vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
** Affects: samba (Ubuntu)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: samba (Ubuntu Bionic)
Importance: Undecided
Status: New
Just FYI, I may use cmake-mozilla to build webkit2gtk too since the
newer version also requires a newer cmake...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943842
Title:
rustc 1.53 and cargo
https://ubuntu.com/security/notices/USN-5123-1
** Changed in: mysql-5.7 (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1947994
Title:
MySQL
** Changed in: apport (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948657
Title:
Oct 2021 security update tracking bug
To manage notifications about
*** This bug is a security vulnerability ***
Public security bug reported:
This is the tracking bug for the October 2021 security udpdate.
** Affects: apport (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Changed in: apache2 (Ubuntu Impish)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1945311
Title:
Fix for CVE-2021-40438 breaks existing configs
To
The updates are currently building in the security team PPA here, in
case someone wants to try them before they are published:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apache2 (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: apache2 (Ubuntu Focal)
Importance: Undecided => High
** Changed in: apache2 (Ubuntu Hirsute)
Importance: Undecided => High
** Changed in: apache2 (Ubuntu Impish)
Importance: Undecided => High
--
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: apache2 (Ubuntu Focal)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: apache2 (Ubuntu Hirsute)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: apache2 (Ubuntu Imp
Here are the 2.4.x backports:
https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f
https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c
I will prepare updates that add those commits and will release them
likely today.
--
You received this
** Changed in: ca-certificates (Ubuntu Impish)
Status: New => Fix Committed
** Changed in: ca-certificates (Ubuntu Trusty)
Status: New => Fix Released
** Changed in: ca-certificates (Ubuntu Xenial)
Status: New => Fix Released
--
You received this bug notification because
** Changed in: libgetdata (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912050
Title:
Use after free in libgetdata v0.10.0 may lead to arbitrary code
** Changed in: libcaca (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1923273
Title:
buffer-overflow on libcaca-0.99.beta20/export.c export_tga,
** Changed in: openjdk-13 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-14 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-15 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-16 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-17
** Changed in: fail2ban (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939870
Title:
The package fail2ban is vulnerable to arbitrary command execution via
** Also affects: gedit via
https://gitlab.gnome.org/GNOME/gedit/-/issues/464
Importance: Unknown
Status: Unknown
** Changed in: gedit (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Information type changed from Private Security to Public Security
** Changed in: gnome-screensaver (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944464
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: ca-certificates (Ubuntu Focal)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: ca-certificates (Ubuntu Hirsute)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: ca-cer
*** This bug is a security vulnerability ***
Public security bug reported:
USN-5079-1 introduced a regression in bionic:
https://ubuntuforums.org/showthread.php?t=2467177
Focal+ appear to work as intended.
** Affects: curl (Ubuntu)
Importance: Undecided
Status: New
--
You
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933832
Title:
Path traversal leads to arbitrary file read
To manage
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934308
Title:
Arbitrary file read in general hook (ubuntu.py)
To manage
I'd rather these go through the SRU process first, and they will get
picked up automatically next time we do an openssl security update.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940656
Title:
** Changed in: haproxy (Ubuntu Impish)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940314
Title:
Aug 2021 security update
To manage notifications
The backported patches in comments #1 and #2 look reasonable to me. +1
from the security team.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
Title:
expiring trust anchor compatibility issue
No, they do not include the fixes from this bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1921518
Title:
OpenSSL "double free" error
To manage notifications about this bug go to:
Thanks for reporting this issue, but we disabled SSLv3 in 2015 in Ubuntu
16.04 LTS. There is absolutely no chance we will be enabling it again.
** Changed in: openssl (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: haproxy (Ubuntu Impish)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940314
Title:
Aug 2021 security update
To manage notifications about this
** Changed in: haproxy (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: haproxy (Ubuntu Hirsute)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
(Ubuntu Focal)
Importance: Medium
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: haproxy (Ubuntu Hirsute)
Importance: Medium
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: haproxy (Ubuntu Impish)
Importance
I suspect the MAAS snap has embedded some postgresql components while
relying on some other components from the system, and this mismatch is
causing the issue loading the newer shared library...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Here's the debconf bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934501
Title:
CVE-2018-15473 patch introduce user enumeration
This isn't specific to the openssh update. Debian packages use tools
such as debconf that need to write to /tmp to function correctly.
** Bug watch added: Debian Bug tracker #223683
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683
--
You received this bug notification because you are
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934501
Title:
CVE-2018-15473 patch introduce user enumeration vulnerability
To
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
** Information type changed from Private Security to Public Security
** Changed in: apport (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: apport (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Package changed: unity (Ubuntu) => gnome-shell (Ubuntu)
** Changed in: gnome-shell (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1935690
Title:
Lock
** Changed in: openssh (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1937883
Title:
ssh-agent Shielded Private Key Extraction
To manage notifications about
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
I have uploaded new packages to the PPA that enables the test suite and adds
updated binary tests.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938730
Title:
GPSD time will jump back
Thanks for the hints bzed.
Thanks for the tests paride.
I am currently working on enabling the test suite during build on focal
and re-enabling the binary tests on focal and hirsute. I'll have updated
packages in the PPA soon.
--
You received this bug notification because you are a member of
I have uploaded packages for focal and hirsute to the security team PPA
here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
I'd appreciate it if someone could test them. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Upstream patch:
https://gitlab.com/gpsd/gpsd/-/commit/7f30d88d04dc62b8bd6265ad1d09d72d220f97f6
Debian patch:
https://salsa.debian.org/debian-gps-team/pkg-gpsd/-/commit/2df40c7640dcbc5cbc48969bec44932623ef243b
> A test kernel is available here:
https://kernel.ubuntu.com/~juergh/lp1938013/
I found a laptop running bionic. Updated to the newest archive kernel
and rebooted. Hit the regression immediately, dmesg would show kernel
errors right after the wlan0 lines.
With the test kernel, I've been running
** Changed in: containerd (Ubuntu Bionic)
Status: In Progress => Invalid
** Changed in: containerd (Ubuntu Focal)
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ker.io (Ubuntu Bionic)
Status: New => In Progress
** Changed in: docker.io (Ubuntu Bionic)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: docker.io (Ubuntu Focal)
Status: New => In Progress
** Changed in: docker.io (Ubuntu Focal)
Assign
> Invalid
** Changed in: containerd (Ubuntu Impish)
Status: Incomplete => Invalid
** Changed in: containerd (Ubuntu Bionic)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: containerd (Ubuntu Focal)
Assignee: (unassigned) => Marc Deslauriers (mdesla
> I am quite surprised by this behaviour.
I'm not, I hit it all the time with git-style multiple patches in one
file. I always split them into multiple files now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I think the patch in comment #1 looks reasonable.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust anchor compatibility issue
To manage notifications about this bug go
** Changed in: apport (Ubuntu Impish)
Assignee: SatoshiNakamoto (evansanita713) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917904
Title:
Arbitrary file reads
To manage
** Bug watch added: github.com/cacalabs/libcaca/issues #55
https://github.com/cacalabs/libcaca/issues/55
** Also affects: libcaca via
https://github.com/cacalabs/libcaca/issues/55
Importance: Unknown
Status: Unknown
** Changed in: libcaca (Ubuntu)
Status: New => Triaged
** Bug watch added: github.com/cacalabs/libcaca/issues #56
https://github.com/cacalabs/libcaca/issues/56
** Also affects: libcaca via
https://github.com/cacalabs/libcaca/issues/56
Importance: Unknown
Status: Unknown
** Changed in: libcaca (Ubuntu)
Status: New => Triaged
I don't see any CVEs assigned to the new version. Do you have details on
what the exact security issues are?
** Information type changed from Private Security to Public Security
** Changed in: irssi (Ubuntu)
Status: New => Incomplete
** Changed in: irssi (Ubuntu)
Importance: Undecided
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
I can reproduce it on 20.04, but it's not a regression caused by a
security update. This is the original package 20.04 shipped with:
$ dpkg -l | grep imagemagick
ii imagemagick-6-common 8:6.9.10.23+dfsg-2.1ubuntu11
all image manipulation programs --
Unfortunately, I still can't reproduce the issue with the test file
you've sent me:
$ dpkg -l | grep imagemagick
ii imagemagick8:6.9.7.4+dfsg-16ubuntu6.11
amd64image manipulation programs -- binaries
ii imagemagick-6-common
** Changed in: apport (Ubuntu Bionic)
Assignee: SatoshiNakamoto (evansanita713) => (unassigned)
** Changed in: apport (Ubuntu Focal)
Assignee: SatoshiNakamoto (evansanita713) => (unassigned)
** Changed in: apport (Ubuntu Groovy)
Assignee: SatoshiNakamoto (evansanita713) =>
** Changed in: apport (Ubuntu Bionic)
Assignee: SatoshiNakamoto (evansanita713) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917904
Title:
Arbitrary file reads
To manage
Thanks for reporting this issue. I am going to need a test image to
reproduce this. I tried reproducing it with some gif test images, but
didn't not manage to find one that displays the broken behaviour.
** Changed in: imagemagick (Ubuntu)
Status: New => Incomplete
** Information type
While I'm not really up-to-speed on how libvirt is confined, I can't
really think of any alternative to handling this properly than adding
the new rule. +1 from me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Great, thanks for giving it a try. I will release it now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931507
Title:
rpcbind failing on 0.2.3-0.6ubuntu0.18.04.2
To manage notifications about
OK, I believe I've found the cause of the second regression. I have
uploaded an update to the security team PPA for building here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
The actual binary package is located here:
I'm investigating the second crash. What services are being run on the
servers that are still crashing after the update?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931507
Title:
rpcbind failing
It's still in the process of being copied over from launchpad to the web
servers. It should be done soon.
In the meantime, here's a direct link to the binary package:
The fix has been released, it will take a few minutes to replicate to
the web servers and mirrors.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931507
Title:
rpcbind failing on
The previous version is available here:
https://launchpad.net/ubuntu/+source/rpcbind/0.2.3-0.6ubuntu0.18.04.1/+build/19780512/+files/rpcbind_0.2.3-0.6ubuntu0.18.04.1_amd64.deb
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I will publish the fix within the hour
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931507
Title:
rpcbind failing on 0.2.3-0.6ubuntu0.18.04.2
To manage notifications about this bug go to:
I believe the following commit is missing:
https://git.linux-
nfs.org/?p=steved/rpcbind.git;a=commit;h=c49a7ea639eb700823e174fd605bbbe183e229aa
I am building packages now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I can confirm the update caused a regression. I will investigate and
will publish a fix shortly.
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
*** This bug is a duplicate of bug 1931507 ***
https://bugs.launchpad.net/bugs/1931507
** This bug has been marked a duplicate of bug 1931507
rpcbind failing on 0.2.3-0.6ubuntu0.18.04.2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
*** This bug is a duplicate of bug 1931507 ***
https://bugs.launchpad.net/bugs/1931507
** This bug has been marked a duplicate of bug 1931507
rpcbind failing on 0.2.3-0.6ubuntu0.18.04.2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Changed in: rpcbind (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: rpcbind (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks for reporting the issue!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925280
Title:
rpcbind still vulnerable with CVE-2017-8779
To manage notifications about this bug go to:
An update has now been published to fix this issue:
https://ubuntu.com/security/notices/USN-4986-1
Thanks!
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
There was an update to libwebp that fixed a bunch of security issues:
https://ubuntu.com/security/notices/USN-4971-1
Could you test again to see if the issue is resolved? Thanks!
** Changed in: libwebp (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you
Thanks for reporting the issue!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930917
Title:
Latest isc-dhcp-server rejects proper dhcpd.conf
To manage notifications about this bug go to:
med
** Changed in: isc-dhcp (Ubuntu Hirsute)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: isc-dhcp (Ubuntu Impish)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: isc-dhcp (Ubuntu Hirsute)
Importance: Undecided => Critical
** Cha
Status: New
** Also affects: gnome-autoar (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Also affects: gnome-autoar (Ubuntu Groovy)
Importance: Undecided
Status: New
** Changed in: gnome-autoar (Ubuntu Bionic)
Assignee: (unassigned) => Marc Deslauri
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917904
Title:
Arbitrary file reads
To manage notifications about this bug go to:
Oh, I seem to have overlooked that one. We are hitting the exact same
issue with the new postgresql releases, so it's unrelated to the pam
SRU:
https://bugs.launchpad.net/ubuntu/+source/postgresql-12/+bug/1928773/comments/2
--
You received this bug notification because you are a member of
Autopkgtests in comments #14 to #17 passed on retries except for openssh
which appears to be failing because of a date issue, which is unrelated
to the pam SRU.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Making this bug public in case others have a similar issue.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927755
Title:
Fix
Please stop changing the status on this bug.
Since Xenial is now in Extended Security Maintenance, the fix was pushed
to the ESM repository for Xenial. The "Fix Released" status on this bug
is accurate.
See the following for more information on Extended Security Maintenance:
I have uploaded a new version of the package to the PPA that fixed the
missing setuid bits. Please test and comment in this bug. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928381
Title:
Per discussion on irc, the updated package doesn't setuid on the
/usr/bin/please and /usr/bin/pleaseedit binaries. Looking into the issue
revealed that the package shipped in hirsute has the same issue.
The debian/rules file overrides dh_fixperms to set the setuid bit on the
binaries, but on
ACK on the debdiff in comment #3.
I have uploaded the package for building in the security team PPA here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
Once it is built, could you please test it, and describe the testing
you've performed, and I'll release it as a
Thanks for reporting this issue. I have uploaded a package, along with
an appropriate changelog entry, into the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
Please test the package once built, and if it tests successfully,
comment in this
301 - 400 of 12539 matches
Mail list logo