This bug was fixed in the package lxterminal - 0.1.11-4ubuntu3.1
---
lxterminal (0.1.11-4ubuntu3.1) trusty-security; urgency=high
* SECURITY UPDATE: insecure /tmp use denial of service (LP: #1690416)
- debian/patches/fix-CVE-2016-10369.patch
- CVE-2016-10369
-- Simon
This bug was fixed in the package lxterminal - 0.2.0-1ubuntu0.1
---
lxterminal (0.2.0-1ubuntu0.1) xenial-security; urgency=high
* SECURITY UPDATE: insecure /tmp use denial of service (LP: #1690416)
- debian/patches/fix-CVE-2016-10369.patch
- CVE-2016-10369
-- Simon
Hi Simon - These backports look good to me. I've uploaded them to ppa
:ubuntu-security-proposed/ppa and will release them later today. Thank
you and sorry about the delay in getting these sponsored.
** Changed in: lxterminal (Ubuntu Trusty)
Status: In Progress => Confirmed
** Changed in:
** Changed in: lxterminal (Ubuntu Trusty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: lxterminal (Ubuntu Xenial)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: lxterminal (Ubuntu Trusty)
Status: New => In Progress
** Changed in:
** Also affects: lxterminal (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: lxterminal (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
For both of my debdiffs, I had to do some backporting using the methods
used in the older code and I had to substitute the old methods in for
the new ones when applying the patch, if that makes sense. To be more
specific, here's what upstream did on the master branch:
-gchar * socket_path =
Attached is a debdiff for Trusty applicable to 0.1.11-4ubuntu3.
** Patch added: "1-0.1.11-4ubuntu3.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/lxterminal/+bug/1690416/+attachment/4912619/+files/1-0.1.11-4ubuntu3.1.debdiff
--
You received this bug notification because you are a
Whoops, I accidentally forgot to change the release to xenial-security,
so here's an updated patch...
** Patch added: "1-0.2.0-1ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/lxterminal/+bug/1690416/+attachment/4912591/+files/1-0.2.0-1ubuntu0.1.debdiff
** Patch removed:
Attached is a debdiff for Xenial applicable to 0.2.0-1.
** Patch added: "1-0.2.0-1ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/lxterminal/+bug/1690416/+attachment/4912590/+files/1-0.2.0-1ubuntu0.1.debdiff
--
You received this bug notification because you are a member of
Whoops, it seems this also affects Xenial and Trusty. I'll get a fix
ASAP.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1690416
Title:
[CVE] socket can be blocked by another user
To manage
This bug was fixed in the package lxterminal - 0.3.0-1ubuntu0.1
---
lxterminal (0.3.0-1ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: insecure /tmp use denial of service (LP: #1690416)
- debian/patches/01-cve-2016-10369.diff: use per-user runtime
directory
Hi Simon - Thanks for the bug report. The tab renaming bug fix is more
appropriate for the SRU process. Could you attach a debdiff for zesty-
security that only addresses CVE-2016-10369? Thanks!
** Changed in: lxterminal (Ubuntu Zesty)
Status: In Progress => Incomplete
--
You received
In order to fix this, we can just sync 0.3.0-2 from Sid to Zesty. Here
is the changelog for 0.3.0-2:
lxterminal (0.3.0-2) unstable; urgency=high
* Fix improper use of /tmp for a socket file. (CVE-2016-10369)
(Closes: #862098)
* Fix tab renaming dialog. (Closes: #862096)
-- Yao Wei
** Information type changed from Private Security to Public Security
** Also affects: lxterminal (Ubuntu Artful)
Importance: Undecided
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
** Also affects: lxterminal (Ubuntu Zesty)
Importance: Undecided
Status: New
--
14 matches
Mail list logo
