[ubuntu/xenial-updates] tomcat6 6.0.45+dfsg-1ubuntu0.1 (Accepted)
tomcat6 (6.0.45+dfsg-1ubuntu0.1) xenial-security; urgency=medium * Merge patches from Debian. * SECURITY UPDATE: Timing attack. - debian/patches/CVE-2016-0762.patch: Make timing attacks against the Realm implementations harder. - CVE-2016-0762 * SECURITY UPDATE: SecurityManager bypass. - debian/patches/CVE-2016-5018.patch: Remove unnecessary code. - debian/patches/CVE-2016-5018-part2.patch: Fix regression. - debian/patches/CVE-2016-6794.patch: Provide a mechanism that enables the container to check if a component has been granted a given permission when running under a SecurityManager. - debian/patches/CVE-2016-6796.patch: Ignore some JSP options when running under a SecurityManager. - CVE-2016-5018 - CVE-2016-6794 - CVE-2016-6796 * SECURITY UPDATE: Limited resources bypass. - debian/patches/CVE-2016-6797.patch: When adding and removing ResourceLinks dynamically, ensure that the global resource is only visible via the ResourceLinkFactory when it is meant to be. - debian/patches/CVE-2016-6797-part2.patch: Fix regression. - CVE-2016-6797 * SECURITY UPDATE: Data injection in HTTP requests. - debian/patches/CVE-2016-6816.patch: Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner. - CVE-2016-6816 * SECURITY UPDATE: Remote code execution. - debian/patches/CVE-2016-8735.patch: Explicitly configure allowed credential types. - CVE-2016-8735 Date: 2020-09-29 18:17:14.801567+00:00 Changed-By: Eduardo Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/tomcat6/6.0.45+dfsg-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] chromium-browser 85.0.4183.121-0ubuntu0.16.04.1 (Accepted)
chromium-browser (85.0.4183.121-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 85.0.4183.121 - CVE-2020-15960: Heap buffer overflow in storage. - CVE-2020-15961: Insufficient policy enforcement in extensions. - CVE-2020-15962: Insufficient policy enforcement in serial. - CVE-2020-15963: Insufficient policy enforcement in extensions. - CVE-2020-15965: Type Confusion in V8. - CVE-2020-15966: Insufficient policy enforcement in extensions. - CVE-2020-15964: Insufficient data validation in media. chromium-browser (85.0.4183.102-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 85.0.4183.102 - CVE-2020-6573: Use after free in video. - CVE-2020-6574: Insufficient policy enforcement in installer. - CVE-2020-6575: Race in Mojo. - CVE-2020-6576: Use after free in offscreen canvas. - CVE-2020-15959: Insufficient policy enforcement in networking. Date: 2020-09-21 20:16:14.854779+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/chromium-browser/85.0.4183.121-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] tomcat6 6.0.45+dfsg-1ubuntu0.1 (Accepted)
tomcat6 (6.0.45+dfsg-1ubuntu0.1) xenial-security; urgency=medium * Merge patches from Debian. * SECURITY UPDATE: Timing attack. - debian/patches/CVE-2016-0762.patch: Make timing attacks against the Realm implementations harder. - CVE-2016-0762 * SECURITY UPDATE: SecurityManager bypass. - debian/patches/CVE-2016-5018.patch: Remove unnecessary code. - debian/patches/CVE-2016-5018-part2.patch: Fix regression. - debian/patches/CVE-2016-6794.patch: Provide a mechanism that enables the container to check if a component has been granted a given permission when running under a SecurityManager. - debian/patches/CVE-2016-6796.patch: Ignore some JSP options when running under a SecurityManager. - CVE-2016-5018 - CVE-2016-6794 - CVE-2016-6796 * SECURITY UPDATE: Limited resources bypass. - debian/patches/CVE-2016-6797.patch: When adding and removing ResourceLinks dynamically, ensure that the global resource is only visible via the ResourceLinkFactory when it is meant to be. - debian/patches/CVE-2016-6797-part2.patch: Fix regression. - CVE-2016-6797 * SECURITY UPDATE: Data injection in HTTP requests. - debian/patches/CVE-2016-6816.patch: Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner. - CVE-2016-6816 * SECURITY UPDATE: Remote code execution. - debian/patches/CVE-2016-8735.patch: Explicitly configure allowed credential types. - CVE-2016-8735 Date: 2020-09-29 18:17:14.801567+00:00 Changed-By: Eduardo Barretto https://launchpad.net/ubuntu/+source/tomcat6/6.0.45+dfsg-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] openvswitch 2.5.9-0ubuntu0.16.04.1 (Accepted)
openvswitch (2.5.9-0ubuntu0.16.04.1) xenial; urgency=medium * Bump nofiles to 1048576 for ovs daemons when running under upstart (LP: #1737866). * d/watch: Misc tweaks for upstream layout changes. * New upstream release (LP: #1888198). Date: Mon, 20 Jul 2020 15:36:21 +0100 Changed-By: James Page Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/openvswitch/2.5.9-0ubuntu0.16.04.1 Format: 1.8 Date: Mon, 20 Jul 2020 15:36:21 +0100 Source: openvswitch Architecture: source Version: 2.5.9-0ubuntu0.16.04.1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: James Page Launchpad-Bugs-Fixed: 1737866 1888198 Changes: openvswitch (2.5.9-0ubuntu0.16.04.1) xenial; urgency=medium . * Bump nofiles to 1048576 for ovs daemons when running under upstart (LP: #1737866). * d/watch: Misc tweaks for upstream layout changes. * New upstream release (LP: #1888198). Checksums-Sha1: af5d78550c1f6388c22616506ca1aa9e75e51bca 3358 openvswitch_2.5.9-0ubuntu0.16.04.1.dsc ceb775c04f05dbf2527fe4adc6617cf3b92575e7 4640541 openvswitch_2.5.9.orig.tar.gz cfb4f54db0547a757454eebf5520a533e2088761 50616 openvswitch_2.5.9-0ubuntu0.16.04.1.debian.tar.xz 6f009cf9920d04e1f5fe5e2a991a94a71fdde2c7 9052 openvswitch_2.5.9-0ubuntu0.16.04.1_source.buildinfo Checksums-Sha256: 1ff918b92d7d1f575b35d1f2d87fc887ac4dd2ad28a05474855c1fc9fb8e4b19 3358 openvswitch_2.5.9-0ubuntu0.16.04.1.dsc 671dee6d4f40f154043669a95afdfa21cb8c772fd2976296f798684339b36047 4640541 openvswitch_2.5.9.orig.tar.gz 2f5c5fcf7faf5a317e2691312f12beb4c691ef166888a5fb2f346ad1a6ef5d4d 50616 openvswitch_2.5.9-0ubuntu0.16.04.1.debian.tar.xz 5982753cd2c7869bab9e5af3e80d1dc33076661cee71851ebc31f070885dc7f1 9052 openvswitch_2.5.9-0ubuntu0.16.04.1_source.buildinfo Files: 3c21defb508a837b7d93ad3c7b7133c5 3358 net extra openvswitch_2.5.9-0ubuntu0.16.04.1.dsc d2479c5d339bfea5b20a10776c7f59f9 4640541 net extra openvswitch_2.5.9.orig.tar.gz 6ef4e1a9a7111b4c38cc7be33037dc58 50616 net extra openvswitch_2.5.9-0ubuntu0.16.04.1.debian.tar.xz 42825e51e975cda58b71d584e7e6b0b7 9052 net extra openvswitch_2.5.9-0ubuntu0.16.04.1_source.buildinfo Original-Maintainer: Open vSwitch developers -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] cloud-utils 0.27-0ubuntu25.2 (Accepted)
cloud-utils (0.27-0ubuntu25.2) xenial; urgency=medium * debian/patches/lp-1493188-support-overlay-filesystem: mount-image-callback: support 'overlay' filesystem type rather than ubuntu specific 'overlayfs' (LP: #1493188) * debian/patches/lp-1630274-mount-overlay-first: mount-image-callback: try mounting overlay rather than checking first (LP: #1630274) Date: Fri, 04 Sep 2020 08:47:08 -0600 Changed-By: Chad Smith Maintainer: Scott Moser Signed-By: Scott Moser https://launchpad.net/ubuntu/+source/cloud-utils/0.27-0ubuntu25.2 Format: 1.8 Date: Fri, 04 Sep 2020 08:47:08 -0600 Source: cloud-utils Architecture: source Version: 0.27-0ubuntu25.2 Distribution: xenial Urgency: medium Maintainer: Scott Moser Changed-By: Chad Smith Launchpad-Bugs-Fixed: 1493188 1630274 Changes: cloud-utils (0.27-0ubuntu25.2) xenial; urgency=medium . * debian/patches/lp-1493188-support-overlay-filesystem: mount-image-callback: support 'overlay' filesystem type rather than ubuntu specific 'overlayfs' (LP: #1493188) * debian/patches/lp-1630274-mount-overlay-first: mount-image-callback: try mounting overlay rather than checking first (LP: #1630274) Checksums-Sha1: 8a103a2240de0f580cd38a54ee1d4e080eaa92c2 1951 cloud-utils_0.27-0ubuntu25.2.dsc 0717a532fd1044c14d25373315e03ff524da86e8 43988 cloud-utils_0.27-0ubuntu25.2.debian.tar.xz 11333997a74231a7106f42266651b38e8ddbd82f 6835 cloud-utils_0.27-0ubuntu25.2_source.buildinfo Checksums-Sha256: d1df36eb9b647a2ff24bab0d82d05932f9996ee32b3961c9c2355594df6277a9 1951 cloud-utils_0.27-0ubuntu25.2.dsc 82d4c0681c38badd5064ccefa85287076476c325e09d5f49dc3208e5a2e63996 43988 cloud-utils_0.27-0ubuntu25.2.debian.tar.xz cc37e229be6dcc76b644754d34d3911147321d904a84e0864e25ed65f2bfa48d 6835 cloud-utils_0.27-0ubuntu25.2_source.buildinfo Files: 52d7de7c35af9335d297bae31d29b42f 1951 admin extra cloud-utils_0.27-0ubuntu25.2.dsc b09b04d6a3171342f2caeec65aa8d87d 43988 admin extra cloud-utils_0.27-0ubuntu25.2.debian.tar.xz 2afbfeca2f3d34c10934958d509eee9e 6835 admin extra cloud-utils_0.27-0ubuntu25.2_source.buildinfo -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] chromium-browser 85.0.4183.121-0ubuntu0.16.04.1 (Accepted)
chromium-browser (85.0.4183.121-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 85.0.4183.121 - CVE-2020-15960: Heap buffer overflow in storage. - CVE-2020-15961: Insufficient policy enforcement in extensions. - CVE-2020-15962: Insufficient policy enforcement in serial. - CVE-2020-15963: Insufficient policy enforcement in extensions. - CVE-2020-15965: Type Confusion in V8. - CVE-2020-15966: Insufficient policy enforcement in extensions. - CVE-2020-15964: Insufficient data validation in media. chromium-browser (85.0.4183.102-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 85.0.4183.102 - CVE-2020-6573: Use after free in video. - CVE-2020-6574: Insufficient policy enforcement in installer. - CVE-2020-6575: Race in Mojo. - CVE-2020-6576: Use after free in offscreen canvas. - CVE-2020-15959: Insufficient policy enforcement in networking. Date: 2020-09-21 20:16:14.854779+00:00 Changed-By: Olivier Tilloy Signed-By: Chris Coulson https://launchpad.net/ubuntu/+source/chromium-browser/85.0.4183.121-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] lttng-modules 2.8.0-1ubuntu1~16.04.9 (Accepted)
lttng-modules (2.8.0-1ubuntu1~16.04.9) xenial; urgency=medium * Fix writeback_queue_io() modification (LP: #1896781): - d/p/compat-5.9/0001-fix-writeback-queue-io.patch Date: Thu, 24 Sep 2020 18:10:41 +0200 Changed-By: Stefan Bader Maintainer: Ubuntu Developers Signed-By: Christian Ehrhardt https://launchpad.net/ubuntu/+source/lttng-modules/2.8.0-1ubuntu1~16.04.9 Format: 1.8 Date: Thu, 24 Sep 2020 18:10:41 +0200 Source: lttng-modules Architecture: source Version: 2.8.0-1ubuntu1~16.04.9 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Stefan Bader Launchpad-Bugs-Fixed: 1896781 Changes: lttng-modules (2.8.0-1ubuntu1~16.04.9) xenial; urgency=medium . * Fix writeback_queue_io() modification (LP: #1896781): - d/p/compat-5.9/0001-fix-writeback-queue-io.patch Checksums-Sha1: 3b63e72afbb10f1ba1819e17c5ada82c96050fa8 2069 lttng-modules_2.8.0-1ubuntu1~16.04.9.dsc 05a92ac34642e36ab9f8907d9ebd307933639855 40288 lttng-modules_2.8.0-1ubuntu1~16.04.9.debian.tar.xz 1b034864d7de39d51a4a51078110edaf1f5efbfc 7007 lttng-modules_2.8.0-1ubuntu1~16.04.9_source.buildinfo Checksums-Sha256: c2d0fd9af7c159d450af5a2ef415ab155537d9f1a11e55a5b6e169b5adcc7493 2069 lttng-modules_2.8.0-1ubuntu1~16.04.9.dsc 19e0649adfa8df732cb57d84128d0b38ad8c99169e58ad112b7b0641c6ff0d31 40288 lttng-modules_2.8.0-1ubuntu1~16.04.9.debian.tar.xz bed2bbbfb8f663a773018fb054b0711d17eafd1c0544922028314733143221eb 7007 lttng-modules_2.8.0-1ubuntu1~16.04.9_source.buildinfo Files: 421118a8bc3e85ae2be3b116b6a561a8 2069 kernel extra lttng-modules_2.8.0-1ubuntu1~16.04.9.dsc ce651d1ebd84e7c16f5939349b272d59 40288 kernel extra lttng-modules_2.8.0-1ubuntu1~16.04.9.debian.tar.xz 0d2baf5aef3332bd6070a82e264cbbe8 7007 kernel extra lttng-modules_2.8.0-1ubuntu1~16.04.9_source.buildinfo Original-Maintainer: Jon Bernard -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes