python-django (1.8.7-1ubuntu5.7) xenial-security; urgency=medium
* SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
django/views/defaults.py, add test to tests/handlers/tests.py.
- CVE-2019-3498
Date: 2019-01-
nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: side-channel attack on ECDSA signatures
- debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
- CVE-2018-0495
* SECURITY UPDATE: ServerHello.rand
python-django (1.8.7-1ubuntu5.7) xenial-security; urgency=medium
* SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
django/views/defaults.py, add test to tests/handlers/tests.py.
- CVE-2019-3498
Date: 2019-01-
nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: side-channel attack on ECDSA signatures
- debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
- CVE-2018-0495
* SECURITY UPDATE: ServerHello.rand
xrdp (0.6.1-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Fixes a VNC security issue where the VNC password file is
based on the user password.
- debian/patches/CVE-2013-1430-1.patch: sesman: change vnc password file
to guid
- debian/patches/CVE-2013-1430-2.pat
xrdp (0.6.1-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Fixes a VNC security issue where the VNC password file is
based on the user password.
- debian/patches/CVE-2013-1430-1.patch: sesman: change vnc password file
to guid
- debian/patches/CVE-2013-1430-2.pat