[ubuntu/xenial-proposed] xorg-hwe-16.04 1:7.7+13ubuntu4~16.04.2 (Accepted)

xorg-hwe-16.04 (1:7.7+13ubuntu4~16.04.2) xenial; urgency=medium * control: Drop xorg-driver-video alt recommends to allow easier install of the hwe stack. Date: Wed, 01 Feb 2017 10:13:15 +0200 Changed-By: Timo Aaltonen Maintainer: Ubuntu X-SWAT

[ubuntu/xenial-proposed] console-setup 1.108ubuntu15.3 (Accepted)

console-setup (1.108ubuntu15.3) xenial; urgency=medium * debian/console-setup-linux.setvtrgb.service: add condition to only execute when /dev/tty0 exists. This is the same condition as used by getty@.service unit to prevent attempting setting up VT when none are present. This is a

[ubuntu/xenial-security] gnutls28 3.4.10-4ubuntu1.2 (Accepted)

gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: OCSP validation issue - debian/patches/CVE-2016-7444.patch: correctly verify the serial length in lib/x509/ocsp.c. - CVE-2016-7444 * SECURITY UPDATE: denial of service via warning alerts -

[ubuntu/xenial-security] ntfs-3g 1:2015.3.14AR.1-1ubuntu0.1 (Accepted)

ntfs-3g (1:2015.3.14AR.1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Improper environment scrubbing prior to executing modprobe could allow a local attacker to load arbitrary kernel modules - debian/patches/0002-CVE-2017-0358.patch: Execute modprobe with an empty

[ubuntu/xenial-updates] ntfs-3g 1:2015.3.14AR.1-1ubuntu0.1 (Accepted)

ntfs-3g (1:2015.3.14AR.1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Improper environment scrubbing prior to executing modprobe could allow a local attacker to load arbitrary kernel modules - debian/patches/0002-CVE-2017-0358.patch: Execute modprobe with an empty

[ubuntu/xenial-updates] gnutls28 3.4.10-4ubuntu1.2 (Accepted)

gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: OCSP validation issue - debian/patches/CVE-2016-7444.patch: correctly verify the serial length in lib/x509/ocsp.c. - CVE-2016-7444 * SECURITY UPDATE: denial of service via warning alerts -

[ubuntu/xenial-proposed] snapd 2.22.1 (Accepted)

snapd (2.22.1) xenial; urgency=medium * New upstream release, LP: #1659522 - cherry pick fix for snapctl auth.json handling snapd (2.22) xenial; urgency=medium * New upstream release, LP: #1659522 - many: make ubuntu-core-launcher mostly go - interfaces/builtin: add

[ubuntu/xenial-updates] iucode-tool 1.5.1-1ubuntu0.1 (Accepted)

iucode-tool (1.5.1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: heap buffer overflow on -tr loader - debian/patches/CVE-2017-0357.patch: check al in intel_microcode.c. - CVE-2017-0357 Date: 2017-01-25 19:16:13.932432+00:00 Changed-By: Marc Deslauriers

[ubuntu/xenial-updates] libxpm 1:3.5.11-1ubuntu0.16.04.1 (Accepted)

libxpm (1:3.5.11-1ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: OOB write when handling malicious XPM files - debian/patches/CVE-2016-10164.patch: add bounds checks to src/CrDatFrI.c. - CVE-2016-10164 Date: 2017-01-25 21:03:14.423946+00:00 Changed-By: Marc

[ubuntu/xenial-security] iucode-tool 1.5.1-1ubuntu0.1 (Accepted)

iucode-tool (1.5.1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: heap buffer overflow on -tr loader - debian/patches/CVE-2017-0357.patch: check al in intel_microcode.c. - CVE-2017-0357 Date: 2017-01-25 19:16:13.932432+00:00 Changed-By: Marc Deslauriers

[ubuntu/xenial-security] libxpm 1:3.5.11-1ubuntu0.16.04.1 (Accepted)

libxpm (1:3.5.11-1ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: OOB write when handling malicious XPM files - debian/patches/CVE-2016-10164.patch: add bounds checks to src/CrDatFrI.c. - CVE-2016-10164 Date: 2017-01-25 21:03:14.423946+00:00 Changed-By: Marc

[ubuntu/xenial-updates] curtin 0.1.0~bzr437-0ubuntu1~16.04.1 (Accepted)

curtin (0.1.0~bzr437-0ubuntu1~16.04.1) xenial-proposed; urgency=medium * debian/new-upstream-snapshot: change to not use bzr merge-upstream. * New upstream snapshot. - pep8: fix pep8 errors found with 'make pep8' on zesty. - Workaround failures caused by gpg2 daemons left running in