Public bug reported:
The cryptojs library has been deprecated by upstream
https://github.com/brix/crypto-js?tab=readme-ov-file#discontinued and
recommends the native javascript Crypt library.
It has no reverse dependencies:
$ reverse-depends src:cryptojs
No reverse dependencies found
$
** Also affects: xorg-server (Ubuntu Noble)
Importance: High
Status: Triaged
** Also affects: xwayland (Ubuntu Noble)
Importance: High
Status: Triaged
** Also affects: xorg-server (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: xwayland (Ubuntu
I have prepared test packages for ubuntu 22.04 LTS/jammy in the
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages PPA for both xorg-server:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+sourcepub/15921802/+listing-archive-extra
and for
The reproducer https://bugs.freedesktop.org/attachment.cgi?id=28621 from
the original 2009 bug report
https://bugs.freedesktop.org/show_bug.cgi?id=23286 does seem to work at
triggering this issue, at least under Xwalyand.
** Bug watch added: freedesktop.org Bugzilla #23286
Are people seeing this issue with any other Ubuntu releases, which also
received updates addressing CVE-2024-31083, or is this strictly
affecting the version in 22.04/jammy?
It looks like
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476 has a
proposed fix, in
** Description changed:
+ SRU Team; the packages for focal-proposed and jammy-proposed are
+ intended as security updates prepared by the Ubuntu Security team (and
+ have built in a ppa with only the security pockets enabled). However,
+ because the fix makes mount rules in apparmor policy be
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
** Tags added: sec-1058
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1975523
Title:
[MIR] Promote to main in Jammy and Kinetic
To manage notifications about this bug go to:
** Tags added: sec-1057
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1963707
Title:
[MIR] libqrtr-glib
To manage notifications about this bug go to:
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30594
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972740
Title:
Unprivileged users may use PTRACE_SEIZE to set
** Tags added: sec-994
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972043
Title:
Please add -ftrivial-auto-var-init=zero to default build flags
To manage notifications about this bug go to:
** Tags added: sec-407
** Tags added: sec-408 sec-409
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892559
Title:
[MIR] ccid opensc pcsc-lite
To manage notifications about this bug go to:
** Tags added: sec-976
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965115
Title:
[MIR] nullboot
To manage notifications about this bug go to:
** Also affects: cron (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: cron (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: cron (Ubuntu Xenial)
Status: New => Triaged
** Changed in: cron (Ubuntu Bionic)
Status: New => Triaged
** Changed in: linux-aws (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1949186
Title:
Missing Linux Kernel mitigations for 'SSB - Speculative Store
Hi, is this still on the kernel team's radar to address in trusty and in
the various linux-azure kernels?
Thanks!
** Changed in: linux-oem-5.14 (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-oem-5.13 (Ubuntu Trusty)
Status: New => Invalid
** Changed in:
Thanks, making this public.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951927
Title:
Array overflow in au_procfs_plm_write
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961528
Title:
Security: Arbitrary shell command injection through PDF import or
Given that this issue is public in the freedesktop gitlab instance, I'm
making this issue public here as well.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Bartłomiej, was this issue reported to mozilla? Do you have a bug
report there?
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1961854
Title:
Thunderbid saves accepted calendar
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Jeremy, is there any progress on this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1971415
Title:
Remote desktop is automatically enabled after login
To manage notifications about this
** Package changed: ubuntu => gnome-shell (Ubuntu)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972812
Title:
The operating
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1214787
Title:
busybox crashed with signal 7
To manage notifications about this bug go to:
Public bug reported:
Upstream bug report: https://github.com/go-macaroon-bakery/py-macaroon-
bakery/issues/88
See above for details, but the essential bug is that doing something
like the following:
client = httpbakery.Client(cookies=MozillaCookieJar(".cooklefile"))
if
Hi, yes, from the Ubuntu Security team's perspective, this should go to
the security pocket.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1969619
Title:
RDP Sharing appears on by default in jammy
** Tags added: sec-753
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926321
Title:
[MIR] telegraf
To manage notifications about this bug go to:
** Tags added: sec-754
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1956617
Title:
[MIR] protobuf-c
To manage notifications about this bug go to:
** Tags added: sec-751
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746629
Title:
[MIR] libbluray
To manage notifications about this bug go to:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1808537
Title:
[bionic] ffmpeg update to 3.4.5
To manage notifications about this
This was fixed in Jammy (Ubuntu 22.04 LTS pre-release) in phpliteadmin
1.9.8.2-2, closing that task.
** Changed in: phpliteadmin (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
All work for this report has been completed, I believe the linux and
linux-meta tasks can be closed out as well.
** Changed in: linux (Ubuntu)
Status: Triaged => Fix Released
** Changed in: linux-meta (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification
Hi Ammar, apologies for the delayed followup, what is the version of the
kernel that you are seeing this with? I.E. what is the output of running
the command 'cat /proc/version_signature' where this is showing up?
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0135
** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0175
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950940
This was fixed in https://ubuntu.com/security/notices/USN-5309-1 for
focal and newer; it is unfixed in bionic where virglrenderer is
community maintained.
(Edited to fix USN URL.)
** Also affects: virglrenderer (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects:
This was fixed in https://ubuntu.com/security/notices/USN-5309-1 for
focal and newer; it is unfixed in bionic where virglrenderer is
community maintained.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0175
** Also affects: virglrenderer (Ubuntu Focal)
Importance: Undecided
Issue 251 is not open upstream, but it looks like this was addressed in
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/2aed5d419722a0d9fbd17be9c7a1147e22b681de
along with a couple of other security fixes in
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
. It
This has been fixed in all affected Ubuntu kernels, closing.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0322
** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug
This was fixed in affected kernels in
https://ubuntu.com/security/notices/USN-5317-1 and
https://ubuntu.com/security/notices/USN-5362-1
** Package changed: ubuntu => linux (Ubuntu)
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
This is fixed in jammy (Ubuntu 22.04 LTS pre-release) but not in focal
or bionic.
** Also affects: lapack (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: lapack (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: lapack (Ubuntu Focal)
** Changed in: lapack (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968043
Title:
Open CVE-2021-4048 with critical severity
To manage notifications about
As an aside, the wireguard-dkms package is not necessary to install
(unless one is running an older non Ubuntu kernel that does not have the
wireguard module available) as the wireguard kernel module has been
enabled and backported to all Ubuntu kernels going back to the 4.4
kernel in Ubuntu 16.04
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
I reviewed glusterfs 10.1-1 as checked into jammy. This
shouldn't be considered a full audit but rather a quick gauge
of maintainability.
GlusterFS is a clustered network file-system.
- CVE History: 27 CVEs, though the most recent are from
2018. Issue resolution looks okay. One or two of the
On Mon, Apr 04, 2022 at 09:31:39AM -, Simon Chopin wrote:
> We also have a provisional ACK from the security team (I'll keep working
> on surfacing the vendored deps data in a better way than Cargo.lock!).
>
> The seed changes are in a MP at
>
This issue was addressed in Ubuntu in
https://ubuntu.com/security/notices/USN-5310-1 and
https://ubuntu.com/security/notices/USN-5310-2 and the under development
jammy/Ubuntu 22.04 LTS already has glibc 2.35 incorporated.
Please also note that Ubuntu has been building with stack-protector
enabled
python distutils deprecation has been filed as a bug upstream at
https://bugzilla.netfilter.org/show_bug.cgi?id=1594
For the security review, while I did do some review while preparing the
MIR request, I supsect it is preferable for the submitter to not also be
the one to do the security review.
Yes, that's correct, both commits are needed. The debdiff/merge request
look good to me, please go ahead and upload them to jammy so we can have
proper symbol versioning on the ibrary itself there. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
(If this were a build time testsuite, our log comparison process would
pick up changes. We could *maybe* do something akin to how we try to
detect new failing tests in openjdk in qrt's notes_testing/openjdk/
where we maybe compare our current adt runs of nftables against a prior
run, and look for
So this looks okay, there are unfortunately a bunch of errors in the
tests with v1.0.2 against a 5.15 kernel because the 'egress' hook
support was only added in 5.16
(https://git.kernel.org/linus/42df6e1d221dddc0f2acf2be37e68d553ad65f96).
This results in the following output in a jammy VM:
96
For the required todos:
1) yes, the Ubuntu Security team is willing to maintain the embedded
code copies.
2) debian symbols tracking:
https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1965464
For the recommended todos, we will try to make progress on those.
Thanks!
--
You received this
Submitted patch to Debian: https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=1007888
** Bug watch added: Debian Bug tracker #1007888
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007888
** Also affects: nftables (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007888
Debdiff to fix in ubuntu attached
** Patch added: "nftables_1.0.2-1ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1965464/+attachment/5570243/+files/nftables_1.0.2-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
I attemped to fix it with the following patch:
Index: b/src/Makefile.am
===
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -91,7 +91,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \
libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS}
One concern with this is that the upstream symbol versioning is broken;
generating the debian symbols file looks like so:
libnftables.so.1 libnftables1 #MINVER#
nft_ctx_add_include_path@Base 0.9.2
nft_ctx_add_var@Base 1.0.0
nft_ctx_buffer_error@Base 0.9.2
nft_ctx_buffer_output@Base 0.9.2
Public bug reported:
As part of the MIR for nftables, the addition of symbols tracking in the
debian packaging for nftables is a requirement.
** Affects: nftables (Ubuntu)
Importance: High
Assignee: Steve Beattie (sbeattie)
Status: Confirmed
** Changed in: nftables (Ubuntu
On Tue, Mar 15, 2022 at 05:14:00PM -, Simon Chopin wrote:
> Before even starting to address the various points further, I must ask
> whether they're showstopper for the *rustc* MIR.
> I ask because some of the concerns raised here are irrelevant for rustc
> itself. For instance, the
On Fri, Mar 11, 2022 at 10:17:47AM -, Simon Chopin wrote:
> @sbeattie there's some context on those various fields in
> https://github.com/cpaelzer/ubuntu-mir/pull/3
Thanks for this.
> Basically X-Cargo-Built-Using should be folded into Built-Using.
I agree with this, but is there a plan to
> 'Built-Using' vs 'X-Cargo-Built-Using' dh-cargo behavior
So there is no plan to change this in dh-cargo? The tool the security
team has that queries Built-Using can be modified to use the alternate
field, if necessary, but we need to know if that's what we need to do.
Are the tools that help
I reviewed plocate 1.1.15-1ubuntu2 as checked into jammy. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
plocate is a locate implementation based on posting lists and io_uring,
intended as a drop-in replacement for mlocate.
- No CVE History.
-
I'm working on the Security review of GlusterFS, which I have not quite
completed, but to offer a comment on fusermount-glusterfs binary, the
Security team would strongly prefer to not have another setuid binary
for this; the original setuid fusermount has had its own security
history and we would
** Changed in: glusterfs (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Steve Beattie
(sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] gluste
I reviewed rustc 1.57.0+dfsg1+llvm-0ubuntu2 as checked into jammy
(but also peeked briefly at 1.58.1+dfsg1~ubuntu1-0ubuntu1~ppa5
in Simon's ppa). This shouldn't be considered a full audit but
rather a quick gauge of maintainability, and this is a bit more
streamlined review than normal due to the
Andreas wrote:
> If you happen to have a kernel installed that has the virtual provides
> for wireguard-modules, then dkms won't be pulled in.
Oh nice, I missed that, thanks for pointing it out. That definitely
covers my complaint there.
--
You received this bug notification because you are a
One other non-security opinionated comment: having the wireguard meta
package pull in the dkms package will likely cause people to install
them unnecessarily. While many people will read the documentation first
and realize they only need to install wireguard-tools, it's likely
others will hear
I reviewed wireguard 1.0.20210914-1ubuntu2 as checked into jammy.
This shouldn't be considered a full audit but rather a quick
gauge of maintainability.
wireguard is the user space component of the WireGuard VPN, an
in-kernel vpn. The tools provided are for querying and configuring
the state of
I reviewed libyang2 2.0.112-6ubuntu2 as checked into jammy.
This shouldn't be considered a full audit but rather a quick gauge
of maintainability. The libyang2 source package is a rename of the
libyang based on the upstream 2.0 version which included a new parser;
the libyang source package has
** Changed in: nftables (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
** Changed in: nftables (Ubuntu)
Status: Confirmed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
-
[Availability]
* The package is already in universe and has been supported
by Ubuntu kernels since at least Ubuntu 18.04 LTS. It
builds and is supported on all Ubuntu architectures.
[Rationale]
* nftables is the future CLI and backend for
** Description changed:
[Availability]
- * The package is already in universe and has been supported by Ubuntu
- kernels since at least Ubuntu 18.04 LTS. It builds and is supported
- on all Ubuntu architectures.
+ * The package is already in universe and has been supported
+ by Ubuntu
** Description changed:
+
[Availability]
- * The package is present in universe and is built for all architectures.
+ * The package is already in universe and has been supported by Ubuntu
+ kernels since at least Ubuntu 18.04 LTS. It builds and is supported
+ on all Ubuntu architectures.
Also, given that nftables is configuring netfilter in the kernel, it
would probably be helpful to identify which kernel version you saw this
with.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Elrik,
Thanks for reporting your issue to Ubuntu, and apologies for the delayed
response. Can you say explicitly what behavior you're expecting to have
work that does not? I.E. are ssh connections to the host unsuccessful or
are other outbound operations failing?
Some useful diagnostics to
Hi,
Thanks for reporting this issue. If the behavior fails due to a kernel
update, it's unlikely to be a problem in the user space nftables tool.
Looking for suspicious commits between 5.4.0-84.94 and 5.4.0-90.101,
https://git.launchpad.net/~ubuntu-
Hey Kunal, thanks again for preparing these debdiffs. After reviewing
them, I've gone ahead and uploaded the packages to the ubuntu-security-
proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages to build and run through
autopkgtests; any feedback or
Hi Kunal,
Thanks for preparing these updates, I'm looking at them now. Apologies
that they didn't get picked up earlier.
** Changed in: mediawiki (Ubuntu Bionic)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: mediawiki (Ubuntu Focal)
Assignee: (unassigned) =>
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951837
Title:
new kernel 5.4.0-90-generic contain error with snat in vrf
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958089
Title:
Acer laptop screen goes black after a few hours of work
To manage
This was assigned CVE-2021-4204.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4204
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1956585
Title:
OOB write on BPF_RINGBUF
To
** Description changed:
tr3e wang discovered that an OOB write existed in the eBPF subsystem in
the Linux kernel on BPF_RINGBUF.
Mitigation commit: https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83
** Description changed:
tr3e wang discovered that an OOB write existed in the eBPF subsystem in
the Linux kernel on BPF_RINGBUF.
Mitigation commit: https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83
+
+
** Information type changed from Private Security to Public Security
** Description changed:
- Placeholder bug.
+ tr3e wang discovered that an OOB write existed in the eBPF subsystem in
+ the Linux kernel on BPF_RINGBUF.
+
+ Mitigation commit: https://git.launchpad.net/~ubuntu-
+
nee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916767
Title:
firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910
To manage notific
Okay from the Ubuntu Security team for these tzdata updates to land in
security pockets. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948698
Title:
Update tzdata to version 2021e
To
This was fixed for xenial/esm with tzdata 2021a-2ubuntu0.16.04+esm1 and
for trusty/esm with tzdata 2021a-2ubuntu0.14.04+esm1. Thanks Brian, for
preparing these updates!
** Changed in: tzdata (Ubuntu Xenial)
Status: New => Fix Released
** Also affects: tzdata (Ubuntu Trusty)
Importance:
I am not aware of a security impact from this issue, so if it is to be
addressed in xenial ESM, it would eed to go through a support request.
closing the xenial tasks as Won't Fix.
** Changed in: python2.7 (Ubuntu Xenial)
Status: New => Won't Fix
** Changed in: python3.5 (Ubuntu Xenial)
For python2.7, this was fixed in
https://github.com/python/cpython/commit/a5c9112300ecd492ed6cc9759dc8028766401f61
which landed in 2.7.15, so has been fixed in bionic-updates and newer.
** Changed in: python2.7 (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: python2.7 (Ubuntu)
In actuality, the bug describing the autopkgtest failure for docker.io
in xenial is bug 1855481. The fix for this in xenial was incorporated
into the docker.io 18.09.7-0ubuntu1~16.04.9+esm1 ESM update.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This was fixed in all releases (including trusty and xenial ESM) except
impish, leaving that task open.
** Changed in: distro-info-data (Ubuntu)
Status: Fix Released => Triaged
** Also affects: distro-info-data (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects:
Public bug reported:
It was recently announced the the 14.04 and 16.04 ESM releases would be
receive a total of five years ESM support status each, and the distro-
info-data for ubuntu should be updated to reflect that:
$ dpkg -l distro-info-data | grep ^ii
ii distro-info-data 0.51
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1352007
Title:
avconv crashed with SIGSEGV in paint_mouse_pointer()
To manage notifications about
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1368481
Title:
avconv assert failure: avconv:
** Attachment removed: "CoreDump.gz"
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980943/+attachment/3059934/+files/CoreDump.gz
** Information type changed from Private to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Ack from the Ubuntu Security team for both gnutls28 3.5.18-1ubuntu1.5
and 3.4.10-4ubuntu1.9 to go to bionic-security and xenial-security
respectively.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
[Impact]
s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading
to possible local privilege escalation.
[Mitigation]
Disable unprivileged eBPF.
sysctl -w kernel.unprivileged_bpf_disabled=1
[Potential regression]
BPF programs might
Commits to address this are upstream in Linus' tree; they are:
1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x8000 constant")
db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")
--
You received
** Bug watch added: Sourceware.org Bugzilla #27256
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
** Also affects: glibc via
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a
Is this worth addressing in the cloud kernels or should we stick to
early microcode loads only?
** Changed in: linux-aws (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
1 - 100 of 11491 matches
Mail list logo
