Great! Thanks for testing Nelson, I'll push them out today.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-django in Ubuntu.
https://bugs.launchpad.net/bugs/1417274
Title:
CVE-2015-0221 backport broke serving static content
Actually, the packages in that PPA introduce other regressions, they
still need work.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-django in Ubuntu.
https://bugs.launchpad.net/bugs/1417274
Title:
CVE-2015-0221 backport
Looked good, uploaded to vivid with a couple of minor changelog changes.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nut in Ubuntu.
https://bugs.launchpad.net/bugs/1405822
Title:
Default ups.conf should have maxretry
** Bug watch added: Debian Bug tracker #776947
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776947
** Also affects: nut (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776947
Importance: Unknown
Status: Unknown
** Changed in: nut (Ubuntu)
Status: New =
Could you please try the package in the following PPA, to make sure they
fix the regression without causing any further issues?
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa
If it works for you, I will release it as a security regression update.
Thanks!
--
You received
** Also affects: python-django (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: python-django (Ubuntu Lucid)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed
Packages are in the upload queues awaiting the SRU team, unsubscribing
ubuntu-sponsors.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/583216
Title:
inet_protocols can't be
Thanks for the suggestion, I've added a note to the USN to this effect.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bsd-mailx in Ubuntu.
https://bugs.launchpad.net/bugs/1414684
Title:
bsd-mailx no longer supports sendmail
The change was unfortunately needed to properly handle email addresses
that start with -.
Please file a bug against bootmail.
** Bug watch added: Debian Bug tracker #776498
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776498
** Also affects: bsd-mailx (Debian) via
*** This bug is a security vulnerability ***
Public security bug reported:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
** Affects: mysql-5.5 (Ubuntu)
Importance: Medium
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: mysql
** Changed in: nginx (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1403283
Title:
[Security] BREACH vulnerability is not mitigated in default
ACK on the merge. Looks good, thanks!
I've uploaded it.
** Changed in: nss (Ubuntu)
Status: Confirmed = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1407826
I think this change makes sense. However, it would be a lot better to
simply modify the 0006-ups-conf-maxretry.patch patch directly instead of
adding a second one.
NACK on the debdiff for now, please modify it to update the other patch.
Thanks!
** Changed in: nut (Ubuntu)
Status: New =
http://www.ubuntu.com/usn/usn-2449-1/
** Changed in: ntp (Ubuntu Lucid)
Status: In Progress = Fix Released
** Changed in: ntp (Ubuntu Precise)
Status: In Progress = Fix Released
** Changed in: ntp (Ubuntu Trusty)
Status: In Progress = Fix Released
** Changed in: ntp
By default, saslauthd caches credentials.
The cache and timeout are set by the -c and -t command line options.
You can disable caching by removing the -c from /etc/default/saslauthd,
or adjust the timeout from the default 28800 seconds by adding -t to it.
** Information type changed from
)
Status: New = Confirmed
** Changed in: qemu (Ubuntu Utopic)
Status: New = Confirmed
** Changed in: qemu (Ubuntu Vivid)
Status: New = Confirmed
** Changed in: qemu (Ubuntu Trusty)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: qemu (Ubuntu Utopic)
Assignee
** Also affects: maas (Ubuntu)
Importance: Undecided
Status: New
** Also affects: maas (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: maas (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: maas (Ubuntu Utopic)
Importance:
: Undecided = Critical
** Changed in: maas (Ubuntu Utopic)
Importance: Undecided = Critical
** Changed in: maas (Ubuntu Vivid)
Importance: Undecided = Critical
** Changed in: maas (Ubuntu Precise)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: maas (Ubuntu Trusty
This is a security issue that was assigned CVE-2014-7141 and
CVE-2014-7142.
As such, it needs to be published in the security pocket.
I will build it as a security update, and will release it.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7141
** CVE added:
ACK o the debdiff in comment #7. I added a couple of small changes:
I added the following back to debian/changelog:
- debian/tests/control: add nginx-core test.
- debian/control: drop luajit from Build-Depends as it is in universe.
I also changed another reference to Debian in
** Changed in: qemu (Ubuntu Saucy)
Status: In Progress = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.launchpad.net/bugs/1322204
Title:
image format input validation fixes tracking
** Also affects: nginx (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
** Description changed:
- The current version of dovecot in Ubuntu 12.04 LTS, Precise Pangolin is
- 2.0.19
+ SRU Request:
+
+ [Impact]
+ Dovecot in Precise does not contain the ssl_protocols configuration option
that allows disabling SSLv3. Since there are now known weaknesses in SSLv3, it
** Changed in: dovecot (Ubuntu)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/1381537
Title:
Dovecot version in precise
** Also affects: dovecot (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: dovecot (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: dovecot (Ubuntu Vivid)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status
Unfortunately, ntp autokey is broken and insecure, it can't be used to
provide any additional security.
http://zero-entropy.de/autokey_analysis.pdf
The only solution for the moment is for system administrators to set up
their own symmetric keys with their own ntp server.
--
You received this
** Also affects: nginx (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Utopic)
Importance: Undecided
Status: New
** Changed in: nginx (Ubuntu Utopic)
*** This bug is a security vulnerability ***
Public security bug reported:
The following commit is incorrect:
https://github.com/apache/spamassassin/commit/87caaa37615318eaa8940a5c6f3d6065cedd86d1
This makes spamassassin use SSLv3 by default, and does _not_ do what is
documented:
The default,
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Precise)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: mysql-5.5 (Ubuntu Trusty)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: mysql-5.5 (Ubuntu Utopic)
Importance
** Changed in: nginx (Ubuntu Utopic)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1370478
Title:
[CVE-2014-3616] possible to reuse cached
** Bug watch added: Debian Bug tracker #751988
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751988
** Also affects: samba (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751988
Importance: Unknown
Status: Unknown
--
You received this bug notification because
Thanks for the precise and trusty debdiffs. I have uploaded them for processing
by the SRU team. I have slightly altered them:
- I have renamed the patches so they match the names in Utopic
- I have changed the release number to better suit Trusty.
Thanks!
** Changed in: multipath-tools (Ubuntu
** Also affects: pacemaker (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to pacemaker in Ubuntu.
https://bugs.launchpad.net/bugs/1353473
Title:
Pacemaker crm node standby
ACK on the debdiff for trusty. I've uploaded it for processing by the
SRU team with a slight change in the version number.
Thanks!
** Changed in: pacemaker (Ubuntu Trusty)
Status: New = In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team,
Ubuntu 9.04 has been end-of-life for a long time now. I'm closing this
bug, please feel free to open a new one if you can reproduce this issue
with a current version of Ubuntu.
** Changed in: nss (Ubuntu)
Status: New = Won't Fix
--
You received this bug notification because you are a
** Bug watch added: Debian Bug tracker #505382
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382
** Also affects: nss (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
*** This bug is a duplicate of bug 523113 ***
https://bugs.launchpad.net/bugs/523113
** Bug watch added: Debian Bug tracker #505382
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382
** Also affects: nss (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382
This was reported using a version of Ubuntu that has been out of support
for a long time. As such, I am closing this bug.
Please feel free to open a new bug if you can reproduce the issue with
Ubuntu 14.04 LTS.
** Changed in: nspr (Ubuntu)
Status: Confirmed = Won't Fix
--
You received
Are you able to reproduce this with Ubuntu 14.04 LTS?
** Changed in: nss (Ubuntu)
Status: New = Incomplete
** Changed in: taxbird (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nss in
This bug was reported against an ancient version of nss, and it was
reported fixed against nspr 4.7.5. We currently have 4.10.7 in all
supported Ubuntu release. As such, I am closing this bug. If you can
reproduce with a current version, please file a new bug.
Thanks!
** Changed in: nspr
nss has been updated to 3.17 in all supported versions of Ubuntu. Are
you able to reproduce this issue with 3.17?
** Changed in: nss (Ubuntu)
Status: Confirmed = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nss in
We now have nspr 4.10.7 in all supported versions of Ubuntu.
** Changed in: nspr (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nspr in Ubuntu.
https://bugs.launchpad.net/bugs/1155295
nspr has been updated to 4.10.7 in all supported versions of Ubuntu. Are
you still able to reproduce this issue?
** Changed in: nspr (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nspr in
*** This bug is a security vulnerability ***
Public security bug reported:
NSS in stable releases is at 3.15.4, which contains outdated CA
certificates.
** Affects: nss (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: nss (Ubuntu Lucid)
Importance: Undecided
Updated have now been released: http://www.ubuntu.com/usn/usn-2350-1/
** Changed in: nss (Ubuntu Lucid)
Status: New = Fix Released
** Changed in: nss (Ubuntu Precise)
Status: New = Fix Released
** Changed in: nss (Ubuntu Trusty)
Status: New = Fix Released
--
You received
NSS has now been updated to 3.17 in all supported releases:
http://www.ubuntu.com/usn/usn-2350-1/
As such, I am closing this bug. Feel free to reopen it if the update
didn't solve the issue.
** Changed in: nss (Ubuntu)
Status: New = Fix Released
--
You received this bug notification
** Also affects: nginx (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Utopic)
** Changed in: nginx (Ubuntu Trusty)
Status: New = Confirmed
** Changed in: nginx (Ubuntu Lucid)
Status: New = Won't Fix
** Changed in: nginx (Ubuntu Precise)
Status: New = Confirmed
** Changed in: nginx (Ubuntu Trusty)
Assignee: (unassigned) = Marc Deslauriers
in: lua5.2 (Ubuntu Trusty)
Status: New = Fix Released
** Changed in: lua5.2 (Ubuntu Precise)
Status: New = Confirmed
** Changed in: lua5.1 (Ubuntu Utopic)
Status: New = Confirmed
** Changed in: lua5.1 (Ubuntu Precise)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur
)
Status: New = Confirmed
** Changed in: openssl (Ubuntu Lucid)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: postfix (Ubuntu Lucid)
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
OK, it turns out there is an incompatibility between the postfix package
in precise and the version of openssl in precise.
This was fixed in postfix 2.10.2 by the following change:
20130616
TLS Performance: the Postfix SMTP server TLS session cache
was ineffective because recent
** Patch added: postfix_2.9.6-1~12.04.2.debdiff
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1356843/+attachment/4178779/+files/postfix_2.9.6-1%7E12.04.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in
** Summary changed:
- ccs received early
+ ccs received early errors after openssl security update
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1356843
Title:
ccs received early
routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146:
** Changed in: postfix (Ubuntu Precise)
Status: Confirmed = In Progress
** Changed in: postfix (Ubuntu Precise)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Description changed:
SRU request:
[Impact]
The CVE-2014
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: qemu (Ubuntu Precise)
Importance: Undecided
Status: Invalid
** Affects: qemu-kvm (Ubuntu Precise)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects
Since a lot of these updates fix security issues, we probably should
build them in the security team PPA before copying them -proposed, so we
can release them as security updates once the SRU period is over.
ceilometer - CVE-2014-4615
horizon - CVE-2014-3473, CVE-2014-3474, CVE-2014-3475
keystone
This bug was fixed in the package krb5 - 1.12.1+dfsg-7
Sponsored for Sam Hartman (hartmans)
---
krb5 (1.12.1+dfsg-7) unstable; urgency=high
* Apply upstream's patch for CVE-2014-4345 (MITKRB5-SA-2014-001), buffer
overrun in kadmind with LDAP backend, Closes: #757416
--
Unsubscribing ubuntu-security-sponsors since there is nothing further to
do.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1330168
Title:
Please update to 5.6.19
To manage
Thanks for the package. Building for trusty now.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1330168
Title:
Please update to 5.6.19
To manage notifications about this bug go
*** This bug is a security vulnerability ***
Public security bug reported:
See mysql issues here:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
** Affects: mysql-5.5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification
(Ubuntu Utopic)
Status: New = Confirmed
** Changed in: mysql-5.5 (Ubuntu Precise)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: mysql-5.5 (Ubuntu Trusty)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: mysql-5.5 (Ubuntu Utopic
Status: New
** Also affects: php5 (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Saucy)
Importance: Undecided
Status: New
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: php5
www.conf is a conffile. Deleting it should not replace it when the
package is upgraded.
If updating manually, the following prompt should appear:
Configuration file `/etc/php5/fpm/pool.d/www.conf'
== Deleted (by you or by a script) since installation.
== Package distributor has shipped an
Could you please attach your /etc/apt/apt.conf.d/50unattended-upgrades
file?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1334572
Title:
php5-fpm upgrade broken after deleting
I actually fixed this in April with the following USN:
http://www.ubuntu.com/usn/usn-2170-1/
** Changed in: mysql-5.5 (Ubuntu Precise)
Status: Triaged = Fix Released
** Changed in: mysql-5.5 (Ubuntu Saucy)
Status: Triaged = Fix Released
** Changed in: mysql-5.5 (Ubuntu Quantal)
in: php5 (Ubuntu Saucy)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: php5 (Ubuntu Trusty)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu
A fix for the socket permissions is being handled in bug 1334337
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1307027
Title:
php5-fpm: Possible privilege escalation due to insecure
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Changed in: w3m (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to w3m in Ubuntu.
https://bugs.launchpad.net/bugs/1325674
Title:
w3m supports insecure cypher suites
To manage notifications
** Also affects: mod-wsgi (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: mod-wsgi (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: mod-wsgi (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: mod-wsgi (Ubuntu
: Invalid
** Affects: qemu (Ubuntu Lucid)
Importance: Undecided
Status: Invalid
** Affects: qemu-kvm (Ubuntu Lucid)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: qemu (Ubuntu Precise)
Importance: Undecided
Can someone please test this, or it will get superseded by a security
update.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1316812
Title:
ubuntu qemu-kvm package attempts to
** Changed in: mysql-5.6 (Ubuntu Trusty)
Status: New = In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1313566
Title:
mysql 5.6.17 security update tracking bug
Looks good, ACK.
Building now and will release as a security update once built.
Thanks!
** Changed in: mysql-5.6 (Ubuntu Trusty)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.6 in
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1307027
Title:
php5-fpm: Possible privilege escalation due to
** Information type changed from Private Security to Public Security
** Also affects: python-django (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu
** Information type changed from Private Security to Public Security
** Also affects: python-django (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu
** Information type changed from Private Security to Public Security
** Also affects: python-django (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: python-django (Ubuntu Trusty)
** Bug watch added: Django Bug Tracker #22486
http://code.djangoproject.com/ticket/22486
** Also affects: django via
http://code.djangoproject.com/ticket/22486
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server
*** This bug is a duplicate of bug 1311433 ***
https://bugs.launchpad.net/bugs/1311433
This is likely because of the python-django security update, see
#1311433
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
(Ubuntu Lucid)
Status: New = In Progress
** Changed in: python-django (Ubuntu Lucid)
Importance: Undecided = High
** Changed in: python-django (Ubuntu Lucid)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: python-django (Ubuntu Precise)
Status: New
*** This bug is a security vulnerability ***
Public security bug reported:
See mysql issues here:
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
** Affects: mysql-5.5 (Ubuntu)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2855
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1307230
Title:
3.1.0 daemon infinite loop when no matched
CVE requested: http://www.openwall.com/lists/oss-security/2014/04/14/5
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to rsync in Ubuntu.
CVE-2014-2525 was already fixed in 0.1.4-3ubuntu3:
https://launchpad.net/ubuntu/trusty/+source/libyaml/0.1.4-3ubuntu3
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2525
** Changed in: libyaml (Ubuntu)
Status: New = Fix Released
--
You received this bug
** Attachment removed: CoreDump.gz
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1303926/+attachment/4072413/+files/CoreDump.gz
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
** Changed in: nss (Ubuntu Lucid)
Status: New = Invalid
** Changed in: ca-certificates-java (Ubuntu Precise)
Status: New = Invalid
** Changed in: ca-certificates-java (Ubuntu Lucid)
Status: New = Invalid
--
You received this bug notification because you are a member of
** Also affects: openvpn (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: easy-rsa (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: openvpn (Ubuntu)
Status: Confirmed = Invalid
** Changed in: easy-rsa (Ubuntu Precise)
Status:
ACK on the debdiff in #10, looks good.
I've uploaded the package to precise-proposed for processing by the SRU team.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/992012
Subscribing ubuntu-release for FFe.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/1286346
Title:
[FFe] Sync puppet 3.4.3-1 (main) from Debian unstable (main)
To manage
bind9 has been updated in trusty, so it no longer needs a patch.
** Changed in: bind9 (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1277205
More info on why it's not build with --enable-rrl by defaut:
https://kb.isc.org/article/AA-01058
I have no objection to building it with --enable-rrl, as long as it's
not configured by default.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
*** This bug is a security vulnerability ***
Public security bug reported:
Bind 9.9.5 is an Extended Support Version (ESV) of bind9, which means
it will be supported by ISC for a period of 4 years.
I would like our LTS release to get an ESV version of bind9 so our
maintenance and security
FYI, From a security point of view, I would much rather support 2.0 than
to support 1.7 with a zillion patches. Qemu is a package that does get a
_lot_ of security updates, so being closer to a released version is
preferable.
--
You received this bug notification because you are a member of
Not yet, no. But it will be.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1258286
Title:
CAcert should not be trusted by default
To manage notifications about this bug go to:
slightly different fixes in 0.1.5.
** Affects: libyaml (Ubuntu)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: New
** Affects: libyaml (Ubuntu Precise)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: New
** Affects: libyaml
This package is no longer part of the supported package set on Ubuntu
10.04. It was only supported for 3 years, and was never part of the 5
year supported package set.
This is the list of packages supported for 5 years in Ubuntu 10.04:
** Also affects: ca-certificates (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: nss (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: ca-certificates (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: nss
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
101 - 200 of 638 matches
Mail list logo
