[Group.of.nepali.translators] [Bug 1682637] Re: during recovery mode, enable network failed due to /etc/resolv.conf not being present

[Simon Quigley]

Unsubscribing sponsors as there seems to be nothing else to sponsor.

Artful is also EOL.

** Changed in: friendly-recovery (Ubuntu Artful)
   Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1682637

Title:
  during recovery mode, enable network failed due to /etc/resolv.conf
  not being present

Status in friendly-recovery package in Ubuntu:
  Fix Released
Status in friendly-recovery source package in Xenial:
  In Progress
Status in friendly-recovery source package in Artful:
  Won't Fix
Status in friendly-recovery source package in Bionic:
  Fix Released

Bug description:
  Something went wrong that required me to boot to recovery mode via
  grub.  The important part here, is that while I got as far as the
  recovery screen asking to "Enable Networking" and other options fsck
  filesystems, drop to root shell, etc.

  and selected "Enable Networking":

  the result was:

  grep: /etc/resolv.conf: No such File or directory.

  Unknown group "power" in message bus configuration file.


  (Networking did not enable, leaving me stranded at root shell without
  network which would have made adding/removing packages to troubleshoot
  easier)

  Ubuntu: zesty 17.04
  Linux: Linux Hedy 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux
  network-manager: 1.4.4-1ubuntu3

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: network-manager 1.4.4-1ubuntu3
  ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8
  Uname: Linux 4.10.0-19-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Thu Apr 13 16:40:19 2017
  EcryptfsInUse: Yes
  IfupdownConfig:
   # interfaces(5) file used by ifup(8) and ifdown(8)
   auto lo
   iface lo inet loopback
  InstallationDate: Installed on 2014-07-09 (1009 days ago)
  InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Alpha amd64 
(20140708)
  IpRoute:
   default via 192.168.250.1 dev wlan1 proto static metric 600 
   10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 linkdown 
   169.254.0.0/16 dev lxcbr0 scope link metric 1000 linkdown 
   192.168.250.0/24 dev wlan1 proto kernel scope link src 192.168.250.3 metric 
600
  NetworkManager.conf:
   [main]
   plugins=ifupdown,keyfile
   
   [ifupdown]
   managed=false
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=false
  SourcePackage: network-manager
  UpgradeStatus: Upgraded to zesty on 2017-04-13 (0 days ago)
  nmcli-dev:
   DEVICE  TYPE  STATEDBUS-PATH  
CONNECTION  CON-UUID  CON-PATH  
 
   lxcbr0  bridgeconnected/org/freedesktop/NetworkManager/Devices/3  
lxcbr0  46595dd8-757b-4d93-ade3-c066f72d9e2e  
/org/freedesktop/NetworkManager/ActiveConnection/0 
   wlan1   wifi  connected/org/freedesktop/NetworkManager/Devices/2  
Brisbane House  2b25e748-f9c5-4c84-9fe6-0f64071fcf0b  
/org/freedesktop/NetworkManager/ActiveConnection/1 
   eth1ethernet  unavailable  /org/freedesktop/NetworkManager/Devices/1  -- 
 ----   
  
   lo  loopback  unmanaged/org/freedesktop/NetworkManager/Devices/0  -- 
 ----
  nmcli-nm:
   RUNNING  VERSION  STATE  STARTUP  CONNECTIVITY  NETWORKING  WIFI-HW  
WIFI WWAN-HW  WWAN 
   running  1.4.4connected  started  full  enabled enabled  
enabled  enabled  disabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/friendly-recovery/+bug/1682637/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1744941] Re: gnome-software crashes in as_app_parse_desktop_file

[Simon Quigley]

Unsubscribing sponsors as there's nothing left to sponsor.

Artful is also EOL.

Ping, Iain and Robie.

** Changed in: appstream-glib (Ubuntu Artful)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1744941

Title:
  gnome-software crashes in as_app_parse_desktop_file

Status in appstream-glib package in Ubuntu:
  Fix Released
Status in appstream-glib source package in Xenial:
  In Progress
Status in appstream-glib source package in Artful:
  Won't Fix
Status in appstream-glib source package in Bionic:
  Fix Released

Bug description:
  [ Impact ]

  Malformed .desktop files might causes crashes because
  the returned list is NULL.

  [ Test case ]
   - Download and copy in one of your XDG_DATA_DIRS (i.e. 
~/.local/share/applications)
 this .desktop file:
 
https://github.com/hughsie/appstream-glib/files/1656100/org.gnome.frogr.desktop.gz
   - Run gnome-software it must not crash.

  [ Regression potential ]

  Missing metadata from .desktop files, but really this is just a null-
  checks fix, so not really anything might go worse.

  
  

  See more at upstream bug: https://github.com/hughsie/appstream-
  glib/pull/221

  This affects all the releases since xenial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/appstream-glib/+bug/1744941/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1714518] Re: GTK+3 doesn't show FUSE/GVFS, smb (SMB/CIFS), sftp (SFTP/SSH) network shares in file chooser

[Simon Quigley]

Artful is EOL.

** Changed in: gtk+3.0 (Ubuntu Artful)
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1714518

Title:
  GTK+3 doesn't show FUSE/GVFS, smb (SMB/CIFS), sftp (SFTP/SSH) network
  shares in file chooser

Status in GTK+:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Triaged
Status in gtk+3.0 source package in Xenial:
  Triaged
Status in gtk+3.0 source package in Artful:
  Won't Fix

Bug description:
  Steps to reproduce:
  1. Install any Gtk3 application such as Firefox or Chromium which use modern 
file-chooser dialog. 
  2. Mount network location through fstab or file-manager ("smb://" = SMB/CIFS, 
"sftp://; = SFTP/SSH and so on)
  3. Try to save/open file to/from the remote location from Gtk3 application.

  Expected results:
  * user is able to find network folder and save/open file to/from it with 
GtkFileChooser dialog

  Actual results:
  * user is unable to find network folder and save/open file to/from it with 
GtkFileChooser dialog and many user applications are affected

  -
  Original bug description is below:

  GTK+3 doesn't show FUSE network shares in file chooser - it used to do
  so in GTK+2, and the GTK+3 documentation still mentions it should do
  it.

  In the mean time, every user of every application switching to GTK+3
  -- including Chromium, at some point between 58 and 60 -- (a change
  which happened in 16.04 LTS!!), loses the functionality to open or
  save directly to a network share.

  I had chosen 16.04 LTS for deploying our workstations at work, and my 50 
users have been suddenly unable to do a simple operation they have to do dozens 
of times a day.
  They now have to "buffer" these files to their local filesystem when saving 
them and before uploading them, and then copy them to the company's network 
shares.
  They were already a little bit grumpy when it stopped working with Firefox, 
and are now really side-eyeing me when they apply updates and find Chromium 
broken.

  I have reported the bug upstream and provided a patch to fix this. I
  hope you'll be able and willing to include it to Ubuntu's GTK+3
  package.

  Thanks in advance.

  Colin

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1714518/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1759732] Re: [Lubuntu] Having zram support means that encrypted LVM installs don't work

[Simon Quigley]

** Changed in: partman-crypto (Ubuntu Xenial)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1759732

Title:
  [Lubuntu] Having zram support means that encrypted LVM installs don't
  work

Status in partman-crypto package in Ubuntu:
  Fix Released
Status in partman-crypto source package in Xenial:
  Won't Fix
Status in partman-crypto source package in Bionic:
  Fix Released

Bug description:
  Lubuntu enables zram support on our live images. Currently, zram is
  caught by the unsafe swap detection performed by this package (or
  similar). This is causing Encrypted LVM installs to fail. Unmounting
  all zram mount points result in a successful install.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/1759732/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** No longer affects: quassel (Ubuntu Artful)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

Status in quassel package in Ubuntu:
  Fix Released
Status in quassel source package in Trusty:
  Fix Released
Status in quassel source package in Xenial:
  Confirmed
Status in quassel source package in Bionic:
  Confirmed
Status in quassel source package in Cosmic:
  Fix Released
Status in quassel package in Debian:
  Fix Released

Bug description:
  A recent upstream release contains two security fixes.  All supported
  Ubuntu releases are affected.

* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
  qdatastream
  - debian/patches/Implement_custom_deserializer.patch: Original patch from
upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
  - CVE requested by upstream
* SECURITY UPDATE: quasselcore, denial of service for unconfigure core
  - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
_configured.patch: Original patch from upstream 0.12.5 release, adapted
for non-C++ 11 systems by Felix Geyer
  - CVE requested by upstream

  I'll be attaching a debdiff for Trusty, but not later releases as that
  is the only Ubuntu release I still have an interest in.  Note that the
  debian/changelog doesn't have the LP bug number in it since I haven't
  filed it yet.  The trusty fix is based on the Debian patches for
  Jessie (Debian 8):

  https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie

  I'm running the fixed version now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1759366] Re: Multiple Mercurial CVEs have been announced

[Simon Quigley]

** No longer affects: mercurial (Ubuntu Artful)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1759366

Title:
  Multiple Mercurial CVEs have been announced

Status in mercurial package in Ubuntu:
  Fix Released
Status in mercurial source package in Trusty:
  Confirmed
Status in mercurial source package in Xenial:
  Confirmed

Bug description:
  There are multiple CVEs in Mercurial that should be fixed through a
  security update. Here's the releases that I believe need patching and
  the releases which I believe are affected:

   * CVE-2016-3068: Mercurial before 3.7.3 allows remote attackers to execute 
arbitrary code
  via a crafted git ext:: URL when cloning a subrepository.
 - Trusty
   * CVE-2016-3069: Mercurial before 3.7.3 allows remote attackers to execute 
arbitrary code
  via a crafted name when converting a Git repository.
 - Trusty
   * CVE-2016-3105: The convert extension in Mercurial before 3.8 might allow 
context-dependent
  attackers to execute arbitrary code via a crafted git repository name.
 - Trusty
 - Xenial
   * CVE-2016-3630: The binary delta decoder in Mercurial before 3.7.3 allows 
remote attackers
  to execute arbitrary code via a (1) clone, (2) push, or (3) pull command,
  related to (a) a list sizing rounding error and (b) short records.
 - Trusty
   * CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially 
malformed
  repository can cause Git subrepositories to run arbitrary code in the form
  of a .git/hooks/post-update script checked into the repository. Typical use
  of Mercurial prevents construction of such repositories, but they can be
  created programmatically.
 - Trusty
 - Xenial
 - Artful
   * CVE-2018-1000132: Mercurial version 4.5 and earlier contains a Incorrect 
Access Control
  (CWE-285) vulnerability in Protocol server that can result in Unauthorized
  data access. This attack appear to be exploitable via network connectivity.
  This vulnerability appears to have been fixed in 4.5.1.
 - Trusty
 - Xenial
 - Artful

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mercurial/+bug/1759366/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1781925] Re: Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056

[Simon Quigley]

** Also affects: znc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1781925

Title:
  Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056

Status in znc package in Ubuntu:
  In Progress
Status in znc source package in Trusty:
  In Progress
Status in znc source package in Xenial:
  In Progress
Status in znc source package in Artful:
  Won't Fix
Status in znc source package in Bionic:
  In Progress
Status in znc source package in Cosmic:
  In Progress

Bug description:
  Multiple remote vulnerabilities reported in ZNC package:
  CVE-2018-14055, CVE-2018-14056

  Debian LTS has updates available:
  http://www.linuxsecurity.com/content/view/213083?rdf

  Relevant patches in znc git:

  https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
  https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
  https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

  Currently no updates available in Xenial, did not see any existing
  reports.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1781925/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1781925] Re: Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056

[Simon Quigley]

** Also affects: znc (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: znc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1781925

Title:
  Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056

Status in znc package in Ubuntu:
  In Progress
Status in znc source package in Trusty:
  In Progress
Status in znc source package in Xenial:
  In Progress
Status in znc source package in Artful:
  Won't Fix
Status in znc source package in Bionic:
  In Progress
Status in znc source package in Cosmic:
  In Progress

Bug description:
  Multiple remote vulnerabilities reported in ZNC package:
  CVE-2018-14055, CVE-2018-14056

  Debian LTS has updates available:
  http://www.linuxsecurity.com/content/view/213083?rdf

  Relevant patches in znc git:

  https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
  https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
  https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

  Currently no updates available in Xenial, did not see any existing
  reports.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1781925/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1778041] Re: browser-plugin-freshplayer-pepperflash broken

[Simon Quigley]

** Also affects: freshplayerplugin (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: freshplayerplugin (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: freshplayerplugin (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: freshplayerplugin (Ubuntu Xenial)
 Assignee: (unassigned) => Gunnar Hjalmarsson (gunnarhj)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1778041

Title:
  browser-plugin-freshplayer-pepperflash broken

Status in freshplayerplugin package in Ubuntu:
  In Progress
Status in freshplayerplugin source package in Xenial:
  In Progress
Status in freshplayerplugin source package in Bionic:
  In Progress
Status in freshplayerplugin package in Debian:
  New

Bug description:
  [Impact]

  browser-plugin-freshplayer-pepperflash prevents sites which require
  Flash from working with the latest versions of Firefox. If you select
  "Ask to Activate" in FF, the contents requiring Flash is not shown. If
  you select "Always Activate", the tab with the page requiring Flash
  simply crashes.

  Issue identified via . A "no change
  rebuild" does not help.

  The proposed version in the PPA fixes the issue, so the wrapper works
  as intended also with the latest FF version.

  https://launchpad.net/~gunnarhj/+archive/ubuntu/freshplayerplugin

  This suggests an upgrade to a newer upstream version. This is the
  upstream changelog:

  2017-12-23  Rinat Ibragimov  

   * release v0.3.9
   * network: stop using files with NPN_PostURL

  2017-12-09  Rinat Ibragimov  

   * release: v0.3.8
   * misc: add NPN_PluginThreadAsyncCall emulation for Firefox 58

  2017-05-31  Rinat Ibragimov  

   * release: v0.3.7
   * graphics: add more fullscreen _NET_WM controls
   * misc: drop libpdf wrapper
   * misc: drop NaCl wrapper
   * misc: search for PepperFlash in Chrome component update
   directories

  2016-10-05  Rinat Ibragimov  

   * release: v0.3.6
   * graphics: fix off-by-one pixel issue in fullscreen scaling
   mode
   * graphics: try to flicker less
   * misc: use ICU for character set conversion, use WhatWG
   canonical encoding name conversion
   * misc: guess default character encoding from locale name
   * misc: guess GTK+ major version at run time

  Admittedly it includes a few minor improvements, but hopefully this
  can still pass as an SRUable microrelease (or something...).

  [Test Case]

  1. Install adobe-flashplugin and the {xenial,bionic}-release
     version of browser-plugin-freshplayer-pepperflash.

  2. (Re)start Firefox and visit
     .

  => Find that it doesn't confirm that Flash is installed.

  3. Install browser-plugin-freshplayer-pepperflash from
 {xenial,bionic}-proposed.

  4. Repeat 2.

  => Confirmation that the latest Flash version is installed.

  [Regression Potential]

  Considering that the {xenial,bionic}-release version of
  browser-plugin-freshplayer-pepperflash breaks Flash completely on
  Firefox, the risk that this upload makes the situation worse is
  non-existent.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freshplayerplugin/+bug/1778041/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1574049] Re: kdegraphics-thumbnailers 4:15.12.3-0ubuntu1 uses the wrong path for plugin libraries

[Simon Quigley]

** Changed in: kubuntu-ppa
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1574049

Title:
  kdegraphics-thumbnailers 4:15.12.3-0ubuntu1 uses the wrong path for
  plugin libraries

Status in KDE Graphics:
  Fix Released
Status in Kubuntu PPA:
  Invalid
Status in kdegraphics-thumbnailers package in Ubuntu:
  Triaged
Status in kdegraphics-thumbnailers source package in Xenial:
  Triaged

Bug description:
  kdegraphics-thumbnailers 4:15.12.3-0ubuntu1 puts gsthumbnail.so and 
rawthumbnail.so under /usr/lib/x86_64-linux-gnu/plugins/ (see 
http://packages.ubuntu.com/xenial/amd64/kdegraphics-thumbnailers/filelist for 
the newest package file listing).
  Dolphin looks for plugins under /usr/lib/x86_64-linux-gnu/qt5/plugins/ (see 
http://packages.ubuntu.com/xenial/amd64/dolphin/filelist for the newest package 
file listing).
  Because of the discrepancy between the two pathes Dolphin is unable to invoke 
kdegraphics-thumbnailers.

  This can be reproduced with the Kubuntu 16.04 LTS live image. After
  installing kdegraphics-thumbnailers and activating it under the
  Dolphin preferences no thumbnails are generated for PDF files.

  There is a workaround until the package is fixed. This command will
  link all the files from /usr/lib/x86_64-linux-gnu/plugins/ to
  /usr/lib/x86_64-linux-gnu/qt5/plugins/:

  sudo ln -s /usr/lib/x86_64-linux-gnu/plugins/* /usr/lib/x86_64-linux-
  gnu/qt5/plugins/

  The installation routine of the package should be fixed to unpack
  gsthumbnail.so and rawthumbnail.so under /usr/lib/x86_64-linux-
  gnu/qt5/plugins/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kdegraphics/+bug/1574049/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1530523] Re: kcm_driver_manager: Infinitely shows Collecting information

[Simon Quigley]

Thank you for taking the time to report this bug and helping to make Kubuntu 
better. We are sorry that we do not always have the capacity to look at all 
reported bugs in a timely manner. There have been many changes in Kubuntu since 
that time you reported the bug and your problem may have been fixed with some 
of the updates. It would help us a lot if you could test it on a currently 
supported Kubuntu version. If you test it and it is still an issue, kindly 
upload the updated logs by running only once:
apport-collect 1530523

and any other logs that are relevant for this particular issue.

** Changed in: kubuntu-ppa
   Status: Confirmed => Incomplete

** Changed in: libqapt (Ubuntu)
   Status: Fix Released => Incomplete

** Changed in: libqapt (Ubuntu Xenial)
   Status: Fix Released => Incomplete

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1530523

Title:
  kcm_driver_manager: Infinitely shows Collecting information

Status in Kubuntu PPA:
  Incomplete
Status in libqapt package in Ubuntu:
  Incomplete
Status in libqapt source package in Xenial:
  Incomplete

Bug description:
  [Impact]

  * libQapt needs apt-xapian-index in order to search for packages, otherwise 
it never returns a result.
  * As a consequence Driver Manager doesn't find packages and is empty.
  * Before, apt-xapian-index was installed as a dependence of Muon (libmuon), 
which is not included in the default install anymore.

  [Test Case]

  * Update libqapt and run `kcmshell5 kcm_driver_manager`.
  * After some time (~1 minute) Driver Manager shows suggested packages.

  [Regression Potential]

  * Low, Driver Manager is useless as of now.
  * The same fix was applied in Yakkety.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1530523/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** Also affects: quassel (Ubuntu Cosmic)
   Importance: High
 Assignee: Simon Quigley (tsimonq2)
   Status: Confirmed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

Status in quassel package in Ubuntu:
  Confirmed
Status in quassel source package in Trusty:
  Fix Released
Status in quassel source package in Xenial:
  Confirmed
Status in quassel source package in Artful:
  Confirmed
Status in quassel source package in Bionic:
  Confirmed
Status in quassel source package in Cosmic:
  Confirmed
Status in quassel package in Debian:
  Fix Released

Bug description:
  A recent upstream release contains two security fixes.  All supported
  Ubuntu releases are affected.

* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
  qdatastream
  - debian/patches/Implement_custom_deserializer.patch: Original patch from
upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
  - CVE requested by upstream
* SECURITY UPDATE: quasselcore, denial of service for unconfigure core
  - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
_configured.patch: Original patch from upstream 0.12.5 release, adapted
for non-C++ 11 systems by Felix Geyer
  - CVE requested by upstream

  I'll be attaching a debdiff for Trusty, but not later releases as that
  is the only Ubuntu release I still have an interest in.  Note that the
  debian/changelog doesn't have the LP bug number in it since I haven't
  filed it yet.  The trusty fix is based on the Debian patches for
  Jessie (Debian 8):

  https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie

  I'm running the fixed version now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1769010] [NEW] BBC weather dataengine broken due to changed RSS feed

[Simon Quigley]

Public bug reported:

The URLs of the BBC weather feeds seem to have changed, resulting in the
dataengine to use no longer existing URLs.

[Impact]

This is a user-impacting regression that could result in weather feeds
being non-functional for some users.

[Test Case]

Existing configured weather applets using a location from a BBC weather
service should work again. Newly configured weather applets using a BBC
weather service should also work.

[Regression Potential]

The regression happened in the first place due to the RSS feeds changing
on the BBC site. If they change again, this will regress again.

** Affects: plasma-workspace (Ubuntu)
 Importance: Medium
 Status: Fix Released

** Affects: plasma-workspace (Ubuntu Xenial)
 Importance: Medium
 Status: In Progress

** Also affects: plasma-workspace (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: plasma-workspace (Ubuntu Trusty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1769010

Title:
  BBC weather dataengine broken due to changed RSS feed

Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress

Bug description:
  The URLs of the BBC weather feeds seem to have changed, resulting in
  the dataengine to use no longer existing URLs.

  [Impact]

  This is a user-impacting regression that could result in weather feeds
  being non-functional for some users.

  [Test Case]

  Existing configured weather applets using a location from a BBC
  weather service should work again. Newly configured weather applets
  using a BBC weather service should also work.

  [Regression Potential]

  The regression happened in the first place due to the RSS feeds
  changing on the BBC site. If they change again, this will regress
  again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1769010/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1769010] Re: BBC weather dataengine broken due to changed RSS feed

[Simon Quigley]

Bionic will be addressed when Plasma 5.12.5 is SRUed. Other releases
need explicit SRUs to them.

** Changed in: plasma-workspace (Ubuntu)
   Status: New => Fix Released

** Changed in: plasma-workspace (Ubuntu)
   Importance: Undecided => High

** Changed in: plasma-workspace (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: plasma-workspace (Ubuntu)
   Importance: High => Medium

** Changed in: plasma-workspace (Ubuntu Trusty)
   Importance: High => Medium

** Changed in: plasma-workspace (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: plasma-workspace (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: plasma-workspace (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: plasma-workspace (Ubuntu Xenial)
   Importance: High => Medium

** Changed in: plasma-workspace (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: plasma-workspace (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** No longer affects: plasma-workspace (Ubuntu Trusty)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1769010

Title:
  BBC weather dataengine broken due to changed RSS feed

Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress

Bug description:
  The URLs of the BBC weather feeds seem to have changed, resulting in
  the dataengine to use no longer existing URLs.

  [Impact]

  This is a user-impacting regression that could result in weather feeds
  being non-functional for some users.

  [Test Case]

  Existing configured weather applets using a location from a BBC
  weather service should work again. Newly configured weather applets
  using a BBC weather service should also work.

  [Regression Potential]

  The regression happened in the first place due to the RSS feeds
  changing on the BBC site. If they change again, this will regress
  again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1769010/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files

[Simon Quigley]

Updated packages are in the security proposed PPA. I have tested all
three in fresh, fully updated virtual machines of each release, and all
three work.

The Trusty backport is pending a review, but I would call the Xenial,
Artful, and Bionic updates good.

** Changed in: kwallet-pam (Ubuntu Artful)
   Status: New => Fix Committed

** Changed in: kwallet-pam (Ubuntu Bionic)
   Status: In Progress => Fix Committed

** Changed in: kwallet-pam (Ubuntu Xenial)
   Status: New => Fix Committed

** No longer affects: kwallet-pam (Ubuntu Trusty)

** No longer affects: pam-kwallet (Ubuntu Xenial)

** No longer affects: pam-kwallet (Ubuntu Artful)

** No longer affects: pam-kwallet (Ubuntu Bionic)

** No longer affects: pam-kwallet (Ubuntu Cosmic)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1768649

Title:
  [CVE] Access to privileged files

Status in kwallet-pam package in Ubuntu:
  Fix Released
Status in pam-kwallet package in Ubuntu:
  Invalid
Status in pam-kwallet source package in Trusty:
  New
Status in kwallet-pam source package in Xenial:
  Fix Committed
Status in kwallet-pam source package in Artful:
  Fix Committed
Status in kwallet-pam source package in Bionic:
  Fix Committed
Status in kwallet-pam source package in Cosmic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  kwallet-pam: Access to privileged files
  Risk Rating:High
  CVE:CVE-2018-10380
  Versions:   Plasma < 5.12.6
  Date:   4 May 2018

  
  Overview
  
  kwallet-pam was doing file writing and permission changing
  as root that with correct timing and use of carefully
  crafted symbolic links could allow a non privileged user
  to become the owner of any file on the system.

  Workaround
  ==
  None (other than not using kwallet-pam)

  Solution
  
  Update to Plasma >= 5.12.6 or Plasma >= 5.13.0

  Or apply the following patches:
  Plasma 5.12
  
https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0
  
https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5

  Plasma 5.8
  
https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8
  
https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b

  
  Credits
  ===
  Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1579935] Re: [SRU] Update to bug-fix release 2.2.8 in Xenial

[Simon Quigley]

** No longer affects: vlc (Ubuntu Zesty)

** Changed in: vlc (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1579935

Title:
  [SRU] Update to bug-fix release 2.2.8 in Xenial

Status in vlc package in Ubuntu:
  Fix Released
Status in vlc source package in Xenial:
  Confirmed

Bug description:
  [Impact]

  VLC has received many bug fixes on the stable 2.2.x branch since 2.2.2
  was released. I think 16.04 LTS should get these fixes.

  [Test Case]

  Install vlc from xenial-proposed and test it for at least one week.
  Play different video formats to catch any regressions, and use it as
  you normally would.

  [Regression Potential]

  The 2.2.x branch receives only bug fixes, which are cherry-picked from
  the master branch where the main development takes place. So, I think
  the regression potential is low.

  [Other Info]

  VLC 2.2 maintenance branch.
  http://git.videolan.org/?p=vlc/vlc-2.2.git;a=summary

  Changes between 2.2.7 and 2.2.8:
  

  Demuxers:
   * Fix AVI invalid pointer dereferences

  Translations updates

  Changes between 2.2.6 and 2.2.7:
  

  Decoders:
   * Fix flac heap write overflow on format change
   * Fix crash in libavcodec module (heap write out-of band) (CVE-2017-10699)
   * Fix infinite loop in sami subtitle
   * Fix AAC 7.1 channels detection

  Demuxers:
   * Fix potential crash in ASX parser
   * Fix AVI read/write overflow

  Mac OS X:
   * Fix compatibility with macOS High Sierra
   * Fix regression in ASS subtitle decoding
   * Fix crash during automatic update. Some users might need to manually
 update to the newest version.

  Video Output:
   * Fix Direct3D9 output with odd offsets

  Misc:
   * Fix crash in MTP
   * Support libupnp 1.8

  Translations updates

  Changes between 2.2.5.1 and 2.2.6:
  --

  Video output:
   * Fix systematic green line on nvidia
   * Fix direct3d SPU texture offsets handling

  Demuxer:
   * Fix heap buffer overflows

  Changes between 2.2.5 and 2.2.5.1:
  --

  Security hardening for DLL hijacking environments

  Translations updates

  Misc:
   * Update for Soundcloud, liveleak and Youtube scripts
   * Fix potential out-of-band dereference in flac decoder
   * Fix potential out-of-band reads in mpeg packetizers
   * Fix infinite loop in subtitles demuxer
   * Fix incorrect memory free in ogg demuxer
   * Fix potential out-of-band reads in subtitle decoders and demuxers
   * Fix green line on Windows with odd sizes

  Changes between 2.2.4 and 2.2.5:
  

  Decoder:
   * Fix mp3 playback quality regression in libmad
   * Fix video scaling in VDPAU
   * Fix playback of palettized codecs
   * Fix ADPCM heap corruption (FG-VD-16-067)

  Demuxer:
   * Fix possible ASF integer overflow
   * Fix MP4 divide-by-zero

  Video output:
   * Fix green line on Windows with AMD drivers

  Access:
   * Fix crash in screen recording on Windows
   * Fix FTP scan string injection

  Mux:
   * Fix mp4 drift

  Windows:
   * The plugins loading will not load external DLLs by default.
     Plugins will need to LoadLibrary explicitely.
   * Fix uninstaller path handling

  MacOS:
   * Fix scrolling sensitivity on Sierra
   * Resume points are deleted now if the user clears the list of
     recent items

  Changes between 2.2.3 and 2.2.4:
  

  Decoder:
   * Fix crash in G.711 wav files
   * Fix mp3 crash in libmad
   * Fix out-of-bound write in adpcm QT IMA codec (CVE-2016-5108)

  Qt:
   * Fix resizing issues

  Win32:
   * Fix overlay creation on Windows XP for DirectDraw video output

  Misc:
   * Build fixes for Hurd

  Translations:
   * Update of Bulgarian, Catalan, German, French, Italian, Marathi, Norwegian
     Bokmål, Norwegian Nynorsk, Portuguese, Slovak, Spanish (Mexico), Swedish,
     Simplified Chinese, and Traditional Chinese translations

  Changes between 2.2.2 and 2.2.3:
  

  Demux:
   * Fix HLS quality selection and a potential stack overflow
   * Fix potential MKV infinite loop and improve MKV tags support
   * Fix WMV regression

  Decoder:
   * Fix hardware decoding with libvdpau-va-gl
   * Fix crashes with libvpx
   * Use libass without caching dialog

  Video Ouptut:
   * Fix green lines on Direct3D output

  Skins2:
   * Fix maximizing Window in multi-screen context

  Qt:
   * Fix resume where you left off
   * Fix infinite recursion in the customize dialog
   * Fix size when switching to/from the minimal interface
   * Fix size after resume toolbar is displayed

  MacOS X:
   * Fix crashes in media information panel
   * Correctly respect the disable-screensaver option

  Wi

[Group.of.nepali.translators] [Bug 1685918] Re: Change font dependency to recommendends

[Simon Quigley]

I'm uploading to Bionic for the sake of getting this in the LTS release,
but please forward it to Debian as well.

I'd like an opinion from the SRU Team (and of course the usual SRU bug
description modifications) before sponsoring to Xenial, so I'll
unsubscribe the Sponsors team and subscribe the SRU team.

Thanks.

** Also affects: kodi (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: kodi (Ubuntu)
   Status: In Progress => Fix Committed

** Changed in: kodi (Ubuntu)
 Assignee: (unassigned) => Rolf Leggewie (r0lf)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1685918

Title:
  Change font dependency to recommendends

Status in kodi package in Ubuntu:
  Fix Committed
Status in kodi source package in Xenial:
  New

Bug description:
  In kodi-data is a hard dependency for fonts-noto-mono and for fonts-
  noto-hinted. Please, change both fromo Depends to Recommends.

  Changing this allow for deinstallation of these two font packages,
  without breaking package dependencies in case these fonts are provided
  in another way via TeX Live installation. This mainly concerns Ubuntu
  users that use Tex Live, which are a lot, especially since Tex Live
  packages are still not up to date in Debian and Ubuntu.

  Changing to Recommends allow users to solve font conflicts (in this
  case the availability of the same font twice) easily and this change
  in dependency has been done for several other packages for this reason
  in the last few years.

  See also:
  * https://bugs.launchpad.net/ubuntu/+source/birdfont/+bug/1593711
  * https://bugs.launchpad.net/ubuntu/+source/libpdf-api2-perl/+bug/714588
  * https://bugs.launchpad.net/ubuntu/+source/matplotlib/+bug/1593678

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1685918/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1759366] [NEW] Multiple Mercurial CVEs have been announced

[Simon Quigley]

*** This bug is a security vulnerability ***

Public security bug reported:

There are multiple CVEs in Mercurial that should be fixed through a
security update. Here's the releases that I believe need patching and
the releases which I believe are affected:

 * CVE-2016-3068: Mercurial before 3.7.3 allows remote attackers to execute 
arbitrary code
via a crafted git ext:: URL when cloning a subrepository.
   - Trusty
 * CVE-2016-3069: Mercurial before 3.7.3 allows remote attackers to execute 
arbitrary code
via a crafted name when converting a Git repository.
   - Trusty
 * CVE-2016-3105: The convert extension in Mercurial before 3.8 might allow 
context-dependent
attackers to execute arbitrary code via a crafted git repository name.
   - Trusty
   - Xenial
 * CVE-2016-3630: The binary delta decoder in Mercurial before 3.7.3 allows 
remote attackers
to execute arbitrary code via a (1) clone, (2) push, or (3) pull command,
related to (a) a list sizing rounding error and (b) short records.
   - Trusty
 * CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially 
malformed
repository can cause Git subrepositories to run arbitrary code in the form
of a .git/hooks/post-update script checked into the repository. Typical use
of Mercurial prevents construction of such repositories, but they can be
created programmatically.
   - Trusty
   - Xenial
   - Artful
 * CVE-2018-1000132: Mercurial version 4.5 and earlier contains a Incorrect 
Access Control
(CWE-285) vulnerability in Protocol server that can result in Unauthorized
data access. This attack appear to be exploitable via network connectivity.
This vulnerability appears to have been fixed in 4.5.1.
   - Trusty
   - Xenial
   - Artful

** Affects: mercurial (Ubuntu)
 Importance: High
 Status: Fix Released

** Affects: mercurial (Ubuntu Trusty)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: Confirmed

** Affects: mercurial (Ubuntu Xenial)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: Confirmed

** Affects: mercurial (Ubuntu Artful)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: Confirmed

** Also affects: mercurial (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: mercurial (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: mercurial (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: mercurial (Ubuntu)
   Importance: Undecided => High

** Changed in: mercurial (Ubuntu Trusty)
   Importance: Undecided => Critical

** Changed in: mercurial (Ubuntu Trusty)
   Importance: Critical => High

** Changed in: mercurial (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: mercurial (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: mercurial (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: mercurial (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: mercurial (Ubuntu Artful)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: mercurial (Ubuntu Trusty)
   Status: New => Won't Fix

** Changed in: mercurial (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: mercurial (Ubuntu Artful)
   Status: New => Confirmed

** Changed in: mercurial (Ubuntu Trusty)
   Status: Won't Fix => Confirmed

** Changed in: mercurial (Ubuntu)
   Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3068

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3069

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3105

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3630

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17458

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000132

** Summary changed:

- Multiple mercurial CVEs have been announced
+ Multiple Mercurial CVEs have been announced

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1759366

Title:
  Multiple Mercurial CVEs have been announced

Status in mercurial package in Ubuntu:
  Fix Released
Status in mercurial source package in Trusty:
  Confirmed
Status in mercurial source package in Xenial:
  Confirmed
Status in mercurial source package in Artful:
  Confirmed

Bug description:
  There are multiple CVEs in Mercurial that should be fixed through a
  security update. Here's the releases that I believe need patching and
  the releases which I believe are affected:

   * CVE-2016-3068: Mercurial before 3.7.3 allows remote attackers to execute 
arbitrary code
  via a crafted git ext:: URL when cloning a subrepos

[Group.of.nepali.translators] [Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

[Simon Quigley]

Marc Deslauriers pointed out to me over IRC that Trusty and Xenial are
also vulnerable to CVE-2018-7889.

So Trusty and Xenial need to receive patches for CVE-2016-10187 and
CVE-2018-7889 while Artful just needs the patch for CVE-2018-7889.

I think it makes sense to mark the separate bug I filed for
CVE-2018-7889 a duplicate of this one.

I'll update my PPA and test with this new information, and I'll report
back.

Thanks!

** Description changed:

- The E-book viewer in calibre before 2.75 allows remote attackers to read
- arbitrary files via a crafted epub file with JavaScript.
+ For CVE-2016-10187:
+ The E-book viewer in calibre before 2.75 allows remote attackers to read 
arbitrary files via a crafted epub file with JavaScript.
+ 
+ For CVE-2018-7889:
+ gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported 
bookmark data, which allows remote attackers to execute arbitrary code via a 
crafted .pickle file, as demonstrated by Python code that contains an os.system 
call.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7889

** Also affects: calibre (Ubuntu Artful)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

Status in calibre package in Ubuntu:
  Fix Released
Status in calibre source package in Trusty:
  In Progress
Status in calibre source package in Xenial:
  In Progress
Status in calibre source package in Artful:
  New

Bug description:
  For CVE-2016-10187:
  The E-book viewer in calibre before 2.75 allows remote attackers to read 
arbitrary files via a crafted epub file with JavaScript.

  For CVE-2018-7889:
  gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported 
bookmark data, which allows remote attackers to execute arbitrary code via a 
crafted .pickle file, as demonstrated by Python code that contains an os.system 
call.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1759069] [NEW] [CVE] Arbitrary command injection via DVI filename injection when printing to PDF

[Simon Quigley]

Public bug reported:

Command injection in Evince via filename when printing to PDF is
possible. This also affects Atril, which is a fork of Evince.

Here's the patch in Atril: https://github.com/mate-
desktop/atril/commit/4650fb05e46e144be986a11a666a47add39b3799

** Affects: atril (Ubuntu)
 Importance: Medium
 Status: Fix Released

** Affects: atril (Ubuntu Xenial)
 Importance: Medium
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: atril (Ubuntu Artful)
 Importance: Medium
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Also affects: atril (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: atril (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: atril (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: atril (Ubuntu Artful)
   Status: New => In Progress

** Changed in: atril (Ubuntu)
   Importance: Undecided => Medium

** Changed in: atril (Ubuntu)
   Status: New => Fix Released

** Changed in: atril (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: atril (Ubuntu Artful)
   Importance: Undecided => Medium

** Changed in: atril (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: atril (Ubuntu Artful)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000159

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1759069

Title:
  [CVE] Arbitrary command injection via DVI filename injection when
  printing to PDF

Status in atril package in Ubuntu:
  Fix Released
Status in atril source package in Xenial:
  In Progress
Status in atril source package in Artful:
  In Progress

Bug description:
  Command injection in Evince via filename when printing to PDF is
  possible. This also affects Atril, which is a fork of Evince.

  Here's the patch in Atril: https://github.com/mate-
  desktop/atril/commit/4650fb05e46e144be986a11a666a47add39b3799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1759069/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1758699] [NEW] [CVE] JavaScript in a book can access local files using XMLHttpRequest

[Simon Quigley]

Public bug reported:

The E-book viewer in calibre before 2.75 allows remote attackers to read
arbitrary files via a crafted epub file with JavaScript.

** Affects: calibre (Ubuntu)
 Importance: Medium
 Status: Fix Released

** Affects: calibre (Ubuntu Trusty)
 Importance: Medium
 Assignee: Simon Quigley (tsimonq2)
 Status: New

** Affects: calibre (Ubuntu Xenial)
 Importance: Medium
 Assignee: Simon Quigley (tsimonq2)
 Status: New

** Also affects: calibre (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: calibre (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: calibre (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: calibre (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: calibre (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: calibre (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: calibre (Ubuntu)
   Importance: Undecided => Medium

** Changed in: calibre (Ubuntu)
   Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10187

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

Status in calibre package in Ubuntu:
  Fix Released
Status in calibre source package in Trusty:
  New
Status in calibre source package in Xenial:
  New

Bug description:
  The E-book viewer in calibre before 2.75 allows remote attackers to
  read arbitrary files via a crafted epub file with JavaScript.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1698180] Re: [CVE] Send Later with Delay bypasses OpenPGP

[Simon Quigley]

** No longer affects: kdepim (Ubuntu Artful)

** No longer affects: kdepim (Ubuntu Zesty)

** Changed in: kdepim (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kdepim (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kdepim (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: kdepim (Ubuntu Xenial)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1698180

Title:
  [CVE] Send Later with Delay bypasses OpenPGP

Status in kdepim package in Ubuntu:
  Invalid
Status in kf5-messagelib package in Ubuntu:
  Fix Released
Status in kmail package in Ubuntu:
  Fix Released
Status in kdepim source package in Trusty:
  Confirmed
Status in kdepim source package in Xenial:
  Confirmed

Bug description:
  KDE Project Security Advisory
  =

  Title:  KMail: Send Later with Delay bypasses OpenPGP
  Risk Rating:Medium
  CVE:CVE-2017-9604
  Versions:   kmail, messagelib < 5.5.2
  Date:   15 June 2017

  
  Overview
  
  KMail’s Send Later with Delay function bypasses OpenPGP signing and
  encryption, causing the message to be sent unsigned and in plain-text.

  Solution
  
  Update to kmail, messagelib >= 5.5.2 (Released as part of KDE Applications 
17.04.2)

  Or apply the following patches:
   kmail: 
https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
  messagelib: 
https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197

  Credits
  ===
  Thanks to Daniel Aleksandersen for the report and to Laurent Montel for the 
fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1698180/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1735418] Re: [CVE] Command injection with cbt files

[Simon Quigley]

** No longer affects: atril (Ubuntu Zesty)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1735418

Title:
  [CVE] Command injection with cbt files

Status in atril package in Ubuntu:
  Fix Released
Status in atril source package in Xenial:
  Confirmed
Status in atril source package in Artful:
  Fix Released
Status in atril source package in Bionic:
  Fix Released

Bug description:
  backend/comics/comics-document.c (aka the comic book backend) in GNOME
  Evince before 3.24.1 allows remote attackers to execute arbitrary commands
  via a .cbt file that is a TAR archive containing a filename beginning with
  a "--" command-line option substring, as demonstrated by a
  --checkpoint-action=exec=bash at the beginning of the filename.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1688617] Re: menu-cached, 100% cpu increase

[Simon Quigley]

*** This bug is a duplicate of bug 1635438 ***
https://bugs.launchpad.net/bugs/1635438

** This bug has been marked a duplicate of bug 1635438
   menu-cached process is using 100% CPU

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1688617

Title:
  menu-cached, 100% cpu increase

Status in menu-cache package in Ubuntu:
  Fix Released
Status in menu-cache source package in Trusty:
  New
Status in menu-cache source package in Xenial:
  New
Status in menu-cache source package in Zesty:
  Fix Released
Status in menu-cache source package in Artful:
  Fix Released

Bug description:
  With lxde I have a maximum CPU increase

  
  100% CPU increase

  :top
  PID USER  PR  NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND
  2350 $user20   0  183044   3004   2792 R 88,4  0,2 164:59.66 menu-cached

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1688617/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] Re: [CVE] Arbitrary command execution in the removable device notifier

[Simon Quigley]

So it looks like Backports already has the fixes.

** Changed in: kubuntu-ppa/artful
   Status: New => Fix Released

** Changed in: kubuntu-ppa/xenial
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in Kubuntu PPA:
  Fix Released
Status in Kubuntu PPA artful series:
  Fix Released
Status in Kubuntu PPA xenial series:
  Fix Released
Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in plasma-workspace source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
  Risk Rating:High
  CVE:CVE-2018-6791
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  Overview
  
  When a vfat thumbdrive which contains `` or $() in its volume label is plugged
  and mounted trough the device notifier, it's interpreted as a shell command,
  leaving a possibility of arbitrary commands execution. an example of offending
  volume label is "$(touch b)" which will create a file called b in the
  home folder.

  Workaround
  ==
  Mount removable devices with Dolphin instead of the device notifier.

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8:
  
https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
  Plasma 5.9/5.10/5.11:
  
https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

  Credits
  ===
  Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1748247/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] Re: [CVE] Arbitrary command execution in the removable device notifier

[Simon Quigley]

These fixes should be looked into for Backports too.

** Also affects: kubuntu-ppa
   Importance: Undecided
   Status: New

** Also affects: kubuntu-ppa/artful
   Importance: Undecided
   Status: New

** Also affects: kubuntu-ppa/xenial
   Importance: Undecided
   Status: New

** Changed in: kubuntu-ppa/artful
   Importance: Undecided => High

** Changed in: kubuntu-ppa/xenial
   Importance: Undecided => High

** Changed in: kubuntu-ppa/artful
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kubuntu-ppa/xenial
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in Kubuntu PPA:
  New
Status in Kubuntu PPA artful series:
  New
Status in Kubuntu PPA xenial series:
  New
Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in plasma-workspace source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
  Risk Rating:High
  CVE:CVE-2018-6791
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  Overview
  
  When a vfat thumbdrive which contains `` or $() in its volume label is plugged
  and mounted trough the device notifier, it's interpreted as a shell command,
  leaving a possibility of arbitrary commands execution. an example of offending
  volume label is "$(touch b)" which will create a file called b in the
  home folder.

  Workaround
  ==
  Mount removable devices with Dolphin instead of the device notifier.

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8:
  
https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
  Plasma 5.9/5.10/5.11:
  
https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

  Credits
  ===
  Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1748247/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] Re: [CVE] Arbitrary command execution in the removable device notifier

[Simon Quigley]

There isn't even a plasma-workspace on Trusty...

** No longer affects: plasma-workspace (Ubuntu Trusty)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Xenial:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in plasma-workspace source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
  Risk Rating:High
  CVE:CVE-2018-6791
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  Overview
  
  When a vfat thumbdrive which contains `` or $() in its volume label is plugged
  and mounted trough the device notifier, it's interpreted as a shell command,
  leaving a possibility of arbitrary commands execution. an example of offending
  volume label is "$(touch b)" which will create a file called b in the
  home folder.

  Workaround
  ==
  Mount removable devices with Dolphin instead of the device notifier.

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8:
  
https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
  Plasma 5.9/5.10/5.11:
  
https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

  Credits
  ===
  Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1748247/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] Re: [CVE] Arbitrary command execution in the removable device notifier

[Simon Quigley]

Debian says kde-runtime isn't affected, and I can confirm.

** Changed in: kde-runtime (Ubuntu Trusty)
   Status: In Progress => Invalid

** Changed in: kde-runtime (Ubuntu Xenial)
   Status: In Progress => Invalid

** No longer affects: kde-runtime (Ubuntu)

** No longer affects: kde-runtime (Ubuntu Trusty)

** No longer affects: kde-runtime (Ubuntu Xenial)

** No longer affects: kde-runtime (Ubuntu Artful)

** No longer affects: kde-runtime (Ubuntu Bionic)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in plasma-workspace source package in Trusty:
  In Progress
Status in plasma-workspace source package in Xenial:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in plasma-workspace source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
  Risk Rating:High
  CVE:CVE-2018-6791
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  
  Overview
  
  When a vfat thumbdrive which contains `` or $() in its volume label is plugged
  and mounted trough the device notifier, it's interpreted as a shell command,
  leaving a possibility of arbitrary commands execution. an example of offending
  volume label is "$(touch b)" which will create a file called b in the
  home folder.

  Workaround
  ==
  Mount removable devices with Dolphin instead of the device notifier.

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8:
  
https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
  Plasma 5.9/5.10/5.11:
  
https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

  Credits
  ===
  Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

  Patches for this bug should also contain fixes for CVE-2018-6790:

  KDE Project Security Advisory
  =

  Title:  Plasma: Notifications can expose user IP address
  Risk Rating:Low
  CVE:CVE-2018-6790
  Versions:   Plasma < 5.12.0
  Date:   8 February 2018

  
  Overview
  
  Plasma has support for the Desktop Nofications specification. That 
specification allows
  embedding images in notifications. Plasma was not sanitizing the HTML that 
forms the notification.
  That allowed for notifications to load a remote image leaking the user IP 
address. This is in turn
  made a bit worse by the fact that some chat software doesn't sanitize the 
text they send to the
  notification system either meaning that a third party could send a carefully 
crafted message
  to a chat room and get the IP addresses of the users in that chat room.

  Workaround
  ==
  Disable notifications

  Solution
  
  Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

  Or apply the following patches:
  Plasma 5.8: 
https://cgit.kde.org/plasma-workspace.git/commit/?h=Plasma/5.8=5bc696b5abcdb460c1017592e80b2d7f6ed3107c

  Credits
  ===
  Thanks to David Edmundson for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1748247/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1608306] Re: Confusing for users with many websites

[Simon Quigley]

The slideshow is tracked in bug 1645564.

** No longer affects: ubiquity-slideshow-ubuntu (Ubuntu)

** No longer affects: ubiquity-slideshow-ubuntu (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1608306

Title:
  Confusing for users with many websites

Status in Lubuntu Artwork:
  In Progress
Status in Lubuntu Website:
  In Progress

Bug description:
  Hi! I have used Lubuntu for many years and thought the lubuntu.net
  webstte was the official site for lubuntu. I have subscribed to the
  RSS feed to get news, but lately, there have been very few. Recently,
  I discovered the lubuntu.me website. It seems more active and the blog
  is up to date on news. There is no indication on either that they are
  not official, but on the bottom of both, there seems to be information
  pointing towards both being owned by individuals, not by the Lubuntu
  project. This makes it hard to know which is the official site, if
  any. Would it not be less confusing for users to have one website and
  make the other address redirect to it?

To manage notifications about this bug go to:
https://bugs.launchpad.net/lubuntu-artwork/+bug/1608306/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1608306] Re: Confusing for users with many websites

[Simon Quigley]

** Changed in: ubiquity-slideshow-ubuntu (Ubuntu)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Changed in: ubiquity-slideshow-ubuntu (Ubuntu)
   Status: New => Fix Released

** Changed in: ubiquity-slideshow-ubuntu (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: ubiquity-slideshow-ubuntu (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: ubiquity-slideshow-ubuntu (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1608306

Title:
  Confusing for users with many websites

Status in Lubuntu Artwork:
  In Progress
Status in Lubuntu Website:
  In Progress
Status in ubiquity-slideshow-ubuntu package in Ubuntu:
  Fix Released
Status in ubiquity-slideshow-ubuntu source package in Xenial:
  In Progress

Bug description:
  Hi! I have used Lubuntu for many years and thought the lubuntu.net
  webstte was the official site for lubuntu. I have subscribed to the
  RSS feed to get news, but lately, there have been very few. Recently,
  I discovered the lubuntu.me website. It seems more active and the blog
  is up to date on news. There is no indication on either that they are
  not official, but on the bottom of both, there seems to be information
  pointing towards both being owned by individuals, not by the Lubuntu
  project. This makes it hard to know which is the official site, if
  any. Would it not be less confusing for users to have one website and
  make the other address redirect to it?

To manage notifications about this bug go to:
https://bugs.launchpad.net/lubuntu-artwork/+bug/1608306/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1748247] [NEW] [CVE] Arbitrary command execution in the removable device notifier

[Simon Quigley]

*** This bug is a security vulnerability ***

Public security bug reported:

KDE Project Security Advisory
=

Title:  Plasma Desktop: Arbitrary command execution in the removable 
device notifier
Risk Rating:High
CVE:CVE-2018-6791
Versions:   Plasma < 5.12.0
Date:   8 February 2018


Overview

When a vfat thumbdrive which contains `` or $() in its volume label is plugged
and mounted trough the device notifier, it's interpreted as a shell command,
leaving a possibility of arbitrary commands execution. an example of offending
volume label is "$(touch b)" which will create a file called b in the
home folder.

Workaround
==
Mount removable devices with Dolphin instead of the device notifier.

Solution

Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

Or apply the following patches:
Plasma 5.8:

https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212
Plasma 5.9/5.10/5.11:

https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57

Credits
===
Thanks to ksieluzyckih for the report and to Marco Martin for the fix.

Patches for this bug should also contain fixes for CVE-2018-6790:

KDE Project Security Advisory
=

Title:  Plasma: Notifications can expose user IP address
Risk Rating:Low
CVE:CVE-2018-6790
Versions:   Plasma < 5.12.0
Date:   8 February 2018


Overview

Plasma has support for the Desktop Nofications specification. That 
specification allows
embedding images in notifications. Plasma was not sanitizing the HTML that 
forms the notification.
That allowed for notifications to load a remote image leaking the user IP 
address. This is in turn
made a bit worse by the fact that some chat software doesn't sanitize the text 
they send to the
notification system either meaning that a third party could send a carefully 
crafted message
to a chat room and get the IP addresses of the users in that chat room.

Workaround
==
Disable notifications

Solution

Update to Plasma >= 5.12.0 or Plasma >= 5.8.9

Or apply the following patches:
Plasma 5.8: 
https://cgit.kde.org/plasma-workspace.git/commit/?h=Plasma/5.8=5bc696b5abcdb460c1017592e80b2d7f6ed3107c

Credits
===
Thanks to David Edmundson for the fix.

** Affects: kde-runtime (Ubuntu)
 Importance: High
 Assignee: Rik Mills (rikmills)
 Status: New

** Affects: plasma-workspace (Ubuntu)
 Importance: High
 Assignee: Rik Mills (rikmills)
 Status: Fix Released

** Affects: kde-runtime (Ubuntu Trusty)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: plasma-workspace (Ubuntu Trusty)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: kde-runtime (Ubuntu Xenial)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: plasma-workspace (Ubuntu Xenial)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: kde-runtime (Ubuntu Artful)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: plasma-workspace (Ubuntu Artful)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: kde-runtime (Ubuntu Bionic)
 Importance: High
 Assignee: Rik Mills (rikmills)
 Status: New

** Affects: plasma-workspace (Ubuntu Bionic)
 Importance: High
 Assignee: Rik Mills (rikmills)
 Status: Fix Released

** Also affects: plasma-workspace (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: plasma-workspace (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: plasma-workspace (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: plasma-workspace (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: kde-runtime (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1748247

Title:
  [CVE] Arbitrary command execution in the removable device notifier

Status in kde-runtime package in Ubuntu:
  New
Status in plasma-workspace package in Ubuntu:
  Fix Released
Status in kde-runtime source package in Trusty:
  In Progress
Status in plasma-workspace source package in Trusty:
  In Progress
Status in kde-runtime source package in Xenial:
  In Progress
Status in plasma-workspace source package in Xenial:
  In Progress
Status in kde-runtime source package in Artful:
  In Progress
Status in plasma-workspace source package in Artful:
  In Progress
Status in kde-runtime source package in Bionic:
  Ne

[Group.of.nepali.translators] [Bug 1635438] Re: menu-cached process is using 100% CPU

[Simon Quigley]

** No longer affects: menu-cache (Ubuntu Zesty)

** No longer affects: menu-cache (Ubuntu Trusty)

** Description changed:

- For 17.10, please treat this as a 0-day SRU bug report.
- 
  [Impact]
  
  Without this bugfix, users who resume from suspend will be greeted with
  a heavy CPU load when they resume. This is especially bad for older
  computers who may not be able to hand a large CPU load, and menu-cache
  is included by default in Lubuntu, where this is especially important.
  
  [Test Case]
  
  1. Suspend your computer with the menu-cache process running.
  2. Resume from suspend.
  3. Try to press Alt + F2 or use any other program which calls menu-cached.
  
  It should work as normal, but it uses up a lot of CPU power.
  
  [Regression Potential]
  
  This bugfix cherry picks an upstream commit that hasn't been tagged yet.
  As such, there might be additional improvements before it is released.
  
  Also, this modifies how processes are handled; specifically, it
  terminates any processes which return a socket error. This could
  eventually bitrot and result in processes returning valid values but it
  really shows as an error.
  
  While all of those are theoretical, it is definitely a possibility.
  Other than those two considerations, the regression risk is low.
  
  [Original Description]
  
  Hey all,
  
  I don't know you guys are looking for the issues opened on Github
  (https://github.com/lxde/menu-cache/issues/) - currently there are 5
  reported there, but I'd like to report specifically for the menu-cached
  process using 100% of CPU (we also have an issue opened on Github for
  this with lots of comments: https://github.com/lxde/menu-
  cache/issues/7).
  
  I'm using a brand new installation of Lubuntu 16.10 in my laptop.
  
  I noticed the machine temperature was too hot (96 degrees!!!) so I took
  a look on top and the menu-cached was the guilty. I killed it and
  everything was as usual again.
  
  I just don't know if it was because I returned from the suspended mode
  or if it's because I tried to run a custom command with "Open With". I
  did both in sequence/same session.
  
  $ dpkg -l |grep -iP "menu.*?cache"
  ii  libmenu-cache-bin   1.0.1-1build1 
  amd64
  ii  libmenu-cache3:amd641.0.1-1build1 
  amd64
  
  Thanks

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1635438

Title:
  menu-cached process is using 100% CPU

Status in menu-cache package in Ubuntu:
  Fix Released
Status in menu-cache source package in Xenial:
  Confirmed
Status in menu-cache source package in Artful:
  Fix Released
Status in menu-cache source package in Bionic:
  Fix Released

Bug description:
  [Impact]

  Without this bugfix, users who resume from suspend will be greeted
  with a heavy CPU load when they resume. This is especially bad for
  older computers who may not be able to hand a large CPU load, and
  menu-cache is included by default in Lubuntu, where this is especially
  important.

  [Test Case]

  1. Suspend your computer with the menu-cache process running.
  2. Resume from suspend.
  3. Try to press Alt + F2 or use any other program which calls menu-cached.

  It should work as normal, but it uses up a lot of CPU power.

  [Regression Potential]

  This bugfix cherry picks an upstream commit that hasn't been tagged
  yet. As such, there might be additional improvements before it is
  released.

  Also, this modifies how processes are handled; specifically, it
  terminates any processes which return a socket error. This could
  eventually bitrot and result in processes returning valid values but
  it really shows as an error.

  While all of those are theoretical, it is definitely a possibility.
  Other than those two considerations, the regression risk is low.

  [Original Description]

  Hey all,

  I don't know you guys are looking for the issues opened on Github
  (https://github.com/lxde/menu-cache/issues/) - currently there are 5
  reported there, but I'd like to report specifically for the menu-
  cached process using 100% of CPU (we also have an issue opened on
  Github for this with lots of comments: https://github.com/lxde/menu-
  cache/issues/7).

  I'm using a brand new installation of Lubuntu 16.10 in my laptop.

  I noticed the machine temperature was too hot (96 degrees!!!) so I
  took a look on top and the menu-cached was the guilty. I killed it and
  everything was as usual again.

  I just don't know if it was because I returned from the suspended mode
  or if it's because I tried to run a custom command with "Open With". I
  did both in sequence/same session.

  $ dpkg -l |grep -iP "menu.*?cache"
  ii  libmenu-cache-bin   1.0.1-1build1 
  amd64
  ii  

[Group.of.nepali.translators] [Bug 1336521] Re: Application Startup Notify fully ignored

[Simon Quigley]

** No longer affects: pcmanfm (Ubuntu)

** No longer affects: pcmanfm (Ubuntu Trusty)

** No longer affects: pcmanfm (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1336521

Title:
  Application Startup Notify fully ignored

Status in openbox package in Ubuntu:
  Fix Released
Status in openbox source package in Trusty:
  Confirmed
Status in openbox source package in Xenial:
  Confirmed
Status in openbox package in Debian:
  Fix Released

Bug description:
  [Impact]

  Without this change, Lubuntu users with slow systems have no
  indication that a program has been started once the executable has
  been launched, so they might end up trying to go through diagnostics
  of some sort when in reality the program is just taking a while.

  [Test Case]

   1. Start a program on a slow system, or just make sure the program is large.
   2. There should be an indication on the cursor that the program is starting 
up.

  [Regression Potential]

  The regression potential is fairly low because this dependency has
  been included in Debian and Ubuntu for over a year now. Where a
  regression could occur is if an update to libxcursor-dev is issued
  that is incompatible with openbox in a breaking way, and this is very
  unlikely in a stable release.

  [Original Description]

  Application Startup Notify option doesn't work  and is apparently ignored: 
after starting any application there is no loading cursor or visual advice to 
tell if the application is really starting. Adding StartupNotify=true to the 
.desktop entry is useless, the parameter is just ignored.
  This is very annoying when you use a touchpad because there is no feedback at 
all.

  NOTES: libstartup-notification0 and notification-daemon are installed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openbox/+bug/1336521/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1635438] Re: menu-cached process is using 100% CPU

[Simon Quigley]

Zesty is EOL, but I'll look into seeing if this is a Xenial problem as
well ASAP.

Thanks.

** Changed in: menu-cache (Ubuntu Zesty)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1635438

Title:
  menu-cached process is using 100% CPU

Status in menu-cache package in Ubuntu:
  Fix Released
Status in menu-cache source package in Trusty:
  New
Status in menu-cache source package in Xenial:
  Confirmed
Status in menu-cache source package in Zesty:
  Won't Fix
Status in menu-cache source package in Artful:
  Fix Released
Status in menu-cache source package in Bionic:
  Fix Released

Bug description:
  For 17.10, please treat this as a 0-day SRU bug report.

  [Impact]

  Without this bugfix, users who resume from suspend will be greeted
  with a heavy CPU load when they resume. This is especially bad for
  older computers who may not be able to hand a large CPU load, and
  menu-cache is included by default in Lubuntu, where this is especially
  important.

  [Test Case]

  1. Suspend your computer with the menu-cache process running.
  2. Resume from suspend.
  3. Try to press Alt + F2 or use any other program which calls menu-cached.

  It should work as normal, but it uses up a lot of CPU power.

  [Regression Potential]

  This bugfix cherry picks an upstream commit that hasn't been tagged
  yet. As such, there might be additional improvements before it is
  released.

  Also, this modifies how processes are handled; specifically, it
  terminates any processes which return a socket error. This could
  eventually bitrot and result in processes returning valid values but
  it really shows as an error.

  While all of those are theoretical, it is definitely a possibility.
  Other than those two considerations, the regression risk is low.

  [Original Description]

  Hey all,

  I don't know you guys are looking for the issues opened on Github
  (https://github.com/lxde/menu-cache/issues/) - currently there are 5
  reported there, but I'd like to report specifically for the menu-
  cached process using 100% of CPU (we also have an issue opened on
  Github for this with lots of comments: https://github.com/lxde/menu-
  cache/issues/7).

  I'm using a brand new installation of Lubuntu 16.10 in my laptop.

  I noticed the machine temperature was too hot (96 degrees!!!) so I
  took a look on top and the menu-cached was the guilty. I killed it and
  everything was as usual again.

  I just don't know if it was because I returned from the suspended mode
  or if it's because I tried to run a custom command with "Open With". I
  did both in sequence/same session.

  $ dpkg -l |grep -iP "menu.*?cache"
  ii  libmenu-cache-bin   1.0.1-1build1 
  amd64
  ii  libmenu-cache3:amd641.0.1-1build1 
  amd64

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1635438/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1336521] Re: Application Startup Notify fully ignored

[Simon Quigley]

I'll get to this ASAP, but it doesn't look like a pcmanfm problem.

Thanks.

** Also affects: openbox (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: pcmanfm (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: openbox (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: pcmanfm (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: openbox (Ubuntu Trusty)
   Status: New => Fix Released

** Changed in: openbox (Ubuntu Xenial)
   Status: New => Fix Released

** Changed in: openbox (Ubuntu Trusty)
   Status: Fix Released => Confirmed

** Changed in: openbox (Ubuntu Xenial)
   Status: Fix Released => Confirmed

** Changed in: pcmanfm (Ubuntu)
   Status: Confirmed => Incomplete

** Changed in: pcmanfm (Ubuntu Trusty)
   Status: New => Incomplete

** Changed in: pcmanfm (Ubuntu Xenial)
   Status: New => Incomplete

** Changed in: openbox (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: openbox (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1336521

Title:
  Application Startup Notify fully ignored

Status in openbox package in Ubuntu:
  Fix Released
Status in pcmanfm package in Ubuntu:
  Incomplete
Status in openbox source package in Trusty:
  Confirmed
Status in pcmanfm source package in Trusty:
  Incomplete
Status in openbox source package in Xenial:
  Confirmed
Status in pcmanfm source package in Xenial:
  Incomplete
Status in openbox package in Debian:
  Fix Released

Bug description:
  RELEASE: Ubuntu (Lubuntu) 13.10
  VERSION: pcmanfm 1.1.2-0ubuntu1

  Application Startup Notify option doesn't work  and is apparently ignored: 
after starting any application there is no loading cursor or visual advice to 
tell if the application is really starting. Adding StartupNotify=true to the 
.desktop entry is useless, the parameter is just ignored.
  This is very annoying when you use a touchpad because there is no feedback at 
all.

  NOTES: libstartup-notification0 and notification-daemon are installed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openbox/+bug/1336521/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1735418] Re: [CVE] Command injection with cbt files

[Simon Quigley]

Zesty is EOL.

** Changed in: atril (Ubuntu Zesty)
   Status: Confirmed => Won't Fix

** Changed in: atril (Ubuntu Zesty)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1735418

Title:
  [CVE] Command injection with cbt files

Status in atril package in Ubuntu:
  Fix Released
Status in atril source package in Xenial:
  Confirmed
Status in atril source package in Zesty:
  Won't Fix
Status in atril source package in Artful:
  Fix Released
Status in atril source package in Bionic:
  Fix Released

Bug description:
  backend/comics/comics-document.c (aka the comic book backend) in GNOME
  Evince before 3.24.1 allows remote attackers to execute arbitrary commands
  via a .cbt file that is a TAR archive containing a filename beginning with
  a "--" command-line option substring, as demonstrated by a
  --checkpoint-action=exec=bash at the beginning of the filename.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1537334] Re: Launcher Overlaps the lxpanel after RTL Language Change

[Simon Quigley]

** Also affects: lxpanel (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxpanel (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: lxpanel (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: lxpanel (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1537334

Title:
  Launcher Overlaps the lxpanel after RTL Language Change

Status in LXDE:
  New
Status in lxpanel package in Ubuntu:
  Fix Released
Status in lxpanel source package in Xenial:
  Confirmed

Bug description:
  STEPS TO REPRODUCE
  --
   1. Open Language Support (/usr/bin/gnome-language-selector)
   2. When asked to install additional language support, do it
   3. Install some RTL language (e.g. Arabic)
   4. Move Arabic ( العربية) to the top of the list
   5. Close the dialog
   6. Log out and log back in

  EXPECTED RESULTS
  
  The language becomes the default system language without any other effects.

  ACTUAL RESULTS
  --
  The application launch bar partially overlaps the menu icon in lxpanel.

  NOTES
  --

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: lxpanel 0.8.1-1ubuntu2
  ProcVersionSignature: Ubuntu 4.3.0-7.18-generic 4.3.3
  Uname: Linux 4.3.0-7-generic x86_64
  ApportVersion: 2.19.3-0ubuntu3
  Architecture: amd64
  Config_Home_Lubuntu:
   [Command]
   Logout=lxsession-default quit
  CurrentDesktop: LXDE
  Date: Sat Jan 23 10:30:15 2016
  InstallationDate: Installed on 2016-01-08 (14 days ago)
  InstallationMedia: Lubuntu 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160102)
  SourcePackage: lxpanel
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxde/+bug/1537334/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1731797] Re: [CVE] Crash in IRC message parsing

[Simon Quigley]

Whoops, this was fixed in the PPA a while ago. Marking as such.

** Changed in: kubuntu-ppa
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1731797

Title:
  [CVE] Crash in IRC message parsing

Status in Kubuntu PPA:
  Fix Released
Status in konversation package in Ubuntu:
  Fix Released
Status in konversation source package in Trusty:
  Fix Released
Status in konversation source package in Xenial:
  Fix Released
Status in konversation source package in Zesty:
  Fix Released
Status in konversation source package in Artful:
  Fix Released
Status in konversation source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  Konversation: Crash in IRC message parsing
  Risk Rating:High
  CVE:CVE-2017-15923
  Versions:   konversation <= 1.7.2
  Date:   12 November 2017

  
  Overview
  
  Konversation has support for colors in IRC messages. Any malicious user 
connected to the
  same IRC network can send a carefully crafted message that will crash the 
Konversation user client.

  
  Workaround
  ==
  Go to Interface → Colors in the Configure Konversation dialog and uncheck 
Allow Colored Text in IRC Messages (near the bottom)

  Solution
  
  Update to Konversation > 1.7.2

  Or apply the following patches:
  1.7: 
https://cgit.kde.org/konversation.git/commit/?h=1.7=34cc9556c1a089fac6b674d3bd6f2248e9512902
  1.6: 
https://cgit.kde.org/konversation.git/commit/?h=1.6=cebf8d7658b0e3afb0292c273704ec4d2ea4019f
  1.5: 
https://cgit.kde.org/konversation.git/commit/?h=1.5=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
  1.4: the patch for 1.5 will apply, but you should upgrade

  Credits
  ===
  Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1731797/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1685598] Re: Clicking 'Sound Settings' in Lubuntu is a no-op

[Simon Quigley]

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
   Status: In Progress => Invalid

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
   Importance: Critical => Undecided

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Also affects: lubuntu-meta (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: indicator-sound-gtk2 (Ubuntu Xenial)

** No longer affects: indicator-sound-gtk2 (Ubuntu)

** Changed in: lubuntu-meta (Ubuntu)
   Status: New => Triaged

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: lubuntu-meta (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: lubuntu-meta (Ubuntu Xenial)
Milestone: None => xenial-updates

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1685598

Title:
  Clicking 'Sound Settings' in Lubuntu is a no-op

Status in lubuntu-meta package in Ubuntu:
  Triaged
Status in lubuntu-meta source package in Xenial:
  In Progress

Bug description:
  Nothing happens when clicking 'Sound Settings...' in the indicator
  applet on a fresh install of Lubuntu 17.04.

  This is probably because of the following code in src/sound-service-
  dbus.c:

  static void
  show_sound_settings_dialog (DbusmenuMenuitem *mi,
  gpointer user_data)
  {
GError * error = NULL;
if (!g_spawn_command_line_async("gnome-volume-control --page=applications", 
) &&
!g_spawn_command_line_async("gnome-control-center sound", ) && 
!g_spawn_command_line_async("xfce4-mixer", ))
{
  g_warning("Unable to show dialog: %s", error->message);
  g_error_free(error);
}
  }

  and the fact that none of the above is installed (or available) by
  default.

  I 'fixed' the issue by creating a symbolic link xfce4-mixer ->
  pavucontrol. Maybe pavucontrol should be tried in the above code as
  well since that seems to be the default in Lubuntu?

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: indicator-sound-gtk2 12.10.0.1-0ubuntu5
  ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8
  Uname: Linux 4.10.0-19-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Sun Apr 23 11:20:46 2017
  InstallationDate: Installed on 2017-04-14 (9 days ago)
  InstallationMedia: Lubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
  SourcePackage: indicator-sound-gtk2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lubuntu-meta/+bug/1685598/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1685598] Re: Clicking 'Sound Settings' in Lubuntu is a no-op

[Simon Quigley]

You're right.

** Also affects: indicator-sound-gtk2 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Tags added: regression-update

** Tags removed: zesty
** Tags added: xenial

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1685598

Title:
  Clicking 'Sound Settings' in Lubuntu is a no-op

Status in indicator-sound-gtk2 package in Ubuntu:
  Confirmed
Status in indicator-sound-gtk2 source package in Xenial:
  In Progress

Bug description:
  Nothing happens when clicking 'Sound Settings...' in the indicator
  applet on a fresh install of Lubuntu 17.04.

  This is probably because of the following code in src/sound-service-
  dbus.c:

  static void
  show_sound_settings_dialog (DbusmenuMenuitem *mi,
  gpointer user_data)
  {
GError * error = NULL;
if (!g_spawn_command_line_async("gnome-volume-control --page=applications", 
) &&
!g_spawn_command_line_async("gnome-control-center sound", ) && 
!g_spawn_command_line_async("xfce4-mixer", ))
{
  g_warning("Unable to show dialog: %s", error->message);
  g_error_free(error);
}
  }

  and the fact that none of the above is installed (or available) by
  default.

  I 'fixed' the issue by creating a symbolic link xfce4-mixer ->
  pavucontrol. Maybe pavucontrol should be tried in the above code as
  well since that seems to be the default in Lubuntu?

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: indicator-sound-gtk2 12.10.0.1-0ubuntu5
  ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8
  Uname: Linux 4.10.0-19-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Sun Apr 23 11:20:46 2017
  InstallationDate: Installed on 2017-04-14 (9 days ago)
  InstallationMedia: Lubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
  SourcePackage: indicator-sound-gtk2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/indicator-sound-gtk2/+bug/1685598/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1714399] Re: shutdown options window does not have focus

[Simon Quigley]

** Changed in: mate-session-manager (Ubuntu Bionic)
   Status: In Progress => Fix Released

** Changed in: mate-session-manager (Ubuntu Bionic)
 Assignee: Vlad Orlov (monsta) => (unassigned)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1714399

Title:
  shutdown options window does not have focus

Status in ubuntu-mate:
  Invalid
Status in mate-session-manager package in Ubuntu:
  Fix Released
Status in mate-session-manager source package in Xenial:
  In Progress
Status in mate-session-manager source package in Zesty:
  In Progress
Status in mate-session-manager source package in Artful:
  In Progress
Status in mate-session-manager source package in Bionic:
  Fix Released

Bug description:
  [Impact]

  In MATE session, logout and shutdown dialogs sometimes don't get the
  focus, and it's impossible to switch to them with Alt-Tab due to their
  design. One has to use the mouse to switch there. Using Ctrl-Alt-Tab
  can help as well, but I found out it doesn't work reliably in
  VirtualBox.

  The fix for this issue is provided in the debdiffs attached to the
  report.

  Would be nice to have the fix backported to all current Ubuntu
  releases (Xenial, Zesty and Artful). The bug is very annoying for
  users who rely on keyboard shortcuts to navigate the desktop. It also
  can be considered a11y issue.

  [Test Case]

  There are several ways to reproduce this issue. For me the most
  reliable one is to use keyboard shortcut to call the shutdown dialog:

  - press Ctrl-Alt-Del, the shutdown dialog appears, and it's usually focused
  - press Esc to dismiss the dialog
  - press Ctrl-Alt-Del again, now the shutdown dialog will appear unfocused

  Now you need to use the mouse or Ctrl-Alt-Tab to interact with the
  dialog.

  [Regression Potential]

  The fix just ensures that logout/shutdown dialogs will be always
  focused when they appear on the screen. It means the dialog's behavior
  is restored to what users expect. Nothing else is affected, so no
  chance for regressions.

  [Original Description]

  Whether called by the power button (if configured as "Ask user") or by
  clicking Quit in the menu, the shutdown options window does not have
  the focus. It also does not appear in the windows when using alt-tab,
  making it virtually impossible to shutdown without using the
  mouse/touchpad.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-mate/+bug/1714399/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1540018] Re: atril-thumbnailer crashed with SIGSEGV in ev_document_misc_surface_rotate_and_scale()

[Simon Quigley]

Yakkety is EOL, marking as Invalid.

** Description changed:

+ [Impact]
+ 
+ Buggy epub handling code makes atril-thumbnailer crash on the first epub
+ document it encounters.
+ 
+ Until we write the proper thumbnailing code for epubs, the quick fix is
+ just to disable thumbnail generation for this type of documents. That
+ fix is provided in the debdiff attached to the report.
+ 
+ The bug is old, and it still haunts Xenial users when they just use the
+ file manager and enter some directory which contains at least one epub
+ document. So would be nice to have the fix backported to Xenial.
+ 
+ [Test Case]
+ 
+ Steps to reproduce:
+ 
+ - have some epub document
+ - open file manager (Caja or some other one) and enter
+   the directory where the epub document is
+ - if apport is enabled, it will show the message about
+   atril-thumbnailer crash (which is annoying)
+ - dmesg output will have a message about the crash too
+ 
+ If you need to reproduce it once more, first remove all the files from
+ ~/.cache/thumbnails/fail directory.
+ 
+ In case you need some epubs for testing, you can find them at:
+ https://github.com/IDPF/epub3-samples/releases
+ 
+ [Regression Potential]
+ 
+ None. This quick fix just makes sure that crashy code won't run at all.
+ Other types of documents (like pdfs) aren't affected.
+ 
+ [Original Description]
+ 
  On a xenial desktop with both mate and LXQt open LXQt I mounted another
  partition and tried to open an mp3 podcast and then apport came up
  saying atril thumbnailer had crashed when I had pcmanfm-qt open in LXQt.
  I did mount a home parition with a lot of different files in it pdf ogg
  and several other things.
  
  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: atril 1.12.2-1
  ProcVersionSignature: Ubuntu 4.3.0-7.18-generic 4.3.3
  Uname: Linux 4.3.0-7-generic x86_64
  ApportVersion: 2.19.4-0ubuntu1
  Architecture: amd64
  CurrentDesktop: LXQt
  Date: Sat Jan 30 16:35:38 2016
  ExecutablePath: /usr/bin/atril-thumbnailer
  InstallationDate: Installed on 2015-11-28 (64 days ago)
  InstallationMedia: Ubuntu-MATE 16.04 LTS "Xenial Xerus" - Alpha amd64 
(20151127)
  ProcCmdline: atril-thumbnailer -s 128 
file:///media/username/9c6bffca-6fb6-4ac9-82ce-02fb9ff1e8e1/brendanperrine/Downloads/producingoss.epub
 /home/username/.thumbnails/normal/6e702ce8bebd1e4696b3f56bbbf83119.png
  SegvAnalysis:
-  Segfault happened at: 0x7f6fffbb8b2c : 
mov(%rax),%eax
-  PC (0x7f6fffbb8b2c) ok
-  source "(%rax)" (0x2f2f2f3a656c6966) not located in a known VMA region 
(needed readable region)!
-  destination "%eax" ok
+  Segfault happened at: 0x7f6fffbb8b2c : 
mov(%rax),%eax
+  PC (0x7f6fffbb8b2c) ok
+  source "(%rax)" (0x2f2f2f3a656c6966) not located in a known VMA region 
(needed readable region)!
+  destination "%eax" ok
  SegvReason: reading unknown VMA
  Signal: 11
  SourcePackage: atril
  StacktraceTop:
-  cairo_image_surface_get_width () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
-  ev_document_misc_surface_rotate_and_scale () from 
/usr/lib/x86_64-linux-gnu/libatrildocument.so.3
-  ?? () from /usr/lib/x86_64-linux-gnu/atril/3/backends/libepubdocument.so
-  ?? ()
-  ?? ()
+  cairo_image_surface_get_width () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
+  ev_document_misc_surface_rotate_and_scale () from 
/usr/lib/x86_64-linux-gnu/libatrildocument.so.3
+  ?? () from /usr/lib/x86_64-linux-gnu/atril/3/backends/libepubdocument.so
+  ?? ()
+  ?? ()
  Title: atril-thumbnailer crashed with SIGSEGV in 
cairo_image_surface_get_width()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirtd lpadmin plugdev sambashare sudo

** Changed in: atril (Ubuntu Xenial)
 Assignee: (unassigned) => Vlad Orlov (monsta)

** Changed in: atril (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: atril (Ubuntu Xenial)
   Status: Confirmed => In Progress

** Changed in: atril (Ubuntu Yakkety)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1540018

Title:
  atril-thumbnailer crashed with SIGSEGV in
  ev_document_misc_surface_rotate_and_scale()

Status in atril package in Ubuntu:
  Fix Released
Status in atril source package in Xenial:
  In Progress
Status in atril source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]

  Buggy epub handling code makes atril-thumbnailer crash on the first
  epub document it encounters.

  Until we write the proper thumbnailing code for epubs, the quick fix
  is just to disable thumbnail generation for this type of documents.
  That fix is provided in the debdiff attached to the report.

  The bug is old, and it still haunts Xenial users when they just use
  the file manager and enter some directory which contains 

[Group.of.nepali.translators] [Bug 1635438] Re: menu-cached process is using 100% CPU

[Simon Quigley]

Actually, this bug wasn't completely fixed. See the upstream issue for
more details, but I'm converting this into a 0 day SRU bug for Artful,
and once it's there, an SRU bug for all other supported releases of
Lubuntu.

** Also affects: menu-cache (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: menu-cache (Ubuntu Bb-series)
   Importance: Undecided
   Status: New

** Also affects: menu-cache (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: menu-cache (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: menu-cache (Ubuntu Artful)
   Importance: Undecided
   Status: Fix Released

** Changed in: menu-cache (Ubuntu Artful)
   Status: Fix Released => Confirmed

** Changed in: menu-cache (Ubuntu Zesty)
   Status: New => Confirmed

** Changed in: menu-cache (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: menu-cache (Ubuntu Bb-series)
   Status: New => Confirmed

** Changed in: menu-cache (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Bb-series)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Bb-series)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: menu-cache (Ubuntu Artful)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: menu-cache (Ubuntu Bb-series)
Milestone: None => ubuntu-17.11

** Changed in: menu-cache (Ubuntu Artful)
Milestone: None => artful-updates

** Changed in: menu-cache (Ubuntu Zesty)
Milestone: None => zesty-updates

** Changed in: menu-cache (Ubuntu Xenial)
Milestone: None => xenial-updates

** Changed in: menu-cache (Ubuntu Trusty)
Milestone: None => trusty-updates

** Changed in: menu-cache (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: menu-cache (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1635438

Title:
  menu-cached process is using 100% CPU

Status in menu-cache package in Ubuntu:
  Confirmed
Status in menu-cache source package in Trusty:
  New
Status in menu-cache source package in Xenial:
  Confirmed
Status in menu-cache source package in Zesty:
  Confirmed
Status in menu-cache source package in Artful:
  Confirmed
Status in menu-cache source package in bb-series:
  Confirmed

Bug description:
  Hey all,

  I don't know you guys are looking for the issues opened on Github
  (https://github.com/lxde/menu-cache/issues/) - currently there are 5
  reported there, but I'd like to report specifically for the menu-
  cached process using 100% of CPU (we also have an issue opened on
  Github for this with lots of comments: https://github.com/lxde/menu-
  cache/issues/7).

  I'm using a brand new installation of Lubuntu 16.10 in my laptop.

  I noticed the machine temperature was too hot (96 degrees!!!) so I
  took a look on top and the menu-cached was the guilty. I killed it and
  everything was as usual again.

  I just don't know if it was because I returned from the suspended mode
  or if it's because I tried to run a custom command with "Open With". I
  did both in sequence/same session.

  $ dpkg -l |grep -iP "menu.*?cache"
  ii  libmenu-cache-bin   1.0.1-1build1 
  amd64
  ii  libmenu-cache3:amd641.0.1-1build1 
  amd64   

  
  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1635438/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1574278] Re: AbiWord text cursor starts to flicker after adding some text

[Simon Quigley]

** No longer affects: lubuntu-artwork (Ubuntu)

** No longer affects: gtk+3.0 (Ubuntu)

** No longer affects: gtk+3.0 (Ubuntu Xenial)

** No longer affects: lubuntu-artwork (Ubuntu Xenial)

** Also affects: abiword (Ubuntu Artful)
   Importance: High
   Status: Confirmed

** Also affects: abiword (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: abiword (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: abiword (Ubuntu Artful)
   Status: Confirmed => In Progress

** Changed in: abiword (Ubuntu Zesty)
   Status: New => Confirmed

** Changed in: abiword (Ubuntu Xenial)
   Status: In Progress => Confirmed

** Changed in: abiword (Ubuntu Artful)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: abiword (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1574278

Title:
  AbiWord text cursor starts to flicker after adding some text

Status in AbiWord:
  In Progress
Status in abiword package in Ubuntu:
  Fix Committed
Status in abiword source package in Xenial:
  Confirmed
Status in abiword source package in Zesty:
  Confirmed
Status in abiword source package in Artful:
  Fix Committed

Bug description:
  After adding some text in a new document, the entire document
  (including gray page background, text, text cursor) starts to flicker
  very fast. The UI above does not flicker. This happens too on a
  different system in VirtualBox. (Lubuntu 16.04 i386)

  Workaround for Ubuntu 16.04 LTS
  ===
  1. Open the Lubuntu menu.
  2. Open Preferences>Customize Look and Feel
  3. Change the theme to something other than Lubuntu-default or 
Lubuntu-dark-panel

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: abiword 3.0.1-6
  ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
  Uname: Linux 4.4.0-21-generic i686
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: i386
  CurrentDesktop: LXDE
  Date: Sun Apr 24 16:12:14 2016
  ExecutablePath: /usr/bin/abiword
  InstallationDate: Installed on 2016-04-22 (2 days ago)
  InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release i386 (20151021)
  ProcEnviron:
   LANGUAGE=de_DE
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: abiword
  UpgradeStatus: Upgraded to xenial on 2016-04-22 (2 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/abiword/+bug/1574278/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1718571] Re: [CVE] XSS security flaw due to add_query_arg

[Simon Quigley]

** Changed in: wordpress-shibboleth (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718571

Title:
  [CVE] XSS security flaw due to add_query_arg

Status in wordpress-shibboleth package in Ubuntu:
  Fix Released
Status in wordpress-shibboleth source package in Trusty:
  In Progress
Status in wordpress-shibboleth source package in Xenial:
  In Progress
Status in wordpress-shibboleth source package in Zesty:
  In Progress
Status in wordpress-shibboleth source package in Artful:
  Fix Released

Bug description:
  The shibboleth_login_form function in shibboleth.php in the Shibboleth
  plugin before 1.8 for WordPress is prone to an XSS vulnerability due
  to improper use of add_query_arg().

  This has been fixed upstream here:
  
https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wordpress-shibboleth/+bug/1718571/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1719740] Re: [DSA 3984-1] Git cvsserver OS Command Injection

[Simon Quigley]

** Bug watch added: Debian Bug tracker #876854
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876854

** Also affects: git (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876854
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1719740

Title:
  [DSA 3984-1] Git cvsserver OS Command Injection

Status in git package in Ubuntu:
  In Progress
Status in git source package in Trusty:
  In Progress
Status in git source package in Xenial:
  In Progress
Status in git source package in Zesty:
  In Progress
Status in git source package in Artful:
  In Progress
Status in git package in Debian:
  Unknown

Bug description:
  From oss-security[1]:

  [ Authors ]
  joernchen   

  Phenoelit Group (http://www.phenoelit.de)

  [ Affected Products ]
  Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 (git-cvsserver)
  https://git-scm.com

  [ Vendor communication ]
  2017-09-08 Sent vulnerability details to the git-security list
  2017-09-09 Acknowledgement of the issue, git maintainers ask if
     a patch could be provided
  2017-09-10 Patch is provided
  2017-09-11 Further backtick operations are patched by the git
     maintainers, corrections on the provided patch
  2017-09-11 Revised patch is sent out
  2017-09-11 Jeff King proposes to drop `git-cvsserver`'s default
     invocation from `git-shell`
  2017-09-22 Draft release for git 2.14.2 is created including the
     fixes
  2017-09-26 Release of this advisory, release of fixed git versions

  [ Description ]
   The `git` subcommand `cvsserver` is a Perl script which makes excessive
   use of the backtick operator to invoke `git`. Unfortunately user input
  is used within some of those invocations.

   It should be noted, that `git-cvsserver` will be invoked by `git-shell`
  by default without further configuration.

  [ Example ]
   Below a example of a OS Command Injection within `git-cvsserver`
  triggered via `git-shell`:

  =8<=
  [git@...t ~]$ cat .ssh/authorized_keys
  command="git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa B3NzaC 

  [joernchen@...t ~]$ ssh git@...alhost cvs server
  Root /tmp
  E /tmp/ does not seem to be a valid GIT repository
  E
  error 1 /tmp/ is not a valid repository
  Directory .
  `id>foo`
  add
  fatal: Not a git repository: '/tmp/'
  Invalid module '`id>foo`' at /usr/lib/git-core/git-cvsserver line 3807, 
 line 4.
  [joernchen@...t ~]$

  [git@...t ~]$ cat foo
  uid=619(git) gid=618(git) groups=618(git)
  [git@...t ~]$
  =>8=

  [ Solution ]
  Upgrade to one of the following git versions:
  * 2.14.2
  * 2.13.6
  * 2.12.5
  * 2.11.4
  * 2.10.5

  [ end of file ]

  ---

  No CVE has been assigned yet, but a fix has been released upstream and
  as seen above, the fixes are already in Debian.

  The following upstream commits claim to fix the issue:
   - 985f59c042320ddf0a506e553d5eef9689ef4c32
   - 31add46823fe926e85efbfeab865e366018b33b4
   - 6d6e2f812d366789fb6f4f9ea8decb4777f6f862
   - dca89d4e56dde4b9b48d6f2ec093886a6fa46575

  [1] http://www.openwall.com/lists/oss-security/2017/09/26/9

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1657256] Re: Percona crashes when doing a a 'larger' update

[Simon Quigley]

** Also affects: percona-xtradb-cluster-5.5 (Ubuntu Artful)
   Importance: Medium
 Assignee: Jorge Niedbalski (niedbalski)
   Status: Confirmed

** Also affects: percona-xtradb-cluster-5.6 (Ubuntu Artful)
   Importance: Medium
 Assignee: Jorge Niedbalski (niedbalski)
   Status: In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1657256

Title:
  Percona crashes when doing a a 'larger' update

Status in OpenStack Charm Test Infra:
  Confirmed
Status in percona-xtradb-cluster-5.5 package in Ubuntu:
  Confirmed
Status in percona-xtradb-cluster-5.6 package in Ubuntu:
  In Progress
Status in percona-xtradb-cluster-5.5 source package in Trusty:
  Confirmed
Status in percona-xtradb-cluster-5.6 source package in Xenial:
  Confirmed
Status in percona-xtradb-cluster-5.6 source package in Yakkety:
  Confirmed
Status in percona-xtradb-cluster-5.6 source package in Zesty:
  Confirmed
Status in percona-xtradb-cluster-5.5 source package in Artful:
  Confirmed
Status in percona-xtradb-cluster-5.6 source package in Artful:
  In Progress

Bug description:
  [Impact]

   * Percona will segfault when exposed to medium load, almost imediately
   * This is because of a bug in upstream, which manifests only on PPC

  [Test Case]

   * Install and configure percona-xtradb-cluster-server
    * Run sysbench against configured node (only one node is needed, no need 
for proper cluster):
     # sysbench --test=oltp --oltp-test-mode=complex --max-time=60 
--num-threads=110 run
   * mysqld will segfault seconds withing starting the test

  [Regression Potential]

   * This is a cherry-pick from an upstream fix 
(https://jira.mariadb.org/browse/MDEV-6450)
   * This is not fixed in upstream Percona becasue Percona does not officially 
support non-intel archs.
   * Because code adds additional memory barriers there was a chance of 
performance degradation on i386/amd64. However, intensive sysbench syntetic 
loads proved this is not the case - there are no performance penalties.

  [Other Info]

   *  percona-xtradb-cluster-5.5 is only available for Trusty.
  $ rmadison percona-xtradb-cluster-5.5
   percona-xtradb-cluster-5.5 | 5.5.34-25.9+dfsg-0ubuntu4  | 
trusty/universe  | source
   percona-xtradb-cluster-5.5 | 5.5.37-25.10+dfsg-0ubuntu0.14.04.1 | 
trusty-security/universe | source
   percona-xtradb-cluster-5.5 | 5.5.37-25.10+dfsg-0ubuntu0.14.04.2 | 
trusty-updates/universe  | source

  * See comment #22 for more context about other releases that offers 
percona-xtradb-cluster-5.6 : 
  
https://bugs.launchpad.net/ubuntu/+source/percona-xtradb-cluster-5.5/+bug/1657256/comments/22

   * Upstream commit:
  
https://github.com/MariaDB/server/commit/40497577ffd9f85557b15e08ad913f627b2e9530

  [Original Description]

  I'm trying to set up percona-xtradb-cluster-5.5 on PPC machine. While
  the package installs fine, as soon as I run sysbench oltp becnhmark
  against it, Percona dies (even when I start the benchmark with just
  one connection).

  I can also crash mysql manually, by updating the sbtest table (which
  is created by the sysbench utility):

  mysql> update sbtest set pad = 'mario1' limit 100;
  ERROR 2013 (HY000): Lost connection to MySQL server during query

  Sometimes I need to repeat this update (with different values for
  'pad' field) few times. This happens regardless of whether I run the
  UPDATE inside the transaction or not.

  This is the assertion found in the log file:

  170117 21:10:55 InnoDB: Assertion failure in thread 7038321152 in file 
buf0buf.ic line 1277
  InnoDB: Failing assertion: block->page.buf_fix_count > 0

  This is a single-node percona-xtradb-cluster server, without
  wsrep_provied configured, run inside 14.04 lxc container on 16.04
  host.

  I'm attaching the full log file, mysql configuration file and the core
  dumped.

  The version of the package installed is this 5.5.37-25.10+dfsg-
  0ubuntu0.14.04.2.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-test-infra/+bug/1657256/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1710993] Re: PulseAudio requirement breaks Firefox on ALSA-only systems after 55.0.1 update

[Simon Quigley]

Modified the bug description for lubuntu-default-settings and indicator-
sound-gtk2 (indicator-sound-gtk2 needs the same fix as Zesty and Artful,
bug 1708619 for reference).

** Description changed:

  [Impact]
- 
- Users of Lubuntu 16.04 LTS are left with no sound in the default web
- browser, Firefox. This is a regression. For users with no knowledge of
- what PulseAudio even is (and even for people who *do* know what it is),
- this is not good.
+ Users of Lubuntu 16.04 LTS are left with no sound in the default web browser, 
Firefox. This is a regression. For users with no knowledge of what PulseAudio 
even is (and even for people who *do* know what it is), this is not good.
  
  [Test Case]
- 
-  1. Go to a website that plays sound in Firefox on Lubuntu 16.04. This,
- for example: https://www.youtube.com/watch?v=_QfHhFlTUN8
+  1. Go to a website that plays sound in Firefox on Lubuntu 16.04. This, for 
example: https://www.youtube.com/watch?v=_QfHhFlTUN8
  
  Expected: Sound should play without having to install any additional
  software.
  
  Result: No sound is played, and the user is given a message that they
  need to install PulseAudio.
  
  [Regression Potential]
- 
- People might get mad that PulseAudio is now installed, without them
- asking (but it adds functionality, so in my opinion this update is
- needed, regardless). I see no technical regression potential, as it is
- simply adding a dependency.
+ People might get mad that PulseAudio is now installed, without them asking 
(but it adds functionality, so in my opinion this update is needed, 
regardless). I see no technical regression potential, as it is simply adding a 
dependency.
  
  [Original Description]
- 
- I am on Lubuntu, an ALSA-only system, after update Firefox to version
- 55.0.1 it started to ask for PulseAudio when playing media.
+ I am on Lubuntu, an ALSA-only system, after update Firefox to version 55.0.1 
it started to ask for PulseAudio when playing media.
  
  Reference: https://i.imgur.com/5gEnaYv.png
  
  I have initially stated the bug here: https://askubuntu.com/q/946568
  This bug also happened with Firefox 52 and were fixed on 52.0.2, it seems it 
have had returned: 
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1671273
+ 
+ For lubuntu-default-settings and indicator-sound-gtk2:
+ 
+ [Impact]
+ Without this fix, users are still using alsamixer after the migration to 
PulseAudio, this isn't intended as they should be using pavucontrol.
+ 
+ [Test Case]
+ Go to the panel after installing the above lubuntu-meta fix, and right click 
on the volume icon, then select Volume Settings, and it goes to alsamixer. 
After installing these fixes, clicking the icon should display a Sound icon and 
Sound Settings should go to pavucontrol.
+ 
+ [Regression Potential]
+ Little to none, as this has been applied in all releases after Lubuntu 16.04 
LTS. The only regression would occur when launching pavucontrol (as shown and 
fixed in bug 1708619, the fix is in indicator-sound-gtk2).

** No longer affects: lubuntu-meta (Ubuntu Xenial)

** No longer affects: lubuntu-default-settings (Ubuntu Xenial)

** Also affects: indicator-sound-gtk2 (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: lubuntu-meta (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lubuntu-default-settings (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: indicator-sound-gtk2 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lubuntu-default-settings (Ubuntu)
   Status: New => Fix Released

** Changed in: indicator-sound-gtk2 (Ubuntu)
   Status: New => Fix Released

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: lubuntu-default-settings (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: indicator-sound-gtk2 (Ubuntu)
   Importance: Undecided => Critical

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: lubuntu-default-settings (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: indicator-sound-gtk2 (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: lubuntu-meta (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: lubuntu-default-settings (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1710993

Title:
  PulseAudio requirement breaks Firefox on ALSA-only systems after
  55.0.1 update

Status in indicator-sound-gtk2 pack

[Group.of.nepali.translators] [Bug 1710993] Re: PulseAudio requirement breaks Firefox on ALSA-only systems after 55.0.1 update

[Simon Quigley]

Apologies for the delay on this, but I think I know why Tiago was having
those issues...

There seems to be other pulse things pulled in when upgrading completely
from -proposed, and so it seems there might be a regression there, but
after updating *only* lubuntu-desktop, it works fine.

I would consider this a working lubuntu-meta, and I'll update the tags
as such.

But, they do raise a good point about the volume icon still using
alsamixer. I'll work to figure that out.

** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial

** Also affects: lubuntu-default-settings (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: lubuntu-meta (Ubuntu Xenial)

** Also affects: lubuntu-meta (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lubuntu-default-settings (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: lubuntu-default-settings (Ubuntu)
   Importance: Undecided => Critical

** Changed in: lubuntu-default-settings (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: lubuntu-default-settings (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: lubuntu-meta (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: lubuntu-default-settings (Ubuntu Xenial)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1710993

Title:
  PulseAudio requirement breaks Firefox on ALSA-only systems after
  55.0.1 update

Status in lubuntu-default-settings package in Ubuntu:
  New
Status in lubuntu-meta package in Ubuntu:
  Fix Released
Status in lubuntu-default-settings source package in Xenial:
  In Progress
Status in lubuntu-meta source package in Xenial:
  Fix Committed

Bug description:
  [Impact]

  Users of Lubuntu 16.04 LTS are left with no sound in the default web
  browser, Firefox. This is a regression. For users with no knowledge of
  what PulseAudio even is (and even for people who *do* know what it
  is), this is not good.

  [Test Case]

   1. Go to a website that plays sound in Firefox on Lubuntu 16.04.
  This, for example: https://www.youtube.com/watch?v=_QfHhFlTUN8

  Expected: Sound should play without having to install any additional
  software.

  Result: No sound is played, and the user is given a message that they
  need to install PulseAudio.

  [Regression Potential]

  People might get mad that PulseAudio is now installed, without them
  asking (but it adds functionality, so in my opinion this update is
  needed, regardless). I see no technical regression potential, as it is
  simply adding a dependency.

  [Original Description]

  I am on Lubuntu, an ALSA-only system, after update Firefox to version
  55.0.1 it started to ask for PulseAudio when playing media.

  Reference: https://i.imgur.com/5gEnaYv.png

  I have initially stated the bug here: https://askubuntu.com/q/946568
  This bug also happened with Firefox 52 and were fixed on 52.0.2, it seems it 
have had returned: 
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1671273

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lubuntu-default-settings/+bug/1710993/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1715576] Re: Fix crash when clicking cancel button, which may cause data loss

[Simon Quigley]

This is fixed in Artful already.

** Changed in: partitionmanager (Ubuntu)
   Status: Fix Committed => Fix Released

** Changed in: partitionmanager (Ubuntu)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1715576

Title:
  Fix crash when clicking cancel button, which may cause data loss

Status in partitionmanager package in Ubuntu:
  Fix Released
Status in partitionmanager source package in Xenial:
  Fix Committed
Status in partitionmanager source package in Zesty:
  Fix Committed

Bug description:
  [Impact]
  Without these fixes, partitionmanager can cause severe data loss (in the KDE 
bug linked, someone lost an 890 GB LUKS partition.

  [Test Case]
  Try moving a partition and then pressing Cancel while it is running. It 
should display a dialog box asking if that is, in fact, what you would like to 
do, but instead it will crash, corrupting data.

  [Regression Potential]
  While extremely unlikely, a regression could occur when another framework 
(that this depends on) is updated, and that could cause the dialog box to not 
function as intended, possibly circumventing this. Like I wrote earlier, this 
is extremely unlikely, but it is still a possibility.

  [Original Description]
  Upstream bug: https://bugs.kde.org/show_bug.cgi?id=384348

  Severity High or Critical, as can cause data loss.

  Fixed in version 3.1.2 with commit:

  
https://cgit.kde.org/partitionmanager.git/commit/?id=feb2e374e496c65011e036f2a611fa7cc5b4e940

  Affected versions and releases:

  3.0.0-1 in Zesty 17.04
  1.2.1-0ubuntu1 in Xenial 16.04

  Cause is as error in the porting to Qt5/KF5, so the commit should be
  backportable as indicated by the upstream maintainer.

  However, contrary to commit bf38d67e1bef0e8901b6fff75a1f968f6985c4ae
  which states the post version 3.0.0 version bump is for intended for
  implementing new features, again upstream confirmed that these did not
  actually happen and changes 3.0.0 -> 3.1.2 are just bugfixes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/partitionmanager/+bug/1715576/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1698180] Re: [CVE] Send Later with Delay bypasses OpenPGP

[Simon Quigley]

** Changed in: kf5-messagelib (Ubuntu)
   Status: Fix Committed => Fix Released

** Changed in: kmail (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1698180

Title:
  [CVE] Send Later with Delay bypasses OpenPGP

Status in kdepim package in Ubuntu:
  Invalid
Status in kf5-messagelib package in Ubuntu:
  Fix Released
Status in kmail package in Ubuntu:
  Fix Released
Status in kdepim source package in Trusty:
  New
Status in kdepim source package in Xenial:
  New
Status in kdepim source package in Zesty:
  New
Status in kdepim source package in Artful:
  Invalid

Bug description:
  KDE Project Security Advisory
  =

  Title:  KMail: Send Later with Delay bypasses OpenPGP
  Risk Rating:Medium
  CVE:CVE-2017-9604
  Versions:   kmail, messagelib < 5.5.2
  Date:   15 June 2017

  
  Overview
  
  KMail’s Send Later with Delay function bypasses OpenPGP signing and
  encryption, causing the message to be sent unsigned and in plain-text.

  Solution
  
  Update to kmail, messagelib >= 5.5.2 (Released as part of KDE Applications 
17.04.2)

  Or apply the following patches:
   kmail: 
https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
  messagelib: 
https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197

  Credits
  ===
  Thanks to Daniel Aleksandersen for the report and to Laurent Montel for the 
fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1698180/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1688617] Re: menu-cached, 100% cpu increase

[Simon Quigley]

** Also affects: menu-cache (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: menu-cache (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: menu-cache (Ubuntu Artful)
   Importance: Undecided
   Status: Confirmed

** Also affects: menu-cache (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: menu-cache (Ubuntu Artful)
   Status: Confirmed => Fix Released

** Changed in: menu-cache (Ubuntu Zesty)
   Status: New => Fix Released

** Changed in: menu-cache (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: menu-cache (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1688617

Title:
  menu-cached, 100% cpu increase

Status in menu-cache package in Ubuntu:
  Fix Released
Status in menu-cache source package in Trusty:
  New
Status in menu-cache source package in Xenial:
  New
Status in menu-cache source package in Zesty:
  Fix Released
Status in menu-cache source package in Artful:
  Fix Released

Bug description:
  With lxde I have a maximum CPU increase

  
  100% CPU increase

  :top
  PID USER  PR  NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND
  2350 $user20   0  183044   3004   2792 R 88,4  0,2 164:59.66 menu-cached

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1688617/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1579935] Re: [SRU] Update to bugfix release 2.2.6 in Xenial

[Simon Quigley]

I can take care of preparing the debdiff in a bit.

Thanks Amr for the bug description update!

** Changed in: vlc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: vlc (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: vlc (Ubuntu Xenial)
   Importance: Undecided => Medium

** Also affects: vlc (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: vlc (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: vlc (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1579935

Title:
  [SRU] Update to bugfix release 2.2.6 in Xenial

Status in vlc package in Ubuntu:
  Fix Released
Status in vlc source package in Xenial:
  In Progress
Status in vlc source package in Zesty:
  In Progress

Bug description:
  [Impact]

  VLC has received many bug fixes on the stable 2.2.x branch since 2.2.2
  was released. I think 16.04 LTS should get these fixes.

  [Test Case]

  Install vlc from xenial-proposed and test it for at least one week.
  Play different video formats to catch any regressions.

  [Regression Potential]

  The 2.2.x branch receives only bug fixes, which are cherry-picked from
  the master branch where the main development takes place. So, I think
  the regression potential is low.

  [Other Info]

  VLC 2.2 maintenance branch.
  http://git.videolan.org/?p=vlc/vlc-2.2.git;a=summary

  Changes between 2.2.5.1 and 2.2.6:
  --

  Video output:
   * Fix systematic green line on nvidia
   * Fix direct3d SPU texture offsets handling

  Demuxer:
   * Fix heap buffer overflows

  Changes between 2.2.5 and 2.2.5.1:
  --

  Security hardening for DLL hijacking environments

  Translations updates

  Misc:
   * Update for Soundcloud, liveleak and Youtube scripts
   * Fix potential out-of-band dereference in flac decoder
   * Fix potential out-of-band reads in mpeg packetizers
   * Fix infinite loop in subtitles demuxer
   * Fix incorrect memory free in ogg demuxer
   * Fix potential out-of-band reads in subtitle decoders and demuxers
   * Fix green line on Windows with odd sizes

  Changes between 2.2.4 and 2.2.5:
  

  Decoder:
   * Fix mp3 playback quality regression in libmad
   * Fix video scaling in VDPAU
   * Fix playback of palettized codecs
   * Fix ADPCM heap corruption (FG-VD-16-067)

  Demuxer:
   * Fix possible ASF integer overflow
   * Fix MP4 divide-by-zero

  Video output:
   * Fix green line on Windows with AMD drivers

  Access:
   * Fix crash in screen recording on Windows
   * Fix FTP scan string injection

  Mux:
   * Fix mp4 drift

  Windows:
   * The plugins loading will not load external DLLs by default.
     Plugins will need to LoadLibrary explicitely.
   * Fix uninstaller path handling

  MacOS:
   * Fix scrolling sensitivity on Sierra
   * Resume points are deleted now if the user clears the list of
     recent items

  Changes between 2.2.3 and 2.2.4:
  

  Decoder:
   * Fix crash in G.711 wav files
   * Fix mp3 crash in libmad
   * Fix out-of-bound write in adpcm QT IMA codec (CVE-2016-5108)

  Qt:
   * Fix resizing issues

  Win32:
   * Fix overlay creation on Windows XP for DirectDraw video output

  Misc:
   * Build fixes for Hurd

  Translations:
   * Update of Bulgarian, Catalan, German, French, Italian, Marathi, Norwegian
     Bokmål, Norwegian Nynorsk, Portuguese, Slovak, Spanish (Mexico), Swedish,
     Simplified Chinese, and Traditional Chinese translations

  Changes between 2.2.2 and 2.2.3:
  

  Demux:
   * Fix HLS quality selection and a potential stack overflow
   * Fix potential MKV infinite loop and improve MKV tags support
   * Fix WMV regression

  Decoder:
   * Fix hardware decoding with libvdpau-va-gl
   * Fix crashes with libvpx
   * Use libass without caching dialog

  Video Ouptut:
   * Fix green lines on Direct3D output

  Skins2:
   * Fix maximizing Window in multi-screen context

  Qt:
   * Fix resume where you left off
   * Fix infinite recursion in the customize dialog
   * Fix size when switching to/from the minimal interface
   * Fix size after resume toolbar is displayed

  MacOS X:
   * Fix crashes in media information panel
   * Correctly respect the disable-screensaver option

  Win32:
   * Allow opening more than 15 elements in Explorer

  Translations:
   * Update of most translations

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1579935/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsu

[Group.of.nepali.translators] [Bug 1714728] [NEW] [CVEs] Creates executables class files with wrong permissions, Unsafe deserialization leads to code execution

[Simon Quigley]

*** This bug is a security vulnerability ***

Public security bug reported:

This aims to fix two CVEs:

 - CVE-2013-2027: Creates executables class files with wrong permissions
 - CVE-2016-4000: Unsafe deserialization leads to code execution

While CVE-2013-2027 is not shown as fixed in Debian and Red Hat, it is
fixed in OpenSUSE (openSUSE-SU-2015:0269-1), we can backport their
patches.

CVE-2016-4000 was fixed in Debian in 2.5.3-17, and that's in Artful, but
we still need fixes for Trusty, Xenial, and Zesty.

** Affects: jython (Ubuntu)
 Importance: Medium
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: jython (Ubuntu Trusty)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: jython (Ubuntu Xenial)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: jython (Ubuntu Zesty)
 Importance: High
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress

** Affects: jython (Ubuntu Artful)
 Importance: Medium
 Assignee: Simon Quigley (tsimonq2)
 Status: In Progress


** Tags: artful trusty xenial zesty

** Also affects: jython (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: jython (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: jython (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: jython (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4000

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1714728

Title:
  [CVEs] Creates executables class files with wrong permissions, Unsafe
  deserialization leads to code execution

Status in jython package in Ubuntu:
  In Progress
Status in jython source package in Trusty:
  In Progress
Status in jython source package in Xenial:
  In Progress
Status in jython source package in Zesty:
  In Progress
Status in jython source package in Artful:
  In Progress

Bug description:
  This aims to fix two CVEs:

   - CVE-2013-2027: Creates executables class files with wrong permissions
   - CVE-2016-4000: Unsafe deserialization leads to code execution

  While CVE-2013-2027 is not shown as fixed in Debian and Red Hat, it is
  fixed in OpenSUSE (openSUSE-SU-2015:0269-1), we can backport their
  patches.

  CVE-2016-4000 was fixed in Debian in 2.5.3-17, and that's in Artful,
  but we still need fixes for Trusty, Xenial, and Zesty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jython/+bug/1714728/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1674868] Re: Fuse-ext2 deadlocks on creating symlinks

[Simon Quigley]

** Also affects: fuse-umfuse-ext2 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: fuse-umfuse-ext2 (Ubuntu Artful)
   Importance: Undecided
   Status: Triaged

** Also affects: fuse-umfuse-ext2 (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: fuse-umfuse-ext2 (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: fuse-umfuse-ext2 (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: fuse-umfuse-ext2 (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: fuse-umfuse-ext2 (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: fuse-umfuse-ext2 (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: fuse-umfuse-ext2 (Ubuntu Artful)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: fuse-umfuse-ext2 (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: fuse-umfuse-ext2 (Ubuntu Zesty)
   Status: New => Confirmed

** Changed in: fuse-umfuse-ext2 (Ubuntu Artful)
   Status: Triaged => Confirmed

** Changed in: fuse-umfuse-ext2 (Ubuntu Artful)
Milestone: None => ubuntu-17.09

** Changed in: fuse-umfuse-ext2 (Ubuntu Zesty)
Milestone: None => zesty-updates

** Changed in: fuse-umfuse-ext2 (Ubuntu Xenial)
Milestone: None => xenial-updates

** Changed in: fuse-umfuse-ext2 (Ubuntu Trusty)
Milestone: None => trusty-updates

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1674868

Title:
  Fuse-ext2 deadlocks on creating symlinks

Status in fuse-umfuse-ext2 package in Ubuntu:
  Confirmed
Status in fuse-umfuse-ext2 source package in Trusty:
  Confirmed
Status in fuse-umfuse-ext2 source package in Xenial:
  Confirmed
Status in fuse-umfuse-ext2 source package in Zesty:
  Confirmed
Status in fuse-umfuse-ext2 source package in Artful:
  Confirmed

Bug description:
  [Impact]

   * Any attempt to create/overwrite symlinks in a partition mounted by
  fuseext2 causes the fuseext2 process to deadlock, preventing the
  mounted filesystem from being used at all until the userspace process
  is killed and the filesystem is remounted.

  [Test Case]

   * dd if=/dev/zero of=partition bs=1M count=200
   * mkfs.ext2 partition
   * mkdir mount
   * fuseext2 partition mount
   * cd mount
   * touch test
   * ln -s test link - Doesn't complete
   * In another shell try to do anything else in the mount directory (ls, 
touch, rm) - Don't complete

  [Regression Potential]

   * Since this changes the locking strategy of the code to hold locks less, 
the main risk is exposing a case where data can be accessed in a non-threadsafe 
manner, leading to unexpected behaviour.
   * The places where the change has been made are at the exit points of the 
function, and match where similar unlocks are made in other places in the code.
   * Since the program at risk is (by design) a userspace program, the risk of 
kernel data leakage is minimal.

  [Other Info]

   * I can't actually work out where the upstream code for this project lives, 
the only upstream I could find is https://github.com/alperakcan/fuse-ext2 but 
that doesn't have any locking code at all (even in the reentrant branch) so I 
can't see where this issue came from.
   * This issue seems to apply to all versions of fuseext2 in the ubuntu repos 
(well, at least it's there in trusty, xenial and zesty)

  [Original Description]

  Trying to create a symlink in a filesystem mounted by fuseext2 causes
  the fuseext2 userspace process to deadlock before responding to the
  fuse request.  This is simply due to a code bug in fuse-ext2/op_link.c
  (lines 104 and 109) where the code calls FUSE_EXT2_LOCK rather than
  FUSE_EXT2_UNLOCK on exiting the function.

  I've confirmed that making that changes allows me to create symlinks
  happily on the mounted filesystem.  The bug appears to exist upstream
  too.

  System info:

  $ lsb_release -rd
  Description:  Linux Mint 18.1 Serena
  Release:  18.1

  Software version:

  $ apt show fuseext2
  Package: fuseext2
  Version: 0.4-1.1
  Priority: optional
  Section: universe/misc
  Source: fuse-umfuse-ext2
  Origin: Ubuntu
  Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
  Original-Maintainer: Debian VSquare Team 
<pkg-vsquare-de...@lists.alioth.debian.org>
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Installed-Size: 103 kB
  Depends: e2fslibs (>= 1.42), libc6 (>= 2.4), libfuse2 (>= 2.8.1), fuse
  Homepage: http://view-os.sourceforge.net
  Download-Size: 24.7 kB
  APT-Manual-Installed: yes
  APT-Sources: http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fuse-umfuse-ext2/+bug/1674868/+subscriptions

[Group.of.nepali.translators] [Bug 1297849] Re: [SRU] Virtual private network connection fails after distribution upgrade due to outdated Network Manager configuration files

[Simon Quigley]

** Also affects: network-manager-openvpn (Ubuntu Utopic)
   Importance: Undecided
   Status: New

** Also affects: network-manager-vpnc (Ubuntu Utopic)
   Importance: Undecided
   Status: New

** Also affects: network-manager-applet (Ubuntu Utopic)
   Importance: Undecided
   Status: New

** Also affects: network-manager-openconnect (Ubuntu Utopic)
   Importance: Undecided
   Status: New

** No longer affects: network-manager-applet (Ubuntu Utopic)

** No longer affects: network-manager-openconnect (Ubuntu Utopic)

** No longer affects: network-manager-openvpn (Ubuntu Utopic)

** No longer affects: network-manager-vpnc (Ubuntu Utopic)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1297849

Title:
  [SRU] Virtual private network connection fails after distribution
  upgrade due to outdated Network Manager configuration files

Status in One Hundred Papercuts:
  Confirmed
Status in network-manager-vpnc:
  New
Status in network-manager-applet package in Ubuntu:
  Fix Released
Status in network-manager-openconnect package in Ubuntu:
  Fix Released
Status in network-manager-openvpn package in Ubuntu:
  Triaged
Status in network-manager-vpnc package in Ubuntu:
  Triaged
Status in network-manager-applet source package in Trusty:
  Fix Released
Status in network-manager-openconnect source package in Trusty:
  Confirmed
Status in network-manager-openvpn source package in Trusty:
  Confirmed
Status in network-manager-vpnc source package in Trusty:
  Confirmed
Status in network-manager-openconnect source package in Xenial:
  Fix Released
Status in network-manager-openvpn source package in Xenial:
  Confirmed
Status in network-manager-vpnc source package in Xenial:
  Confirmed
Status in network-manager-openvpn source package in Yakkety:
  Confirmed
Status in network-manager-vpnc source package in Yakkety:
  Confirmed

Bug description:
  [Impact]
  * People who are using VPN services (of any kind, using vpnc, openvpn, pptp, 
etc.

  [Test Case]
  HOW TO REPRODUCE
  1. Upgrade to a newer Ubuntu release.
  2. Using the Network Manager application, try to start a virtual private 
network connection.

  EXPECTED BEHAVIOUR
  - The connection to complete successfully.

  ACTUAL BEHAVIOUR
  - The current configuration files, created by a previous network manager 
installation in the gconf user home folder, makes the application to misbehave; 
returning a log like this:

  [Regression Potential]
  May cause Gnome-Shell detection to give up prematurely.

  [PPA with a Possible Solution]
  Please see the 
https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/1297849/comments/107
 on information how to try the PPA with a solution to the bug that has the 
patch 
https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/1297849/+attachment/4253965/+files/network-manager-applet-1297849.patch
 applied.

  [Additional information]
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  Starting VPN service 
'vpnc'...
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  VPN service 'vpnc' 
started (org.freedesktop.NetworkManager.vpnc), PID 24419
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  VPN service 'vpnc' 
appeared; activating connections
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  [1395840211.74057] 
[nm-vpn-connection.c:1374] get_secrets_cb(): Failed to request VPN secrets #2: 
(6) No agents were available for this request.
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  Policy set 'blizzard' 
(wlan0) as default for IPv4 routing and DNS.
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  [1395840211.74406] 
[nm-system.c:1266] nm_system_replace_default_ip6_route(): (wlan0): failed to 
set IPv6 default route: -7
  Mar 26 13:23:31 hprem-rmbp NetworkManager[855]:  Policy set 'blizzard' 
(wlan0) as default for IPv6 routing and DNS.
  Mar 26 13:23:36 hprem-rmbp NetworkManager[855]:  VPN service 'vpnc' 
disappeared

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: network-manager-vpnc 0.9.8.6-1ubuntu2
  Uname: Linux 3.13.0-031300-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.13.3-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Mar 26 13:26:42 2014
  InstallationDate: Installed on 2014-01-17 (67 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64+mac (20140115)
  SourcePackage: network-manager-vpnc
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1297849/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1655153] Re: long-running stunnel leaks memory

[Simon Quigley]

@Bryan: Done.

** Also affects: stunnel4 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: stunnel4 (Ubuntu Xenial)
   Status: New => Fix Released

** Changed in: stunnel4 (Ubuntu Xenial)
   Status: Fix Released => Confirmed

** Changed in: stunnel4 (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: stunnel4 (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1655153

Title:
  long-running stunnel leaks memory

Status in stunnel4 package in Ubuntu:
  Fix Released
Status in stunnel4 source package in Xenial:
  Confirmed
Status in stunnel4 package in Debian:
  Fix Released

Bug description:
  We are running a long-running stunnel4 daemon to proxy TLS connections
  to another set of servers. After leaving it running for a few weeks,
  its memory usage had grown to 1.5GB. Restarting it reduced its memory
  usage to expected levels (VSZ and RSS) but while I've been watching it
  today it has grown by more than 10MB.

  The stunnel website indicates that there have been fixes relating to
  memory leaks in versions 5.32 and 5.33, but Ubuntu LTS is still
  running 5.30.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: stunnel4 3:5.30-1
  ProcVersionSignature: Ubuntu 4.4.0-45.66-generic 4.4.21
  Uname: Linux 4.4.0-45-generic i686
  ApportVersion: 2.20.1-0ubuntu2.4
  Architecture: i386
  Date: Mon Jan  9 16:03:37 2017
  InstallationDate: Installed on 2015-10-31 (435 days ago)
  InstallationMedia: Ubuntu-Server 15.10 "Wily Werewolf" - Release i386 
(20151021)
  ProcEnviron:
   TERM=xterm
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   XDG_RUNTIME_DIR=
  SourcePackage: stunnel4
  UpgradeStatus: Upgraded to xenial on 2016-05-18 (236 days ago)
  mtime.conffile..etc.default.stunnel4: 2016-10-26T22:22:28.166247

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1655153/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1652466] Re: Totem can't play videos on Gallium graphics without mesa-va-drivers

[Simon Quigley]

** Also affects: totem (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: libva (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1652466

Title:
  Totem can't play videos on Gallium graphics without mesa-va-drivers

Status in One Hundred Papercuts:
  Confirmed
Status in libva package in Ubuntu:
  Confirmed
Status in totem package in Ubuntu:
  Invalid
Status in libva source package in Xenial:
  New
Status in totem source package in Xenial:
  New

Bug description:
  Impact
  ---
  Totem can't play videos if gstreamer1.0-vaapi is installed on Gallium 
graphics in Xenial because mesa-va-drivers is not installed as a dependency of 
va-driver-all.

  Here is the dependency chain in Xenial:
  gstreamer1.0-vaapi Depends on libva1
  libva1 Recommends va-driver-all
  va-driver-all Depends on i965-va-driver vdpau-va-driver (no mesa-va-drivers)

  This is fixed in version 1.7.0-2 in Debian and Yakkety.
  libva (1.7.0-2) unstable; urgency=medium

* debian/control:
  - Add mesa-va-drivers as alternative to Depends of va-driver-all.
  - Bump Standards-Versions.

   -- Sebastian Ramacher   Wed, 11 May 2016
  17:32:06 +0200

  
  Test case
  --
  - Purge va-driver-all and mesa-va-drivers if already installed
  - Install va-driver-all from xenial-proposed
  - Make sure that mesa-va-drivers is pulled in
  - Play videos in Totem with gstreamer1.0-vaapi installed and make sure that 
videos play nicely.

  Here is the terminal output of Totem (with gstreamer1.0-vaapi installed and 
no mesa-va-drivers):
  :~$ totem
  Stream with high frequencies VQ coding
  libva info: VA-API version 0.39.0
  libva info: va_getDriverName() returns 0
  libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/radeonsi_drv_video.so
  libva info: va_openDriver() returns -1
  libva info: VA-API version 0.39.0
  libva info: va_getDriverName() returns 0
  libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/gallium_drv_video.so
  libva info: va_openDriver() returns -1
  libva info: VA-API version 0.39.0
  libva info: va_getDriverName() returns 0

  When mesa-va-drivers is installed, Totem plays videos just fine.

  
  Regression potential
  -
  Since there are no code changes at all, I cannot think of any regressions.

  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: va-driver-all 1.7.0-1
  ProcVersionSignature: Ubuntu 4.4.0-57.78-generic 4.4.35
  Uname: Linux 4.4.0-57-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.1-0ubuntu2.4
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sat Dec 24 21:54:20 2016
  InstallationDate: Installed on 2016-04-26 (242 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 
(20160420.1)
  SourcePackage: libva
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1652466/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1712948] Re: [CVE] KNewstuff downloads can install files outside the extraction directory

[Simon Quigley]

** Changed in: karchive (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: karchive (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: karchive (Ubuntu)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Changed in: karchive (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1712948

Title:
  [CVE] KNewstuff downloads can install files outside the extraction
  directory

Status in karchive package in Ubuntu:
  Fix Released
Status in karchive source package in Xenial:
  In Progress

Bug description:
  KDE Project Security Advisory
  =

  Title:   karchive: KNewstuff downloads can install files outside the 
extraction directory.
  Risk Rating: Important
  CVE: CVE-2016-6232
  Platforms:   Linux / Mac / Windows
  Versions:karchive < 5.24
  Author:  David Faure fa...@kde.org
  Date:24 July 2016

  Overview
  

  A maliciously crafted archive (.zip or .tar.bz2) with "../" in the file paths
  could be offered for download via the KNewStuff framework (e.g. on www.kde-
  look.org), and upon extraction would install files anywhere in the user's home
  directory.

  Proof of concept
  

  For testing, an example of a malicious archive can be found at
  http://www.davidfaure.fr/kde/tar_relative_path_outside_archive.tar.bz2

  Impact
  ==

  Users can unwillingly install files like a modified .bashrc, or a new .desktop
  file associated to a common MIME type and executing a malicious command.

  Workaround
  ==

  Users should not install anything via KNewStuff until KDE Frameworks 5.24,
  or should at least inspect downloaded archives to make sure they don't contain
  relative paths containing "../".

  Solution
  

  KArchive 5.24, released as part of KDE Frameworks 5.24, forbids archive
  extraction from installing files outside the extraction directory.

  Alternatively, commit 0cb243f in karchive.git can be applied to previous
  releases.

  Thanks to Andreas Cord-Landwehr for finding this issue and fixing it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/karchive/+bug/1712948/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1698180] Re: Send Later with Delay bypasses OpenPGP

[Simon Quigley]

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9604

** Also affects: kmail (Ubuntu)
   Importance: Undecided
   Status: New

** Summary changed:

- Send Later with Delay bypasses OpenPGP
+ [CVE] Send Later with Delay bypasses OpenPGP

** Changed in: kmail (Ubuntu)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kmail (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1698180

Title:
  [CVE] Send Later with Delay bypasses OpenPGP

Status in kdepim package in Ubuntu:
  In Progress
Status in kf5-messagelib package in Ubuntu:
  In Progress
Status in kmail package in Ubuntu:
  In Progress
Status in kdepim source package in Trusty:
  New
Status in kdepim source package in Xenial:
  New
Status in kdepim source package in Zesty:
  New
Status in kdepim source package in Artful:
  In Progress

Bug description:
  KDE Project Security Advisory
  =

  Title:  KMail: Send Later with Delay bypasses OpenPGP
  Risk Rating:Medium
  CVE:CVE-2017-9604
  Versions:   kmail, messagelib < 5.5.2
  Date:   15 June 2017

  
  Overview
  
  KMail’s Send Later with Delay function bypasses OpenPGP signing and
  encryption, causing the message to be sent unsigned and in plain-text.

  Solution
  
  Update to kmail, messagelib >= 5.5.2 (Released as part of KDE Applications 
17.04.2)

  Or apply the following patches:
   kmail: 
https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
  messagelib: 
https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197

  Credits
  ===
  Thanks to Daniel Aleksandersen for the report and to Laurent Montel for the 
fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1698180/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1630700] Re: CVE - KMail - HTML injection in plain text viewer

[Simon Quigley]

** Also affects: kdepimlibs (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: kdepimlibs (Ubuntu Precise)

** Changed in: kdepimlibs (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: kdepimlibs (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kdepimlibs (Ubuntu)
   Status: New => Fix Released

** No longer affects: kdepimlibs (Ubuntu Xenial)

** No longer affects: kdepimlibs (Ubuntu Yakkety)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1630700

Title:
  CVE - KMail - HTML injection in plain text viewer

Status in kcoreaddons package in Ubuntu:
  Fix Released
Status in kdepimlibs package in Ubuntu:
  Fix Released
Status in kcoreaddons source package in Precise:
  Invalid
Status in kcoreaddons source package in Trusty:
  Fix Released
Status in kdepimlibs source package in Trusty:
  In Progress
Status in kcoreaddons source package in Xenial:
  In Progress
Status in kcoreaddons source package in Yakkety:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =

  Title:  KMail: HTML injection in plain text viewer
  Risk Rating:Important
  CVE:CVE-2016-7966
  Platforms:  All
  Versions:   kmail >= 4.4.0
  Author: Andre Heinecke <aheine...@intevation.de>
  Date:   6 October 2016

  Overview
  

  Through a malicious URL that contained a quote character it
  was possible to inject HTML code in KMail's plain text viewer.
  Due to the parser used on the URL it was not possible to include
  the equal sign (=) or a space into the injected HTML, which greatly
  reduces the available HTML functionality. Although it is possible
  to include an HTML comment indicator to hide content.

  Impact
  ==

  An unauthenticated attacker can send out mails with malicious content
  that breaks KMail's plain text HTML escape logic. Due to the limitations
  of the provided HTML in itself it might not be serious. But as a way
  to break out of KMail's restricted Plain text mode this might open
  the way to the exploitation of other vulnerabilities in the HTML viewer
  code, which is disabled by default.

  Workaround
  ==

  None.

  Solution
  

  For KDE Frameworks based releases of KMail apply the following patch to
  kcoreaddons:
  
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=96e562d9138c100498da38e4c5b4091a226dde12

  For kdelibs4 based releases apply the following patch:
  
https://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf

  Credits
  ===

  Thanks to Roland Tapken for reporting this issue, Andre Heinecke from
  Intevation GmbH for analysing the problems and Laurent Montel for
  fixing this issue.

  
  Updated Information (1 November 2016)
  =

  The above mentioned patches are not enough to fix the vulnerability 
completely.
  This wasn't visible, because the patches for CVE-2016-7967 and CVE-2016-7968 
made sure,
  that this vulnerability can't harm anymore. 
  It only became visible, that this vulnerability isn't closed completely for 
systems,
  that are only affected by this CVE.

  For KCoreAddons you need:
   
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=96e562d9138c100498da38e4c5b4091a226dde12
  for applying this patch you may also need to cherry-pick:
   
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=1be7272373d60e4234f1a5584e676b579302b053
  (these two are released in KCoreAddons KDE Frameworks 5.27.0)

  additionally git commits, to close completely:
   
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a
  not needed in the strong sense, but this will give you the additional 
automatic tests, to test if this CVE is closed:
   
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=a06cef31cc4c908bc9b76bd9d103fe9c60e0953f
 
  (will be part of KCoreAddons KDE Frameworks 5.28.0)

  For kdepimlibs 4.14:
   
https://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf
   
https://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=8bbe1bd3fdc55f609340edc667ff154b3d2aaab1
  kdepimlibs is at end of life, so no further release is planned.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kcoreaddons/+bug/1630700/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1703564] Re: [CVE] Socket may be blocked by another user

[Simon Quigley]

** Changed in: menu-cache (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: menu-cache (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: menu-cache (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: menu-cache (Ubuntu)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Changed in: menu-cache (Ubuntu)
   Status: In Progress => Fix Released

** Changed in: menu-cache (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: menu-cache (Ubuntu Xenial)
   Status: New => Incomplete

** Changed in: menu-cache (Ubuntu Xenial)
   Status: Incomplete => In Progress

** Changed in: menu-cache (Ubuntu Zesty)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1703564

Title:
  [CVE] Socket may be blocked by another user

Status in menu-cache package in Ubuntu:
  Fix Released
Status in menu-cache source package in Trusty:
  In Progress
Status in menu-cache source package in Xenial:
  In Progress
Status in menu-cache source package in Zesty:
  In Progress

Bug description:
  The socket placed in /tmp is predictable and public-writable. Therefore
  if one user placed a symlink to another socket instead of socket for
  another use then said another user will either be unable to get menu, or
  will receive menu of some other user. Upstream released a fix for this
  issue:

  https://git.lxde.org/gitweb/?p=lxde/menu-
  cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1703564/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1709420] Re: flac: Fix heap write overflow on frame format change

[Simon Quigley]

** Changed in: vlc (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: vlc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: vlc (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: vlc (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: vlc (Ubuntu)
     Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Changed in: vlc (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: vlc (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: vlc (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1709420

Title:
  flac: Fix heap write overflow on frame format change

Status in vlc package in Ubuntu:
  Fix Released
Status in vlc source package in Trusty:
  In Progress
Status in vlc source package in Xenial:
  In Progress
Status in vlc source package in Zesty:
  In Progress

Bug description:
  plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows
  remote attackers to cause a denial of service (heap corruption and
  application crash) or possibly have unspecified other impact via a crafted
  FLAC file.

  This is tracked in CVE-2017-9300.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1709420/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1708354] Re: VSV00001 DoS vulnerability

[Simon Quigley]

** Changed in: varnish (Ubuntu)
   Status: In Progress => Fix Released

** Changed in: varnish (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: varnish (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: varnish (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: varnish (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708354

Title:
  [CVE] Correctly handle bogusly large chunk sizes

Status in varnish package in Ubuntu:
  Fix Released
Status in varnish source package in Xenial:
  In Progress
Status in varnish source package in Zesty:
  In Progress

Bug description:
  https://varnish-cache.org/security/VSV1.html

  CVE-2017-12425

  Date: 2017-08-02

  A wrong if statement in the varnishd source code means that particular
  invalid requests from the client can trigger an assert.

  This causes the varnishd worker process to abort and restart, loosing
  the cached contents in the process.

  An attacker can therefore crash the varnishd worker process on demand
  and effectively keep it from serving content - a Denial-of-Service
  attack.

  Mitigation is possible from VCL or by updating to a fixed version of Varnish 
Cache.
  Versions affected

  4.0.1 to 4.0.4
  4.1.0 to 4.1.7
  5.0.0
  5.1.0 to 5.1.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1708354/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1708542] Re: Fix potential access violation, use runtime user dir instead of tmp dir

[Simon Quigley]

** Changed in: pcmanfm (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: pcmanfm (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: pcmanfm (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: pcmanfm (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: pcmanfm (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: pcmanfm (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: pcmanfm (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708542

Title:
  Fix potential access violation, use runtime user dir instead of tmp
  dir

Status in pcmanfm package in Ubuntu:
  Fix Released
Status in pcmanfm source package in Trusty:
  In Progress
Status in pcmanfm source package in Xenial:
  In Progress
Status in pcmanfm source package in Zesty:
  In Progress

Bug description:
  PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user
  to cause a denial of service (application unavailability). This is tracked in 
CVE-2017-8934, and should be fixed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1708542/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1574544] Re: [SRU] Light-locker-settings crash on startup

[Simon Quigley]

** Changed in: light-locker-settings
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1574544

Title:
  [SRU] Light-locker-settings crash on startup

Status in light-locker-settings:
  Fix Released
Status in light-locker-settings package in Ubuntu:
  Fix Released
Status in light-locker-settings source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  Getting this fix in Xenial would allow for the user to use light-
  locker-settings again, without this fix, light-locker-settings is
  unusable.

  [Test Case]

  Open a terminal and type the following:

  $ light-locker-settings

  If the bug is fixed, light-locker-settings should launch normally.

  [Regression Potential]

  The regression potential is low because it's a trivial fix that
  upstream has already adopted.

  [Original bug description]

  I installed Xubuntu 16.04 as a new installation, and light-locker-
  settings cannot be opened. Starting from command line I get a
  following backtrace:

  
/usr/share/light-locker-settings/light-locker-settings/light-locker-settings.py:29:
 PyGIWarning: Gtk was imported without specifying a version first. Use 
gi.require_version('Gtk', '3.0') before import to ensure that the right version 
gets loaded.
    from gi.repository import Gtk, GLib, Gio
  Traceback (most recent call last):
    File 
"/usr/share/light-locker-settings/light-locker-settings/light-locker-settings.py",
 line 697, in 
  main = LightLockerSettings()
    File 
"/usr/share/light-locker-settings/light-locker-settings/light-locker-settings.py",
 line 98, in __init__
  self.init_settings()
    File 
"/usr/share/light-locker-settings/light-locker-settings/light-locker-settings.py",
 line 454, in init_settings
  if self.check_running_process("xfce4-power-manager"):
    File 
"/usr/share/light-locker-settings/light-locker-settings/light-locker-settings.py",
 line 219, in check_running_process
  for pid in psutil.get_pid_list():
  AttributeError: 'module' object has no attribute 'get_pid_list'

  There is a similar backtrace in #1323807, but the original case seems
  different.

To manage notifications about this bug go to:
https://bugs.launchpad.net/light-locker-settings/+bug/1574544/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1535156] Re: Remove mplayer2 from archive

[Simon Quigley]

Lubuntu has the smplayer and gnome-mplayer packages. These packages both
pick up mplayer, so I think the solution has already been released. I'm
marking as Fix Released.

** Changed in: lubuntu-meta (Ubuntu)
   Status: Triaged => Fix Released

** Changed in: lubuntu-meta (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1535156

Title:
  Remove mplayer2 from archive

Status in lubuntu-meta package in Ubuntu:
  Fix Released
Status in mplayer2 package in Ubuntu:
  Fix Released
Status in lubuntu-meta source package in Xenial:
  Fix Released
Status in mplayer2 source package in Xenial:
  Fix Released
Status in mplayer2 package in Debian:
  Fix Released

Bug description:
  mplayer2 is dead upstream, this package was synced from debian, but
  they have now removed it from unstable.

  It has been replaced by mplayer coming back into debian.

  Lubuntu seed this, but I think they should probably switch to mplayer.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lubuntu-meta/+bug/1535156/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp