[ubuntu/xenial-proposed] shadow 1:4.2-3.1ubuntu5.4 (Accepted)

[Michael Vogt]

shadow (1:4.2-3.1ubuntu5.4) xenial; urgency=medium

  * patches/1012_extrausers_chfn.patch:
- add --extrausers option to "chfn" (LP: #1495580)
  * debian/patches/1013_extrausers_deluser.patch:
- add --extrausers option to "userdel" (LP: #1659534)
  * debian/patches/2000_fix-su-pam-env-handling:
- fix "su -l" to correctly use pam_getenvlist (LP: #984390)

Date: Fri, 22 Mar 2019 20:22:06 +0100
Changed-By: Michael Vogt 
Maintainer: Ubuntu Developers 
https://launchpad.net/ubuntu/+source/shadow/1:4.2-3.1ubuntu5.4
Format: 1.8
Date: Fri, 22 Mar 2019 20:22:06 +0100
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.2-3.1ubuntu5.4
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Michael Vogt 
Description:
 login  - system login tools
 passwd - change and administer password and group data
 uidmap - programs to help use subuids
Launchpad-Bugs-Fixed: 984390 1495580 1659534
Changes:
 shadow (1:4.2-3.1ubuntu5.4) xenial; urgency=medium
 .
   * patches/1012_extrausers_chfn.patch:
 - add --extrausers option to "chfn" (LP: #1495580)
   * debian/patches/1013_extrausers_deluser.patch:
 - add --extrausers option to "userdel" (LP: #1659534)
   * debian/patches/2000_fix-su-pam-env-handling:
 - fix "su -l" to correctly use pam_getenvlist (LP: #984390)
Checksums-Sha1:
 79a2c61d49d5507ef86a283fa871cb095d899da0 2513 shadow_4.2-3.1ubuntu5.4.dsc
 573d11bc8d956068c3add07384850c9a68839670 506364 
shadow_4.2-3.1ubuntu5.4.debian.tar.xz
 c8b4ede51d5fda146f988e72734e125def3870a7 8875 
shadow_4.2-3.1ubuntu5.4_source.buildinfo
Checksums-Sha256:
 964bf283d4a1ec090c4e4044133789485ca608206cf87dda678c3350eda3590d 2513 
shadow_4.2-3.1ubuntu5.4.dsc
 50ccd266ff5bdc8577fe090b04c9be675340bf59b44fa843cd20174055540a15 506364 
shadow_4.2-3.1ubuntu5.4.debian.tar.xz
 b2940b4daf414d52c1c71051a6a984a23ca6ccb13e8dc311ca8d2b1d7715deec 8875 
shadow_4.2-3.1ubuntu5.4_source.buildinfo
Files:
 9e1caaad6ac1635ecaca72a56585cc94 2513 admin required 
shadow_4.2-3.1ubuntu5.4.dsc
 449a03a5595748475f0f35028d5fa5d1 506364 admin required 
shadow_4.2-3.1ubuntu5.4.debian.tar.xz
 db75fe024b46371397c644ad04c6dfb1 8875 admin required 
shadow_4.2-3.1ubuntu5.4_source.buildinfo
Original-Maintainer: Shadow package maintainers 

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] php7.0 7.0.33-0ubuntu0.16.04.3 (Accepted)

[Ubuntu Archive Robot]

php7.0 (7.0.33-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
- debian/patches/CVE-2019-9637.patch: fix in
  main/streams/plain_wrapper.c.
- CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
- debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
  ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
  ext/exif/tests/bug77563.phpt.
- CVE-2019-9638
- CVE-2019-9639
  * SECURITY UPDATE: Invalid read
- debian/patches/CVE-2019-9640.patch: fix in
  ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
  ext/exif/tests/bug77540.phpt.
- CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
- debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
- CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-9675.patch: fix in
  ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt,
  ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*.

Date: 2019-03-22 15:52:16.086009+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] php7.0 7.0.33-0ubuntu0.16.04.3 (Accepted)

[Leonidas S. Barbosa]

php7.0 (7.0.33-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
- debian/patches/CVE-2019-9637.patch: fix in
  main/streams/plain_wrapper.c.
- CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
- debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
  ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
  ext/exif/tests/bug77563.phpt.
- CVE-2019-9638
- CVE-2019-9639
  * SECURITY UPDATE: Invalid read
- debian/patches/CVE-2019-9640.patch: fix in
  ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
  ext/exif/tests/bug77540.phpt.
- CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
- debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
- CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-9675.patch: fix in
  ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt,
  ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*.

Date: 2019-03-22 15:52:16.086009+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] xmltooling 1.5.6-2ubuntu0.3 (Accepted)

[Ubuntu Archive Robot]

xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high

  * SECURITY UPDATE: uncaught exception on malformed XML declaration
Invalid data in the XML declaration causes an exception of a type that
was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
- debian/patches/CVE-2019-9628.patch
- CVE-2019-9628
- https://shibboleth.net/community/advisories/secadv_20190311.txt
- LP: #1819912

Date: 2019-03-21 17:38:17.608912+00:00
Changed-By: Etienne Dysli Metref 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] xmltooling 1.5.6-2ubuntu0.3 (Accepted)

[Eduardo dos Santos Barretto]

xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high

  * SECURITY UPDATE: uncaught exception on malformed XML declaration
Invalid data in the XML declaration causes an exception of a type that
was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
- debian/patches/CVE-2019-9628.patch
- CVE-2019-9628
- https://shibboleth.net/community/advisories/secadv_20190311.txt
- LP: #1819912

Date: 2019-03-21 17:38:17.608912+00:00
Changed-By: Etienne Dysli Metref 
Signed-By: Eduardo dos Santos Barretto 
https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes