This impacts all arm64 installs, not just raspberry pi.
The MIR for qrtr and protection-domain-mapper [0] was requested late in
the Mantic cycle and was only approved by Security since it was promised
to only be used for x13s hardware enablement. Hopefully Qualcomm IPC is
only enabled for x13s
Public bug reported:
If pam_pwqaulity is restrictively set a user can still be created by
adduser without a password.
e.g.,
```
eslerm@mino:~$ cat /etc/pam.d/common-password |grep pwquality
password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1
lcredit=-1 dcredit=-1
Public bug reported:
If pam_pwqaulity is restrictively set a user can still be created by
adduser without a password.
e.g.,
```
eslerm@mino:~$ cat /etc/pam.d/common-password |grep pwquality
password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1
lcredit=-1 dcredit=-1
Regardless of how the bluetooth device works, enabling unbonded devices
in BlueZ makes a computer vulnerable to CVE-2023-45866. It won't be
enabled by the security team.
Perhaps GNOME or other desktops could become more aware of gaming
controllers with these issues to make pairing easier, without
hi @werdem o/
What bluetooth device are you using?
Your version of BlueZ has a security patch for vulnerability
CVE-2023-45866 which disables support for certain legacy bluetooth
devices.
If your device does not support Classic Bonding, you can re-enable it by
setting `ClassicBondedOnly=false`
=> Won't Fix
** Changed in: bluez (Ubuntu)
Assignee: Nishit Majithia (0xnishit) => Mark Esler (eslerm)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/2045931
Title:
hi @yudamjoo o/
Please check the end of your `DpkgTerminalLog.txt` file.
To fix CVE-2023-45866 [0] a configuration file
(`/etc/bluetooth/input.conf`) was changed. If there had been edits made
to this file before updating BlueZ, apt will ask what you want to do
with the configuration file. "Y" is
Public bug reported:
In mantic, -mbranch-protection=standard is now a default dpkg compiler
flag for arm64 [0]. This breaks libunwind and dependencies [1]. This has
not affected any libunwind binaries, since rebuilds have not been
performed since this change.
>From local testing, the build will
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/2038365
Title:
Audio
Status in pulseaudio package in
@halfgaar, I've requested that the Foundation's team review the priority
of this bug
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wget in Ubuntu.
https://bugs.launchpad.net/bugs/2029930
Title:
wget crash when printing
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libwebp in Ubuntu.
https://bugs.launchpad.net/bugs/2035220
Title:
cve-2023-4863
Status in
Desktop no longer has engineering goals to support smart cards.
Foundations team might.
Security Team is blocked until there is a mandate, an owning team,
hardware funding, and possibly engineering support to resolve
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530
Unassigning Security
Hi Rabee,
The metapackage android-sdk-platform-tools installs several packages,
which includes e2fsprogs (https://packages.ubuntu.com/focal/android-sdk-
platform-tools). It also make a symbolic link from /usr/lib/android-
sdk/platform-tools/mke2fs.conf to /etc/mke2fs.conf All of which should
not
13 matches
Mail list logo
