[ubuntu/xenial-updates] firefox 85.0.1+build1-0ubuntu0.16.04.1 (Accepted)
firefox (85.0.1+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream release (85.0.1+build1) firefox (85.0+build1-0ubuntu0.16.04.3) xenial; urgency=medium * Ensure the version of pip used in the virtualenv wrapper is compatible with Python 3.5 (pip 21.0 dropped support for it, see https://github.com/pypa/pip/pull/9189) (LP: #1914450) - debian/tests/control - debian/tests/virtualenv-wrapper firefox (85.0+build1-0ubuntu0.16.04.2) xenial; urgency=medium * Cherry-pick an upstream commit to address a startup hang (LP: #1914147) - debian/patches/upstream-fix-startup-hang.patch Date: 2021-02-05 11:55:09.303023+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/85.0.1+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] firefox 85.0.1+build1-0ubuntu0.16.04.1 (Accepted)
firefox (85.0.1+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream release (85.0.1+build1) firefox (85.0+build1-0ubuntu0.16.04.3) xenial; urgency=medium * Ensure the version of pip used in the virtualenv wrapper is compatible with Python 3.5 (pip 21.0 dropped support for it, see https://github.com/pypa/pip/pull/9189) (LP: #1914450) - debian/tests/control - debian/tests/virtualenv-wrapper firefox (85.0+build1-0ubuntu0.16.04.2) xenial; urgency=medium * Cherry-pick an upstream commit to address a startup hang (LP: #1914147) - debian/patches/upstream-fix-startup-hang.patch Date: 2021-02-05 11:55:09.303023+00:00 Changed-By: Olivier Tilloy Signed-By: Chris Coulson https://launchpad.net/ubuntu/+source/firefox/85.0.1+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] qemu 1:2.5+dfsg-5ubuntu10.49 (Accepted)
qemu (1:2.5+dfsg-5ubuntu10.49) xenial-security; urgency=medium * SECURITY UPDATE: heap overread in iscsi_aio_ioctl_cb - debian/patches/CVE-2020-11947.patch: fix heap-buffer-overflow in block/iscsi.c. - CVE-2020-11947 * SECURITY UPDATE: use-after-free in e1000e - debian/patches/CVE-2020-15859.patch: forbid the reentrant RX in net/queue.c. - CVE-2020-15859 * SECURITY UPDATE: out of bounds read in atapi - debian/patches/CVE-2020-29443-1.patch: assert that the buffer pointer is in range in hw/ide/atapi.c. - debian/patches/CVE-2020-29443-2.patch: check logical block address and read size in hw/ide/atapi.c. - CVE-2020-29443 * SECURITY UPDATE: use after free in 9p - debian/patches/CVE-2021-20181.patch: fully restart unreclaim loop in hw/9pfs/virtio-9p.c. - CVE-2021-20181 Date: 2021-02-04 13:55:09.485375+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.49 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] php-pear 1:1.10.1+submodules+notgz-6ubuntu0.3 (Accepted)
php-pear (1:1.10.1+submodules+notgz-6ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: directory traversal attack in Archive_Tar - debian/patches/CVE-2020-36193-1.patch: disallow symlinks to out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in submodules/Archive_Tar/Archive/Tar.php.. - CVE-2020-36193 Date: 2021-02-04 17:31:12.126794+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/php-pear/1:1.10.1+submodules+notgz-6ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] openldap 2.4.42+dfsg-2ubuntu3.12 (Accepted)
openldap (2.4.42+dfsg-2ubuntu3.12) xenial-security; urgency=medium * SECURITY UPDATE: integer underflow in Certificate Exact Assertion processing - debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck in servers/slapd/schema_init.c. - debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck in servers/slapd/schema_init.c. - CVE-2020-36221 * SECURITY UPDATE: assert failure in saslAuthzTo validation - debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in servers/slapd/saslauthz.c. - debian/patches/CVE-2020-36222-2.patch: fix debug msg in servers/slapd/saslauthz.c. - CVE-2020-36222 * SECURITY UPDATE: crash in Values Return Filter control handling - debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in servers/slapd/controls.c. - CVE-2020-36223 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN in servers/slapd/saslauthz.c. - debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev commit in servers/slapd/saslauthz.c. - CVE-2020-36224 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in servers/slapd/dn.c. - CVE-2020-36225 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36226.patch: fix slap_parse_user in servers/slapd/saslauthz.c. - CVE-2020-36226 * SECURITY UPDATE: infinite loop in cancel_extop Cancel operation - debian/patches/CVE-2020-36227.patch: fix cancel exop in servers/slapd/cancel.c. - CVE-2020-36227 * SECURITY UPDATE: DoS in Certificate List Exact Assertion processing - debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in servers/slapd/schema_init.c. - CVE-2020-36228 * SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring - debian/patches/CVE-2020-36229.patch: add more checks to ldap_X509dn2bv in libraries/libldap/tls2.c. - CVE-2020-36229 * SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element - debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN count in libraries/libldap/tls2.c. - CVE-2020-36230 Date: 2021-02-03 14:20:09.417213+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.12 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] qemu 1:2.5+dfsg-5ubuntu10.49 (Accepted)
qemu (1:2.5+dfsg-5ubuntu10.49) xenial-security; urgency=medium * SECURITY UPDATE: heap overread in iscsi_aio_ioctl_cb - debian/patches/CVE-2020-11947.patch: fix heap-buffer-overflow in block/iscsi.c. - CVE-2020-11947 * SECURITY UPDATE: use-after-free in e1000e - debian/patches/CVE-2020-15859.patch: forbid the reentrant RX in net/queue.c. - CVE-2020-15859 * SECURITY UPDATE: out of bounds read in atapi - debian/patches/CVE-2020-29443-1.patch: assert that the buffer pointer is in range in hw/ide/atapi.c. - debian/patches/CVE-2020-29443-2.patch: check logical block address and read size in hw/ide/atapi.c. - CVE-2020-29443 * SECURITY UPDATE: use after free in 9p - debian/patches/CVE-2021-20181.patch: fully restart unreclaim loop in hw/9pfs/virtio-9p.c. - CVE-2021-20181 Date: 2021-02-04 13:55:09.485375+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.49 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] openldap 2.4.42+dfsg-2ubuntu3.12 (Accepted)
openldap (2.4.42+dfsg-2ubuntu3.12) xenial-security; urgency=medium * SECURITY UPDATE: integer underflow in Certificate Exact Assertion processing - debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck in servers/slapd/schema_init.c. - debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck in servers/slapd/schema_init.c. - CVE-2020-36221 * SECURITY UPDATE: assert failure in saslAuthzTo validation - debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in servers/slapd/saslauthz.c. - debian/patches/CVE-2020-36222-2.patch: fix debug msg in servers/slapd/saslauthz.c. - CVE-2020-36222 * SECURITY UPDATE: crash in Values Return Filter control handling - debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in servers/slapd/controls.c. - CVE-2020-36223 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN in servers/slapd/saslauthz.c. - debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev commit in servers/slapd/saslauthz.c. - CVE-2020-36224 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in servers/slapd/dn.c. - CVE-2020-36225 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36226.patch: fix slap_parse_user in servers/slapd/saslauthz.c. - CVE-2020-36226 * SECURITY UPDATE: infinite loop in cancel_extop Cancel operation - debian/patches/CVE-2020-36227.patch: fix cancel exop in servers/slapd/cancel.c. - CVE-2020-36227 * SECURITY UPDATE: DoS in Certificate List Exact Assertion processing - debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in servers/slapd/schema_init.c. - CVE-2020-36228 * SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring - debian/patches/CVE-2020-36229.patch: add more checks to ldap_X509dn2bv in libraries/libldap/tls2.c. - CVE-2020-36229 * SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element - debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN count in libraries/libldap/tls2.c. - CVE-2020-36230 Date: 2021-02-03 14:20:09.417213+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.12 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] php-pear 1:1.10.1+submodules+notgz-6ubuntu0.3 (Accepted)
php-pear (1:1.10.1+submodules+notgz-6ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: directory traversal attack in Archive_Tar - debian/patches/CVE-2020-36193-1.patch: disallow symlinks to out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in submodules/Archive_Tar/Archive/Tar.php.. - CVE-2020-36193 Date: 2021-02-04 17:31:12.126794+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/php-pear/1:1.10.1+submodules+notgz-6ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
