Looks good, ACK.
I've uploaded it to -proposed (with a slight version change) for
processing by the SRU team. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sqlalchemy in Ubuntu.
https://bugs.launchpad.net/bugs/1025544
Whole slew of security fixes are needed:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665
** Bug watch added: Debian Bug tracker #683665
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665
--
You received this bug notification because you are a member of Ubuntu
Server Team,
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Has the fix in comment #17 worked for anyone else?
** Tags added: rls-q-incoming
** Also affects: samba (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Quantal)
Importance: High
Status: Confirmed
** Changed in: samba (Ubuntu Precise)
This is fixed in quantal now too.
** Changed in: puppet (Ubuntu Quantal)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/1023931
Title:
= Confirmed
** Changed in: puppet (Ubuntu Quantal)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: puppet (Ubuntu Precise)
Status: New = Fix Released
** Changed in: puppet (Ubuntu Oneiric)
Status: New = Fix Released
** Changed in: puppet (Ubuntu Lucid
I have run the QRT testing script on postfix in precise-proposed, and it
passed without any issue.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1022772
Title:
Microversion
** Bug watch added: Debian Bug tracker #664724
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664724
** Also affects: rrdtool (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664724
Importance: Unknown
Status: Unknown
--
You received this bug notification because
No. There is no concept of package maintainers in Ubuntu.
Anyone is welcome to attach a debdiff that fixes the issue, and
subscribing ubuntu-security-sponsors, at which point someone from the
security team will review it and upload it.
** Changed in: socat (Ubuntu)
Status: New =
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks Stéphane,
This isn't a security flaw per se requiring a CVE. If you have something
to SRU in previous releases, you can include this, else we'll bundle it
next time we do have a security issue to fix.
--
You received this bug notification because you are a member of Ubuntu
Server Team,
We have rated this as a low severity issue, so it will only get fixed
if more important vulnerabilities are discovered in Quagga. See the
security team tracker:
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1820.html
** CVE added:
Thanks for reporting this issue, as you have determined, the security
fix changed the default behaviour.
I am closing this bug now as there is no further action to take. Thanks.
** Changed in: php5 (Ubuntu)
Status: Confirmed = Invalid
--
You received this bug notification because you
There was a regression in 0.97.5+dfsg-1ubuntu0.12.04.1 that prevented it
from being installed properly on new installations. 0.97.5+dfsg-
1ubuntu0.12.04.2 was quickly released to solve the issue. You may need
to uninstall clamav completely before attempting to install 0.97.5+dfsg-
*** This bug is a duplicate of bug 1015337 ***
https://bugs.launchpad.net/bugs/1015337
** This bug has been marked a duplicate of bug 1015337
clamav-base fails configure with
`/usr/share/doc/clamav-base/examples/main.cvd': No such file or directory
--
You received this bug notification
*** This bug is a duplicate of bug 1015337 ***
https://bugs.launchpad.net/bugs/1015337
** This bug has been marked a duplicate of bug 1015337
clamav-base fails configure with
`/usr/share/doc/clamav-base/examples/main.cvd': No such file or directory
--
You received this bug notification
Wait until your local mirror gets 0.97.5+dfsg-1ubuntu0.12.04.2.
If your local mirror already has it, you may also need to remove the
packages that are currently installed, and reinstall clamav.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
= Confirmed
** Changed in: clamav (Ubuntu Precise)
Status: New = Confirmed
** Changed in: clamav (Ubuntu Quantal)
Status: New = Confirmed
** Changed in: clamav (Ubuntu Natty)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: clamav (Ubuntu Oneiric
*** This bug is a duplicate of bug 1015337 ***
https://bugs.launchpad.net/bugs/1015337
** This bug has been marked a duplicate of bug 1015337
clamav-base fails configure with
`/usr/share/doc/clamav-base/examples/main.cvd': No such file or directory
--
You received this bug notification
New packages are currently being built and will be published as a
regression fix in about an hour.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in Ubuntu.
https://bugs.launchpad.net/bugs/1015337
Title:
clamav-base fails
*** This bug is a duplicate of bug 1015337 ***
https://bugs.launchpad.net/bugs/1015337
** This bug has been marked a duplicate of bug 1015337
clamav-base fails configure with
`/usr/share/doc/clamav-base/examples/main.cvd': No such file or directory
--
You received this bug notification
*** This bug is a duplicate of bug 1015337 ***
https://bugs.launchpad.net/bugs/1015337
** This bug has been marked a duplicate of bug 1015337
clamav-base fails configure with
`/usr/share/doc/clamav-base/examples/main.cvd': No such file or directory
--
You received this bug notification
*** This bug is a duplicate of bug 1015337 ***
https://bugs.launchpad.net/bugs/1015337
** This bug is no longer a duplicate of bug 1015361
package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade:
subprocess installed post-installation script returned error exit status
Thanks for the debdiffs.
I don't believe this satisfies the SRU criteria for natty and oneiric.
There is no good reason to push updated packages for all our users just
to get debugging symbols.
If you are attempting to debug natty or oneiric, please use a locally
built package with the patch.
FYI, I can only reproduce CVE-2012-2122 on real hardware that supports
SSE4. Oneiric and higher, amd64 only.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1011371
Title:
mysql
*** This bug is a duplicate of bug 1011371 ***
https://bugs.launchpad.net/bugs/1011371
** This bug has been marked a duplicate of bug 1011371
mysql 5.5.24, 5.1.63, 5.0.x security update tracking bug
--
You received this bug notification because you are a member of Ubuntu
Server Team,
** Affects: mysql-5.5 (Ubuntu Lucid)
Importance: Undecided
Status: Invalid
** Affects: mysql-dfsg-5.0 (Ubuntu Lucid)
Importance: Undecided
Status: Invalid
** Affects: mysql-dfsg-5.1 (Ubuntu Lucid)
Importance: High
Assignee: Marc Deslauriers (mdeslaur
bug #64884 is CVE-2012-2122
** Changed in: mysql-dfsg-5.0 (Ubuntu Hardy)
Importance: Undecided = High
** Changed in: mysql-dfsg-5.0 (Ubuntu Hardy)
Status: New = Confirmed
** Changed in: mysql-dfsg-5.0 (Ubuntu Hardy)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed
This is your issue:
Jun 6 09:11:03 tih-lussu named[12840]: loading configuration from
'/etc/bind/named.conf'
Jun 6 09:11:03 tih-lussu named[12840]: /etc/bind/named.conf.options:22:
expected IP address near 'dnssec-validation'
Jun 6 09:11:03 tih-lussu named[12840]: loading configuration:
Do you have a log file or something that could give us a clue what
happened?
** Changed in: bind9 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
This is your issue:
Setting up bind9 (1:9.7.0.dfsg.P1-1ubuntu0.5) ...
* Starting domain name service... bind9
named: chroot(): No such file or directory
...fail!
invoke-rc.d: initscript bind9, action start failed.
Looks like you are missing files or directories. Please reinstall the
whole
This was in your syslog file:
Jun 1 01:28:09 id named[5470]: loading configuration from
'/etc/bind/named.conf'
Jun 1 01:28:09 id named[5470]: /etc/bind/named.conf.options:14: expected IP
address near 'forwarders'
Jun 1 01:28:09 id named[5470]: loading configuration: unexpected token
Jun 1
This is fixed now: http://www.ubuntu.com/usn/usn-1462-1/
** Visibility changed to: Public
** Changed in: bind9 (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
Security by obscurity doesn't actually work. Hiding the version number
will not affect whether your system is secure or not, and it's quite
likely that an attacker would simply run his script regardless of the
version number displayed on your website.
If this is important in your environment,
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Four-octet AS Number Capability
- CVE-2012-0249
- CVE-2012-0250
- CVE-2012-0255
** Affects: quagga (Ubuntu)
Importance: Medium
Status: Fix Released
** Affects: quagga (Ubuntu Lucid)
Importance: Medium
Assignee: Marc Deslauriers (mdeslaur)
Status
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.0 in Ubuntu.
https://bugs.launchpad.net/bugs/988325
Title:
mysql-server
*** This bug is a duplicate of bug 978458 ***
https://bugs.launchpad.net/bugs/978458
** This bug has been marked a duplicate of bug 978458
CVE-2012-1182: root credential remote code execution
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
ACK on the debdiff, uploaded to Precise.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/978708
Title:
[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986
through
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/974460
Title:
cobbler-ubuntu-import does not check gpg signatures
To manage notifications about
CVE requested: http://www.openwall.com/lists/oss-security/2012/04/10/8
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/974460
Title:
cobbler-ubuntu-import does not check gpg
This is CVE-2012-2092
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2092
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/974460
Title:
cobbler-ubuntu-import
This is how the smb protocol browsing is designed to function.
If you don't want your workstation to act as a master browser, you need
to turn off the options in smb.conf. Maybe something like this?
[global]
domain master = no
local master = no
preferred master = no
os level = 0
** Visibility
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: mysql-5.1 (Ubuntu Maverick)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: mysql-5.5 (Ubuntu Maverick)
Importance: Undecided
Status
Ubuntu backports security fixes into stable releases. The php version in
Lucid gets all security fixes. Here are the latest ones:
http://www.ubuntu.com/usn/usn-1358-1/
See our FAQ:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
** Visibility changed to: Public
** Changed in: php5 (Ubuntu)
Chris,
A couple of comments on your debdiff:
1- Could you change the version to 5.0.5-0ubuntu6.1
2- Could you add some tags to your patch to explain it's provenance (See
http://dep.debian.net/deps/dep3/)
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Server
** Changed in: mysql-dfsg-5.1 (Ubuntu)
Status: In Progress = Fix Released
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Status: In Progress = Fix Released
** Changed in: mysql-5.1 (Ubuntu)
Status: In Progress = Fix Released
--
You received this bug notification because you are a
** Changed in: mysql-dfsg-5.0 (Ubuntu Hardy)
Status: New = Confirmed
** Changed in: mysql-dfsg-5.0 (Ubuntu Hardy)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: mysql-dfsg-5.0 (Ubuntu Lucid)
Status: New = Invalid
** Changed in: mysql-dfsg-5.0 (Ubuntu Maverick
-5.1 (Ubuntu Lucid)
Importance: Undecided
Status: Invalid
** Affects: mysql-dfsg-5.1 (Ubuntu Lucid)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: mysql-5.1 (Ubuntu Maverick)
Importance: Undecided
Assignee: Marc
Thanks for the debdiff.
Seems to me removing all the permission setting in the postinst is the
wrong way to fix this. How are those permissions going to get setup?
How about doing something like this instead?
test -f $en/resource.cfg setperm root nagios 0640 $en/resource.cfg
NACK on the
Ah! that makes sense. Thanks for the new information.
ACK on the debdiff. The only change I will do before uploading is
changing the version to 3.2.3-3ubuntu1 since we now have a Ubuntu delta.
** Changed in: nagios3 (Ubuntu)
Status: Confirmed = Fix Committed
--
You received this bug
: New = Confirmed
** Changed in: apache2 (Ubuntu Precise)
Status: Incomplete = Fix Released
** Changed in: apache2 (Ubuntu Precise)
Assignee: Jamie Strandboge (jdstrand) = (unassigned)
** Changed in: apache2 (Ubuntu Hardy)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur
SRU team: This is a security update. If the packages have the required
testing to publish, please let the security team know so we can publish
the USN and push it to -security also. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
** Also affects: linux (Ubuntu Precise)
Importance: Undecided
Status: Confirmed
** Also affects: lxc (Ubuntu Precise)
Importance: High
Status: Confirmed
** Changed in: linux (Ubuntu Precise)
Milestone: None = ubuntu-12.04-beta-1
** Tags added: rls-p-tracking
--
You
*** This bug is a duplicate of bug 909828 ***
https://bugs.launchpad.net/bugs/909828
** This bug has been marked a duplicate of bug 909828
Tomcat needs update to prevent hash function DoS attack
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
There are now updated tomcat6 packages that fix this issue, and
CVE-2012-0022 in -proposed. Since the patch is quite intrusive, they
will stay in -proposed until they get some testing.
If you would like to help, please enable -proposed, test the updates,
and post your results here.
Thanks.
**
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
** Changed in: libcgroup (Ubuntu)
Status: New = Confirmed
** Changed in: libcgroup (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libcgroup in Ubuntu.
debdiff looks good. ACK. I'm building the package now and will release
it today.
Thanks!
** Changed in: squid3 (Ubuntu Lucid)
Status: New = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
Maverick-Oneiric have been released now, and will appear in mirrors in
the next few hours.
** Changed in: squid3 (Ubuntu Maverick)
Status: Fix Committed = Fix Released
** Changed in: squid3 (Ubuntu Natty)
Status: Fix Committed = Fix Released
** Changed in: squid3 (Ubuntu Oneiric)
Only affects lucid.
** Changed in: squid3 (Ubuntu Maverick)
Status: New = Invalid
** Changed in: squid3 (Ubuntu Natty)
Status: New = Invalid
** Changed in: squid3 (Ubuntu Oneiric)
Status: New = Invalid
--
You received this bug notification because you are a member of
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/915941
Title:
overlayfs does not honor lxc-related permissions
To manage
This is CVE-2012-0055
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0055
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/915941
Title:
overlayfs does not honor
Thanks for the debdiffs. Sorry for the delay in reviewing them.
ACK for maverick, natty and oneiric. They are being built now and will
be released in a few hours.
NACK for lucid. There seems to be a line missing in the CVE-2011-3205
patch. Could you please check, and attach a fixed debdiff?
Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.
Submitting the bug about the proper source package is essential. For
help see
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4858
** Also affects: tomcat6 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: tomcat6 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: tomcat6 (Ubuntu Oneiric)
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Hardy)
You can download the previous version from this page:
For i386:
https://launchpad.net/~ubuntu-security/+archive/ppa/+build/2844451
For amd64:
https://launchpad.net/~ubuntu-security/+archive/ppa/+build/289
Please indicate if downgrading has worked for you.
** Visibility changed to: Public
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/900553
Title:
Any user can manage the keystone database via keystone-manage
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
This has been published now:
http://www.ubuntu.com/usn/usn-1264-1/
** Visibility changed to: Public
** Changed in: bind9 (Ubuntu)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in
Synced:
[ubuntu/precise] puppet 2.7.6-1 (Accepted)
** Changed in: puppet (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/882507
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Package changed: ubuntu = php5 (Ubuntu)
** Summary changed:
- ubuntu 11.10 apache session
+ php
** Visibility changed to: Public
** Visibility changed to: Public
** Changed in: openldap (Ubuntu)
Status: New = Confirmed
** Changed in: openldap (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
This is fixed already, see:
http://www.ubuntu.com/usn/usn-1126-1/
** Visibility changed to: Public
** Visibility changed to: Public
** Changed in: php5 (Ubuntu)
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
This looks like it only affects Natty...
** Changed in: puppet (Ubuntu Lucid)
Status: New = Invalid
** Changed in: puppet (Ubuntu Maverick)
Status: New = Invalid
** Changed in: puppet (Ubuntu Oneiric)
Status: New = Invalid
** Changed in: puppet (Ubuntu Precise)
1.4.6 is now in Precise. I'm closing this bug.
** Changed in: munin (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to munin in Ubuntu.
https://bugs.launchpad.net/bugs/840386
Title:
** Also affects: php5 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
** Also affects: php5 (Ubuntu Hardy)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/852865
Title:
strrchr() functions information leak
To
** Changed in: elinks (Ubuntu)
Assignee: 杨敏 (mandy9337) = (unassigned)
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to elinks in Ubuntu.
https://bugs.launchpad.net/bugs/769354
Title:
elinks
Looks like a libvirt issue, reassigning.
** Package changed: virt-manager (Ubuntu) = libvirt (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/868753
Title:
qemu+ssh
Subscribing ubuntu-security-sponsors for the hardy tomcat5.5 update.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in Ubuntu.
https://bugs.launchpad.net/bugs/843701
Title:
CVE-2011-3190 Apache Tomcat Authentication bypass
Thanks for the branches. Tomcat6 updates have already been prepared by
the security team, and are currently being tested.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in Ubuntu.
https://bugs.launchpad.net/bugs/843701
Title:
Added tomcat5.5 task and re-subscribed ubuntu-security-sponsors since
there's a tomcat5.5 branch linked here for sponsoring.
** Also affects: tomcat5.5 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: tomcat5.5 (Ubuntu Lucid)
Status: New = Invalid
** Changed in:
Thanks for the debdiffs. Subscribing ubuntu-security-sponsors.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/813115
Title:
CVE-2011-2202
To manage notifications about this bug go
This, and possibly other parsing issues in libvirt's
storage_backend_logical.c is causing LVM bugs with virt-manager. See bug
551432.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
SRU request:
Impact: Memory leaks and double free because of incorrectly cleared
pointers may cause multipathd to crash.
Issue has been addressed by backporting a minimal patch from upstream to
fix a memory leak and clear some pointers when they're freed.
--
You received this bug notification
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for getting this upstream Richard, I'll add it to libvirt also.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/792985
Title:
virt-manager fails if target system has no grep
Upstream virt-manager commit: http://git.fedorahosted.org/git/?p=virt-
manager.git;a=commit;h=d078def94fda124304da95733d41844384e739ad
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: virt-manager (Ubuntu)
Assignee: (unassigned
Your PCI scanning software is broken, it is scanning for software version
numbers instead of looking at specific package versions.
See: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
For the specific CVE numbers you've mentioned:
CVE-2010-0425 is a windows-specific vulnerability, it doesn't
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Agreed. In network to network VPNs, it is desirable to have openvpn
autostart connections, and most road warriors will be using network
manager, and wouldn't be hit by this issue. The behaviour is also well
documented in the config file.
@David: if you feel strongly that the default should be
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/815504
Title:
glibc double free when
301 - 400 of 638 matches
Mail list logo