[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

** Description changed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 + + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in

[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

** Description changed: + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 - Upstream patch: -

[Touch-packages] [Bug 1896774] Re: [ASUS UX430UQ] Headphone output stopped working after perfoming dist-upgrade

Hello, In AlsaInfo.txt, under `!!Amixer output`, the Master and Headphone audio output controls are set to off, a possible starting point for debugging this issue may be looking into trying to unset those. The file contents are just writing the output of `/usr/sbin/alsa-info.sh --stdout --no-

[Touch-packages] [Bug 1884738] Re: Pulseaudio in Ubuntu 16.04 contains a potential double-free bug in Bluez 5 module

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1884738 Title: Pulseaudio in Ubuntu 16.04 contains

[Touch-packages] [Bug 1895928] Re: Snap policy module fails to identify snaps if SCM_CREDENTIALS are missing from PA_COMMAND_AUTH request

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1895928 Title: Snap policy module fails to identify

[Touch-packages] [Bug 1904775] Re: software-properties-gtk hangs indefinitely if a single source server is down

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1913666] [NEW] acl dropped in Focal server image

Public bug reported: The acl package is not shipped by default in the Focal server image (though it looks like libacl1 is still being shipped), it was last shipped in the Bionic server image. Just to double check, was dropping acl intentional? It is a reverse-dependency of LXD if that might be

[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp

Thank you for reporting this issue. Have you reported this to the upstream libwebp developers? If not, we encourage you to report it (you can do so here: https://bugs.chromium.org/p/webp/issues/list) and keep us in the loop if possible. Thank you ** Information type changed from Private

[Touch-packages] [Bug 1891953] Re: CVE-2019-8936

Apologies for the delay on this, it fell off our radar but we're working on the Focal+ updates now. And no need for the separate Groovy debdiff, thanks Brian! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu.