[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy
Debian says the jbig bug isn't a critical security issue: https://security-tracker.debian.org/tracker/CVE-2022-1210 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1971001 Title: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy Status in tiff package in Ubuntu: In Progress Bug description: The versions in Trusty, Xenial, Bionic, Focal and Jammy may be vulnerable to all CVEs below. Debian released an advisory on March 24. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1971001/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy
typo in my comment, recommendation is to build tiff with libjbig disabled... sorry.. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1971001 Title: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy Status in tiff package in Ubuntu: In Progress Bug description: The versions in Trusty, Xenial, Bionic, Focal and Jammy may be vulnerable to all CVEs below. Debian released an advisory on March 24. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1971001/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy
Can Ubuntu address CVE-2022-1210 similar to other Linux Distros (RHEL, SUSE, YOCTO,...) with not building tiff with JBIG disabled since the bug is really in libjbig (build with --disable-jbig) . See Fedora Bug Tracker https://bugzilla.redhat.com/show_bug.cgi?id=2072615 ** Bug watch added: Red Hat Bugzilla #2072615 https://bugzilla.redhat.com/show_bug.cgi?id=2072615 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1971001 Title: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy Status in tiff package in Ubuntu: In Progress Bug description: The versions in Trusty, Xenial, Bionic, Focal and Jammy may be vulnerable to all CVEs below. Debian released an advisory on March 24. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1971001/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy
New security versions of tiff have been released for focal and bionic. These versions provide the corresponding fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844. https://ubuntu.com/security/notices/USN-5523-2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1971001 Title: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy Status in tiff package in Ubuntu: In Progress Bug description: The versions in Trusty, Xenial, Bionic, Focal and Jammy may be vulnerable to all CVEs below. Debian released an advisory on March 24. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1971001/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy
Impish reached end-of-life yesterday. ** Summary changed: - Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal, Impish and Jammy + Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy ** Description changed: - The versions in Trusty, Xenial, Bionic, Focal, Impish and Jammy may be + The versions in Trusty, Xenial, Bionic, Focal and Jammy may be vulnerable to all CVEs below. Debian released an advisory on March 24. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1971001 Title: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy Status in tiff package in Ubuntu: In Progress Bug description: The versions in Trusty, Xenial, Bionic, Focal and Jammy may be vulnerable to all CVEs below. Debian released an advisory on March 24. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1971001/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp