[Group.of.nepali.translators] [Bug 1633485] Re: Backport login throttling plugin to 5.6 and 5.7
This was fixed some time ago it seems: $ dpkg -l| grep mysql-server-5.7 ii mysql-server-5.75.7.30-0ubuntu0.16.04.1 amd64MySQL database server binaries and system database setup $ dpkg -L mysql-server-5.7 | grep control /usr/lib/mysql/plugin/connection_control.so ** Changed in: mysql-5.7 (Ubuntu Xenial) Status: Triaged => Fix Released ** Changed in: mysql-5.7 (Ubuntu Yakkety) Status: Triaged => Invalid ** Changed in: mysql-5.7 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1633485 Title: Backport login throttling plugin to 5.6 and 5.7 Status in mysql-5.6 package in Ubuntu: Invalid Status in mysql-5.7 package in Ubuntu: Fix Released Status in mysql-5.6 source package in Precise: Invalid Status in mysql-5.7 source package in Precise: Invalid Status in mysql-5.6 source package in Trusty: Triaged Status in mysql-5.7 source package in Trusty: Invalid Status in mysql-5.6 source package in Xenial: Invalid Status in mysql-5.7 source package in Xenial: Fix Released Status in mysql-5.6 source package in Yakkety: Invalid Status in mysql-5.7 source package in Yakkety: Invalid Bug description: In MySQL 8.0 we (Oracle) are adding a plugin to rate-limit/throttle login attempts in order to stop brute-force attacks. Since this is a security mechanism that has been requested by users, we would also like to backport this plugin to MySQL 5.6 and 5.7. After consulting with Robie Basak (racb), we understand this change to be allowed in Ubuntu under the SRU process (Sect. 2.2, https://wiki.ubuntu.com/StableReleaseUpdates), but if there are any comments or objections, we'd like to hear them now. Impact == This functionality is implemented in a plugin. The plugin is not loaded, and the functionality will not be activated unless the DBA explicitly activates it. Regression potential The potential for regression is considered low for the following reasons: - The new functionality is in a plugin that 1) is not loaded by default, and 2) can be unloaded if it causes problems. - The change does not introduce new SQL syntax, and no existing syntax is affected. - The plugin is new, so it's not used by any other packages in Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1633485/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1770184] Re: Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5
** Changed in: php7.0 (Ubuntu Xenial) Status: Confirmed => Fix Released ** Changed in: php5 (Ubuntu Trusty) Status: Confirmed => Fix Released ** Changed in: php7.2 (Ubuntu Bionic) Status: Confirmed => Fix Released ** Changed in: php7.2 (Ubuntu Cosmic) Status: Confirmed => Fix Released ** Changed in: php7.1 (Ubuntu Artful) Status: Confirmed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1770184 Title: Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 Status in php5 package in Ubuntu: Invalid Status in php7.0 package in Ubuntu: Invalid Status in php7.1 package in Ubuntu: Invalid Status in php7.2 package in Ubuntu: Fix Released Status in php5 source package in Trusty: Fix Released Status in php7.0 source package in Trusty: Invalid Status in php7.1 source package in Trusty: Invalid Status in php7.2 source package in Trusty: Invalid Status in php5 source package in Xenial: Invalid Status in php7.0 source package in Xenial: Fix Released Status in php7.1 source package in Xenial: Invalid Status in php7.2 source package in Xenial: Invalid Status in php5 source package in Artful: Invalid Status in php7.0 source package in Artful: Invalid Status in php7.1 source package in Artful: Invalid Status in php7.2 source package in Artful: Invalid Status in php5 source package in Bionic: Invalid Status in php7.0 source package in Bionic: Invalid Status in php7.1 source package in Bionic: Invalid Status in php7.2 source package in Bionic: Fix Released Status in php5 source package in Cosmic: Invalid Status in php7.0 source package in Cosmic: Invalid Status in php7.1 source package in Cosmic: Invalid Status in php7.2 source package in Cosmic: Fix Released Bug description: http://www.php.net/ChangeLog-5.php#5.6.35 http://www.php.net/ChangeLog-5.php#5.6.36 http://www.php.net/ChangeLog-7.php#7.0.29 http://www.php.net/ChangeLog-7.php#7.0.30 http://www.php.net/ChangeLog-7.php#7.1.16 http://www.php.net/ChangeLog-7.php#7.1.17 http://www.php.net/ChangeLog-7.php#7.2.4 http://www.php.net/ChangeLog-7.php#7.2.5 CVE-2018-10545 CVE-2018-10549 CVE-2018-10546 CVE-2018-10548 CVE-2018-10547 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1770184/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1744148] Re: [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3
** Summary changed: - [MRE] Please update to latest upstream release 7.0.28 + [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3 ** Description changed: - PHP 7.0.25 was tentatively SRU'ed to Xenial (LP: #1724896). During the - process, upstream put out 2 more microversions addressing security - issues and other bug fixes. Here is a list of the CVEs addressed by - those: + Upstream has put out many more microversions addressing security issues + and other bug fixes. Here is a list of the CVEs addressed by those: PHP 7.0.26 (23 Nov 2017): * No CVE addressed - PHP 7.0.27 (04 Jan 2018): + PHP 7.0.27 / 7.1.13 (04 Jan 2018): * https://bugs.php.net/bug.php?id=64938 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8866 * https://bugs.php.net/bug.php?id=75571 / http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711 * https://bugs.php.net/bug.php?id=74782 / http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712 - PHP 7.0.28 (01 Mar 2018): + PHP 7.1.12 (23 Nov 2017): + + * No CVE addressed + + PHP 7.1.14 (01 Feb 2018): + + * No CVE addressed + + PHP 7.0.28 / 7.1.15 / 7.2.3 (01 Mar 2018): * https://bugs.php.net/bug.php?id=75981 / https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2018-7584 Changelog: https://secure.php.net/ChangeLog-7.php ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7584 ** Also affects: php7.1 (Ubuntu) Importance: Undecided Status: New ** No longer affects: php7.1 (Ubuntu Xenial) ** No longer affects: php7.1 (Ubuntu) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1744148 Title: [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3 Status in php7.0 package in Ubuntu: Invalid Status in php7.0 source package in Xenial: In Progress Bug description: Upstream has put out many more microversions addressing security issues and other bug fixes. Here is a list of the CVEs addressed by those: PHP 7.0.26 (23 Nov 2017): * No CVE addressed PHP 7.0.27 / 7.1.13 (04 Jan 2018): * https://bugs.php.net/bug.php?id=64938 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8866 * https://bugs.php.net/bug.php?id=75571 / http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711 * https://bugs.php.net/bug.php?id=74782 / http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712 PHP 7.1.12 (23 Nov 2017): * No CVE addressed PHP 7.1.14 (01 Feb 2018): * No CVE addressed PHP 7.0.28 / 7.1.15 / 7.2.3 (01 Mar 2018): * https://bugs.php.net/bug.php?id=75981 / https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2018-7584 Changelog: https://secure.php.net/ChangeLog-7.php To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1744148/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1721607] Re: please update to latest upstream release 7.0.24
** Changed in: php7.0 (Ubuntu Zesty) Status: Fix Committed => Fix Released ** Changed in: php7.0 (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1721607 Title: please update to latest upstream release 7.0.24 Status in php7.0 package in Ubuntu: Fix Released Status in php7.0 source package in Xenial: Fix Released Status in php7.0 source package in Zesty: Fix Released Bug description: There are serious vulnerabilties in php7.0.22, which is what is currently considered up to date. https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php- could-allow-for-arbitrary-code-execution_2017-093/ There is a patched version at https://launchpad.net/~ondrej/+archive/ubuntu/php?field.series_filter=xenial Is there a reason not to make it the current version? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1721607/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1662548] Re: tor 0.2.7.6-1ubuntu1 has memory-access severe bug TROVE-2016-10-001
Tor 0.2.9.11 is now in Xenial and Zesty, marking Xenial as fix released. ** Changed in: tor (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1662548 Title: tor 0.2.7.6-1ubuntu1 has memory-access severe bug TROVE-2016-10-001 Status in Tor: Unknown Status in tor package in Ubuntu: Confirmed Status in tor source package in Trusty: Confirmed Status in tor source package in Xenial: Fix Released Status in tor source package in Yakkety: Confirmed Bug description: A buffer overrun can crash Tor 0.2.4.27 (trusty), 0.2.7.6 (xenial), 0.2.8.8 (yakkety) causing d-o-s. Tor treats "the contents of a buffer chunk as if they were a NUL- terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening." To manage notifications about this bug go to: https://bugs.launchpad.net/tor/+bug/1662548/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1099947] Re: driver unable to connect to CyberPower UPS using usbhid-ups driver
Hi Christian, Even on Trusty (*without* the -proposed package) I'm unable to repro the original issue: # tail -n 5 /etc/nut/ups.conf [cyberpower] driver = usbhid-ups port = auto desc = "CyberPower CP685AVR-G" vendorid = 0764 # lsusb | grep Cyber Bus 004 Device 002: ID 0764:0501 Cyber Power System, Inc. CP1500 AVR UPS # ll /dev/bus/usb/004/002 crw-rw-r-- 1 root nut 189, 385 Aug 25 18:01 /dev/bus/usb/004/002 # find /lib/udev/rules.d/ -name '*nut*' /lib/udev/rules.d/52-nut-usbups.rules I will thus mark the Trusty task as invalid as well. ** Changed in: nut (Ubuntu Trusty) Status: Fix Committed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1099947 Title: driver unable to connect to CyberPower UPS using usbhid-ups driver Status in nut package in Ubuntu: Fix Released Status in nut source package in Trusty: Invalid Status in nut source package in Xenial: Invalid Status in nut package in Debian: Fix Released Status in nut package in Fedora: Unknown Bug description: [Impact] * Plugging in a USB controlled UPS solution does fail to execute the udev rules; Due to that the permissions are not set correctly * Fix is a backport from upstream which only changes the numbering on the rule to execute at the right time. [Test Case] * Install nut-server * Plug in a usb controlled UPS of your choice * The device node created should be mode 664 and group "nut", but it is not. * Install the proposed package * (It also fixes but 1540008, so no need to replug anymore to test if successful) * it should now be created with proper permissions. [Regression Potential] * If people with the old set up have created something that would not be able to access anymore that could cuase issues, but before it was root:root and now nut:root; the group permission didn't change (was 6 before) - so anything before could only access with root and they still can - therefore I consider this of low/no risk, yet in some obscure setups it might be one. [Other Info] * n/a --- I hooked my new CyberPower UPS: CP685AVR-G on my Lucid server and got this error: Jan 15 12:06:33 xeon upsd[5441]: Can't connect to UPS [cyberpower] (usbhid-ups-cyberpower): No such file or directory Jan 15 12:06:38 xeon upsmon[5445]: Poll UPS [cyberpower@127.0.0.1] failed - Driver not connected After trying many things, I found https://bugzilla.redhat.com/show_bug.cgi?id=488368 that hint me in the right direction. The required change was to rename the udev rule like this: mv /lib/udev/rules.d/{5,6}2-nut-usbups.rules Now, everything works well, without requiring "user = root" in /etc/nut/ups.conf because the udev rule now ensures the device file is owned by the group "nut": # find /dev/bus/usb/ -ls 15360 drwxr-xr-x 10 root root 200 Jan 15 12:40 /dev/bus/usb/ 15790 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/008 15800 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/008/001 15730 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/007 15740 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/007/001 15670 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/006 15680 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/006/001 15610 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/005 15620 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/005/001 15550 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/004 15560 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/004/001 15490 drwxr-xr-x 2 root root 80 Jan 15 12:40 /dev/bus/usb/003 21630 crw-rw-r-- 1 root nut Jan 15 12:49 /dev/bus/usb/003/002 15500 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/003/001 15430 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/002 15440 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/002/001 15370 drwxr-xr-x 2 root root 60 Jan 15 12:40 /dev/bus/usb/001 15380 crw-rw-r-- 1 root root Jan 15 12:41 /dev/bus/usb/001/001 Generic information: # lsb_release -rd Description: Ubuntu 10.04.4 LTS Release: 10.04 # apt-cache policy nut nut: Installed: 2.4.3-1ubuntu3.2 Candidate: 2.4.3-1ubuntu3.2 Version table: *** 2.4.3-1ubuntu3.2 0 500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages 500 http://archive.u
[Group.of.nepali.translators] [Bug 1651401] Re: MySQL Bug #24347476 causing serious production issues. Request 5.7.17 update
MySQL 5.7.17 was released for Xenial few days ago, marking as fix released. ** Changed in: mysql-5.7 (Ubuntu Xenial) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1651401 Title: MySQL Bug #24347476 causing serious production issues. Request 5.7.17 update Status in mysql-5.7 package in Ubuntu: Confirmed Status in mysql-5.7 source package in Xenial: Fix Released Bug description: This MySQL bug has been fixed in the MySQL 5.7.17 release but the ubuntu repos are still on 5.7.16. I request a release of 5.7.17 to resolve the serious production issues we're experiencing due to this bug. Hoping to not have to change to the MySQL repositories as will ahve to change a lot of internal processes. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1651401/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1553353] Re: tail'ing a file in a script session hangs
** Bug watch added: Debian Bug tracker #820843 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820843 ** Also affects: util-linux (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820843 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1553353 Title: tail'ing a file in a script session hangs Status in util-linux package in Ubuntu: Confirmed Status in util-linux source package in Xenial: Confirmed Status in util-linux package in Debian: Unknown Bug description: Steps to reproduce: 1) Start script session (same issue when script is saving to /dev/null) script # or: script /dev/null 2) Tail a file tailf /var/log/syslog 3) Press "Enter" 2 times 4) Notice the script process taking 100% CPU This regression was introduced upstream by this commit: https://git.kernel.org/cgit/utils/util-linux/util- linux.git/commit/?id=54c6611d6f7b73609a5331f4d0bcf63c4af6429e $ lsb_release -rd Description: Ubuntu Xenial Xerus (development branch) Release: 16.04 $ apt-cache policy util-linux bsdutils coreutils util-linux: Installed: 2.27.1-4ubuntu1 Candidate: 2.27.1-4ubuntu1 Version table: *** 2.27.1-4ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages 100 /var/lib/dpkg/status 2.27.1-3ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages bsdutils: Installed: 1:2.27.1-4ubuntu1 Candidate: 1:2.27.1-4ubuntu1 Version table: *** 1:2.27.1-4ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages 100 /var/lib/dpkg/status 1:2.27.1-3ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages coreutils: Installed: 8.25-2ubuntu2 Candidate: 8.25-2ubuntu2 Version table: *** 8.25-2ubuntu2 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: util-linux 2.27.1-4ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-10.25-generic 4.4.3 Uname: Linux 4.4.0-10-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Fri Mar 4 15:14:15 2016 SourcePackage: util-linux UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1553353/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1524318] Re: KeePassX Launcher icon is broken
Now that keepassx 2.0 has landed in Xenial, this is no longer an issue. ** Changed in: keepassx (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1524318 Title: KeePassX Launcher icon is broken Status in keepassx package in Ubuntu: Fix Released Status in keepassx source package in Vivid: Fix Released Status in keepassx source package in Wily: Fix Released Status in keepassx source package in Xenial: Fix Released Bug description: After the recent security update of KeePassX in Willy, the desktop icon is broken as is attached. The icon file is installed in /usr/share/icons/hicolor/128x128/apps/keepassx.png. This file is generated from the SVG file located in debian/keepassx.svg using imagemagic (see debian/rules): convert -density 192 -background none debian/keepassx.svg \ debian/keepassx/usr/share/icons/hicolor/128x128/apps/keepassx.png It seems that imagemagick fails to parse the SVG file and producing bad images. I don't know why imagemagick fails parsing, but the simplest solution is to convert the SVG file using inkscape or something. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keepassx/+bug/1524318/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp