, virtualbox-dkms, virtualbox-qt fail during upgrade from 19.04 to 19.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1844805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 987707] Re: gvim in Precise can't connect to ibus and takes a long time to load
Since for me the problem is just running gvim from a terminal, I have a workaround for that: Add this to your ~/.bashrc file function gvim() { nohup /usr/bin/gvim -f "$@" >& /dev/null } -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/987707 Title: gvim in Precise can't connect to ibus and takes a long time to load To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/987707/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)
Right - well the impact / if this is even a security "bug" is going to be up to the user. Personally, I don't see why the methods are exposed without good reason - is it a requirement that they are exposed? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 858878] Re: lack of csrf protection in cobbler-web
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/858878 Title: lack of csrf protection in cobbler-web To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858878/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 858875] Re: a some what odd configuration in cobbler.wsgi
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/858875 Title: a some what odd configuration in cobbler.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858875/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 858883] Re: "Management Parameters" (for example a system) which can be set in the web interface can result in arbitrary code execution on the host due to the use of yaml.loads instead of yaml.sa
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/858883 Title: "Management Parameters" (for example a system) which can be set in the web interface can result in arbitrary code execution on the host due to the use of yaml.loads instead of yaml.safe_loads in item.py on line 248: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 861261] [NEW] restore nested login in gdm
Public bug reported: Hi, I am a long time user of gdm nested logins. However, they do not exist in gdm3 :( . Before I created new logins via the command "gdmflexiserver -n" which would bring up another gdm login window inside a Xephyr container. This functionality is rather useful, partly because there isn't an apparmor XACE implementation at the present time and party because it is (in general) a useful thing :p There is a bug filed in the upstream at https://bugzilla.gnome.org/show_bug.cgi?id=624370 with a patch to restore the functionality it would be awesome if this was applied in ubuntu! ** Affects: gdm (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/861261 Title: restore nested login in gdm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/861261/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826672] Re: /tmp debug file sillyness
Well the bug is that on systems which do not run with the YAMA kernel patch(i.e. most non-ubuntu systems) the use of the debug file in the /tmp directory could result in extra unwanted data being appended to $random file(if /tmp/dhclient-script.debug is actually a symbolic link). IMHO recording the debug output to syslog would be a better idea. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826672 Title: /tmp debug file sillyness To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/826672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826672] [NEW] /tmp debug file sillyness
Public bug reported: dhcp3 (also known as isc-dhcp) when you enable 'debug' (set RUN="yes") in the /etc/dhcp/dhclient-enter-hooks.d/debug file blindly appends data to whatever is at /tmp/dhclient-script.debug ... this seems rather silly. ** Affects: dhcp3 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826672 Title: /tmp debug file sillyness To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/826672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 811119] Re: python-foomatic command injection.
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/89 Title: python-foomatic command injection. To manage notifications about this bug go to: https://bugs.launchpad.net/foomatic-filters-ppds/+bug/89/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782862] Re: Insecure temporary file creation in strace option
** Changed in: f-spot (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782862 Title: Insecure temporary file creation in strace option To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/f-spot/+bug/782862/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 805363] Re: this just looks "sus"
Please close this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/805363 Title: this just looks "sus" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/805363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 805363] Re: this just looks "sus"
Actually it isn't so suspect ... it appears that /usr/bin/hp-hpdio is the other-side (and it does the pickle dumping). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/805363 Title: this just looks "sus" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/805363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782372] Re: Insecure temporary file creation in byobu-config
** Also affects: byobu (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782372 Title: Insecure temporary file creation in byobu-config To manage notifications about this bug go to: https://bugs.launchpad.net/byobu/+bug/782372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 805363] [NEW] this just looks "sus"
Public bug reported: I did a grep in /usr/sbin for "python" and found hpssd. There is one function which just looks odd. It is the following one: # Qt4 only def handle_hpdio_event(event, bytes_written): log.debug("Reading %d bytes from hpdio pipe..." % bytes_written) total_read, data = 0, '' while True: r, w, e = select.select([r3], [], [r3], 0.0) if not r: break x = os.read(r3, PIPE_BUF) if not x: break data = ''.join([data, x]) total_read += len(x) if total_read == bytes_written: break log.debug("Read %d bytes" % total_read) if total_read == bytes_written: dq = loads(data) if check_device(event.device_uri) == ERROR_SUCCESS: devices[event.device_uri].dq = dq.copy() handle_event(device.Event(event.device_uri, '', dq.get('status-code', STATUS_PRINTER_IDLE), prop.username, 0, '')) send_toolbox_event(event, EVENT_DEVICE_UPDATE_REPLY) At the top of this python module it imported loads from cPickle(from cPickle import loads, HIGHEST_PROTOCOL). The function might get called if the event code is an EVENT_DEVICE_UPDATE_REPLY[1] The data that is loaded comes from r3 which is a global set in run() to be read_pipe3. (the comment in the function definition of run() states the following about read_pipe3 "read pipe from hpdio"). I am assuming that hpdio is the _physical_ hardware ... maybe it isn't and the pickle loads call is on data which was dumped safely by a trusted entity ? [1] (see the function handle_event for the rest of the context regarding the following code elif event.event_code == EVENT_DEVICE_UPDATE_REPLY: bytes_written = int(more_args[1]) handle_hpdio_event(event, bytes_written) ) ** Affects: hplip (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/805363 Title: this just looks "sus" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/805363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 791166] Re: weak temp admin password generation
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/791166 Title: weak temp admin password generation -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 777804] Re: persistent xss possible - requires commit access
The requirement on commit access for this to be an issue vastly reduces the impact and severity of this issue. ** Visibility changed to: Private -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/777804 Title: persistent xss possible - requires commit access -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 777801] Re: xss and other bugs ...
It isn't likely that an extended period of "being private" would server anyone's benefit so I have make this public. I have made attempts to contact the developer - but none have received any kind of response. ** Visibility changed to: Public ** Description changed: Binary package hint: ntop - the ntop package despite being really buggy - also is vulnerable to xss and probably many other kinds of web security bugs. - I am reporting two xss bugs below. /me ./sleeps + the ntop package despite being really buggy - also is vulnerable to xss and probably many other kinds of web security bugs. + I am reporting two xss bugs below. http://XXX:3000/editPrefs.html?key=hostname.10.0.&val=%22/%3E%3Cbody%20onload=alert%281%29%3Ealert%281%29%3B%3C%2Fscript%3E&x=0&y=0 http://:3000/editPrefs.html?key=hostname.ff02%3A%3A1&val=%22/%3E%3Cbody%20onload=alert%281%29%3E recommendation - 1. don't use get to set stuff you use post for that... :/ 2. use csrf tokens. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/777801 Title: xss and other bugs ... -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 777804] Re: persistent xss possible - requires commit access
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/777804 Title: persistent xss possible - requires commit access -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 389435] Re: pidgeon wont completely open
** Attachment added: "Dependencies.txt" http://launchpadlibrarian.net/28112001/Dependencies.txt ** Attachment added: "ProcMaps.txt" http://launchpadlibrarian.net/28112002/ProcMaps.txt ** Attachment added: "ProcStatus.txt" http://launchpadlibrarian.net/28112003/ProcStatus.txt -- pidgeon wont completely open https://bugs.launchpad.net/bugs/389435 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 389435] [NEW] pidgeon wont completely open
Public bug reported: Binary package hint: pidgin only the small icon opens..the buddy list will appear but remains blank ubuntu 8.04 i do not know enuf to provide further all programing installed by free geek in pdx or ProblemType: Bug Architecture: i386 Date: Fri Jun 19 03:46:52 2009 DistroRelease: Ubuntu 8.04 ExecutablePath: /usr/bin/pidgin Package: pidgin 1:2.4.1-1ubuntu2.4 PackageArchitecture: i386 ProcEnviron: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pidgin Uname: Linux 2.6.24-24-generic i686 ** Affects: pidgin (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug -- pidgeon wont completely open https://bugs.launchpad.net/bugs/389435 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 64146] Canon Powershot G7
*** This bug is a duplicate of bug 67532 *** https://bugs.launchpad.net/bugs/67532 I had the same problem with a Canon Powershot G7 This was fixed in the same was as the previous posts: lsusb ouput: Bus 005 Device 004: ID 04a9:3125 Canon, Inc. Added this line to /etc/udev/rules.d/45-libgphoto2.rules SYSFS{idVendor}=="04a9", SYSFS{idProduct}=="3125", MODE="0660", GROUP="plugdev" and restarted udev - this has been documented well in the comments above. Now everything works peachy. -- "Could not claim the IO device": Canon IXUS 65, Edgy https://bugs.launchpad.net/bugs/64146 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs