[ubuntu/xenial-proposed] shadow 1:4.2-3.1ubuntu5.4 (Accepted)
shadow (1:4.2-3.1ubuntu5.4) xenial; urgency=medium * patches/1012_extrausers_chfn.patch: - add --extrausers option to "chfn" (LP: #1495580) * debian/patches/1013_extrausers_deluser.patch: - add --extrausers option to "userdel" (LP: #1659534) * debian/patches/2000_fix-su-pam-env-handling: - fix "su -l" to correctly use pam_getenvlist (LP: #984390) Date: Fri, 22 Mar 2019 20:22:06 +0100 Changed-By: Michael Vogt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/shadow/1:4.2-3.1ubuntu5.4 Format: 1.8 Date: Fri, 22 Mar 2019 20:22:06 +0100 Source: shadow Binary: passwd login uidmap Architecture: source Version: 1:4.2-3.1ubuntu5.4 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Michael Vogt Description: login - system login tools passwd - change and administer password and group data uidmap - programs to help use subuids Launchpad-Bugs-Fixed: 984390 1495580 1659534 Changes: shadow (1:4.2-3.1ubuntu5.4) xenial; urgency=medium . * patches/1012_extrausers_chfn.patch: - add --extrausers option to "chfn" (LP: #1495580) * debian/patches/1013_extrausers_deluser.patch: - add --extrausers option to "userdel" (LP: #1659534) * debian/patches/2000_fix-su-pam-env-handling: - fix "su -l" to correctly use pam_getenvlist (LP: #984390) Checksums-Sha1: 79a2c61d49d5507ef86a283fa871cb095d899da0 2513 shadow_4.2-3.1ubuntu5.4.dsc 573d11bc8d956068c3add07384850c9a68839670 506364 shadow_4.2-3.1ubuntu5.4.debian.tar.xz c8b4ede51d5fda146f988e72734e125def3870a7 8875 shadow_4.2-3.1ubuntu5.4_source.buildinfo Checksums-Sha256: 964bf283d4a1ec090c4e4044133789485ca608206cf87dda678c3350eda3590d 2513 shadow_4.2-3.1ubuntu5.4.dsc 50ccd266ff5bdc8577fe090b04c9be675340bf59b44fa843cd20174055540a15 506364 shadow_4.2-3.1ubuntu5.4.debian.tar.xz b2940b4daf414d52c1c71051a6a984a23ca6ccb13e8dc311ca8d2b1d7715deec 8875 shadow_4.2-3.1ubuntu5.4_source.buildinfo Files: 9e1caaad6ac1635ecaca72a56585cc94 2513 admin required shadow_4.2-3.1ubuntu5.4.dsc 449a03a5595748475f0f35028d5fa5d1 506364 admin required shadow_4.2-3.1ubuntu5.4.debian.tar.xz db75fe024b46371397c644ad04c6dfb1 8875 admin required shadow_4.2-3.1ubuntu5.4_source.buildinfo Original-Maintainer: Shadow package maintainers -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] php7.0 7.0.33-0ubuntu0.16.04.3 (Accepted)
php7.0 (7.0.33-0ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Unauthorized users access - debian/patches/CVE-2019-9637.patch: fix in main/streams/plain_wrapper.c. - CVE-2019-9637 * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg, ext/exif/tests/bug77563.phpt. - CVE-2019-9638 - CVE-2019-9639 * SECURITY UPDATE: Invalid read - debian/patches/CVE-2019-9640.patch: fix in ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg, ext/exif/tests/bug77540.phpt. - CVE-2019-9640 * SECURITY UPDATE: Unitialized read - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c. - CVE-2019-9641 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2019-9675.patch: fix in ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt, ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*. Date: 2019-03-22 15:52:16.086009+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] php7.0 7.0.33-0ubuntu0.16.04.3 (Accepted)
php7.0 (7.0.33-0ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Unauthorized users access - debian/patches/CVE-2019-9637.patch: fix in main/streams/plain_wrapper.c. - CVE-2019-9637 * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg, ext/exif/tests/bug77563.phpt. - CVE-2019-9638 - CVE-2019-9639 * SECURITY UPDATE: Invalid read - debian/patches/CVE-2019-9640.patch: fix in ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg, ext/exif/tests/bug77540.phpt. - CVE-2019-9640 * SECURITY UPDATE: Unitialized read - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c. - CVE-2019-9641 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2019-9675.patch: fix in ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt, ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*. Date: 2019-03-22 15:52:16.086009+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] xmltooling 1.5.6-2ubuntu0.3 (Accepted)
xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high * SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. - debian/patches/CVE-2019-9628.patch - CVE-2019-9628 - https://shibboleth.net/community/advisories/secadv_20190311.txt - LP: #1819912 Date: 2019-03-21 17:38:17.608912+00:00 Changed-By: Etienne Dysli Metref Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] xmltooling 1.5.6-2ubuntu0.3 (Accepted)
xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high * SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. - debian/patches/CVE-2019-9628.patch - CVE-2019-9628 - https://shibboleth.net/community/advisories/secadv_20190311.txt - LP: #1819912 Date: 2019-03-21 17:38:17.608912+00:00 Changed-By: Etienne Dysli Metref Signed-By: Eduardo dos Santos Barretto https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes