[Bug 1882353] Re: Ubuntu Dock and Top bar accessible from lockscreen
** Tags removed: impish -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1882353 Title: Ubuntu Dock and Top bar accessible from lockscreen To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-shell/+bug/1882353/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
** Description changed: - I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to - fix security issues and other bugs, as well as adding features that - increase compatibility with current websites. + I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix + security issues and other bugs, as well as adding features that increase + compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
** Description changed: - I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix - security issues and other bugs, as well as adding features that increase - compatibility with current websites. + I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to + fix security issues and other bugs, as well as adding features that + increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
Just adding some notes about this request: 1. 200MB debdiff, really hard to verify/validate/test. We need to think on a good way to guarantee that we are not introducing issues. 2. On Luis' PPA the package fails to build in some architectures. Luis is going to trigger another build and see if it passes. If it fails and continues to not include logs on why it fails, I will ask Launchpad team to investigate what's happening. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
Impish will reach end-of-life tomorrow. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
** Description changed: - I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to - fix security issues and other bugs, as well as adding features that - increase compatibility with current websites. + I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix + security issues and other bugs, as well as adding features that increase + compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. - - The version in Impish is vulnerable to - CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-22662, CVE-2022-22677, CVE-2022-26710, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. ** Summary changed: - Upgrade to 2.36.4 for Focal, Impish and Jammy + Upgrade to 2.36.4 for Focal and Jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
** Also affects: wpewebkit (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: wpewebkit (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
Given the first paragraph of comment #18, I just converted this bug back into a security update. ** Description changed: I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to fix security issues and other bugs, as well as adding features that increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Impish is vulnerable to CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-22662, CVE-2022-22677, CVE-2022-26710, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. - - [Test Plan] - For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly. - - [Where problems could occur] - There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive. ** Changed in: wpewebkit (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs