[ubuntu/xenial-security] sbsigntool 0.6-0ubuntu10.2 (Accepted)

sbsigntool (0.6-0ubuntu10.2) xenial-security; urgency=medium * No-change re-build upload for xenial-security, in support of landing shim 15.4 or newer in xenial-security (LP: #1921134) Date: 2021-05-14 18:50:10.105390+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source

[ubuntu/xenial-security] glibc 2.23-0ubuntu11.3 (Accepted)

, sysdeps/arm/memmove.S. - CVE-2020-6096 Date: 2021-04-21 17:21:09.688651+00:00 Changed-By: Marc Deslauriers Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu11.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify

[ubuntu/xenial-security] wpa 2.4-0ubuntu6.7 (Accepted)

initiation failures for events more properly - CVE-2020-12695 Date: 2021-02-10 06:51:09.804114+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify

[ubuntu/xenial-security] grub2-signed 1.66.27 (Accepted)

grub2-signed (1.66.27) xenial; urgency=medium * Rebuild against grub2 2.02~beta2-36ubuntu3.27. Date: 2020-07-31 04:42:08.754238+00:00 Changed-By: Steve Langasek Maintainer: Colin Watson Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/grub2-signed/1.66.27 Sorry, changesfile

[ubuntu/xenial-security] grub2 2.02~beta2-36ubuntu3.27 (Accepted)

. Date: 2020-07-31 04:53:09.225477+00:00 Changed-By: Steve Langasek Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.27 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https

[ubuntu/xenial-security] intel-microcode 3.20200609.0ubuntu0.16.04.1 (Accepted)

0x00d6, size 101376 Date: 2020-06-10 16:01:14.082384+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20200609.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe

[ubuntu/xenial-security] intel-microcode 3.20200609.0ubuntu0.16.04.0 (Accepted)

snippets loaded by initramfs-tools. Date: 2020-06-09 16:21:23.417575+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20200609.0ubuntu0.16.04.0 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings

[ubuntu/xenial-security] gce-compute-image-packages 20190801-0ubuntu1~16.04.1 (Accepted)

-for-OS-Login-users.-30.patch: remove dip and plugdev groups Date: 2020-05-15 00:19:14.69+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/gce-compute-image-packages/20190801-0ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes

[ubuntu/xenial-security] python-django 1.8.7-1ubuntu5.11 (Accepted)

:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.11 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] openjdk-8 8u232-b09-0ubuntu1~16.04.1 (Accepted)

hotspot archs. openjdk-8 (8u232-b04-1) experimental; urgency=medium * Update to 8u232-b04 (early access build). * Refresh patches. Date: 2019-10-16 21:57:13.565793+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-8/8u232-b09

[ubuntu/xenial-security] libpcap 1.7.4-2ubuntu0.1 (Accepted)

warning - CVE-2019-15165 Date: 2019-11-22 02:23:14.227202+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/libpcap/1.7.4-2ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https

[ubuntu/xenial-security] intel-microcode 3.20191115.1ubuntu0.16.04.2 (Accepted)

33792 Date: 2019-12-02 21:04:21.282332+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20191115.1ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https

[ubuntu/xenial-proposed] amd64-microcode 3.20191021.1ubuntu0.16.04.1 (Accepted)

amd64-microcode (3.20191021.1ubuntu0.16.04.1) xenial; urgency=medium * Backport to Ubuntu 16.04 LTS (LP: #1850752) Date: 2019-11-01 07:17:15.315982+00:00 Changed-By: Steve Beattie Signed-By: Tyler Hicks https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191021.1ubuntu0.16.04.1 Sorry

[ubuntu/xenial-security] amd64-microcode 3.20191021.1ubuntu0.16.04.1 (Accepted)

-By: Steve Beattie https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191021.1ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] intel-microcode 3.20191115.1ubuntu0.16.04.1 (Accepted)

sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + Updated Microcodes (previously removed): sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 Date: 2019-11-19 21:49:13.788996+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel

[ubuntu/xenial-security] qemu 1:2.5+dfsg-5ubuntu10.42 (Accepted)

-filtering-CPUID.patch - Fix issues with CPUID_EXT2_AMD_ALIASES allowing guests using cpu passthrough to boot. (LP: #1828288) Date: 2019-11-05 06:25:23.033932+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.42 Sorry, changesfile not available

[ubuntu/xenial-security] intel-microcode 3.20191112-0ubuntu0.16.04.2 (Accepted)

support for Sandy Bridge server and Core-X processor families.(LP: #1830123) Date: 2019-11-12 18:55:17.876280+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list

[ubuntu/xenial-security] apache2 2.4.18-2ubuntu3.13 (Accepted)

-16 13:43:13.456966+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.13 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial

[ubuntu/xenial-security] apache2 2.4.18-2ubuntu3.12 (Accepted)

. - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS protection. - CVE-2019-10092 * SECURITY UPDATE: mod_rewrite potential open redirect. - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default. - CVE-2019-10098 Date: 2019-08-26 14:35:14.763316+00:00 Changed-By: Steve

[ubuntu/xenial-security] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.11 (Accepted)

.setuserparams2. - CVE-2019-14811 - CVE-2019-14812 - CVE-2019-14813 - debian/patches/CVE-2019-14817.patch: mark more uses of .forceput as execteonly - CVE-2019-14817 Date: 2019-08-28 06:04:14.394416+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source

[ubuntu/xenial-security] nova 2:13.1.4-0ubuntu4.5 (Accepted)

-14433 Date: 2019-08-16 02:39:49.582689+00:00 Changed-By: Corey Bryant Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/nova/2:13.1.4-0ubuntu4.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https

[ubuntu/xenial-security] dh-python 2.20151103ubuntu1.2 (Accepted)

dh-python (2.20151103ubuntu1.2) xenial-security; urgency=medium * No change rebuild to get fixed dh-python into xenial-security. Date: 2019-08-16 00:58:13.120511+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/dh-python/2.20151103ubuntu1.2 Sorry, changesfile not available

[ubuntu/xenial-security] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.10 (Accepted)

ghostscript (9.26~dfsg+0-0ubuntu0.16.04.10) xenial-security; urgency=medium * SECURITY UPDATE: `-dSAFER` restrictions bypass - debian/patches/CVE-2019-10216.patch: protect use of .forceput with executeonly - CVE-2019-10216 Date: 2019-08-09 05:50:13.353082+00:00 Changed-By: Steve

[ubuntu/xenial-security] kconfig 5.18.0-0ubuntu1.1 (Accepted)

21:00:20.875367+00:00 Changed-By: Rik Mills Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/kconfig/5.18.0-0ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman

[ubuntu/xenial-security] postgresql-9.5 9.5.19-0ubuntu0.16.04.1 (Accepted)

these and many further changes can be found at: https://www.postgresql.org/docs/9.5/static/release-9-5-18.html Date: 2019-08-08 16:25:18.749890+00:00 Changed-By: Christian Ehrhardt  Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.19-0ubuntu0.16.04.1 Sorry

[ubuntu/xenial-security] openjdk-8 8u222-b10-1ubuntu1~16.04.1 (Accepted)

: determine source date using backwards-compatible dpkg-parsechangelog call. - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as it can be empty. Date: 2019-07-18 20:09:13.635037+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu

[ubuntu/xenial-security] dosbox 0.74-4.2+deb9u2build0.16.04.1 (Accepted)

dosbox (0.74-4.2+deb9u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-07-15 17:48:31.696750+00:00 Changed-By: Steve Beattie Maintainer: Jan Dittberner https://launchpad.net/ubuntu/+source/dosbox/0.74-4.2+deb9u2build0.16.04.1 Sorry, changesfile

[ubuntu/xenial-security] intel-microcode 3.20190618.0ubuntu0.16.04.1 (Accepted)

-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20190618.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] agg 2.5+dfsg1-9+deb8u1build0.16.04.1 (Accepted)

agg (2.5+dfsg1-9+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian (LP: #1821407) Date: 2019-06-18 21:55:13.236661+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/agg/2.5+dfsg1-9+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial

[ubuntu/xenial-security] openjpeg2 2.1.2-1.1+deb9u3build0.16.04.1 (Accepted)

-2018-18088: Null pointer dereference caused by null image components in imagetopnm (closes: #910763). * CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533). Date: 2019-06-11 23:02:12.866779+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2

[ubuntu/xenial-security] minissdpd 1.2.20130907-3+deb8u2build0.16.04.1 (Accepted)

. (Closes: #929297) Date: 2019-06-11 23:12:12.968684+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/minissdpd/1.2.20130907-3+deb8u2build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe

[ubuntu/xenial-security] roundup 1.4.20-1.1+deb8u2build0.16.04.1 (Accepted)

roundup (1.4.20-1.1+deb8u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-06-11 23:17:12.726120+00:00 Changed-By: Steve Beattie Maintainer: Kai Storbeck https://launchpad.net/ubuntu/+source/roundup/1.4.20-1.1+deb8u2build0.16.04.1 Sorry, changesfile

[ubuntu/xenial-security] intel-microcode 3.20190514.0ubuntu0.16.04.2 (Accepted)

at mkinitramfs time. Specifically to support generating installer/golden/bare-metal initrds with all microcodes for any hardware. Date: 2019-05-22 07:35:14.103476+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20190514.0ubuntu0.16.04.2 Sorry, changesfile

[ubuntu/xenial-security] putty 0.67-3+deb9u1build0.16.04.1 (Accepted)

+ odd-width terminal. - CVE-2019-9897: Limit the number of combining chars per terminal cell. - minibidi: fix read past end of line in rule W5. - CVE-2019-9897: Fix crash printing a width-2 char in a width-1 terminal. Date: 2019-05-21 17:56:13.399371+00:00 Changed-By: Steve

[ubuntu/xenial-security] intel-microcode 3.20190514.0ubuntu0.16.04.1 (Accepted)

e matching the current CPU, if MODULES=most is set in the initramfs-tools config Date: 2019-05-13 23:29:31.114158+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20190514.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xeni

[ubuntu/xenial-security] qemu 1:2.5+dfsg-5ubuntu10.38 (Accepted)

work around the problem in an unintrusive way. (LP: #1823458) Date: 2019-05-09 09:31:28.500762+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.38 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com

[ubuntu/xenial-security] openjdk-8 8u212-b03-0ubuntu1.16.04.1 (Accepted)

: regenerated. * debian/patches/jdk-8u192-S8202261.patch: RandomAccessFile::setLength will not shrink sparse files. (LP: #1811324) Date: 2019-04-26 01:31:23.425065+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-8/8u212-b03

[ubuntu/xenial-security] rssh 2.3.4-4+deb8u2ubuntu0.16.04.1 (Accepted)

of scp's command-line parsing, relax the check to require the server command contain -f or -t, which should deactivate scp's support for remote files. (Closes: #921655) - Merged from Debian, thanks to Russ Allbery for the patch. Date: 2019-02-12 03:05:12.158828+00:00 Changed-By: Steve

[ubuntu/xenial-security] mariadb-10.0 10.0.38-0ubuntu0.16.04.1 (Accepted)

for the following security vulnerabilities: - CVE-2019-2503 - CVE-2018-3282 - CVE-2018-3251 - CVE-2018-3174 - CVE-2018-3156 - CVE-2018-3143 - CVE-2016-9843 Date: 2019-02-07 09:05:13.295054+00:00 Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/mariadb-10.0/10.0.38

[ubuntu/xenial-security] rssh 2.3.4-4+deb8u2build0.16.04.1 (Accepted)

as options. In the few cases where one needs to rsync to files named things like --rsh, the client can use ./--rsh instead. Thanks, Nick Cleaton. Date: 2019-02-07 22:34:08.501938+00:00 Changed-By: Steve Beattie Maintainer: Russ Allbery https://launchpad.net/ubuntu/+source/rssh/2.3.4-4

[ubuntu/xenial-security] openjdk-8 8u191-b12-2ubuntu0.16.04.1 (Accepted)

- debian/tests/valid-tests: removed, no longer needed. Date: 2019-01-14 21:38:12.875962+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-2ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xeni

[ubuntu/xenial-security] openjdk-8 8u191-b12-0ubuntu0.16.04.1 (Accepted)

in the right places. - debian/tests/valid-tests: removed, no longer needed. Date: 2018-11-20 14:03:27.752680+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes

[ubuntu/xenial-security] openjdk-8 8u181-b13-1ubuntu0.16.04.1 (Accepted)

. * debian/patches/shebang.diff, debian/patches/zero-missing-headers.diff, src/hotspot/share/interpreter/bytecodeInterpreter.cpp: applied upstream. Date: 2018-10-23 04:01:12.402590+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-8

[ubuntu/xenial-security] git 1:2.7.4-0ubuntu1.5 (Accepted)

urls and files that begin with '--'. - CVE-2018-17456 * SECURITY UPDATE: incomplete fix for CVE-2017-14867 - 0006-cvsimport-apply-shell-quoting-regex-globally.patch: escape all instances of backticks Date: 2018-10-11 01:42:12.842911+00:00 Changed-By: Steve Beattie https

[ubuntu/xenial-security] imagemagick 8:6.8.9.9-7ubuntu5.13 (Accepted)

imagemagick (8:6.8.9.9-7ubuntu5.13) xenial-security; urgency=medium [ Steve Beattie ] * SECURITY UPDATE: code execution vulnerabilities in ghostscript as invoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default

[ubuntu/xenial-security] mutt 1.5.24-1ubuntu0.2 (Accepted)

mutt (1.5.24-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: apply all fixes to both mutt and mutt-patched - debian/patches/series: re-order patch application (LP: #1794278) Date: 2018-09-26 20:53:16.862959+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu

[ubuntu/xenial-security] mariadb-10.0 10.0.36-0ubuntu0.16.04.1 (Accepted)

:19:12.921184+00:00 Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/mariadb-10.0/10.0.36-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo

[ubuntu/xenial-security] intel-microcode 3.20180807a.0ubuntu0.16.04.1 (Accepted)

-By: Steve Beattie https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] openjdk-8 8u181-b13-0ubuntu0.16.04.1 (Accepted)

:13.068426+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-8/8u181-b13-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com

[ubuntu/xenial-security] kwallet-pam 4:5.5.5-0ubuntu1.3 (Accepted)

-By: Simon Quigley Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/kwallet-pam/4:5.5.5-0ubuntu1.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial

[ubuntu/xenial-security] gcc-5 5.4.0-6ubuntu1~16.04.10 (Accepted)

gcc-5 (5.4.0-6ubuntu1~16.04.10) xenial-security; urgency=medium * Backport upstream revision r257489 (Spectre #2 mitigation for s390x). LP: #1759152. Date: 2018-06-18 13:39:12.505402+00:00 Changed-By: Matthias Klose Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/gcc-5

[ubuntu/xenial-security] amd64-microcode 3.20180524.1~ubuntu0.16.04.1 (Accepted)

not record this by mistake. The missing entry was retroactively added to debian/changelog by this upload Date: 2018-05-29 23:56:41.650172+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.16.04.1 Sorry, changesfile not available.-- Xeni

[ubuntu/xenial-security] gnupg2 2.1.11-6ubuntu2.1 (Accepted)

in 2016 - d/p/0006-tests-openpgp-Fake-the-system-time-for-the-tofu-test.patch Date: 2018-06-14 20:01:18.818723+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/gnupg2/2.1.11-6ubuntu2.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes

[ubuntu/xenial-security] gnupg 1.4.20-1ubuntu3.2 (Accepted)

gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium * SECURITY UPDATE: missing sanitization of verbose output - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with the original file name. - CVE-2018-12020 Date: 2018-06-09 05:51:40.483808+00:00 Changed-By: Steve

[ubuntu/xenial-security] unbound 1.5.8-1ubuntu1.1 (Accepted)

- debian/patches/unbound-r4302.patch Date: 2018-06-07 18:44:20.640982+00:00 Changed-By: Simon Déziel Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/unbound/1.5.8-1ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify

[ubuntu/xenial-security] git 1:2.7.4-0ubuntu1.4 (Accepted)

* debian/rules: ensure added tests are executable. Date: 2018-06-05 07:32:16.369593+00:00 Changed-By: Steve Beattie https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe

[ubuntu/xenial-security] openjdk-8 8u171-b11-0ubuntu0.16.04.1 (Accepted)

01:42:22.456544+00:00 Changed-By: Tiago Stürmer Daitx <tiago.da...@canonical.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/openjdk-8/8u171-b11-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists

[ubuntu/xenial-security] intel-microcode 3.20180425.1~ubuntu0.16.04.1 (Accepted)

files from microcode directories * source: switch to microcode-.d/ since Intel dropped .dat support. Date: 2018-05-04 07:46:12.103188+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/intel-microcode/3.20180425.1~ubuntu0.16.04.1 Sorry, chang

[ubuntu/xenial-security] kwallet-pam 4:5.5.5-0ubuntu1.2 (Accepted)

:21.435697+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/kwallet-pam/4:5.5.5-0ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/m

[ubuntu/xenial-security] kwallet-pam 4:5.5.5-0ubuntu1.1 (Accepted)

imo...@ubuntu.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/kwallet-pam/4:5.5.5-0ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mail

[ubuntu/xenial-security] sdl-image1.2 1.2.12-5+deb9u1build0.16.04.1 (Accepted)

sdl-image1.2 (1.2.12-5+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-04-30 18:35:13.424673+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/sdl-image1.2/1.2.12-5+deb9u1build0.16.04.1 Sorry, chang

[ubuntu/xenial-security] libsdl2-image 2.0.1+dfsg-2+deb9u1build0.16.04.1 (Accepted)

libsdl2-image (2.0.1+dfsg-2+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-04-24 00:14:11.760848+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/libsdl2-image/2.0.1+dfsg-2+deb9u1build0.16.04.1

[ubuntu/xenial-security] openjdk-8 8u162-b12-0ubuntu0.16.04.2 (Accepted)

tiago.da...@canonical.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/openjdk-8/8u162-b12-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https:

[ubuntu/xenial-security] plasma-workspace 4:5.5.5.2-0ubuntu1.1 (Accepted)

imo...@ubuntu.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.5.5.2-0ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://list

[ubuntu/xenial-security] atril 1.12.2-1ubuntu0.2 (Accepted)

atril (1.12.2-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Command injection with cbt files (LP: #1735418). - fix-CVE-2017-183.patch - CVE-2017-183 Date: 2018-03-19 04:45:12.849557+00:00 Changed-By: Simon Quigley <tsimo...@ubuntu.com> Signed-By: Steve B

[ubuntu/xenial-security] paramiko 1.16.0-1ubuntu0.1 (Accepted)

paramiko (1.16.0-1ubuntu0.1) xenial-security; urgency=medium [Steve Beattie] * SECURITY UPDATE: customized clients can skip auth - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not authenticated and message type is a service request - 0002-Allow-overriding-test

[ubuntu/xenial-security] memcached 1.4.25-2ubuntu1.3 (Accepted)

Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/memcached/1.4.25-2ubuntu1.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/

[ubuntu/xenial-security] quagga 0.99.24.1-2ubuntu1.4 (Accepted)

-08 12:38:13.454454+00:00 Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@list

[ubuntu/xenial-security] ruby-omniauth 1.3.1-1+deb9u1build0.16.04.1 (Accepted)

ruby-omniauth (1.3.1-1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-02-14 17:04:12.492832+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/ruby-omniauth/1.3.1-1+deb9u1build0.16.04.1 Sorry, chang

[ubuntu/xenial-proposed] gcc-5-cross-ports 10ubuntu0.2 (Accepted)

gcc-5-cross-ports (10ubuntu0.2) xenial-security; urgency=medium * Rebuild using latest gcc-5 package to get updated cross compiler into xenial-security Date: 2018-02-07 01:02:42.473210+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> Signed-By: Tyler Hicks <tyhi...@cano

[ubuntu/xenial-proposed] gcc-5-cross 24ubuntu0.3 (Accepted)

gcc-5-cross (24ubuntu0.3) xenial-security; urgency=medium * Rebuild using latest gcc-5 package to get updated cross compiler into xenial-security Date: 2018-02-07 00:49:13.033782+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> Signed-By: Tyler Hicks <tyhi...@canonical.c

[ubuntu/xenial-proposed] gcc-5 5.4.0-6ubuntu1~16.04.9 (Accepted)

gcc-5 (5.4.0-6ubuntu1~16.04.9) xenial-security; urgency=medium * Revert retpoline changes of ppc64el as per the recommendation from Bill Schmidt of IBM. - ppc-add-mspeculate-indirect-jumps: drop. Date: 2018-02-06 00:32:26.974203+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.

[ubuntu/xenial-proposed] gcc-5 5.4.0-6ubuntu1~16.04.8 (Accepted)

469338+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> Signed-By: Tyler Hicks <tyhi...@canonical.com> https://launchpad.net/ubuntu/+source/gcc-5/5.4.0-6ubuntu1~16.04.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings o

[ubuntu/xenial-security] xmltooling 1.5.6-2ubuntu0.1 (Accepted)

:13.675753+00:00 Changed-By: Ray Link <rlink+launch...@cs.cmu.edu> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Mod

[ubuntu/xenial-security] opensaml2 2.5.5-1ubuntu0.1 (Accepted)

Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/opensaml2/2.5.5-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] konversation 1.6-0ubuntu1.1 (Accepted)

23:04:56.656014+00:00 Changed-By: Simon Quigley <tsimo...@ubuntu.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/konversation/1.6-0ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Mod

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.13 (Accepted)

it itself gets updated. Date: 2017-11-17 18:54:20.937100+00:00 Changed-By: Stéphane Graber <stgra...@stgraber.org> Maintainer: Martin Pitt <martin.p...@ubuntu.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.13 Sorry, changes

[ubuntu/xenial-security] openjdk-8 8u151-b12-0ubuntu0.16.04.2 (Accepted)

<tiago.da...@canonical.com> Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/openjdk-8/8u151-b12-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: ht

[ubuntu/xenial-security] libxml2 2.9.3+dfsg1-1ubuntu0.3 (Accepted)

: drop uneccessary expansions, add additional sanity check - CVE-2017-9049, CVE-2017-9050 Date: 2017-09-16 00:12:24.882876+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.3 Sorry, changesfile not available.--

[ubuntu/xenial-security] tcpdump 4.9.2-0ubuntu0.16.04.1 (Accepted)

still doesn't support OpenSSL 1.1. * Drop --enable-ipv6 from configure line, it has been the default for years now. Date: 2017-09-13 10:24:14.270570+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/tcpdump/4.9.2-0ubuntu0.16.04.1 Sorry, chang

[ubuntu/xenial-security] bluez 5.37-0ubuntu5.1 (Accepted)

:56:14.671621+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/bluez/5.37-0ubuntu5.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/li

[ubuntu/xenial-security] bzr 2.7.0-2ubuntu3.1 (Accepted)

Date: 2017-08-29 06:10:19.962954+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/bzr/2.7.0-2ubuntu3.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at:

[ubuntu/xenial-security] ruby-rack-cors 0.4.0-1+deb9u1build0.16.04.1 (Accepted)

ruby-rack-cors (0.4.0-1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2017-09-02 00:20:13.864116+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/ruby-rack-cors/0.4.0-1+deb9u1build0.16.04.1 Sorry, chang

[ubuntu/xenial-security] check-all-the-things 2015.12.10ubuntu3.is.2017.05.20 (Accepted)

check-all-the-things (2015.12.10ubuntu3.is.2017.05.20) xenial-security; urgency=medium * SRU to Ubuntu 16.04, from Ubuntu artful, fixing security issues (LP: #1597245) Date: 2017-08-31 06:40:19.066993+00:00 Changed-By: LocutusOfBorg <costamagnagianfra...@yahoo.it> Signed-By:

[ubuntu/xenial-security] extplorer 2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1 (Accepted)

another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. Date: 2017-08-29 23:30:40.767826+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/extplorer/2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1

[ubuntu/xenial-security] connman 1.21-1.2+deb8u1build0.16.04.1 (Accepted)

connman (1.21-1.2+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2017-08-29 21:41:13.694842+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> Maintainer: Alexander Sack <a...@debian.org> https://launchpad.net/ubuntu/+source/conn

[ubuntu/xenial-security] git 1:2.7.4-0ubuntu1.2 (Accepted)

-transport-expose-git_tcp_connect-and-friends-in-new-t.diff: update to adjust for changes from CVE-2017-1000117.patch. - CVE-2017-1000117 Date: 2017-08-10 22:50:30.793121+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.2

[ubuntu/xenial-security] libsoup2.4 2.52.2-1ubuntu0.2 (Accepted)

-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/libsoup2.4/2.52.2-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] openjdk-8 8u131-b11-2ubuntu1.16.04.3 (Accepted)

for the regression. Date: 2017-07-28 00:38:37.832882+00:00 Signed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify se

[ubuntu/xenial-security] samba 2:4.3.11+dfsg-0ubuntu0.16.04.9 (Accepted)

-11103 Date: 2017-07-13 22:44:14.519792+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.9 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsub

[ubuntu/xenial-security] heimdal 1.7~git20150920+dfsg-4ubuntu1.16.04.1 (Accepted)

: 2017-07-13 23:54:13.578969+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/heimdal/1.7~git20150920+dfsg-4ubuntu1.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsub

[ubuntu/xenial-security] nginx 1.10.3-0ubuntu0.16.04.2 (Accepted)

. * Additional changes: * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch. * debian/patches/cve-2016-4450.patch: Drop CVE patch as it is already included in the upstream source code in this upload. Date: 2017-07-12 10:32:14.312400+00:00 Changed-By: Steve Beattie <sb

[ubuntu/xenial-security] evince 3.18.2-1ubuntu4.1 (Accepted)

evince (3.18.2-1ubuntu4.1) xenial-security; urgency=medium * SECURITY UPDATE: command injection via cbt files - debian/patches/CVE-2017-183.patch: disable cbt support entirely as not widely used. - CVE-2017-183 Date: 2017-07-12 06:29:18.016823+00:00 Changed-By: Steve

[ubuntu/xenial-security] rt-authen-externalauth 0.25-1+deb8u1build0.16.04.1 (Accepted)

rt-authen-externalauth (0.25-1+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2017-06-24 07:16:12.896495+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> Maintainer: Tom Jampen <t...@cryptography.ch> https://launchpad.net/ubuntu/+sour

[ubuntu/xenial-proposed] munge 0.5.11-3ubuntu0.1 (Accepted)

, 12 Jun 2017 22:06:09 -0700 Changed-By: Steve Beattie <sbeat...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Signed-By: Marc Deslauriers <marc.deslauri...@canonical.com> https://launchpad.net/ubuntu/+source/munge/0.5.11-3ubuntu0.1 Format: 1.8

[ubuntu/xenial-security] sudo 1.8.16-0ubuntu1.4 (Accepted)

sudo (1.8.16-0ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: /proc/self/stat parsing confusion - debian/patches/CVE-2017-1000367.patch: adjust parsing to find ttyname - CVE-2017-1000367 Date: 2017-05-29 10:24:14.090640+00:00 Changed-By: Steve Beattie <sb

[ubuntu/xenial-security] squirrelmail 2:1.4.23~svn20120406-2+deb8u1ubuntu0.16.04.1 (Accepted)

:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/squirrelmail/2:1.4.23~svn20120406-2+deb8u1ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at:

[ubuntu/xenial-security] kauth 5.18.0-0ubuntu2 (Accepted)

for fixing this issue. - CVE-2017-8422 [ Philip Muškovac ] * Update the Vcs URLs now that the repositories are hosted on Launchpad Date: 2017-05-16 17:26:23.780358+00:00 Changed-By: Jose Manuel Santamaria Lema <panfa...@gmail.com> Signed-By: Steve Beattie <sbeat...@ubuntu.c

[ubuntu/xenial-security] openjdk-8 8u131-b11-0ubuntu1.16.04.2 (Accepted)

links to non-existant files. Closes: #841269. * Refreshed various patches. Date: 2017-05-06 02:16:35.860631+00:00 Changed-By: Tiago Stürmer Daitx <tiago.da...@canonical.com> Maintainer: OpenJDK <open...@lists.launchpad.net> Signed-By: Steve Beattie <sbeat...@ubuntu.com> htt

[ubuntu/xenial-security] ghostscript 9.18~dfsg~0-0ubuntu2.4 (Accepted)

:50.734808+00:00 Changed-By: Steve Beattie <sbeat...@ubuntu.com> https://launchpad.net/ubuntu/+source/ghostscript/9.18~dfsg~0-0ubuntu2.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/m

  1   2   >