[ubuntu/xenial-updates] jhead 1:3.00-4+deb9u1build0.16.04.1 (Accepted)
jhead (1:3.00-4+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-29 14:53:15.105581+00:00 Changed-By: Mike Salvatore Maintainer: Ludovic Rousseau Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/jhead/1:3.00-4+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] putty 0.67-3build0.16.04.1 (Accepted)
putty (0.67-3build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-29 15:30:13.536226+00:00 Changed-By: Mike Salvatore Maintainer: Colin Watson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/putty/0.67-3build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] spice 0.12.6-4ubuntu0.4 (Accepted)
spice (0.12.6-4ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: off-by-one error in memslot_get_virt - debian/patches/CVE-2019-3813.patch: fix checks in server/red_memslots.c. - CVE-2019-3813 Date: 2019-01-24 17:02:12.447862+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/spice/0.12.6-4ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] unrtf 0.21.9-clean-3~build0.16.04.1 (Accepted)
unrtf (0.21.9-clean-3~build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-25 19:45:20.288629+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/unrtf/0.21.9-clean-3~build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] wireshark 2.6.6-1~ubuntu16.04.0 (Accepted)
wireshark (2.6.6-1~ubuntu16.04.0) xenial-security; urgency=medium * Rebuild for Xenial to fix multiple security issues * Make wireshark depend on both wireshark-gtk and wireshark-qt wireshark (2.6.6-1) unstable; urgency=medium [ Jean-Philippe MENGUAL ] * French debconf translation update (Closes: #915161) [ Balint Reczey ] * New upstream version 2.6.6 - security fixes: - The P_MUL dissector could crash. (CVE-2019-5717) - The RTSE dissector and other dissectors could crash. (CVE-2019-5718) - The ISAKMP dissector could crash. (CVE-2019-5719) - The 6LoWPAN dissector could crash. (CVE-2019-5716) * Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089) wireshark (2.6.5-1) unstable; urgency=medium * Add debian/gitlab-ci.yml * New upstream version 2.6.5 - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html - security fixes: - The Wireshark dissection engine could crash. (CVE-2018-19625) - The DCOM dissector could crash. (CVE-2018-19626) - The LBMPDM dissector could crash. (CVE-2018-19623) - The MMSE dissector could go into an infinite loop. (CVE-2018-19622) - The IxVeriWave file parser could crash. (CVE-2018-19627) - The PVFS dissector could crash. (CVE-2018-19624) - The ZigBee ZCL dissector could crash. (CVE-2018-19628) * Update symbols Date: 2019-01-23 15:24:04.980346+00:00 Changed-By: Balint Reczey Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/wireshark/2.6.6-1~ubuntu16.04.0 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] thunderbird 1:60.4.0+build2-0ubuntu0.16.04.1 (Accepted)
thunderbird (1:60.4.0+build2-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (60.4.0build2) * Refresh patches - update debian/patches/rust-drop-dll-checksums.patch * Fix a typo in the help text for the script to create the source tarball - update debian/build/create-tarball.py * Use https for source repositories - update debian/config/branch.mk Date: 2019-01-16 08:54:12.405171+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/thunderbird/1:60.4.0+build2-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] pinba-engine-mysql 1.1.0-1ubuntu1.11 (Accepted)
pinba-engine-mysql (1.1.0-1ubuntu1.11) xenial-security; urgency=medium * Rebuild against mysql 5.7.25. Date: 2019-01-22 20:13:23.662886+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/pinba-engine-mysql/1.1.0-1ubuntu1.11 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] mysql-5.7 5.7.25-0ubuntu0.16.04.2 (Accepted)
mysql-5.7 (5.7.25-0ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: Update to 5.7.25 to fix security issues - CVE-2019-2420, CVE-2019-2434, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2531, CVE-2019-2532, CVE-2019-2534, CVE-2019-2537 * debian/patches/fix-mysqldump-test-dates: bump mysqldump test date from 2018 to 2020 to fix failing test. Date: 2019-01-22 17:04:17.110915+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.25-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] bzrtp 1.0.2-1.2build0.16.04.1 (Accepted)
bzrtp (1.0.2-1.2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-23 15:08:14.709572+00:00 Changed-By: Mike Salvatore Maintainer: Debian VoIP Team Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/bzrtp/1.0.2-1.2build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.4 (Accepted)
ghostscript (9.26~dfsg+0-0ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: code execution vulnerability - debian/patches/CVE-2019-6116.patch: address .force* operators exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps, Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps, Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps, Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps, psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h. - CVE-2019-6116 Date: 2019-01-16 16:52:12.997162+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] virtualbox 5.1.38-dfsg-0ubuntu1.16.04.2 (Accepted)
virtualbox (5.1.38-dfsg-0ubuntu1.16.04.2) xenial-security; urgency=medium * debian/patches/fix-for-guest-to-host-escape-vulnerability.patch: - Apply patch for guest-to-host escape vulnerability (LP: #1809156) - CVE-2018-3294 Date: 2019-01-21 16:19:12.758679+00:00 Changed-By: Martin Konrad Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/virtualbox/5.1.38-dfsg-0ubuntu1.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] backintime 1.1.12-2~build0.16.04.1 (Accepted)
backintime (1.1.12-2~build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-22 17:43:14.243092+00:00 Changed-By: Mike Salvatore Maintainer: Jonathan Wiltshire Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/backintime/1.1.12-2~build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] tiff 4.0.6-1ubuntu0.5 (Accepted)
tiff (4.0.6-1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: NULL dereference in TIFFPrintDirectory - debian/patches/CVE-2018-7456.patch: properly handle color channels in libtiff/tif_dirread.c, libtiff/tif_print.c. - CVE-2018-7456 * SECURITY UPDATE: buffer overflow in LZWDecodeCompat - debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c. - CVE-2018-8905 * SECURITY UPDATE: DoS in TIFFWriteDirectorySec() - debian/patches/CVE-2018-10963.patch: avoid assertion in libtiff/tif_dirwrite.c. - CVE-2018-10963 * SECURITY UPDATE: multiple overflows - debian/patches/CVE-2018-1710x.patch: Avoid overflows in tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c. - CVE-2018-17100 - CVE-2018-17101 * SECURITY UPDATE: JBIGDecode out-of-bounds write - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c, libtiff/tif_read.c. - CVE-2018-18557 * SECURITY UPDATE: NULL pointer dereference in LZWDecode - debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c. - CVE-2018-18661 Date: 2019-01-17 15:13:12.516719+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.11 (Accepted)
poppler (0.41.0-0ubuntu1.11) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20481.patch: fix in poppler/XRef.cc. - CVE-2018-20481 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20650.patch: fix in poppler/FileSpec.cc. - CVE-2018-20650 Date: 2019-01-21 18:07:17.823992+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.11 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] xrdp 0.6.1-2ubuntu0.3 (Accepted)
xrdp (0.6.1-2ubuntu0.3) xenial-security; urgency=medium * SECURITY REGRESSION: Fix conection problem (LP: #1811122). Date: 2019-01-17 12:18:28.177688+00:00 Changed-By: Paulo Flabiano Smorigo Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/xrdp/0.6.1-2ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] unattended-upgrades 0.90ubuntu0.10 (Accepted)
unattended-upgrades (0.90ubuntu0.10) xenial-security; urgency=medium * No change rebuild in the -security pocket (See LP #1686470) Date: 2019-01-18 19:57:13.211311+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/unattended-upgrades/0.90ubuntu0.10 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] apt 1.2.29ubuntu0.1 (Accepted)
apt (1.2.29ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: content injection in http method (CVE-2019-3462) (LP: #1812353) Date: 2019-01-18 19:56:21.813026+00:00 Changed-By: Julian Andres Klode Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/apt/1.2.29ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] adplug 2.2.1+dfsg3-1~build0.16.04.1 (Accepted)
adplug (2.2.1+dfsg3-1~build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-17 21:06:16.169906+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/adplug/2.2.1+dfsg3-1~build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] irssi 0.8.19-1ubuntu1.8 (Accepted)
irssi (0.8.19-1ubuntu1.8) xenial-security; urgency=medium * SECURITY UPDATE: Use after free - debian/patches/CVE-2019-5882.patch: fix in src/fe-text/textbuffer-view.c. - CVE-2019-5882 Date: 2019-01-16 12:49:19.598871+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] autotrace 0.31.1-16+nmu1.2ubuntu0.1 (Accepted)
autotrace (0.31.1-16+nmu1.2ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2016-7392.patch: Fix an order of operations error in call to XMALLOC to avoid a heap-based buffer overflow when processing bmp images. - CVE-2016-7392 Date: 2019-01-16 19:48:13.080107+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/autotrace/0.31.1-16+nmu1.2ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] policykit-1 0.105-14.1ubuntu0.4 (Accepted)
policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 Date: 2019-01-15 13:49:31.826192+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/policykit-1/0.105-14.1ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libcaca 0.99.beta19-2ubuntu0.16.04.1 (Accepted)
libcaca (0.99.beta19-2ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: Floating point exception - debian/patches/CVE-2018-20544.patch: fix in caca/dither.c. - CVE-2018-20544 * SECURITY UPDATE: Buffer over-write - debian/patches/CVE-2018-20545_20548_20549.patch: fix in src/common-image.h. - CVE-2018-20545 - CVE-2018-20548 - CVE-2018-20549 * SECURITY UPDATE: Buffer over-read - debian/patches/CVE-2018-20546_20547.patch: fix in caca/dither.c. - CVE-2018-20546 - CVE-2018-20547 Date: 2019-01-14 16:54:40.383902+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libcaca/0.99.beta19-2ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libarchive 3.1.2-11ubuntu0.16.04.5 (Accepted)
libarchive (3.1.2-11ubuntu0.16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2017-14502.patch: fix in libarchive/archive_read_support_format_rar.c. - CVE-2017-14502 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-1000877.patch: fix in libarchive/archive_read_support_format_rar.c. - CVE-2018-1000877 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-1000878.patch: fix in libarchive/archive_read_support_format_rar.c. - CVE-2018-1000878 Date: 2019-01-14 14:30:13.372167+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libarchive/3.1.2-11ubuntu0.16.04.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] haproxy 1.6.3-1ubuntu0.2 (Accepted)
haproxy (1.6.3-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2018-20102.patch: check the bounds in src/dns.c. - CVE-2018-20102 Date: 2019-01-11 17:15:12.499479+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/haproxy/1.6.3-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] krb5 1.13.2+dfsg-5ubuntu2.1 (Accepted)
krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to modify a principal - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on empty arg - CVE-2016-3119 * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon is restricted - CVE-2016-3120 * SECURITY UPDATE: KDC assertion failure - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status assertion failures - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment - CVE-2017-11368 * SECURITY UPDATE: Double free vulnerability - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept failure - CVE-2017-11462 * SECURITY UPDATE: Authenticated kadmin with permission to add principals to an LDAP Kerberos can DoS or bypass DN container check. - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN checking - CVE-2018-5729 - CVE-2018-5730 Date: 2019-01-14 14:23:16.443521+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] php-pear 1:1.10.1+submodules+notgz-6ubuntu0.1 (Accepted)
php-pear (1:1.10.1+submodules+notgz-6ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: unserialization vulnerability in Archive_Tar - debian/patches/CVE-2018-1000888.patch: don't allow filenames to start with phar:// in submodules/Archive_Tar/Archive/Tar.php. - CVE-2018-1000888 Date: 2019-01-11 18:53:12.345727+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/php-pear/1:1.10.1+submodules+notgz-6ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] elixir 0.7.1-4build0.16.04.1 (Accepted)
elixir (0.7.1-4build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-14 16:12:16.669560+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/elixir/0.7.1-4build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] tardiff 0.1-5~build0.16.04.1 (Accepted)
tardiff (0.1-5~build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2019-01-14 16:30:17.927602+00:00 Changed-By: Mike Salvatore Maintainer: Axel Beckert Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/tardiff/0.1-5~build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] systemd 229-4ubuntu21.15 (Accepted)
systemd (229-4ubuntu21.15) xenial-security; urgency=medium * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec entry for process commandline on the stack - CVE-2018-16864 * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the number of fields (1k) - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the number of fields in a message - CVE-2018-16865 * SECURITY UPDATE: out-of-bounds read in journald - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier() - CVE-2018-16866 * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing recursively through directory trees - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to resolve this completely - CVE-2018-6954 * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation - add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch - update debian/patches/series * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts - add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch - update debian/patches/series Date: 2019-01-11 01:13:11.807696+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.15 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] exiv2 0.25-2.1ubuntu16.04.3 (Accepted)
exiv2 (0.25-2.1ubuntu16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-11591.patch: fix in include/exiv2/value.hpp. - CVE-2017-11591 * SECURITY UPDATE: Remote denial of service - debian/patches/CVE-2017-11683.patch: fix in src/tiffvisitor.cpp. - CVE-2017-11683 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14859_14862_14864.patch: fix in src/error.cpp, src/tiffvisitor.cpp. - CVE-2017-14859 - CVE-2017-14862 - CVE-2017-14864 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-17669.patch: fix in src/pngchunk.cpp. - CVE-2017-17669 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-9239.patch: fix in src/tiffcomposite.cpp. - CVE-2017-9239 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-17581.patch: fix in src/crwimage.cpp. - CVE-2018-17581 * SECURITY UPDATE: Denial of service - debian/patches/CVE-16336*.patch: fix in src/pngchunk.cpp. - CVE-2018-16336 * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp. Date: 2019-01-08 19:26:17.935238+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/exiv2/0.25-2.1ubuntu16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python-django 1.8.7-1ubuntu5.7 (Accepted)
python-django (1.8.7-1ubuntu5.7) xenial-security; urgency=medium * SECURITY UPDATE: content spoofing in the default 404 page - debian/patches/CVE-2019-3498.patch: properly quote string in django/views/defaults.py, add test to tests/handlers/tests.py. - CVE-2019-3498 Date: 2019-01-08 20:58:13.607190+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.7 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] xrdp 0.6.1-2ubuntu0.1 (Accepted)
xrdp (0.6.1-2ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Fixes a VNC security issue where the VNC password file is based on the user password. - debian/patches/CVE-2013-1430-1.patch: sesman: change vnc password file to guid - debian/patches/CVE-2013-1430-2.patch: sesman: work on guid / vnc password file - debian/patches/CVE-2013-1430-3.patch: xrdp,vnc: work on guid / vnc password file - debian/patches/CVE-2013-1430-4.patch: xrdp,vnc: password fixes - debian/patches/CVE-2013-1430-5.patch: vnc: add const and comments to rfbEncryptBytes - debian/patches/CVE-2013-1430-6.patch: sesman, xrdp: const, spacing changes - CVE-2013-1430 Date: 2019-01-08 21:36:13.640106+00:00 Changed-By: Paulo Flabiano Smorigo Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/xrdp/0.6.1-2ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.114ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (32.0.0.114ubuntu0.16.04.1) xenial-security; urgency=medium * New upstream release (32.0.0.114) - debian/flashplugin-installer.{config,postinst}, debian/post-download-hook: Updated version and sha256sum Date: 2019-01-08 15:09:26.259487+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.114ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] wireshark 2.6.5-1~ubuntu16.04.0 (Accepted)
wireshark (2.6.5-1~ubuntu16.04.0) xenial-security; urgency=medium * Rebuild for Xenial to fix multiple security issues * Make wireshark depend on both wireshark-gtk and wireshark-qt wireshark (2.6.5-1) unstable; urgency=medium * Add debian/gitlab-ci.yml * New upstream version 2.6.5 - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html - security fixes: - The Wireshark dissection engine could crash. (CVE-2018-19625) - The DCOM dissector could crash. (CVE-2018-19626) - The LBMPDM dissector could crash. (CVE-2018-19623) - The MMSE dissector could go into an infinite loop. (CVE-2018-19622) - The IxVeriWave file parser could crash. (CVE-2018-19627) - The PVFS dissector could crash. (CVE-2018-19624) - The ZigBee ZCL dissector could crash. (CVE-2018-19628) * Update symbols wireshark (2.6.4-2) unstable; urgency=medium [ nyov ] * Build and install mmdbresolve to make GeoIP-lookup work. (adds dependency on libmaxminddb) (Closes: #911567) [ Gregor Jasny ] * debian: libwireshark-dev must depend on libwiretap-dev because wireshark/epan/packet_info.h (libwireshark-dev) depends on wireshark/wiretap/wtap.h (libwiretap-dev) (LP: #1801666) [ Balint Reczey ] * Ship man page for mmdbresolve * debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr making the test fail Date: 2018-12-14 07:55:12.751858+00:00 Changed-By: Balint Reczey Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/wireshark/2.6.5-1~ubuntu16.04.0 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] chromium-browser 71.0.3578.98-0ubuntu0.16.04.1 (Accepted)
chromium-browser (71.0.3578.98-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 71.0.3578.98 - CVE-2018-17481: Use after free in PDFium. Date: 2018-12-13 12:15:34.808076+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/chromium-browser/71.0.3578.98-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] fontforge 20120731.b-7.1ubuntu0.1 (Accepted)
fontforge (20120731.b-7.1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2017-11568.patch: fix out of bounds read condition and buffer overflow in fontforge/parsettf.c, fontforge/psread.c, fontforge/tottf.c. - CVE-2017-11568 * SECURITY UPDATE: heap-based buffer over-read in readttfcopyrights - debian/patches/CVE-2017-11569-and-2017-11575.patch: fix out of bounds read condition in fontforge/parsettf.c. - CVE-2017-11569 - CVE-2017-11575 * SECURITY UPDATE: stack-based buffer overflow - debian/patches/CVE-2017-11571.patch: fix buffer overflow in fontforge/parsettf.c. - CVE-2017-11571 * SECURITY UPDATE: stack underflow condition in readcfftopdicts - debian/patches/CVE-2017-11572-and-2017-11576.patch: prevent stack uderflow condition in fontforge/parsettf.c. - CVE-2017-11572 - CVE-2017-11576 * SECURITY UPDATE: heap-based buffer overflow in readcffset - debian/patches/CVE-2017-11574.patch: fix buffer condition in fontforge/parsetff.c. - CVE-2017-11574 * SECURITY UPDATE: buffer over-read in getsid - debian/patches/CVE-2017-11577.patch: fix out of bounds read in fontforge/parsettf.c - CVE-2017-11577 Date: 2018-12-20 20:38:12.144731+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/fontforge/20120731.b-7.1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] netatalk 2.2.5-1ubuntu0.2 (Accepted)
netatalk (2.2.5-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: RCE with root privileges - debian/patches/CVE-2018-1160-01.patch: libatalk/dsi: avoid double use of variable i - debian/patches/CVE-2018-1160-02.patch: libatalk/dsi: add correct bounding checking to dsi_opensession - CVE-2018-1160 Date: 2018-12-20 14:51:19.833065+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/netatalk/2.2.5-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] freerdp 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 (Accepted)
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: Integer truncation in update_read_bitmap_update - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer type to avoid integer truncation in libfreerdp/core/update.c. Based on upstream patch. - CVE-2018-8786 * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress - debian/patches/CVE-2018-8787.patch: Check for and avoid possible integer overflow in libfreerdp/gdi/graphics.c. Based on upstream patch. - CVE-2018-8787 * SECURITY UPDATE: Buffer overflow in nsc_rle_decode - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid possible buffer overflow in libfreerdp/codec/nsc.c and libfreerdp/codec/nsc_encode.c. Based on upstream patch. - CVE-2018-8788 * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer type when checking offset against stream length in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch. - CVE-2018-8789 Date: 2018-12-11 11:31:26.684727+00:00 Changed-By: Alex Murray Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] nodejs-mozilla 8.14.0-0ubuntu0.16.04.1 (Accepted)
nodejs-mozilla (8.14.0-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream release: 8.14.0 Date: 2018-12-05 15:19:12.474905+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/nodejs-mozilla/8.14.0-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] rustc 1.30.0+dfsg1+llvm-2ubuntu1~16.04.1 (Accepted)
ld.so during some debuginfo tests - update debian/control - Add a hack to ensure the stage0 compiler is extracted to the correct location - update debian/make_orig-stage0_tarball.sh - Scrub -g from CFLAGS and CXXFLAGS in order to let rustbuild control whether LLVM is compiled with debug symbols - update debian/rules - On i386, only build debuginfo for libstd - update debian/rules - Ignore all test failures on every architecture - update debian/rules - Version the Build-Conflict on gdb-minimal as gdb now Provides it - update debian/control Date: 2018-11-12 22:30:12.763369+00:00 Changed-By: Michael Hudson-Doyle Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/rustc/1.30.0+dfsg1+llvm-2ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 64.0+build3-0ubuntu0.16.04.1 (Accepted)
firefox (64.0+build3-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (64.0build3) firefox (64.0+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (64.0build1) [ Olivier Tilloy ] * Do not attach Wi-Fi syslog to apport reports (LP: #1801383) - update debian/apport/source_firefox.py.in * Update debian/patches/unity-menubar.patch * Use a custom build of Node.js (nodejs-mozilla), as it is now a required build dependency - update debian/config/mozconfig.in - update debian/control{,.in} [ Rico Tzschichholz ] * Explicitly set HOME=/tmp - update debian/build/rules.mk * Bump build-dep on rustc >= 1.29.0 and cargo >= 0.30 - update debian/control{,.in} * Bump cbindgen dependency to 0.6.7 - update debian/build/create-tarball.py * Ship removed onboarding watermark.svg to keep using it as symbolic icon - add debian/symbolic.svg - update debian/build/rules.mk * Drop upstreamed patches - remove debian/patches/fix-armhf-aom-build.patch * Update patches - update debian/patches/dont-treat-tilde-as-special.patch - update debian/patches/drop-check-glibc-symbols.patch - update debian/patches/update-gn-mozbuild.patch Date: 2018-12-07 22:35:12.343937+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/64.0+build3-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] cargo 0.31.0-3ubuntu1~16.04.1 (Accepted)
from Debian unstable, remaining changes: - Don't use the bootstrap.py script for bootstrapping as it no longer works. - remove debian/bootstrap.py - update debian/control - update debian/rules - update debian/make_orig_multi.sh - Bump libgit2 dependency to 0.27.0. This is what is bundled in upstream checkouts now, and it no longer builds against 0.25.1.0 - update debian/control - Drop the unneeded dependency on libjs-jquery from cargo-doc - update debian/control - Ignore test failures on s390x. There's no Debian build yet on this arch and there's nothing in the archive that requires cargo on s390x at this time - update debian/rules - Don't disable generate_lockfile.rs:no_index_update, as this test was fixed upstream to not clone the real index - update debian/patches/2002_disable-net-tests.patch - Disable fetch tests on non x86/x86-64 architectures, as those hit an unreachable!() in test code. Disable the Debian patch that disables these tests on every architecture - add debian/patches/disable-fetch-tests-on-non-x86.patch - update debian/patches/series Date: 2018-11-13 09:02:13.247776+00:00 Changed-By: Michael Hudson-Doyle Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/cargo/0.31.0-3ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.10 (Accepted)
poppler (0.41.0-0ubuntu1.10) xenial-security; urgency=medium * SECURITY REGRESSION: fixing patch applied previously for CVE-2018-19149 - debian/patch/CVE-2018-19149-fixing-previous.patch * SECURITY REGRESSION: fixing regression in check entry - debian/patches/CVE-2018-16646-fix-regression-p1.patch - debian/patches/CVE-2018-16646-fix-regression-p2.patch Date: 2018-12-11 13:09:12.039286+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.10 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] poco 1.3.6p1-5.1ubuntu0.1 (Accepted)
poco (1.3.6p1-5.1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Fix zip decompression vulnerability - debian/patches/80_zip_vulnerability.dpatch: Fix zip decompression - CVE-2017-1000472 Date: 2018-12-07 17:30:12.790003+00:00 Changed-By: pfsmor...@canonical.com (Paulo F. Smorigo) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/poco/1.3.6p1-5.1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] chromium-browser 71.0.3578.80-0ubuntu0.16.04.1 (Accepted)
chromium-browser (71.0.3578.80-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 71.0.3578.80 - CVE-2018-17480: Out of bounds write in V8. - CVE-2018-17481: Use after frees in PDFium. - CVE-2018-18335: Heap buffer overflow in Skia. - CVE-2018-18336: Use after free in PDFium. - CVE-2018-18337: Use after free in Blink. - CVE-2018-18338: Heap buffer overflow in Canvas. - CVE-2018-18339: Use after free in WebAudio. - CVE-2018-18340: Use after free in MediaRecorder. - CVE-2018-18341: Heap buffer overflow in Blink. - CVE-2018-18342: Out of bounds write in V8. - CVE-2018-18343: Use after free in Skia. - CVE-2018-18344: Inappropriate implementation in Extensions. - CVE-2018-18345: Inappropriate implementation in Site Isolation. - CVE-2018-18346: Incorrect security UI in Blink. - CVE-2018-18347: Inappropriate implementation in Navigation. - CVE-2018-18348: Inappropriate implementation in Omnibox. - CVE-2018-18349: Insufficient policy enforcement in Blink. - CVE-2018-18350: Insufficient policy enforcement in Blink. - CVE-2018-18351: Insufficient policy enforcement in Navigation. - CVE-2018-18352: Inappropriate implementation in Media. - CVE-2018-18353: Inappropriate implementation in Network Authentication. - CVE-2018-18354: Insufficient data validation in Shell Integration. - CVE-2018-18355: Insufficient policy enforcement in URL Formatter. - CVE-2018-18356: Use after free in Skia. - CVE-2018-18357: Insufficient policy enforcement in URL Formatter. - CVE-2018-18358: Insufficient policy enforcement in Proxy. - CVE-2018-18359: Out of bounds read in V8. * debian/patches/chromium_useragent.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed * debian/patches/gn-no-last-commit-position.patch: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/touch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-allow-enable.patch: removed, no longer needed * debian/patches/widevine-other-locations: refreshed * debian/patches/widevine-revision.patch: renamed to debian/patches/widevine-enable-version-string.patch and updated * debian/tests/html5test: update test expectations Date: 2018-12-04 22:21:12.205728+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/chromium-browser/71.0.3578.80-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] redis 2:3.0.6-1ubuntu0.3 (Accepted)
redis (2:3.0.6-1ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: Tighten Permissions - Ensure /var/lib/redis and /var/log/redis are not world readable - Set UMask=007 in redis-server.service, redis-sentinel.server - Changes taken from Debian version 3:3.2.5-2 - CVE-2016-2121 Date: 2018-12-07 17:31:13.311558+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/redis/2:3.0.6-1ubuntu0.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] cups 2.1.3-4ubuntu0.6 (Accepted)
cups (2.1.3-4ubuntu0.6) xenial-security; urgency=medium * SECURITY UPDATE: predictable session cookies - debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c. - CVE-2018-4700 Date: 2018-11-19 12:34:12.365172+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] lxml 3.5.0-1ubuntu0.1 (Accepted)
lxml (3.5.0-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: XSS attacks - Make the cleaner remove javascript URLs that use espacing in in src/lxml/html/clean.py, src/lxml/html/tests/test_clean.txt. - CVE-2018-19787 Date: 2018-12-07 12:48:15.204213+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/lxml/3.5.0-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] swftools 0.9.2+git20130725-4.1~build0.16.04.1 (Accepted)
swftools (0.9.2+git20130725-4.1~build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-12-07 14:31:12.779488+00:00 Changed-By: Mike Salvatore Maintainer: Christian Welzel Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/swftools/0.9.2+git20130725-4.1~build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linkchecker 9.3-1+deb8u1build0.16.04.1 (Accepted)
linkchecker (9.3-1+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-12-07 19:54:13.022673+00:00 Changed-By: Mike Salvatore Maintainer: Bastian Kleineidam Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/linkchecker/9.3-1+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] chrony 2.1.1-1ubuntu0.1 (Accepted)
chrony (2.1.1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key". - debian/patches/CVE-2016-1567.patch: restrict authentication of server/peer to specified key. - CVE-2016-1567 Date: 2018-12-06 16:49:12.043844+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/chrony/2.1.1-1ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.3 (Accepted)
ghostscript (9.26~dfsg+0-0ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY REGRESSION: multiple regressions (LP: #1806517) - debian/patches/020181126-96c381c*.patch: fix duplex issue. - debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and -dLastPage issue. Date: 2018-12-06 16:56:25.943879+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] openssl 1.0.2g-1ubuntu4.14 (Accepted)
openssl (1.0.2g-1ubuntu4.14) xenial-security; urgency=medium * SECURITY UPDATE: PortSmash side channel attack - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in crypto/bn/bn_lib.c, crypto/ec/ec_mult.c. - CVE-2018-5407 * SECURITY UPDATE: timing side channel attack in DSA - debian/patches/CVE-2018-0734-pre1.patch: address a timing side channel in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in crypto/dsa/dsa_ossl.c. - CVE-2018-0734 Date: 2018-12-04 19:55:42.266176+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] wavpack 4.75.2-2ubuntu0.2 (Accepted)
wavpack (4.75.2-2ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19840.patch: checking if sample_rate is not zero in src/pack_utils.c and removing register keyword in src/read_words.c. - CVE-2018-19840 Date: 2018-12-05 20:42:12.782161+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/wavpack/4.75.2-2ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libraw 0.17.1-1ubuntu0.4 (Accepted)
libraw (0.17.1-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: Multiple memory management issues - debian/patches/CVE-2018-5807_5810_5811_5812.patch: out-of-bounds reads, heap-based buffer overflow and NULL pointer dereference in internal/dcraw_common.cpp - CVE-2018-5807 - CVE-2018-5810 - CVE-2018-5811 - CVE-2018-5812 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c and internal/dcraw_common.cpp - CVE-2018-5813 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-5815.patch: integer overflow in internal/dcraw_common.cpp - CVE-2018-5815 * SECURITY UPDATE: Divide by zero - debian/patches/CVE-2018-5816.patch: divide by zero in internal/dcraw_common.cpp - CVE-2018-5816 Date: 2018-12-06 01:32:12.143813+00:00 Changed-By: Alex Murray Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.101ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (32.0.0.101ubuntu0.16.04.1) xenial-security; urgency=medium * New upstream release (32.0.0.101) - debian/flashplugin-installer.{config,postinst}, debian/post-download-hook: Updated version and sha256sum Date: 2018-12-05 13:56:18.838202+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.101ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] chromium-browser 70.0.3538.110-0ubuntu0.16.04.1 (Accepted)
chromium-browser (70.0.3538.110-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.110 - CVE-2018-17479: Use-after-free in GPU. * debian/patches/relax-ninja-version-requirement.patch: refreshed chromium-browser (70.0.3538.102-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.102 - CVE-2018-17478: Out of bounds memory access in V8. * debian/patches/gn-bootstrap-remove-sysroot-options.patch: added Date: 2018-11-20 11:24:13.575459+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/chromium-browser/70.0.3538.110-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.9 (Accepted)
poppler (0.41.0-0ubuntu1.9) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19149.patch: "check whether and embedded file is actually present in the PDF and show warning in that case" in glib/poppler-attachment.cc, glib/poppler-document.cc. - CVE-2018-19149 [ Marc Deslauriers ] * SECURITY UPDATE: infinite recursion via crafted file - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in poppler/Parser.cc, poppler/XRef.h. - CVE-2018-16646 * SECURITY UPDATE: denial of service via reachable abort - debian/patches/CVE-2018-19058.patch: check for stream before calling stream methods when saving an embedded file in poppler/FileSpec.cc. - CVE-2018-19058 * SECURITY UPDATE: denial of service via out-of-bounds read - debian/patches/CVE-2018-19059.patch: check for valid embedded file before trying to save it in utils/pdfdetach.cc. - CVE-2018-19059 * SECURITY UPDATE: denial of service via NULL pointer dereference - debian/patches/CVE-2018-19060.patch: check for valid file name of embedded file in utils/pdfdetach.cc. - CVE-2018-19060 Date: 2018-12-03 14:20:25.144872+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.9 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] perl 5.22.1-9ubuntu0.6 (Accepted)
perl (5.22.1-9ubuntu0.6) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow leading to buffer overflow - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in util.c. - CVE-2018-18311 * SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun - debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c. - CVE-2018-18312 * SECURITY UPDATE: Heap-buffer-overflow read - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to memchr in regcomp.c. - CVE-2018-18313 * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c, t/re/reg_mesg.t, t/re/regex_sets.t. - CVE-2018-18314 Date: 2018-11-20 14:30:15.989733+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ruby-minitar 0.5.4-3.1build0.16.04.1 (Accepted)
ruby-minitar (0.5.4-3.1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-29 21:23:12.506861+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ruby-minitar/0.5.4-3.1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python-tablib 0.9.11-2+deb9u1build0.16.04.1 (Accepted)
python-tablib (0.9.11-2+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-29 19:18:12.110584+00:00 Changed-By: Mike Salvatore Maintainer: PKG OpenStack Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python-tablib/0.9.11-2+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] rzip 2.1-2ubuntu0.16.04.1 (Accepted)
rzip (2.1-2ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow (integer overflow) - debian/patches/CVE-2017-8364.patch: Fix heap buffer overflow by allocating a large enough bufferPatch taken from the OpenSUSE leap 42.2 package. - CVE-2017-8364 Date: 2018-11-29 18:21:13.162846+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/rzip/2.1-2ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libssh 0.6.3-4.3ubuntu0.2 (Accepted)
libssh (0.6.3-4.3ubuntu0.2) xenial-security; urgency=medium * SECURITY REGRESSION: fix multiple regressions (LP: #1805348) - debian/patches/CVE-2018-10933-regression.patch: set correct state after sending INFO_REQUEST in src/server.c. - debian/patches/CVE-2018-10933-regression2.patch: add missing break in src/packet.c. - debian/patches/CVE-2018-10933-regression3.patch: set correct state after sending GSSAPI_RESPONSE in src/gssapi.c. Date: 2018-11-27 16:23:21.281941+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libssh/0.6.3-4.3ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.1 (Accepted)
ghostscript (9.26~dfsg+0-0ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues - CVE-2018-19409 - CVE-2018-19475 - CVE-2018-19476 - CVE-2018-19477 * Removed patches included in new version: - debian/patches/0218*.patch - debian/patches/lp1800062.patch * debian/symbols.common: updated for new version. Date: 2018-11-28 15:04:26.730910+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] redis 2:3.0.6-1ubuntu0.2 (Accepted)
redis (2:3.0.6-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Permissions issue - debian/patches/CVE-2013-7458.patch: fix in deps/linenoise/linenoise.c. - CVE-2013-7458 * SECURITY UPDATE: Cross protocol scripting - debian/patches/CVE-2016-10517.patch: fix in src/redis.c, src/redis.h. - CVE-2016-10517 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-15047.patch: fix in src/cluster.c. - CVE-2017-15047 * SECURITY UPDATE: Memory corruption - debian/patches/CVE-2018-11218.patch: fix in deps/lua/src/lua_cmsgpack.c. - CVE-2018-11218 * SECURITY UPDATE: Integer Overflow - debian/patches/CVE-2018-11219-*.patch: fix in deps/lua/src/lua_struct.c. - CVE-2018-11219 * SECURITY UPDATE: Buffer overflow in the redis-cli - debian/patches/CVE-2018-12326.patch: fix in redis-cli.c. - CVE-2018-12326 Date: 2018-06-27 17:16:12.663220+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/redis/2:3.0.6-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] openjdk-8 8u191-b12-0ubuntu0.16.04.1 (Accepted)
openjdk-8 (8u191-b12-0ubuntu0.16.04.1) xenial-security; urgency=medium * Backport from Cosmic. openjdk-8 (8u191-b12-0ubuntu0.18.10.1) cosmic-security; urgency=medium * Update to 8u191-b12. (Closes: #911925, LP: #1800792) * debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt from upstream now. * debian/excludelist.langtools.jtx: upstream testing does not use any exclusion list. * debian/patches/sec-webrev-8u191-b12*: removed, applied upstream. * debian/patches/jdk-8132985-backport-double-free.patch, debian/patches/jdk-8139803-backport-warning.patch: fix crash in freetypescaler due to double free, thanks to Heikki Aitakangas for the report and patches. (Closes: #911847) * debian/rules: - tar and save JTreport directory. - run the same limited set of tests as upstream does. - call the same testsuites scripts used for autopkgtest. - reenable jdk testsuite. - simplified and moved xvfb logic into check-jdk rule. - removed jtreg and xvfb build dependency logic and moved the bdeps into debian/control.in. - added rules to generate autopkgtest scripts from templates. * updated dep8 tests: - debian/test/control: run hotspot, langtools, and jdk testsuites. - debian/tests/hotspot, debian/tests/jdk, debian/tests/langtools: add scripts for each testsuite to be run. - debian/tests/jtreg-autopkgtest.sh: template to generate the jtreg script used by the autopkgtest tests. - debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report any differences between the autopkgtest and the tests results generated during the openjdk package build. - debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg and put the resulting artifacts in the right places. - debian/tests/valid-tests: removed, no longer needed. Date: 2018-11-20 14:03:27.752680+00:00 Changed-By: Tiago Stürmer Daitx Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] git 1:2.7.4-0ubuntu1.6 (Accepted)
git (1:2.7.4-0ubuntu1.6) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-15298.patch: fix in diff.h, revision.c. - CVE-2017-15298 Date: 2018-11-27 14:14:13.769764+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] systemd 229-4ubuntu21.10 (Accepted)
systemd (229-4ubuntu21.10) xenial-security; urgency=medium [ Chris Coulson ] * Revert the fixes for CVE-2018-6954 for causing a regression when running in a container on old kernels (LP: #1804847) - update debian/patches/series [ Balint Reczey ] * Fix LP: #1803391 - Don't always trigger systemctl stop of udev service and sockets - update debian/udev.postinst Date: 2018-11-27 11:21:12.836003+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.10 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] mercurial 3.7.3-1ubuntu1.2 (Accepted)
mercurial (3.7.3-1ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: Refresh CVE-2018-13347-extras.patch as it was missing part of the fix. Also updated CVE-2018-13346.patch and CVE-2018-13348.patch to correctly reflect the correct lines. Date: 2018-11-27 15:36:13.490587+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/mercurial/3.7.3-1ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.18 (Accepted)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.18) xenial-security; urgency=medium * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD Internal DNS server - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using counter in source4/dns_server/dns_query.c. - CVE-2018-14629 * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT - debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with mis-matching principal in source4/kdc/db-glue.c. - CVE-2018-16841 * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server - debian/patches/CVE-2018-16851.patch: check ret before manipulating blob in source4/ldap_server/ldap_server.c. - CVE-2018-16851 Date: 2018-11-19 14:09:13.104655+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.18 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] wireshark 2.6.4-2~ubuntu16.04.0 (Accepted)
wireshark (2.6.4-2~ubuntu16.04.0) xenial-security; urgency=medium * Rebuild for Xenial to fix multiple security issues * Make wireshark depend on both wireshark-gtk and wireshark-qt wireshark (2.6.4-2) unstable; urgency=medium [ nyov ] * Build and install mmdbresolve to make GeoIP-lookup work. (adds dependency on libmaxminddb) (Closes: #911567) [ Gregor Jasny ] * debian: libwireshark-dev must depend on libwiretap-dev because wireshark/epan/packet_info.h (libwireshark-dev) depends on wireshark/wiretap/wtap.h (libwiretap-dev) (LP: #1801666) [ Balint Reczey ] * Ship man page for mmdbresolve * debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr making the test fail wireshark (2.6.4-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Removing redundant Priority field in binary package * d/changelog: Remove trailing whitespaces [ Balint Reczey ] * Install at-spi2-core in gui autopkgtest to avoid error messages * debian/test/gui: Ignore stderr from wireshark-gtk since upstream deprecated it and also start bigger virtual screen * New upstream version 2.6.4 - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html - security fixes: - MS-WSP dissector crash (CVE-2018-18227) - Steam IHS Discovery dissector memory leak (CVE-2018-18226) - CoAP dissector crash (CVE-2018-18225) - OpcUA dissector crash (CVE-2018-12086) wireshark (2.6.3-1) unstable; urgency=medium * Use GLX extension in autopkgtest, Qt needs it * New upstream version 2.6.3 - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.6.3.html - security fixes: - Bluetooth AVDTP dissector crash. (CVE-2018-16058) - Bluetooth Attribute Protocol dissector crash. (CVE-2018-16056) - Radiotap dissector crash. (CVE-2018-16057) * Refresh patches * Update symbols Date: 2018-11-20 18:15:28.694417+00:00 Changed-By: Balint Reczey Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/wireshark/2.6.4-2~ubuntu16.04.0 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] freedink-dfarc 3.12-1+deb9u1build0.16.04.1 (Accepted)
freedink-dfarc (3.12-1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-21 16:29:18.806344+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/freedink-dfarc/3.12-1+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ruby-ox 2.1.1-2+deb9u1build0.16.04.1 (Accepted)
ruby-ox (2.1.1-2+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-21 18:56:13.247161+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ruby-ox/2.1.1-2+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libofx 1:0.9.10-1+deb8u1build0.16.04.1 (Accepted)
libofx (1:0.9.10-1+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-21 16:58:13.053312+00:00 Changed-By: Mike Salvatore Maintainer: Sébastien Villemot Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libofx/1:0.9.10-1+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] qemu 1:2.5+dfsg-5ubuntu10.33 (Accepted)
qemu (1:2.5+dfsg-5ubuntu10.33) xenial-security; urgency=medium * SECURITY UPDATE: integer overflow in NE2000 NIC emulation - debian/patches/CVE-2018-10839.patch: use proper type in hw/net/ne2000.c. - CVE-2018-10839 * SECURITY UPDATE: buffer overflow via incoming fragmented datagrams - debian/patches/CVE-2018-11806.patch: correct size computation in slirp/mbuf.c, slirp/mbuf.h. - CVE-2018-11806 * SECURITY UPDATE: integer overflow via crafted QMP command - debian/patches/CVE-2018-12617.patch: check bytes count read by guest-file-read in qga/commands-posix.c. - CVE-2018-12617 * SECURITY UPDATE: buffer overflow in rtl8139 - debian/patches/CVE-2018-17958.patch: use proper type in hw/net/rtl8139.c. - CVE-2018-17958 * SECURITY UPDATE: buffer overflow in pcnet - debian/patches/CVE-2018-17962.patch: use proper type in hw/net/pcnet.c. - CVE-2018-17962 * SECURITY UPDATE: DoS via large packet sizes - debian/patches/CVE-2018-17963.patch: check size in net/net.c. - CVE-2018-17963 * SECURITY UPDATE: DoS in lsi53c895a - debian/patches/CVE-2018-18849.patch: check message length value is valid in hw/scsi/lsi53c895a.c. - CVE-2018-18849 * SECURITY UPDATE: race condition in 9p - debian/patches/CVE-2018-19364-1.patch: use write lock in hw/9pfs/cofile.c. - debian/patches/CVE-2018-19364-2.patch: use write lock in hw/9pfs/virtio-9p.c. - CVE-2018-19364 Date: 2018-11-22 15:08:42.459669+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.33 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] tor 0.2.9.14-1ubuntu1~16.04.3 (Accepted)
tor (0.2.9.14-1ubuntu1~16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Remote crash attack against directory authorities. - debian/patches/CVE-2018-0490.patch: Correctly handle NULL returns from parse_protocol_list when voting. - CVE-2018-0490 Date: 2018-11-22 18:58:12.857577+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/tor/0.2.9.14-1ubuntu1~16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] mercurial 3.7.3-1ubuntu1.1 (Accepted)
mercurial (3.7.3-1ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: The convert extension might allow attackers to execute arbitrary code via a crafted git repository name. - debian/patches/CVE-2016-3105.patch: Pass absolute paths to git. - CVE-2016-3105 * SECURITY UPDATE: hg server --stdio allows remote authenticated users to launch the Python debugger and execute arbitrary code. - debian/patches/CVE-2017-9462.patch: Protect against malicious hg serve --stdio invocations. - CVE-2017-9462 * SECURITY UPDATE: A specially malformed repository can cause GIT subrepositories to run arbitrary code. - debian/patches/CVE-2017-17458_part1.patch: add test-audit-subrepo.t testcase. - debian/patches/CVE-2017-17458_part2.patch: disallow symlink traversal across subrepo mount point. - CVE-2017-17458 * SECURITY UPDATE: Missing symlink check could be abused to write to files outside the repository. - debian/patches/CVE-2017-1000115.patch: Fix symlink traversal. - CVE-2017-1000115 * SECURITY UPDATE: Possible shell-injection attack from not adequately sanitizing hostnames passed to ssh. - debian/patches/CVE-2017-1000116.patch: Sanitize hostnames passed to ssh. - CVE-2017-1000116 * SECURITY UPDATE: Integer underflow and overflow. - debian/patches/CVE-2018-13347.patch: Protect against underflow. - debian/patches/CVE-2018-13347-extras.patch: Protect against overflow. - CVE-2018-13347 * SECURITY UPDATE: Able to start fragment past of the end of original data. - debian/patches/CVE-2018-13346.patch: Ensure fragment start is not past then end of orig. - CVE-2018-13346 * SECURITY UPDATE: Data mishandling in certain situations. - debian/patches/CVE-2018-13348.patch: Be more careful about parsing binary patch data. - CVE-2018-13348 * SECURITY UPDATE: Vulnerability in Protocol server can result in unauthorized data access. - debian/patches/CVE-2018-1000132.patch: Always perform permissions checks on protocol commands. - CVE-2018-1000132 Date: 2018-11-22 17:57:12.046749+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/mercurial/3.7.3-1ubuntu1.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] firefox 63.0.3+build1-0ubuntu0.16.04.1 (Accepted)
firefox (63.0.3+build1-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (63.0.3build1) firefox (63.0.1+build4.1-0ubuntu0.16.04.1) xenial; urgency=medium * Downgrade cbindgen to 0.6.6 in the source tarball to fix a build failure * Pin cbindgen version in the tarball to the version explicitly requested, and bump the requirement to 0.6.6 as this is what has been used for stable builds - update debian/build/create-tarball.py firefox (63.0.1+build4-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream stable release (63.0.1build4) * Define CBINDGEN variable instead of changing PATH - update debian/config/mozconfig.in Date: 2018-11-16 15:25:31.570766+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/firefox/63.0.3+build1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libapache2-mod-perl2 2.0.9-4ubuntu1.2 (Accepted)
libapache2-mod-perl2 (2.0.9-4ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: arbitrary perl code execution via .htaccess file - debian/patches/CVE-2011-2767.patch: only allow perl and pod sections in server configuration and not per directory in src/modules/perl/mod_perl.c. - CVE-2011-2767 Date: 2018-11-15 17:49:02.363684+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libapache2-mod-perl2/2.0.9-4ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 31.0.0.153ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (31.0.0.153ubuntu0.16.04.1) xenial-security; urgency=medium * New upstream release (31.0.0.153) - debian/flashplugin-installer.{config,postinst}, debian/post-download-hook: Updated version and sha256sum Date: 2018-11-20 13:48:15.624267+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/flashplugin-nonfree/31.0.0.153ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] unrar-free 1:0.0.1+cvs20140707-4~build0.16.04.1 (Accepted)
unrar-free (1:0.0.1+cvs20140707-4~build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-19 21:38:12.928933+00:00 Changed-By: Mike Salvatore Maintainer: Ying-Chun Liu Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/unrar-free/1:0.0.1+cvs20140707-4~build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] systemd 229-4ubuntu21.9 (Accepted)
systemd (229-4ubuntu21.9) xenial-security; urgency=medium * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to resolve this completely - CVE-2018-6954 Date: 2018-11-15 21:59:18.335706+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.9 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] minissdpd 1.2.20130907-3+deb8u1build0.16.04.1 (Accepted)
minissdpd (1.2.20130907-3+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-15 20:31:12.764986+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/minissdpd/1.2.20130907-3+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] minicom 2.7-1+deb8u1build0.16.04.1 (Accepted)
minicom (2.7-1+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-15 20:12:13.336501+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/minicom/2.7-1+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] miniupnpd 1.8.20140523-4.1+deb9u1build0.16.04.1 (Accepted)
miniupnpd (1.8.20140523-4.1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-14 15:29:13.792515+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/miniupnpd/1.8.20140523-4.1+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] unrar-nonfree 1:5.3.2-1+deb9u1build0.16.04.1 (Accepted)
unrar-nonfree (1:5.3.2-1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-14 15:22:12.440057+00:00 Changed-By: Mike Salvatore Maintainer: Martin Meredith Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.3.2-1+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] plexus-archiver 2.2-1+deb9u1build0.16.04.1 (Accepted)
plexus-archiver (2.2-1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-09 16:19:13.538650+00:00 Changed-By: Mike Salvatore Maintainer: Debian Java Maintainers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/plexus-archiver/2.2-1+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ruby-rack-protection 1.5.3-2+deb9u1build0.16.04.1 (Accepted)
ruby-rack-protection (1.5.3-2+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-09 16:28:13.008388+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ruby-rack-protection/1.5.3-2+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] flashplugin-nonfree 31.0.0.148ubuntu0.16.04.1 (Accepted)
flashplugin-nonfree (31.0.0.148ubuntu0.16.04.1) xenial-security; urgency=medium * New upstream release (31.0.0.148) - debian/flashplugin-installer.{config,postinst}, debian/post-download-hook: Updated version and sha256sum Date: 2018-11-13 14:58:18.196016+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/flashplugin-nonfree/31.0.0.148ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python2.7 2.7.12-1ubuntu0~16.04.4 (Accepted)
python2.7 (2.7.12-1ubuntu0~16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: heap buffer overflow via race condition - debian/patches/CVE-2018-130-1.patch: stop crashes when iterating over a file on multiple threads in Lib/test/test_file2k.py, Objects/fileobject.c. - debian/patches/CVE-2018-130-2.patch: fix crash when multiple threads iterate over a file in Lib/test/test_file2k.py, Objects/fileobject.c. - CVE-2018-130 * SECURITY UPDATE: command injection in shutil module - debian/patches/CVE-2018-1000802.patch: use subprocess rather than distutils.spawn in Lib/shutil.py. - CVE-2018-1000802 * SECURITY UPDATE: DoS via catastrophic backtracking - debian/patches/CVE-2018-106x.patch: fix expressions in Lib/difflib.py, Lib/poplib.py. Added tests to Lib/test/test_difflib.py, Lib/test/test_poplib.py. - CVE-2018-1060 - CVE-2018-1061 * SECURITY UPDATE: incorrect Expat hash salt initialization - debian/patches/CVE-2018-14647.patch: call SetHashSalt in Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c. - CVE-2018-14647 Date: 2018-11-12 17:53:12.869472+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python3.5 3.5.2-2ubuntu0~16.04.5 (Accepted)
python3.5 (3.5.2-2ubuntu0~16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: DoS via catastrophic backtracking - debian/patches/CVE-2018-106x.patch: fix expressions in Lib/difflib.py, Lib/poplib.py. Added tests to Lib/test/test_difflib.py, Lib/test/test_poplib.py. - CVE-2018-1060 - CVE-2018-1061 * SECURITY UPDATE: incorrect Expat hash salt initialization - debian/patches/CVE-2018-14647.patch: call SetHashSalt in Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c. - CVE-2018-14647 Date: 2018-11-12 15:36:12.624587+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] systemd 229-4ubuntu21.8 (Accepted)
systemd (229-4ubuntu21.8) xenial-security; urgency=medium * SECURITY UPDATE: reexec state injection - debian/patches/CVE-2018-15686.patch: when deserializing state always use read_line(…, LONG_LINE_MAX, …) rather than fgets() - CVE-2018-15686 * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing recursively through directory trees - CVE-2018-6954 Date: 2018-11-09 07:55:12.827425+00:00 Changed-By: Chris Coulson Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] gettext 0.19.7-2ubuntu3.1 (Accepted)
gettext (0.19.7-2ubuntu3.1) xenial-security; urgency=medium * SECURITY UPDATE: Invalid free - debian/patches/CVE-2018-18751.patch: fix in gettext-tools/src/po-gram-gen.y, gettext-tools/src/read-catalog.c, gettext-tools/tests/Makefile.am, gettext-tools/tests/xgettext-po-2. - CVE-2018-18751 * Add bison as build-dep since gettext runs/needs yacc in build time - debian/control Date: 2018-11-08 15:23:15.541211+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/gettext/0.19.7-2ubuntu3.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libmspack 0.5-1ubuntu0.16.04.3 (Accepted)
libmspack (0.5-1ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c - CVE-2018-18585 * SECURITY UPDATE: One byte buffer overflow - - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large enough in cab.h - CVE-2018-18584 Date: 2018-11-12 03:39:12.025679+00:00 Changed-By: Alex Murray Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ruby-redis-store 1.1.6-1+deb9u1build0.16.04.1 (Accepted)
ruby-redis-store (1.1.6-1+deb9u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-08 20:08:34.034279+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ruby-redis-store/1.1.6-1+deb9u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] pyopenssl 0.15.1-2ubuntu0.2 (Accepted)
pyopenssl (0.15.1-2ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: use-after-free and memory leak - debian/patches/CVE-2018-100080x-pre.patch: fix use-after-free and introduce _from_raw_x509_ptr in OpenSSL/SSL.py, OpenSSL/crypto.py. - debian/patches/CVE-2018-100080x.patch: fix issues in OpenSSL/SSL.py, OpenSSL/crypto.py, add test to OpenSSL/test/test_ssl.py. - debian/control: depend on python-cryptography security update to get access to new X509_up_ref function. - CVE-2018-1000807 - CVE-2018-1000808 * debian/patches/update_certs.patch: update expired test certs. Date: 2018-11-07 18:59:13.933980+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/pyopenssl/0.15.1-2ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] python-cryptography 1.2.3-1ubuntu0.2 (Accepted)
python-cryptography (1.2.3-1ubuntu0.2) xenial-security; urgency=medium * debian/patches/add_x509_up_ref.patch: add X509_up_ref function for pyopenssl security update. Date: 2018-10-18 11:44:12.070400+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/python-cryptography/1.2.3-1ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] plexus-utils 1:1.5.15-4+deb8u1build0.16.04.1 (Accepted)
plexus-utils (1:1.5.15-4+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-07 20:26:12.967769+00:00 Changed-By: Mike Salvatore Maintainer: Debian Java Maintainers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/plexus-utils/1:1.5.15-4+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] nginx 1.10.3-0ubuntu0.16.04.3 (Accepted)
nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation - debian/patches/CVE-2018-16843.patch: add flood detection in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h. - CVE-2018-16843 * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation - debian/patches/CVE-2018-16844-pre.patch: backport new http2_max_requests directive. - debian/patches/CVE-2018-16844.patch: limit the number of idle state switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h. - CVE-2018-16844 * SECURITY UPDATE: infinite loop in ngx_http_mp4_module - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in src/http/modules/ngx_http_mp4_module.c. - CVE-2018-16845 Date: 2018-11-06 20:23:36.169829+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] tre 0.8.0-4+deb8u1build0.16.04.1 (Accepted)
tre (0.8.0-4+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-11-06 19:41:13.487927+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/tre/0.8.0-4+deb8u1build0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes