[Touch-packages] [Bug 1945795] Re: krb5: Fail to build against OpenSSL 3.0

2021-11-30 Thread Marc Deslauriers
ACK on the package. Looks good, uploaded. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1945795 Title: krb5: Fail to build against OpenSSL 3.0 Status in krb5

[Touch-packages] [Bug 1945795] Re: krb5: Fail to build against OpenSSL 3.0

2021-11-30 Thread Marc Deslauriers
Oh! Right, I didn't notice it was just an extra changelog entry for the ppa. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1945795 Title: krb5: Fail to build against

[Touch-packages] [Bug 1945795] Re: krb5: Fail to build against OpenSSL 3.0

2021-11-30 Thread Marc Deslauriers
Hi, thanks for preparing the package, but to be sponsored the debian/changelog needs a better description than "PPA upload". Could you please update it with an appropriate changelog including the patch name, what the patch does, and a LP tag to this bug? Thanks! -- You received this bug

[Touch-packages] [Bug 1944788] Re: URI defined for connectivity check is relative to search domain

2021-11-23 Thread Marc Deslauriers
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1944788 Title: URI defined for connectivity check is

[Touch-packages] [Bug 1945978] Re: [BOHL-WXX9, Realtek ALC256, Speaker, Internal] Underruns, dropouts or crackling sound

2021-11-23 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)

2021-11-23 Thread Marc Deslauriers
If you look into the openvpn configuration file that Network Manager creates for your connection in /etc/NetworkManager/system-connections, could you please paste the [ipv4] and [ipv6] sections? ** No longer affects: ubuntu ** Changed in: network-manager (Ubuntu) Status: New =>

[Touch-packages] [Bug 1950090] Re: package lvm2 2.03.07-1ubuntu1 failed to install/upgrade: installed lvm2 package post-installation script subprocess returned error exit status 1

2021-11-23 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1950193]

2021-11-23 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is

[Touch-packages] [Bug 1951303] Re: package systemd 245.4-4ubuntu3.13 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

2021-11-23 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1339518] Re: sudo config file specifies group "admin" that doesn't exist in system

2021-11-18 Thread Marc Deslauriers
Older releases of Ubuntu used a group called "admin" instead of "sudo" which is the name Debian chose later on. We need to maintain the "admin" group rights in our sudoers file for people upgrading from earlier Ubuntu releases. If we remove it, they will no longer have sudo rights after

[Touch-packages] [Bug 1948657] Re: Oct 2021 security update tracking bug

2021-10-25 Thread Marc Deslauriers
** Changed in: apport (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1948657 Title: Oct 2021 security update tracking bug

[Touch-packages] [Bug 1948657] [NEW] Oct 2021 security update tracking bug

2021-10-25 Thread Marc Deslauriers
*** This bug is a security vulnerability *** Public security bug reported: This is the tracking bug for the October 2021 security udpdate. ** Affects: apport (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

2021-09-23 Thread Marc Deslauriers
** Changed in: ca-certificates (Ubuntu Impish) Status: New => Fix Committed ** Changed in: ca-certificates (Ubuntu Trusty) Status: New => Fix Released ** Changed in: ca-certificates (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because

[Touch-packages] [Bug 1923273] Re: buffer-overflow on libcaca-0.99.beta20/export.c export_tga, export_troff

2021-09-23 Thread Marc Deslauriers
** Changed in: libcaca (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcaca in Ubuntu. https://bugs.launchpad.net/bugs/1923273 Title: buffer-overflow on

[Touch-packages] [Bug 1933832] Re: Path traversal leads to arbitrary file read

2021-09-23 Thread Marc Deslauriers
** Changed in: openjdk-13 (Ubuntu) Status: New => Won't Fix ** Changed in: openjdk-14 (Ubuntu) Status: New => Won't Fix ** Changed in: openjdk-15 (Ubuntu) Status: New => Won't Fix ** Changed in: openjdk-16 (Ubuntu) Status: New => Won't Fix ** Changed in: openjdk-17

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

2021-09-23 Thread Marc Deslauriers
) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Hirsute) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-cer

[Touch-packages] [Bug 1944120] [NEW] Regression in USN-5079-1

2021-09-20 Thread Marc Deslauriers
*** This bug is a security vulnerability *** Public security bug reported: USN-5079-1 introduced a regression in bionic: https://ubuntuforums.org/showthread.php?t=2467177 Focal+ appear to work as intended. ** Affects: curl (Ubuntu) Importance: Undecided Status: New -- You

[Touch-packages] [Bug 1933832] Re: Path traversal leads to arbitrary file read

2021-09-16 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1933832 Title: Path traversal leads to arbitrary file

[Touch-packages] [Bug 1934308] Re: Arbitrary file read in general hook (ubuntu.py)

2021-09-16 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1934308 Title: Arbitrary file read in general hook

[Touch-packages] [Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-09-14 Thread Marc Deslauriers
I'd rather these go through the SRU process first, and they will get picked up automatically next time we do an openssl security update. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error

2021-08-25 Thread Marc Deslauriers
No, they do not include the fixes from this bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in openssl package in

[Touch-packages] [Bug 1934040] Re: openssl s_client's '-ssl2' & '-ssl3' options gone, prematurely!

2021-08-24 Thread Marc Deslauriers
Thanks for reporting this issue, but we disabled SSLv3 in 2015 in Ubuntu 16.04 LTS. There is absolutely no chance we will be enabling it again. ** Changed in: openssl (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1934501] Re: CVE-2018-15473 patch introduce user enumeration vulnerability

2021-08-12 Thread Marc Deslauriers
Here's the debconf bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1934501 Title: CVE-2018-15473

[Touch-packages] [Bug 1934501] Re: CVE-2018-15473 patch introduce user enumeration vulnerability

2021-08-12 Thread Marc Deslauriers
This isn't specific to the openssh update. Debian packages use tools such as debconf that need to write to /tmp to function correctly. ** Bug watch added: Debian Bug tracker #223683 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683 -- You received this bug notification because you are

[Touch-packages] [Bug 1934501] Re: CVE-2018-15473 patch introduce user enumeration vulnerability

2021-08-12 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1934501 Title: CVE-2018-15473 patch introduce user

[Touch-packages] [Bug 1935076] Re: ubuntu-bug sends huge amounts of internal data to public bugs without asking for permission

2021-08-10 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security ** Changed in: apport (Ubuntu) Status: Incomplete => Confirmed ** Changed in: apport (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1937883] Re: ssh-agent Shielded Private Key Extraction

2021-08-10 Thread Marc Deslauriers
** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1937883 Title: ssh-agent Shielded Private Key Extraction

[Touch-packages] [Bug 1927161] Re: dpkg-source: error: diff 'openssl/debian/patches/pr12272.patch' patches files multiple times; split the diff in multiple files or merge the hunks into a single one

2021-07-23 Thread Marc Deslauriers
nfo: source changed by Marc Deslauriers  dpkg-source --before-build . dpkg-source: warning: can't parse dependency perl:native dpkg-source: error: diff 'openssl-1.1.1f/debian/patches/pr12272.patch' patches files multiple times; split the diff in multiple files or merge the hunks into a single

[Touch-packages] [Bug 1928989] Re: expiring trust anchor compatibility issue

2021-07-09 Thread Marc Deslauriers
I think the patch in comment #1 looks reasonable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1928989 Title: expiring trust anchor compatibility issue Status in

[Touch-packages] [Bug 1917904] Re: Arbitrary file reads

2021-06-29 Thread Marc Deslauriers
** Changed in: apport (Ubuntu Impish) Assignee: SatoshiNakamoto (evansanita713) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1917904 Title:

[Touch-packages] [Bug 1925467] Re: stack-buffer-overflow of text.c in function _import_ansi

2021-06-22 Thread Marc Deslauriers
** Bug watch added: github.com/cacalabs/libcaca/issues #55 https://github.com/cacalabs/libcaca/issues/55 ** Also affects: libcaca via https://github.com/cacalabs/libcaca/issues/55 Importance: Unknown Status: Unknown ** Changed in: libcaca (Ubuntu) Status: New => Triaged

[Touch-packages] [Bug 1925468] Re: stack-buffer-overflow of import.c in function _import_bin

2021-06-22 Thread Marc Deslauriers
** Bug watch added: github.com/cacalabs/libcaca/issues #56 https://github.com/cacalabs/libcaca/issues/56 ** Also affects: libcaca via https://github.com/cacalabs/libcaca/issues/56 Importance: Unknown Status: Unknown ** Changed in: libcaca (Ubuntu) Status: New => Triaged

[Touch-packages] [Bug 1917904] Re: Arbitrary file reads

2021-06-19 Thread Marc Deslauriers
** Changed in: apport (Ubuntu Bionic) Assignee: SatoshiNakamoto (evansanita713) => (unassigned) ** Changed in: apport (Ubuntu Focal) Assignee: SatoshiNakamoto (evansanita713) => (unassigned) ** Changed in: apport (Ubuntu Groovy) Assignee: SatoshiNakamoto (evansanita713) =>

[Touch-packages] [Bug 1917904] Re: Arbitrary file reads

2021-06-19 Thread Marc Deslauriers
** Changed in: apport (Ubuntu Bionic) Assignee: SatoshiNakamoto (evansanita713) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1917904 Title:

[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp

2021-06-08 Thread Marc Deslauriers
There was an update to libwebp that fixed a bunch of security issues: https://ubuntu.com/security/notices/USN-4971-1 Could you test again to see if the issue is resolved? Thanks! ** Changed in: libwebp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you

[Touch-packages] [Bug 1930917] Re: Latest isc-dhcp-server rejects proper dhcpd.conf

2021-06-07 Thread Marc Deslauriers
Thanks for reporting the issue! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1930917 Title: Latest isc-dhcp-server rejects proper dhcpd.conf Status in isc-dhcp

[Touch-packages] [Bug 1930917] Re: Latest isc-dhcp-server rejects proper dhcpd.conf

2021-06-07 Thread Marc Deslauriers
med ** Changed in: isc-dhcp (Ubuntu Hirsute) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: isc-dhcp (Ubuntu Impish) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: isc-dhcp (Ubuntu Hirsute) Importance: Undecided => Critical ** Cha

[Touch-packages] [Bug 1917904] Re: Arbitrary file reads

2021-05-25 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1917904 Title: Arbitrary file reads Status in apport

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-24 Thread Marc Deslauriers
Oh, I seem to have overlooked that one. We are hitting the exact same issue with the new postgresql releases, so it's unrelated to the pam SRU: https://bugs.launchpad.net/ubuntu/+source/postgresql-12/+bug/1928773/comments/2 -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-19 Thread Marc Deslauriers
Autopkgtests in comments #14 to #17 passed on retries except for openssh which appears to be failing because of a date issue, which is unrelated to the pam SRU. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu.

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
I have uploaded packages for processing by the SRU team. ** Changed in: pam (Ubuntu Bionic) Status: New => In Progress ** Changed in: pam (Ubuntu Focal) Status: New => In Progress ** Changed in: pam (Ubuntu Groovy) Status: New => In Progress ** Changed in: pam (Ubuntu

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
** Patch added: "Groovy debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496424/+files/pam_1.3.1-5ubuntu6.20.10.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu.

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
** Patch added: "Bionic debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496426/+files/pam_1.1.8-3.6ubuntu2.18.04.3.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu.

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
** Patch added: "Focal debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496425/+files/pam_1.3.1-5ubuntu4.2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu.

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
** Patch added: "Hirsute debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496423/+files/pam_1.3.1-5ubuntu6.21.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu.

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
The debdiffs in comment #1 currently create a multiarch manpage collision because of a pam packaging particularity. (See bug 1558597 for an example) I will update the debdiffs to correct the issue and will post them here once done. -- You received this bug notification because you are a member

[Touch-packages] [Bug 1927796] Re: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix

2021-05-11 Thread Marc Deslauriers
** Also affects: pam (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: pam (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: pam (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: pam (Ubuntu Bionic) Importance:

[Touch-packages] [Bug 1926093] Re: package gconf-service 3.2.6-6ubuntu1 failed to install/upgrade: problemas de dependência - deixando desconfigurado

2021-05-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1926998] Re: package libpam-systemd:i386 237-3ubuntu10.46 failed to install/upgrade: installed libpam-systemd:i386 package post-installation script subprocess returned error exit

2021-05-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1899878] Re: Python's test_ssl fails starting from Ubuntu 20.04

2021-03-12 Thread Marc Deslauriers
I've read through this bug and I don't see a good way forward with a solution here. OpenSSL 1.1.1 doesn't provide the exact API that is required to solve it, which would probably be 3) as suggested above, but I don't think Ubuntu should change the meaning of the value returned by that API. Ubuntu

[Touch-packages] [Bug 1904082] Re: apport's log collecting leaks MAC addresses maybe helping WiFi attacks?

2021-03-09 Thread Marc Deslauriers
** Changed in: apport (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1904082 Title: apport's log collecting leaks MAC addresses

[Touch-packages] [Bug 1915906] Re: Ensure SRP BN_mod_exp follows the constant time path

2021-03-09 Thread Marc Deslauriers
** Changed in: openssl (Ubuntu) Status: New => Confirmed ** Changed in: openssl (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1915279] Re: about

2021-03-09 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1915913] Re: OpenSSL Multiple Denial of Service Vulnerabilities

2021-03-09 Thread Marc Deslauriers
Updated for this issue have been released: https://ubuntu.com/security/notices/USN-4738-1 ** Changed in: openssl (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1917225] Re: [MS-14Y1, Realtek ALC269VB, Black Headphone Out, Right] Background noise or low volume

2021-03-09 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1917204] Re: high Resolution is not getting

2021-03-09 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1916893] Re: Regression - upate python2.7 for cover CVE-2021-3177 modifying unicode parts cause serious regressions

2021-03-03 Thread Marc Deslauriers
New updates have been released with a fixed security patch: https://ubuntu.com/security/notices/USN-4754-4 ** Changed in: python2.7 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1899878] Re: Python's test_ssl fails starting from Ubuntu 20.04

2021-03-03 Thread Marc Deslauriers
Please disregard comment #9, this is a different issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1899878 Title: Python's test_ssl fails starting from Ubuntu 20.04

[Touch-packages] [Bug 1899878] Re: Python's test_ssl fails starting from Ubuntu 20.04

2021-03-03 Thread Marc Deslauriers
The python2.7 security updates that will be released today will fix this issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1899878 Title: Python's test_ssl fails

[Touch-packages] [Bug 1916462] Re: dnsmasq failed to send packet: Network is unreachable

2021-02-23 Thread Marc Deslauriers
I have backported the patches and have some packages to test in the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Could you please see if they solve the issue for you? Once you've tried them, I will release them as a security regression

[Touch-packages] [Bug 1916462] Re: dnsmasq failed to send packet: Network is unreachable

2021-02-23 Thread Marc Deslauriers
So it looks like there are two different issues here: Bug in handling multiple queries (openwrt bug): Move fd into frec_src, fixes 15b60ddf935a531269bb8c68198de012a4967156 https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee Fix to

[Touch-packages] [Bug 1915307] Re: Please merge sudo 1.9.5p2-2 (main) from Debian unstable (main)

2021-02-15 Thread Marc Deslauriers
Debdiff in comment #5 looks good. There was a missing double space between your email and the date in debian/changelog that was causing a lintian error. I fixed the missing space and uploaded it to hirsute. Thanks! ** Changed in: sudo (Ubuntu) Status: In Progress => Fix Committed --

[Touch-packages] [Bug 1913951] Re: ca-certificates: Symantec CA blacklisted for non-TLS uses

2021-02-08 Thread Marc Deslauriers
It's possible in certain upgrade scenarios that the certs have been permanently blacklisted on your system. Look at the /etc/ca-certificates.conf file to see if the following two lines start with a "!" character: mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt

[Touch-packages] [Bug 1913951] Re: ca-certificates: Symantec CA blacklisted for non-TLS uses

2021-02-05 Thread Marc Deslauriers
No, GeoTrust Global CA is no longer to be used and has been removed from the CA list as requested by DigiCert. Please see: https://bugzilla.mozilla.org/show_bug.cgi?id=1670769 ** Bug watch added: Mozilla Bugzilla #1670769 https://bugzilla.mozilla.org/show_bug.cgi?id=1670769 -- You received

[Touch-packages] [Bug 1912326] Re: Privilege escalation to root with core file dump

2021-02-04 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1912326 Title: Privilege escalation to root with core

[Touch-packages] [Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2021-02-02 Thread Marc Deslauriers
I agree this sounds like an undesirable scenario. I think all dkms packages should get built in -security as part of the SRU process to prevent this sort of thing from happening in the future. Do we do test rebuilds of all the dkms modules before switching the kernel meta package to a new

[Touch-packages] [Bug 1913951] Re: ca-certificates: Symantec CA blacklisted for non-TLS uses

2021-02-01 Thread Marc Deslauriers
It looks like the reverted blacklist will work fine for new installs of groovy, so I'll be pushing a new version of the ca-certificates package tomorrow with an updated bundle that will solve this issue at the same time. -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1914064] [NEW] ca-certificates update to 2.46 bundle

2021-02-01 Thread Marc Deslauriers
*** This bug is a security vulnerability *** Public security bug reported: Bug to track upgrading the ca-certificates package to the NSS 2.46 bundle. ** Affects: ca-certificates (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a

[Touch-packages] [Bug 1913951] Re: ca-certificates: Symantec CA blacklisted for non-TLS uses

2021-02-01 Thread Marc Deslauriers
(Ubuntu Groovy) Status: New => Confirmed ** Changed in: ca-certificates (Ubuntu Hirsute) Status: Confirmed => Fix Committed ** Changed in: ca-certificates (Ubuntu Groovy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubun

[Touch-packages] [Bug 1907676] Re: segmentation fault when opening fd

2020-12-20 Thread Marc Deslauriers
There are updates for this issue built in the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-apt in Ubuntu.

[Touch-packages] [Bug 1907676] [NEW] segmentation fault when opening fd

2020-12-10 Thread Marc Deslauriers
*** This bug is a security vulnerability *** Public security bug reported: USN-4668-1 introduced a regression in python-apt when using certain APIs with a file handle. See Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977000 ** Affects: python-apt (Ubuntu) Importance:

[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output

2020-11-26 Thread Marc Deslauriers
) Status: New => Invalid ** Changed in: poppler (Ubuntu Xenial) Status: New => In Progress ** Changed in: poppler (Ubuntu Bionic) Status: New => In Progress ** Changed in: poppler (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: pop

[Touch-packages] [Bug 1883793] Re: systemd-resolved leaks mDNS queries to DNS

2020-11-17 Thread Marc Deslauriers
Out of curiosity, what does the hosts line in your /etc/nsswitch.conf file look like? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1883793 Title: systemd-resolved leaks

[Touch-packages] [Bug 1903332] Re: Apport get_config incorrectly drops privileges

2020-11-12 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1903332 Title: Apport get_config incorrectly drops

[Touch-packages] [Bug 1902407] Re: package python3-pexpect 4.2.1-1 failed to install/upgrade: installed python3-pexpect package post-installation script subprocess returned error exit status 1

2020-11-06 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1902758] Re: Xorg freeze

2020-11-06 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1902931] Re: problem with nvidia on Ubuntu 18.04.5 LTS

2020-11-06 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1900255] Re: accountsservice drop privileges denial of service (GHSL-2020-187, GHSL-2020-188)

2020-11-05 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to accountsservice in Ubuntu. https://bugs.launchpad.net/bugs/1900255 Title: accountsservice drop privileges

[Touch-packages] [Bug 1899100] Re: whoopsie assert failure: double free or corruption (fasttop)

2020-10-27 Thread Marc Deslauriers
Here's a proposed fix, not sure if this is the exact cause of the double-free or if duplicate keys are acceptable or not. ** Patch added: "Proposed Fix" https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1899100/+attachment/5427819/+files/whoopsie_0.2.73~test1.debdiff ** Information

[Touch-packages] [Bug 1899347] Re: whoopsie assert failure: double free or corruption (fasttop)

2020-10-27 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1899100 *** https://bugs.launchpad.net/bugs/1899100 ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 1899100 whoopsie assert failure: double free or corruption (fasttop) -- You received this bug

[Touch-packages] [Bug 1897666] Re: FTBFS: nss for groovy ftbfs due to erroneous nonnull check arising from glibc getcwd() annotation

2020-09-29 Thread Marc Deslauriers
** Changed in: nss (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1897666 Title: FTBFS: nss for groovy ftbfs due to erroneous

[Touch-packages] [Bug 1888887] Re: Reading local files as root leads to sensitive information disclosure

2020-09-24 Thread Marc Deslauriers
The updates for this issue have been released: https://ubuntu.com/security/notices/USN-4538-1 Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/187 Title:

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-24 Thread Marc Deslauriers
The updates for this issue have been released: https://ubuntu.com/security/notices/USN-4538-1 Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/1882098 Title:

[Touch-packages] [Bug 1888887] Re: Reading local files as root leads to sensitive information disclosure

2020-09-24 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/187 Title: Reading local files as root leads to

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-23 Thread Marc Deslauriers
I am currently preparing updates for this issue, and I just tested the bionic update that includes this patch, and it works in my environment. Could you please make sure you created the policy file ok, and have rebooted after updating packagekit? -- You received this bug notification because

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-23 Thread Marc Deslauriers
Hi Julian, Could you please backport the patch in comment #9 to xenial? The code in xenial is substantially different. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu.

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

2020-09-16 Thread Marc Deslauriers
It's not feasible to stop the affected ciphers from re-using secrets, it's in the specification. Removing the ciphers is what was done in later releases of openssl, including the 1.0.2w version that was released specifically to address this issue: https://www.openssl.org/news/secadv/20200909.txt

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

2020-09-16 Thread Marc Deslauriers
This has now been fixed: https://ubuntu.com/security/notices/USN-4504-1 ** Changed in: openssl (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1888085] Re: Fehler : Ubuntu 18.04.4 LTS

2020-08-18 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1890286] Re: ansi escape sequence injection in add-apt-repository

2020-08-12 Thread Marc Deslauriers
Hi, Could you elaborate which codes in that manpage you feel are dangerous and are actually implemented by the common terminals? The old screendump and window title codes were disabled long ago, I'm not sure any of the others are anything other than a nuisance. -- You received this bug

[Touch-packages] [Bug 1891123] Re: Openssh vulnerability on ubuntu 16.04

2020-08-11 Thread Marc Deslauriers
Hi, The only thing an attacker can do with this vulnerability is DoS their own connection. As such, it is not considered a security issue either by the upstream OpenSSH project, or by the Ubuntu security team. Like other distros, we have no plans to fix this issue in our stable releases. **

[Touch-packages] [Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-08-04 Thread Marc Deslauriers
Unfortunately, this SRU has been superseded by a security update. Please re-upload the SRU. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1881976 Title:

[Touch-packages] [Bug 1890170] Re: ImportError libstdc++.so.6 cannot allocate memory after importing PyQt5.Qt PyQt5.QtCore and cv2

2020-08-04 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1889851 *** https://bugs.launchpad.net/bugs/1889851 I'm pretty sure this is a dupe of #1889851. Marking as such. ** This bug has been marked a duplicate of bug 1889851 Driver QMysql can't be loaded -- You received this bug notification because you are

[Touch-packages] [Bug 1890170] Re: ImportError libstdc++.so.6 cannot allocate memory after importing PyQt5.Qt PyQt5.QtCore and cv2

2020-08-04 Thread Marc Deslauriers
Possibly related: https://github.com/mysql/mysql-server/commit/735bd2a53834266c7256830c8d34672ea55fe17b -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to opencv in Ubuntu. https://bugs.launchpad.net/bugs/1890170 Title:

[Touch-packages] [Bug 1890170] Re: ImportError libstdc++.so.6 cannot allocate memory after importing PyQt5.Qt PyQt5.QtCore and cv2

2020-08-04 Thread Marc Deslauriers
I think this is related: $ readelf --dynamic libmysqlclient.so.21.1.19 | grep BIND 0x001e (FLAGS) BIND_NOW $ readelf --dynamic libmysqlclient.so.21.1.21 | grep BIND 0x001e (FLAGS) BIND_NOW STATIC_TLS ** Information type changed from Public to

[Touch-packages] [Bug 1889206] Re: Regression in USN-4436-1

2020-07-29 Thread Marc Deslauriers
** Changed in: librsvg (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/1889206 Title: Regression in USN-4436-1 Status in

[Touch-packages] [Bug 1889206] Re: Regression in USN-4436-1

2020-07-28 Thread Marc Deslauriers
** Attachment added: "eog displaying issue rendering anglo cardset" https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1889206/+attachment/5396555/+files/anglo-issue.png ** Bug watch added: gitlab.gnome.org/GNOME/librsvg/-/issues #612 https://gitlab.gnome.org/GNOME/librsvg/-/issues/612

[Touch-packages] [Bug 1889206] Re: Regression in USN-4436-1

2020-07-28 Thread Marc Deslauriers
Can also be tested by running "eog /usr/share/aisleriot/cards/anglo.svgz". See attached screenshot. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/1889206 Title:

[Touch-packages] [Bug 1889206] [NEW] Regression in USN-4436-1

2020-07-28 Thread Marc Deslauriers
me cards are missing graphics ** Affects: librsvg (Ubuntu) Importance: Undecided Status: New ** Affects: librsvg (Ubuntu Xenial) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: librsvg (Ubuntu Bionic) Importance: Undecided

[Touch-packages] [Bug 1884265] Re: [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.

2020-07-17 Thread Marc Deslauriers
ACK on the debdiff in comment #11, uploaded with a slight LP tag fix for processing by the SRU team. Thanks! ** Changed in: openssl (Ubuntu Bionic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

  1   2   3   4   5   6   7   8   9   10   >