python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Any password can be used if optimizations are enabled
- debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
to optimizations in src/saml2/authn.py.
- CVE-2017-1000433
*
linux-meta-azure (4.13.0.1004.5) xenial; urgency=medium
* Bump ABI 4.13.0-1004
linux-meta-azure (4.13.0.1003.4) xenial; urgency=medium
* Bump ABI 4.13.0-1003
Date: 2018-01-07 17:47:16.155105+00:00
Changed-By: Marcelo Cerri
Signed-By: Łukasz Zemczak
linux-azure (4.13.0-1004.6) xenial; urgency=low
* linux-azure: 4.13.0-1004.6 -proposed tracker (LP: #1741747)
[ Ubuntu: 4.13.0-24.28 ]
* linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)
* CVE-2017-5754
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
linux-azure
python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Any password can be used if optimizations are enabled
- debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
to optimizations in src/saml2/authn.py.
- CVE-2017-1000433
*
tomcat8 (8.0.32-1ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: loss of pipeline requests
- debian/patches/CVE-2017-5647.patch: improve sendfile handling when
requests are pipelined in
java/org/apache/coyote/AbstractProtocol.java,
awstats (7.4+dfsg-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via path traversal flaws
- debian/patches/CVE-2017-1000501-1.patch: sanitize values in
wwwroot/cgi-bin/awstats.pl.
- debian/patches/CVE-2017-1000501-2.patch: sanitize more values in
tomcat8 (8.0.32-1ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: loss of pipeline requests
- debian/patches/CVE-2017-5647.patch: improve sendfile handling when
requests are pipelined in
java/org/apache/coyote/AbstractProtocol.java,
awstats (7.4+dfsg-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via path traversal flaws
- debian/patches/CVE-2017-1000501-1.patch: sanitize values in
wwwroot/cgi-bin/awstats.pl.
- debian/patches/CVE-2017-1000501-2.patch: sanitize more values in
linux-signed-hwe-edge (4.13.0-24.28~16.04.1) xenial; urgency=medium
* Master version: 4.13.0-24.28~16.04.1
linux-signed-hwe-edge (4.13.0-23.27~16.04.1) xenial; urgency=medium
* Master version: 4.13.0-23.27~16.04.1
linux-signed-hwe-edge (4.13.0-23.26~16.04.1) xenial; urgency=medium
*
linux-hwe-edge (4.13.0-24.28~16.04.1) xenial; urgency=low
* linux-hwe-edge: 4.13.0-24.28~16.04.1 -proposed tracker (LP: #1741749)
* linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)
* CVE-2017-5754
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
Date: Sun, 07 Jan 2018
linux-meta-hwe-edge (4.13.0.24.30) xenial; urgency=medium
* Bump ABI 4.13.0-24
linux-meta-hwe-edge (4.13.0.23.29) xenial; urgency=medium
* Bump ABI 4.13.0-23
Date: 2018-01-07 14:59:49.508467+00:00
Changed-By: Kleber Sacilotto de Souza
Signed-By: Łukasz Zemczak
linux-hwe-edge (4.13.0-24.28~16.04.1) xenial; urgency=low
* linux-hwe-edge: 4.13.0-24.28~16.04.1 -proposed tracker (LP: #1741749)
* linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)
* CVE-2017-5754
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
linux (4.13.0-23.27)
poppler (0.41.0-0ubuntu1.6) xenial-security; urgency=medium
* SECURITY UPDATE: fails to validate boundaries in TextPool::addWord
leading to overflow
- debian/patches/CVE-2017-1000456.patch: fix crash in fuzzed file in
poppler/TextOutputDev.cc.
- CVE-2017-1000456
* SECURITY
13 matches
Mail list logo