[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp

2021-03-25 Thread Avital Ostromich
Thank you for reporting this issue. Have you reported this to the upstream libwebp developers? If not, we encourage you to report it (you can do so here: https://bugs.chromium.org/p/webp/issues/list) and keep us in the loop if possible. Thank you ** Information type changed from Private

[Touch-packages] [Bug 1891953] Re: CVE-2019-8936

2021-03-10 Thread Avital Ostromich
Apologies for the delay on this, it fell off our radar but we're working on the Focal+ updates now. And no need for the separate Groovy debdiff, thanks Brian! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu.

[Touch-packages] [Bug 1913666] [NEW] acl dropped in Focal server image

2021-01-28 Thread Avital Ostromich
Public bug reported: The acl package is not shipped by default in the Focal server image (though it looks like libacl1 is still being shipped), it was last shipped in the Bionic server image. Just to double check, was dropping acl intentional? It is a reverse-dependency of LXD if that might be

[Touch-packages] [Bug 1895928] Re: Snap policy module fails to identify snaps if SCM_CREDENTIALS are missing from PA_COMMAND_AUTH request

2020-12-02 Thread Avital Ostromich
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1895928 Title: Snap policy module fails to identify

[Touch-packages] [Bug 1904775] Re: software-properties-gtk hangs indefinitely if a single source server is down

2020-11-19 Thread Avital Ostromich
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1896774] Re: [ASUS UX430UQ] Headphone output stopped working after perfoming dist-upgrade

2020-09-30 Thread Avital Ostromich
Hello, In AlsaInfo.txt, under `!!Amixer output`, the Master and Headphone audio output controls are set to off, a possible starting point for debugging this issue may be looking into trying to unset those. The file contents are just writing the output of `/usr/sbin/alsa-info.sh --stdout --no-

[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-22 Thread Avital Ostromich
** Description changed: + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 - Upstream patch: -

[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-22 Thread Avital Ostromich
** Description changed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 + + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in

[Touch-packages] [Bug 1884738] Re: Pulseaudio in Ubuntu 16.04 contains a potential double-free bug in Bluez 5 module

2020-09-17 Thread Avital Ostromich
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1884738 Title: Pulseaudio in Ubuntu 16.04 contains