[ubuntu/xenial-updates] ubuntu-advantage-tools 27.0~16.04.1 (Accepted)
ubuntu-advantage-tools (27.0~16.04.1) xenial; urgency=medium * New upstream release 27.0: (LP: #1926361) - apt-hook: mitigate failures with true - messages: add optional (s) to apt messaging to include singular/plural pkgs - apt-hook: avoid reporting and counting duplicate package names (GH: #1578) - fix: don't say reboot required when unnecessary (LP: #1926183) - test: uncomment additional xenial upgrade tests ubuntu-advantage-tools (27.0~21.04.1~beta3) hirsute; urgency=medium * New upstream beta3 release: - config: avoid tracebacks on invalid features value in uaclient.conf (GH: #1564) - apt-hook: new json hook for security update counts - Remove redundant messaging from uaclient ubuntu-advantage-tools (27.0~21.04.1~beta2) hirsute; urgency=medium * d/control: - add distro-info dependency - add new debianutils dependency - add optional dh-systemd | debhelper (>= 13.3) to fallback on hirsute and later when dh-systemd is not present * d/rules: enable and start ua-messaging.timer on package install * d/postinst: - configure esm on any LTS release avoid beta services - configure esm-infra when is_active_esm and apps on LTS - xenial enable unauthenticated apt source for apps/infra * New upstream release 27.0~beta: - apt-hook: + adapt hook to process separate message templates + esm-apps and esm-infra pkg counts not mutually-exclusive + print static messages on apt upgrade/dist-upgrade (GH: #1546) - config: create settings_overrides on config (GH: #1507) - docs: add entry for uploading new version to ppa - esm: + add pin never when disabling esm-infra/apps on xenial + enable infra when EOL LTS and apps on all LTS (GH: #1558) - fips: add notice when installing over old fips - fix: + add links to ubuntu.com/gcp/aws in messaging when on non-PRO + add notice to reboot operation on ua fix + do not prompt user for beta services (GH: #1544) + notify users if reboot is required (GH: #1476) + update how the expired token logic works + wrap output greater than 80 chars (GH: #1487) - lib: fix notice handling on reboot script - messages + provide static message files for use in APT and MOTD + update_ua_messages on attach/detach/disable - mypy: add lib/ dir for coverage - status: do not remove notices on non-root call (GH: #1518) - subp: separate % format strings when logging (GH: #1520) - systemd: add ua-messaging.timer to update ua MOTD and APT msgs - update-motd.d: add conditional hooks for motd to source ua messages - util: add is_lts and is_active_esm funtions to support ESM - test + add integration tests asserting esm-apps setup due to postinst + manual test script for xenial upgrade + trusty and xenial infra and apps disabled in pkg install - behave: use unaltered cloud images unsetting UACLIENT_BEHAVE_PPA - jenkins: make lint and style stage run sequentially ubuntu-advantage-tools (27.0~21.04.1~beta) hirsute; urgency=medium * d/*: prefix all the debhelper conf files with the package name * d/control: - add Rules-Requires-Root: no - bump Standards-Version to 4.5.1 - make ubuntu-advantage-pro Architecture: all * d/lintian-overrides: - override maintainer-script-calls-service - package-supports-alternative-init-but-no-init.d-script * d/postinst: move the u-a-pro note to a config script * d/ubuntu-advantage-tools.templates: suggest the use of apt * New upstream release 27.0~beta: - apt: add retry for apt-helper command (GH: #1431) - cli: drop subcommand repeated help output, fix enable & refresh (GH: #1440) - config: + allow parsing yaml delivered from env values + environment variable support for feature overrides (GH: #1395) + create config to add extra params to security url - docs: + add ppas and fix typos + use Ubuntu Pro not Ubuntu PRO + add stop "." punctuation to messages (GH: #1320) - fips: fix FIPS message when disable operation fails - fix: + add basic UASecurityClient to which queries CVE and USNs + add security_url to config + check if service is enabled during ua fix (GH: #1462) + closer representation of cve and usn responses + filter usns by cve details (GH: #1470) + fix regex to be more permissive and strict + get_cve_affected_source_packages_status won't list not-affected (GH: #1467) + handle other package status when running ua fix (GH: #1435) + improve error message for ua fix (GH: #1420) + install pkg fixes when they are on standard pocket (GH: #1401) + move timeout and retries to security client only + only prompt for subscription attach for UA-related pkg updates + parse all related USNS to a given CVE when fixing + parse full API responses for related
[ubuntu/xenial-updates] grub2-signed 1.167~16.04.1 (Accepted)
grub2-signed (1.167~16.04.1) xenial; urgency=medium * Use debhelper-compat 9 for ease of SRUs to Bionic and earlier. LP: #1920008 grub2-signed (1.167~16.04.0) xenial; urgency=medium * grub-efi-amd64-signed: add depends on grub2-common with support for R_X86_64_PLT32 relocations. LP: #1920008 grub2-signed (1.166) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu44. grub2-signed (1.165) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu43. grub2-signed (1.164) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu42. LP: #1915536 grub2-signed (1.163) hirsute; urgency=medium * Make maintainer scripts compatible with any grub2-common since precise. LP: #1915536 * Drop unused config_item function. * Only download signed binaries once. grub2-signed (1.162) hirsute; urgency=medium * Rebuild with correct permissions, and higher version number. grub2-signed (1.161) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu39 grub2-signed (1.160) hirsute; urgency=medium * Fix test directory existence race in download-signed, making FTBFS on arm64: - download-signed is run 3 times in parallel due to Makefile and download assets in a single directory. - testing the directory and then calling makedirs is not done atomically. - long term fix would be to run it once and collect/compared all signed files. grub2-signed (1.159) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu38 grub2-signed (1.158) hirsute; urgency=medium * Trim trailing whitespace. * Use secure copyright file specification URI. * Bump debhelper from deprecated 9 to 12. * Set debhelper-compat version in Build-Depends. * Drop unused bzr-builddeb.conf * Add postinst for the arm64 package (LP: #1914582) * Set series specific VCS field in debian/control grub2-signed (1.157) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu37 grub2-signed (1.156) hirsute; urgency=medium * Rebuild against grub2 2.04-1ubuntu36 grub2-signed (1.155) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu35 grub2-signed (1.154) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu33 grub2-signed (1.153) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu32 grub2-signed (1.152) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu31 grub2-signed (1.151) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu30. grub2-signed (1.150) groovy; urgency=medium * Add check to compare that signed grub, matches monolithic builds, to avoid signing skew when copying grub2/grub2-signed to PPAs. * Rebuild against grub2 2.04-1ubuntu29. grub2-signed (1.149) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu28 grub2-signed (1.148) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu27 grub2-signed (1.147) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu26.2. grub2-signed (1.146) groovy; urgency=medium * Rebuild against grub2 2.04-1ubuntu26.1. grub2-signed (1.144) groovy; urgency=medium * Fix arm64 download, grub2 package doesn't exist on that arch, use grub2-common instead. grub2-signed (1.143) groovy; urgency=medium * Support downloads from PPAs for additional signatures. LP: #1876875 grub2-signed (1.142) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu26. grub2-signed (1.141) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu25. grub2-signed (1.140) focal; urgency=medium * Fix postinst typpo. grub2-signed (1.139) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu24, enable installing to multiple ESPs (LP: #1871821) grub2-signed (1.138) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu23. grub2-signed (1.137) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu22. grub2-signed (1.136) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu21. grub2-signed (1.135) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu19. grub2-signed (1.134) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu18. grub2-signed (1.133) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu16. grub2-signed (1.132) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu15. grub2-signed (1.131) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu14. grub2-signed (1.130) focal; urgency=medium * Really rebuild against grub2 2.04-1ubuntu13 this time. (LP: #1845289) (LP: #1848892) grub2-signed (1.129) focal; urgency=medium * Rebuild against grub2 2.04-1ubuntu13. (LP: #1845289) (LP: #1848892) grub2-signed (1.128) eoan; urgency=medium * Rebuild against grub2 2.04-1ubuntu12. grub2-signed (1.127) eoan; urgency=medium * Rebuild against grub2 2.04-1ubuntu11. grub2-signed (1.126) eoan; urgency=medium * Rebuild against grub2 2.04-1ubuntu10. grub2-signed (1.125) eoan; urgency=medium * Rebuild against grub2 2.04-1ubuntu9.
[ubuntu/xenial-updates] grub2-unsigned 2.04-1ubuntu44 (Accepted)
grub2-unsigned (2.04-1ubuntu44) hirsute; urgency=medium * Compile grub-efi-amd64 installable i386 platform on hirsute, to make it available in bionic and earlier as part of onegrub builds. Date: 2021-03-04 12:46:17.971184+00:00 Changed-By: Dimitri John Ledkov Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/grub2-unsigned/2.04-1ubuntu44 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] grub2 2.02~beta2-36ubuntu3.31 (Accepted)
grub2 (2.02~beta2-36ubuntu3.31) xenial; urgency=medium [ Dimitri John Ledkov & Steve Langasek ] * Relax dependencies to allow grub-efi be installed with later versions of grub-efi-amd64. Stop building grub-efi-amd64|arm64{-bin,dbg} packages, now provided by src:grub2-unsigned. LP: #1915536 [ Dimitri John Ledkov ] * Cherrypick 2.02+dfsg1-5 patch for x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32 to allow processing 2.04 grub modules built with newer binutils. Date: 2021-03-02 09:42:33.728399+00:00 Changed-By: Dimitri John Ledkov Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.31 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] update-notifier 3.168.14 (Accepted)
update-notifier (3.168.14) xenial; urgency=medium * data/apt_check.py: - Add support to handle packages from ESM Apps in addition to ESM Infra and only display alerts if the distro is ESM. (LP: #1924766) - Do not display a count of ESM packages if the system does not have ESM enabled. (LP: #1883315) - Make distinction betweem standard security updates and ESM updates when performing package counts. (LP: #1926208) - use 'applied' instead of 'installed', redact 0 of these updates are security updates, and correct singular messages * debian/control: Add a dependency on python3-distro-info. Date: 2021-04-27 00:54:08.751105+00:00 Changed-By: Lucas Albuquerque Medeiros de Moura Maintainer: Michael Vogt Signed-By: Brian Murray https://launchpad.net/ubuntu/+source/update-notifier/3.168.14 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] apt 1.2.35 (Accepted)
apt (1.2.35) xenial; urgency=medium * Backport JSON hooks, version 0.2, to xenial (LP: #1926150). The JSON code files are identical to that of 2.3.2, only the integration and test cases needed minor adjustment to behave correctly, especially: - In private-install.cc, exit before showing the list of packages to upgrade/install/etc, in case an error is already set. This moves the behavior closer to bionic. * Backport zstd support for Launchpad zstd enablement (LP: #1926437) * Fix indendation of changelog message in 1.2.34 changelog. * Bug fixes needed for JSON hooks: - private-install: Handle existing errors before showing lists - Avoid duplicated error in `apt search` * Bug fixes affecting CI / autopkgtest only: - prepare-release: Ignore alternative build dependencies - tests: Do not expect requested-by if sudo was invoked by root - tests: Export TZ=UTC to work around test failures on non-UTC hosts - tests: avoid time-dependent rebuild of caches apt (1.2.34) xenial-security; urgency=high * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193) - apt-pkg/contrib/arfile.cc: add extra checks. - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB - test/*: add tests. - CVE-2020-27350 * Additional hardening: - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB * (upstream re-release of 1.2.34) apt (1.2.33) xenial-security; urgency=high * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177) - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated member names in error path - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated member names in error path - CVE-2020-3810 * Add .gitlab-ci.yml for CI testing on Salsa * (upstream re-release of 1.2.34) Date: 2021-04-28 13:00:10.145755+00:00 Changed-By: Julian Andres Klode Signed-By: Brian Murray https://launchpad.net/ubuntu/+source/apt/1.2.35 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] python-apt 1.1.0~beta1ubuntu0.16.04.12 (Accepted)
python-apt (1.1.0~beta1ubuntu0.16.04.12) xenial; urgency=medium * debfile: Pass `Name` instead of `Binary` to ExtractTar. Passing the binary causes it to fail trying to find the `false` compressor when a binary for a given compressor is not installed. (LP: #1926437) * Update mirror lists Date: Thu, 29 Apr 2021 21:37:32 +0200 Changed-By: Julian Andres Klode Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/python-apt/1.1.0~beta1ubuntu0.16.04.12 Format: 1.8 Date: Thu, 29 Apr 2021 21:37:32 +0200 Source: python-apt Built-For-Profiles: noudeb Architecture: source Version: 1.1.0~beta1ubuntu0.16.04.12 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Julian Andres Klode Launchpad-Bugs-Fixed: 1926437 Changes: python-apt (1.1.0~beta1ubuntu0.16.04.12) xenial; urgency=medium . * debfile: Pass `Name` instead of `Binary` to ExtractTar. Passing the binary causes it to fail trying to find the `false` compressor when a binary for a given compressor is not installed. (LP: #1926437) * Update mirror lists Checksums-Sha1: 900827aa9921e9425e70ccbe5ef26ecca2fc3b54 2539 python-apt_1.1.0~beta1ubuntu0.16.04.12.dsc c7c31c0821530f91f9cb5f2b55c4c8033d821093 335056 python-apt_1.1.0~beta1ubuntu0.16.04.12.tar.xz ac7b049a3c965395b43646329fcb2f489d99c2d4 9956 python-apt_1.1.0~beta1ubuntu0.16.04.12_source.buildinfo Checksums-Sha256: 2b1b59876d1ef3a642778dd932af0e5cbe7bc93af7db53fa3c573f20789e6e8e 2539 python-apt_1.1.0~beta1ubuntu0.16.04.12.dsc 5ac1dcebcbc660987be7abe9884ec959a35d44ada284de87e843913fb0699bb8 335056 python-apt_1.1.0~beta1ubuntu0.16.04.12.tar.xz 8e828b08cf3ad3fc51bfee5c46b76bc57597758f11f54b5d650045ff7d6d07e3 9956 python-apt_1.1.0~beta1ubuntu0.16.04.12_source.buildinfo Files: 3782d94266a33c7bfdfd595444a89162 2539 python standard python-apt_1.1.0~beta1ubuntu0.16.04.12.dsc ee6ff5e244f28253c82a41ef7d12633f 335056 python standard python-apt_1.1.0~beta1ubuntu0.16.04.12.tar.xz 95adf4edd67cc3e9281ff84aab4fd2e5 9956 python standard python-apt_1.1.0~beta1ubuntu0.16.04.12_source.buildinfo Original-Maintainer: APT Development Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] ubuntu-advantage-tools 27.0~16.04.1 (Accepted)
ubuntu-advantage-tools (27.0~16.04.1) xenial; urgency=medium * New upstream release 27.0: (LP: #1926361) - apt-hook: mitigate failures with true - messages: add optional (s) to apt messaging to include singular/plural pkgs - apt-hook: avoid reporting and counting duplicate package names (GH: #1578) - fix: don't say reboot required when unnecessary (LP: #1926183) - test: uncomment additional xenial upgrade tests Date: Tue, 27 Apr 2021 15:31:06 -0300 Changed-By: Lucas Moura Maintainer: Ubuntu Developers Signed-By: Bryce Harrington https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.0~16.04.1 Format: 1.8 Date: Tue, 27 Apr 2021 15:31:06 -0300 Source: ubuntu-advantage-tools Binary: ubuntu-advantage-tools ubuntu-advantage-pro Architecture: source Version: 27.0~16.04.1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Lucas Moura Description: ubuntu-advantage-pro - utilities and services for Ubuntu Pro images ubuntu-advantage-tools - management tools for Ubuntu Advantage Launchpad-Bugs-Fixed: 1926183 1926361 Changes: ubuntu-advantage-tools (27.0~16.04.1) xenial; urgency=medium . * New upstream release 27.0: (LP: #1926361) - apt-hook: mitigate failures with true - messages: add optional (s) to apt messaging to include singular/plural pkgs - apt-hook: avoid reporting and counting duplicate package names (GH: #1578) - fix: don't say reboot required when unnecessary (LP: #1926183) - test: uncomment additional xenial upgrade tests Checksums-Sha1: 59aa3fa36bccf2283288a94b3b727b07b4158d57 2038 ubuntu-advantage-tools_27.0~16.04.1.dsc 3cafa22693f73973b10383d7a6e999f81b4b75cd 237600 ubuntu-advantage-tools_27.0~16.04.1.tar.xz Checksums-Sha256: 7f0a1c3d3d8ef0c8722a37ef9d552168968132a4bfc2521fa8da2751a879e6ad 2038 ubuntu-advantage-tools_27.0~16.04.1.dsc e8ad8184cd276478a4eb09d588fceac759d61629b327fc898265365c04e6b8a1 237600 ubuntu-advantage-tools_27.0~16.04.1.tar.xz Files: a7056f06da7519ced706b93faa46a7f2 2038 misc important ubuntu-advantage-tools_27.0~16.04.1.dsc f13262304820b4918b3c40200bfaddae 237600 misc important ubuntu-advantage-tools_27.0~16.04.1.tar.xz -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.34 (Accepted)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.34) xenial-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 Date: 2021-04-14 15:44:09.356509+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.34 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] debootstrap 1.0.78+nmu1ubuntu1.13 (Accepted)
debootstrap (1.0.78+nmu1ubuntu1.13) xenial; urgency=medium * Add (Ubuntu) impish as a symlink to gutsy (LP: #1925753). Date: 2021-04-23 07:43:23.118822+00:00 Changed-By: Łukasz Zemczak Signed-By: Brian Murray https://launchpad.net/ubuntu/+source/debootstrap/1.0.78+nmu1ubuntu1.13 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] samba 2:4.3.11+dfsg-0ubuntu0.16.04.34 (Accepted)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.34) xenial-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 Date: 2021-04-14 15:44:09.356509+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.34 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] sosreport 3.9.1-1ubuntu0.16.04.2 (Accepted)
sosreport (3.9.1-1ubuntu0.16.04.2) xenial; urgency=medium * d/p/0005-networking-collect-ethtool-e-device-conditionally-only.patch: - EEPROM dump collection might hang on specific types of devices, or negatively impact the system otherwise. As a safe option, sos report should collect the command when explicitly asked via a plugopt only. (LP: #1925351) Date: 2021-04-21 15:38:08.463522+00:00 Changed-By: Eric Desrochers Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/sosreport/3.9.1-1ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] bind9 1:9.10.3.dfsg.P4-8ubuntu1.19 (Accepted)
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.19) xenial-security; urgency=medium * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR) - debian/patches/CVE-2021-25214.patch: immediately reject the entire transfer for certain RR in lib/dns/xfrin.c. - CVE-2021-25214 * SECURITY UPDATE: assert via answering certain queries for DNAME records - debian/patches/CVE-2021-25215.patch: fix assert checks in lib/ns/query.c. - CVE-2021-25215 * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation - debian/rules: build with --disable-isc-spnego to disable internal SPNEGO and use the one from the kerberos libraries. - CVE-2021-25216 Date: 2021-04-27 12:42:09.601120+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.19 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] bind9 1:9.10.3.dfsg.P4-8ubuntu1.19 (Accepted)
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.19) xenial-security; urgency=medium * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR) - debian/patches/CVE-2021-25214.patch: immediately reject the entire transfer for certain RR in lib/dns/xfrin.c. - CVE-2021-25214 * SECURITY UPDATE: assert via answering certain queries for DNAME records - debian/patches/CVE-2021-25215.patch: fix assert checks in lib/ns/query.c. - CVE-2021-25215 * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation - debian/rules: build with --disable-isc-spnego to disable internal SPNEGO and use the one from the kerberos libraries. - CVE-2021-25216 Date: 2021-04-27 12:42:09.601120+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.19 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes