[ubuntu/xenial-updates] pillow 3.1.2-0ubuntu1.5 (Accepted)
pillow (3.1.2-0ubuntu1.5) xenial-security; urgency=medium * SECURITY UPDATE: buffer over-read via PCX file - debian/patches/CVE-2020-35653.patch: don't trust the image to specify a buffer size in PIL/PcxImagePlugin.py, removed failing test in Tests/test_image.py. - CVE-2020-35653 Date: 2021-01-14 12:38:15.744694+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/pillow/3.1.2-0ubuntu1.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] skiboot 5.4.3-1ubuntu0.16.04.2 (Accepted)
skiboot (5.4.3-1ubuntu0.16.04.2) xenial; urgency=medium * opal-prd: Have a worker process handle page offlining (LP: #1904585) Have a worker process handle page offlining d/patches/fix-opal-prd-have-worker-process-handle-page-offlining.patch Date: 2021-01-11 22:45:08.865236+00:00 Changed-By: Matthieu Clemenceau Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/skiboot/5.4.3-1ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] pillow 3.1.2-0ubuntu1.5 (Accepted)
pillow (3.1.2-0ubuntu1.5) xenial-security; urgency=medium * SECURITY UPDATE: buffer over-read via PCX file - debian/patches/CVE-2020-35653.patch: don't trust the image to specify a buffer size in PIL/PcxImagePlugin.py, removed failing test in Tests/test_image.py. - CVE-2020-35653 Date: 2021-01-14 12:38:15.744694+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/pillow/3.1.2-0ubuntu1.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] htmldoc 1.8.27-8ubuntu1.1 (Accepted)
htmldoc (1.8.27-8ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: Stack-based buffer overflow - debian/patches/CVE-2019-19630.patch: fix a buffer underflow issue with GCC on linux in htmldoc/ps-pdf.cxx. - CVE-2019-19630 Date: 2021-01-14 16:06:12.234668+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/htmldoc/1.8.27-8ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] htmldoc 1.8.27-8ubuntu1.1 (Accepted)
htmldoc (1.8.27-8ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: Stack-based buffer overflow - debian/patches/CVE-2019-19630.patch: fix a buffer underflow issue with GCC on linux in htmldoc/ps-pdf.cxx. - CVE-2019-19630 Date: 2021-01-14 16:06:12.234668+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) https://launchpad.net/ubuntu/+source/htmldoc/1.8.27-8ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] icoutils 0.31.0-3ubuntu0.1 (Accepted)
icoutils (0.31.0-3ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-5208.patch: fix check_offset overflow on 64-bit systems in wrestool/fileread.c. - CVE-2017-5208 * SECURITY UPDATE: Arbitrary code execution and Denial of service - debian/patches/CVE-2017-5331.patch: make check_offset more stringent in wrestool/fileread.c. - CVE-2017-5331 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-5332.patch: prevent access to unallocated memory in wrestool/extract.c. - CVE-2017-5332 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-5333.patch: fix an index in wrestool/extract.c. - CVE-2017-5333 * SECURITY UPDATE: Failed memcpy, crash and buffer overflow - debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch: fix in icotool/extract.c, wrestool/restable.c. - CVE-2017-6009 - CVE-2017-6010 - CVE-2017-6011 Date: 2021-01-14 14:33:08.996467+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/icoutils/0.31.0-3ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] icoutils 0.31.0-3ubuntu0.1 (Accepted)
icoutils (0.31.0-3ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-5208.patch: fix check_offset overflow on 64-bit systems in wrestool/fileread.c. - CVE-2017-5208 * SECURITY UPDATE: Arbitrary code execution and Denial of service - debian/patches/CVE-2017-5331.patch: make check_offset more stringent in wrestool/fileread.c. - CVE-2017-5331 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-5332.patch: prevent access to unallocated memory in wrestool/extract.c. - CVE-2017-5332 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-5333.patch: fix an index in wrestool/extract.c. - CVE-2017-5333 * SECURITY UPDATE: Failed memcpy, crash and buffer overflow - debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch: fix in icotool/extract.c, wrestool/restable.c. - CVE-2017-6009 - CVE-2017-6010 - CVE-2017-6011 Date: 2021-01-14 14:33:08.996467+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) https://launchpad.net/ubuntu/+source/icoutils/0.31.0-3ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] borgbackup 1.0.13-0ubuntu1.16.04.1 (Accepted)
borgbackup (1.0.13-0ubuntu1.16.04.1) xenial; urgency=medium * New upstream release * debian/patches/4968.patch: * debian/patches/5533.patch: - cherry pick upstream patch and release to fix hashindex corruption bug (LP: #1877844) - cherry pick also un upstream patch to add a regression test for the corruption bug Date: 2020-12-03 09:11:09.883970+00:00 Changed-By: Gianfranco Costamagna Maintainer: Danny Edel Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/borgbackup/1.0.13-0ubuntu1.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes