[ubuntu/xenial-updates] apt 1.2.32ubuntu0.1 (Accepted)

2020-05-13 Thread Ubuntu Archive Robot
apt (1.2.32ubuntu0.1) xenial-security; urgency=high * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177) - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated member names

[ubuntu/xenial-security] apt 1.2.32ubuntu0.1 (Accepted)

2020-05-13 Thread Alex Murray
apt (1.2.32ubuntu0.1) xenial-security; urgency=high * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177) - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated member names

[ubuntu/xenial-updates] libexif 0.6.21-2ubuntu0.2 (Accepted)

2020-05-13 Thread Ubuntu Archive Robot
libexif (0.6.21-2ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20030.patch: improve deep recursion detection in exif_data_load_data_content in libexif/exif-data.c. - CVE-2018-20030 * SECURITY UPDATE: Divinding by zero

[ubuntu/xenial-security] libexif 0.6.21-2ubuntu0.2 (Accepted)

2020-05-13 Thread Leonidas S. Barbosa
libexif (0.6.21-2ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20030.patch: improve deep recursion detection in exif_data_load_data_content in libexif/exif-data.c. - CVE-2018-20030 * SECURITY UPDATE: Divinding by zero

[ubuntu/xenial-proposed] python-pip 8.1.1-2ubuntu0.5 (Accepted)

2020-05-13 Thread Stefano Rivera
python-pip (8.1.1-2ubuntu0.5) xenial; urgency=medium * d/patches/requires-python.patch: Add support for Requires-Python, backported from 9.0.0. virtualenv is installing setuptools 45.0.0 into Python 2.7 virtualenvs, which leaves broken virtualenvs. As libraries drop Python 2.7

[ubuntu/xenial-updates] squid3 3.5.12-1ubuntu7.11 (Accepted)

2020-05-13 Thread Ubuntu Archive Robot
squid3 (3.5.12-1ubuntu7.11) xenial-security; urgency=medium * SECURITY UPDATE: multiple ESI issues - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions into 500 status response in src/esi/Context.h, src/esi/Esi.cc, src/esi/Esi.h, src/esi/Expression.cc. -

[ubuntu/xenial-updates] file 1:5.25-2ubuntu1.4 (Accepted)

2020-05-13 Thread Ubuntu Archive Robot
file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium * SECURITY REGRESSION: truncated interpreter name (LP: #1835596) - debian/patches/CVE-2019-8905_8907.patch: updated to use correct length in src/readelf.c. Date: 2020-05-12 14:05:47.208615+00:00 Changed-By: Marc Deslauriers

[ubuntu/xenial-security] file 1:5.25-2ubuntu1.4 (Accepted)

2020-05-13 Thread Marc Deslauriers
file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium * SECURITY REGRESSION: truncated interpreter name (LP: #1835596) - debian/patches/CVE-2019-8905_8907.patch: updated to use correct length in src/readelf.c. Date: 2020-05-12 14:05:47.208615+00:00 Changed-By: Marc Deslauriers

[ubuntu/xenial-security] squid3 3.5.12-1ubuntu7.11 (Accepted)

2020-05-13 Thread Marc Deslauriers
squid3 (3.5.12-1ubuntu7.11) xenial-security; urgency=medium * SECURITY UPDATE: multiple ESI issues - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions into 500 status response in src/esi/Context.h, src/esi/Esi.cc, src/esi/Esi.h, src/esi/Expression.cc. -