** Changed in: linux-lts-backport-natty (Ubuntu Lucid)
Status: New = Fix Committed
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New = Invalid
** Changed in:
** Changed in: linux-lts-backport-natty (Ubuntu Lucid)
Status: New = Fix Committed
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New = Invalid
** Changed in:
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Maverick)
Status: New = Invalid
** Changed in:
** Changed in: linux-lts-backport-natty (Ubuntu Lucid)
Status: New = Fix Committed
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New = Invalid
** Changed in:
** Changed in: linux-lts-backport-natty (Ubuntu Lucid)
Status: New = Fix Committed
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New = Invalid
** Changed in:
** Changed in: linux-lts-backport-natty (Ubuntu Lucid)
Status: New = Fix Committed
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New = Invalid
** Changed in:
While good to fix this, I should point out that Maverick and later are
not vulnerable to symlink attacks in /tmp.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/793502
Title:
Insecure temporary file
(Actually, since this isn't a security regression, this shouldn't go
through -security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813507
Title:
linux: 2.6.32-33.71 -proposed tracker
To manage
Go for it! :)
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813507
Title:
linux: 2.6.32-33.71
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
This looks fine to me. +1
** Changed in: ipxe (Ubuntu)
Status: New = In Progress
** Changed in: ipxe (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
It looks like this is an intentional change.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/810022
Title:
test-kernel-security failure on 3.0.0-5
To manage notifications about this bug go to:
I take it back... there's no mention of it in the commt:
commit a3232d2fa2e3cbab3e76d91cdae5890fee8a4034
Author: Eric Paris epa...@redhat.com
Date: Fri Apr 1 17:08:45 2011 -0400
capabilities: delete all CAP_INIT macros
The CAP_INIT macros of INH, BSET, and EFF made sense at one
Ah, nevermind, Serge is right. I found the wrong commit. Heh. :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/810022
Title:
test-kernel-security failure on 3.0.0-5
To manage notifications about
** Changed in: linux (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
** Changed in: linux (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/810022
Looks good, thanks!
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/812360
Title:
linux: 2.6.24-29.92
http://cgit.freedesktop.org/xorg/app/xclipboard/commit/?id=4f1a5dbc00d577cdbd37a824c396b030cb170d65
** Changed in: x11-apps (Ubuntu)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: rng-tools (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
** Changed in: rng-tools (Ubuntu)
Status: New = In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
** Also affects: update-manager (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Changed in: update-manager (Ubuntu Oneiric)
Assignee: (unassigned) = Brian Murray (brian-murray)
** Changed in: update-manager (Ubuntu Oneiric)
Status: New = Fix Released
--
You received
I can confirm that the testcase passes now.
** Tags added: verification-done
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/797894
Title:
update-manager bug
Are there plans for Debian to package this too? Packaging looks fine to
me. +1
** Changed in: resource-agents (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
** Changed in: resource-agents (Ubuntu)
Status: New = In Progress
--
You received this bug notification because you
: Kees Cook (kees) = (unassigned)
** Changed in: vde2 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications about
This looks fine to me. +1
** Changed in: ipxe (Ubuntu)
Status: New = In Progress
** Changed in: ipxe (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
in: ajaxterm (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
** Changed in: ajaxterm (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795159
Title:
[MIR] ajaxterm
This will need multiarch-ification once xchat knows how to load
multiarch plugins. Beyond that, +1.
** Changed in: xchat-indicator (Ubuntu)
Status: New = In Progress
** Changed in: xchat-indicator (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
--
You received this bug
This ships an autostart file. I'm not sure I'm following the indicator
code, but will it start up empathy? This doesn't seem quite right (not
everyone uses empathy).
** Changed in: telepathy-indicator (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
** Changed in: telepathy-indicator
. Outside of that, the initial design looks
good (split root/non-root server, etc).
** Changed in: ndisc6 (Ubuntu)
Status: New = Incomplete
** Changed in: ndisc6 (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Looks good, thanks!
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/811215
Title:
Looks good, thanks!
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/808934
Title:
linux: 2.6.35-30.56
** Changed in: linux-lts-backport-natty (Ubuntu)
Status: Invalid = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
qrt rev 1347 should now have this fixed by splitting the version logic
into Kernel and Release checks. Some features are tied to the kernel
version, and some are tied to the userspace Ubuntu release version.
** Changed in: linux-lts-backport-natty (Ubuntu)
Assignee: (unassigned) = Kees Cook
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Since this is the first time the package will be in the Lucid archive, I
am not counting it as a security update. It should only go to the
-updates pocket this time. Future uploads that include CVE fixes should
go to -security normally, though.
** Changed in: linux-lts-backport-natty (Ubuntu)
Looks good, thanks.
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/807175
Title:
linux: 2.6.32-33.70
Looks good, thanks!
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795153
Title:
linux-mvl-dove:
Looks good, thanks!
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/807505
Title:
linux-ec2:
Looks good, thanks! Note that CVE-2010-4247 doesn't have an upstream
commit, so it needed some manual fiddling on my end, and that the
CVE-1011-2022 typo is in this changelog as well.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4247
** Changed in:
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: x11-xserver-utils (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/792628
Title:
xhost double free or corruption
To manage notifications
)
Status: New
** Changed in: apparmor
Assignee: John Johansen (jjohansen) = Kees Cook (kees)
** Changed in: linux (Ubuntu Oneiric)
Assignee: John Johansen (jjohansen) = Kees Cook (kees)
** Changed in: linux (Ubuntu Natty)
Assignee: (unassigned) = Kees Cook (kees)
** Changed
Thanks for the report. I've sent a patch for this to upstream.
** Changed in: x11-apps (Ubuntu)
Status: New = In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/792642
Title:
xcutsel
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
http://lists.x.org/archives/xorg-devel/2011-July/023832.html
** Changed in: x11-apps (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/792642
Hi! Thanks for the report. This is, however, a bug in the example
program. strcasecmp expects a string to be null terminated. Since the
buffer is unterminated, strcasecmp runs off the end of the buffer. Try
using cmalloc(1, 4001) instead of malloc, or manually terminating the
buffer, or using
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Thanks for catching this! Is this perhaps a problem at a higher level?
(I.e. should security_task_free be called in a different way so that its
hooks (like yama_ptracer_del) do not need to use the _bh locking
mechanisms?
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
CVE states look okay to me. Thanks!
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/802464
Title:
linux:
Heru, thanks for getting involved in helping with Ubuntu. Please don't
change the statuses or assignments of this bug (or similar bugs), it is
used for the tracking of progress on Ubuntu kernel updates. If you want
to get involved, please see http://www.ubuntu.com/community/get-involved
--
You
@pitti no need -- it's not a security vulnerability. (because of the
compiler flags, this is just a crash, not an exploitable bug)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/657598
Title:
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
. apg is just used to generate a password, IIUC,
not to do the hashing.
** Changed in: accountsservice (Ubuntu)
Assignee: Kees Cook (kees) = Rodrigo Moya (rodrigo-moya)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
Okay, after proving to myself that the system bus can't normally be
snooped, I'm satisfied not to block the MIR, but the file size limit
test (moving it into the GIO stream copy) should be fixed before
release.
+1
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Oh, one more thing -- the crypted password system must use the system
crypt functions, not use an embedded method since the system may be
configured for different systems:
static gchar *
make_crypted (const gchar *plain)
{
...
/* SHA 256 */
g_string_append (salt, $6$);
This whole
Oh, and $6 is SHA512, not SHA256 -- that comment is wrong. :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/785680
Title:
[MIR] accountsservice
To manage notifications about this bug go to:
** Package changed: udisks (Debian) = linux-2.6 (Debian)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/726814
Title:
udisks-daemon uses a ton of CPU after inserting a SanDisk U3 Cruzer
Micro usb
There were a few things that gave me some pause in libtirpc, but I've
now convinced myself that they are okay. This code could probably use a
few more eyes on it, but it looks reasonable, and it does attempt to be
careful about lengths, etc. +1
** Changed in: libtirpc (Ubuntu Oneiric)
I encountered this only after reformatting the stick with ext4 (it
behaved fine prior to that). I would agree, it does seem to be some kind
of kernel (or udev) bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
-- Hideki Yamane henr...@debian.org Sat, 28 May 2011 21:24:48 +0900
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook k...@outflux.net
iEYEARECAAYFAk4HWWIACgkQH/9LqRcGPm2yMgCcDvesTE04RSGPAB7yLm84smHs
xYQAoJtxBysxZJRB1ZS1YQRRt24LMb/Q
=ud7N
-END PGP SIGNATURE
+1. (Though 1:1.4.1-1 should be synced now)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/801886
Title:
Sync joystick 1:1.4-1 (main) from Debian unstable (main)
To manage notifications about this
CVE-2011-2493
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/801087
Title:
ext4: BUG_ON on null-pointer when mounting corrupted filesystem
To manage notifications about this bug go to:
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Since this is the first release of linux-lts-backport-natty, it should
not land in -security (even though it has CVEs in it, since the delta
between it an lucid's kernel isn't entirely sane). Future uploads of
linux-lts-backport-natty with CVE fixes in it will go through -security
normally. In the
The commit for CVE-2011-2022 says 1011 instead of 2011. I have adjusted
our scripts to deal with this. Everything else checks out from what I
can see.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2022
** Changed in: kernel-sru-workflow/security-signoff
Status: In
Thanks for taking the time to report this bug and helping to make Ubuntu
better. This is not a bug, but rather expected behavior:
https://wiki.ubuntu.com/SecurityTeam/Policies#Reasonable%20Physical%20Access
Please feel free to report any other bugs you may find.
** Visibility changed to:
I spent a little time tracking down:
Revert econet: fix CVE-2010-3848
but it looks like this was just part of the upstream realignment or something,
since the fix was reapplied right after it. Anyway, things look good.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3848
The commits for CVE-2010-4076 and CVE-2010-4077 seems a bit confused.
This version seems to have half of them, so I'm ignoring those CVEs in
the changelog for the future publication. The rest looks fine.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4076
** CVE added:
CVE-2010-3848 got reverted and reapplied, so I'll ignore it for the
publication. Everything else looks fine.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3848
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress = Fix Released
--
You received
Thanks, we'll get this fixed. :)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0449641130f5
** Visibility changed to: Public
** Bug watch added: Linux Kernel Bug Tracker #32082
http://bugzilla.kernel.org/show_bug.cgi?id=32082
** Also affects: linux via
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Agreed, please don't hold it back.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/788843
Title:
linux: 2.6.24-29.90 -proposed tracker
To manage notifications about this bug go to:
)
Assignee: Kees Cook (kees) = (unassigned)
** Changed in: xen (Ubuntu)
Status: New = In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/790854
Title:
[MIR] libxen-dev and libxenstore3.0
This uses /dev/random for seed generation among other things, so that's
certainly sufficient for decent generation. Should be fine. +1
** Changed in: apg (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) = (unassigned)
** Changed in: apg (Ubuntu)
Assignee: (unassigned) =
Seems like it will fail to handle usernames with -, ., or _ in the name?
Should compare this exclusion list against what adduser does. src/daemon.c:
re = g_regex_new ((?Pusername[0-9a-zA-Z]+)[
]+(?Pfrequency[0-9]+), 0, 0, error);
daemon_create_user_authorized_cb() lacks a -- in the
** Changed in: gmemusage (Ubuntu)
Status: Triaged = Incomplete
** Changed in: gmemusage (Ubuntu Natty)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/370735
I've updated the debdiff with Chris's suggestions, and fixed up the
changelog to use LP-style bug numbering. Thanks for the work on this,
I'll get it uploaded shortly.
** Changed in: gmemusage (Ubuntu)
Status: Incomplete = Fix Committed
--
You received this bug notification because you
This looks like a regular bug to me. I don't think Perl will deal with
the %n in an unsafe way.
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
For the impatient, I've created a Firefox Extension that forces
middlemouse.contentLoadURL to true:
http://outflux.net/software/pkgs/thewolf/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/548866
I've got this error more fully silenced in a later commit which should
be available soon.
** Changed in: pam (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
** Changed in: pam (Ubuntu)
Status: Triaged = Fix Committed
** Changed in: pam (Ubuntu)
Importance: Medium = Low
This looks like a regular bug to me. I don't think Perl will deal with
the %n in an unsafe way.
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
AppArmor only restricts permissions, and does not add them. If the program
is started with the capability it needs, it should work as expected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/794026
The commit-checker missed 5caf3ae4c4bed98bd6148021e6e934d94b5dea1d (due
to it accidentally claiming to be a backport of
linus:272b62c1f0f6f742046e45b50b6fec98860208a0 instead of
linus:b00916b189d13a615ff05c9242201135992fcda3), so CVE-2010-4655 was
not shown as pending in UCT, but was correct in
*** This bug is a duplicate of bug 375625 ***
https://bugs.launchpad.net/bugs/375625
** This bug has been marked a duplicate of bug 375625
screen freezes up, turns zombie
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: kernel-sru-workflow/security-signoff
Status: Confirmed = In Progress
** Changed in: kernel-sru-workflow/security-signoff
Assignee: Canonical Security Team (canonical-security) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
** Changed in: pymilter-milters (Ubuntu)
Status: Incomplete = Confirmed
** Changed in: pymilter-milters (Ubuntu)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
The logs don't contain any path details for the following packages, so I
haven't been able to check them:
dbacl
amavis-ng
amavisd-new
kcmpureftpd
boxbackup
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
I wonder if there should maybe be an /etc/pam.d/dm-common that gdm, kdm,
and lightdm can all include instead of shipping the same thing multiple
times?
The upstart job file uses and and or. As I understand it, this can
lead to job hangs and is not supported by Upstart. See bug 447654.
I'm
** Also affects: apparmor (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Oneiric)
Importance: High
Status: Triaged
** Changed in: apparmor (Ubuntu Natty)
Status: New = Triaged
** Changed in: apparmor (Ubuntu Natty)
Importance:
** Visibility changed to: Public
** Changed in: mumble (Ubuntu)
Status: New = Confirmed
** Changed in: mumble (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Tim, sorry I took so long with this. I've reproduced the original
crash (it just kills dosemu):
[ 167.120539] note: dosemu.bin[1623] exited with preempt_count 1
However, when running this with the test kernel, the entire system
hangs, so that's no good. :)
** Changed in: linux (Ubuntu
Incomplete fix for CVE-2011-0711.
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-0711
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/788351
(Ubuntu)
Status: New = Incomplete
** Changed in: libauthen-ntlm-perl (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/787495
Title:
[MIR
601 - 700 of 8586 matches
Mail list logo