[ubuntu/xenial-updates] pulseaudio 1:8.0-0ubuntu3.14 (Accepted)

pulseaudio (1:8.0-0ubuntu3.14) xenial-security; urgency=medium * SECURITY UPDATE: potential double-free in the Bluez 5 module (LP: #1884738) - d/p/0511-bluetooth-bluez5-fix-double-free-in-pa__init.patch: Only free modargs once in each of

[ubuntu/xenial-security] pulseaudio 1:8.0-0ubuntu3.14 (Accepted)

pulseaudio (1:8.0-0ubuntu3.14) xenial-security; urgency=medium * SECURITY UPDATE: potential double-free in the Bluez 5 module (LP: #1884738) - d/p/0511-bluetooth-bluez5-fix-double-free-in-pa__init.patch: Only free modargs once in each of

[ubuntu/xenial-proposed] finalrd 6~ubuntu16.04.1 (Accepted)

finalrd (6~ubuntu16.04.1) xenial; urgency=medium * No-change backport to xenial (LP: #1895160) Date: Thu, 10 Sep 2020 15:54:18 +0100 Changed-By: Dimitri John Ledkov https://launchpad.net/ubuntu/+source/finalrd/6~ubuntu16.04.1 Format: 1.8 Date: Thu, 10 Sep 2020 15:54:18 +0100 Source: finalrd

[ubuntu/xenial-updates] libproxy 0.4.11-5ubuntu1.1 (Accepted)

libproxy (0.4.11-5ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2020-25219.patch: rewrite url::recvline to be nonrecursive in libproxy/url.cpp. - CVE-2020-25219 Date: 2020-09-15 18:23:22.999314+00:00 Changed-By:

[ubuntu/xenial-security] libproxy 0.4.11-5ubuntu1.1 (Accepted)

libproxy (0.4.11-5ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2020-25219.patch: rewrite url::recvline to be nonrecursive in libproxy/url.cpp. - CVE-2020-25219 Date: 2020-09-15 18:23:22.999314+00:00 Changed-By:

[ubuntu/xenial-updates] qemu 1:2.5+dfsg-5ubuntu10.46 (Accepted)

qemu (1:2.5+dfsg-5ubuntu10.46) xenial-security; urgency=medium * SECURITY UPDATE: out-of-bounds read/write in USB emulator - debian/patches/CVE-2020-14364-pre.patch: check RNDIS message length in hw/usb/core.c. - debian/patches/CVE-2020-14364.patch: fix setup_len init in

[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.30 (Accepted)

samba (2:4.3.11+dfsg-0ubuntu0.16.04.30) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography - debian/patches/CVE-2020-1472-1.patch: switch "client schannel" default to "yes" instead of "auto". -

[ubuntu/xenial-security] qemu 1:2.5+dfsg-5ubuntu10.46 (Accepted)

qemu (1:2.5+dfsg-5ubuntu10.46) xenial-security; urgency=medium * SECURITY UPDATE: out-of-bounds read/write in USB emulator - debian/patches/CVE-2020-14364-pre.patch: check RNDIS message length in hw/usb/core.c. - debian/patches/CVE-2020-14364.patch: fix setup_len init in

[ubuntu/xenial-security] samba 2:4.3.11+dfsg-0ubuntu0.16.04.30 (Accepted)

samba (2:4.3.11+dfsg-0ubuntu0.16.04.30) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography - debian/patches/CVE-2020-1472-1.patch: switch "client schannel" default to "yes" instead of "auto". -