[Bug 1970779] Re: Upgrade to 2.36.7 for Focal and Jammy
** Summary changed: - Upgrade to 2.36.6 for Focal and Jammy + Upgrade to 2.36.7 for Focal and Jammy ** Description changed: - I want to upgrade the versions in Focal and Jammy to 2.36.6 to fix + I want to upgrade the versions in Focal and Jammy to 2.36.7 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to - CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293, CVE-2022-30294, CVE-2022-32792 and CVE-2022-32816. + CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293, CVE-2022-30294, CVE-2022-32792, CVE-2022-32816 and CVE-2022-32893. Debian released an advisory on April 8. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-32893 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.7 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.6 for Focal and Jammy
Test plan: 1. Add my PPA (https://launchpad.net/~luis220413/+archive/ubuntu/security-updates/) to a test system running Ubuntu 20.04 or 22.04 (both releases must be tested). 2. Install cog with "sudo apt install cog" 3. Run cog -P x11 https://ubuntu.com/ 4. Run cog -P headless https://ubuntu.com/ 5. Run the following commands: $ sudo snap install --classic snapcraft $ git clone https://gitlab.com/ist199099/wpe-webkit-snap $ cd wpe-webkit-snap $ snapcraft Running cog -P wl https://ubuntu.com/ does not work on my Ubuntu 22.04 VM: wl_registry@2: error 0: invalid version for global wl_seat (15): have 5, wanted 7 (cog:16279): Cog-WARNING **: 17:47:19.437: Platform setup failed: Could not initialize EGL (0x3001) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.6 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.6 for Focal and Jammy
There are 3 snaps that contain WPE WebKit: * https://snapcraft.io/wpe-webkit-mir-kiosk-with-delay * https://snapcraft.io/wpe-webkit-mir-kiosk * https://snapcraft.io/wpe-webkit-libs ** Changed in: wpewebkit (Ubuntu Focal) Status: New => Confirmed ** Changed in: wpewebkit (Ubuntu Jammy) Status: New => Confirmed ** Description changed: - [To be updated on August 8] - I want to upgrade the versions in Focal and Jammy to 2.36.6 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293, CVE-2022-30294, CVE-2022-32792 and CVE-2022-32816. Debian released an advisory on April 8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.6 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.6 for Focal and Jammy
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-32792 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-32816 ** Description changed: [To be updated on August 8] I want to upgrade the versions in Focal and Jammy to 2.36.6 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to - CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. + CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293, CVE-2022-30294, CVE-2022-32792 and CVE-2022-32816. Debian released an advisory on April 8. ** Changed in: wpewebkit (Ubuntu) Status: Fix Committed => In Progress ** Changed in: wpewebkit (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.6 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
WPE WebKit 2.36.6 was released today and I will package it next week (August 8-14). ** Summary changed: - Upgrade to 2.36.4 for Focal and Jammy + Upgrade to 2.36.6 for Focal and Jammy ** Description changed: - I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix + [To be updated on August 8] + + I want to upgrade the versions in Focal and Jammy to 2.36.6 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.6 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
As I mentioned in the #ubuntu-security channel, to guarantee that we are not introducing issues, in addition to testing the package, only consider the changes in the Debian packaging tarball (ignoring the upstream changes). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
The patched source packages build successfully on all architectures. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
Impish will reach end-of-life tomorrow. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
** Description changed: - I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to - fix security issues and other bugs, as well as adding features that - increase compatibility with current websites. + I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix + security issues and other bugs, as well as adding features that increase + compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. - - The version in Impish is vulnerable to - CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-22662, CVE-2022-22677, CVE-2022-26710, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. ** Summary changed: - Upgrade to 2.36.4 for Focal, Impish and Jammy + Upgrade to 2.36.4 for Focal and Jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
Given the first paragraph of comment #18, I just converted this bug back into a security update. ** Description changed: I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-22662, CVE-2022-22677, CVE-2022-26710, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. - - [Test Plan] - For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly. - - [Where problems could occur] - There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive. ** Changed in: wpewebkit (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968922] Re: libnss3 is affected by CVE-2022-22747
Fixed in versions 2:3.35-2ubuntu2.15 (18.04), 2:3.49.1-1ubuntu1.8 (20.04) and 2:3.68-1ubuntu1.2 (21.10). The version in Ubuntu 22.04 is not vulnerable. ** Changed in: nss (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1968922 Title: libnss3 is affected by CVE-2022-22747 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1968922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22662 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22677 ** Description changed: I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to - CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. + CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-22662, CVE-2022-22677, CVE-2022-26710, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to - CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. + CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. [Test Plan] For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly. [Where problems could occur] There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26710 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
Patched packages are building in my PPA: https://launchpad.net/~luis220413/+archive/ubuntu/security-updates. ** Summary changed: - Upgrade to 2.36.3 for Focal, Impish and Jammy + Upgrade to 2.36.4 for Focal, Impish and Jammy ** Description changed: - I want to upgrade the versions in Focal, Impish and Jammy to 2.36.3 to + I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. [Test Plan] For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly. [Where problems could occur] There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
Version 2.36.4 was released today. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
The upstream project recommends updating the versions of WPE WebKit, especially when they include fixes for known security issues: https://lists.webkit.org/pipermail/webkit-wpe/2022-June/000522.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
I have sent an email to the upstream mailing list (webkit-wpe) asking if anyone is using the WPE WebKit packages in Ubuntu in production: https://lists.webkit.org/pipermail/webkit-wpe/2022-June/000520.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968922] Re: libnss3 is affected by CVE-2022-22747
I requested to the security team that this CVE be fixed in Ubuntu and Marc Deslauriers (from the security team) replied: We rated this CVE priority to be "low", which means we will not fix it until more important security issues come up in NSS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1968922 Title: libnss3 is affected by CVE-2022-22747 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1968922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968922] Re: libnss3 is affected by CVE-2022-22747
Version 2:3.49.1-1ubuntu1.7 was released after this bug was reported and does not contain a fix for this CVE. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1968922 Title: libnss3 is affected by CVE-2022-22747 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1968922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
We can use cog for testing that the CVEs are fixed, if necessary. Due to the exception in comment #18, I believe that this bug can go through the security sponsoring process. The snap https://snapcraft.io/wpe-webkit-mir-kiosk has been installed/used recently by a substantial number of users (according to the "Where people are using" map) and uses an outdated version of WPE WebKit (2.30.5), but still later than the version currently in 20.04: https://gitlab.com/glancr/wpe-webkit- snap/-/blob/main/snap/snapcraft.yaml#L167 Please publish patched packages immediately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
** Changed in: wpewebkit (Ubuntu) Assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
I have just transformed this bug into an Stable Release Update bug. ** Description changed: I want to upgrade the versions in Focal, Impish and Jammy to 2.36.3 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. [Test Plan] For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly. [Where problems could occur] - There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.1-0): - cog and gstreamer1.0-wpe. The feature additions and other changes (including security fixes) can cause regressions in those packages and software outside of the Ubuntu archive. + There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
** Description changed: + I want to upgrade the versions in Focal, Impish and Jammy to 2.36.3 to + fix security issues and other bugs, as well as adding features that + increase compatibility with current websites. + The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. - Please release fixed packages. + Debian released an advisory on April 8. - Debian released an advisory on April 8. + [Test Plan] + For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly. + + [Where problems could occur] + There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.1-0): + cog and gstreamer1.0-wpe. The feature additions and other changes (including security fixes) can cause regressions in those packages and software outside of the Ubuntu archive. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Multiple vulnerabilities in Focal, Impish and Jammy
** Changed in: wpewebkit (Ubuntu) Status: Fix Committed => New ** Summary changed: - Multiple vulnerabilities in Focal, Impish and Jammy + Upgrade to 2.36.3 for Focal, Impish and Jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939281] Re: Please provide update for CVE-2021-36740 (VSV00007 Varnish HTTP/2 Request Smuggling Attack)
** CVE removed: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2019-20637 ** CVE removed: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2020-11653 ** CVE removed: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2022-23959 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1939281 Title: Please provide update for CVE-2021-36740 (VSV7 Varnish HTTP/2 Request Smuggling Attack) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1939281/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
I am going through the last XSA (XSA-400) and will, if a local build is successful, add a patch for Focal tomorrow. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Complete log for all tests in 18.04. All .err files are either attached or in lena_test_errors.tar.xz. ** Attachment added: "ffmpeg_test_log" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594952/+files/ffmpeg_test_log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
** Attachment added: "sub2video.err" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594951/+files/sub2video.err -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Test force_key_frames is also failing on 18.04. TESTforce_key_frames --- /home/user/ffmpeg-3.4.11/tests/ref/fate/force_key_frames2022-05-14 00:07:14.0 +0100 +++ tests/data/fate/force_key_frames2022-06-04 22:55:25.002760714 +0100 @@ -1,4 +1,3 @@ -07567b9528b8de523faaf49e4e1e0fc6 *tests/data/fate/force_key_frames.avi -113312 tests/data/fate/force_key_frames.avi -b2e92b97bac0243242281d71108ffdbd *tests/data/fate/force_key_frames.out.framecrc -stddev:34612.83 PSNR: 5.54 MAXDIFF:61408 bytes: 7603200/ 264 +bbb8942a83e3c1c4e446b6aca998e83a *tests/data/fate/force_key_frames.avi +5652 tests/data/fate/force_key_frames.avi +d41d8cd98f00b204e9800998ecf8427e *tests/data/fate/force_key_frames.out.framecrc Test force_key_frames failed. Look at tests/data/fate/force_key_frames.err for details. make: *** [fate-force_key_frames] Error 2 /home/user/ffmpeg-3.4.11/tests/Makefile:225: recipe for target 'fate-force_key_frames' failed ** Attachment added: "force_key_frames.err" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594929/+files/force_key_frames.err -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Test sub2video is taking 9 hours. Stack trace: (gdb) i s #0 0x7fff62bf5974 in clock_gettime () #1 0x7f88bdf30d06 in __GI___clock_gettime (clock_id=clock_id@entry=1, tp=tp@entry=0x7fff62bdeea0) at ../sysdeps/unix/clock_gettime.c:115 #2 0x7f88be7fa8d1 in av_gettime_relative () at src/libavutil/time.c:64 #3 0x55cb53c4c782 in transcode () at src/fftools/ffmpeg.c:4621 #4 0x55cb53c4c782 in main (argc=, argv=) at src/fftools/ffmpeg.c:4840 I wrote a command that, if the test run time reaches 12 hours, the test process is terminated and, after 10 minutes, killed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
The tests did not finish in 24 minutes and one test (sub2video) is taking 15 minutes. I will retest on 18.04 now and publish results tomorrow. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
The test failed on 18.04 due to an integrity issue when receiving the input file for the failed test. I will re-run the test suite now, but with the following commands (I only added the -k option to the last command): $ debuild -us -uc $ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale" $ cd debian/standard $ make -j1 fate-rsync SAMPLES=fate-suite/ $ make -k -j1 fate SAMPLES=fate-suite/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Patch for typo in architecture name for Ubuntu 21.10 ** Patch added: "architecture_typo_impish.debdiff" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594797/+files/architecture_typo_impish.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Running Lintian on the changes file for Ubuntu 22.04 (amd64) reports the following warnings: W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/01/31a3a53a5037d9cfce0b08e65bdf645b5fc6a6.debug] W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/11/d6ba1af19b58684bb4d9ec94ce27e8875a9a86.debug] W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/ca/9a440e0e634449b6d5c328fbc4868d4d3ff142.debug] W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/d8/68041f35b67ed9d73e571b7e178cafffac394d.debug] W: ffmpeg source: orig-tarball-missing-upstream-signature ffmpeg_4.4.2.orig.tar.xz The last warning can be fixed with the signature in comment 17. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Patch for typo in architecture name for Ubuntu 22.04 ** Patch added: "architecture_typo_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594759/+files/architecture_typo_jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
All tests from the upstream testsuite (FATE) pass on 22.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
All tests from the upstream testsuite (FATE) pass on 21.10. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
For the version in Ubuntu 21.10, Lintian reported a typo in an architecture name and that the upstream tarball is missing a signature. Please add the attached signature when uploading to the Ubuntu 21.10 and 22.04 archives. ** Attachment added: "ffmpeg-4.4.2.tar.xz.asc" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594720/+files/ffmpeg-4.4.2.tar.xz.asc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
For 20.04, I have run the tests as follows (based on the same files as in 18.04, but of course in the source of 20.04): $ debuild -us -uc $ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale" $ cd debian/standard $ make fate-rsync SAMPLES=fate-suite/ $ make fate -k SAMPLES=fate-suite/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
For the version in Ubuntu 20.04, Lintian only reported that the upstream tarball is missing a signature. Please add the attached signature when uploading to the Ubuntu 20.04 archive. ** Attachment added: "ffmpeg-4.2.7.tar.xz.asc" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594582/+files/ffmpeg-4.2.7.tar.xz.asc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
All tests from the upstream testsuite (FATE) pass on 20.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
I have run the tests as follows (based on the instructions in doc/fate.texi): $ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale" $ cd debian/standard $ make -j1 fate-rsync SAMPLES=fate-suite/ $ make -j1 fate SAMPLES=fate-suite/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Test vsynth_lena-amv is failing in 18.04: the expected and actual input file hashes are different. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Lintian only reported that the upstream tarball is missing a signature. Please add the attached signature when uploading to the Ubuntu 18.04 archive. ** Attachment added: "ffmpeg-3.4.11.tar.xz.asc" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+attachment/5594576/+files/ffmpeg-3.4.11.tar.xz.asc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971056] Re: CVE-2021-3850
** Changed in: libphp-adodb (Ubuntu) Status: New => In Progress ** Changed in: libphp-adodb (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971056 Title: CVE-2021-3850 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libphp-adodb/+bug/1971056/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971004] Re: CVE-2022-23614
** Changed in: php-twig (Ubuntu) Status: New => In Progress ** Changed in: twig (Ubuntu) Status: New => In Progress ** Changed in: php-twig (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) ** Changed in: twig (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971004 Title: CVE-2022-23614 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php-twig/+bug/1971004/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971107] Re: Versions in Focal, Impish and Jammy are vulnerable to CVE-2022-26661 and CVE-2022-26662
** Changed in: tryton-proteus (Ubuntu) Status: Confirmed => In Progress ** Changed in: tryton-server (Ubuntu) Status: Confirmed => In Progress ** Changed in: tryton-proteus (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) ** Changed in: tryton-server (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971107 Title: Versions in Focal, Impish and Jammy are vulnerable to CVE-2022-26661 and CVE-2022-26662 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tryton-proteus/+bug/1971107/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970961] Re: Version in Bionic has multiple vulnerabilities
** Changed in: faad2 (Ubuntu) Status: New => In Progress ** Changed in: faad2 (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970961 Title: Version in Bionic has multiple vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/faad2/+bug/1970961/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE removed: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2021-26934 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970783] Re: Multiple vulnerabilities in Bionic
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26700 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26709 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26717 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26716 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26719 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30293 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30294 ** Changed in: webkit2gtk (Ubuntu) Status: Confirmed => In Progress ** Changed in: webkit2gtk (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970783 Title: Multiple vulnerabilities in Bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1970783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594136/+files/spip_jammy.debdiff ** Changed in: spip (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_impish.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594134/+files/spip_impish.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594133/+files/spip_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
SPIP 3.1 is no longer maintained upstream and Debian has not released fixes for CVE-2022-28959, CVE-2022-28960 and CVE-2022-28961 in Stretch. Therefore, I am not patching these CVEs in Bionic. ** Changed in: spip (Ubuntu) Status: New => In Progress ** Changed in: spip (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28959 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28960 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28961 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_bionic.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594128/+files/spip_bionic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Multiple vulnerabilities in Focal, Impish and Jammy
The upstream project issued a security advisory today: https://wpewebkit.org/security/WSA-2022-0005.html. The changelog in the patched packages was updated just now. These patched packages are currently building in my PPA (https://launchpad.net/~luis220413/+archive/ubuntu/security-updates), as of 08:48 UTC. ** Changed in: wpewebkit (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Multiple vulnerabilities in Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Multiple vulnerabilities in Focal and Impish
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26700 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26709 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26717 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26716 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26719 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30293 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30294 ** Description changed: The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to - CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629 and CVE-2022-22637. + CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Please release fixed packages. Debian released an advisory on April 8. ** Description changed: The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. + The version in Jammy is vulnerable to + CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. + Please release fixed packages. Debian released an advisory on April 8. ** Summary changed: - Multiple vulnerabilities in Focal and Impish + Multiple vulnerabilities in Focal, Impish and Jammy ** Changed in: wpewebkit (Ubuntu) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Multiple vulnerabilities in Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Multiple vulnerabilities in Focal and Impish
Due to a out-of-memory issue when building the package in Jammy, I needed to increase swap and retry the build. I uploaded the Jammy source package just now. Patched source packages are available in my PPA (https://launchpad.net/~luis220413/+archive/ubuntu/security-updates). ** Patch removed: "wpewebkit_focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590911/+files/wpewebkit_focal.debdiff ** Patch removed: "wpewebkit_impish.debdiff" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590910/+files/wpewebkit_impish.debdiff ** Patch removed: "wpewebkit_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590909/+files/wpewebkit_jammy.debdiff ** Patch removed: "wpewebkit_2.36.1-1ubuntu0.21.10.1.dsc" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590615/+files/wpewebkit_2.36.1-1ubuntu0.21.10.1.dsc ** Patch removed: "wpewebkit_2.36.1-1ubuntu0.21.10.1.debian.tar.xz" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590614/+files/wpewebkit_2.36.1-1ubuntu0.21.10.1.debian.tar.xz ** Patch removed: "wpewebkit_2.36.1-1ubuntu0.20.04.1.dsc" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590514/+files/wpewebkit_2.36.1-1ubuntu0.20.04.1.dsc ** Patch removed: "wpewebkit_2.36.1-1ubuntu0.20.04.1.debian.tar.xz" https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+attachment/5590513/+files/wpewebkit_2.36.1-1ubuntu0.20.04.1.debian.tar.xz ** Changed in: wpewebkit (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Multiple vulnerabilities in Focal and Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26358 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26359 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26360 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26361 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26357 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26356 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23042 ** Description changed: The packages listed above are vulnerable to the CVEs below in at least - one Ubuntu release, as stated in the Ubuntu CVE Tracker. + one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for + linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, + that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23041 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** Also affects: linux-azure-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-dell300x (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-snapdragon (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** Summary changed: - CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038 + Linux PV device frontends vulnerable to attacks by backends ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23039 ** Description changed: - The following packages are vulnerable to CVE-2022-23036, CVE-2022-23037 - and CVE-2022-23038 in at least one Ubuntu release, as stated in the - Ubuntu CVE Tracker. + The packages listed above are vulnerable to the CVEs below in at least + one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23040 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: CVE-2022-23036 and CVE-2022-23037
** Summary changed: - CVE-2022-23036 + CVE-2022-23036 and CVE-2022-23037 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23036 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23037 ** Summary changed: - CVE-2022-23036 and CVE-2022-23037 + CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038 ** Description changed: - The following packages are vulnerable in at least one Ubuntu release, as - stated in the Ubuntu CVE Tracker. + The following packages are vulnerable to CVE-2022-23036, CVE-2022-23037 + and CVE-2022-23038 in at least one Ubuntu release, as stated in the + Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23038 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: CVE-2022-23036
** Also affects: linux-ibm-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-kvm (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oem-5.14 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-riscv (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: CVE-2022-23036 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] Re: CVE-2022-23036
** Also affects: linux-aws (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New ** No longer affects: linux (Ubuntu) ** Also affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gkeop (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gkeop-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-hwe-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-ibm (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: CVE-2022-23036 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976184] [NEW] CVE-2022-23036
*** This bug is a security vulnerability *** Public security bug reported: The following packages are vulnerable in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: linux-hwe-5.4 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** Also affects: linux-hwe-5.4 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: CVE-2022-23036 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23035 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23034 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1976181] [NEW] CVE-2021-28711 and CVE-2021-28712
*** This bug is a security vulnerability *** Public security bug reported: The version in Focal is vulnerable to CVE-2021-28711 and CVE-2021-28712. Please release patched versions. Xen released a security advisory on December 20: https://xenbits.xen.org/xsa/advisory-391.html ** Affects: linux-oem-5.14 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** Description changed: - The version in Focal is vulnerable to CVE-2021-28711, CVE-2021-28712. + The version in Focal is vulnerable to CVE-2021-28711 and CVE-2021-28712. Please release patched versions. - Xen released a security advisory on December 20. + Xen released a security advisory on December 20: + https://xenbits.xen.org/xsa/advisory-391.html ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28711 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28712 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976181 Title: CVE-2021-28711 and CVE-2021-28712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-oem-5.14/+bug/1976181/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28705 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28709 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28704 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28707 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28708 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27674 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Multiple vulnerabilities in Focal and Impish
I am now building version 2.36.3 (released today), with several bug fixes compared to 2.36.1. Source packages will be available in my PPA (https://launchpad.net/~luis220413/+archive/ubuntu/security-updates) tomorrow. ** Changed in: wpewebkit (Ubuntu) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Multiple vulnerabilities in Focal and Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29480 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28706 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28701 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28699 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28698 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28697 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28694 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28695 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28696 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28690 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-0089 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26313 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28692 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28689 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27379 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26934 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26933 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29570 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29571 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29040 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29479 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28368 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29486 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29566 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27670 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27671 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27672 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25599 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25601 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25600 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970507] Re: No security updates since release in all Ubuntu releases
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25603 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970507 Title: No security updates since release in all Ubuntu releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1970507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
