[ubuntu/xenial-updates] openvswitch 2.5.4-0ubuntu0.16.04.1 (Accepted)
openvswitch (2.5.4-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream point release (LP: #1726927): - d/p/CVE-2017-9265.patch: Drop, included upstream. Date: 2017-10-30 10:40:13.453486+00:00 Changed-By: James PageSigned-By: Chris Halse Rogers https://launchpad.net/ubuntu/+source/openvswitch/2.5.4-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] kbuild 1:0.1.9998svn2814+dfsg-2~ubuntu16.04.1 (Accepted)
kbuild (1:0.1.9998svn2814+dfsg-2~ubuntu16.04.1) xenial; urgency=medium * SRU to xenial, to make virtualbox 5.1 build correctly * New upstream version 5.1.32-dfsg LP: #1746316 -> security patches for spectre and meltdown LP: #1736116 -> freeze with kernel >= 4.13 Date: 2018-03-01 10:37:10.891138+00:00 Changed-By: LocutusOfBorgSigned-By: Chris Halse Rogers https://launchpad.net/ubuntu/+source/kbuild/1:0.1.9998svn2814+dfsg-2~ubuntu16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] livecd-rootfs 2.408.28 (Accepted)
livecd-rootfs (2.408.28) xenial; urgency=medium * ubuntu-cpc: When performing a minimized build, don't generate artifacts that won't boot with the linux-kvm kernel (LP: #1757223). Date: Tue, 20 Mar 2018 12:42:25 -0400 Changed-By: Daniel WatkinsMaintainer: Ubuntu Developers Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/livecd-rootfs/2.408.28 Format: 1.8 Date: Tue, 20 Mar 2018 12:42:25 -0400 Source: livecd-rootfs Binary: livecd-rootfs Architecture: source Version: 2.408.28 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Daniel Watkins Description: livecd-rootfs - construction script for the livecd rootfs Launchpad-Bugs-Fixed: 1757223 Changes: livecd-rootfs (2.408.28) xenial; urgency=medium . * ubuntu-cpc: When performing a minimized build, don't generate artifacts that won't boot with the linux-kvm kernel (LP: #1757223). Checksums-Sha1: a98d0e3fe5bceb15695d8cdd555ea942e288bcf7 1542 livecd-rootfs_2.408.28.dsc 3113db7a3ddec0a8701a15822b07ce3a97d08f0c 90540 livecd-rootfs_2.408.28.tar.xz d474434b4d75b7097815d0f80bdde24ab049b5c9 6268 livecd-rootfs_2.408.28_source.buildinfo Checksums-Sha256: ac981a811c78d687e518a46c70398143494d3f46d64e9e7f7957fb2fd573d467 1542 livecd-rootfs_2.408.28.dsc b409b0f961d06237234b84496c9d5c4baf53f27f865172a5d8a96df268f2f014 90540 livecd-rootfs_2.408.28.tar.xz 541d6126fa61b831b20435c57210f4641114403994a16d4e649d1ea1d887cdbd 6268 livecd-rootfs_2.408.28_source.buildinfo Files: 65c5e5840b1fb1d20cbc4ceef535bfb2 1542 devel optional livecd-rootfs_2.408.28.dsc 76c41d4900ccec94acfcd3ec51ab883f 90540 devel optional livecd-rootfs_2.408.28.tar.xz 48d5f42317a3db62dcfc091c5c523b00 6268 devel optional livecd-rootfs_2.408.28_source.buildinfo -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] atril 1.12.2-1ubuntu0.2 (Accepted)
atril (1.12.2-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Command injection with cbt files (LP: #1735418). - fix-CVE-2017-183.patch - CVE-2017-183 Date: 2018-03-19 04:45:12.849557+00:00 Changed-By: Simon QuigleySigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/atril/1.12.2-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] tiff 4.0.6-1ubuntu0.3 (Accepted)
tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: DoS in tif_read.c - debian/patches/CVE-2016-10266.patch: fix uint32 overflow in libtiff/tif_read.c, libtiff/tiffiop.h. - CVE-2016-10266 * SECURITY UPDATE: DoS in tif_ojpeg.c - debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in case of failure in libtiff/tif_ojpeg.c. - CVE-2016-10267 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in cpDecodedStrips in tools/tiffcp.c. - CVE-2016-10268 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow in libtiff/tif_luv.c, libtiff/tif_pixarlog.c. - CVE-2016-10269 * SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational - debian/patches/CVE-2016-10371.patch: replace assertion by runtime check in libtiff/tif_dirwrite.c, tools/tiffcrop.c. - CVE-2016-10371 * SECURITY UPDATE: DoS in putagreytile function - debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in libtiff/tif_getimage.c. - CVE-2017-7592 * SECURITY UPDATE: information disclosure in tif_read.c - debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c, libtiff/tif_win32.c, libtiff/tiffio.h. - CVE-2017-7593 * SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable - debian/patches/CVE-2017-7594-1.patch: fix leak in libtiff/tif_ojpeg.c. - debian/patches/CVE-2017-7594-2.patch: fix another leak in libtiff/tif_ojpeg.c. - CVE-2017-7594 * SECURITY UPDATE: DoS in JPEGSetupEncode - debian/patches/CVE-2017-7595.patch: avoid integer division by zero in libtiff/tif_jpeg.c. - CVE-2017-7595 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_dirwrite.c. - CVE-2017-7596 - CVE-2017-7597 - CVE-2017-7599 - CVE-2017-7600 * SECURITY UPDATE: DoS via divide-by-zero - debian/patches/CVE-2017-7598.patch: avoid division by floating point 0 in libtiff/tif_dirread.c. - CVE-2017-7598 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7601.patch: validate BitsPerSample in libtiff/tif_jpeg.c. - CVE-2017-7601 * SECURITY UPDATE: signed integer overflow - debian/patches/CVE-2017-7602.patch: avoid potential undefined behaviour in libtiff/tif_read.c. - CVE-2017-7602 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9403_9815.patch: fix memory leak in libtiff/tif_dirread.c, tools/tiff2ps.c. - CVE-2017-9403 - CVE-2017-9815 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9404.patch: fix potential memory leak in libtiff/tif_ojpeg.c. - CVE-2017-9404 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9936.patch: fix memory leak in libtiff/tif_jbig.c. - CVE-2017-9936 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-10688.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-10688 * SECURITY UPDATE: heap overflow in tiff2pdf.c - debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow write in tools/tiff2pdf.c. - CVE-2017-11335 * SECURITY UPDATE: DoS in TIFFReadDirEntryArray - debian/patches/CVE-2017-12944.patch: add protection against excessive memory allocation attempts in libtiff/tif_dirread.c. - CVE-2017-12944 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13726.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13726 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13727.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13727 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in libtiff/tif_print.c. - CVE-2017-18013 * SECURITY UPDATE: DoS via resource consumption - debian/patches/CVE-2018-5784.patch: fix infinite loop in contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2018-5784 Date: 2018-03-20 16:40:13.916633+00:00 Changed-By: Marc DeslauriersSigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] paramiko 1.16.0-1ubuntu0.1 (Accepted)
paramiko (1.16.0-1ubuntu0.1) xenial-security; urgency=medium [Steve Beattie] * SECURITY UPDATE: customized clients can skip auth - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not authenticated and message type is a service request - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch, 0003-Initial-tests-proving-CVE-2018-7750-1175.patch: add testcases plus prereq - CVE-2018-7750 [ Fabien Tassin ] * SECURITY UPDATE: weak diffie-hellman-group1-sha1 kex always preferred (LP: #1728607) - 0010-git-c1233679c44-change-order-of-preferred-kex-and-hmac-algorithms.patch - 0011-git-b395444062e-Reorder-cipher-and-key-preferences-to-make-more-sense.patch Backport of the upstream changes from 2.3.1, matching the OpenSSH 7 deprecation of diffie-hellman-group1-sha1 (http://www.openssh.com/legacy.html). This patch doesn't remove the support of diffie-hellman-group1-sha1 but makes it the least preferred kex for backward compatibility Date: 2018-03-17 05:17:12.246838+00:00 Changed-By: Steve BeattieSigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/paramiko/1.16.0-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] atril 1.12.2-1ubuntu0.2 (Accepted)
atril (1.12.2-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Command injection with cbt files (LP: #1735418). - fix-CVE-2017-183.patch - CVE-2017-183 Date: 2018-03-19 04:45:12.849557+00:00 Changed-By: Simon QuigleySigned-By: Steve Beattie https://launchpad.net/ubuntu/+source/atril/1.12.2-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] paramiko 1.16.0-1ubuntu0.1 (Accepted)
paramiko (1.16.0-1ubuntu0.1) xenial-security; urgency=medium [Steve Beattie] * SECURITY UPDATE: customized clients can skip auth - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not authenticated and message type is a service request - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch, 0003-Initial-tests-proving-CVE-2018-7750-1175.patch: add testcases plus prereq - CVE-2018-7750 [ Fabien Tassin ] * SECURITY UPDATE: weak diffie-hellman-group1-sha1 kex always preferred (LP: #1728607) - 0010-git-c1233679c44-change-order-of-preferred-kex-and-hmac-algorithms.patch - 0011-git-b395444062e-Reorder-cipher-and-key-preferences-to-make-more-sense.patch Backport of the upstream changes from 2.3.1, matching the OpenSSH 7 deprecation of diffie-hellman-group1-sha1 (http://www.openssh.com/legacy.html). This patch doesn't remove the support of diffie-hellman-group1-sha1 but makes it the least preferred kex for backward compatibility Date: 2018-03-17 05:17:12.246838+00:00 Changed-By: Steve Beattiehttps://launchpad.net/ubuntu/+source/paramiko/1.16.0-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] tiff 4.0.6-1ubuntu0.3 (Accepted)
tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: DoS in tif_read.c - debian/patches/CVE-2016-10266.patch: fix uint32 overflow in libtiff/tif_read.c, libtiff/tiffiop.h. - CVE-2016-10266 * SECURITY UPDATE: DoS in tif_ojpeg.c - debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in case of failure in libtiff/tif_ojpeg.c. - CVE-2016-10267 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in cpDecodedStrips in tools/tiffcp.c. - CVE-2016-10268 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow in libtiff/tif_luv.c, libtiff/tif_pixarlog.c. - CVE-2016-10269 * SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational - debian/patches/CVE-2016-10371.patch: replace assertion by runtime check in libtiff/tif_dirwrite.c, tools/tiffcrop.c. - CVE-2016-10371 * SECURITY UPDATE: DoS in putagreytile function - debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in libtiff/tif_getimage.c. - CVE-2017-7592 * SECURITY UPDATE: information disclosure in tif_read.c - debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c, libtiff/tif_win32.c, libtiff/tiffio.h. - CVE-2017-7593 * SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable - debian/patches/CVE-2017-7594-1.patch: fix leak in libtiff/tif_ojpeg.c. - debian/patches/CVE-2017-7594-2.patch: fix another leak in libtiff/tif_ojpeg.c. - CVE-2017-7594 * SECURITY UPDATE: DoS in JPEGSetupEncode - debian/patches/CVE-2017-7595.patch: avoid integer division by zero in libtiff/tif_jpeg.c. - CVE-2017-7595 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_dirwrite.c. - CVE-2017-7596 - CVE-2017-7597 - CVE-2017-7599 - CVE-2017-7600 * SECURITY UPDATE: DoS via divide-by-zero - debian/patches/CVE-2017-7598.patch: avoid division by floating point 0 in libtiff/tif_dirread.c. - CVE-2017-7598 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7601.patch: validate BitsPerSample in libtiff/tif_jpeg.c. - CVE-2017-7601 * SECURITY UPDATE: signed integer overflow - debian/patches/CVE-2017-7602.patch: avoid potential undefined behaviour in libtiff/tif_read.c. - CVE-2017-7602 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9403_9815.patch: fix memory leak in libtiff/tif_dirread.c, tools/tiff2ps.c. - CVE-2017-9403 - CVE-2017-9815 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9404.patch: fix potential memory leak in libtiff/tif_ojpeg.c. - CVE-2017-9404 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9936.patch: fix memory leak in libtiff/tif_jbig.c. - CVE-2017-9936 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-10688.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-10688 * SECURITY UPDATE: heap overflow in tiff2pdf.c - debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow write in tools/tiff2pdf.c. - CVE-2017-11335 * SECURITY UPDATE: DoS in TIFFReadDirEntryArray - debian/patches/CVE-2017-12944.patch: add protection against excessive memory allocation attempts in libtiff/tif_dirread.c. - CVE-2017-12944 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13726.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13726 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13727.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13727 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in libtiff/tif_print.c. - CVE-2017-18013 * SECURITY UPDATE: DoS via resource consumption - debian/patches/CVE-2018-5784.patch: fix infinite loop in contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2018-5784 Date: 2018-03-20 16:40:13.916633+00:00 Changed-By: Marc Deslauriershttps://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes