[Touch-packages] [Bug 1883793] Re: systemd-resolved leaks mDNS queries to DNS

2020-11-17 Thread Marc Deslauriers
Out of curiosity, what does the hosts line in your /etc/nsswitch.conf file look like? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1883793 Title: systemd-resolved leaks

[Touch-packages] [Bug 1903332] Re: Apport get_config incorrectly drops privileges

2020-11-12 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1903332 Title: Apport get_config incorrectly drops

[Touch-packages] [Bug 1902407] Re: package python3-pexpect 4.2.1-1 failed to install/upgrade: installed python3-pexpect package post-installation script subprocess returned error exit status 1

2020-11-06 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1902758] Re: Xorg freeze

2020-11-06 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1902931] Re: problem with nvidia on Ubuntu 18.04.5 LTS

2020-11-06 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1900255] Re: accountsservice drop privileges denial of service (GHSL-2020-187, GHSL-2020-188)

2020-11-05 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to accountsservice in Ubuntu. https://bugs.launchpad.net/bugs/1900255 Title: accountsservice drop privileges

[Touch-packages] [Bug 1899100] Re: whoopsie assert failure: double free or corruption (fasttop)

2020-10-27 Thread Marc Deslauriers
Here's a proposed fix, not sure if this is the exact cause of the double-free or if duplicate keys are acceptable or not. ** Patch added: "Proposed Fix" https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1899100/+attachment/5427819/+files/whoopsie_0.2.73~test1.debdiff ** Information

[Touch-packages] [Bug 1899347] Re: whoopsie assert failure: double free or corruption (fasttop)

2020-10-27 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1899100 *** https://bugs.launchpad.net/bugs/1899100 ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 1899100 whoopsie assert failure: double free or corruption (fasttop) -- You received this bug

[Touch-packages] [Bug 1897666] Re: FTBFS: nss for groovy ftbfs due to erroneous nonnull check arising from glibc getcwd() annotation

2020-09-29 Thread Marc Deslauriers
** Changed in: nss (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1897666 Title: FTBFS: nss for groovy ftbfs due to erroneous

[Touch-packages] [Bug 1888887] Re: Reading local files as root leads to sensitive information disclosure

2020-09-24 Thread Marc Deslauriers
The updates for this issue have been released: https://ubuntu.com/security/notices/USN-4538-1 Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/187 Title:

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-24 Thread Marc Deslauriers
The updates for this issue have been released: https://ubuntu.com/security/notices/USN-4538-1 Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/1882098 Title:

[Touch-packages] [Bug 1888887] Re: Reading local files as root leads to sensitive information disclosure

2020-09-24 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/187 Title: Reading local files as root leads to

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-23 Thread Marc Deslauriers
I am currently preparing updates for this issue, and I just tested the bionic update that includes this patch, and it works in my environment. Could you please make sure you created the policy file ok, and have rebooted after updating packagekit? -- You received this bug notification because

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-23 Thread Marc Deslauriers
Hi Julian, Could you please backport the patch in comment #9 to xenial? The code in xenial is substantially different. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu.

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

2020-09-16 Thread Marc Deslauriers
It's not feasible to stop the affected ciphers from re-using secrets, it's in the specification. Removing the ciphers is what was done in later releases of openssl, including the 1.0.2w version that was released specifically to address this issue: https://www.openssl.org/news/secadv/20200909.txt

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

2020-09-16 Thread Marc Deslauriers
This has now been fixed: https://ubuntu.com/security/notices/USN-4504-1 ** Changed in: openssl (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1888085] Re: Fehler : Ubuntu 18.04.4 LTS

2020-08-18 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1890286] Re: ansi escape sequence injection in add-apt-repository

2020-08-12 Thread Marc Deslauriers
Hi, Could you elaborate which codes in that manpage you feel are dangerous and are actually implemented by the common terminals? The old screendump and window title codes were disabled long ago, I'm not sure any of the others are anything other than a nuisance. -- You received this bug

[Touch-packages] [Bug 1891123] Re: Openssh vulnerability on ubuntu 16.04

2020-08-11 Thread Marc Deslauriers
Hi, The only thing an attacker can do with this vulnerability is DoS their own connection. As such, it is not considered a security issue either by the upstream OpenSSH project, or by the Ubuntu security team. Like other distros, we have no plans to fix this issue in our stable releases. **

[Touch-packages] [Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-08-04 Thread Marc Deslauriers
Unfortunately, this SRU has been superseded by a security update. Please re-upload the SRU. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1881976 Title:

[Touch-packages] [Bug 1890170] Re: ImportError libstdc++.so.6 cannot allocate memory after importing PyQt5.Qt PyQt5.QtCore and cv2

2020-08-04 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1889851 *** https://bugs.launchpad.net/bugs/1889851 I'm pretty sure this is a dupe of #1889851. Marking as such. ** This bug has been marked a duplicate of bug 1889851 Driver QMysql can't be loaded -- You received this bug notification because you are

[Touch-packages] [Bug 1890170] Re: ImportError libstdc++.so.6 cannot allocate memory after importing PyQt5.Qt PyQt5.QtCore and cv2

2020-08-04 Thread Marc Deslauriers
Possibly related: https://github.com/mysql/mysql-server/commit/735bd2a53834266c7256830c8d34672ea55fe17b -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to opencv in Ubuntu. https://bugs.launchpad.net/bugs/1890170 Title:

[Touch-packages] [Bug 1890170] Re: ImportError libstdc++.so.6 cannot allocate memory after importing PyQt5.Qt PyQt5.QtCore and cv2

2020-08-04 Thread Marc Deslauriers
I think this is related: $ readelf --dynamic libmysqlclient.so.21.1.19 | grep BIND 0x001e (FLAGS) BIND_NOW $ readelf --dynamic libmysqlclient.so.21.1.21 | grep BIND 0x001e (FLAGS) BIND_NOW STATIC_TLS ** Information type changed from Public to

[Touch-packages] [Bug 1889206] Re: Regression in USN-4436-1

2020-07-29 Thread Marc Deslauriers
** Changed in: librsvg (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/1889206 Title: Regression in USN-4436-1 Status in

[Touch-packages] [Bug 1889206] Re: Regression in USN-4436-1

2020-07-28 Thread Marc Deslauriers
** Attachment added: "eog displaying issue rendering anglo cardset" https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1889206/+attachment/5396555/+files/anglo-issue.png ** Bug watch added: gitlab.gnome.org/GNOME/librsvg/-/issues #612 https://gitlab.gnome.org/GNOME/librsvg/-/issues/612

[Touch-packages] [Bug 1889206] Re: Regression in USN-4436-1

2020-07-28 Thread Marc Deslauriers
Can also be tested by running "eog /usr/share/aisleriot/cards/anglo.svgz". See attached screenshot. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/1889206 Title:

[Touch-packages] [Bug 1889206] [NEW] Regression in USN-4436-1

2020-07-28 Thread Marc Deslauriers
me cards are missing graphics ** Affects: librsvg (Ubuntu) Importance: Undecided Status: New ** Affects: librsvg (Ubuntu Xenial) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: librsvg (Ubuntu Bionic) Importance: Undecided

[Touch-packages] [Bug 1884265] Re: [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.

2020-07-17 Thread Marc Deslauriers
ACK on the debdiff in comment #11, uploaded with a slight LP tag fix for processing by the SRU team. Thanks! ** Changed in: openssl (Ubuntu Bionic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1887898] Re: Bluetooth sound card not detected

2020-07-17 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1885496] Re: Intel Wireless 8260 [8086:24f3] Subsystem [8086:9010] Bluetooth is disabled in gui, but audio reciever's action button still controls Ubuntu

2020-07-14 Thread Marc Deslauriers
Ok, actually the slider is in fact to disable bluetooth completely, please ignore my previous comment. ** Changed in: bluez (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are

[Touch-packages] [Bug 1885496] Re: Intel Wireless 8260 [8086:24f3] Subsystem [8086:9010] Bluetooth is disabled in gui, but audio reciever's action button still controls Ubuntu

2020-07-14 Thread Marc Deslauriers
Hi, Could you please attach a screenshot of the slider you are referring to? I believe you are confusing the slider's purpose. The slider is to make your bluetooth computer visible to be able to pair new devices, it does not disconnect existing devices. ** Changed in: linux (Ubuntu)

[Touch-packages] [Bug 896836] Re: Segmentation fault when asking help() for the list of modules

2020-07-14 Thread Marc Deslauriers
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/896836 Title: Segmentation fault when asking help() for the

[Touch-packages] [Bug 1594695] Re: apparmor service not started on fresh install

2020-07-14 Thread Marc Deslauriers
Are you still able to reproduce this issue with later versions of Ubuntu? ** Changed in: apparmor (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1404084] Re: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images

2020-07-14 Thread Marc Deslauriers
** Changed in: openjpeg (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openjpeg in Ubuntu. https://bugs.launchpad.net/bugs/1404084 Title: Fix for CVE-2013-6045 breaks decoding of

[Touch-packages] [Bug 1570788] Re: Makes mDNS ddos amplification attack possible

2020-07-14 Thread Marc Deslauriers
I think this was CVE-2017-6519, which was fixed a long time ago. I am closing this bug, please feel free to open a new bug if you can reproduce with a more recent version of Ubuntu. Thanks! ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6519 ** Changed in: avahi (Ubuntu)

[Touch-packages] [Bug 1513964] Re: dsextras.py : Shell Command Injection with a pkg name

2020-07-14 Thread Marc Deslauriers
** Changed in: pygobject-2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pygobject-2 in Ubuntu. https://bugs.launchpad.net/bugs/1513964 Title: dsextras.py : Shell Command

[Touch-packages] [Bug 1617620] Re: Autorun files from Removable Media

2020-07-14 Thread Marc Deslauriers
** Changed in: gsettings-desktop-schemas (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gsettings-desktop-schemas in Ubuntu. https://bugs.launchpad.net/bugs/1617620 Title: Autorun

[Touch-packages] [Bug 1864982] Re: Ubuntu desktop computer doesn't seem to lock correctly

2020-07-14 Thread Marc Deslauriers
** Changed in: lightdm (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1864982 Title: Ubuntu desktop computer doesn't seem to lock

[Touch-packages] [Bug 1881982] Re: DoS vulnerability: cause resource exhaustion

2020-07-09 Thread Marc Deslauriers
** Also affects: whoopsie (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Groovy) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: whoopsie (Ubuntu Xenial) Importance: Undecided

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-07-09 Thread Marc Deslauriers
** Also affects: whoopsie (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Groovy) Importance: High Assignee: Marc Deslauriers (mdeslaur) Status

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-07-09 Thread Marc Deslauriers
https://github.com/sungjungk/apport-vuln -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 Status in whoopsie package in

[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate

2020-07-09 Thread Marc Deslauriers
Looks like this is CVE-2020-15570 ** Changed in: whoopsie (Ubuntu Xenial) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Bionic) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubunt

[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate

2020-07-09 Thread Marc Deslauriers
https://github.com/sungjungk/whoopsie_killer2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie

[Touch-packages] [Bug 1881982] Re: DoS vulnerability: cause resource exhaustion

2020-07-09 Thread Marc Deslauriers
https://github.com/sungjungk/whoopsie_killer -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1881982 Title: DoS vulnerability: cause resource exhaustion Status in

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-07-09 Thread Marc Deslauriers
** Changed in: whoopsie (Ubuntu) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wh

[Touch-packages] [Bug 1881982] Re: DoS vulnerability: cause resource exhaustion

2020-07-09 Thread Marc Deslauriers
** Changed in: whoopsie (Ubuntu) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1881982 Title:

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-06-17 Thread Marc Deslauriers
I still can't reproduce this issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 Status in whoopsie package in

[Touch-packages] [Bug 1881533] Re: Remove expired AddTrust_External_Root.crt because it breaks software

2020-06-05 Thread Marc Deslauriers
** Changed in: ca-certificates (Ubuntu Groovy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1881533 Title: Remove

[Touch-packages] [Bug 1881859] Re: RaspberryPi and "openssl:Error: 'rehash' is an invalid command"

2020-06-03 Thread Marc Deslauriers
What's the output of "openssl version -a"? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1881859 Title: RaspberryPi and "openssl:Error: 'rehash' is an invalid

[Touch-packages] [Bug 1881533] Re: Remove expired AddTrust_External_Root.crt because it breaks software

2020-06-01 Thread Marc Deslauriers
Updates for this issue have now been published: https://usn.ubuntu.com/4377-1/ ** Changed in: ca-certificates (Ubuntu Xenial) Status: In Progress => Fix Released ** Changed in: ca-certificates (Ubuntu Bionic) Status: In Progress => Fix Released ** Changed in: ca-certificates

[Touch-packages] [Bug 1881533] Re: Remove expired AddTrust_External_Root.crt because it breaks software

2020-06-01 Thread Marc Deslauriers
Updated will be released within the next half-hour. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1881533 Title: Remove expired AddTrust_External_Root.crt

[Touch-packages] [Bug 1881582] Re: ca-certificates missing some root CA

2020-06-01 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1881533 *** https://bugs.launchpad.net/bugs/1881533 ** This bug has been marked a duplicate of bug 1881533 Remove expired AddTrust_External_Root.crt because it breaks software -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1881533] Re: Remove expired AddTrust_External_Root.crt because it breaks software

2020-06-01 Thread Marc Deslauriers
ntu Focal) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Groovy) Status: Confirmed => In Progress ** Changed in: ca-certificates (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Bionic)

[Touch-packages] [Bug 1877895] Re: package udev 245.4-4ubuntu3 failed to install/upgrade: o subprocesso instalado, do pacote udev, o script post-installation retornou erro do status de saĆ­da 1

2020-05-15 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1878723] Re: Kernel panic when used with upstart after 0.11-4ubuntu2.1 update

2020-05-15 Thread Marc Deslauriers
Also see https://github.com/json-c/json-c/pull/610/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to json-c in Ubuntu. https://bugs.launchpad.net/bugs/1878723 Title: Kernel panic when used with upstart after 0.11-4ubuntu2.1

[Touch-packages] [Bug 1835596] Re: incorrect argument to file_printable in [PATCH] PR/62

2020-05-12 Thread Marc Deslauriers
) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: file (Ubuntu Eoan) Importance: Undecided Status: New ** Changed in: file (Ubuntu Eoan) Status: New => Fix Released ** Changed in: file (Ubuntu Focal) Status: New =&g

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-05-06 Thread Marc Deslauriers
Sorry, I meant "Are you able to reproduce the issue with the pre- compiled version of Whoopsie that comes with it?" -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1872560

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-05-06 Thread Marc Deslauriers
Thanks for the video, but I still can't reproduce the issue. What version of Ubuntu are you running in the video? How much ram do you have in that machine? Are you able to reproduce the issue with the pre-compiled version of Ubuntu that comes with it? -- You received this bug notification

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-05-05 Thread Marc Deslauriers
Hi, What release did you use to reproduce this? I tried reproducing it in Ubuntu 18.04 LTS, but whoopsie parses the file without segfaulting. I tried both $ python -c "print('A' * 0x + ' : ' + 'B')" > /var/crash/fake.crash and $ python -c "print('A' * 0xFFFE + ' : ' + 'B')" >

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-04-23 Thread Marc Deslauriers
It looks like bson.c in whoopsie was originally taken from here: https://github.com/10gen-archive/mongo-c-driver-legacy/tree/master/src The upstream repo has seen a lot of security fixes since the code was copied, perhaps we should investigate re-syncing it before attempting to fix it ourselves.

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-04-23 Thread Marc Deslauriers
Hi, Thanks for reporting this issue. We are currently investigating it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie

[Touch-packages] [Bug 1874413] Re: openssl 1.1.1f-1ubuntu2 breaks some TLS connections

2020-04-23 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1864689 *** https://bugs.launchpad.net/bugs/1864689 Hi, thanks for reporting this issue. This isn't caused by the patch for CVE-2020-1967, it is caused by OPENSSL_TLS_SECURITY_LEVEL=2 being set as the minimum security level. You can try it with a lowered

[Touch-packages] [Bug 1873794] Re: Unattended upgrades fixes missing from security repo

2020-04-22 Thread Marc Deslauriers
The -security pocket gets security fixes only. The -updates pocket gets security fixes, and also bug fixes. This is a bug fix, which is why it is in the -updates pocket only. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
Apologies for hijacking Alan's bug. I thought we were experiencing the same symptoms. I'll let Alan add his info. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1869981

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
I'm using the latest available version on bionic: cups-browsed 1.20.2-0ubuntu3.1 What version are you expecting me to be running? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
Sure... # systemctl stop cups-browsed # rm /var/log/cups/cups-browsed_log # lpstat -v device for Color-LaserJet-CP2025dn: hp:/net/HP_Color_LaserJet_CP2025dn?ip=192.168.66.6 device for HP_OfficeJet_Pro_7740_series_7646EB_: ipp://HP40B0347646EB.local:631/ipp/print # lpadmin -x

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
** Attachment added: "cups-browsed_log" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1869981/+attachment/5344359/+files/cups-browsed_log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
$ lpstat -v device for Color-LaserJet-CP2025dn: hp:/net/HP_Color_LaserJet_CP2025dn?ip=192.168.66.6 device for HP_OfficeJet_Pro_7740_series_7646EB_: ipp://HP40B0347646EB.local:631/ipp/print device for HP_OfficeJet_Pro_7740_series_7646EB_@HP40B0347646EB.local:

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
** Attachment added: "cups-browsed_log" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1869981/+attachment/5344288/+files/cups-browsed_log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
** Attachment added: "cups-browsed.conf" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1869981/+attachment/5344279/+files/cups-browsed.conf -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
I have two printers. I've had two printers configured in cups for a long time. I believe this issue started happening at the same time that a third printer started appearing automatically by cups, which is a duplicate of a printer I already have configured: Color-LaserJet-CP2025dn

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
I can reproduce the notification just by doing "systemctl restart cups", so perhaps it is related to the logrotate job restarting cups? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.

[Touch-packages] [Bug 1869981] Re: Printer notification every day at midnight

2020-04-01 Thread Marc Deslauriers
I just started getting this behaviour on 18.04 for the past few weeks too. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1869981 Title: Printer notification every day at

[Touch-packages] [Bug 1647285] Re: SSL trust not system-wide

2020-03-24 Thread Marc Deslauriers
Unfortunately, the ! character at the beginning the the line in ca- certificates.conf is just for blacklisting ca certificates from being imported into the system store, it's not really a backlist that can be used by a crypto library. -- You received this bug notification because you are a

[Touch-packages] [Bug 1647285] Re: SSL trust not system-wide

2020-03-24 Thread Marc Deslauriers
Looks like Fedora substantially modified the scripts used by ca- certificates to extract untrusted and blacklisted certs. We should probably start by investigating how their package is handling this, what files they are generating, and if they are being properly handled by p11 -kit-trust. -- You

[Touch-packages] [Bug 1844853] Re: IBus no longer works in Qt applications after upgrade

2020-03-23 Thread Marc Deslauriers
** Tags removed: verification-needed verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ibus in Ubuntu. https://bugs.launchpad.net/bugs/1844853 Title: IBus no longer works in Qt applications after

[Touch-packages] [Bug 1647285] Re: SSL trust not system-wide

2020-03-19 Thread Marc Deslauriers
Before we switch any software to using p11-kit-trust.so, we need to fix our ca-certificates package to properly handle untrusted or blacklisted certificates. At the moment, I believe they are simply skipped when generating the contents of /usr/share/ca-certificates. -- You received this bug

[Touch-packages] [Bug 1850820] Re: idhclient

2020-03-11 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security ** Changed in: isc-dhcp (Ubuntu Focal) Status: New => In Progress ** Changed in: isc-dhcp (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification becau

[Touch-packages] [Bug 1854120] Re: Screen contents visible briefly on lock screen on resolution change

2020-03-11 Thread Marc Deslauriers
** Changed in: lightdm (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1854120 Title: Screen contents visible briefly on lock screen

[Touch-packages] [Bug 1856494] Re: system program problem detected

2020-03-11 Thread Marc Deslauriers
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1856494 Title: system program problem detected Status in apport

[Touch-packages] [Bug 1865474] Re: sysytemd-resolved automatically use an ipv6 dns server on lan

2020-03-11 Thread Marc Deslauriers
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1865474 Title: sysytemd-resolved automatically use an ipv6 dns

[Touch-packages] [Bug 1864982] Re: Ubuntu desktop computer doesn't seem to lock correctly

2020-03-11 Thread Marc Deslauriers
What desktop environment are you using? ** Changed in: lightdm (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1864982 Title:

[Touch-packages] [Bug 1865831] Re: bug

2020-03-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1865504] Re: hwclock reports incorrect status in audit message

2020-03-05 Thread Marc Deslauriers
ACK on the debdiff in comment #3. Uploaded to focal. Thanks! ** Changed in: util-linux (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu.

[Touch-packages] [Bug 1844853] Re: IBus no longer works in Qt applications after upgrade

2020-03-03 Thread Marc Deslauriers
Is anyone actively working on the glib2.0 SRUs? We are blocked on them for our ibus security update... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ibus in Ubuntu. https://bugs.launchpad.net/bugs/1844853 Title: IBus no

[Touch-packages] [Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-01-31 Thread Marc Deslauriers
Perhaps the hash is missing in debian/openssh-server.ucf-md5sum? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1861472 Title: upgrade from fresh bionic to focal

[Touch-packages] [Bug 1860606] Re: TypeError: _fetch_archives() missing 1 required positional argument: 'allow_unauthenticated'

2020-01-22 Thread Marc Deslauriers
** Changed in: ubuntu-release-upgrader (Ubuntu Xenial) Status: Confirmed => Invalid ** Changed in: ubuntu-release-upgrader (Ubuntu Bionic) Status: Confirmed => Invalid ** Changed in: ubuntu-release-upgrader (Ubuntu Disco) Status: Confirmed => Invalid ** Changed in:

[Touch-packages] [Bug 1860606] Re: TypeError: _fetch_archives() missing 1 required positional argument: 'allow_unauthenticated'

2020-01-22 Thread Marc Deslauriers
signee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: python-apt (Ubuntu Bionic) Importance: Undecided => High ** Changed in: python-apt (Ubuntu Bionic) Status: New => Confirmed ** Changed in: python-apt (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mde

[Touch-packages] [Bug 1850032] Re: scanbd prevents HP printers to work correctly with HPLIP

2019-12-11 Thread Marc Deslauriers
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1850032 Title: scanbd prevents HP printers to work correctly with

[Touch-packages] [Bug 1856006] Re: The repository 'http://ppa.launchpad.net/blaimi/phpmyadmin-omnibus/ubuntu eoan Release' does not have a Release file. N: Updating from such a repository can't be don

2019-12-11 Thread Marc Deslauriers
Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see

[Touch-packages] [Bug 1717490] Re: LightDM keeps plain text login password in memory

2019-10-18 Thread Marc Deslauriers
** Changed in: lightdm (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1717490 Title: LightDM keeps plain text login password in

[Touch-packages] [Bug 1717476] Re: DHCP Transaction ID (xid) is logged with INFO loglevel

2019-10-18 Thread Marc Deslauriers
** Changed in: isc-dhcp (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1717476 Title: DHCP Transaction ID (xid) is logged with

[Touch-packages] [Bug 1791405] Re: bluetooth always in discoverable mode (security issue)

2019-10-18 Thread Marc Deslauriers
** Changed in: bluez (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security

[Touch-packages] [Bug 1823419] Re: jbig-kit calls abort() on invalid data, crashing many programs

2019-10-18 Thread Marc Deslauriers
** Changed in: jbigkit (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to jbigkit in Ubuntu. https://bugs.launchpad.net/bugs/1823419 Title: jbig-kit calls abort() on invalid data,

[Touch-packages] [Bug 1822736] Re: Passwords longer than 255 characters break authentication

2019-10-05 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1452115] Re: Python interpreter binary is not compiled as PIE

2019-09-23 Thread Marc Deslauriers
** Changed in: python3.6 (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1452115 Title:

[Touch-packages] [Bug 1832356] Re: Upgrade OpenSSH to 7.9p1-10 or better in stable series

2019-09-20 Thread Marc Deslauriers
** Changed in: openssh (Ubuntu Cosmic) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832356 Title: Upgrade OpenSSH to 7.9p1-10 or

[Touch-packages] [Bug 1844790] [NEW] Update OpenSSH in bionic to (1:7.9p1-10) for FIPS

2019-09-20 Thread Marc Deslauriers
*** This bug is a duplicate of bug 1832356 *** https://bugs.launchpad.net/bugs/1832356 *** This bug is a security vulnerability *** Public security bug reported: Now that OpenSSL 1.1.1 has been added to Bionic, we would like to update OpenSSH to a version that can be linked to OpenSSL

[Touch-packages] [Bug 1801383] Re: the WifiSyslog apport hook (used in firefox/tb) includes SSID informations

2019-09-19 Thread Marc Deslauriers
WifiSyslog does contain SSID information. While this will be removed from the thunderbird and firefox packages, I don't think it would be appropriate to remove it from the linux kernel apport reports. For linux packages, this information is helpful in debugging wireless driver issues. While a

[Touch-packages] [Bug 1838489] Re: adduser & deluser shell command injection

2019-09-17 Thread Marc Deslauriers
Thanks! ** Also affects: adduser (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940577 Importance: Unknown Status: Unknown ** Changed in: adduser (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of

  1   2   3   4   5   6   7   8   9   >