[ubuntu/xenial-updates] libmspack 0.5-1ubuntu0.16.04.4 (Accepted)
libmspack (0.5-1ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2019-1010305.patch: length checks when looking for control files in mspack/chmd.c. - CVE-2019-1010305 Date: 2019-07-18 16:35:38.189480+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] squid3 3.5.12-1ubuntu7.8 (Accepted)
squid3 (3.5.12-1ubuntu7.8) xenial-security; urgency=medium * SECURITY UPDATE: incorrect digest auth parameter parsing - debian/patches/CVE-2019-12525.patch: check length in src/auth/digest/Config.cc. - CVE-2019-12525 * SECURITY UPDATE: basic auth uudecode length issue - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc, include/uudecode.h, lib/uudecode.c. - CVE-2019-12529 Date: 2019-07-17 15:09:31.977522+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ansible 2.0.0.2-2ubuntu1.2 (Accepted)
ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: Fix vulnerability where a local user could use symlinks to write arbitrary files or gain privileges. - debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames in the LXC plugin. - CVE-2016-3096 * SECURITY UPDATE: Avoid unicode strings injection. - debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup returns not tainting the jinja2 environment. - CVE-2017-7481 * SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point to a plugin or a module path under control and execute arbitrary code. - debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world writable cwd. - CVE-2018-10875 * SECURITY UPDATE: Avoid information disclosure in log and command line. - debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase on command line. - CVE-2018-16837 Date: 2019-07-16 15:11:13.706260+00:00 Changed-By: Paulo Flabiano Smorigo Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial8 (Accepted)
libreoffice (1:5.1.6~rc2-0ubuntu1~xenial8) xenial-security; urgency=medium * SECURITY UPDATE: LibreLogo arbitrary script execution - debian/patches/CVE-2019-9848.diff: don't allow LibreLogo to be used with mouseover/etc dom-alike events. - CVE-2019-9848 * SECURITY UPDATE: Remote bullet graphics retrieved in 'stealth mode' - debian/patches/CVE-2019-9849.diff: include bullet graphics in 'stealth mode' protection. - CVE-2019-9849 Date: 2019-07-16 23:42:16.733737+00:00 Changed-By: Marcus Tomlinson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] thunderbird 1:60.8.0+build1-0ubuntu0.16.04.2 (Accepted)
thunderbird (1:60.8.0+build1-0ubuntu0.16.04.2) xenial; urgency=medium * Add patch to fix some "error: missing documentation for macro" errors - debian/patch/fix-missing-docs-error.patch thunderbird (1:60.8.0+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (60.8.0build1) Date: 2019-07-05 18:06:49.210309+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/thunderbird/1:60.8.0+build1-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] dosbox 0.74-4.2+deb9u2build0.16.04.1 (Accepted)
dosbox (0.74-4.2+deb9u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-07-15 17:48:31.696750+00:00 Changed-By: Steve Beattie Maintainer: Jan Dittberner Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/dosbox/0.74-4.2+deb9u2build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] redis 2:3.0.6-1ubuntu0.4 (Accepted)
redis (2:3.0.6-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: heap buffer overflows in Hyperloglog (Closes: #1836496) - debian/patches/CVE-2019-10192.patch: Fix hyperloglog corruption - CVE-2019-10192 Date: 2019-07-15 19:37:13.379498+00:00 Changed-By: Julian Andres Klode Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/redis/2:3.0.6-1ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] nss 2:3.28.4-0ubuntu0.16.04.6 (Accepted)
nss (2:3.28.4-0ubuntu0.16.04.6) xenial-security; urgency=medium * SECURITY UPDATE: OOB read when importing a curve25519 private key - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip leading 0's from key material during PKCS11 import in nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c, nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c, nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c. - CVE-2019-11719 * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys - debian/patches/CVE-2019-11729-1.patch: more thorough input checking in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c, nss/lib/freebl/ec.c, nss/lib/util/quickder.c. - CVE-2019-11729 Date: 2019-07-12 12:57:13.868666+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] squid3 3.5.12-1ubuntu7.7 (Accepted)
squid3 (3.5.12-1ubuntu7.7) xenial-security; urgency=medium * SECURITY UPDATE: DoS via SNMP memory leak - debian/patches/CVE-2018-19132.patch: fix leak in src/snmp_core.cc. - CVE-2018-19132 * SECURITY UPDATE: XSS issues in cachemgr.cgi - debian/patches/CVE-2019-13345.patch: properly escape values in tools/cachemgr.cc. - CVE-2019-13345 Date: 2019-07-11 18:47:19.452715+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.7 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] exiv2 0.25-2.1ubuntu16.04.4 (Accepted)
exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch Date: 2019-07-10 19:30:14.101670+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/exiv2/0.25-2.1ubuntu16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flightcrew 0.7.2+dfsg-6ubuntu0.1 (Accepted)
flightcrew (0.7.2+dfsg-6ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference (DoS) when processing crafted EPUB file - debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed opf items in GetRelativePathToNcx() - debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed opf items in GetRelativePathsToXhtmlDocuments() - CVE-2019-13032 * SECURITY UPDATE: Zip Slip directory traversal when processing a crafted EPUB file - debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer - debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to always be safe - debian/patches/CVE-2019-13241-3.patch: harden further by throwing exception - CVE-2019-13241 * SECURITY UPDATE: Infinite loop leading to DoS and resource consumption - debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios library by checking for EOF - CVE-2019-13453 Date: 2019-07-11 18:16:08.176250+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-6ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] zipios++ 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 (Accepted)
zipios++ (0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: Infinite loop leading to DoS and resource consumption - debian/patches/04_CVE-2019-13453.dpatch: Prevent infinite loop by checking for EOF - CVE-2019-13453 Date: 2019-07-11 13:17:35.824384+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/zipios++/0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] rustc 1.34.1+dfsg2+llvm-0ubuntu1~16.04.1 (Accepted)
rustc (1.34.1+dfsg2+llvm-0ubuntu1~16.04.1) xenial; urgency=medium * Backport to Xenial. * Relax the gdb build requirement - update debian/control * Relax the dependency on xz-utils by commenting out some unused code - add debian/patches/d-relax-xz-utils-dependency.patch - update debian/patches/series rustc (1.34.1+dfsg2+llvm-0ubuntu1) eoan; urgency=medium * New upstream release. - Refresh patches. - Bump rustc versions in d/control. * Add d-no-web-dependencies-in-doc-0.1.7.patch: there are now two copies of mdbook that need patching. * Adjust d/rules to cope with the fact that src/llvm is now src/llvm-project. rustc (1.33.0+dfsg1+llvm-1~exp1ubuntu1) eoan; urgency=medium * Merge from Debian unstabl^Wexperimenta^WNEW. Remaining changes: - Use the bundled llvm to avoid having to do llvm updates in order to deliver rust updates - update debian/config.toml.in - update debian/control - update debian/copyright - update debian/rules - Build-Depend on libc6-dbg on armhf, to workaround a crash in ld.so during some debuginfo tests - update debian/control - Add a hack to ensure the stage0 compiler is extracted to the correct location - update debian/make_orig-stage0_tarball.sh - Scrub -g from CFLAGS and CXXFLAGS in order to let rustbuild control whether LLVM is compiled with debug symbols - update debian/rules - On i386, only build debuginfo for libstd - update debian/rules - Ignore all test failures on every architecture - update debian/rules - Version the Build-Conflict on gdb-minimal as gdb now Provides it - update debian/control - Adjust the rustc Breaks/Replaces libstd-rust-dev version to fix an upgrade issue - update debian/control - Adjust debian/watch to include +llvm in upstream version. - update debian/watch rustc (1.33.0+dfsg1-1~exp1) experimental; urgency=medium * New upstream release. [ Hiroaki Nakamura ] * Delete obsolete patch. [ Sylvestre Ledru ] * Update compiler-rt patch. * Improve build-related docs a bit. rustc (1.32.0+dfsg1+llvm-1ubuntu1) disco; urgency=medium * Merge from Debian unstable. Remaning changes: - Use the bundled llvm to avoid having to do llvm updates in order to deliver rust updates - update debian/config.toml.in - update debian/control - update debian/copyright - update debian/rules - Build-Depend on libc6-dbg on armhf, to workaround a crash in ld.so during some debuginfo tests - update debian/control - Add a hack to ensure the stage0 compiler is extracted to the correct location - update debian/make_orig-stage0_tarball.sh - Scrub -g from CFLAGS and CXXFLAGS in order to let rustbuild control whether LLVM is compiled with debug symbols - update debian/rules - On i386, only build debuginfo for libstd - update debian/rules - Ignore all test failures on every architecture - update debian/rules - Version the Build-Conflict on gdb-minimal as gdb now Provides it - update debian/control - Adjust the rustc Breaks/Replaces libstd-rust-dev version to fix an upgrade issue - update debian/control - Adjust debian/watch to include +llvm in upstream version. - update debian/watch Date: 2019-05-16 23:25:11.536237+00:00 Changed-By: Michael Hudson-Doyle Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/rustc/1.34.1+dfsg2+llvm-0ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 68.0+build3-0ubuntu0.16.04.1 (Accepted)
firefox (68.0+build3-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (68.0build3)
firefox (68.0+build2-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (68.0build2)
* Update exclusion patterns to remove outdated entries and to trim down the
final size of the source tarball
- debian/config/tarball.conf
firefox (68.0+build1-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (68.0build1)
[ Olivier Tilloy ]
* Update debian/patches/unity-menubar.patch
* Work around a GGC bug on i386 and s390x (https://gcc.gnu.org/PR90756)
- debian/patches/skcms-workaround-gcc-bug.patch
* New firefox-geckodriver package (LP: #1831204)
* Stop building firefox-testsuite (LP: #1805019)
* Port chromium-browser's autopkgtests to firefox (LP: #1831454)
[ Rico Tzschichholz ]
* Update patches
- debian/patches/mark-distribution-search-engines-as-read-only.patch
- debian/patches/no-region-overrides-for-google-search.patch
- debian/patches/partially-revert-google-search-update.patch
- debian/patches/ppc-no-static-sizes.patch
- debian/patches/support-coinstallable-trunk-build.patch
- debian/patches/ubuntu-ua-string-changes.patch
* Bump build-dep on rustc >= 1.34.0 and cargo >= 0.35
- debian/control{,.in}
* Update cbindgen to 0.8.7
- debian/build/create-tarball.py
* Update locales, remove 'as', 'mai', 'ml' and 'or'
* Update debian/config/searchplugins.conf
* Follow change of location of list.json for searchplugins
- debian/rules
Date: 2019-07-06 10:31:16.048163+00:00
Changed-By: Olivier Tilloy
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/firefox/68.0+build3-0ubuntu0.16.04.1
Sorry, changesfile not available.--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] cargo 0.35.0-0ubuntu1~16.04.1 (Accepted)
cargo (0.35.0-0ubuntu1~16.04.1) xenial; urgency=medium * Backport to Xenial. * Embed libgit2 0.27.0 to avoid a dependency on a version which is newer than that found in bionic - add debian/libgit2 - add debian/patches/do-not-use-system-libgit2.patch - update debian/control - update debian/rules - update debian/copyright - update debian/patches/series - update debian/README.source * Hack the libgit2-sys build process to link the bundled libgit2 against the system's libhttp_parser. - add debian/patches/use-system-libhttp-parser.patch - update debian/patches/series * Drop ssh_key_from_memory from the git2 default features, as that results in the libgit2 build depending on a version of libssh2 that is too recent - add debian/patches/git2-no-ssh_key_from_memory.patch - update debian/patches/series * Do not use the http2 feature of the curl crate, and warn rather than fail on errors caused by a too-old curl. - add debian/patches/ignore-libcurl-errors.patch - update debian/patches/series cargo (0.35.0-0ubuntu1) eoan; urgency=medium * New upstream version. - Refresh patches. - Remove d/patches/1003_increase_timeout_for_slow_arches_like_mips.patch, no longer needed. cargo (0.34.0-0ubuntu1) eoan; urgency=medium * New upstream version. - Refresh patches. cargo (0.33.0-1ubuntu2) disco; urgency=medium * Fix a rounding issue in vendor/typenum. - add debian/patches/typenum-rounding.patch - update debian/patches/series cargo (0.33.0-1ubuntu1) disco; urgency=medium * Merge from Debian unstable. Remaining changes: - Don't use the bootstrap.py script for bootstrapping as it no longer works. - remove debian/bootstrap.py - update debian/make_orig_multi.sh - Disable fetch tests on non x86/x86-64 architectures, as those hit an unreachable!() in test code. Disable the Debian patch that disables these tests on every architecture - add debian/patches/disable-fetch-tests-on-non-x86.patch - update debian/patches/series - Disable test tool_paths::custom_runner which fails every now and again because of a libstd bug (https://github.com/rust-lang/rust/issues/55242) - add debian/patches/disable-tool_paths-custom_runner.patch - update debian/patches/series * Dropped change: - Ignore test failures on s390x. There's no Debian build yet on this arch and there's nothing in the archive that requires cargo on s390x at this time - update debian/rules Date: 2019-05-16 23:32:13.015674+00:00 Changed-By: Michael Hudson-Doyle Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/cargo/0.35.0-0ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.223ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (32.0.0.223ubuntu0.16.04.1) xenial-security; urgency=medium
* New upstream release (32.0.0.223)
- debian/flashplugin-installer.{config,postinst},
debian/post-download-hook: Updated version and sha256sum
Date: 2019-07-09 12:27:14.428655+00:00
Changed-By: Chris Coulson
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.223ubuntu0.16.04.1
Sorry, changesfile not available.--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] gvfs 1.28.2-1ubuntu1~16.04.3 (Accepted)
gvfs (1.28.2-1ubuntu1~16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: incorrect D-Bus server socket restrictions - debian/patches/CVE-2019-12795-1.patch: check that the connecting client is the same user in daemon/gvfsdaemon.c. - debian/patches/CVE-2019-12795-2.patch: only accept EXTERNAL authentication in daemon/gvfsdaemon.c. - CVE-2019-12795 Date: 2019-07-05 13:59:18.858044+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/gvfs/1.28.2-1ubuntu1~16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] whoopsie 0.2.52.5ubuntu0.1 (Accepted)
whoopsie (0.2.52.5ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP: #1830863) - src/whoopsie.c: Don't use signed integer types for lengths to ensure large crash dumps do not cause signed integer overflow - CVE-2019-11476 Date: 2019-07-05 07:42:38.503518+00:00 Changed-By: Alex Murray Maintainer: Evan Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/whoopsie/0.2.52.5ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] apport 2.20.1-0ubuntu2.19 (Accepted)
apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary files (LP: #1830858) - apport/report.py: Avoid TOCTOU issue on users ignore file by dropping privileges and then opening the file both test for access and open the file in a single operation, instead of using access() before reading the file which could be abused by a symlink to cause Apport to read and embed an arbitrary file in the resulting crash dump. - CVE-2019-7307 Date: 2019-07-04 06:07:14.079469+00:00 Changed-By: Alex Murray Maintainer: Martin Pitt Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.19 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] zeromq3 4.1.4-7ubuntu0.1 (Accepted)
zeromq3 (4.1.4-7ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated client can cause a stack overflow on any server that is supposed to be protected by encryption/authentication, leading to a DoS (crash) or possibly other impact. - debian/patches/CVE-2019-13132.patch: create buffers large enough to contain arbitrary metadata. - CVE-2019-13132 Date: 2019-07-08 16:09:15.911307+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/zeromq3/4.1.4-7ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] glib2.0 2.48.2-0ubuntu4.3 (Accepted)
glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium * SECURITY UPDATE: Not properly restrict directory and file permissions - debian/patches/CVE-2019-13012.patch: changes the permissions when a directory is created, using 700 instead 777 in gio/gkeyfilesettingsbackend.c and changes test to run in a temp directory in gio/tests/gsettings.c. - CVE-2019-13012 Date: 2019-07-08 13:44:16.961906+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] runc 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4 (Accepted)
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 15:00:16.639855+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/runc/1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] docker.io 18.09.7-0ubuntu1~16.04.4 (Accepted)
docker.io (18.09.7-0ubuntu1~16.04.4) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 13:37:17.299495+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] containerd 1.2.6-0ubuntu1~16.04.3 (Accepted)
containerd (1.2.6-0ubuntu1~16.04.3) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 14:46:13.812076+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libvirt 1.3.1-1ubuntu10.27 (Accepted)
libvirt (1.3.1-1ubuntu10.27) xenial-security; urgency=medium * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for read-only connection - debian/patches/CVE-2019-10161.patch: add check to src/libvirt-domain.c, src/qemu/qemu_driver.c, src/remote/remote_protocol.x. - CVE-2019-10161 * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for read-only connection - debian/patches/CVE-2019-10167.patch: add check to src/libvirt-domain.c. - CVE-2019-10167 Date: 2019-07-02 14:34:13.455700+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.27 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] irssi 0.8.19-1ubuntu1.9 (Accepted)
irssi (0.8.19-1ubuntu1.9) xenial-security; urgency=medium * SECURITY UPDATE: User after free - debian/patches/CVE-2019-13045.patch: copy sasl username and password values in src/irc/core/irc-core.c, src/irc/core/irc-servers-reconnect.c, src/irc/core/irc-servers-setup.c. - CVE-2019-13045 Date: 2019-07-02 13:31:13.857487+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.9 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] bzip2 1.0.6-8ubuntu0.2 (Accepted)
bzip2 (1.0.6-8ubuntu0.2) xenial-security; urgency=medium * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises incorrect CRC error. (LP: #1834494) - debian/patches/Accept-as-many-selectors-as-selectors*.patch Date: 2019-07-04 12:34:13.079836+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python-django 1.8.7-1ubuntu5.9 (Accepted)
python-django (1.8.7-1ubuntu5.9) xenial-security; urgency=medium * SECURITY UPDATE: Incorrect HTTP detection with reverse-proxy connecting via HTTPS - debian/patches/CVE-2019-12781.patch: made HttpRequest always trusty SECURE_PROXY_SSL_HEADER if set in django/http/request.py, docs/ref/settings.txt and added tests to tests/settings_test/tests.py. - CVE-2019-12781 Date: 2019-06-24 17:17:19.334990+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.9 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] thunderbird 1:60.7.2+build2-0ubuntu0.16.04.1 (Accepted)
thunderbird (1:60.7.2+build2-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (60.7.2build2) Date: 2019-06-25 11:43:13.222429+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.2+build2-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] znc 1.6.3-1ubuntu0.2 (Accepted)
znc (1.6.3-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Fix vulnerability that allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. - debian/patches/CVE-2019-12816.patch: Fix remote code execution and privilege escalation. - CVE-2019-12816 Date: 2019-06-27 18:27:13.411464+00:00 Changed-By: Paulo Flabiano Smorigo Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/znc/1.6.3-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.14 (Accepted)
poppler (0.41.0-0ubuntu1.14) xenial-security; urgency=medium * SECURITY UPDATE: DoS in GfxImageColorMap::getGray - debian/patches/CVE-2017-9865.patch: clear buffers in utils/HtmlOutputDev.cc, utils/ImageOutputDev.cc. - CVE-2017-9865 * SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile - debian/patches/CVE-2018-18897.patch: enforcing single initialization in poppler/GfxState.cc, qt5/src/poppler-qt5.h. - CVE-2018-18897 * SECURITY UPDATE: DoS via crafted PDF file - debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a Dict in utils/pdfunite.cc. - CVE-2018-20662 * SECURITY UPDATE: buffer over-read in downsample_row_box_filter - debian/patches/CVE-2019-9631-1.patch: compute correct coverage values for box filter in poppler/CairoRescaleBox.cc. - debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in rescale filter in poppler/CairoRescaleBox.cc. - CVE-2019-9631 * SECURITY UPDATE: dict marking mishandling - debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file in poppler/PDFDoc.cc. - CVE-2019-9903 * SECURITY UPDATE: DoS via FPE - debian/patches/CVE-2019-10018-10023.patch: check for zero in poppler/Function.cc. - CVE-2019-10018 - CVE-2019-10023 * SECURITY UPDATE: DoS via FPE - debian/patches/CVE-2019-10019.patch: check nStripes in poppler/PSOutputDev.cc. - CVE-2019-10019 * SECURITY UPDATE: DoS via FPE - debian/patches/CVE-2019-10021.patch: check nBits in poppler/Stream.cc. - CVE-2019-10021 * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-10872.patch: restrict filling of overlapping boxes in splash/Splash.cc. - CVE-2019-10872 * SECURITY UPDATE: buffer over-read in JPXStream::init - debian/patches/CVE-2019-12293.patch: fail gracefully if not all components have the same WxH in poppler/JPEG2000Stream.cc. - CVE-2019-12293 Date: 2019-06-26 17:55:51.598133+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.14 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] expat 2.1.0-7ubuntu0.16.04.4 (Accepted)
expat (2.1.0-7ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20843.patch: adds a break in setElementTypePrefix avoiding consume a high amount of RAM and CPU in lib/xmlparser.c - CVE-2018-20843 Date: 2019-06-26 17:00:18.886819+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] bzip2 1.0.6-8ubuntu0.1 (Accepted)
bzip2 (1.0.6-8ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2016-3189.patch: add a outFile NULL in order to fix a potential user-after-free in bzip2/recover.c. - CVE-2016-3189 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2019-12900.patch: make sure nSelectors is not out of range in decompress.c. - CVE-2019-12900 Date: 2019-06-25 19:47:13.980793+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] usb-creator 0.3.2ubuntu16.04.1 (Accepted)
usb-creator (0.3.2ubuntu16.04.1) xenial-security; urgency=medium * Unmount device during image operation so a single policykit prompt can be displayed to the user. (LP: #1832337) Date: 2019-06-19 12:49:19.644472+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/usb-creator/0.3.2ubuntu16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] policykit-desktop-privileges 0.20ubuntu16.04.1 (Accepted)
policykit-desktop-privileges (0.20ubuntu16.04.1) xenial-security; urgency=medium * Don't allow usb-creator to overwrite devices without authentication. (LP: #1832337) Date: 2019-06-19 12:49:18.107352+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] neutron 2:8.4.0-0ubuntu7.4 (Accepted)
neutron (2:8.4.0-0ubuntu7.4) xenial-security; urgency=medium * SECURITY UPDATE: iptables security group rules issue - debian/patches/CVE-2019-9735.patch: when converting sg rules to iptables, do not emit dport if not supported in neutron/agent/linux/iptables_firewall.py, neutron/tests/unit/agent/linux/test_iptables_firewall.py. - CVE-2019-9735 Date: 2019-05-31 20:08:13.122963+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/neutron/2:8.4.0-0ubuntu7.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ceph 10.2.11-0ubuntu0.16.04.2 (Accepted)
ceph (10.2.11-0ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: incorrect permissions on dm-crypt keys - debian/patches/CVE-2018-14662.patch: limit caps allowed to access the store in qa/suites/rados/singleton/all/mon-config-key-caps.yaml, qa/workunits/mon/test_config_key_caps.sh, src/mon/MonCap.cc. - CVE-2018-14662 * SECURITY UPDATE: DoS against OMAPs holding bucket indices - debian/patches/CVE-2018-16846-pre1.patch: enforce bounds on max-keys/max-uploads/max-parts in src/rgw/rgw_op.cc, src/rgw/rgw_op.h, src/rgw/rgw_rest.cc, src/rgw/rgw_rest_swift.cc, src/common/config_opts.h. - debian/patches/CVE-2018-16846.patch: fix issues with 'enforce bounds' patch in src/rgw/rgw_op.cc, src/rgw/rgw_op.h, src/rgw/rgw_rest.cc. - CVE-2018-16846 Date: 2019-06-01 20:40:12.623224+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ceph/10.2.11-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] imagemagick 8:6.8.9.9-7ubuntu5.14 (Accepted)
imagemagick (8:6.8.9.9-7ubuntu5.14) xenial-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-*.patch: backport multiple upstream commits. - CVE-2017-12805, CVE-2017-12806, CVE-2018-16412, CVE-2018-16413, CVE-2018-17965, CVE-2018-17966, CVE-2018-18016, CVE-2018-18024, CVE-2018-18025, CVE-2018-20467, CVE-2019-7175, CVE-2019-7396, CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598 Date: 2019-06-15 15:50:18.622175+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.14 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 67.0.4+build1-0ubuntu0.16.04.1 (Accepted)
firefox (67.0.4+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0.4build1) Date: 2019-06-20 05:16:23.560898+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/67.0.4+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] web2py 2.12.3-1ubuntu0.1 (Accepted)
web2py (2.12.3-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: remote code execution - debian/patches/CVE-2016-3957-1.patch: more secure sessions in cookies using json - debian/patches/CVE-2016-3957-2.patch: restored pickles in sessions - debian/patches/CVE-2016-3957-3.patch: fixed sessions for long keys - CVE-2016-3957 - CVE-2016-3954 - CVE-2016-3953 * SECURITY UPDATE: brute force password attack - debian/patches/CVE-2016-10321.patch: check if host is denied before verifying passwords - CVE-2016-10321 * SECURITY UPDATE: information disclosure - debian/patches/CVE-2016-3952-1.patch: do not leak global settings into request object - debian/patches/CVE-2016-3952-2.patch: adding back cmd_options - debian/patches/CVE-2016-3952-3.patch: simplified beautify example - debian/patches/CVE-2016-3952-4.patch: fixing error due to removing global settings from request - debian/patches/CVE-2016-3952-5.patch: fixing typo on previous patch - CVE-2016-3952 Date: 2019-06-21 01:49:13.122760+00:00 Changed-By: Maria Emilia torino Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/web2py/2.12.3-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] intel-microcode 3.20190618.0ubuntu0.16.04.1 (Accepted)
intel-microcode (3.20190618.0ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: New upstream microcode datafile 20190618 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 + Add MDS mitigation support for Sandy Bridge server and Core-X processor families.(LP: #1830123) intel-microcode (3.20190514.0ubuntu0.18.04.3) bionic-security; urgency=medium * Update to final 20190514 microcode update. (LP: #1829745) - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + New Microcodes: sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 + Add MDS mitigation support for Cherry Trail and Bay Trail processor families. [ Dimitri John Ledkov ] * Do not override preset defaults from auto-exported conf snippets loaded by initramfs-tools. This thus allows other hooks, or alternative confdir override the built-in defaults at mkinitramfs time. Specifically to support generating installer/golden/bare-metal initrds with all microcodes for any hardware. intel-microcode (3.20190514.0ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: new upstream datafile 20190507 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x310, size 47104 sig 0x00050656, pf_mask 0xbf, 2019-01-28, rev 0x41c, size 47104 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x521, size 47104 + Updated Microcodes: sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb36, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x25e, size 32768 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x717, size 24576 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf15, size 23552 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe0d, size 19456 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 + Reinstated Microcodes: sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720 Date: 2019-06-20 16:22:13.785683+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/intel-microcode/3.20190618.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] mosquitto 1.4.8-1ubuntu0.16.04.7 (Accepted)
mosquitto (1.4.8-1ubuntu0.16.04.7) xenial-security; urgency=medium * SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings - debian/patches/add-validate-utf8.patch: Add validate UTF-8 - debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation fixes - CVE-2017-7653 * SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated clients to send crafted CONNECT packets which could cause DoS - debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused by a malicious CONNECT packet - CVE-2017-7654 Date: 2019-06-19 19:08:13.166199+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/mosquitto/1.4.8-1ubuntu0.16.04.7 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] thunderbird 1:60.7.1+build1-0ubuntu0.16.04.1 (Accepted)
thunderbird (1:60.7.1+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (60.7.1build1) Date: 2019-06-13 10:27:14.345780+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.1+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] evince 3.18.2-1ubuntu4.5 (Accepted)
evince (3.18.2-1ubuntu4.5) xenial-security; urgency=medium
* apparmor-profile: apply hardening from Ubuntu 18.10
- add preamble for expectations of the profile
- evince{-previewer}: restrict access to DBus system bus (we allow full
access to session, translation and accessibility buses for compatibility)
+ allow Get* to anything polkit allows
+ allow talking to avahi (for printing)
+ allow talking to colord (for printing)
- make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
+ remove evince abstraction and use only what is needed from it
+ limit access to DBus session bus
+ generally disallow writes
+ allow reads for non-hidden files
* debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
- disallow access to the dirs of private files (LP: #1788929)
* debian/apparmor-profile: allow /bin/env ixr
Date: 2019-06-18 21:31:18.863440+00:00
Changed-By: Jamie Strandboge
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/evince/3.18.2-1ubuntu4.5
Sorry, changesfile not available.--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] agg 2.5+dfsg1-9+deb8u1build0.16.04.1 (Accepted)
agg (2.5+dfsg1-9+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian (LP: #1821407) Date: 2019-06-18 21:55:13.236661+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/agg/2.5+dfsg1-9+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] gunicorn 19.4.5-1ubuntu1.1 (Accepted)
gunicorn (19.4.5-1ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: Fix HTTP header splitting vulnerability - debian/patches/CVE-2018-1000164.patch: adds header checking and error handling - CVE-2018-1000164 Date: 2019-06-14 20:32:13.062708+00:00 Changed-By: Mark Morlino Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/gunicorn/19.4.5-1ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] sqlite3 3.11.0-1ubuntu1.2 (Accepted)
sqlite3 (3.11.0-1ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2016-6153-*.patch: change temp direcotry search algorithm in src/os_unix.c. - CVE-2016-6153 * SECURITY UPDATE: heap-base buffer over-read - debian/patches/CVE-2017-10989.patch: enhance RTree module in ext/rtree/rtree.c and added test in ext/rtree/rtreeA.text. - CVE-2017-10989 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-13685.patch: adds checks in src/shell.c. - CVE-2017-13685 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-2518.patch: prevent a use-after-free in src/whereexpr.c. - CVE-2017-2518 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-2519.patch: increase the size of the reference count on table objects to 32bits in src/sqliteInt.h. - CVE-2017-2519 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-2520.patch: add a check for pVal in src/vdbemem.c - CVE-2017-2520 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-20346-and-CVE-2018-20506.patch: add extra defenses against strategically corrupt databases in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test, test/permutations.test. - CVE-2018-20346 - CVE-2018-20506 * SECURITY UPDATE: heap out-of-bound read - debian/patches/CVE-2019-8457.patch: enhance the rtreenode() in ext/rtree/rtree.c. - debian/patches/CVE-2019-8457-string-interface.patch: add string interface in src/btree.c, src/build.c, src/func.c, src/mutex.c, src/pragma.c, src/printf.c, src/sqlite.h.in, src/sqliteInt.h, src/treeview.c, src/vdbeaux.c, src/vdbetrace.c, src/wherecode.c. - CVE-2019-8457 * security update: heap-buffer over-read - debian/patches/cve-2019-9936.patch: add checks in code in order to fix in ext/fts5/fts5_hash.c, ext/fts5/test/fts5aa.test. - CVE-2019-9936 * security update: NULL pointer dereference - debian/patches/cve-2019-9937.patch: fix in ext/fts5/fts5Int.h, ext/fts5/fts5_hash.c, ext/fts5/fts5_index.c, ext/fts5/test/fts5aa.test. - CVE-2019-9937 Date: 2019-06-18 13:40:17.520359+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/sqlite3/3.11.0-1ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 67.0.3+build1-0ubuntu0.16.04.1 (Accepted)
firefox (67.0.3+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0.3build1) Date: 2019-06-18 08:04:19.650808+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/67.0.3+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 67.0.2+build2-0ubuntu0.16.04.1 (Accepted)
firefox (67.0.2+build2-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0.2build2) firefox (67.0.2+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0.2build1) Date: 2019-06-10 21:03:12.683686+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/67.0.2+build2-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.207ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (32.0.0.207ubuntu0.16.04.1) xenial-security; urgency=medium
* New upstream release (32.0.0.207)
- debian/flashplugin-installer.{config,postinst},
debian/post-download-hook: Updated version and sha256sum
Date: 2019-06-11 13:48:22.923133+00:00
Changed-By: Chris Coulson
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.207ubuntu0.16.04.1
Sorry, changesfile not available.--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] openjpeg2 2.1.2-1.1+deb9u3build0.16.04.1 (Accepted)
openjpeg2 (2.1.2-1.1+deb9u3build0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: sync from Debian stretch-security openjpeg2 (2.1.2-1.1+deb9u3) stretch-security; urgency=medium * Non-maintainer upload by the Security Team. * CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873). * CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks (closes: #889683). * CVE-2017-17480: Write stack buffer overflow due to missing buffer length formatter in fscanf call (closes: #884738). * CVE-2018-18088: Null pointer dereference caused by null image components in imagetopnm (closes: #910763). * CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533). Date: 2019-06-11 23:02:12.866779+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2-1.1+deb9u3build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] minissdpd 1.2.20130907-3+deb8u2build0.16.04.1 (Accepted)
minissdpd (1.2.20130907-3+deb8u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian minissdpd (1.2.20130907-3+deb8u2) jessie-security; urgency=high * CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a remote attacker to crash the process. (Closes: #929297) Date: 2019-06-11 23:12:12.968684+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/minissdpd/1.2.20130907-3+deb8u2build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] roundup 1.4.20-1.1+deb8u2build0.16.04.1 (Accepted)
roundup (1.4.20-1.1+deb8u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-06-11 23:17:12.726120+00:00 Changed-By: Steve Beattie Maintainer: Kai Storbeck Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/roundup/1.4.20-1.1+deb8u2build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] vim 2:7.4.1689-3ubuntu1.3 (Accepted)
vim (2:7.4.1689-3ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution - debian/patches/CVE-2019-12735.patch: disallow sourcing a file in the sandbox in src/getchar.c - CVE-2019-12735 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-5953.patch: check for an invalid length in order to avoid a overflow in src/spell.c. - CVE-2017-5953 Date: 2019-06-11 15:01:13.762061+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/vim/2:7.4.1689-3ubuntu1.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] dbus 1.10.6-1ubuntu3.4 (Accepted)
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: reject DBUS_COOKIE_SHA1 for users other than the server owner in dbus/dbus-auth.c. - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: add basic test coverage for DBUS_COOKIE_SHA1 in dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, test/data/auth/cookie-sha1-username.auth-script, test/data/auth/cookie-sha1.auth-script. - CVE-2019-12749 Date: 2019-06-10 19:41:12.626700+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] sudo 1.8.16-0ubuntu1.7 (Accepted)
sudo (1.8.16-0ubuntu1.7) xenial-security; urgency=medium * debian/patches/terminate-with-commands-signal.patch: re-enable patch that got dropped by mistake in previous upload. (LP: #1832257) Date: 2019-06-10 22:50:13.014260+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.7 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] glib2.0 2.48.2-0ubuntu4.2 (Accepted)
glib2.0 (2.48.2-0ubuntu4.2) xenial-security; urgency=medium * SECURITY UPDATE: Less restrictive permissions during copying - debian/patches/CVE-2019-12450.patch: limit access to file when copying in file_copy_fallback in file gio/gfile.c. - CVE-2019-12450 Date: 2019-06-10 13:12:13.218237+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libsndfile 1.0.25-10ubuntu0.16.04.2 (Accepted)
libsndfile (1.0.25-10ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/*.patch: sync multiple security patches with 1.0.28-6. - CVE-2017-6892, CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-17456, CVE-2017-17457, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832 Date: 2019-06-07 19:22:12.151425+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-10ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] elfutils 0.165-3ubuntu1.2 (Accepted)
elfutils (0.165-3ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: DoS via a crafted file - debian/patches/CVE-2018-16062.patch: make sure there is enough data to read full aranges header in libdw/dwarf_getaranges.c, src/readelf.c. - CVE-2018-16062 * SECURITY UPDATE: double free and application crash - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c, libelf/libelf.h. - CVE-2018-16402 * SECURITY UPDATE: incorrect end of the attributes list check - debian/patches/CVE-2018-16403.patch: check end of attributes list consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c. - CVE-2018-16403 * SECURITY UPDATE: invalid memory address dereference - debian/patches/CVE-2018-18310.patch: sanity check partial core file data reads in libdwfl/dwfl_segment_report_module.c. - CVE-2018-18310 * SECURITY UPDATE: invalid memory address dereference - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in src/size.c. - CVE-2018-18520 * SECURITY UPDATE: divide by zero vulnerabilties - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero in src/arlib.c. - CVE-2018-18521 * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c, src/readelf.c. - CVE-2019-7149 * SECURITY UPDATE: incorrect truncated dyn data read handling - debian/patches/CVE-2019-7150.patch: sanity check partial core file dyn data read in libdwfl/dwfl_segment_report_module.c. - CVE-2019-7150 * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes contain a zero terminated string in libdwfl/linux-core-attach.c, libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c. - CVE-2019-7665 Date: 2019-06-07 17:29:13.405688+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/elfutils/0.165-3ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] jinja2 2.8-1ubuntu0.1 (Accepted)
jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: sandbox escape via str.format - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format expressions in jinja2/nodes.py, jinja2/sandbox.py. - debian/patches/CVE-2016-10745-2.patch: fix a name error for an uncommon attribute access in the sandbox in jinja2/sandbox.py. - CVE-2016-10745 * SECURITY UPDATE: sandbox escape via str.format_map - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in jinja2/sandbox.py. - CVE-2019-10906 Date: 2019-05-14 18:11:16.418776+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/jinja2/2.8-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 67.0.1+build1-0ubuntu0.16.04.1 (Accepted)
firefox (67.0.1+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0.1build1) Date: 2019-05-29 21:11:13.009845+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] apparmor 2.10.95-0ubuntu2.11 (Accepted)
apparmor (2.10.95-0ubuntu2.11) xenial-security; urgency=medium * Make dnsmasq profile and Python utility changes necessary to continue working correctly after the Linux kernel change to address CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied. (LP: #1830802) - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch - 0001-handle_children-automatically-add-m-permissions-on-i.patch Date: 2019-05-28 22:07:37.328480+00:00 Changed-By: Tyler Hicks Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.11 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] php7.0 7.0.33-0ubuntu0.16.04.5 (Accepted)
php7.0 (7.0.33-0ubuntu0.16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: overflow in exif_process_IFD_TAG - debian/patches/CVE-2019-11036.patch: check dir_entry in ext/exif/exif.c. - CVE-2019-11036 * SECURITY UPDATE: out-of-bounds read in _php_iconv_mime_decode() - debian/patches/CVE-2019-11039.patch: add an extra check in ext/iconv/iconv.c. - CVE-2019-11039 * SECURITY UPDATE: heap-buffer-overflow on php_jpg_get16 - debian/patches/CVE-2019-11040.patch: add an extra check in ext/exif/exif.c. - CVE-2019-11040 Date: 2019-06-04 18:26:13.867827+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] db5.3 5.3.28-11ubuntu0.2 (Accepted)
db5.3 (5.3.28-11ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Heap out-of-bounds read - debian/patches/CVE-2019-8457.patch: enhance the rtreenode function in lang/sql/sqlite/ext/rtree/rtree.c. - CVE-2019-8457 Date: 2019-06-03 16:23:15.496611+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/db5.3/5.3.28-11ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] qtbase-opensource-src 5.5.1+dfsg-16ubuntu7.6 (Accepted)
qtbase-opensource-src (5.5.1+dfsg-16ubuntu7.6) xenial-security; urgency=medium * SECURITY UPDATE: double-free or corruption via illegal XML document - debian/patches/CVE-2018-15518.patch: fix possible heap corruption in QXmlStream in src/corelib/xml/qxmlstream_p.h. - CVE-2018-15518 * SECURITY UPDATE: NULL pointer dereference in QGifHandler - debian/patches/CVE-2018-19870.patch: check for QImage allocation failure in src/gui/image/qgifhandler.cpp. - CVE-2018-19870 * SECURITY UPDATE: buffer overflow in QBmpHandler - debian/patches/CVE-2018-19873.patch: check for out of range image size in src/gui/image/qbmphandler.cpp. - CVE-2018-19873 * debian/rules: create a HOME directory so that tests can run. * debian/patches/fix_failing_cookie_tests.patch: fix failing tests because of expired cookies. Date: 2019-02-11 16:40:16.704212+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.5.1+dfsg-16ubuntu7.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] doxygen 1.8.11-1ubuntu0.1 (Accepted)
doxygen (1.8.11-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Cross-site scripting/iframe injection - debian/patches/CVE-2016-10245.patch: correctly escape user supplied data in templates/html/search_opensearch.php. - CVE-2016-10245 Date: 2019-05-31 12:31:17.521958+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/doxygen/1.8.11-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libseccomp 2.4.1-0ubuntu0.16.04.2 (Accepted)
libseccomp (2.4.1-0ubuntu0.16.04.2) xenial-security; urgency=medium [ Marc Deslauriers ] * Updated to new upstream 2.4.1 version to fix security issue. - CVE-2019-9893 * debian/patches/*: removed, all included in new version. * debian/control: add valgrind to Build-Depends to get more unit tests. * debian/libseccomp2.symbols: added new symbols. * debian/docs: removed, new version doesn't have README file. [ Jamie Strandboge ] * db-properly-reset-attribute-state.patch: db: properly reset the attribute state in db_col_reset() Date: 2019-05-03 20:39:13.006489+00:00 Changed-By: Jamie Strandboge Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libseccomp/2.4.1-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] corosync 2.3.5-3ubuntu2.3 (Accepted)
corosync (2.3.5-3ubuntu2.3) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-1084-*.patch: check length of the packet in exec/totemcrypto.c. - CVE-2018-1084 Date: 2019-05-30 12:49:13.737449+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/corosync/2.3.5-3ubuntu2.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] gnutls28 3.4.10-4ubuntu1.5 (Accepted)
gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium * SECURITY UPDATE: Lucky-13 issues - debian/patches/CVE-2018-1084x-1.patch: correctly account the length field in SHA384 HMAC in lib/algorithms/mac.c, lib/gnutls_cipher.c. - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of blocks that would have been on minimum pad in lib/gnutls_cipher.c. - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under SSL3.0 in lib/gnutls_cipher.c. - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256 ciphersuites were removed from defaults in lib/gnutls_priority.c, tests/priorities.c. - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in tests/pkcs12_encode.c. - CVE-2018-10844 - CVE-2018-10845 - CVE-2018-10846 Date: 2019-05-29 13:54:13.311868+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] evolution-data-server 3.18.5-1ubuntu1.2 (Accepted)
evolution-data-server (3.18.5-1ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: GPG email signature spoofing - debian/patches/CVE-2018-15587-1.patch: Add more strict parsing for output from gpg in src/camel/camel-gpg-context.c to ensure signatures cannot be spoofed - debian/patches/CVE-2018-15587-2.patch: Ensure decrypted output is not truncated in src/camel/camel-gpg-context.c - debian/patches/CVE-2018-15587-3.patch: Fix incomplete upstream patch in src/camel/camel-gpg-context.c to ensure the entire message is read Date: 2019-05-28 12:16:14.365200+00:00 Changed-By: Alex Murray Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] chromium-browser 74.0.3729.169-0ubuntu0.16.04.1 (Accepted)
chromium-browser (74.0.3729.169-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.169 * debian/patches/revert-gn-4960.patch: added * debian/patches/revert-gn-4980.patch: added * debian/tests/data/HTML5test/index.html: mock whichbrowser.net to remove external test dependency chromium-browser (74.0.3729.157-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.157 chromium-browser (74.0.3729.131-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.131 - CVE-2019-5824: Parameter passing error in media player. chromium-browser (74.0.3729.108-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.108 - CVE-2019-5805: Use after free in PDFium. - CVE-2019-5806: Integer overflow in Angle. - CVE-2019-5807: Memory corruption in V8. - CVE-2019-5808: Use after free in Blink. - CVE-2019-5809: Use after free in Blink. - CVE-2019-5810: User information disclosure in Autofill. - CVE-2019-5811: CORS bypass in Blink. - CVE-2019-5812: URL spoof in Omnibox on iOS. - CVE-2019-5813: Out of bounds read in V8. - CVE-2019-5814: CORS bypass in Blink. - CVE-2019-5815: Heap buffer overflow in Blink. - CVE-2019-5816: Exploit persistence extension on Android. - CVE-2019-5817: Heap buffer overflow in Angle on Windows. - CVE-2019-5818: Uninitialized value in media reader. - CVE-2019-5819: Incorrect escaping in developer tools. - CVE-2019-5820: Integer overflow in PDFium. - CVE-2019-5821: Integer overflow in PDFium. - CVE-2019-5822: CORS bypass in download manager. - CVE-2019-5823: Forced navigation from service worker. * debian/patches/default-allocator: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/gn-add-missing-arm-impl-files.patch: removed, no longer needed * debian/patches/gn-no-last-commit-position.patch: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-enable-version-string.patch: refreshed Date: 2019-05-22 10:43:20.462753+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/chromium-browser/74.0.3729.169-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] thunderbird 1:60.7.0+build1-0ubuntu0.16.04.1 (Accepted)
thunderbird (1:60.7.0+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (60.7.0build1) Date: 2019-05-20 11:04:08.971510+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.0+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] keepalived 1:1.2.24-1ubuntu0.16.04.2 (Accepted)
keepalived (1:1.2.24-1ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: heap-based overflow in HTTP status codes parsing - debian/patches/CVE-2018-19115.patch: refactor parsing in lib/html.c. - CVE-2018-19115 Date: 2019-02-14 16:28:12.282321+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/keepalived/1:1.2.24-1ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.21 (Accepted)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.21) xenial-security; urgency=medium * SECURITY REGRESSION: panics following recent update (LP: #1827924) - debian/patches/bug13315.patch: do not crash if we fail to init the session table in source3/smbd/negprot.c. Date: 2019-05-23 14:36:14.873477+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.21 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] intel-microcode 3.20190514.0ubuntu0.16.04.2 (Accepted)
intel-microcode (3.20190514.0ubuntu0.16.04.2) xenial-security; urgency=medium * Update to final 20190514 microcode update. (LP: #1829745) - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + New Microcodes: sig 0x00030678, pf_mask 0x02, 2016.04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2016.04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2016.04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2016.04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2016.04-23, rev 0x0411, size 68608 + Add MDS mitigation support for Cherry Trail and Bay Trail processor families. [ Dimitri John Ledkov ] * Do not override preset defaults from auto-exported conf snippets loaded by initramfs-tools. This thus allows other hooks, or alternative confdir override the built-in defaults at mkinitramfs time. Specifically to support generating installer/golden/bare-metal initrds with all microcodes for any hardware. Date: 2019-05-22 07:35:14.103476+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/intel-microcode/3.20190514.0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] curl 7.47.0-1ubuntu2.13 (Accepted)
curl (7.47.0-1ubuntu2.13) xenial-security; urgency=medium * SECURITY UPDATE: TFTP receive buffer overflow - debian/patches/CVE-2019-5346.patch: use the current blksize in lib/tftp.c. - CVE-2019-5346 Date: 2019-05-16 18:05:13.952710+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] putty 0.67-3+deb9u1build0.16.04.1 (Accepted)
putty (0.67-3+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian (LP: #1821407) putty (0.67-3+deb9u1) stretch-security; urgency=high * Backport security fixes from 0.71: - In random_add_noise, put the hashed noise into the pool, not the raw noise. - New facility for removing pending toplevel callbacks. - CVE-2019-9898: Fix one-byte buffer overrun in random_add_noise(). - uxnet: clean up callbacks when closing a NetSocket. - sk_tcp_close: fix memory leak of output bufchain. - Fix handling of bad RSA key with n=p=q=0. - Sanity-check the 'Public-Lines' field in ppk files. - Introduce an enum of the uxsel / select_result flags. - CVE-2019-9895: Switch to using poll(2) in place of select(2). - CVE-2019-9894: RSA kex: enforce the minimum key length. - CVE-2019-9897: Fix crash on ESC#6 + combining chars + GTK + odd-width terminal. - CVE-2019-9897: Limit the number of combining chars per terminal cell. - minibidi: fix read past end of line in rule W5. - CVE-2019-9897: Fix crash printing a width-2 char in a width-1 terminal. Date: 2019-05-21 17:56:13.399371+00:00 Changed-By: Steve Beattie Maintainer: Colin Watson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/putty/0.67-3+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] cargo 0.33.0-1ubuntu1~16.04.1 (Accepted)
cargo (0.33.0-1ubuntu1~16.04.1) xenial; urgency=medium * Backport to xenial * Embed libgit2 0.27.0 to avoid a dependency on a version which is newer than that found in bionic - add debian/libgit2 - add debian/patches/do-not-use-system-libgit2.patch - update debian/control - update debian/rules - update debian/copyright - update debian/patches/series - update debian/README.source * Hack the libgit2-sys build process to link the bundled libgit2 against the system's libhttp_parser. - add debian/patches/use-system-libhttp-parser.patch - update debian/patches/series * Drop ssh_key_from_memory from the git2 default features, as that results in the libgit2 build depending on a version of libssh2 that is too recent - add debian/patches/git2-no-ssh_key_from_memory.patch - update debian/patches/series * Do not use the http2 feature of the curl crate, and warn rather than fail on errors caused by a too-old curl. - add debian/patches/ignore-libcurl-errors.patch - update debian/patches/series cargo (0.33.0-1ubuntu1) disco; urgency=medium * Merge from Debian unstable. Remaining changes: - Don't use the bootstrap.py script for bootstrapping as it no longer works. - remove debian/bootstrap.py - update debian/make_orig_multi.sh - Disable fetch tests on non x86/x86-64 architectures, as those hit an unreachable!() in test code. Disable the Debian patch that disables these tests on every architecture - add debian/patches/disable-fetch-tests-on-non-x86.patch - update debian/patches/series - Disable test tool_paths::custom_runner which fails every now and again because of a libstd bug (https://github.com/rust-lang/rust/issues/55242) - add debian/patches/disable-tool_paths-custom_runner.patch - update debian/patches/series * Dropped change: - Ignore test failures on s390x. There's no Debian build yet on this arch and there's nothing in the archive that requires cargo on s390x at this time - update debian/rules cargo (0.33.0-1) unstable; urgency=medium * New upstream release. cargo (0.32.0-2~exp1) experimental; urgency=medium * Drop patch 2007, for disabling incremental build on sparc64. Closes: bug#917048, Thanks to John Paul Adrian Glaubitz. cargo (0.32.0-1) unstable; urgency=medium * debian-cargo-wrapper: Support DEB_CARGO_INSTALL_PREFIX for installing into somewhere other than /usr, e.g. / or /usr/lib/cargo. * Move dev scripts from /usr/share/cargo into /usr/share/cargo/scripts. * Increase yet another timeout duration for slower architectures. cargo (0.32.0-1~exp3) experimental; urgency=medium [ Matt Kraai ] * Rename bash completion script so that it's used. [ Ximin Luo ] * Further increase a timeout duration for mips. * debian-cargo-wrapper: add --link-to-system option cargo (0.32.0-1~exp2) experimental; urgency=medium * Try to deal with the various test failures as suggested by upstream. cargo (0.32.0-1~exp1ubuntu1) disco; urgency=medium * Merge from Debian experimental. Remaining changes: - Don't use the bootstrap.py script for bootstrapping as it no longer works. - remove debian/bootstrap.py - update debian/make_orig_multi.sh - Ignore test failures on s390x. There's no Debian build yet on this arch and there's nothing in the archive that requires cargo on s390x at this time - update debian/rules - Disable fetch tests on non x86/x86-64 architectures, as those hit an unreachable!() in test code. Disable the Debian patch that disables these tests on every architecture - add debian/patches/disable-fetch-tests-on-non-x86.patch - update debian/patches/series - Disable test tool_paths::custom_runner which fails every now and again because of a libstd bug (https://github.com/rust-lang/rust/issues/55242) - add debian/patches/disable-tool_paths-custom_runner.patch - update debian/patches/series Date: 2019-02-27 08:20:12.938165+00:00 Changed-By: Michael Hudson-Doyle Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/cargo/0.33.0-1ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] nasm-mozilla 2.13.02-0ubuntu0.16.04.1 (Accepted)
nasm-mozilla (2.13.02-0ubuntu0.16.04.1) xenial; urgency=medium [ Rico Tzschichholz ] * Backport nasm 2.13 to xenial for building Firefox Date: 2019-03-21 17:58:12.242039+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/nasm-mozilla/2.13.02-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] rustc 1.32.0+dfsg1+llvm-1ubuntu1~16.04.1 (Accepted)
rustc (1.32.0+dfsg1+llvm-1ubuntu1~16.04.1) xenial; urgency=medium * Backport to Xenial. * Relax the gdb build requirement - update debian/control * Relax the dependency on xz-utils by commenting out some unused code - add debian/patches/d-relax-xz-utils-dependency.patch - update debian/patches/series rustc (1.32.0+dfsg1+llvm-1ubuntu1) disco; urgency=medium * Merge from Debian unstable. Remaning changes: - Use the bundled llvm to avoid having to do llvm updates in order to deliver rust updates - update debian/config.toml.in - update debian/control - update debian/copyright - update debian/rules - Build-Depend on libc6-dbg on armhf, to workaround a crash in ld.so during some debuginfo tests - update debian/control - Add a hack to ensure the stage0 compiler is extracted to the correct location - update debian/make_orig-stage0_tarball.sh - Scrub -g from CFLAGS and CXXFLAGS in order to let rustbuild control whether LLVM is compiled with debug symbols - update debian/rules - On i386, only build debuginfo for libstd - update debian/rules - Ignore all test failures on every architecture - update debian/rules - Version the Build-Conflict on gdb-minimal as gdb now Provides it - update debian/control - Adjust the rustc Breaks/Replaces libstd-rust-dev version to fix an upgrade issue - update debian/control - Adjust debian/watch to include +llvm in upstream version. - update debian/watch rustc (1.32.0+dfsg1-1) unstable; urgency=medium * New upstream release. rustc (1.32.0~beta.2+dfsg1-1~exp2) experimental; urgency=medium * Note that this upstream version already Closes: #917191. * Backport other upstream fixes. (Closes: #916818, #917000, #917192). rustc (1.32.0~beta.2+dfsg1-1~exp1) experimental; urgency=medium * New upstream release. * Drop obsolete d-sparc64-dont-pack-spans.patch rustc (1.31.0+dfsg1+llvm-2ubuntu1) disco; urgency=medium * Merge from Debian unstable. Remaining changes: - Use the bundled llvm to avoid having to do llvm updates in order to deliver rust updates - update debian/config.toml.in - update debian/control - update debian/copyright - update debian/rules - Build-Depend on libc6-dbg on armhf, to workaround a crash in ld.so during some debuginfo tests - update debian/control - Add a hack to ensure the stage0 compiler is extracted to the correct location - update debian/make_orig-stage0_tarball.sh - Scrub -g from CFLAGS and CXXFLAGS in order to let rustbuild control whether LLVM is compiled with debug symbols - update debian/rules - On i386, only build debuginfo for libstd - update debian/rules - Ignore all test failures on every architecture - update debian/rules - Version the Build-Conflict on gdb-minimal as gdb now Provides it - update debian/control - Adjust the rustc Breaks/Replaces libstd-rust-dev version to fix an upgrade issue - update debian/control - Adjust debian/watch to include +llvm in upstream version. Date: 2019-03-14 08:47:12.174349+00:00 Changed-By: Michael Hudson-Doyle Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/rustc/1.32.0+dfsg1+llvm-1ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 67.0+build2-0ubuntu0.16.04.1 (Accepted)
firefox (67.0+build2-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0build2) firefox (67.0+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (67.0build1) [ Olivier Tilloy ] * Re-enable and update debian/patches/unity-menubar.patch [ Rico Tzschichholz ] * Update patches - debian/patches/partially-revert-google-search-update.patch - debian/patches/mark-distribution-search-engines-as-read-only.patch - debian/patches/support-coinstallable-trunk-build.patch - debian/patches/cleanup-old-distribution-search-engines.patch - debian/patches/ubuntu-ua-string-changes.patch - debian/patches/armhf-disable-unaligned-fp-access-emulation.patch * Bump build-dep on rustc >= 1.32.0 and cargo >= 0.33 * Update cbindgen to 0.8.4 - debian/build/create-tarball.py Date: 2019-05-17 14:03:14.455066+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/67.0+build2-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libraw 0.17.1-1ubuntu0.5 (Accepted)
libraw (0.17.1-1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: infinite loop issues - debian/patches/CVE-2018-581x.patch: add more checks to dcraw/dcraw.c, internal/dcraw_common.cpp. - CVE-2018-5817 - CVE-2018-5818 - CVE-2018-5819 * SECURITY UPDATE: NULL deref in LibRaw::raw2image - debian/patches/CVE-2018-20363.patch: add check in src/libraw_cxx.cpp. - CVE-2018-20363 * SECURITY UPDATE: NULL deref in LibRaw::copy_bayer - debian/patches/CVE-2018-20364.patch: add check in src/libraw_cxx.cpp. - CVE-2018-20364 * SECURITY UPDATE: heap overflow in LibRaw::raw2image() - debian/patches/CVE-2018-20365.patch: zero filters in dcraw/dcraw.c, internal/dcraw_common.cpp. - CVE-2018-20365 Date: 2019-05-17 18:57:12.824394+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python-urllib3 1.13.1-2ubuntu0.16.04.3 (Accepted)
python-urllib3 (1.13.1-2ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: credential disclosure via cross-origin redirect - debian/patches/CVE-2018-20060-*.patch: backport logic to strip Authorization header when following a cross-origin redirect. - CVE-2018-20060 * SECURITY UPDATE: CRLF injection issue - debian/patches/CVE-2019-11236-1.patch: check for control chars in URL in urllib3/connection.py, urllib3/contrib/pyopenssl.py, urllib3/util/url.py, test/test_util.py. - debian/patches/CVE-2019-11236-2.patch: percent-encode invalid target characters in urllib3/util/url.py, test/test_util.py. - debian/patches/CVE-2019-11236-3.patch: don't use embedded python-six in urllib3/util/url.py. - CVE-2019-11236 Date: 2019-05-14 13:14:14.921079+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python-urllib3/1.13.1-2ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] qemu 1:2.5+dfsg-5ubuntu10.39 (Accepted)
qemu (1:2.5+dfsg-5ubuntu10.39) xenial-security; urgency=medium * Disable patches from 1:2.5+dfsg-5ubuntu10.37 to prevent regression (LP: #1829245) - d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch - d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch Date: 2019-05-16 13:28:14.319734+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.39 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] wireshark 2.6.8-1~ubuntu16.04.0 (Accepted)
wireshark (2.6.8-1~ubuntu16.04.0) xenial-security; urgency=medium * Rebuild for Xenial to fix multiple security issues * Make wireshark depend on both wireshark-gtk and wireshark-qt wireshark (2.6.8-1) unstable; urgency=medium * New upstream version 2.6.8 - security fixes (Closes: #926718): - NetScaler file parser crash. (CVE-2019-10895) - SRVLOC dissector crash. (CVE-2019-10899) - GSS-API dissector crash. (CVE-2019-10894) - DOF dissector crash. (CVE-2019-10896) - LDSS dissector crash. (CVE-2019-10901) - DCERPC SPOOLSS dissector crash. (CVE-2019-10903) wireshark (2.6.7-1) unstable; urgency=medium [ Balint Reczey ] * Drop unapplied backport-to-old-gnutls.patch * Ship captype and randpkt in wireshark-common (Closes: #919027) * Override a few Lintian issues * New upstream version 2.6.7 - security fixes (Closes: #923611): - ASN.1 BER and related dissectors crash. (CVE-2019-9209) - TCAP dissector crash. (CVE-2019-9208) - RPCAP dissector crash. (CVE-2019-9214) [ Joe Hansen ] * Danish debconf translate translation update (Closes: #923064) wireshark (2.6.6-1) unstable; urgency=medium [ Jean-Philippe MENGUAL ] * French debconf translation update (Closes: #915161) [ Balint Reczey ] * New upstream version 2.6.6 - security fixes: - The P_MUL dissector could crash. (CVE-2019-5717) - The RTSE dissector and other dissectors could crash. (CVE-2019-5718) - The ISAKMP dissector could crash. (CVE-2019-5719) - The 6LoWPAN dissector could crash. (CVE-2019-5716) * Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089) Date: 2019-05-15 20:00:35.881633+00:00 Changed-By: Balint Reczey Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu16.04.0 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libvirt 1.3.1-1ubuntu10.26 (Accepted)
libvirt (1.3.1-1ubuntu10.26) xenial-security; urgency=medium * SECURITY UPDATE: Add support for md-clear functionality - debian/patches/md-clear.patch: Define md-clear CPUID bit in src/cpu/cpu_map.xml. - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Date: 2019-05-14 19:26:51.728875+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.26 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] intel-microcode 3.20190514.0ubuntu0.16.04.1 (Accepted)
04-17, rev 0x00c6, size 99328 sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 - Added back upstream but blacklisted by packaging due to the issues around addressing Intel SA-00030: sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 * Remaining changes from Debian: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config Date: 2019-05-13 23:29:31.114158+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/intel-microcode/3.20190514.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] qemu 1:2.5+dfsg-5ubuntu10.38 (Accepted)
qemu (1:2.5+dfsg-5ubuntu10.38) xenial-security; urgency=medium * SECURITY UPDATE: Add support for exposing md-clear functionality to guests - d/p/ubuntu/enable-md-clear.patch - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * SECURITY UPDATE: heap overflow when loading device tree blob - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to copy the device tree blob into is. - CVE-2018-20815 * SECURITY UPDATE: information leak in SLiRP - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when emulating ident. - CVE-2019-9824 qemu (1:2.5+dfsg-5ubuntu10.38~test.1) xenial-security; urgency=medium * Add support for exposing md-clear functionality to guests - d/u/enable-md-clear.patch Date: 2019-05-09 09:31:28.500762+00:00 Changed-By: Steve Beattie Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.38 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.192ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (32.0.0.192ubuntu0.16.04.1) xenial-security; urgency=medium
* New upstream release (32.0.0.192)
- debian/flashplugin-installer.{config,postinst},
debian/post-download-hook: Updated version and sha256sum
Date: 2019-05-14 12:36:17.915694+00:00
Changed-By: Chris Coulson
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.192ubuntu0.16.04.1
Sorry, changesfile not available.--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.20 (Accepted)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.20) xenial-security; urgency=medium * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum - debian/patches/CVE-2018-16860.patch: reject PA-S4U2Self with unkeyed checksum in source4/heimdal/kdc/krb5tgs.c. - CVE-2018-16860 Date: 2019-05-08 16:57:13.987272+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.20 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] openjdk-8 8u212-b03-0ubuntu1.16.04.1 (Accepted)
openjdk-8 (8u212-b03-0ubuntu1.16.04.1) xenial-security; urgency=medium * Backport from Eoan. * debian/control: regenerated. openjdk-8 (8u212-b03-0ubuntu1) eoan; urgency=medium [ Tiago Stürmer Daitx ] * Update to 8u212-b03. LP: #1826001. * Security fixes: - S8211936, CVE-2019-2602: Better String parsing. - S8218453, CVE-2019-2684: More dynamic RMI interactions. - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID(). * Revert to GTK2 as default since GTK3 still has padding and component issues: - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on libgtk2.0-0 instead of relying on gtk3 for some releases. * debian/control: add missing dependency on testng (required by the testsuites). [ Andrej Shadura ] * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS. Closes: 922757. [ Matthias Klose ] * debian/rules, debian/tests/jtdiff-autopkgtest.sh, debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh: only set the JDK under test and allow jtreg to use its default JDK for running the tests. [ Thorsten Glaser ] * Improve compatibility with older releases. Closes: #925407. - debian/rules: determine source date using backwards-compatible dpkg-parsechangelog call. - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as it can be empty. openjdk-8 (8u212-b01-1) unstable; urgency=medium * Update to 8u212-b01. * Enable SA on AArch64. openjdk-8 (8u202-b26-3) unstable; urgency=medium * Fix the 8u202 merge for aarch32, not using SA. openjdk-8 (8u202-b26-2) unstable; urgency=medium * Fix builds using the aarch32 hotspot version. openjdk-8 (8u202-b26-1) unstable; urgency=high * Update to 8u202-b26. * Security fixes: - CVE-2019-2422, S8206290: Better FileChannel transfer performance. - CVE-2019-2426, S8209094: Improve web server connections. - S8199156: Better route routing. - S8199552: Update to build scripts. - S8200659: Improve BigDecimal support. - S8203955: Improve robot support. - S8204895: Better icon support. - S8205709: Proper allocation handling. - S8205714: Initial class initialization. - S8210094: Better loading of classloader classes. - S8210606: Improved data set handling. - S8210866: Improve JPEG processing. [ Tiago Stürmer Daitx ] * Update DEP8 tests: - debian/tests/control: updated to allow stderr output and to remove dpkg-dev dependency. - debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture instead of dpkg-architecture; log script name on any output. - debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead of dpkg-architecture; do not retain test temporary files; log script name on any output. - debian/tests/jtreg-autopkgtest.sh: regenerated. openjdk-8 (8u191-b12-2ubuntu0.18.04.1) bionic-security; urgency=medium * Backport from Disco. * debian/control: regenerated. openjdk-8 (8u191-b12-2ubuntu0.19.04.1) disco; urgency=medium * Apply 11.0.2 security patches. * Security fixes: - CVE-2019-2422, S8206290: Better FileChannel transfer performance. - CVE-2019-2426, S8209094: Improve web server connections. - S8199156: Better route routing. - S8199552: Update to build scripts. - S8200659: Improve BigDecimal support. - S8203955: Improve robot support. - S8204895: Better icon support. - S8205709: Proper allocation handling. - S8205714: Initial class initialization. - S8210094: Better loading of classloader classes. - S8210606: Improved data set handling. - S8210866: Improve JPEG processing. * Update DEP8 tests: - debian/tests/control: updated to allow stderr output and to remove dpkg-dev dependency. - debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture instead of dpkg-architecture; log script name on any output. - debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead of dpkg-architecture; do not retain test temporary files; log script name on any output. - debian/tests/jtreg-autopkgtest.sh: regenerated. * debian/patches/jdk-8u192-S8202261.patch: RandomAccessFile::setLength will not shrink sparse files. (LP: #1811324) Date: 2019-04-26 01:31:23.425065+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/openjdk-8/8u212-b03-0ubuntu1.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] vcftools 0.1.14+dfsg-2ubuntu0.1 (Accepted)
vcftools (0.1.14+dfsg-2ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Unsafe memory handling - debian/patches/CVE-2018-11099_11129-11130-1.patch: Added error if entries fail length expectations - debian/patches/CVE-2018-11099_11129-11130-2.patch: Additional tokenize checks - debian/patches/CVE-2018-11099_11129-11130-3.patch: Just warning, don't fail, if tokens don't meet expectations - CVE-2018-11099 - CVE-2018-11129 - CVE-2018-11130 Date: 2019-05-13 15:38:18.739539+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/vcftools/0.1.14+dfsg-2ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] postgresql-9.5 9.5.17-0ubuntu0.16.04.1 (Accepted)
postgresql-9.5 (9.5.17-0ubuntu0.16.04.1) xenial-security; urgency=medium * New upstream release(s) (LP: #1828012) - Prevent row-level security policies from being bypassed via selectivity estimators. CVE-2019-10130 - Details about these and many further changes can be found at: https://www.postgresql.org/docs/9.5/static/release-9-5-17.html Date: 2019-05-10 11:25:13.290987+00:00 Changed-By: Christian Ehrhardt Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 66.0.5+build1-0ubuntu0.16.04.1 (Accepted)
firefox (66.0.5+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (66.0.5build1) Date: 2019-05-08 08:37:51.655459+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/66.0.5+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] cups-filters 1.8.3-2ubuntu3.5 (Accepted)
cups-filters (1.8.3-2ubuntu3.5) xenial-security; urgency=medium * Fix PDF printing regression caused by latest Ghostscript security updates (LP: #1828401) - debian/patches/lp1828401.patch: don't use undocumented Ghostscript function in filter/foomatic-rip/pdf.c. Date: 2019-05-09 15:31:12.950265+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/cups-filters/1.8.3-2ubuntu3.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.9 (Accepted)
ghostscript (9.26~dfsg+0-0ubuntu0.16.04.9) xenial-security; urgency=medium * SECURITY UPDATE: code execution vulnerability - debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps. - debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use documented Ghostscript pdf procedures in lib/pdf2dsc.ps. - CVE-2019-3839 Date: 2019-05-07 17:29:13.294334+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.9 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 66.0.4+build3-0ubuntu0.16.04.1 (Accepted)
firefox (66.0.4+build3-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (66.0.4build3) (LP: #1827727) Date: 2019-05-06 10:11:12.079909+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/66.0.4+build3-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] wpa 2.4-0ubuntu6.5 (Accepted)
wpa (2.4-0ubuntu6.5) xenial-security; urgency=medium * SECURITY UPDATE: EAP-pwd DoS via unexpected fragment - debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling in src/eap_server/eap_server_pwd.c. - debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling in src/eap_peer/eap_pwd.c. - CVE-2019-11555 Date: 2019-05-01 14:57:14.842590+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] sudo 1.8.16-0ubuntu1.6 (Accepted)
sudo (1.8.16-0ubuntu1.6) xenial-security; urgency=medium [ Steve Beattie ] * SECURITY UPDATE: /proc/self/stat parsing newline confusion - debian/patches/CVE-2017-1000368.patch: read all lines of /proc/self/stat - CVE-2017-1000368 * debian/patches/avoid_sign_extension_tty_nr.patch: hardening to ensure sign extension doesn't occur when parsing /proc/self/stat [ Marc Deslauriers ] * SECURITY UPDATE: sudo noexec bypass - debian/patches/CVE-2016-7076-*.patch: wrap wordexp, add seccomp filter. - CVE-2016-7076 Date: 2019-05-01 16:19:13.033723+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] pinba-engine-mysql 1.1.0-1ubuntu1.12 (Accepted)
pinba-engine-mysql (1.1.0-1ubuntu1.12) xenial-security; urgency=medium * Rebuild against mysql 5.7.26. Date: 2019-04-26 11:48:13.202480+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/pinba-engine-mysql/1.1.0-1ubuntu1.12 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
