[ubuntu/xenial-updates] python-pysaml2 3.0.0-3ubuntu1.16.04.3 (Accepted)

[Ubuntu Archive Robot]

python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Any password can be used if optimizations are enabled
- debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
  to optimizations in src/saml2/authn.py.
- CVE-2017-1000433
  * Adding fix for test 41 response
- debian/patches/fix-test-41-response.patch

Date: 2018-01-05 17:42:27.752551+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/python-pysaml2/3.0.0-3ubuntu1.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] linux-meta-azure 4.13.0.1004.5 (Accepted)

[Łukasz Zemczak]

linux-meta-azure (4.13.0.1004.5) xenial; urgency=medium

  * Bump ABI 4.13.0-1004

linux-meta-azure (4.13.0.1003.4) xenial; urgency=medium

  * Bump ABI 4.13.0-1003

Date: 2018-01-07 17:47:16.155105+00:00
Changed-By: Marcelo Cerri 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-azure/4.13.0.1004.5
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] linux-azure 4.13.0-1004.6 (Accepted)

[Łukasz Zemczak]

linux-azure (4.13.0-1004.6) xenial; urgency=low

  * linux-azure: 4.13.0-1004.6 -proposed tracker (LP: #1741747)


  [ Ubuntu: 4.13.0-24.28 ]

  * linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)
  * CVE-2017-5754
- x86/cpu, x86/pti: Do not enable PTI on AMD processors

linux-azure (4.13.0-1003.5) xenial; urgency=low

  * linux-azure: 4.13.0-1003.5 -proposed tracker (LP: #1741557)

  * CVE-2017-5754
- [Config] azure: updateconfigs to enable PTI

  [ Ubuntu: 4.13.0-23.27 ]

  * linux: 4.13.0-23.27 -proposed tracker (LP: #1741556)
  * CVE-2017-5754
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm: Enable CR4.PCIDE on supported systems
- x86/mm: Document how CR4.PCIDE restore works
- x86/entry/64: Refactor IRQ stacks and make them NMI-safe
- x86/entry/64: Initialize the top of the IRQ stack before switching stacks
- x86/entry/64: Add unwind hint annotations
- xen/x86: Remove SME feature in PV guests
- x86/xen/64: Rearrange the SYSCALL entries
- irq: Make the irqentry text section unconditional
- x86/xen/64: Fix the reported SS and CS in SYSCALL
- x86/paravirt/xen: Remove xen_patch()
- x86/traps: Simplify pagefault tracing logic
- x86/idt: Unify gate_struct handling for 32/64-bit kernels
- x86/asm: Replace access to desc_struct:a/b fields
- x86/xen: Get rid of paravirt op adjust_exception_frame
- x86/paravirt: Remove no longer used paravirt functions
- x86/entry: Fix idtentry unwind hint
- x86/mm/64: Initialize CR4.PCIDE early
- objtool: Add ORC unwind table generation
- objtool, x86: Add facility for asm code to provide unwind hints
- x86/unwind: Add the ORC unwinder
- x86/kconfig: Consolidate unwinders into multiple choice selection
- objtool: Upgrade libelf-devel warning to error for CONFIG_ORC_UNWINDER
- x86/ldt/64: Refresh DS and ES when modify_ldt changes an entry
- x86/mm: Give each mm TLB flush generation a unique ID
- x86/mm: Track the TLB's tlb_gen and update the flushing algorithm
- x86/mm: Rework lazy TLB mode and TLB freshness tracking
- x86/mm: Implement PCID based optimization: try to preserve old TLB entries
  using PCID
- x86/mm: Factor out CR3-building code
- x86/mm/64: Stop using CR3.PCID == 0 in ASID-aware code
- x86/mm: Flush more aggressively in lazy TLB mode
- Revert "x86/mm: Stop calling leave_mm() in idle code"
- kprobes/x86: Set up frame pointer in kprobe trampoline
- x86/tracing: Introduce a static key for exception tracing
- x86/boot: Add early cmdline parsing for options with arguments
- mm, x86/mm: Fix performance regression in get_user_pages_fast()
- x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates
- objtool: Don't report end of section error after an empty unwind hint
- x86/head: Remove confusing comment
- x86/head: Remove unused 'bad_address' code
- x86/head: Fix head ELF function annotations
- x86/boot: Annotate verify_cpu() as a callable function
- x86/xen: Fix xen head ELF annotations
- x86/xen: Add unwind hint annotations
- x86/head: Add unwind hint annotations
- ACPI / APEI: adjust a local variable type in ghes_ioremap_pfn_irq()
- x86/unwinder: Make CONFIG_UNWINDER_ORC=y the default in the 64-bit 
defconfig
- x86/fpu/debug: Remove unused 'x86_fpu_state' and 
'x86_fpu_deactivate_state'
  tracepoints
- x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'
- x86/unwind: Make CONFIG_UNWINDER_ORC=y the default in kconfig for 64-bit
- bitops: Add clear/set_bit32() to linux/bitops.h
- x86/cpuid: Add generic table for CPUID dependencies
- x86/fpu: Parse clearcpuid= as early XSAVE argument
- x86/fpu: Make XSAVE check the base CPUID features before enabling
- x86/fpu: Remove the explicit clearing of XSAVE dependent features
- x86/platform/UV: Convert timers to use timer_setup()
- objtool: Print top level commands on incorrect usage
- x86/cpuid: Prevent out of bound access in do_clear_cpu_cap()
- x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- mm/sparsemem: Allocate mem_section at runtime for 
CONFIG_SPARSEMEM_EXTREME=y
- x86/kasan: Use the same shadow offset for 4- and 5-level paging
- x86/xen: Provide pre-built page tables only for CONFIG_XEN_PV=y and
  CONFIG_XEN_PVH=y
- x86/xen: Drop 5-level paging support code from the XEN_PV code
- ACPI / APEI: remove the unused dead-code for SEA/NMI notification type
- x86/asm: Don't use the confusing '.ifeq' directive
- x86/build: Beautify build log of syscall headers
- x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to
  'nr_pages'
- x86/cpufeatures: Enable new SSE/AVX/AVX512 CPU features
- x86/mm: Relocate page fault error codes to traps.h
- x86/boot: Relocate definition of the initial state of CR0
- ptrace,x86: Make user_64bit_mode() available to 

[ubuntu/xenial-security] python-pysaml2 3.0.0-3ubuntu1.16.04.3 (Accepted)

[Leonidas S. Barbosa]

python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Any password can be used if optimizations are enabled
- debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
  to optimizations in src/saml2/authn.py.
- CVE-2017-1000433
  * Adding fix for test 41 response
- debian/patches/fix-test-41-response.patch

Date: 2018-01-05 17:42:27.752551+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/python-pysaml2/3.0.0-3ubuntu1.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] tomcat8 8.0.32-1ubuntu1.5 (Accepted)

[Ubuntu Archive Robot]

tomcat8 (8.0.32-1ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: loss of pipeline requests
- debian/patches/CVE-2017-5647.patch: improve sendfile handling when
  requests are pipelined in
  java/org/apache/coyote/AbstractProtocol.java,
  java/org/apache/coyote/http11/Http11AprProcessor.java,
  java/org/apache/coyote/http11/Http11Nio2Processor.java,
  java/org/apache/coyote/http11/Http11NioProcessor.java,
  java/org/apache/tomcat/util/net/AprEndpoint.java,
  java/org/apache/tomcat/util/net/Nio2Endpoint.java,
  java/org/apache/tomcat/util/net/NioEndpoint.java,
  java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
- CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
- debian/patches/CVE-2017-5648.patch: ensure request and response
  facades are used when firing application listeners in
  java/org/apache/catalina/authenticator/FormAuthenticator.java,
  java/org/apache/catalina/core/StandardHostValve.java.
- CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
pages
- debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
  java/org/apache/catalina/servlets/DefaultServlet.java,
  java/org/apache/catalina/servlets/WebdavServlet.java.
- CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
- debian/patches/CVE-2017-7674.patch: set Vary header in response in
  java/org/apache/catalina/filters/CorsFilter.java.
- CVE-2017-7674

Date: 2017-09-28 13:54:18.666311+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.5
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] awstats 7.4+dfsg-1ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

awstats (7.4+dfsg-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via path traversal flaws
- debian/patches/CVE-2017-1000501-1.patch: sanitize values in
  wwwroot/cgi-bin/awstats.pl.
- debian/patches/CVE-2017-1000501-2.patch: sanitize more values in
  wwwroot/cgi-bin/awstats.pl.
- CVE-2017-1000501

Date: 2018-01-05 16:01:17.442459+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/awstats/7.4+dfsg-1ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] tomcat8 8.0.32-1ubuntu1.5 (Accepted)

[Marc Deslauriers]

tomcat8 (8.0.32-1ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: loss of pipeline requests
- debian/patches/CVE-2017-5647.patch: improve sendfile handling when
  requests are pipelined in
  java/org/apache/coyote/AbstractProtocol.java,
  java/org/apache/coyote/http11/Http11AprProcessor.java,
  java/org/apache/coyote/http11/Http11Nio2Processor.java,
  java/org/apache/coyote/http11/Http11NioProcessor.java,
  java/org/apache/tomcat/util/net/AprEndpoint.java,
  java/org/apache/tomcat/util/net/Nio2Endpoint.java,
  java/org/apache/tomcat/util/net/NioEndpoint.java,
  java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
- CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
- debian/patches/CVE-2017-5648.patch: ensure request and response
  facades are used when firing application listeners in
  java/org/apache/catalina/authenticator/FormAuthenticator.java,
  java/org/apache/catalina/core/StandardHostValve.java.
- CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
pages
- debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
  java/org/apache/catalina/servlets/DefaultServlet.java,
  java/org/apache/catalina/servlets/WebdavServlet.java.
- CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
- debian/patches/CVE-2017-7674.patch: set Vary header in response in
  java/org/apache/catalina/filters/CorsFilter.java.
- CVE-2017-7674

tomcat8 (8.0.32-1ubuntu1.4) xenial; urgency=medium

  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
contains the '%' character (LP: #1666570).

Date: 2017-09-28 13:54:18.666311+00:00
Changed-By: Marc Deslauriers 
https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.5
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] awstats 7.4+dfsg-1ubuntu0.2 (Accepted)

[Marc Deslauriers]

awstats (7.4+dfsg-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via path traversal flaws
- debian/patches/CVE-2017-1000501-1.patch: sanitize values in
  wwwroot/cgi-bin/awstats.pl.
- debian/patches/CVE-2017-1000501-2.patch: sanitize more values in
  wwwroot/cgi-bin/awstats.pl.
- CVE-2017-1000501

Date: 2018-01-05 16:01:17.442459+00:00
Changed-By: Marc Deslauriers 
https://launchpad.net/ubuntu/+source/awstats/7.4+dfsg-1ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] linux-signed-hwe-edge 4.13.0-24.28~16.04.1 (Accepted)

[Łukasz Zemczak]

linux-signed-hwe-edge (4.13.0-24.28~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-24.28~16.04.1

linux-signed-hwe-edge (4.13.0-23.27~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-23.27~16.04.1

linux-signed-hwe-edge (4.13.0-23.26~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-23.26~16.04.1

Date: 2018-01-07 14:59:51.789720+00:00
Changed-By: Kleber Sacilotto de Souza 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed-hwe-edge/4.13.0-24.28~16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] linux-hwe-edge_4.13.0-24.28~16.04.1_amd64.tar.gz - (Accepted)

[Kleber Sacilotto de Souza]

linux-hwe-edge (4.13.0-24.28~16.04.1) xenial; urgency=low

  * linux-hwe-edge: 4.13.0-24.28~16.04.1 -proposed tracker (LP: #1741749)

  * linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)

  * CVE-2017-5754
- x86/cpu, x86/pti: Do not enable PTI on AMD processors

Date: Sun, 07 Jan 2018 15:34:55 +0100
Changed-By: Kleber Sacilotto de Souza 
Maintainer: Launchpad Build Daemon 

Format: 1.8
Date: Sun, 07 Jan 2018 15:34:55 +0100
Source: linux-hwe-edge
Binary: linux-source-4.13.0 linux-headers-4.13.0-24 
linux-hwe-edge-tools-4.13.0-24 linux-hwe-edge-cloud-tools-4.13.0-24 
linux-image-4.13.0-24-generic linux-image-extra-4.13.0-24-generic 
linux-headers-4.13.0-24-generic linux-image-4.13.0-24-generic-dbgsym 
linux-tools-4.13.0-24-generic linux-cloud-tools-4.13.0-24-generic 
linux-hwe-edge-udebs-generic linux-image-4.13.0-24-generic-lpae 
linux-image-extra-4.13.0-24-generic-lpae linux-headers-4.13.0-24-generic-lpae 
linux-image-4.13.0-24-generic-lpae-dbgsym linux-tools-4.13.0-24-generic-lpae 
linux-cloud-tools-4.13.0-24-generic-lpae linux-hwe-edge-udebs-generic-lpae 
linux-image-4.13.0-24-lowlatency linux-image-extra-4.13.0-24-lowlatency 
linux-headers-4.13.0-24-lowlatency linux-image-4.13.0-24-lowlatency-dbgsym 
linux-tools-4.13.0-24-lowlatency linux-cloud-tools-4.13.0-24-lowlatency 
linux-hwe-edge-udebs-lowlatency kernel-image-4.13.0-24-generic-di 
fat-modules-4.13.0-24-generic-di fb-modules-4.13.0-24-generic-di
 firewire-core-modules-4.13.0-24-generic-di floppy-modules-4.13.0-24-generic-di 
fs-core-modules-4.13.0-24-generic-di fs-secondary-modules-4.13.0-24-generic-di 
input-modules-4.13.0-24-generic-di irda-modules-4.13.0-24-generic-di 
md-modules-4.13.0-24-generic-di nic-modules-4.13.0-24-generic-di 
nic-pcmcia-modules-4.13.0-24-generic-di nic-usb-modules-4.13.0-24-generic-di 
nic-shared-modules-4.13.0-24-generic-di parport-modules-4.13.0-24-generic-di 
pata-modules-4.13.0-24-generic-di pcmcia-modules-4.13.0-24-generic-di 
pcmcia-storage-modules-4.13.0-24-generic-di plip-modules-4.13.0-24-generic-di 
ppp-modules-4.13.0-24-generic-di sata-modules-4.13.0-24-generic-di 
scsi-modules-4.13.0-24-generic-di serial-modules-4.13.0-24-generic-di 
storage-core-modules-4.13.0-24-generic-di usb-modules-4.13.0-24-generic-di 
nfs-modules-4.13.0-24-generic-di block-modules-4.13.0-24-generic-di 
message-modules-4.13.0-24-generic-di crypto-modules-4.13.0-24-generic-di
 virtio-modules-4.13.0-24-generic-di mouse-modules-4.13.0-24-generic-di 
vlan-modules-4.13.0-24-generic-di ipmi-modules-4.13.0-24-generic-di
 multipath-modules-4.13.0-24-generic-di
Architecture: amd64 all amd64_translations
Version: 4.13.0-24.28~16.04.1
Distribution: xenial
Urgency: low
Maintainer: Launchpad Build Daemon 
Changed-By: Kleber Sacilotto de Souza 
Description:
 block-modules-4.13.0-24-generic-di - Block storage devices (udeb)
 crypto-modules-4.13.0-24-generic-di - crypto modules (udeb)
 fat-modules-4.13.0-24-generic-di - FAT filesystem support (udeb)
 fb-modules-4.13.0-24-generic-di - Framebuffer modules (udeb)
 firewire-core-modules-4.13.0-24-generic-di - Firewire (IEEE-1394) Support 
(udeb)
 floppy-modules-4.13.0-24-generic-di - Floppy driver support (udeb)
 fs-core-modules-4.13.0-24-generic-di - Base filesystem modules (udeb)
 fs-secondary-modules-4.13.0-24-generic-di - Extra filesystem modules (udeb)
 input-modules-4.13.0-24-generic-di - Support for various input methods (udeb)
 ipmi-modules-4.13.0-24-generic-di - ipmi modules (udeb)
 irda-modules-4.13.0-24-generic-di - Support for Infrared protocols (udeb)
 kernel-image-4.13.0-24-generic-di - kernel image and system map (udeb)
 linux-cloud-tools-4.13.0-24-generic - Linux kernel version specific cloud 
tools for version 4.13.0-24
 linux-cloud-tools-4.13.0-24-generic-lpae - Linux kernel version specific cloud 
tools for version 4.13.0-24
 linux-cloud-tools-4.13.0-24-lowlatency - Linux kernel version specific cloud 
tools for version 4.13.0-24
 linux-headers-4.13.0-24 - Header files related to Linux kernel version 4.13.0
 linux-headers-4.13.0-24-generic - Linux kernel headers for version 4.13.0 on 
64 bit x86 SMP
 linux-headers-4.13.0-24-generic-lpae - Linux kernel headers for version 4.13.0 
on 64 bit x86 SMP
 linux-headers-4.13.0-24-lowlatency - Linux kernel headers for version 4.13.0 
on 64 bit x86 SMP
 linux-hwe-edge-cloud-tools-4.13.0-24 - Linux kernel version specific cloud 
tools for version 4.13.0-24
 linux-hwe-edge-tools-4.13.0-24 - Linux kernel version specific tools for 
version 4.13.0-24
 linux-hwe-edge-udebs-generic - Metapackage depending on kernel udebs (udeb)
 linux-hwe-edge-udebs-generic-lpae - Metapackage depending on kernel udebs 
(udeb)
 linux-hwe-edge-udebs-lowlatency - Metapackage depending on kernel udebs (udeb)
 linux-image-4.13.0-24-generic - Linux kernel image for version 4.13.0 on 64 
bit x86 SMP
 linux-image-4.13.0-24-generic-dbgsym - Linux kernel 

[ubuntu/xenial-proposed] linux-meta-hwe-edge 4.13.0.24.30 (Accepted)

[Łukasz Zemczak]

linux-meta-hwe-edge (4.13.0.24.30) xenial; urgency=medium

  * Bump ABI 4.13.0-24

linux-meta-hwe-edge (4.13.0.23.29) xenial; urgency=medium

  * Bump ABI 4.13.0-23

Date: 2018-01-07 14:59:49.508467+00:00
Changed-By: Kleber Sacilotto de Souza 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-hwe-edge/4.13.0.24.30
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] linux-hwe-edge 4.13.0-24.28~16.04.1 (Accepted)

[Łukasz Zemczak]

linux-hwe-edge (4.13.0-24.28~16.04.1) xenial; urgency=low

  * linux-hwe-edge: 4.13.0-24.28~16.04.1 -proposed tracker (LP: #1741749)

  * linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)

  * CVE-2017-5754
- x86/cpu, x86/pti: Do not enable PTI on AMD processors

linux (4.13.0-23.27) artful; urgency=low

  * linux: 4.13.0-23.27 -proposed tracker (LP: #1741556)

  [ Kleber Sacilotto de Souza ]
  * CVE-2017-5754
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm: Enable CR4.PCIDE on supported systems
- x86/mm: Document how CR4.PCIDE restore works
- x86/entry/64: Refactor IRQ stacks and make them NMI-safe
- x86/entry/64: Initialize the top of the IRQ stack before switching stacks
- x86/entry/64: Add unwind hint annotations
- xen/x86: Remove SME feature in PV guests
- x86/xen/64: Rearrange the SYSCALL entries
- irq: Make the irqentry text section unconditional
- x86/xen/64: Fix the reported SS and CS in SYSCALL
- x86/paravirt/xen: Remove xen_patch()
- x86/traps: Simplify pagefault tracing logic
- x86/idt: Unify gate_struct handling for 32/64-bit kernels
- x86/asm: Replace access to desc_struct:a/b fields
- x86/xen: Get rid of paravirt op adjust_exception_frame
- x86/paravirt: Remove no longer used paravirt functions
- x86/entry: Fix idtentry unwind hint
- x86/mm/64: Initialize CR4.PCIDE early
- objtool: Add ORC unwind table generation
- objtool, x86: Add facility for asm code to provide unwind hints
- x86/unwind: Add the ORC unwinder
- x86/kconfig: Consolidate unwinders into multiple choice selection
- objtool: Upgrade libelf-devel warning to error for CONFIG_ORC_UNWINDER
- x86/ldt/64: Refresh DS and ES when modify_ldt changes an entry
- x86/mm: Give each mm TLB flush generation a unique ID
- x86/mm: Track the TLB's tlb_gen and update the flushing algorithm
- x86/mm: Rework lazy TLB mode and TLB freshness tracking
- x86/mm: Implement PCID based optimization: try to preserve old TLB entries
  using PCID
- x86/mm: Factor out CR3-building code
- x86/mm/64: Stop using CR3.PCID == 0 in ASID-aware code
- x86/mm: Flush more aggressively in lazy TLB mode
- Revert "x86/mm: Stop calling leave_mm() in idle code"
- kprobes/x86: Set up frame pointer in kprobe trampoline
- x86/tracing: Introduce a static key for exception tracing
- x86/boot: Add early cmdline parsing for options with arguments
- mm, x86/mm: Fix performance regression in get_user_pages_fast()
- x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates
- objtool: Don't report end of section error after an empty unwind hint
- x86/head: Remove confusing comment
- x86/head: Remove unused 'bad_address' code
- x86/head: Fix head ELF function annotations
- x86/boot: Annotate verify_cpu() as a callable function
- x86/xen: Fix xen head ELF annotations
- x86/xen: Add unwind hint annotations
- x86/head: Add unwind hint annotations
- ACPI / APEI: adjust a local variable type in ghes_ioremap_pfn_irq()
- x86/unwinder: Make CONFIG_UNWINDER_ORC=y the default in the 64-bit 
defconfig
- x86/fpu/debug: Remove unused 'x86_fpu_state' and 
'x86_fpu_deactivate_state'
  tracepoints
- x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'
- x86/unwind: Make CONFIG_UNWINDER_ORC=y the default in kconfig for 64-bit
- bitops: Add clear/set_bit32() to linux/bitops.h
- x86/cpuid: Add generic table for CPUID dependencies
- x86/fpu: Parse clearcpuid= as early XSAVE argument
- x86/fpu: Make XSAVE check the base CPUID features before enabling
- x86/fpu: Remove the explicit clearing of XSAVE dependent features
- x86/platform/UV: Convert timers to use timer_setup()
- objtool: Print top level commands on incorrect usage
- x86/cpuid: Prevent out of bound access in do_clear_cpu_cap()
- x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- mm/sparsemem: Allocate mem_section at runtime for 
CONFIG_SPARSEMEM_EXTREME=y
- x86/kasan: Use the same shadow offset for 4- and 5-level paging
- x86/xen: Provide pre-built page tables only for CONFIG_XEN_PV=y and
  CONFIG_XEN_PVH=y
- x86/xen: Drop 5-level paging support code from the XEN_PV code
- ACPI / APEI: remove the unused dead-code for SEA/NMI notification type
- x86/asm: Don't use the confusing '.ifeq' directive
- x86/build: Beautify build log of syscall headers
- x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to
  'nr_pages'
- x86/cpufeatures: Enable new SSE/AVX/AVX512 CPU features
- x86/mm: Relocate page fault error codes to traps.h
- x86/boot: Relocate definition of the initial state of CR0
- ptrace,x86: Make user_64bit_mode() available to 32-bit builds
- x86/entry/64: Remove the restore_c_regs_and_iret label
- x86/entry/64: Split the IRET-to-user and IRET-to-kernel paths
 

[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.6 (Accepted)

[Ubuntu Archive Robot]

poppler (0.41.0-0ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: fails to validate boundaries in TextPool::addWord
leading to overflow
- debian/patches/CVE-2017-1000456.patch: fix crash in fuzzed file in
  poppler/TextOutputDev.cc.
- CVE-2017-1000456
  * SECURITY UPDATE: has a heap-based buffer over-read vulnerability
- debian/patches/CVE-2017-14976.patch: fix crash in broken files in
  fofi/FoFiType1C.cc.
- CVE-2017-14976

Date: 2018-01-04 19:46:14.641594+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.6
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes