date:20180316

** Changed in: kernel-sru-workflow/prepare-package
   Status: Confirmed => Fix Released

** Changed in: kernel-sru-workflow/prepare-package
 Assignee: Canonical Kernel Team (canonical-kernel-team) => Seth Forshee 
(sforshee)

** Changed in: kernel-sru-workflow/prepare-package-meta
   Status: New => Confirmed

** Changed in: kernel-sru-workflow/prepare-package-signed
   Status: New => Confirmed

** Changed in: kernel-sru-workflow/prepare-package-meta
   Status: Confirmed => Fix Released

** Changed in: kernel-sru-workflow/prepare-package-meta
 Assignee: Canonical Kernel Team (canonical-kernel-team) => Seth Forshee 
(sforshee)

** Changed in: kernel-sru-workflow/prepare-package-signed
   Status: Confirmed => Fix Released

** Changed in: kernel-sru-workflow/prepare-package-signed
 Assignee: Canonical Kernel Team (canonical-kernel-team) => Seth Forshee 
(sforshee)

** Description changed:

  This bug is for tracking the 4.15.0-13.14~16.04.1 upload package. This
  bug will contain status and testing results related to that upload.
  
  For an explanation of the tasks and the associated workflow see:
  https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  
- kernel-stable-phase:Packaging
- kernel-stable-phase-changed:Saturday, 17. March 2018 02:30 UTC
- 
  -- swm properties --
  phase: Packaging
+ kernel-stable-phase:Uploaded
+ kernel-stable-phase-changed:Saturday, 17. March 2018 04:00 UTC

** Description changed:

  This bug is for tracking the 4.15.0-13.14~16.04.1 upload package. This
  bug will contain status and testing results related to that upload.
  
  For an explanation of the tasks and the associated workflow see:
  https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  
  -- swm properties --
- phase: Packaging
- kernel-stable-phase:Uploaded
- kernel-stable-phase-changed:Saturday, 17. March 2018 04:00 UTC
+ phase: Uploaded

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1756480

Title:
  linux-hwe-edge: 4.15.0-13.14~16.04.1 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  New
Status in Kernel SRU Workflow certification-testing series:
  New
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  New
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  New
Status in Kernel SRU Workflow security-signoff series:
  New
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  New
Status in linux-hwe-edge package in Ubuntu:
  Invalid
Status in linux-hwe-edge source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the 4.15.0-13.14~16.04.1 upload package. This
  bug will contain status and testing results related to that upload.

  For an explanation of the tasks and the associated workflow see:
  https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  phase: Uploaded

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1756480/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] Re: [CVE] Arbitrary command execution in the removable device notifier

2018-03-16 Thread Simon Quigley

These fixes should be looked into for Backports too.

** Also affects: kubuntu-ppa
   Importance: Undecided
   Status: New

** Also affects: kubuntu-ppa/artful
   Importance: Undecided
   Status: New

** Also affects: kubuntu-ppa/xenial
   Importance: Undecided
   Status: New

** Changed in: kubuntu-ppa/artful
   Importance: Undecided => High

** Changed in: kubuntu-ppa/xenial
   Importance: Undecided => High

** Changed in: kubuntu-ppa/artful
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kubuntu-ppa/xenial
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in Kubuntu PPA:
  New
Status in Kubuntu PPA artful series:
  New
Status in Kubuntu PPA xenial series:
  New
Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in plasma-workspace source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
  Risk Rating:High
  CVE:CVE-2018-6791
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  Overview
  
  When a vfat thumbdrive which contains `` or $() in its volume label is plugged
  and mounted trough the device notifier, it's interpreted as a shell command,
  leaving a possibility of arbitrary commands execution. an example of offending
  volume label is "$(touch b)" which will create a file called b in the
  home folder.

  Workaround
  ==
  Mount removable devices with Dolphin instead of the device notifier.

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8:
  
https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
  Plasma 5.9/5.10/5.11:
  
https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

  Credits
  ===
  Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1748247/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] Re: [CVE] Arbitrary command execution in the removable device notifier

2018-03-16 Thread Simon Quigley

There isn't even a plasma-workspace on Trusty...

** No longer affects: plasma-workspace (Ubuntu Trusty)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in plasma-workspace source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
  Risk Rating:High
  CVE:CVE-2018-6791
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  Overview
  
  When a vfat thumbdrive which contains `` or $() in its volume label is plugged
  and mounted trough the device notifier, it's interpreted as a shell command,
  leaving a possibility of arbitrary commands execution. an example of offending
  volume label is "$(touch b)" which will create a file called b in the
  home folder.

  Workaround
  ==
  Mount removable devices with Dolphin instead of the device notifier.

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8:
  
https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
  Plasma 5.9/5.10/5.11:
  
https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

  Credits
  ===
  Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1748247/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1756480] [NEW] linux-hwe-edge: 4.15.0-13.14~16.04.1 -proposed tracker

2018-03-16 Thread Seth Forshee

Public bug reported:

This bug is for tracking the 4.15.0-13.14~16.04.1 upload package. This
bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

kernel-stable-phase:Packaging
kernel-stable-phase-changed:Saturday, 17. March 2018 02:30 UTC

-- swm properties --
phase: Packaging

** Affects: kernel-sru-workflow
 Importance: Medium
 Status: In Progress

** Affects: kernel-sru-workflow/automated-testing
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: New

** Affects: kernel-sru-workflow/certification-testing
 Importance: Medium
 Assignee: Canonical Hardware Certification (canonical-hw-cert)
 Status: New

** Affects: kernel-sru-workflow/prepare-package
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: Confirmed

** Affects: kernel-sru-workflow/prepare-package-meta
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: New

** Affects: kernel-sru-workflow/prepare-package-signed
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: New

** Affects: kernel-sru-workflow/promote-to-proposed
 Importance: Medium
 Assignee: Ubuntu Stable Release Updates Team (ubuntu-sru)
 Status: New

** Affects: kernel-sru-workflow/promote-to-security
 Importance: Medium
 Assignee: Ubuntu Stable Release Updates Team (ubuntu-sru)
 Status: New

** Affects: kernel-sru-workflow/promote-to-updates
 Importance: Medium
 Assignee: Ubuntu Stable Release Updates Team (ubuntu-sru)
 Status: New

** Affects: kernel-sru-workflow/regression-testing
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: New

** Affects: kernel-sru-workflow/security-signoff
 Importance: Medium
 Assignee: Canonical Security Team (canonical-security)
 Status: New

** Affects: kernel-sru-workflow/upload-to-ppa
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: New

** Affects: kernel-sru-workflow/verification-testing
 Importance: Medium
 Assignee: Canonical Kernel Team (canonical-kernel-team)
 Status: New

** Affects: linux-hwe-edge (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: linux-hwe-edge (Ubuntu Xenial)
 Importance: Medium
 Status: Confirmed


** Tags: kernel-release-tracking-bug kernel-release-tracking-bug-live xenial

** Tags added: kernel-release-tracking-bug

** Tags added: kernel-release-tracking-bug-live

** Also affects: linux-hwe-edge (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Tags added: xenial

** Changed in: linux-hwe-edge (Ubuntu Xenial)
   Status: New => Confirmed

** Also affects: kernel-sru-workflow/automated-testing
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/certification-testing
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/prepare-package
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/prepare-package-meta
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/prepare-package-signed
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/promote-to-proposed
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/promote-to-security
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/promote-to-updates
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/regression-testing
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/security-signoff
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/upload-to-ppa
   Importance: Undecided
   Status: New

** Also affects: kernel-sru-workflow/verification-testing
   Importance: Undecided
   Status: New

** Changed in: kernel-sru-workflow/automated-testing
   Importance: Undecided => Medium

** Changed in: kernel-sru-workflow/automated-testing
 Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team)

** Changed in: kernel-sru-workflow/certification-testing
   Importance: Undecided => Medium

** Changed in: kernel-sru-workflow/certification-testing
 Assignee: (unassigned) => Canonical Hardware Certification 
(canonical-hw-cert)

** Changed in: kernel-sru-workflow/prepare-package
   Importance: Undecided => Medium

** Changed in: kernel-sru-workflow/prepare-package
 Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team)

** Changed in: kernel-sru-workflow/prepare-package-meta
   Importance: Undecided => Medium

** Changed in: kernel-sru-workflow/prepare-package-meta

[Group.of.nepali.translators] [Bug 1751460] Re: [regression] deja-dup-monitor crashed with SIGSEGV in Gigacage::<lambda()>::operator()

2018-03-16 Thread Jeremy Bicha

** Also affects: deja-dup (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: webkit2gtk (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: deja-dup (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: webkit2gtk (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Changed in: deja-dup (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: deja-dup (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: deja-dup (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: deja-dup (Ubuntu Artful)
   Status: New => Triaged

** Changed in: deja-dup (Ubuntu Bionic)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1751460

Title:
  [regression] deja-dup-monitor crashed with SIGSEGV in
  Gigacage::::operator()

Status in Déjà Dup:
  New
Status in WebKit:
  Confirmed
Status in deja-dup package in Ubuntu:
  Fix Released
Status in webkit2gtk package in Ubuntu:
  Triaged
Status in deja-dup source package in Xenial:
  Triaged
Status in webkit2gtk source package in Xenial:
  New
Status in deja-dup source package in Artful:
  Triaged
Status in webkit2gtk source package in Artful:
  New
Status in deja-dup source package in Bionic:
  Fix Released
Status in webkit2gtk source package in Bionic:
  Triaged

Bug description:
  https://errors.ubuntu.com/problem/27441b78823246dd5392ee29ac30546f6464289e

  ProblemType: Crash
  DistroRelease: Ubuntu 18.04
  Package: deja-dup 37.1-1fakesync1
  ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
  Uname: Linux 4.15.0-10-generic x86_64
  ApportVersion: 2.20.8-0ubuntu10
  Architecture: amd64
  CrashCounter: 1
  CurrentDesktop: GNOME
  Date: Sat Feb 24 14:30:47 2018
  ExecutablePath: /usr/lib/deja-dup/deja-dup-monitor
  InstallationDate: Installed on 2017-12-27 (59 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  ProcCmdline: /usr/lib/deja-dup/deja-dup-monitor
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SegvAnalysis:
   Segfault happened at: 0x7ff1c3dda588:movl   $0x0,(%rax)
   PC (0x7ff1c3dda588) ok
   source "$0x0" ok
   destination "(%rax)" (0xbbadbeef) not located in a known VMA region (needed 
writable region)!
  SegvReason: writing unknown VMA
  Signal: 11
  SourcePackage: deja-dup
  StacktraceTop:
   ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
   __pthread_once_slow (once_control=0x7ff1c404202c, 
init_routine=0x7ff1baec0490 <__once_proxy>) at pthread_once.c:116
   Gigacage::ensureGigacage() () from 
/usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
   bmalloc::Heap::Heap(bmalloc::HeapKind, 
std::lock_guard&) () from 
/usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
   bmalloc::PerProcess::getSlowCase() () 
from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  Title: deja-dup-monitor crashed with SIGSEGV in __pthread_once_slow()
  UpgradeStatus: Upgraded to bionic on 2018-02-24 (0 days ago)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/1751460/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1751460] Re: [regression] deja-dup-monitor crashed with SIGSEGV in Gigacage::<lambda()>::operator()

This bug was fixed in the package deja-dup - 37.1-2fakesync1

---
deja-dup (37.1-2fakesync1) bionic-proposed; urgency=medium

  * Fake sync due to mismatching orig tarball.

deja-dup (37.1-2) experimental; urgency=medium

  * Add 0002-don-t-use-ulimit.patch:
- Stop using ulimit since it is incompatible with webkit2gtk 2.20
  (LP: #1751460)

 -- Jeremy Bicha   Fri, 16 Mar 2018 19:31:21 -0400

** Changed in: deja-dup (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1751460

Title:
  [regression] deja-dup-monitor crashed with SIGSEGV in
  Gigacage::::operator()

Status in Déjà Dup:
  New
Status in WebKit:
  Confirmed
Status in deja-dup package in Ubuntu:
  Fix Released
Status in webkit2gtk package in Ubuntu:
  Triaged
Status in deja-dup source package in Xenial:
  Triaged
Status in webkit2gtk source package in Xenial:
  New
Status in deja-dup source package in Artful:
  Triaged
Status in webkit2gtk source package in Artful:
  New
Status in deja-dup source package in Bionic:
  Fix Released
Status in webkit2gtk source package in Bionic:
  Triaged

Bug description:
  https://errors.ubuntu.com/problem/27441b78823246dd5392ee29ac30546f6464289e

  ProblemType: Crash
  DistroRelease: Ubuntu 18.04
  Package: deja-dup 37.1-1fakesync1
  ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
  Uname: Linux 4.15.0-10-generic x86_64
  ApportVersion: 2.20.8-0ubuntu10
  Architecture: amd64
  CrashCounter: 1
  CurrentDesktop: GNOME
  Date: Sat Feb 24 14:30:47 2018
  ExecutablePath: /usr/lib/deja-dup/deja-dup-monitor
  InstallationDate: Installed on 2017-12-27 (59 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  ProcCmdline: /usr/lib/deja-dup/deja-dup-monitor
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SegvAnalysis:
   Segfault happened at: 0x7ff1c3dda588:movl   $0x0,(%rax)
   PC (0x7ff1c3dda588) ok
   source "$0x0" ok
   destination "(%rax)" (0xbbadbeef) not located in a known VMA region (needed 
writable region)!
  SegvReason: writing unknown VMA
  Signal: 11
  SourcePackage: deja-dup
  StacktraceTop:
   ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
   __pthread_once_slow (once_control=0x7ff1c404202c, 
init_routine=0x7ff1baec0490 <__once_proxy>) at pthread_once.c:116
   Gigacage::ensureGigacage() () from 
/usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
   bmalloc::Heap::Heap(bmalloc::HeapKind, 
std::lock_guard&) () from 
/usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
   bmalloc::PerProcess::getSlowCase() () 
from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  Title: deja-dup-monitor crashed with SIGSEGV in __pthread_once_slow()
  UpgradeStatus: Upgraded to bionic on 2018-02-24 (0 days ago)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/1751460/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1754332] Re: /var/log/journal not created on fresh install of systemd

This bug was fixed in the package livecd-rootfs - 2.511

---
livecd-rootfs (2.511) bionic; urgency=medium

  * Whitelist preserving "unowned" /var/log/journal. Maybe systemd package
should own the directory, and only adjust the permissions in
postinst. LP: #1754332

 -- Dimitri John Ledkov   Fri, 16 Mar 2018 18:36:56
+

** Changed in: livecd-rootfs (Ubuntu Bionic)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1754332

Title:
  /var/log/journal not created on fresh install of systemd

Status in cloud-images:
  New
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Xenial:
  New
Status in livecd-rootfs source package in Artful:
  New
Status in livecd-rootfs source package in Bionic:
  Fix Released

Bug description:
  (Such as during image builds.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1754332/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1754356] Re: xdg-user-dirs-update does not take care of $HOME

2018-03-16 Thread Jeremy Bicha

** Also affects: xdg-user-dirs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: xdg-user-dirs (Ubuntu Xenial)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1754356

Title:
  xdg-user-dirs-update does not take care of $HOME

Status in xdg-user-dirs package in Ubuntu:
  In Progress
Status in xdg-user-dirs source package in Xenial:
  Triaged

Bug description:
  [ Impact ]

  When setting an user dir to a folder that is subfolder of $HOME (and
  when $HOME does not match the /etc/passwd defined home for the user),
  the ~/.config/user-dirs.dirs is wrongly generated.

  [ Test case ]

   1) env HOME=/tmp/temp-home xdg-user-dirs-update
   2) find /tmp/temp-home/
   3) should list generated XDG user directories
   4) /tmp/temp-home/.config/user-dirs.dirs should mention them

  Launching something like:
   - env HOME=/tmp/temp-home ./xdg-user-dirs-update --set DOWNLOADS 
"/tmp/temp-home/sub/folder/of/it/Downloads"

  Should modify /tmp/temp-home/.config/user-dirs.dirs so that it contains:
XDG_DOWNLOADS_DIR="$HOME/sub/folder/of/it/Downloads"

  [ Regression potential ]

  Xdg folders could be generated in wrong locations.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-user-dirs/+bug/1754356/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1755217] Re: linux-aws: 4.4.0-1053.62 -proposed tracker

** Changed in: kernel-sru-workflow/prepare-package
   Status: In Progress => Fix Released

** Changed in: kernel-sru-workflow/prepare-package-meta
   Status: In Progress => Fix Released

** Description changed:

  This bug is for tracking the  upload package. This
  bug will contain status and testing results related to that upload.
  
  For an explanation of the tasks and the associated workflow see: 
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  kernel-stable-master-bug: 1755208
  phase: Packaging
+ kernel-stable-phase-changed:Friday, 16. March 2018 20:01 UTC
+ kernel-stable-phase:Uploaded

** Description changed:

  This bug is for tracking the  upload package. This
  bug will contain status and testing results related to that upload.
  
  For an explanation of the tasks and the associated workflow see: 
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  kernel-stable-master-bug: 1755208
- phase: Packaging
- kernel-stable-phase-changed:Friday, 16. March 2018 20:01 UTC
- kernel-stable-phase:Uploaded
+ phase: Uploaded

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755217

Title:
  linux-aws: 4.4.0-1053.62 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  New
Status in Kernel SRU Workflow certification-testing series:
  New
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  New
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  New
Status in Kernel SRU Workflow security-signoff series:
  New
Status in Kernel SRU Workflow snap-release-to-beta series:
  New
Status in Kernel SRU Workflow snap-release-to-candidate series:
  New
Status in Kernel SRU Workflow snap-release-to-edge series:
  New
Status in Kernel SRU Workflow snap-release-to-stable series:
  Invalid
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  New
Status in linux-aws package in Ubuntu:
  Invalid
Status in linux-aws source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the  upload package.
  This bug will contain status and testing results related to that
  upload.

  For an explanation of the tasks and the associated workflow see: 
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  kernel-stable-master-bug: 1755208
  phase: Uploaded

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1755217/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1754332] Re: /var/log/journal not created on fresh install of systemd

2018-03-16 Thread Dimitri John Ledkov

** No longer affects: systemd (Ubuntu Bionic)

** Changed in: livecd-rootfs (Ubuntu Bionic)
   Status: New => Confirmed

** Changed in: livecd-rootfs (Ubuntu Bionic)
   Importance: Undecided => Critical

** Changed in: livecd-rootfs (Ubuntu Bionic)
 Assignee: (unassigned) => Dimitri John Ledkov (xnox)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1754332

Title:
  /var/log/journal not created on fresh install of systemd

Status in cloud-images:
  New
Status in livecd-rootfs package in Ubuntu:
  Confirmed
Status in livecd-rootfs source package in Xenial:
  New
Status in livecd-rootfs source package in Artful:
  New
Status in livecd-rootfs source package in Bionic:
  Confirmed

Bug description:
  (Such as during image builds.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1754332/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1754332] Re: /var/log/journal not created on fresh install of systemd

2018-03-16 Thread Dimitri John Ledkov

Bah:

Removed log directory /var/log/journal as orphaned log dir

livecd-rootfs

/me shakes fist

** Also affects: livecd-rootfs (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: livecd-rootfs (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu Bionic)
   Importance: Undecided
 Assignee: Dimitri John Ledkov (xnox)
   Status: Invalid

** Also affects: livecd-rootfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** No longer affects: systemd (Ubuntu)

** No longer affects: systemd (Ubuntu Xenial)

** No longer affects: systemd (Ubuntu Artful)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1754332

Title:
  /var/log/journal not created on fresh install of systemd

Status in cloud-images:
  New
Status in livecd-rootfs package in Ubuntu:
  Confirmed
Status in livecd-rootfs source package in Xenial:
  New
Status in livecd-rootfs source package in Artful:
  New
Status in livecd-rootfs source package in Bionic:
  Confirmed

Bug description:
  (Such as during image builds.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1754332/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1755217] Re: linux-aws: 4.4.0-1053.62 -proposed tracker

** Changed in: kernel-sru-workflow/snap-release-to-stable
   Status: New => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755217

Title:
  linux-aws: 4.4.0-1053.62 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  New
Status in Kernel SRU Workflow certification-testing series:
  New
Status in Kernel SRU Workflow prepare-package series:
  In Progress
Status in Kernel SRU Workflow prepare-package-meta series:
  In Progress
Status in Kernel SRU Workflow promote-to-proposed series:
  New
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  New
Status in Kernel SRU Workflow security-signoff series:
  New
Status in Kernel SRU Workflow snap-release-to-beta series:
  New
Status in Kernel SRU Workflow snap-release-to-candidate series:
  New
Status in Kernel SRU Workflow snap-release-to-edge series:
  New
Status in Kernel SRU Workflow snap-release-to-stable series:
  Invalid
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  New
Status in linux-aws package in Ubuntu:
  Invalid
Status in linux-aws source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the  upload package.
  This bug will contain status and testing results related to that
  upload.

  For an explanation of the tasks and the associated workflow see: 
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  kernel-stable-master-bug: 1755208
  phase: Packaging

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1755217/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1735821] Re: netplan needs bridge port-priority support

2018-03-16 Thread Scott Moser

** Changed in: nplan (Ubuntu)
   Importance: Undecided => Medium

** Changed in: nplan (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: nplan (Ubuntu Artful)
   Importance: Undecided => Medium

** Also affects: cloud-init
   Importance: Undecided
   Status: New

** Changed in: cloud-init
   Status: New => Confirmed

** Changed in: cloud-init
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1735821

Title:
  netplan needs bridge port-priority support

Status in cloud-init:
  Confirmed
Status in nplan package in Ubuntu:
  Fix Released
Status in nplan source package in Xenial:
  Fix Committed
Status in nplan source package in Artful:
  Fix Committed

Bug description:
  [Impact]
  Users of netplan configuring any bridge. Port priority is a very common 
setting to change when setting up bridge devices that might have multiple 
interfaces.

  [Test case]
  1) Write a netplan configuration:
  network:
  version: 2
  ethernets:
  eth0:
  match:
  name: eth0
  bridges:
  br0:
  addresses:
  - 192.168.14.2/24
  interfaces:
  - eth0
  parameters:
  path-cost:
  eth0: 50
  priority: 22
  port-priority:
  eth0: 14

  2) Run 'sudo netplan apply'

  3) Validate that the config generated by netplan is correct:

  In /run/systemd/network/10-netplan-eth0.network:

  [...]
  [Bridge]
  [...]
  Priority=14

  4) Validate that the port-priority value for the bridge has been
  correctly set:

  $ cat /sys/class/net/mybr/brif/eth0/priority


  [Regression potential]
  This might impact STP behavior, such that while the port priority for a 
bridge changes, the general network topology might change -- this may lead to 
loss of connectivity on the bridge itself or on other devices on the network, 
invalid packet traffic (packets showing up where they should not), etc.

  ---

  Now that systemd supports port-priority for bridges (LP: #1668347)
  netplan should handle port-priority like it does path-cost.

  1) % lsb_release -rd
  Description:  Ubuntu 16.04.3 LTS
  Release:  16.04

  1) # lsb_release -rd
  Description:  Ubuntu Bionic Beaver (development branch)
  Release:  18.04

  2) # apt-cache policy nplan
  nplan:
    Installed: 0.30
    Candidate: 0.32
    Version table:
   0.32 500
  500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
   *** 0.30 100
  100 /var/lib/dpkg/status

  3) netplan generate renders a networkd .network file which has
  [Bridge] section including  Priority  value set on each of the bridge
  ports specified

  4) netplan fails to parse the input yaml with

  Sample config that should parse:

  % cat br-pp.yaml
  network:
  version: 2
  ethernets:
  eth0:
  match:
  macaddress: '52:54:00:12:34:04'
  bridges:
  br0:
  addresses:
  - 192.168.14.2/24
  interfaces:
  - eth0
  parameters:
  path-cost:
  eth0: 50
  priority: 22
  port-priority:
  eth0: 14

  % netplan generate
  Error in network definition br-pp.yaml line 13 column 16: unknown key 
port-priority

  If fixed, then I would expect a /run/systemd/network/10-netplan-eth0.network 
that looks like
  [Match]
  MACAddress=52:54:00:12:34:00
  Name=eth0

  [Network]
  Bridge=br0
  LinkLocalAddressing=no
  IPv6AcceptRA=no

  [Bridge]
  Cost=50
  Priority=14

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1735821/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1508248] Re: chkrootkit gives false positive Linux/Ebury - Operation Windigo

2018-03-16 Thread Steve Beattie

** Also affects: chkrootkit (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1508248

Title:
  chkrootkit gives false positive Linux/Ebury - Operation Windigo

Status in chkrootkit:
  Confirmed
Status in chkrootkit package in Ubuntu:
  Fix Released
Status in chkrootkit source package in Xenial:
  New
Status in chkrootkit package in Debian:
  Fix Released
Status in chkrootkit package in Fedora:
  Fix Released

Bug description:
  I tried from ubuntuforums.org:

  sudo netstat -nap | grep "@/proc/udevd" returns nothing
  sudo find /lib* -type f -name libns2.so returns nothing either

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: chkrootkit 0.50-3.1ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu3
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Tue Oct 20 17:31:49 2015
  InstallationDate: Installed on 2015-10-17 (3 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  SourcePackage: chkrootkit
  UpgradeStatus: Upgraded to wily on 2015-10-20 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/chkrootkit/+bug/1508248/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582725] Re: cinder_policy.json action does not match the Cinder policy.json file

This bug was fixed in the package horizon - 2:9.1.2-0ubuntu5~cloud0
---

 horizon (2:9.1.2-0ubuntu5~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (2:9.1.2-0ubuntu5) xenial; urgency=medium
 .
   [ Seyeong Kim ]
   * Hide unused consistency groups tab (LP: #1582725)
 - d/p/hide-unused-consistency-groups.patch: Pick some policies from
   upstream commit 388708b251b0487bb22fb3ebb8fcb36ee4ffdc4f to hide
   unused consistency groups tab.
 .
   [ Corey Bryant ]
   * d/openstack-dashboard.postinst: Ensure permissions are not
 world-readable for /etc/openstack-dashboard/local_settings.py
 (LP: #1755027).
 .
   [ Shane Peters ]
   * d/p/let-nova-to-pick-availability-zone.patch:
 In the Angular Launch Instance, if there is more than one
 availability zone default to the option for the Nova scheduler to pick.
 This is regression from the legacy Launch Instance feature (LP: #1613900).


** Changed in: cloud-archive/mitaka
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582725

Title:
  cinder_policy.json action does not match the Cinder policy.json file

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in horizon package in Ubuntu:
  Fix Released
Status in horizon source package in Xenial:
  Fix Committed

Bug description:
  [Impact]
  cinder policies are not in horizon's policy.json
  so unset tab "consistency groups" is enabled by default.

  Affected to Xenial, UCA_Mitaka

  
  [Test Case]
  1. deploy simple openstack deployments via juju
  2. horizon -> volume -> check if there is consistency groups tab

  [Regression]
  after this patch, horizon needs to be restarted. so it is down shortly. this 
patch is actually config file changed ( and little source code ). so limited 
affection to behavior it self.

  [Other]

  related commit

  
https://git.openstack.org/cgit/openstack/horizon/commit/?id=388708b251b0487bb22fb3ebb8fcb36ee4ffdc4f

  [Original Description]

  The horizon/openstack_dashboard/conf/cinder_policy.json actions do not match 
the policy action that are used by the Cinder component.
  Cinder uses "volume_extension:volume_actions:upload_public"
  and Horizon policy.json and code uses "volume:upload_to_image"

  This is the only miss match of policy action between the 2 components.
  This also does not allow a user of Cinder and Horizon to update the
  Cinder policy.json and copy it to the Horizon directly and have the
  button function according to Cinder policy.json rules.

  This can be missed as the Cinder policy.json file is update and the
  Horizon file is updated.

  I think that the action that the Horizon code is using should match it
  component that it is supporting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1582725/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1613900] Re: Unable to use 'Any' availability zone when spawning instance

This bug was fixed in the package horizon - 2:9.1.2-0ubuntu5~cloud0
---

horizon (2:9.1.2-0ubuntu5~cloud0) trusty-mitaka; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
horizon (2:9.1.2-0ubuntu5) xenial; urgency=medium
.
[ Seyeong Kim ]
* Hide unused consistency groups tab (LP: #1582725)
- d/p/hide-unused-consistency-groups.patch: Pick some policies from
upstream commit 388708b251b0487bb22fb3ebb8fcb36ee4ffdc4f to hide
unused consistency groups tab.
.
[ Corey Bryant ]
* d/openstack-dashboard.postinst: Ensure permissions are not
world-readable for /etc/openstack-dashboard/local_settings.py
(LP: #1755027).
.
[ Shane Peters ]
* d/p/let-nova-to-pick-availability-zone.patch:
In the Angular Launch Instance, if there is more than one
availability zone default to the option for the Nova scheduler to pick.
This is regression from the legacy Launch Instance feature (LP: #1613900).

** Changed in: cloud-archive/mitaka
Status: Fix Committed => Fix Released

--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1613900

Title:
Unable to use 'Any' availability zone when spawning instance

Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive mitaka series:
Fix Released
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in horizon package in Ubuntu:
Invalid
Status in horizon source package in Xenial:
Fix Committed

Bug description:
[Impact]
While using Mitaka, we found that by default, using js backend, it is not
possible to choose 'any' availability zone. The issue is not fixed in master
branch.

For python implementation the logic is:

https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/instances/workflows/create_instance.py#L390

The JS implementation miss the logic if number of AZs is >1

https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/static/dashboard/project/workflow/launch-instance/launch-instance-model.service.js#L321

Also, JS implementation looks ugly if you have lot of subnets per
network...

[Test Case]
Ensure that in the Angular Launch Instance, if there is more than one
availability zone, it defaults to the option of Nova scheduler picking the AZ.

[Regression Potential]
Regression potential is fairly low. This bug has been fixed in all releases
of OpenStack starting with Newton. The patch did have to be modified slightly
to apply to mitaka.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1613900/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1755027] Re: [SRU] local_settings.py is world readable and contains passwords

This bug was fixed in the package horizon - 2:9.1.2-0ubuntu5~cloud0
---

 horizon (2:9.1.2-0ubuntu5~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (2:9.1.2-0ubuntu5) xenial; urgency=medium
 .
   [ Seyeong Kim ]
   * Hide unused consistency groups tab (LP: #1582725)
 - d/p/hide-unused-consistency-groups.patch: Pick some policies from
   upstream commit 388708b251b0487bb22fb3ebb8fcb36ee4ffdc4f to hide
   unused consistency groups tab.
 .
   [ Corey Bryant ]
   * d/openstack-dashboard.postinst: Ensure permissions are not
 world-readable for /etc/openstack-dashboard/local_settings.py
 (LP: #1755027).
 .
   [ Shane Peters ]
   * d/p/let-nova-to-pick-availability-zone.patch:
 In the Angular Launch Instance, if there is more than one
 availability zone default to the option for the Nova scheduler to pick.
 This is regression from the legacy Launch Instance feature (LP: #1613900).


** Changed in: cloud-archive/mitaka
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755027

Title:
  [SRU] local_settings.py is world readable and contains passwords

Status in OpenStack openstack-dashboard charm:
  Fix Released
Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in Ubuntu Cloud Archive pike series:
  Fix Released
Status in designate-dashboard package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in murano-dashboard package in Ubuntu:
  Invalid
Status in neutron-lbaas-dashboard package in Ubuntu:
  Invalid
Status in sahara-dashboard package in Ubuntu:
  Invalid
Status in trove-dashboard package in Ubuntu:
  Invalid
Status in horizon source package in Trusty:
  Fix Committed
Status in horizon source package in Xenial:
  Fix Committed
Status in murano-dashboard source package in Xenial:
  Fix Committed
Status in sahara-dashboard source package in Xenial:
  Fix Committed
Status in trove-dashboard source package in Xenial:
  Fix Committed
Status in designate-dashboard source package in Artful:
  Fix Committed
Status in murano-dashboard source package in Artful:
  Fix Committed
Status in sahara-dashboard source package in Artful:
  Fix Committed
Status in trove-dashboard source package in Artful:
  Fix Committed

Bug description:
  [Impact]

  nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD 
/etc/openstack-dashboard/local_settings.py
  'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY',
  #EMAIL_HOST_PASSWORD = 'top-secret!'
  #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
  OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
  #ENFORCE_PASSWORD_CHECK = False
  nobody@juju-a45617-0-lxd-4:/$

  Needless to say, I should not be able to see passwords as 'nobody'.

  This is on a customer site, but I've reproduced at least the world
  readableness with a fresh deploy of cs:openstack-dashboard locally.

  This release sports mostly bug-fixes and we would like to make sure all of our
  supported customers have access to these improvements.
  The update contains the following package updates:

     * 

  [Test Case]
  apt install openstack-dashboard
  sudo ls -al /etc/openstack-dashboard/

  permissions should be:
  -rw-r- 1 root horizon 30995 Mar 13 14:12 local_settings.py

  sudo ls -al /var/lib/openstack-dashboard/ # should be recursively
  owned by horizon:horizon before and after installing any dashboard
  plugins

  [Regression Potential]
  Very minimal regression potential. The fix is already in artful/pike and 
bionic/queens.

  [Discussion]
  The following comment is copied from comment #30 below but important to call 
out for SRU review:

  coreycb: I've uploaded designate-dashboard, murano-dashboard, trove-
  dashboard, and sahara-dashboard to the Artful Unapproved queue where
  they are awaiting review by the SRU team. Note that these changes are
  only updating these dashboard to use the proper user:group when
  performing chown on /var/lib/openstack-dashboard. This may look
  tengential when just looking at the Artful packages but it aligns with
  the changes being made for the Ocata cloud-archive (and already made
  in Bionic) that run openstack-dashboard under horizon:horizon instead
  of under www-data:www-data.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1755027/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe :

[Group.of.nepali.translators] [Bug 1755027] Re: [SRU] local_settings.py is world readable and contains passwords

This bug was fixed in the package designate-dashboard - 5.0.1-0ubuntu1.1~cloud0
---

 designate-dashboard (5.0.1-0ubuntu1.1~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 designate-dashboard (5.0.1-0ubuntu1.1) artful; urgency=medium
 .
   * d/python-designate-dashboard.postinst: Align with openstack-dashboard
 and use chown horizon instead of www-data (LP: #1755027).


** Changed in: cloud-archive/pike
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755027

Title:
  [SRU] local_settings.py is world readable and contains passwords

Status in OpenStack openstack-dashboard charm:
  Fix Released
Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in Ubuntu Cloud Archive pike series:
  Fix Released
Status in designate-dashboard package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in murano-dashboard package in Ubuntu:
  Invalid
Status in neutron-lbaas-dashboard package in Ubuntu:
  Invalid
Status in sahara-dashboard package in Ubuntu:
  Invalid
Status in trove-dashboard package in Ubuntu:
  Invalid
Status in horizon source package in Trusty:
  Fix Committed
Status in horizon source package in Xenial:
  Fix Committed
Status in murano-dashboard source package in Xenial:
  Fix Committed
Status in sahara-dashboard source package in Xenial:
  Fix Committed
Status in trove-dashboard source package in Xenial:
  Fix Committed
Status in designate-dashboard source package in Artful:
  Fix Committed
Status in murano-dashboard source package in Artful:
  Fix Committed
Status in sahara-dashboard source package in Artful:
  Fix Committed
Status in trove-dashboard source package in Artful:
  Fix Committed

Bug description:
  [Impact]

  nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD 
/etc/openstack-dashboard/local_settings.py
  'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY',
  #EMAIL_HOST_PASSWORD = 'top-secret!'
  #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
  OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
  #ENFORCE_PASSWORD_CHECK = False
  nobody@juju-a45617-0-lxd-4:/$

  Needless to say, I should not be able to see passwords as 'nobody'.

  This is on a customer site, but I've reproduced at least the world
  readableness with a fresh deploy of cs:openstack-dashboard locally.

  This release sports mostly bug-fixes and we would like to make sure all of our
  supported customers have access to these improvements.
  The update contains the following package updates:

     * 

  [Test Case]
  apt install openstack-dashboard
  sudo ls -al /etc/openstack-dashboard/

  permissions should be:
  -rw-r- 1 root horizon 30995 Mar 13 14:12 local_settings.py

  sudo ls -al /var/lib/openstack-dashboard/ # should be recursively
  owned by horizon:horizon before and after installing any dashboard
  plugins

  [Regression Potential]
  Very minimal regression potential. The fix is already in artful/pike and 
bionic/queens.

  [Discussion]
  The following comment is copied from comment #30 below but important to call 
out for SRU review:

  coreycb: I've uploaded designate-dashboard, murano-dashboard, trove-
  dashboard, and sahara-dashboard to the Artful Unapproved queue where
  they are awaiting review by the SRU team. Note that these changes are
  only updating these dashboard to use the proper user:group when
  performing chown on /var/lib/openstack-dashboard. This may look
  tengential when just looking at the Artful packages but it aligns with
  the changes being made for the Ocata cloud-archive (and already made
  in Bionic) that run openstack-dashboard under horizon:horizon instead
  of under www-data:www-data.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1755027/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1752591] Re: CVE-2017-7651 and CVE-2017-7652

This bug was fixed in the package mosquitto - 1.4.12-1ubuntu0.1

---
mosquitto (1.4.12-1ubuntu0.1) artful-security; urgency=medium

  * Add upstream patch for CVE 2017-7651 (LP: #1752591)

 -- Emmet Hikory   Thu, 01 Mar 2018 09:24:46 -0500

** Changed in: mosquitto (Ubuntu Artful)
   Status: Fix Committed => Fix Released

** Changed in: mosquitto (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752591

Title:
  CVE-2017-7651 and CVE-2017-7652

Status in mosquitto package in Ubuntu:
  Fix Released
Status in mosquitto source package in Xenial:
  Fix Released
Status in mosquitto source package in Artful:
  Fix Released
Status in mosquitto source package in Bionic:
  Fix Released

Bug description:
  The current available version of mosquitto pacakged in ubuntu (for all
  versions) is vulnerable to 2 cve's announced recently, including one
  for a potential DOS attach from unauthorized users. More details on
  this can be found at: https://mosquitto.org/blog/2018/02/security-
  advisory-cve-2017-7651-cve-2017-7652/ which includes links to patches
  for the CVEs. Or we can just update to 1.4.15 which should be
  backwards compatible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1755027] Re: [SRU] local_settings.py is world readable and contains passwords

Xenial verification has completed successfully using xenial-proposed
with the following packages:

openstack-dashboard: 2:9.1.2-0ubuntu5
python-sahara-dashboard: 4.0.0-1ubuntu1.1
python-murano-dashboard: 1:2.0.0-1ubuntu1
python-trove-dashboard: 6.0.0-1ubuntu1

After installing each package, permissions for /etc/openstack-dashboard
and /var/lib/openstack-dashboard remains as follows and the dashboard
continues to function as expected:

/etc/openstack-dashboard:
total 36
drwxr-xr-x   2 horizon horizon  4096 Mar 16 13:26 .
drwxr-xr-x 101 rootroot 4096 Mar 16 13:27 ..
-rw-r-   1 roothorizon 26775 Mar 16 13:29 local_settings.py

/var/lib/openstack-dashboard:
total 12
drwx--  2 horizon horizon 4096 Mar 16 13:26 .
drwxr-xr-x 48 rootroot4096 Mar 16 13:26 ..
-rw---  1 horizon horizon   64 Mar 16 13:26 secret_key
-rw-r--r--  1 horizon horizon0 Mar 16 13:26 
_var_lib_openstack-dashboard_secret_key.lock

** Tags removed: verification-mitaka-needed verification-needed
** Tags added: verification-done

** Also affects: cloud-archive/pike
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755027

Title:
  [SRU] local_settings.py is world readable and contains passwords

Status in OpenStack openstack-dashboard charm:
  Fix Released
Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in Ubuntu Cloud Archive pike series:
  Fix Committed
Status in designate-dashboard package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in murano-dashboard package in Ubuntu:
  Invalid
Status in neutron-lbaas-dashboard package in Ubuntu:
  Invalid
Status in sahara-dashboard package in Ubuntu:
  Invalid
Status in trove-dashboard package in Ubuntu:
  Invalid
Status in horizon source package in Trusty:
  Fix Committed
Status in horizon source package in Xenial:
  Fix Committed
Status in murano-dashboard source package in Xenial:
  Fix Committed
Status in sahara-dashboard source package in Xenial:
  Fix Committed
Status in trove-dashboard source package in Xenial:
  Fix Committed
Status in designate-dashboard source package in Artful:
  Fix Committed
Status in murano-dashboard source package in Artful:
  Fix Committed
Status in sahara-dashboard source package in Artful:
  Fix Committed
Status in trove-dashboard source package in Artful:
  Fix Committed

Bug description:
  [Impact]

  nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD 
/etc/openstack-dashboard/local_settings.py
  'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY',
  #EMAIL_HOST_PASSWORD = 'top-secret!'
  #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
  OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
  #ENFORCE_PASSWORD_CHECK = False
  nobody@juju-a45617-0-lxd-4:/$

  Needless to say, I should not be able to see passwords as 'nobody'.

  This is on a customer site, but I've reproduced at least the world
  readableness with a fresh deploy of cs:openstack-dashboard locally.

  This release sports mostly bug-fixes and we would like to make sure all of our
  supported customers have access to these improvements.
  The update contains the following package updates:

     * 

  [Test Case]
  apt install openstack-dashboard
  sudo ls -al /etc/openstack-dashboard/

  permissions should be:
  -rw-r- 1 root horizon 30995 Mar 13 14:12 local_settings.py

  sudo ls -al /var/lib/openstack-dashboard/ # should be recursively
  owned by horizon:horizon before and after installing any dashboard
  plugins

  [Regression Potential]
  Very minimal regression potential. The fix is already in artful/pike and 
bionic/queens.

  [Discussion]
  The following comment is copied from comment #30 below but important to call 
out for SRU review:

  coreycb: I've uploaded designate-dashboard, murano-dashboard, trove-
  dashboard, and sahara-dashboard to the Artful Unapproved queue where
  they are awaiting review by the SRU team. Note that these changes are
  only updating these dashboard to use the proper user:group when
  performing chown on /var/lib/openstack-dashboard. This may look
  tengential when just looking at the Artful packages but it aligns with
  the changes being made for the Ocata cloud-archive (and already made
  in Bionic) that run openstack-dashboard under horizon:horizon instead
  of under www-data:www-data.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1755027/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net

[Group.of.nepali.translators] [Bug 1755027] Re: [SRU] local_settings.py is world readable and contains passwords

** Changed in: trove-dashboard (Ubuntu)
   Status: New => Invalid

** Changed in: neutron-lbaas-dashboard (Ubuntu)
   Status: New => Invalid

** Changed in: murano-dashboard (Ubuntu)
   Status: New => Invalid

** Changed in: trove-dashboard (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: trove-dashboard (Ubuntu Artful)
   Importance: Undecided => Critical

** Changed in: murano-dashboard (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: murano-dashboard (Ubuntu Artful)
   Importance: Undecided => Critical

** Changed in: sahara-dashboard (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: charm-openstack-dashboard
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755027

Title:
  [SRU] local_settings.py is world readable and contains passwords

Status in OpenStack openstack-dashboard charm:
  Fix Released
Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in designate-dashboard package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in murano-dashboard package in Ubuntu:
  Invalid
Status in neutron-lbaas-dashboard package in Ubuntu:
  Invalid
Status in sahara-dashboard package in Ubuntu:
  Invalid
Status in trove-dashboard package in Ubuntu:
  Invalid
Status in horizon source package in Trusty:
  Fix Committed
Status in horizon source package in Xenial:
  Fix Committed
Status in murano-dashboard source package in Xenial:
  Fix Committed
Status in sahara-dashboard source package in Xenial:
  Fix Committed
Status in trove-dashboard source package in Xenial:
  Fix Committed
Status in designate-dashboard source package in Artful:
  Fix Committed
Status in murano-dashboard source package in Artful:
  Fix Committed
Status in sahara-dashboard source package in Artful:
  Fix Committed
Status in trove-dashboard source package in Artful:
  Fix Committed

Bug description:
  [Impact]

  nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD 
/etc/openstack-dashboard/local_settings.py
  'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY',
  #EMAIL_HOST_PASSWORD = 'top-secret!'
  #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
  OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
  #ENFORCE_PASSWORD_CHECK = False
  nobody@juju-a45617-0-lxd-4:/$

  Needless to say, I should not be able to see passwords as 'nobody'.

  This is on a customer site, but I've reproduced at least the world
  readableness with a fresh deploy of cs:openstack-dashboard locally.

  This release sports mostly bug-fixes and we would like to make sure all of our
  supported customers have access to these improvements.
  The update contains the following package updates:

     * 

  [Test Case]
  apt install openstack-dashboard
  sudo ls -al /etc/openstack-dashboard/

  permissions should be:
  -rw-r- 1 root horizon 30995 Mar 13 14:12 local_settings.py

  sudo ls -al /var/lib/openstack-dashboard/ # should be recursively
  owned by horizon:horizon before and after installing any dashboard
  plugins

  [Regression Potential]
  Very minimal regression potential. The fix is already in artful/pike and 
bionic/queens.

  [Discussion]
  The following comment is copied from comment #30 below but important to call 
out for SRU review:

  coreycb: I've uploaded designate-dashboard, murano-dashboard, trove-
  dashboard, and sahara-dashboard to the Artful Unapproved queue where
  they are awaiting review by the SRU team. Note that these changes are
  only updating these dashboard to use the proper user:group when
  performing chown on /var/lib/openstack-dashboard. This may look
  tengential when just looking at the Artful packages but it aligns with
  the changes being made for the Ocata cloud-archive (and already made
  in Bionic) that run openstack-dashboard under horizon:horizon instead
  of under www-data:www-data.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1755027/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1744148] Re: [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3

This bug was fixed in the package php7.2 - 7.2.3-1ubuntu1

---
php7.2 (7.2.3-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1744148). Remaining changes:
- Drop dh-php from Recommends to Suggests so it can be demoted to
  universe as it depends on xml2/universe.

php7.2 (7.2.3-1) unstable; urgency=medium

  * New upstream version 7.2.3
  * Rebase patches on top of new upstream release.

php7.2 (7.2.2-3) unstable; urgency=medium

  * Add explicit libpcre3 >= 2:8.35 dependency as dh_genshlibs is failing
to add versioned dependency for some reason.

php7.2 (7.2.2-2) unstable; urgency=medium

  * Remove explicit libpcre3 dependency and let dh_genshlibs do its
magic

 -- Nishanth Aravamudan   Wed, 14 Mar
2018 15:03:58 -0700

** Changed in: php7.2 (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1744148

Title:
  [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3

Status in php7.0 package in Ubuntu:
  Invalid
Status in php7.1 package in Ubuntu:
  Invalid
Status in php7.2 package in Ubuntu:
  Fix Released
Status in php7.0 source package in Xenial:
  In Progress
Status in php7.1 source package in Artful:
  In Progress

Bug description:
  Upstream has put out many more microversions addressing security
  issues and other bug fixes. Here is a list of the CVEs addressed by
  those:

  PHP 7.0.26 (23 Nov 2017):

  * No CVE addressed

  PHP 7.0.27 / 7.1.13 (04 Jan 2018):

  * https://bugs.php.net/bug.php?id=64938 / 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8866
  * https://bugs.php.net/bug.php?id=75571 / 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
  * https://bugs.php.net/bug.php?id=74782 / 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712

  PHP 7.1.12 (23 Nov 2017):

  * No CVE addressed

  PHP 7.1.14 (01 Feb 2018):

  * No CVE addressed

  PHP 7.0.28 / 7.1.15 / 7.2.3 (01 Mar 2018):

  * https://bugs.php.net/bug.php?id=75981 / https://cve.mitre.org/cgi-
  bin/cvename.cgi?name=CVE-2018-7584

  Changelog: https://secure.php.net/ChangeLog-7.php

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1744148/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1752591] Re: CVE-2017-7651 and CVE-2017-7652

2018-03-16 Thread Marc Deslauriers

ACK on the debdiffs in comments #2 and #3. I added the bug number to the
changelog and adjusted the artful versioning.

Packages are building now and will be released as security updates
today.

Thanks!

** Also affects: mosquitto (Ubuntu Bionic)
   Importance: Undecided
   Status: Confirmed

** Also affects: mosquitto (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: mosquitto (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Changed in: mosquitto (Ubuntu Bionic)
   Status: Confirmed => Fix Released

** Changed in: mosquitto (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: mosquitto (Ubuntu Artful)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752591

Title:
  CVE-2017-7651 and CVE-2017-7652

Status in mosquitto package in Ubuntu:
  Fix Released
Status in mosquitto source package in Xenial:
  Fix Committed
Status in mosquitto source package in Artful:
  Fix Committed
Status in mosquitto source package in Bionic:
  Fix Released

Bug description:
  The current available version of mosquitto pacakged in ubuntu (for all
  versions) is vulnerable to 2 cve's announced recently, including one
  for a potential DOS attach from unauthorized users. More details on
  this can be found at: https://mosquitto.org/blog/2018/02/security-
  advisory-cve-2017-7651-cve-2017-7652/ which includes links to patches
  for the CVEs. Or we can just update to 1.4.15 which should be
  backwards compatible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1755774] Re: linux-oem: 4.13.0-1022.24 -proposed tracker