[Bug 1547133] Re: After automatically upgrading Xubuntu library libnss3 to version 2:3.21-0ubuntu0.15.10.1 some apps stop working
This is a bug in QtWebEngine. The file src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch contains the following: +/* This is a bodge to allow this code to be compiled against older NSS + * headers. */ +#ifndef CKM_NSS_CHACHA20_POLY1305 +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 26) Unfortunately, CKM_NSS + 26 got used for something else in nss 3.21: #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) In nss 3.23, we now have: #define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) This means QtWebEngine isn't using the right value. To fix this, QtWebEngine needs to be patched to use the proper value of CKM_NSS + 28 in the following files: src/3rdparty/chromium/net/socket/ssl_client_socket_nss.cc src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c src/3rdparty/chromium/third_party/nss/patches/nss-chacha20-poly1305.patch src/3rdparty/chromium/third_party/nss/nss/lib/util/pkcs11n.h Once that is done and QtWebEngine is rebuilt, I believe it will be compatible with nss 3.21 and 3.23. I am closing this bug since the product using QtWebEngine is not in Ubuntu and there is no further action to be done. ** Changed in: nss (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1547133 Title: After automatically upgrading Xubuntu library libnss3 to version 2:3.21-0ubuntu0.15.10.1 some apps stop working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1547133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1556300] Re: Please merge ebtables 2.0.10.4-3.4 from Debian unstable
Debdiff in comment #2 looks good. Uploaded. Thanks! ** Changed in: ebtables (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ebtables in Ubuntu. https://bugs.launchpad.net/bugs/1556300 Title: Please merge ebtables 2.0.10.4-3.4 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1556300/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1555357] Re: Please merge checksecurity 2.0.16+nmu1 from Debian unstable
ACK on the debdiff. I've made a slight change to remove mention of fcron twice. Uploading now. Thanks! ** Changed in: checksecurity (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to checksecurity in Ubuntu. https://bugs.launchpad.net/bugs/1555357 Title: Please merge checksecurity 2.0.16+nmu1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/checksecurity/+bug/1555357/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1556265] Re: Please merge nagios3 3.5.1.dfsg-2.1 from Debian unstable
Debdiff looks good. Uploading now. Thanks! ** Changed in: nagios3 (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in Ubuntu. https://bugs.launchpad.net/bugs/1556265 Title: Please merge nagios3 3.5.1.dfsg-2.1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1556265/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1556304] Re: Please merge memcached 1.4.25-2 from Debian unstable
Debdiff looks good, ACK. Uploading now. Thanks! ** Changed in: memcached (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to memcached in Ubuntu. https://bugs.launchpad.net/bugs/1556304 Title: Please merge memcached 1.4.25-2 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/memcached/+bug/1556304/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1553251] Re: USN-2915-1 introduced a regression in is_safe_url()
First round of regression fixes used incomplete patch. Proper upstream commits are: https://github.com/django/django/commit/ada7a4aefb9bec4c34667b511022be6057102f98 https://github.com/django/django/commit/552f03869ea7f3072b3fa19ffb6cb2d957fd8447 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1553251 Title: USN-2915-1 introduced a regression in is_safe_url() To manage notifications about this bug go to: https://bugs.launchpad.net/django/+bug/1553251/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1553251] Re: USN-2915-1 introduced a regression in is_safe_url()
Ubuntu 12.04 LTS isn't affected by the regression. ** Changed in: python-django (Ubuntu Precise) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1553251 Title: USN-2915-1 introduced a regression in is_safe_url() To manage notifications about this bug go to: https://bugs.launchpad.net/django/+bug/1553251/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1553251] [NEW] USN-2915-1 introduced a regression in is_safe_url()
*** This bug is a security vulnerability *** Public security bug reported: See https://github.com/claudep/django/commit/7ee019b60ab696930c8b692bff7d29c0f4cea885 ** Affects: django Importance: Unknown Status: Unknown ** Affects: python-django (Ubuntu) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: python-django (Ubuntu Precise) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: python-django (Ubuntu Trusty) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: python-django (Ubuntu Wily) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: python-django (Ubuntu Xenial) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Bug watch added: Django Bug Tracker #26308 http://code.djangoproject.com/ticket/26308 ** Also affects: django via http://code.djangoproject.com/ticket/26308 Importance: Unknown Status: Unknown ** Also affects: python-django (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: python-django (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: python-django (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: python-django (Ubuntu Wily) Importance: Undecided Status: New ** Changed in: python-django (Ubuntu Precise) Status: New => Confirmed ** Changed in: python-django (Ubuntu Trusty) Status: New => Confirmed ** Changed in: python-django (Ubuntu Wily) Status: New => Confirmed ** Changed in: python-django (Ubuntu Xenial) Status: New => Confirmed ** Changed in: python-django (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: python-django (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: python-django (Ubuntu Wily) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: python-django (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1553251 Title: USN-2915-1 introduced a regression in is_safe_url() To manage notifications about this bug go to: https://bugs.launchpad.net/django/+bug/1553251/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1553251] Re: USN-2915-1 introduced a regression in is_safe_url()
https://github.com/django/django/pull/6242 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1553251 Title: USN-2915-1 introduced a regression in is_safe_url() To manage notifications about this bug go to: https://bugs.launchpad.net/django/+bug/1553251/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1550423] Re: ERR_SSL_PROTOCOL_ERROR
Chrome 45 is too old. You need to update to Chrome 47 or later, preferably to the current version, Chrome 48. I am closing this bug as running an old version of Chrome is not supported. ** Changed in: nss (Ubuntu) Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1550423 Title: ERR_SSL_PROTOCOL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1550423/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1550423] Re: ERR_SSL_PROTOCOL_ERROR
What version of Chrome are you running? ** Package changed: ca-certificates (Ubuntu) => nss (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1550423 Title: ERR_SSL_PROTOCOL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1550423/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1547147] Re: libnss3-dev adds epoch 2 to the Version in pkg-config's pc file
Confirmed, the epoch wasn't supposed to get bumped in precise. ** Also affects: nss (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: nss (Ubuntu Precise) Status: New => Confirmed ** Changed in: nss (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1547147 Title: libnss3-dev adds epoch 2 to the Version in pkg-config's pc file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1547147/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1545750] Re: Access denied if the share path is "/"
ACK on the debdiffs, I've uploaded them for building with the following small changes: - Clean out cruft in trusty and wily patched - wrapped changelog line to fix lintian warning - fixed trusty package version number - re-targeted to -security pocket. I will publish these updates as a security regression fix once they have been tested. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1545750 Title: Access denied if the share path is "/" To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1545750] Re: Access denied if the share path is "/"
** Also affects: samba (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Wily)
Importance: Undecided
Status: New
** Bug watch added: Debian Bug tracker #812429
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812429
** Also affects: samba (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812429
Importance: Unknown
Status: Unknown
** Changed in: samba (Ubuntu Precise)
Status: New => Confirmed
** Changed in: samba (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: samba (Ubuntu Wily)
Status: New => Confirmed
** Changed in: samba (Ubuntu)
Status: New => Confirmed
** Changed in: samba (Ubuntu)
Importance: Undecided => Medium
** Changed in: samba (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: samba (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: samba (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: samba (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: samba (Ubuntu Precise)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: samba (Ubuntu Trusty)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: samba (Ubuntu Wily)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1545750
Title:
Access denied if the share path is "/"
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 523113] Re: missing manpages for nss tools
Ubuntu 15.10 and up now include manpages for nss tools. Marking this bug as closed. ** Changed in: nss (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/523113 Title: missing manpages for nss tools To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/523113/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1537750] [NEW] mysql 5.5.47, 5.6.28 security update tracking bug
*** This bug is a security vulnerability *** Public security bug reported: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html ** Affects: mysql-5.5 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: mysql-5.5 (Ubuntu Precise) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Precise) Importance: Undecided Status: Invalid ** Affects: mysql-5.5 (Ubuntu Trusty) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Trusty) Importance: Medium Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Vivid) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Vivid) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Wily) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Wily) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Xenial) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Xenial) Importance: Undecided Status: Fix Released ** Information type changed from Public to Public Security ** Also affects: mysql-5.6 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu) Importance: Undecided Status: New ** Changed in: mysql-5.5 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: mysql-5.5 (Ubuntu Precise) Status: New => Confirmed ** Changed in: mysql-5.5 (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: mysql-5.5 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: mysql-5.5 (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Vivid) Status: New => Invalid ** Changed in: mysql-5.5 (Ubuntu Wily) Status: New => Invalid ** Changed in: mysql-5.5 (Ubuntu Xenial) Status: New => Invalid ** Changed in: mysql-5.6 (Ubuntu Precise) Status: New => Invalid ** Changed in: mysql-5.6 (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: mysql-5.6 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Importance: Undecided => Medium ** Changed in: mysql-5.6 (Ubuntu Vivid) Status: New => Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.6 (Ubuntu Wily) Importance: Undecided => Medium ** Changed in: mysql-5.6 (Ubuntu Wily) Status: New => Confirmed ** Changed in: mysql-5.6 (Ubuntu Wily) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.6 (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1537750 Title: mysql 5.5.47, 5.6.28 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1537750/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1534203] Re: openssl_random_pseudo_bytes() security bug and PHP packages
** Also affects: php5 (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Wily)
Importance: Undecided
Status: New
** Changed in: php5 (Ubuntu Xenial)
Status: New => Fix Released
** Changed in: php5 (Ubuntu Precise)
Status: New => Confirmed
** Changed in: php5 (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: php5 (Ubuntu Vivid)
Status: New => Confirmed
** Changed in: php5 (Ubuntu Wily)
Status: New => Confirmed
** Changed in: php5 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: php5 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: php5 (Ubuntu Precise)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: php5 (Ubuntu Vivid)
Importance: Undecided => Medium
** Changed in: php5 (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: php5 (Ubuntu Trusty)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: php5 (Ubuntu Vivid)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: php5 (Ubuntu Wily)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1534203
Title:
openssl_random_pseudo_bytes() security bug and PHP packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1532648] Re: Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)
Merge looks good. Uploading. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1532648 Title: Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1532648/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1530837] Re: Logsys file leaks in /dev/shm after sigabrt, sigsegv and when running corosync -v
Hi! Thanks for providing the debdiff. The patches in the debdiff contain unwanted changes: $ quilt push -a Applying patch leak-produced-by-corosync-v.patch patching file exec/main.c patching file exec/main.c.orig Applying patch Handle-SIGSEGV-and-SIGABRT-signals.patch patching file exec/main.c patching file exec/main.c.orig Applying patch Fix-compiler-warning-introduced-by-previous-patch.patch patching file exec/main.c patching file exec/main.c.orig Now at patch Fix-compiler-warning-introduced-by-previous-patch.patch Please remove the unwanted main.c.orig changes from the debdiff and resubmit. Thanks! ** Changed in: corosync (Ubuntu Trusty) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to corosync in Ubuntu. https://bugs.launchpad.net/bugs/1530837 Title: Logsys file leaks in /dev/shm after sigabrt, sigsegv and when running corosync -v To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1530837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1524590] Re: package libaio1:i386 0.3.110-1 failed to install/upgrade: package libaio1:i386 is already installed and configured
*** This bug is a duplicate of bug 1407757 *** https://bugs.launchpad.net/bugs/1407757 Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libaio in Ubuntu. https://bugs.launchpad.net/bugs/1524590 Title: package libaio1:i386 0.3.110-1 failed to install/upgrade: package libaio1:i386 is already installed and configured To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libaio/+bug/1524590/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1475050] Re: unprivileged guest to host real-root escape via lxc-attach
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1475050 Title: unprivileged guest to host real-root escape via lxc-attach To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1475050/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1520146] Re: package python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.7 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1520146 Title: package python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.7 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1520146/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1522190] Re: Permission denied (publickey) whereas the public key has been inserted into ~/.ssh/authorized_keys: "usePAM no" issue
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1522190 Title: Permission denied (publickey) whereas the public key has been inserted into ~/.ssh/authorized_keys: "usePAM no" issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1522190/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1515986] Re: unable to properly install backuppc on wily 15.10
Merge debdiff looks good, the only thing that was problematic was par2 didn't get dropped from the Build-Depends, so I fixed that. Uploaded to xenial. ** Changed in: backuppc (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to backuppc in Ubuntu. https://bugs.launchpad.net/bugs/1515986 Title: unable to properly install backuppc on wily 15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backuppc/+bug/1515986/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1520568] Re: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR
I can't reproduce this issue in midori at all. I can reproduce it with https://te-st.ru -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1520568 Title: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1520568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1520568] Re: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR
nss 3.20.1 works, nss 3.21 doesn't. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1520568 Title: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1520568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1520568] Re: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR
OK, a few more notes on reproducing this: 1- I can't reproduce this by installing the daily live cd in a VM 2- I can reproduce it successfully by installing the daily live cd on real hardware This means it's probably not related to which Google servers are being hit, and is likely hardware-dependent. This matches the behaviour Barry noticed in comment #10. On the real hardware, where the problem occurs, I see "Fontconfig error: Cannot load default config file" on the console with every character that I type in the URL bar which results in a failed google lookahead search. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1520568 Title: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1520568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1520568] Re: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR
I can't seem to reproduce this. https://www.google.com works fine in an up-to-date image with Chromium and nss 2:3.21-1ubuntu2. Could you please give the exact steps require to see this issue? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1520568 Title: All queries fails when 'google' is used: ERR_SSL_PROTOCOL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1520568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1518728] Re: package php5-fpm 5.6.11+dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1518728 Title: package php5-fpm 5.6.11+dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1518728/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1512131] Re: Apparmor complains about multiple /run/dovecot file access
** Package changed: dovecot (Ubuntu) => apparmor (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1512131 Title: Apparmor complains about multiple /run/dovecot file access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1512131/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1509817] Re: libxml_disable_entity_loader is not theadsafe
I'll include this in the next php5 security update. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1509817 Title: libxml_disable_entity_loader is not theadsafe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1510520] Re: Possible DoS with fork in socat (CVE-2015-1379)
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: socat (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to socat in Ubuntu. https://bugs.launchpad.net/bugs/1510520 Title: Possible DoS with fork in socat (CVE-2015-1379) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/socat/+bug/1510520/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1509817] Re: Please backport PHP fix #64938 (fixed in 5.5.22) on 14.04
** Information type changed from Private Security to Public Security ** Changed in: php5 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1509817 Title: Please backport PHP fix #64938 (fixed in 5.5.22) on 14.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1508698] Re: default account "guest" has administrator privileges
** Information type changed from Private Security to Public Security ** Changed in: rabbitmq-server (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to rabbitmq-server in Ubuntu. https://bugs.launchpad.net/bugs/1508698 Title: default account "guest" has administrator privileges To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1508698/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1508441] Re: mysql 5.5.46, 5.6.27 security update tracking bug
** Changed in: mysql-5.6 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1508441 Title: mysql 5.5.46, 5.6.27 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1508441/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1508441] Re: mysql 5.5.46, 5.6.27 security update tracking bug
Looks like you upgraded from a version that wasn't in the archive, namely 5.6.25-3+deb.sury.org~trusty+1. Are you able to reproduce the issue in a clean install without that unofficial package? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1508441 Title: mysql 5.5.46, 5.6.27 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1508441/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1508441] Re: mysql 5.5.46, 5.6.27 security update tracking bug
I can't reproduce that failure, could you please attach your /var/log/dpkg.log file? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1508441 Title: mysql 5.5.46, 5.6.27 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1508441/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1508441] [NEW] mysql 5.5.46, 5.6.27 security update tracking bug
*** This bug is a security vulnerability *** Public security bug reported: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL ** Affects: mysql-5.5 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Precise) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Precise) Importance: Undecided Status: Invalid ** Affects: mysql-5.5 (Ubuntu Trusty) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Trusty) Importance: Medium Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Vivid) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Vivid) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Wily) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Wily) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: mysql-5.5 (Ubuntu) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Vivid) Importance: Undecided Status: New ** Changed in: mysql-5.5 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: mysql-5.5 (Ubuntu Precise) Status: New => Confirmed ** Changed in: mysql-5.5 (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: mysql-5.5 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: mysql-5.5 (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Vivid) Status: New => Invalid ** Changed in: mysql-5.5 (Ubuntu Wily) Status: New => Invalid ** Changed in: mysql-5.6 (Ubuntu Precise) Status: New => Invalid ** Changed in: mysql-5.6 (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: mysql-5.6 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Importance: Undecided => Medium ** Changed in: mysql-5.6 (Ubuntu Vivid) Status: New => Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.6 (Ubuntu Wily) Importance: Undecided => Medium ** Changed in: mysql-5.6 (Ubuntu Wily) Status: New => Confirmed ** Changed in: mysql-5.6 (Ubuntu Wily) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1508441 Title: mysql 5.5.46, 5.6.27 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1508441/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400517] Re: Please update Tomcat7 in trusty-security to >= 7.0.55 to enable easier server info hiding
** Changed in: tomcat7 (Ubuntu) Assignee: Alex Kiss (sysrex) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1400517 Title: Please update Tomcat7 in trusty-security to >= 7.0.55 to enable easier server info hiding To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1400517/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1499063] Re: awscli crashes immediately on start
*** This bug is a duplicate of bug 1499075 *** https://bugs.launchpad.net/bugs/1499075 ** This bug has been marked a duplicate of bug 1499075 python3.4.3 SRU breaks awscli -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to awscli in Ubuntu. https://bugs.launchpad.net/bugs/1499063 Title: awscli crashes immediately on start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/awscli/+bug/1499063/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Bug watch added: Debian Bug tracker #795315 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 ** Also affects: ntp (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 Importance: Unknown Status: Unknown ** Bug watch added: bugs.ntp.org/ #2224 http://bugs.ntp.org/show_bug.cgi?id=2224 ** Also affects: ntp via http://bugs.ntp.org/show_bug.cgi?id=2224 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1474294] Re: Please merge antlr3 3.2-11 (universe) from Debian unstable (main)
Looks like this all got synced. Marking as fix released. ** Changed in: plexus-compiler (Ubuntu) Status: Confirmed => Fix Released ** Changed in: maven-compiler-plugin (Ubuntu) Status: Confirmed => Fix Released ** Changed in: antlr3 (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to antlr3 in Ubuntu. https://bugs.launchpad.net/bugs/1474294 Title: Please merge antlr3 3.2-11 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/antlr3/+bug/1474294/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
Thanks for the debdiff. The patch looks good, but could you please add proper DEP-3 patch tags, including the Origin tag? For example: Description: xxx Origin: upstream, https://svn.apache.org/viewvc?view=revision=1594625 Author: xxx See the following for more information: http://dep.debian.net/deps/dep3/ Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1394403] Re: RewriteRule of "^$" is broken
Wesley, have you gotten a chance to test the package in trusty-proposed? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1394403 Title: RewriteRule of "^$" is broken To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1394403/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
ACK on the debdiffs, thanks! I've slightly modified the whitespace in the changelog and have added the bug number, and have uploaded it to wily, and to the other releases for processing by the SRU team. ** Tags removed: verification-done ** Changed in: ntp (Ubuntu Wily) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1493188] Re: overlayroot doesn't work with vanilla kernel
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1493188 Title: overlayroot doesn't work with vanilla kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1493188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1467716] Re: "gem install" fetches packages from unencrypted HTTP URL
The instructions given in the bug description aren't accurate. The make gem use an https URL, you need to create an /etc/gemrc or ~/.gemrc file with the following contents: :sources: - https://rubygems.org Make sure it works by using "gem environment" and making sure "REMOTE SOURCES" is using the https URL. ** Changed in: ruby1.9.1 (Ubuntu) Status: New => Confirmed ** Changed in: ruby1.9.1 (Ubuntu) Importance: Undecided => Wishlist ** Changed in: ruby1.9.1 (Ubuntu) Importance: Wishlist => Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ruby1.9.1 in Ubuntu. https://bugs.launchpad.net/bugs/1467716 Title: "gem install" fetches packages from unencrypted HTTP URL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby1.9.1/+bug/1467716/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1476769] Re: When activating OpenVPN without DHCP6, random traffic will be routed without VPN
** Changed in: network-manager (Ubuntu) Status: New => Confirmed ** Changed in: openvpn (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1476769 Title: When activating OpenVPN without DHCP6, random traffic will be routed without VPN To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1476769/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1279826] Re: CVE-2013-7108
** Also affects: nagios3 (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: icinga (Ubuntu Wily) Importance: Undecided Status: Fix Released ** Also affects: nagios3 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: icinga (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: nagios3 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: icinga (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: nagios3 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: icinga (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: icinga (Ubuntu Precise) Status: New => Confirmed ** Changed in: icinga (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: icinga (Ubuntu Trusty) Status: New => Fix Released ** Changed in: icinga (Ubuntu Vivid) Status: New => Fix Released ** Changed in: nagios3 (Ubuntu Precise) Importance: Undecided => Low ** Changed in: nagios3 (Ubuntu Precise) Status: New => Confirmed ** Changed in: nagios3 (Ubuntu Trusty) Importance: Undecided => Low ** Changed in: nagios3 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: nagios3 (Ubuntu Vivid) Importance: Undecided => Low ** Changed in: nagios3 (Ubuntu Vivid) Status: New => Confirmed ** Changed in: nagios3 (Ubuntu Wily) Importance: Undecided => Low ** Changed in: nagios3 (Ubuntu Wily) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in Ubuntu. https://bugs.launchpad.net/bugs/1279826 Title: CVE-2013-7108 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icinga/+bug/1279826/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1357018] Re: image format and state load security updates tracking bug
These updates were published a long time ago. Closing. ** Changed in: qemu (Ubuntu Trusty) Status: Confirmed => Fix Released ** Changed in: qemu-kvm (Ubuntu Precise) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1357018 Title: image format and state load security updates tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1357018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1394403] Re: RewriteRule of ^$ is broken
NACK on the debdiff. It doesn't use the actual fix that went into Apache 2.4. It uses a proposed patch from the bug that wasn't the way it was ultimately fixed. Please prepare a new debdiff with the following commit: https://github.com/apache/httpd/commit/f0529e54b8d889322b5113eb623e263556bfa28e Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1394403 Title: RewriteRule of ^$ is broken To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1394403/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1485807] Re: Fix for CVE-2015-5600 can sometimes erroneously block logins
*** This bug is a duplicate of bug 1485719 *** https://bugs.launchpad.net/bugs/1485719 ** This bug has been marked a duplicate of bug 1485719 Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1485807 Title: Fix for CVE-2015-5600 can sometimes erroneously block logins To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1485807/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1485719] Re: Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures
I have uploaded updated packages to fix this issue to the following PPA: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Please test and see if they fix the issue in your environment. If they do, and they pass QA, I will publish them as security updates tomorrow. Thanks. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1485719 Title: Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1485719/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1485719] Re: Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures
** Also affects: openssh (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Vivid) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: openssh (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: openssh (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: openssh (Ubuntu Wily) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: openssh (Ubuntu Precise) Status: New = Confirmed ** Changed in: openssh (Ubuntu Trusty) Status: New = Confirmed ** Changed in: openssh (Ubuntu Vivid) Status: New = Confirmed ** Changed in: openssh (Ubuntu Wily) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1485719 Title: Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1485719/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
ACK on the debdiffs, they look good. Thanks! Uploaded for processing by the SRU team. ** Changed in: openldap (Ubuntu Utopic) Status: New = In Progress ** Changed in: openldap (Ubuntu Vivid) Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469168] Re: localhost is listed as a debian-server (and everything is included to fix it)
Looks good, ACK. Uploaded. Thanks! ** Changed in: nagios3 (Ubuntu) Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in Ubuntu. https://bugs.launchpad.net/bugs/1469168 Title: localhost is listed as a debian-server (and everything is included to fix it) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1469168/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1427406] Re: data corruption on arm64 and ppc64el
I'm sorry, but I don't see how we can carry these patches in the Ubuntu MySQL packages. Since Oracle no longer discloses details of their MySQL security vulnerabilities, we have no other choice than to upgrade to their latest upstream version when they publish vulnerability details. This implies that we are relying on their internal testing for each release. Adding these patches will prevent us from being able to update to a new MySQL version as soon as it is available as the patches will require porting and testing. Diverging from upstream also means we aren't actually running the code that has passed their testing. On top of that, there is no clear indication these patches will actually end up in the next MySQL version, as there is a contributor agreement issue. Due to these reasons, I have to object to carrying these patches in Ubuntu. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1427406 Title: data corruption on arm64 and ppc64el To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1427406/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1427406] Re: data corruption on arm64 and ppc64el
After discussing my concerns with dannf and rbasak on irc, we have come to the following: - We are aware of this issue, and are making reasonable efforts to ensure that users are not impacted. However, as highlighted by point (5) below, there may be circumstances in which we have to regress this fix in order to ensure a security patch will be applied. - dannf's team has commitment from Oracle to fix broken archs in some future version - patches are only applied to affected archs - MySQL updates are usually available before Oracle's quarterly security notice is published (Quarterly security notice can be viewed here: http://www.oracle.com/technetwork/topics/security/alerts-086861.html ) 1) dannf's team will figure out how to be notified of a new micro release 2) dannf's team will update a PPA w/ the new micro release before quarterly security notice (~6 weeks generally, but can be immediate) * In the event where a new MySQL version is published at the same time as the quarterly security notice, dannf's team will update the PPA with updated patches no more than 2 working days after publication 3) dannf's team will test the updated PPA on arm64 (ppc64el will not be explicitly tested) 4) security team will pull updated patches from ppa when preparing security updates. Security updates will not be tested on affected architectures 5) Security updates will not be held back if there is a problem with the patch. If necessary, arm64/ppc64el users will be regressed by the security team issuing an update with the patch dropped. If the patch is dropped, a notice will be added to the Ubuntu Security Notice. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1427406 Title: data corruption on arm64 and ppc64el To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1427406/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1475294] [NEW] mysql 5.5.44, 5.6.25 security update tracking bug
*** This bug is a security vulnerability *** Public security bug reported: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html ** Affects: mysql-5.5 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Precise) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Precise) Importance: Undecided Status: Invalid ** Affects: mysql-5.5 (Ubuntu Trusty) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Trusty) Importance: Undecided Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Utopic) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.6 (Ubuntu Utopic) Importance: Undecided Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Vivid) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Vivid) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: mysql-5.5 (Ubuntu Wily) Importance: Undecided Status: Invalid ** Affects: mysql-5.6 (Ubuntu Wily) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: mysql-5.5 (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu) Importance: Undecided Status: New ** Changed in: mysql-5.5 (Ubuntu) Status: New = Invalid ** Changed in: mysql-5.5 (Ubuntu Precise) Status: New = Confirmed ** Changed in: mysql-5.5 (Ubuntu Trusty) Status: New = Confirmed ** Changed in: mysql-5.5 (Ubuntu Utopic) Status: New = Confirmed ** Changed in: mysql-5.5 (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: mysql-5.5 (Ubuntu Trusty) Importance: Undecided = Medium ** Changed in: mysql-5.5 (Ubuntu Utopic) Importance: Undecided = Medium ** Changed in: mysql-5.5 (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Utopic) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.6 (Ubuntu) Status: New = Confirmed ** Changed in: mysql-5.6 (Ubuntu) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Also affects: mysql-5.5 (Ubuntu Wily) Importance: Undecided Status: Invalid ** Also affects: mysql-5.6 (Ubuntu Wily) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: mysql-5.5 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Vivid) Importance: Undecided Status: New ** Changed in: mysql-5.5 (Ubuntu Vivid) Status: New = Invalid ** Changed in: mysql-5.6 (Ubuntu Precise) Status: New = Invalid ** Changed in: mysql-5.6 (Ubuntu Trusty) Status: New = Invalid ** Changed in: mysql-5.6 (Ubuntu Trusty) Status: Invalid = Confirmed ** Changed in: mysql-5.6 (Ubuntu Utopic) Status: New = Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Importance: Undecided = Medium ** Changed in: mysql-5.6 (Ubuntu Vivid) Status: New = Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.6 (Ubuntu Wily) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.5 in Ubuntu. https://bugs.launchpad.net/bugs/1475294 Title: mysql 5.5.44, 5.6.25 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1475294/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1451539] Re: tomcat7 fails to build in trusty (updated openjdk-7?)
Should be fixed in (7.0.52-1ubuntu0.3) by: * Replace expired ssl certs and use TLS to fix tests causing FTBFS: - debian/patches/0022-use-tls-in-ssl-unit-tests.patch - debian/patches/0023-replace-expired-ssl-certificates.patch - debian/source/include-binaries ** Changed in: tomcat7 (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1451539 Title: tomcat7 fails to build in trusty (updated openjdk-7?) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1451539/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1465014] Re: after update still vulnerable against LOGJAM
** Also affects: firefox (Ubuntu) Importance: Undecided Status: New ** Changed in: firefox (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1465014 Title: after update still vulnerable against LOGJAM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1465014/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
The actual fix that went into wily is:
# pid files and sockets
/{,var/}run/slapd/* w,
/{,var/}run/slapd/ldapi rw,
/{,var/}run/nslcd/socket rw,
Ryan, could you please update your proposed debdiffs to reflect the
actual changes that went into the development release?
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1392018
Title:
apparmor stops /var/run/ldapi from being read causing ldap to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1464881] Re: package apache2-utils (not installed) failed to install/upgrade: 正试图覆盖 /usr/sbin/httxt2dbm,它同时被包含于软件包 apache2.2-bin 2.2.14-5ubuntu8.15
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1464881 Title: package apache2-utils (not installed) failed to install/upgrade: 正试图覆盖 /usr/sbin/httxt2dbm,它同时被包含于软件包 apache2.2-bin 2.2.14-5ubuntu8.15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1464881/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1197884] Re: apache2.2 SSL has no forward-secrecy: need ECDHE keys
There is a test package for precise available here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Once it has gone through testing, it will be published as an update. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1197884 Title: apache2.2 SSL has no forward-secrecy: need ECDHE keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445906] Re: 5.6.24 security update
Thanks for the diff in comment #2, but that's not a valid approach for updating the package in trusty. Someone needs to actually update the package in trusty using the mysql 5.6.24 tarball from the vivid package. ** Changed in: mysql-5.6 (Ubuntu Trusty) Status: Fix Committed = Confirmed ** Changed in: mysql-5.6 (Ubuntu Utopic) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1445906 Title: 5.6.24 security update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1445906/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1395098] Re: Please merge openldap 2.4.40-4 (main) from Debian unstable (main)
ACK on the merge. Thanks! I've uploaded it to wily with a couple of changes: - removed the extra Disable mdb backend... from changelog - removed d/slapd.dirs: add etc/apparmor.d/force-complain from changelog, as it looks like that hasn't actually been done in a long time. Thanks! ** Changed in: openldap (Ubuntu) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1395098 Title: Please merge openldap 2.4.40-4 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1395098/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
ACK on the debdiffs, I've uploaded them for building. (I removed the extra patch, and changed the pocket to -security). What testing did you perform on these? ** Also affects: openldap (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Vivid) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1456864] Re: package apache2 2.4.10-1ubuntu1.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1456864 Title: package apache2 2.4.10-1ubuntu1.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1456864/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1197884] Re: apache2.2 SSL has no forward-secrecy: need ECDHE keys
I'll work on releasing this for precise next week. ** Changed in: apache2 (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1197884 Title: apache2.2 SSL has no forward-secrecy: need ECDHE keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1449975] Re: Security bugs are never fixed in the tomcat packages
Thanks for reporting this issue. You can track the security updates for tomcat 7 here: http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat7.html CVE-2014-0075, CVE-2014-0096 and CVE-2014-0099 have been published for trusty in this advisory: http://www.ubuntu.com/usn/usn-2302-1/ CVE-2014-0119, CVE-2014-0227 and CVE-2014-0230 have been rated as being low priority, which means we will include them in a security update once a more important issue comes up. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0230 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1449975 Title: Security bugs are never fixed in the tomcat packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1449975/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
** Bug watch added: bz.apache.org/bugzilla/ #55320 https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 ** Also affects: apache2 via https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 Importance: Unknown Status: Unknown ** Information type changed from Private Security to Public Security ** Changed in: apache2 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445906] Re: 5.6.24 security update
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: mysql-5.6 (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1445906 Title: 5.6.24 security update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1445906/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1444616] Re: mysql 5.5.43, 5.6.24 security update tracking bug
** Also affects: mysql-5.6 (Ubuntu) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: mysql-5.5 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: mysql-5.6 (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: mysql-5.5 (Ubuntu Vivid) Status: New = Invalid ** Changed in: mysql-5.6 (Ubuntu Precise) Status: New = Invalid ** Changed in: mysql-5.6 (Ubuntu Vivid) Importance: Undecided = Medium ** Changed in: mysql-5.6 (Ubuntu Vivid) Status: New = Confirmed ** Changed in: mysql-5.6 (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: mysql-5.5 (Ubuntu Precise) Status: New = Confirmed ** Changed in: mysql-5.5 (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Trusty) Importance: Undecided = Medium ** Changed in: mysql-5.5 (Ubuntu Trusty) Status: New = Confirmed ** Changed in: mysql-5.5 (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: mysql-5.5 (Ubuntu Utopic) Importance: Undecided = Medium ** Changed in: mysql-5.5 (Ubuntu Utopic) Status: New = Confirmed ** Changed in: mysql-5.5 (Ubuntu Utopic) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1444616 Title: mysql 5.5.43, 5.6.24 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1444616/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1444616] [NEW] mysql 5.5.43, 5.6.24 security update tracking bug
*** This bug is a security vulnerability *** Public security bug reported: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html ** Affects: mysql-5.5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.5 in Ubuntu. https://bugs.launchpad.net/bugs/1444616 Title: mysql 5.5.43, 5.6.24 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1444616/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1230917] Re: [SRU] php5-fpm logrotate errors after package switched to upstart
Debdiff in comment #35 looks good, uploading for processing by the SRU team. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1230917 Title: [SRU] php5-fpm logrotate errors after package switched to upstart To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1230917/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1230917] Re: [SRU] php5-fpm logrotate errors after package switched to upstart
** Changed in: php5 (Ubuntu Trusty) Status: Triaged = In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1230917 Title: [SRU] php5-fpm logrotate errors after package switched to upstart To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1230917/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1410383] Re: wrong process name match in logrotate script
Looks good. Uploaded to Trusty for processing by the SRU team Thanks! ** Changed in: puppet (Ubuntu) Status: Triaged = Fix Committed ** Changed in: puppet (Ubuntu Trusty) Status: Triaged = In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1410383 Title: wrong process name match in logrotate script To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1410383/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 246702] Re: [CVE-2008-1447] Randomize DNS query source ports to prevent cache poisoning
This is fixed in all currently-supported versions of Ubuntu. ** Changed in: glibc (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/246702 Title: [CVE-2008-1447] Randomize DNS query source ports to prevent cache poisoning To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/246702/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1436899] Re: enable ssl
*** This bug is a duplicate of bug 1097032 *** https://bugs.launchpad.net/bugs/1097032 It's not compiled with SSL support because of licensing reasons. ** Package changed: squidguard (Ubuntu) = squid3 (Ubuntu) ** Information type changed from Private Security to Public ** This bug has been marked a duplicate of bug 1097032 Please provide GNUTLS support in squid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/1436899 Title: enable ssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1436899/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1436707] Re: package libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 127
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1436707 Title: package libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 127 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1436707/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434999] Re: Creating a new VM in virt-manager fails because of apparmor permissions
** Package changed: virt-manager (Ubuntu) = libvirt (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1434999 Title: Creating a new VM in virt-manager fails because of apparmor permissions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1434999/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1432644] Re: VM permanently tries to read /dev/shm/lttng-ust-wait-5
** Package changed: virt-manager (Ubuntu) = libvirt (Ubuntu) ** Tags added: apparmor -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1432644 Title: VM permanently tries to read /dev/shm/lttng-ust-wait-5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1432644/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0
Support for the TLSv1.1 and TLSv1.2 configuration options was added to Apache 2.2.24. The version of Apache in Ubuntu 12.04 is 2.2.22, hence it needs to have the following commit backported to be able to specifically use TLSv1.1 and TLSV1.2 in the SSLProtocol directive: https://svn.apache.org/viewvc?view=revisionrevision=1445104 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack
While apache in Ubuntu 12.04 does support TLSv1.2, it doesn't allow specifying the configuration options to selectively disable TLSv1.0. The following commit needs to be backported: https://svn.apache.org/viewvc?view=revisionrevision=1445104 ** Package changed: openssl (Ubuntu) = apache2 (Ubuntu) ** Summary changed: - Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack + Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0
This is a connection to the default configuration of apache on Ubuntu 12.04, showing it does support TLSv1.2: $ openssl s_client -tls1_2 -connect test-precise:443 snip New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: DHE-RSA-AES256-GCM-SHA384 snip ** Also affects: apache2 (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu) Status: Confirmed = Fix Released ** Changed in: apache2 (Ubuntu Precise) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Precise) Importance: Undecided = Wishlist -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1432555] Re: Please fix handling of cookies on redirect
** Changed in: requests (Ubuntu Vivid) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to requests in Ubuntu. https://bugs.launchpad.net/bugs/1432555 Title: Please fix handling of cookies on redirect To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/requests/+bug/1432555/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1432555] Re: Please fix handling of cookies on redirect
** Package changed: python-requests (Ubuntu) = requests (Ubuntu) ** Also affects: requests (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506 Importance: Unknown Status: Unknown ** Also affects: requests (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: requests (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: requests (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: requests (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: requests (Ubuntu Precise) Status: New = Confirmed ** Changed in: requests (Ubuntu Trusty) Status: New = Confirmed ** Changed in: requests (Ubuntu Utopic) Status: New = Confirmed ** Changed in: requests (Ubuntu Vivid) Status: New = Confirmed ** Changed in: requests (Ubuntu Precise) Status: Confirmed = Invalid ** Changed in: requests (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: requests (Ubuntu Utopic) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: requests (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to requests in Ubuntu. https://bugs.launchpad.net/bugs/1432555 Title: Please fix handling of cookies on redirect To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/requests/+bug/1432555/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1427884] Re: Merge vsftpd 3.0.2-18 (main) from Debian unstable (main)
ACK on the debdiff in comment #6, uploaded to vivid. Thanks! ** Changed in: vsftpd (Ubuntu) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vsftpd in Ubuntu. https://bugs.launchpad.net/bugs/1427884 Title: Merge vsftpd 3.0.2-18 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1427884/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1427884] Re: Merge vsftpd 3.0.2-18 (main) from Debian unstable (main)
I looked at the debian-ubuntu debdiff, and it FTBFS because you dropped dh-apport from debian/control. How did you get this to compile? Please fix it, and test compile this before submitting it again. ** Changed in: vsftpd (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vsftpd in Ubuntu. https://bugs.launchpad.net/bugs/1427884 Title: Merge vsftpd 3.0.2-18 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1427884/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1410383] Re: wrong process name match in logrotate script
** Package changed: puppetmaster (Ubuntu) = puppet (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1410383 Title: wrong process name match in logrotate script To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1410383/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1230917] Re: [SRU] php5-fpm logrotate errors after package switched to upstart
Nack on the debdiff. The package in utopic adds a script called php5-fpm-reopenlogs which correctly parses /etc/php5/fpm/php-fpm.conf to obtain the pid file location in instead of hardcoding it to /run/php5-fpm.pid. Pushing an SRU that hardcodes that location may break existing setups. Please backport the changes from the utopic package instead of using a hardcoded location. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1230917 Title: [SRU] php5-fpm logrotate errors after package switched to upstart To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1230917/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1230917] Re: [SRU] php5-fpm logrotate errors after package switched to upstart
Unsubscribing ubuntu-sponsors for now, please re-subscribe the group once a fixed debdiff has been attached to this bug. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1230917 Title: [SRU] php5-fpm logrotate errors after package switched to upstart To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1230917/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1342709] Re: mysql 5.5.38 security update tracking bug
** Changed in: percona-xtradb-cluster-5.5 (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.5 in Ubuntu. https://bugs.launchpad.net/bugs/1342709 Title: mysql 5.5.38 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1342709/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1424129] Re: package python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.6 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration
Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see https://wiki.ubuntu.com/Bugs/FindRightPackage . Additionally, in the report please include: 1) The release of Ubuntu you are using, via 'cat /etc/lsb-release' or System - About Ubuntu. 2) The version of the package you are using, via 'dpkg -l PKGNAME | cat' or by checking in Synaptic. 3) What happened and what you expected to happen. The Ubuntu community has also created debugging procedures for a wide variety of packages at https://wiki.ubuntu.com/DebuggingProcedures . Following the debugging instructions for the affected package will make your bug report much more complete. Thanks! ** Information type changed from Private Security to Public ** Changed in: samba (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1424129 Title: package python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.6 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1424129/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1425141] Re: mod_headers CVE-2013-5704
** Information type changed from Private Security to Public Security ** Also affects: apache2 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu Lucid) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Vivid) Status: New = Fix Released ** Changed in: apache2 (Ubuntu Utopic) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Trusty) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Precise) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Lucid) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Precise) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Trusty) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Utopic) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1425141 Title: mod_headers CVE-2013-5704 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1425141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1423031] Re: NSS incorrectly preferring a longer, weaker chain over a shorter, stronger chain
** Also affects: nss (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Vivid) Importance: Undecided Status: Confirmed ** Also affects: nss (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: nss (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Utopic) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Lucid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Lucid) Status: New = Confirmed ** Changed in: nss (Ubuntu Precise) Status: New = Confirmed ** Changed in: nss (Ubuntu Trusty) Status: New = Confirmed ** Changed in: nss (Ubuntu Utopic) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1423031 Title: NSS incorrectly preferring a longer, weaker chain over a shorter, stronger chain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1423031/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1418778] Re: Stack smashing while using a lot of connections
Actually, it will be published on monday as we don't typically publish updates on friday. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libfcgi in Ubuntu. https://bugs.launchpad.net/bugs/1418778 Title: Stack smashing while using a lot of connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1418778/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1418778] Re: Stack smashing while using a lot of connections
ACK on the debdiff. Looks good. Uploaded for building with a slight version change, and will be released today. Thanks! ** Changed in: libfcgi (Ubuntu Precise) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libfcgi in Ubuntu. https://bugs.launchpad.net/bugs/1418778 Title: Stack smashing while using a lot of connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1418778/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1418778] Re: Stack smashing while using a lot of connections
** Also affects: libfcgi (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: libfcgi (Ubuntu Precise) Status: New = Confirmed ** Changed in: libfcgi (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libfcgi in Ubuntu. https://bugs.launchpad.net/bugs/1418778 Title: Stack smashing while using a lot of connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1418778/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1417274] Re: CVE-2015-0221 backport broke serving static content through GZipMiddleware
OK, I've now uploaded (1.3.1-4ubuntu1.15) for precise in the same PPA with a less intrusive backport. Could you give it a try, please? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1417274 Title: CVE-2015-0221 backport broke serving static content through GZipMiddleware To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1417274/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
