[Bug 1901264] Re: package dbus 1.12.20-1ubuntu1 failed to install/upgrade: triggers looping, abandoned

2020-10-23 Thread Seth Arnold
** Also affects: ubuntu-release-upgrader (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901264 Title: package dbus 1.12.20-1ubuntu1 failed to

[Bug 1871471] Re: flash end of life soon, suggest remove from hirsute

2020-10-23 Thread Seth Arnold
** Summary changed: - flash end of life soon, suggest remove from groovy + flash end of life soon, suggest remove from hirsute ** Description changed: Hello, Adobe has said they will not be supporting Flash beyond 2020: https://helpx.adobe.com/acrobat/kb/flash-format-support-in-pdf.html

Re: [Bug 1873074] Re: kernel panic hit by kube-proxy iptables-save/restore caused by aufs

2020-10-21 Thread Seth Arnold
On Wed, Oct 21, 2020 at 10:32:14PM -, Peter Burkholder wrote: > Is there an approval/publication step that y'alls still need to take? Yes, there is; it's been a busy, uh, three months give or take. Thanks for the friendly reminder. :) -- You received this bug notification because you are a

[Bug 1899019] Re: Typo in UDisks action

2020-10-19 Thread Seth Arnold
Hello Kevin, thanks for the excellent GHSL-2020-161 report. Given that the polkit rules are intentional, if ancient, and the udisks2 team doesn't want to treat the symlink finding as a security bug, I'm going to open this publicly and mark it wontfix, to reflect what's likely going to happen for

[Bug 1867813] Re: [MIR] linux-firmware-raspi2 to restricted

2020-10-16 Thread Seth Arnold
I reviewed linux-firmware-raspi2 version 2-0ubuntu1 as checked into groovy. This is very quick pass over the package. My concerns for this package are nearly identical to my concerns given in https://bugs.launchpad.net/ubuntu/+source/rpi-eeprom/+bug/1895137/comments/11 Thanks Dave for

[Bug 1895137] Re: [MIR] rpi-eeprom; raspberrypi-userland

2020-10-15 Thread Seth Arnold
I reviewed rpi-eeprom version 9.0-1ubuntu1 as checked into groovy. This isn't a full security audit but a very quick gauge of maintainability. Because this is an architecture-specific review, the usual tooling doesn't work for this case. This is a slight problem for maintenance, because the

[Bug 1891934] Re: [MIR] google-osconfig-agent

2020-10-13 Thread Seth Arnold
Hello, gosec has reported a debug tool is enabled that sounds dangerous: google-osconfig-agent-20200625.00/main.go:42] - G108 (CWE-200): Profiling endpoint is automatically exposed on /debug/pprof (Confidence: HIGH, Severity: HIGH) 41: > 42: _ "net/http/pprof" 43: Is this

[Bug 1899176] Re: Linux Kernel FUTEX_WAIT Privilege Escalation Vulnerability

2020-10-09 Thread Seth Arnold
Hello, you can see which kernels were fixed with which versions on: https://people.canonical.com/~ubuntu- security/cve/2020/CVE-2020-14381.html Thanks ** Changed in: ubuntu Status: New => Fix Released ** Information type changed from Private Security to Public Security ** CVE added:

[Bug 1891157] Re: [MIR] ipp-usb

2020-10-08 Thread Seth Arnold
I reviewed golang-github-openprinting-goipp 1.0.0-1 as checked into groovy. This shouldn't be considered a full audit but rather a quick gauge of maintainability. golang-github-openprinting-goipp is a low-level serializer/deserializer for IPP protocol messages. - CVE History: - No CVEs in our

[Bug 1891157] Re: [MIR] ipp-usb

2020-10-08 Thread Seth Arnold
Alexander, Till, it would be nice if we could run these components as non-root. It'd be wonderful to have some systemd seccomp enforcement, as well as AppArmor profiles. Please consider what steps could be taken to reduce the privileges of these services. Thanks -- You received this bug

[Bug 1899080] Re: grub bootloader install failed, ubunu won't boot

2020-10-08 Thread Seth Arnold
Hello Kamal, I noticed this line in your logs: Oct 8 20:25:56 ubuntu ubiquity: grub-install: error: failed to register the EFI boot entry: Operation not permitted. Does your BIOS / SETUP have any entries that would prevent you from changing your boot order? Thanks ** Information type changed

[Bug 1899039] Re: package libgcc1 1:10.2.0-5ubuntu1~20.04 failed to install/upgrade: O pacote está num mau estado de inconsistência; deve reinstala-lo antes de tentar configura-lo.

2020-10-08 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1899039 Title: package libgcc1 1:10.2.0-5ubuntu1~20.04 failed to install/upgrade: O

[Bug 1898995] Re: Unity bugs

2020-10-08 Thread Seth Arnold
There's no indication in the attachments what went wrong, you'll need to provide more information yourself. Thanks ** Information type changed from Private Security to Public ** Changed in: unity (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a

[Bug 1898977] Re: The system is not getting upgraded from 16.04 to 18.04

2020-10-08 Thread Seth Arnold
Hello Himanshu, I don't believe ROS packages allow you to upgrade the system. Thanks ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1891157] Re: [MIR] ipp-usb

2020-10-08 Thread Seth Arnold
On Thu, Oct 08, 2020 at 07:31:36PM -, Alexander Pevzner wrote: > thank you for security review of the ipp-usb package. My few comments: Hello Alexender, thank you very much for the feedback review! It's very helpful, and very encouraging. Thanks. :) -- You received this bug notification

[Bug 1899046] Re: /usr/bin/aa-notify:ModuleNotFoundError:/usr/bin/aa-notify@39

2020-10-08 Thread Seth Arnold
Traceback (most recent call last): File "/usr/bin/aa-notify", line 39, in import psutil ModuleNotFoundError: No module named 'psutil' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1899046

[Bug 1891157] Re: [MIR] ipp-usb

2020-10-07 Thread Seth Arnold
I reviewed ipp-usb 0.9.13-1ubuntu1 as checked into groovy. This shouldn't be considered a full audit but rather a quick gauge of maintainability. ipp-usb is an http proxy to provide ipp printing support to USB devices. - CVE History: No CVEs in our database, very new - Build-Depends:

[Bug 1898962] Re: package grub-efi-amd64-signed 1.155+2.04-1ubuntu35 failed to install/upgrade: o subprocesso instalado, do pacote grub-efi-amd64-signed, o script post-installation retornou erro do st

2020-10-07 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898962 Title: package grub-efi-amd64-signed 1.155+2.04-1ubuntu35 failed to

[Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-10-07 Thread Seth Arnold
Christian, Joy has gone through the bugs and either closed old ones or made some progress on still-relevant ones. How does it look to you now? Thanks Joy! Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1898864] Re: ?

2020-10-07 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898864 Title: ? To manage notifications about this bug go to:

[Bug 1898840] Re: boot errors,

2020-10-07 Thread Seth Arnold
Hello, My guess is that possibly-corrupted FAT filesystem. I assume that's your EFI filesystem, and it'll need to be correct in order to do most operations on it, and if it was unmounted uncleanly, that may cause the tools to fail. Do you have other operating systems on this computer? do you have

[Bug 1765933] Re: Allow building livefses against a view of the archive at a fixed point in time

2020-10-06 Thread Seth Arnold
Ayub, please do not change the status of bug reports. Thanks. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1765933 Title: Allow

[Bug 1898742] Re: Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability

2020-10-06 Thread Seth Arnold
This appears to be: https://people.canonical.com/~ubuntu- security/cve/2020/CVE-2020-25643.html Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25643 ** Package changed: linux-meta (Ubuntu) => linux (Ubuntu) ** Information type changed from Private Security to Public

[Bug 1898734] Re: hata verdi

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898734 Title: hata verdi To manage notifications about this bug go to:

[Bug 1898620] Re: package libreoffice-draw 1:6.0.7-0ubuntu0.18.04.10 failed to install/upgrade: dpkg-deb --fsys-tarfile subprocess returned error exit status 2

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898620 Title: package libreoffice-draw 1:6.0.7-0ubuntu0.18.04.10 failed to

[Bug 1898617] Re: Not upgrading to 20.0

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898617 Title: Not upgrading to 20.0 To manage notifications about this bug go to:

[Bug 1898590] Re: Verify DNS fingerprints not working

2020-10-06 Thread Seth Arnold
Hello, dig will do dns lookups itself, it doesn't rely on the host resolver configuration. Does your host resolver configuration support dnssec? It might be worth using tcpdump or tshark or wireshark to see if the queries are properly formed, and if the replies are correct. Thanks -- You

[Bug 1898488] Re: ubuntu upgrade failed because of unnoficial software packages

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898488 Title: ubuntu upgrade failed because of unnoficial software packages To manage

[Bug 1898448] Re: package util-linux 2.34-0.1ubuntu9.1 failed to install/upgrade: package util-linux is already installed and configured

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898448 Title: package util-linux 2.34-0.1ubuntu9.1 failed to install/upgrade: package

[Bug 1898351] Re: Wifi does not show up or work

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898351 Title: Wifi does not show up or work To manage notifications about this bug go to:

[Bug 1898333] Re: package mysql-server-8.0 8.0.21-0ubuntu0.20.04.4 failed to install/upgrade: el subproceso instalado paquete mysql-server-8.0 script post-installation devolvió el código de salida de

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898333 Title: package mysql-server-8.0 8.0.21-0ubuntu0.20.04.4 failed to

[Bug 1898803] [NEW] postinst file uses sha1sum, eval, nobody, nogroup

2020-10-06 Thread Seth Arnold
*** This bug is a security vulnerability *** Public security bug reported: Hello, the postinst file and Makefile use unsafe tools as part of installing an external package: - use of eval in the Makefile on data from the fetched remote archive. This does come after the checksum is checked, so

[Bug 1898157] Re: package python3 3.8.2-0ubuntu2 failed to install/upgrade: installed python3 package post-installation script subprocess returned error exit status 4

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898157 Title: package python3 3.8.2-0ubuntu2 failed to install/upgrade: installed

[Bug 1898051] Re: package grub-efi-amd64-signed 1.93.20+2.02-2ubuntu8.18 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2020-10-06 Thread Seth Arnold
Hello, does your BIOS / setup have any settings that would prevent updating the boot order? Thanks ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1898031] Re: Upgrading from 18.04.4 LTS to 20.04.1 LTS

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898031 Title: Upgrading from 18.04.4 LTS to 20.04.1 LTS To manage notifications about

[Bug 1898012] Re: sometimes my laptop shutdown properly , but sometimes shut down takes forever . it freezes at linux mint icon after logging off and stay this wasy and i have to use power button to f

2020-10-06 Thread Seth Arnold
** Package changed: linux (Ubuntu) => ubuntu ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898012 Title: sometimes my laptop shutdown

[Bug 1898020] Re: REMOTE USER

2020-10-06 Thread Seth Arnold
Hello, is this still an issue? Thanks ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898020 Title: REMOTE USER To manage notifications

[Bug 1897900] Re: While I am going to upgrade the system it tells "unresonable problem" something like package remove. Please guide me how to do it.

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897900 Title: While I am going to upgrade the system it tells "unresonable problem"

[Bug 1897982] Re: bcmwl-kernel-source 6.30.223.271+bdcom-0ubuntu5 (amd64 binary) in ubuntu groovy leaves MacBook Air offline

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897982 Title: bcmwl-kernel-source 6.30.223.271+bdcom-0ubuntu5 (amd64 binary) in ubuntu

[Bug 1897879] Re: can not upgrade the sistem from 18.04 to 20 ecc

2020-10-06 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Bug 1897879] Re: can not upgrade the sistem from 18.04 to 20 ecc

2020-10-06 Thread Seth Arnold
Hello, the usual cause of this problem is a broken HTTP proxy: 2020-09-30 11:23:42,573 ERROR IOError/SystemError in cache.update(): 'E:Impossibile recuperare http://packages.microsoft.com/repos/vscode/dists/stable/main/binary-amd64/Packages.bz2 Il file ha una dimensione non attesa (201047 !=

[Bug 1897792] Re: package bcmwl-kernel-source 6.30.223.30+bdcom-0ubuntu1~ppa1 failed to install/upgrade: installed bcmwl-kernel-source package post-installation script subprocess returned error exit s

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897792 Title: package bcmwl-kernel-source 6.30.223.30+bdcom-0ubuntu1~ppa1 failed to

[Bug 1897468] Re: loggin Passwort vergessen

2020-10-06 Thread Seth Arnold
Hallo, vllt probieren mit und ohne caps-lock key? Wann das nicht funkiert, https://help.ubuntu.com/community/LostPassword koennen sie helfen. Viel spass! Danke ** Information type changed from Private Security to Public ** Changed in: ubuntu-docs (Ubuntu) Status: New => Invalid -- You

[Bug 1897468]

2020-10-06 Thread Seth Arnold
Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see

[Bug 1897425] Re: package memtest86+ 5.01-3.1ubuntu2.1 failed to install/upgrade: installed memtest86+ package post-installation script subprocess returned error exit status 1

2020-10-06 Thread Seth Arnold
Thank you for taking the time to report this bug and helping to make Ubuntu better. Reviewing your dmesg attachment to this bug report it seems that there may be a problem with your hardware. I'd recommend performing a back up and then investigating the situation. Measures you might take

[Bug 1897425] Re: package memtest86+ 5.01-3.1ubuntu2.1 failed to install/upgrade: installed memtest86+ package post-installation script subprocess returned error exit status 1

2020-10-06 Thread Seth Arnold
In addition to the dmesg entries that look like hardware errors, it appears this machine's kernel is over two years old -- is that intentional? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1897380] Re: Input sound is not working

2020-10-06 Thread Seth Arnold
Thank you for taking the time to report this bug and helping to make Ubuntu better. Reviewing your dmesg attachment to this bug report it seems that there may be a problem with your hardware. I'd recommend performing a back up and then investigating the situation. Measures you might take

[Bug 1719169] Re: hp-toolbox cannot start

2020-10-02 Thread Seth Arnold
** Also affects: hplip (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719169 Title: hp-toolbox cannot start To manage notifications about this

[Bug 1894731] Re: [MIR] golang-*, Go build dependencies of google-guest-agent

2020-10-01 Thread Seth Arnold
Given the discussion held elsewhere and summarized in https://bugs.launchpad.net/ubuntu/+source/google-osconfig- agent/+bug/1896246 I've unsubscribed the security team from these MIRs to help us better see what work is still pending. If these packages are still needed for a MIR, please do shout.

[Bug 1891934] Re: [MIR] google-osconfig-agent

2020-09-30 Thread Seth Arnold
Balint, should ~ubuntu-mir be subscribed to this bug yet? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891934 Title: [MIR] google-osconfig-agent To manage notifications about this bug go

[Bug 1861235] Re: zfs recv PANIC at range_tree.c:304:range_tree_find_impl()

2020-09-24 Thread Seth Arnold
Is it interesting that I'm seeing both 19 and 20 in my dmesg? [1229822.406130] dmu_object_free: object = 0x266d2904, dn->dn_type = 20 [1229823.980888] dmu_object_free: object = 0x266d0d5a, dn->dn_type = 20 [1229823.994690] dmu_object_free: object = 0x266d0d5b, dn->dn_type = 20 [1229823.998123]

[Bug 1885633] Re: [ZDI-CAN-11233]: apport Unnecessary Privileges Information Disclosure Vulnerability

2020-09-24 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885633 Title: [ZDI-CAN-11233]: apport Unnecessary Privileges Information

[Bug 1871471] Re: flash end of life soon, suggest remove from groovy

2020-09-24 Thread Seth Arnold
** Summary changed: - flash end of life soon, suggest remove from ganimal + flash end of life soon, suggest remove from groovy ** Description changed: Hello, Adobe has said they will not be supporting Flash beyond 2020: https://helpx.adobe.com/acrobat/kb/flash-format-support-in-pdf.html

Re: [Bug 1896416] Re: screen locking no longer works

2020-09-23 Thread Seth Arnold
On Wed, Sep 23, 2020 at 10:14:57PM -, Tessa wrote: > Sep 23 15:07:58 boxxy gnome-shell[209336]: Screen lock is locked down, > not locking > > so it appears as if it thinks the screen is already locked, even though > I'm interacting with my session. and the dbus call doesn't have any way This

[Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-22 Thread Seth Arnold
Please use CVE-2020-16122 for this issue. Thanks. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16122 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1882098 Title:

[Bug 1894731] Re: [MIR] golang-*, Go build dependencies of google-guest-agent

2020-09-18 Thread Seth Arnold
Security team NAK on golang-github-kardianos-service at this time. Here's the notes I've collected while reading the source code. I didn't inspect the packaging in any depth, I understand that we may be changing the packaging, so I've ignored for that now. I filed two bug reports for the issues

[Bug 1890223] Re: No Wi-Fi Adapter Found Ubuntu 20.04 after updated Linux kernel to version 5.4.0-42-generic

2020-09-16 Thread Seth Arnold
Hello Eko, my guess is the process that had the debconf database locked was asking you to enroll a new secure boot key. By killing it rather than configuring a key, you can't install self-built kernel modules. I suggest looking at the "Manual Method" section of

[Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-09-16 Thread Seth Arnold
ubuntu-security is now subscribed to pcsc-lite bugs. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite To manage

[Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

2020-09-15 Thread Seth Arnold
Alternatively, you could use one of the recommended TLS configurations from Mozilla, https://wiki.mozilla.org/Security/Server_Side_TLS which do not enable the unsafe cryptography suites. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-09-15 Thread Seth Arnold
** Changed in: pcsc-lite (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite To

[Bug 1887187] Re: [MIR] nftables

2020-09-04 Thread Seth Arnold
(subscribing ubuntu-mir even though this isn't done yet, just in case that was overlooked :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887187 Title: [MIR] nftables To manage notifications

[Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

2020-09-04 Thread Seth Arnold
see also https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1774342 Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894172 Title: isc-dhcp-server using wrong env variable for INTERFACES

Re: [Bug 1887943] Re: [SRU] TLS is not enabled for memcached>=1.5.13

2020-09-01 Thread Seth Arnold
On Tue, Sep 01, 2020 at 08:21:05AM -, Moisés Guimarães de Medeiros wrote: > Seth, that is for not enabling it for armhf platforms, it wasn't in my > plans, but the debian folks put it there, I'm not aware what problems > they ran into. Thanks, when it's not part of our delta that makes it a

[Bug 1887943] Re: [SRU] TLS is not enabled for memcached>=1.5.13

2020-08-31 Thread Seth Arnold
What's this bit for? +ifeq (,$(filter $(DEB_HOST_ARCH),armhf)) Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887943 Title: [SRU] TLS is not enabled for memcached>=1.5.13 To manage

[Bug 1883890] Re: [MIR] libinih

2020-08-28 Thread Seth Arnold
on webkit, qtwebkit, seed or libgoa-* - no embedded source copies - not part of the UI for extra checks Problems: ** Changed in: libinih (Ubuntu) Assignee: Seth Arnold (seth-arnold) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a mem

[Bug 1893241] Re: attack alias sudo with nasty payload

2020-08-28 Thread Seth Arnold
Hello Patrik, thanks for your concern for Ubuntu's security. As you said, there are numerous possibilities for trouble when an account is compromised in this fashion. Placing malicious versions of utilities into ~/bin is another common choice. (Usually shell aliases, functions, and ~/bin/

[Bug 1893241] Re: attack alias sudo with nasty payload

2020-08-28 Thread Seth Arnold
** Information type changed from Private Security to Public Security ** Changed in: bash (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893241 Title:

[Bug 1893277] Re: please provide an evince mailcap file

2020-08-27 Thread Seth Arnold
** Description changed: Hello; when I try to view PDFs from mutt, gimp is selected. Gimp is a very poor choice for viewing PDFs. I have evince installed, but evince is listed after gimp in my /etc/mailcap file. I tried to fix this by using the /etc/mailcap.order file but this failed:

[Bug 1893277] [NEW] please provide an evince mailcap file

2020-08-27 Thread Seth Arnold
Public bug reported: Hello; when I try to view PDFs from mutt, gimp is selected. Gimp is a very poor choice for viewing PDFs. I have evince installed, but evince is listed after gimp in my /etc/mailcap file. I tried to fix this by using the /etc/mailcap.order file but this failed: $ grep

[Bug 1893277] Re: please provide an evince mailcap file

2020-08-27 Thread Seth Arnold
Oh yes, this was reported by other people (though not in any useful way) at https://askubuntu.com/questions/1118437/promote-evince-in-etc- mailcap-order Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-08-26 Thread Seth Arnold
Done, thanks Christian! ** Description changed: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security]

[Bug 1892559] [NEW] [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools

2020-08-21 Thread Seth Arnold
Public bug reported: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database.

[Bug 1892520] Re: Cannot sent h2c command

2020-08-21 Thread Seth Arnold
Hopefully helpful: [ 45.069078] NVRM: API mismatch: the client has the version 440.95.01, but NVRM: this kernel module has the version 440.100. Please NVRM: make sure that this kernel module and all NVIDIA driver NVRM: components have the same

[Bug 1825755] Re: apt-mirror in all versions (including disco and last from github) doesn't mirror Commands-* files

2020-08-21 Thread Seth Arnold
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825755 Title: apt-mirror in all versions (including disco and last from github) doesn't

[Bug 1892400] Re: Open text files with File manager (mouse won't release)

2020-08-21 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892400 Title: Open text files with File manager (mouse won't release) To manage

[Bug 1887190] Re: MSFT Touchpad not working on Lenovo Legion-5 15ARH05

2020-08-21 Thread Seth Arnold
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887190 Title: MSFT Touchpad not working on Lenovo Legion-5 15ARH05 To manage notifications

[Bug 1892239] Re: Audio Problems Ubuntu 20.04

2020-08-21 Thread Seth Arnold
Hello Trinity, Quite often, running pavucontrol is enough to see what needs to be changed to make audio output work correctly. I hope this helps. Thanks ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1892092] Re: doing dual boot with windows10 but windows crashed and i did again reinstall ubantu shows grub fetal error

2020-08-21 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Bug 1892092] Re: doing dual boot with windows10 but windows crashed and i did again reinstall ubantu shows grub fetal error

2020-08-21 Thread Seth Arnold
Well this is curious: Aug 18 19:52:48 ubuntu ubiquity: Secure Boot not enabled on this system. Aug 18 19:52:51 ubuntu grub-installer: info: Installing grub on '/dev/sda' Aug 18 19:52:51 ubuntu grub-installer: info: grub-install does not support --no-floppy Aug 18 19:52:51 ubuntu grub-installer:

[Bug 1892455] Re: [MIR] libselinux1

2020-08-21 Thread Seth Arnold
libselinux1 has been in main for many years: http://archive.ubuntu.com/ubuntu/pool/main/libs/libselinux/ Balint recently did some +1 work that mentioned libselinux: https://lists.ubuntu.com/archives/ubuntu-devel/2020-July/041095.html but I don't read that as suggesting that libselinux1 has been

Re: [Bug 1577948] Re: unmatched entries for apparmor STATUS messages

2020-08-20 Thread Seth Arnold
On Thu, Aug 20, 2020 at 11:56:09PM -, Bryce Harrington wrote: > Thanks for the additional information. I've seen the snap profile_* > messages in my logwatch output as unmatched, but want to understand them > more before filtering them. > > As to the general unconfined entries, how can we

[Bug 1577948] Re: unmatched entries for apparmor STATUS messages

2020-08-20 Thread Seth Arnold
The log message is reporting the profiles have been loaded. This is a standard part of booting a full system, starting services, and some service-specific operations (such as libvirt or snapd demand-loading profiles as VMs or snaps are used). There's other similar status messages:

[Bug 1516300] Re: dash command variable assignments remain in the shell after command execution completed

2020-08-18 Thread Seth Arnold
I gave this a test with Ubuntu 14.04, 16.04, 18.04, 20.04, LTS releases, and Debian 10 and Debian 11, in lxd. Ubuntus before 20.04 all showed the described behaviour. Ubuntu 20.04 LTS worked the same as both Debian releases. The versions of dash in each release make this make some sense: $ for

[Bug 1516300] Re: dash command variable assignments remain in the shell after command execution completed

2020-08-18 Thread Seth Arnold
** Changed in: dash (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1516300 Title: dash command variable assignments remain in the shell after command

[Bug 1889322] Re: nvidia gforce

2020-08-14 Thread Seth Arnold
Hello snapd folks, this package logged over a thousand DENIED messages in about ten minutes. This can't be good for system responsiveness, battery life, drive health, filesystem free space, etc. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1889322] Re: nvidia gforce

2020-08-14 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Bug 1889716] Re: package grub-efi-amd64-signed 1.142.3+2.04-1ubuntu26.1 failed to install/upgrade: installed grub-efi-amd64-signed package post-installation script subprocess returned error exit stat

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889716 Title: package grub-efi-amd64-signed 1.142.3+2.04-1ubuntu26.1 failed to

[Bug 1889373] Re: Mozilla Firefox 78.x ESR Multiple Vulnerabilities

2020-08-14 Thread Seth Arnold
Hello, Ubuntu doesn't ship the ESR Firefox. We addressed these issues in: https://ubuntu.com/security/notices/USN-4443-1 Thanks ** Information type changed from Private Security to Public Security ** Changed in: firefox (Ubuntu) Status: New => Fix Released -- You received this bug

[Bug 1889771] Re: Plantage lors de l'installation

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889771 Title: Plantage lors de l'installation To manage notifications about this bug go

[Bug 1889536] Re: installation failure

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889536 Title: installation failure To manage notifications about this bug go to:

[Bug 1889927] Re: [HP EliteBook 840 G3, Conexant CX20724, Speaker, Internal] No sound at all , no sound from internal speaker but using a headset there is

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889927 Title: [HP EliteBook 840 G3, Conexant CX20724, Speaker, Internal] No sound at all

[Bug 1889919] Re: package mysql-server-8.0 8.0.21-0ubuntu0.20.04.3 failed to install/upgrade: installed mysql-server-8.0 package post-installation script subprocess returned error exit status 1

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889919 Title: package mysql-server-8.0 8.0.21-0ubuntu0.20.04.3 failed to

[Bug 1890012] Re: Could not install 'systemd-shim'

2020-08-14 Thread Seth Arnold
Hello Andreas, this bug is filed against xorg, but the text description looks like systemd-shim was involved. Should this be an xorg bug or a systemd-shim bug? Or something else? Thanks ** Information type changed from Private Security to Public -- You received this bug notification because

[Bug 1890645] Re: package firebird3.0-server 3.0.5.33220.ds4-1build2 failed to install/upgrade: o subprocesso instalado, do pacote firebird3.0-server, o script post-installation retornou erro do statu

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890645 Title: package firebird3.0-server 3.0.5.33220.ds4-1build2 failed to

[Bug 1890930] Re: Xorg freeze

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890930 Title: Xorg freeze To manage notifications about this bug go to:

[Bug 1890192] Re: installation crashed

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890192 Title: installation crashed To manage notifications about this bug go to:

[Bug 1890957] Re: [nvidia] My Night Light doesn't work at all.

2020-08-14 Thread Seth Arnold
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890957 Title: [nvidia] My Night Light doesn't work at all. To manage notifications about

[Bug 1861359] Re: swap storms kills interactive use

2020-08-14 Thread Seth Arnold
I was reminded of this bug earlier today -- Andrea, Sultan, thanks so much for fixing my issues. I've been happily running along for months now. :) Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1889556] Re: grub-install failure does not fail package upgrade (and does not roll back to matching modules)

2020-08-13 Thread Seth Arnold
Hello halfgaar, our knowledge base article includes some instructions for Amazon ec2 instances on how to recover from this situation: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Cloud_instances_.28e.g._AWS_EC2.29 If the virtual console support provides a mechanism to

[Bug 1870818] Re: apache2 security fix in 2.4.43

2020-08-13 Thread Seth Arnold
This was addressed in USN 4458-1: https://usn.ubuntu.com/4458-1 Thanks ** Changed in: apache2 (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

  1   2   3   4   5   6   7   8   9   10   >