[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

but not via a backport, so marking this as wontfix :) ** Changed in: libxkbcommon (Ubuntu Bionic) Status: Fix Released => Won't Fix -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxkbcommon in Ubuntu.

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

The CVEs have been fixed in a security upload https://launchpad.net/ubuntu/+source/libxkbcommon/0.8.0-1ubuntu0.1 ** Changed in: libxkbcommon (Ubuntu Bionic) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

leo: feel free to handle all updates via the security pocket(s), as I have no permission to upload there (AIUI). -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1794690 Title: Backport

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

Not that I know of.. -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1794690 Title: Backport 0.8.2 for a CVE update To manage notifications about this bug go to:

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

Is there any POC for check CVE-2018-15856? Trusty hasn't the file affected, but I'm wondering if it handles the same thing and is vulnerable and the only way to check this would be if we have any POC. Tks! ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15856 -- You received

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

leo: feel free to take over trusty/xenial, I don't have anything ready for them and if this needs to be handled differently, then that's fine too -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxkbcommon in Ubuntu.

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

This is in the SRU queue but it looks like the security pocket might be a better target? I asked Timo to liase with the security team to get a decision on that. -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxkbcommon in Ubuntu.

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

Hi Timo, Are you planning to update only for bionic or will you do this also for trusty and xenial? Asking that because I was/am planning to put that update in my stack for xenial and trusty. []'s -- You received this bug notification because you are a member of Ubuntu-X, which is

[Ubuntu-x-swat] [Bug 1794690] Re: Backport 0.8.2 for a CVE update

** Description changed: [Impact] 0.8.2 has completed the fuzzing work started in 0.8.1, so backport the package from cosmic to fix these CVE's: CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862