This unfortunately doesn't work by default in ubuntu because the setting
for audit.conf in /usr/share/logwatch/services/ points to the 'messages'
logfile which is no longer used in ubuntu. It should either be 'syslog'
or 'kernel'.
A secondary issue is that if auditd is enabled, events will only
Thanks for reporting this issue; however, it was already addressed in
USN 989-1: http://www.ubuntu.com/usn/usn-989-1/.
** Changed in: php5 (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Thanks for teporting this issue. PHP in Ubuntu uses libmysqlclient, not
mysqlnd, and thus was not affected by this vulnerability.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4700
** Changed in: php5 (Ubuntu)
Status: Confirmed = Invalid
--
You received this bug
*** This bug is a duplicate of bug 813115 ***
https://bugs.launchpad.net/bugs/813115
Thanks for reporting this issue. It had already been reported as bug
813115, which is in progress and which I'm marking this a duplicate of.
Please address all further comments around this vulnerability
Thanks for reporting this issue, which is CVE-2011-0419. It's a
vulnerability in apache's apr library, which in Ubuntu is shipped in the
separate 'apr' source package, and the apache packages links against it.
It was addressed in USN-1134-1 http://www.ubuntu.com/usn/usn-1134-1.
** CVE added:
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2484
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/852865
Title:
strrchr() functions information leak
To manage
Thanks for reporting this issue. It has been addressed in Ubuntu 10.10
(maverick) and newer. For Ubuntu 10.04 LTS (lucid), I'll be applying the
upstream fix for it. For Ubuntu 8.04 LTS (hardy), upstream never fixed
this issue in the php 5.2 branch, and backporting the fix is non-trivial
and thus
Thanks for reporting this issue. This issue only affects Ubuntu 8.04
LTS, despite what the securityfocus link above says. It will be
addressed in a forthcoming php update.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
(Ubuntu Lucid)
Importance: Undecided = Low
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/852871
** Changed in: php5 (Ubuntu)
Status: Confirmed = Fix Released
** Changed in: php5 (Ubuntu Hardy)
Status: New = In Progress
** Changed in: php5 (Ubuntu Hardy)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Hardy)
Importance: Undecided = Low
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2202
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3182
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
: (unassigned) = Steve Beattie (sbeattie)
** Changed in: apache2 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: apache2 (Ubuntu Maverick)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: apache2 (Ubuntu Natty)
Assignee: (unassigned) = Steve
Unfortunately, the version in oneiric-proposed was superceded by a
security update to krb5 (though the versioning of the proposed version
doesn't correctly reflect that) in USN 1233-1
http://www.ubuntu.com/usn/usn-1233-1/.
Attached is a debdiff against the version of krb5 in oneiric-security,
** Patch added: krb5_1.9.1+dfsg-1ubuntu2.1.debdiff
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/874130/+attachment/2559171/+files/krb5_1.9.1%2Bdfsg-1ubuntu2.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in
This appears to be the issue:
ERROR: Module reqtimeout does not exist!
mod_reqtimeout should be provided by the apache2.2-bin package. Is it
installed and in a consistent state?
** Changed in: php5 (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you
Thanks, Michael, I expect packages to go out in the next couple of days.
FYI, the lucid debdiff you posted did not include an edit to
debian/patches/00list, so I don't believe it's getting applied in your
ppa build.
--
You received this bug notification because you are a member of Ubuntu
Server
I was able to reproduce this issue with squid 2.7.STABLE9-2ubuntu5.1,
and have verified that the version in maverick-proposed,
2.7.STABLE9-2ubuntu5.2 appears to fix the issue. After upgrading, squid
continued to function as expected. Marking verification-done.
** Tags removed: verification-needed
/viewvc?view=revisionrevision=323007, plus there's
an additional memory leak addressed by
http://svn.php.net/viewvc?view=revisionrevision=323013).
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0830
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie
Thanks for taking the time to report this issue and help improve Ubuntu.
While from a programmer's perspective, it's unexpected behavior;
however, it is correct as documented at:
http://php.net/manual/en/language.operators.comparison.php
What's happening is that when comparing a string to a
BIll,
The /usr/lib/php5/maxlifetime script is already dividing the result by
60; if you run it with the default settings, you will see that it
returns 24 (the expected number of minutes). So your patch should not be
necessary. Is that not the behavior you see? What does it output if you
run it
** Changed in: php5 (Ubuntu)
Status: Incomplete = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/908154
Title:
PHP session garbage collection measured in minutes
Yes, this has been fixed in hardy (8.04 LTS); however, I forgot to
incorporate the bug number in the changelog entry for the hardy version.
You are correct that this issue has not been addressed in precise, yet.
As for CVE-2012-0830, there is no separate bug report; the security team
doesn't
in: php5 (Ubuntu Lucid)
Assignee: Canonical Security Team (canonical-security) = Steve Beattie
(sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/930115
Title:
php5 5.3.2
Yes, as Ondřej said, all supported releases were affected and the issue
was that ini_get('magic_quotes_gpc') was returning the wrong value,
magic_quotes_gpc would still get set correctly. Also,
get_magic_quotes_gpc() returned the correct value, too.
Fixes for all releases have gone out as
Hakan, note that the php source package includes a quilt series of
patches to be applied in the debian/patches/ directory. This includes
the php-suhosin patch which adds the file that make is reporting
missing. You may wish to read the Quilt for Debian Maintainers page at
Note that Ubuntu, like many linux distributions, backports security
fixes rather than upgrading to new versions of software to attempt to
prevent the introduction of regressions and changes in behavior in
released versions of software.
CVE-2010-3069 was addressed in
Also, you can check the status yourself of the CVEs we are aware of at
the Ubuntu Security cve tracker: http://people.canonical.com/~ubuntu-
security/cve/
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
This was addressed in precise in the 5.3.10-1ubuntu1 merge, closing.
** Changed in: php5 (Ubuntu Precise)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
This was fixed for Ubuntu 8.04 LTS (hardy) in 2.2.8-1ubuntu0.22 as
referred to in USN http://www.ubuntu.com/usn/usn-1259-1 ; closing.
** Changed in: apache2 (Ubuntu Hardy)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/956581
Title:
Stack Buffer Overflow in HTTP Manager
To manage notifications about this bug go to:
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/956580
Title:
Remote Crash Vulnerability in Milliwatt Application
To manage notifications about
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/956578
Title:
Remote crash vulnerability in SIP channel driver
To manage notifications about this
Hi Paul,
When compiling with your added patches, a new compiler warning pops up:
+chan_sip.c: In function 'parse_register_contact':
+chan_sip.c:13312:2: warning: implicit declaration of function
'parse_uri_legacy_check' [-Wimplicit-function-declaration]
greping through the source, I don't see
Hi, can you attach the profiles in question? That will help in
diagnosing the issue.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969228
Title:
Unable to load another apparmor
Public bug reported:
The squid (v2) package had all of the hardening options enabled (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542723) due to squid
receiving and parsing network input and the number of and severity of
prior security issues; however, with the transition to squid3 some
For more details on the hardening options, please see
http://wiki.debian.org/Hardening
Attached is a debdiff for precise-proposed SRU that addresses the issue
as well as fixes the file descriptor limit in bug 986159. I've built and
confirmed both issues locally, as well as performed a modicum of
Hi,
I've attached a debidff to bug 986314 that addresses that issue as well
as this one for an SRU.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/986159
Title:
squid3 open file
** Changed in: squid3 (Ubuntu)
Importance: Undecided = High
** Tags added: qa-r-t regression-release
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/986314
Title:
squid3 missing
** Changed in: squid3 (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/986159
Title:
squid3 open file descriptors limit is set incorrectly
** Bug watch added: Debian Bug tracker #669684
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669684
** Also affects: squid3 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669684
Importance: Unknown
Status: Unknown
--
You received this bug notification because
Hi,
Sorry for losing track of the issue.
I was getting corrupted headers where because one header had multiple
NULLs in it, when dovecot wrote the message back, it ended up dropping
that header and merging/corrupting another header. The example I came up
with was where the original message
I believe upstream attempted to address this in
https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
This was fixed in oneiric with the introduction of openssl 1.0.0. On
precise:
$ openssl ciphers CAMELLIA
DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:CAMELLIA128-SHA
Marking this bug report
** Also affects: nova (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1010514
Title:
Source group based security group rule without
** Changed in: nova (Ubuntu Oneiric)
Status: New = In Progress
** Changed in: nova (Ubuntu Precise)
Status: New = In Progress
** Changed in: nova (Ubuntu Oneiric)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: nova (Ubuntu Precise)
Assignee: (unassigned
This is a low priority issue due to the required privileges needed to
exploit it.
** Changed in: krb5 (Ubuntu)
Importance: Undecided = Low
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1012
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1014
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1015
--
You received this bug notification because you are a member
Thanks Scott, I'm reviewing the natty, oneiric, and precise debdiffs
now.
** Changed in: clamav (Ubuntu Natty)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: clamav (Ubuntu Precise)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: clamav (Ubuntu
Dave, this was fixed for Ubuntu precise in
http://www.ubuntu.com/usn/usn-1466-1/ (2012.1-0ubuntu2.2). Thanks.
** Changed in: nova (Ubuntu Precise)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Clint,
Thanks, debdiff looks good. I'll push this out today.
** Changed in: juju (Ubuntu Precise)
Status: Confirmed = In Progress
** Changed in: juju (Ubuntu Precise)
Assignee: Clint Byrum (clint-fewbar) = Steve Beattie (sbeattie)
--
You received this bug notification because you
Clint,
FYI, I slightly modified the patch headers to make them DEP-3 compliant
(added Subject: lines with brief descriptions of the issues they
address).
Unsubscribing ubuntu-security-sponsors since there is no more open tasks
for that team to undertake.
Thanks!
--
You received this bug
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2094
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2144
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
This was fixed in Ubuntu 12.04 LTS in
http://www.ubuntu.com/usn/usn-1552-1/ but still needs to be fixed in
quantal (ubuntu 12.10). Attached is a debdiff to do so.
** Patch added: keystone_2012.2~f3-0ubuntu2.debdiff
** Changed in: keystone (Ubuntu)
Status: New = Triaged
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1040626
Title:
Update user's default tenant partially succeeds without
Addressed in Ubuntu 12.10 with keystone
2012.2~rc1~20120906.2517-0ubuntu2.
** Changed in: keystone (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
Thanks for reporting this, we are aware of it and are working on an
update. Marking as public.
** Changed in: bind9 (Ubuntu)
Importance: Undecided = High
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Public bug reported:
Binary package hint: elinks
elinks accepts self-signed certificates without warning or raising an
error. Sadly, this is a regression that got introduced somewhere between
hardy and karmic. With hardy's version (0.11.3-5ubuntu2):
# elinks -dump -eval 'set
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to elinks in Ubuntu.
https://bugs.launchpad.net/bugs/769354
Title:
elinks accepts self-signed ssl certificates without warning
--
Ubuntu-server-bugs mailing list
Reproduced, thanks for the report and the pointer.
** Changed in: php5 (Ubuntu)
Status: New = Confirmed
** Changed in: php5 (Ubuntu)
Importance: Undecided = High
** Changed in: php5 (Ubuntu)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification
Removing the reference to CVE-2010-3710; that was fixed in USN 1042-1
(http://www.ubuntu.com/usn/usn-1042-1) and is a separate issue anyway.
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3710
--
You received this bug notification because you are a member of Ubuntu
ndefontenay: what release are you seeing this in? I can't reproduce the
lstat() warnings; however, the Fatal Error due to the PEAR::raiseErro()
typo unfortunately affects all releases.
I'm currently testing the fix for this, and will hopefully be able to
release it soon.
Thanks for your patience
Joey: yes, I expect to release updated packages within the next 24
hours. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/776642
Title:
segfaults from 5.2.4-2ubuntu5.15
--
Public bug reported:
Attempting to start dovecot with the default configuration on oneiric
fails:
$ sudo start dovecot
dovecot stop/waiting
$ ps auwwx | grep dovecot
ubuntu8793 0.0 0.1 4188 876 pts/0S+ 13:17 0:00 grep
--color=auto dovecot
This is because the
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/792557
Title:
dovecot fails to start on oneiric
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Note that it's not a security issue in this context as perl blocks
format string issues; Modification of a read-only value attempted at
/usr/bin/mysqlhotcopy line 459 is perl blocking the issue.
** Changed in: mysql-5.1 (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug
** Changed in: mysql-5.1 (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/781982
Title:
Format string bug in mysqldumpslow
To manage
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to elinks in Ubuntu.
https://bugs.launchpad.net/bugs/769354
Title:
elinks accepts self-signed ssl certificates without warning
To
Attached is a debdiff for the merge of apache 2.2.20-1 (I was unable to
do this via bzr due to bug 842144). I've verified that the package
builds on i386 and amd64 and ran the lp:qa-regression-testing tests
against that package, and confirmed that no regressions occur.
** Description changed:
And here is the debdiff of 2.2.20-1ubuntu1 against 2.2.20-1, to show
just the ubuntu changes to the package.
** Patch added: apache2-2.2.20-1_2.2.20-1ubuntu1.diff
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991/+attachment/2362703/+files/apache2-2.2.20-1_2.2.20-1ubuntu1.diff
**
Paweł,
Can you confirm that sending a request with an overlapping byte range
e.g.:
HEAD / HTTP/1.1
Host: localhost
Range:bytes=1-15,10-35,8-9,14-22,0-5,23-
Accept-Encoding: gzip
Connection: close
returns 200 OK?
Perhaps you could report what modules you have loaded? apache2ctl -t -D
Paweł and Upen, thanks for following up. Based on your comments, I'm
going to close this bug report; please re-open it if you find any
evidence that suggests the fix for CVE-2011-3192 is incomplete.
Stefan, thanks for chiming in.
** CVE added: http://www.cve.mitre.org/cgi-
Beattie (sbeattie)
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Maverick)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Natty)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You
I reproduced the initial problem using nut-2.2.1-2.1ubuntu7. I verified
that using the package in -proposed, nut-2.2.1-2.1ubuntu7.1, corrects
the issue, but *only* if the -proposed package is a new installation of
the nut package. Upgrading to the nut package in -proposed from the
version released
I am unable to reproduce the initial reporters problem with a fresh
install of the original version shipped with Hardy, munin-node
1.2.5-2ubuntu3. Perhaps we can get a better test case here?
I did verify the package in -proposed, munin-node 1.2.5-2ubuntu3.1, does
show the list of available
. That's fine for going forward, but it leaves
people who have attempted to use the released package with their problem
unaddressed by the update. If that's sufficient for releasing an update,
then go ahead, I was just attempting to report the results I found.
Thanks.
--
Steve Beattie
[EMAIL PROTECTED
Chuck or anyone else, can you improve the test case by giving a sample
configuration for testing this bug fix? This is one of the bugfixes we'd
like people to try to verify in the special SRU BugHug day tomorrow:
https://wiki.ubuntu.com/UbuntuBugDay/20080624
Thanks!
--
[SRU] SIGSEGV in
** Description changed:
Binary package hint: bacula
bacula-fd has a know bug/crash when the strippath option is used.
more information here: http://bugs.bacula.org/view.php?id=1047
The upstream bug has not been fixed in 2.2.8!!
+
+ TEST CASE:
+ 1. apt-get install bacula-server
I successfully reproduced the faulty behavior in the version of php5 in
dapper-updates, 5.1.2-1ubuntu3.10. I then upgraded the php5 related
packages to version in dapper-proposed and can confirm that these do
correct the behavior above.
I've also re-run the php5 component from the
** Also affects: lsb (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478871
Importance: Unknown
Status: Unknown
--
Reload action on init script kills daemon
https://bugs.launchpad.net/bugs/252686
You received this bug notification because you are a member of Ubuntu
*** This bug is a duplicate of bug 252686 ***
https://bugs.launchpad.net/bugs/252686
Marking as a duplicate of LP# 252686, which is still open as a possible
Hardy Stable Release Update.
** This bug has been marked a duplicate of bug 252686
Reload action on init script kills daemon
--
** Bug watch added: Debian Bug tracker #477646
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646
** Also affects: suphp (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646
Importance: Unknown
Status: Unknown
--
php5-cgi not working with suphp in Hardy
** Also affects: bind9 (Mandriva) via
http://qa.mandriva.com/show_bug.cgi?id=43966
Importance: Unknown
Status: Unknown
--
[intrepid] bind9/named IPv6 unusable
https://bugs.launchpad.net/bugs/249824
You received this bug notification because you are a member of Ubuntu
Server Team,
I am able to reproduce this error with php5-xmlrpc 5.2.4-2ubuntu5.3 from
hardy-updates on i386, and can confirm that php5-xmlrpc
5.2.4-2ubuntu5.4 in hardy-proposed address the issue. It also passes the
security team's regression tests (I've added the above to their
testsuite).
More checks for
One last comment: I rebuilt the php package (on i386) using the sources
in hardy-proposed; as part of its build, php runs a fairly extensive set
of regression tests. There are a couple of new failures versus the
results (recorded in the security team's qa-regression-testing bzr tree)
from
This bug was found in the Intrepid development cycle; removing
regression-potential and marking as regression-release.
** Tags added: regression-release
** Tags removed: regression-potential
--
[intrepid] IPv6 unusable
https://bugs.launchpad.net/bugs/249824
You received this bug notification
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
the warning.
--
Steve Beattie
sbeat...@ubuntu.com
http://NxNW.org/~steve/
--
fopen fails on some SSL urls
https://bugs.launchpad.net/bugs/592442
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Okay, as pointed out in an earlier comment, the self-signed certificate
bit is a red-herring.
The failure on maverick looks like it's somehow related to how openssl
is attempting to negotiate RFC4507bis session tickets, as running
openssl s_client with -no_ticket also works; e.g.: openssl
Hi Serge,
I've gone ahead and uploaded clamav packages to the ubuntu-security-
proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ppa/ ; please test and report feedback here.
In doing so, I ran in to a few issues with your debdiff, mostly having
to do with your changelog
Also, it would be great if there are proof of concept documents for
these issues that testcases based on them be added to the lp:qa-
regression-testing tests for clamav.py (i.e. http://bazaar.launchpad.net
/~ubuntu-bugcontrol/qa-regression-
testing/master/annotate/head%3A/scripts/test-clamav.py )
I've confirmed that marking the double variables as volatile in
maverick's php causes the infinite loop not to get triggered on i386
(and think I understand why that's the case). However, attempts to
reproduce the issue with php from 9.10 (karmic), 8.04 (hardy), and 6.06
(dapper) fail for no
** Changed in: php5 (Ubuntu)
Status: New = Confirmed
** Changed in: php5 (Ubuntu)
Importance: Undecided = High
** Changed in: php5 (Ubuntu)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team
This looks to be the relevant upstream bug
http://bugs.php.net/bug.php?id=53352 and commit:
http://svn.php.net/viewvc?view=revisionrevision=305698 that fixed it.
I'm building and testing packages with that commit applied to verify it
fixes the issue.
** Bug watch added: bugs.php.net/ #53352
The trailing slash issue was fixed with usn-1042-2
(http://www.ubuntu.com/usn/usn-1042-2); my apologies for messing up the
changelog bug reference.
Andrea, I've reproduced the behavior you're seeing on all Ubuntu
releases, as well as debian's 5.3.3-7 package in unstable. I've
discussed it briefly
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
It looks like, with the exception of the added success resolving after
reducing the advertised EDNS UDP packet size pattern, these issues got
fixed upstream differently in
http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/services/named?r1=11r2=15
; however, those fixes have not
1 - 100 of 191 matches
Mail list logo