[ubuntu/xenial-updates] jhead 1:3.00-4+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

jhead (1:3.00-4+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-29 14:53:15.105581+00:00
Changed-By: Mike Salvatore 
Maintainer: Ludovic Rousseau 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/jhead/1:3.00-4+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] putty 0.67-3build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

putty (0.67-3build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-29 15:30:13.536226+00:00
Changed-By: Mike Salvatore 
Maintainer: Colin Watson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/putty/0.67-3build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] spice 0.12.6-4ubuntu0.4 (Accepted)

[Ubuntu Archive Robot]

spice (0.12.6-4ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in
  server/red_memslots.c.
- CVE-2019-3813

Date: 2019-01-24 17:02:12.447862+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/spice/0.12.6-4ubuntu0.4
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] unrtf 0.21.9-clean-3~build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

unrtf (0.21.9-clean-3~build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-25 19:45:20.288629+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/unrtf/0.21.9-clean-3~build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] wireshark 2.6.6-1~ubuntu16.04.0 (Accepted)

[Ubuntu Archive Robot]

wireshark (2.6.6-1~ubuntu16.04.0) xenial-security; urgency=medium

  * Rebuild for Xenial to fix multiple security issues
  * Make wireshark depend on both wireshark-gtk and wireshark-qt

wireshark (2.6.6-1) unstable; urgency=medium

  [ Jean-Philippe MENGUAL ]
  * French debconf translation update (Closes: #915161)

  [ Balint Reczey ]
  * New upstream version 2.6.6
- security fixes:
  - The P_MUL dissector could crash. (CVE-2019-5717)
  - The RTSE dissector and other dissectors could crash. (CVE-2019-5718)
  - The ISAKMP dissector could crash. (CVE-2019-5719)
  - The 6LoWPAN dissector could crash. (CVE-2019-5716)
  * Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089)

wireshark (2.6.5-1) unstable; urgency=medium

  * Add debian/gitlab-ci.yml
  * New upstream version 2.6.5
- release notes:
  https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
- security fixes:
  - The Wireshark dissection engine could crash. (CVE-2018-19625)
  - The DCOM dissector could crash. (CVE-2018-19626)
  - The LBMPDM dissector could crash. (CVE-2018-19623)
  - The MMSE dissector could go into an infinite loop. (CVE-2018-19622)
  - The IxVeriWave file parser could crash. (CVE-2018-19627)
  - The PVFS dissector could crash. (CVE-2018-19624)
  - The ZigBee ZCL dissector could crash. (CVE-2018-19628)
  * Update symbols

Date: 2019-01-23 15:24:04.980346+00:00
Changed-By: Balint Reczey 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/wireshark/2.6.6-1~ubuntu16.04.0
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] thunderbird 1:60.4.0+build2-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

thunderbird (1:60.4.0+build2-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream stable release (60.4.0build2)

  * Refresh patches
- update debian/patches/rust-drop-dll-checksums.patch
  * Fix a typo in the help text for the script to create the source tarball
- update debian/build/create-tarball.py
  * Use https for source repositories
- update debian/config/branch.mk

Date: 2019-01-16 08:54:12.405171+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/thunderbird/1:60.4.0+build2-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] pinba-engine-mysql 1.1.0-1ubuntu1.11 (Accepted)

[Ubuntu Archive Robot]

pinba-engine-mysql (1.1.0-1ubuntu1.11) xenial-security; urgency=medium

  * Rebuild against mysql 5.7.25.

Date: 2019-01-22 20:13:23.662886+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/pinba-engine-mysql/1.1.0-1ubuntu1.11
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] mysql-5.7 5.7.25-0ubuntu0.16.04.2 (Accepted)

[Ubuntu Archive Robot]

mysql-5.7 (5.7.25-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 5.7.25 to fix security issues
- CVE-2019-2420, CVE-2019-2434, CVE-2019-2455, CVE-2019-2481,
  CVE-2019-2482, CVE-2019-2486, CVE-2019-2503, CVE-2019-2507,
  CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2531,
  CVE-2019-2532, CVE-2019-2534, CVE-2019-2537
  * debian/patches/fix-mysqldump-test-dates: bump mysqldump test date from
2018 to 2020 to fix failing test.

Date: 2019-01-22 17:04:17.110915+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.25-0ubuntu0.16.04.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] bzrtp 1.0.2-1.2build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

bzrtp (1.0.2-1.2build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-23 15:08:14.709572+00:00
Changed-By: Mike Salvatore 
Maintainer: Debian VoIP Team 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/bzrtp/1.0.2-1.2build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.4 (Accepted)

[Ubuntu Archive Robot]

ghostscript (9.26~dfsg+0-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-6116.patch: address .force* operators
  exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
  Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
  Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
  Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
  Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
  Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
  Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
  psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
- CVE-2019-6116

Date: 2019-01-16 16:52:12.997162+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.4
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] virtualbox 5.1.38-dfsg-0ubuntu1.16.04.2 (Accepted)

[Ubuntu Archive Robot]

virtualbox (5.1.38-dfsg-0ubuntu1.16.04.2) xenial-security; urgency=medium

  * debian/patches/fix-for-guest-to-host-escape-vulnerability.patch:
- Apply patch for guest-to-host escape vulnerability (LP: #1809156)
- CVE-2018-3294

Date: 2019-01-21 16:19:12.758679+00:00
Changed-By: Martin Konrad 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/virtualbox/5.1.38-dfsg-0ubuntu1.16.04.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] backintime 1.1.12-2~build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

backintime (1.1.12-2~build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-22 17:43:14.243092+00:00
Changed-By: Mike Salvatore 
Maintainer: Jonathan Wiltshire 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/backintime/1.1.12-2~build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] tiff 4.0.6-1ubuntu0.5 (Accepted)

[Ubuntu Archive Robot]

tiff (4.0.6-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL dereference in TIFFPrintDirectory
- debian/patches/CVE-2018-7456.patch: properly handle color channels in
  libtiff/tif_dirread.c, libtiff/tif_print.c.
- CVE-2018-7456
  * SECURITY UPDATE: buffer overflow in LZWDecodeCompat
- debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c.
- CVE-2018-8905
  * SECURITY UPDATE: DoS in TIFFWriteDirectorySec()
- debian/patches/CVE-2018-10963.patch: avoid assertion in
  libtiff/tif_dirwrite.c.
- CVE-2018-10963
  * SECURITY UPDATE: multiple overflows
- debian/patches/CVE-2018-1710x.patch: Avoid overflows in
  tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
- CVE-2018-17100
- CVE-2018-17101
  * SECURITY UPDATE: JBIGDecode out-of-bounds write
- debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c,
  libtiff/tif_read.c.
- CVE-2018-18557
  * SECURITY UPDATE: NULL pointer dereference in LZWDecode
- debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c.
- CVE-2018-18661

Date: 2019-01-17 15:13:12.516719+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.5
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.11 (Accepted)

[Ubuntu Archive Robot]

poppler (0.41.0-0ubuntu1.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20481.patch: fix in
  poppler/XRef.cc.
- CVE-2018-20481
  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20650.patch: fix in
  poppler/FileSpec.cc.
- CVE-2018-20650

Date: 2019-01-21 18:07:17.823992+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.11
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] xrdp 0.6.1-2ubuntu0.3 (Accepted)

[Ubuntu Archive Robot]

xrdp (0.6.1-2ubuntu0.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: Fix conection problem (LP: #1811122).

Date: 2019-01-17 12:18:28.177688+00:00
Changed-By: Paulo Flabiano Smorigo 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/xrdp/0.6.1-2ubuntu0.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] unattended-upgrades 0.90ubuntu0.10 (Accepted)

[Ubuntu Archive Robot]

unattended-upgrades (0.90ubuntu0.10) xenial-security; urgency=medium

  * No change rebuild in the -security pocket (See LP #1686470)

Date: 2019-01-18 19:57:13.211311+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/unattended-upgrades/0.90ubuntu0.10
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] apt 1.2.29ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

apt (1.2.29ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
(LP: #1812353)

Date: 2019-01-18 19:56:21.813026+00:00
Changed-By: Julian Andres Klode 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/apt/1.2.29ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] adplug 2.2.1+dfsg3-1~build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

adplug (2.2.1+dfsg3-1~build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-17 21:06:16.169906+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/adplug/2.2.1+dfsg3-1~build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] irssi 0.8.19-1ubuntu1.8 (Accepted)

[Ubuntu Archive Robot]

irssi (0.8.19-1ubuntu1.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Use after free
- debian/patches/CVE-2019-5882.patch: fix in
  src/fe-text/textbuffer-view.c.
- CVE-2019-5882

Date: 2019-01-16 12:49:19.598871+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.8
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] autotrace 0.31.1-16+nmu1.2ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

autotrace (0.31.1-16+nmu1.2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2016-7392.patch: Fix an order of operations error in
  call to XMALLOC to avoid a heap-based buffer overflow when processing
  bmp images.
- CVE-2016-7392

Date: 2019-01-16 19:48:13.080107+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/autotrace/0.31.1-16+nmu1.2ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] policykit-1 0.105-14.1ubuntu0.4 (Accepted)

[Ubuntu Archive Robot]

policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
  PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
  src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
  test/data/etc/group, test/data/etc/passwd,
  test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
  test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
  PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788

Date: 2019-01-15 13:49:31.826192+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/policykit-1/0.105-14.1ubuntu0.4
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libcaca 0.99.beta19-2ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

libcaca (0.99.beta19-2ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Floating point exception
- debian/patches/CVE-2018-20544.patch: fix in
  caca/dither.c.
- CVE-2018-20544
  * SECURITY UPDATE: Buffer over-write
- debian/patches/CVE-2018-20545_20548_20549.patch:
  fix in src/common-image.h.
- CVE-2018-20545
- CVE-2018-20548
- CVE-2018-20549
  * SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2018-20546_20547.patch: fix in
  caca/dither.c.
- CVE-2018-20546
- CVE-2018-20547

Date: 2019-01-14 16:54:40.383902+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libcaca/0.99.beta19-2ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libarchive 3.1.2-11ubuntu0.16.04.5 (Accepted)

[Ubuntu Archive Robot]

libarchive (3.1.2-11ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14502.patch: fix in
  libarchive/archive_read_support_format_rar.c.
- CVE-2017-14502
  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000877.patch: fix in
  libarchive/archive_read_support_format_rar.c.
- CVE-2018-1000877
  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000878.patch: fix in
  libarchive/archive_read_support_format_rar.c.
- CVE-2018-1000878

Date: 2019-01-14 14:30:13.372167+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libarchive/3.1.2-11ubuntu0.16.04.5
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] haproxy 1.6.3-1ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

haproxy (1.6.3-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2018-20102.patch: check the bounds
  in src/dns.c.
- CVE-2018-20102

Date: 2019-01-11 17:15:12.499479+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/haproxy/1.6.3-1ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] krb5 1.13.2+dfsg-5ubuntu2.1 (Accepted)

[Ubuntu Archive Robot]

krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
modify a principal
- debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
  empty arg
- CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
- debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
  is restricted
- CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
- debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
  assertion failures
- debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
- CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
- debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
  failure
- CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
  checking
- CVE-2018-5729
- CVE-2018-5730

Date: 2019-01-14 14:23:16.443521+00:00
Changed-By: Eduardo dos Santos Barretto 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] php-pear 1:1.10.1+submodules+notgz-6ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

php-pear (1:1.10.1+submodules+notgz-6ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: unserialization vulnerability in Archive_Tar
- debian/patches/CVE-2018-1000888.patch: don't allow filenames to start
  with phar:// in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2018-1000888

Date: 2019-01-11 18:53:12.345727+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/php-pear/1:1.10.1+submodules+notgz-6ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] elixir 0.7.1-4build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

elixir (0.7.1-4build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-14 16:12:16.669560+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/elixir/0.7.1-4build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] tardiff 0.1-5~build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

tardiff (0.1-5~build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2019-01-14 16:30:17.927602+00:00
Changed-By: Mike Salvatore 
Maintainer: Axel Beckert 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/tardiff/0.1-5~build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] systemd 229-4ubuntu21.15 (Accepted)

[Ubuntu Archive Robot]

systemd (229-4ubuntu21.15) xenial-security; urgency=medium

  * SECURITY UPDATE: memory corruption in journald via attacker controlled 
alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
  entry for process commandline on the stack
- CVE-2018-16864
  * SECURITY UPDATE: memory corruption in journald via attacker controlled 
alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
  number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
  number of fields in a message
- CVE-2018-16865
  * SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix 
syslog_parse_identifier()
- CVE-2018-16866
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954.patch: don't resolve pathnames when 
traversing
  recursively through directory trees
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
  resolve this completely
- CVE-2018-6954

  * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
- add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
- update debian/patches/series
  * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell 
scripts
- add 
debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
- update debian/patches/series

Date: 2019-01-11 01:13:11.807696+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.15
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] exiv2 0.25-2.1ubuntu16.04.3 (Accepted)

[Ubuntu Archive Robot]

exiv2 (0.25-2.1ubuntu16.04.3) xenial-security; urgency=medium

   * SECURITY UPDATE: Denial of service
 - debian/patches/CVE-2017-11591.patch: fix in
   include/exiv2/value.hpp.
 - CVE-2017-11591
   * SECURITY UPDATE: Remote denial of service
 - debian/patches/CVE-2017-11683.patch: fix in
   src/tiffvisitor.cpp.
 - CVE-2017-11683
   * SECURITY UPDATE: Denial of service
 - debian/patches/CVE-2017-14859_14862_14864.patch: fix in
   src/error.cpp, src/tiffvisitor.cpp.
 - CVE-2017-14859
 - CVE-2017-14862
 - CVE-2017-14864
   * SECURITY UPDATE: Denial of service
 - debian/patches/CVE-2017-17669.patch: fix in
   src/pngchunk.cpp.
 - CVE-2017-17669
   * SECURITY UPDATE: Denial of service
 - debian/patches/CVE-2017-9239.patch: fix in
   src/tiffcomposite.cpp.
 - CVE-2017-9239
   * SECURITY UPDATE: Denial of service
 - debian/patches/CVE-2018-17581.patch: fix in
   src/crwimage.cpp.
 - CVE-2018-17581
   * SECURITY UPDATE: Denial of service
 - debian/patches/CVE-16336*.patch: fix in
   src/pngchunk.cpp.
 - CVE-2018-16336
  * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.

Date: 2019-01-08 19:26:17.935238+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/exiv2/0.25-2.1ubuntu16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] python-django 1.8.7-1ubuntu5.7 (Accepted)

[Ubuntu Archive Robot]

python-django (1.8.7-1ubuntu5.7) xenial-security; urgency=medium

  * SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
  django/views/defaults.py, add test to tests/handlers/tests.py.
- CVE-2019-3498

Date: 2019-01-08 20:58:13.607190+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.7
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] xrdp 0.6.1-2ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

xrdp (0.6.1-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Fixes a VNC security issue where the VNC password file is
based on the user password.
- debian/patches/CVE-2013-1430-1.patch: sesman: change vnc password file
  to guid
- debian/patches/CVE-2013-1430-2.patch: sesman: work on guid / vnc
  password file
- debian/patches/CVE-2013-1430-3.patch: xrdp,vnc: work on guid / vnc
  password file
- debian/patches/CVE-2013-1430-4.patch: xrdp,vnc: password fixes
- debian/patches/CVE-2013-1430-5.patch: vnc: add const and comments to
  rfbEncryptBytes
- debian/patches/CVE-2013-1430-6.patch: sesman, xrdp: const, spacing
  changes
- CVE-2013-1430

Date: 2019-01-08 21:36:13.640106+00:00
Changed-By: Paulo Flabiano Smorigo 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/xrdp/0.6.1-2ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.114ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

flashplugin-nonfree (32.0.0.114ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream release (32.0.0.114)
- debian/flashplugin-installer.{config,postinst},
  debian/post-download-hook: Updated version and sha256sum

Date: 2019-01-08 15:09:26.259487+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.114ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] wireshark 2.6.5-1~ubuntu16.04.0 (Accepted)

[Ubuntu Archive Robot]

wireshark (2.6.5-1~ubuntu16.04.0) xenial-security; urgency=medium

  * Rebuild for Xenial to fix multiple security issues
  * Make wireshark depend on both wireshark-gtk and wireshark-qt

wireshark (2.6.5-1) unstable; urgency=medium

  * Add debian/gitlab-ci.yml
  * New upstream version 2.6.5
- release notes:
  https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
- security fixes:
  - The Wireshark dissection engine could crash. (CVE-2018-19625)
  - The DCOM dissector could crash. (CVE-2018-19626)
  - The LBMPDM dissector could crash. (CVE-2018-19623)
  - The MMSE dissector could go into an infinite loop. (CVE-2018-19622)
  - The IxVeriWave file parser could crash. (CVE-2018-19627)
  - The PVFS dissector could crash. (CVE-2018-19624)
  - The ZigBee ZCL dissector could crash. (CVE-2018-19628)
  * Update symbols

wireshark (2.6.4-2) unstable; urgency=medium

  [ nyov ]
  * Build and install mmdbresolve to make GeoIP-lookup work.
(adds dependency on libmaxminddb) (Closes: #911567)

  [ Gregor Jasny ]
  * debian: libwireshark-dev must depend on libwiretap-dev
because wireshark/epan/packet_info.h (libwireshark-dev)
depends on wireshark/wiretap/wtap.h (libwiretap-dev)
(LP: #1801666)

  [ Balint Reczey ]
  * Ship man page for mmdbresolve
  * debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr
making the test fail

Date: 2018-12-14 07:55:12.751858+00:00
Changed-By: Balint Reczey 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/wireshark/2.6.5-1~ubuntu16.04.0
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] chromium-browser 71.0.3578.98-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

chromium-browser (71.0.3578.98-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.

Date: 2018-12-13 12:15:34.808076+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/chromium-browser/71.0.3578.98-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] fontforge 20120731.b-7.1ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

fontforge (20120731.b-7.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2017-11568.patch: fix out
  of bounds read condition and buffer overflow in
  fontforge/parsettf.c, fontforge/psread.c,
  fontforge/tottf.c.
- CVE-2017-11568
  * SECURITY UPDATE: heap-based buffer over-read in
readttfcopyrights
- debian/patches/CVE-2017-11569-and-2017-11575.patch: fix
  out of bounds read condition in fontforge/parsettf.c.
- CVE-2017-11569
- CVE-2017-11575
  * SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2017-11571.patch: fix buffer overflow
  in fontforge/parsettf.c.
- CVE-2017-11571
  * SECURITY UPDATE: stack underflow condition in
readcfftopdicts
- debian/patches/CVE-2017-11572-and-2017-11576.patch: prevent
  stack uderflow condition in fontforge/parsettf.c.
- CVE-2017-11572
- CVE-2017-11576
  * SECURITY UPDATE: heap-based buffer overflow in readcffset
- debian/patches/CVE-2017-11574.patch: fix buffer condition
  in fontforge/parsetff.c.
- CVE-2017-11574
  * SECURITY UPDATE: buffer over-read in getsid
- debian/patches/CVE-2017-11577.patch: fix out of bounds read
  in fontforge/parsettf.c
- CVE-2017-11577

Date: 2018-12-20 20:38:12.144731+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/fontforge/20120731.b-7.1ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] netatalk 2.2.5-1ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

netatalk (2.2.5-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: RCE with root privileges
- debian/patches/CVE-2018-1160-01.patch: libatalk/dsi: avoid double use of
  variable i
- debian/patches/CVE-2018-1160-02.patch: libatalk/dsi: add correct bounding
  checking to dsi_opensession
- CVE-2018-1160

Date: 2018-12-20 14:51:19.833065+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/netatalk/2.2.5-1ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] freerdp 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 (Accepted)

[Ubuntu Archive Robot]

freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3) xenial-security; 
urgency=medium

  * SECURITY UPDATE: Integer truncation in update_read_bitmap_update
- debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
  type to avoid integer truncation in libfreerdp/core/update.c. Based on
  upstream patch.
- CVE-2018-8786
  * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
- debian/patches/CVE-2018-8787.patch: Check for and avoid possible
  integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
  patch.
- CVE-2018-8787
  * SECURITY UPDATE: Buffer overflow in nsc_rle_decode
- debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
  possible buffer overflow in libfreerdp/codec/nsc.c and
  libfreerdp/codec/nsc_encode.c. Based on upstream patch.
- CVE-2018-8788
  * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
- debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
  type when checking offset against stream length in
  winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
- CVE-2018-8789

Date: 2018-12-11 11:31:26.684727+00:00
Changed-By: Alex Murray 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] nodejs-mozilla 8.14.0-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

nodejs-mozilla (8.14.0-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream release: 8.14.0

Date: 2018-12-05 15:19:12.474905+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/nodejs-mozilla/8.14.0-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] rustc 1.30.0+dfsg1+llvm-2ubuntu1~16.04.1 (Accepted)

[Ubuntu Archive Robot]

 ld.so
  during some debuginfo tests
  - update debian/control
- Add a hack to ensure the stage0 compiler is extracted to the correct
  location
  - update debian/make_orig-stage0_tarball.sh
- Scrub -g from CFLAGS and CXXFLAGS in order to let rustbuild control
  whether LLVM is compiled with debug symbols
  - update debian/rules
- On i386, only build debuginfo for libstd
  - update debian/rules
- Ignore all test failures on every architecture
  - update debian/rules
- Version the Build-Conflict on gdb-minimal as gdb now Provides it
  - update debian/control

Date: 2018-11-12 22:30:12.763369+00:00
Changed-By: Michael Hudson-Doyle 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/rustc/1.30.0+dfsg1+llvm-2ubuntu1~16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] firefox 64.0+build3-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

firefox (64.0+build3-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream stable release (64.0build3)

firefox (64.0+build1-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream stable release (64.0build1)

  [ Olivier Tilloy ]
  * Do not attach Wi-Fi syslog to apport reports (LP: #1801383)
- update debian/apport/source_firefox.py.in
  * Update debian/patches/unity-menubar.patch
  * Use a custom build of Node.js (nodejs-mozilla), as it is now a required
build dependency
- update debian/config/mozconfig.in
- update debian/control{,.in}

  [ Rico Tzschichholz ]
  * Explicitly set HOME=/tmp
- update debian/build/rules.mk
  * Bump build-dep on rustc >= 1.29.0 and cargo >= 0.30
- update debian/control{,.in}
  * Bump cbindgen dependency to 0.6.7
- update debian/build/create-tarball.py
  * Ship removed onboarding watermark.svg to keep using it as symbolic icon
- add debian/symbolic.svg
- update debian/build/rules.mk
  * Drop upstreamed patches
- remove debian/patches/fix-armhf-aom-build.patch
  * Update patches
- update debian/patches/dont-treat-tilde-as-special.patch
- update debian/patches/drop-check-glibc-symbols.patch
- update debian/patches/update-gn-mozbuild.patch

Date: 2018-12-07 22:35:12.343937+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/firefox/64.0+build3-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] cargo 0.31.0-3ubuntu1~16.04.1 (Accepted)

[Ubuntu Archive Robot]

 from Debian unstable, remaining changes:
- Don't use the bootstrap.py script for bootstrapping as it no longer
  works.
  - remove debian/bootstrap.py
  - update debian/control
  - update debian/rules
  - update debian/make_orig_multi.sh
- Bump libgit2 dependency to 0.27.0. This is what is bundled in upstream
  checkouts now, and it no longer builds against 0.25.1.0
  - update debian/control
- Drop the unneeded dependency on libjs-jquery from cargo-doc
  - update debian/control
- Ignore test failures on s390x. There's no Debian build yet on this
  arch and there's nothing in the archive that requires cargo on s390x at
  this time
  - update debian/rules
- Don't disable generate_lockfile.rs:no_index_update, as this test was
  fixed upstream to not clone the real index
  - update debian/patches/2002_disable-net-tests.patch
- Disable fetch tests on non x86/x86-64 architectures, as those hit an
  unreachable!() in test code. Disable the Debian patch that disables these
  tests on every architecture
  - add debian/patches/disable-fetch-tests-on-non-x86.patch
  - update debian/patches/series

Date: 2018-11-13 09:02:13.247776+00:00
Changed-By: Michael Hudson-Doyle 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/cargo/0.31.0-3ubuntu1~16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.10 (Accepted)

[Ubuntu Archive Robot]

poppler (0.41.0-0ubuntu1.10) xenial-security; urgency=medium

  * SECURITY REGRESSION: fixing patch applied previously
for CVE-2018-19149
- debian/patch/CVE-2018-19149-fixing-previous.patch
  * SECURITY REGRESSION: fixing regression in check entry
- debian/patches/CVE-2018-16646-fix-regression-p1.patch
- debian/patches/CVE-2018-16646-fix-regression-p2.patch

Date: 2018-12-11 13:09:12.039286+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.10
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] poco 1.3.6p1-5.1ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

poco (1.3.6p1-5.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix zip decompression vulnerability
- debian/patches/80_zip_vulnerability.dpatch: Fix zip decompression
- CVE-2017-1000472

Date: 2018-12-07 17:30:12.790003+00:00
Changed-By: pfsmor...@canonical.com (Paulo F. Smorigo)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/poco/1.3.6p1-5.1ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] chromium-browser 71.0.3578.80-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

chromium-browser (71.0.3578.80-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

Date: 2018-12-04 22:21:12.205728+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/chromium-browser/71.0.3578.80-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] redis 2:3.0.6-1ubuntu0.3 (Accepted)

[Ubuntu Archive Robot]

redis (2:3.0.6-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Tighten Permissions
- Ensure /var/lib/redis and /var/log/redis are not world readable
- Set UMask=007 in redis-server.service, redis-sentinel.server
- Changes taken from Debian version 3:3.2.5-2
- CVE-2016-2121

Date: 2018-12-07 17:31:13.311558+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/redis/2:3.0.6-1ubuntu0.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] cups 2.1.3-4ubuntu0.6 (Accepted)

[Ubuntu Archive Robot]

cups (2.1.3-4ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: predictable session cookies
- debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c.
- CVE-2018-4700

Date: 2018-11-19 12:34:12.365172+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.6
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] lxml 3.5.0-1ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

lxml (3.5.0-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
- Make the cleaner remove javascript URLs
  that use espacing in in src/lxml/html/clean.py,
  src/lxml/html/tests/test_clean.txt.
- CVE-2018-19787

Date: 2018-12-07 12:48:15.204213+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/lxml/3.5.0-1ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] swftools 0.9.2+git20130725-4.1~build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

swftools (0.9.2+git20130725-4.1~build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-12-07 14:31:12.779488+00:00
Changed-By: Mike Salvatore 
Maintainer: Christian Welzel 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/swftools/0.9.2+git20130725-4.1~build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linkchecker 9.3-1+deb8u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

linkchecker (9.3-1+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-12-07 19:54:13.022673+00:00
Changed-By: Mike Salvatore 
Maintainer: Bastian Kleineidam 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/linkchecker/9.3-1+deb8u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] chrony 2.1.1-1ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

chrony (2.1.1-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote attackers to conduct impersonation attacks via
an arbitrary trusted key, aka a "skeleton key".
- debian/patches/CVE-2016-1567.patch: restrict authentication of
  server/peer to specified key.
- CVE-2016-1567

Date: 2018-12-06 16:49:12.043844+00:00
Changed-By: Eduardo dos Santos Barretto 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/chrony/2.1.1-1ubuntu0.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.3 (Accepted)

[Ubuntu Archive Robot]

ghostscript (9.26~dfsg+0-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: multiple regressions (LP: #1806517)
- debian/patches/020181126-96c381c*.patch: fix duplex issue.
- debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
  -dLastPage issue.

Date: 2018-12-06 16:56:25.943879+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] openssl 1.0.2g-1ubuntu4.14 (Accepted)

[Ubuntu Archive Robot]

openssl (1.0.2g-1ubuntu4.14) xenial-security; urgency=medium

  * SECURITY UPDATE: PortSmash side channel attack
- debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
  crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
- CVE-2018-5407
  * SECURITY UPDATE: timing side channel attack in DSA
- debian/patches/CVE-2018-0734-pre1.patch: address a timing side
  channel in crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
  crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
  crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
  crypto/dsa/dsa_ossl.c.
- CVE-2018-0734

Date: 2018-12-04 19:55:42.266176+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] wavpack 4.75.2-2ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

wavpack (4.75.2-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19840.patch: checking
  if sample_rate is not zero in src/pack_utils.c and
  removing register keyword in src/read_words.c.
- CVE-2018-19840

Date: 2018-12-05 20:42:12.782161+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/wavpack/4.75.2-2ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libraw 0.17.1-1ubuntu0.4 (Accepted)

[Ubuntu Archive Robot]

libraw (0.17.1-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple memory management issues
- debian/patches/CVE-2018-5807_5810_5811_5812.patch: out-of-bounds
  reads, heap-based buffer overflow and NULL pointer dereference in
  internal/dcraw_common.cpp
- CVE-2018-5807
- CVE-2018-5810
- CVE-2018-5811
- CVE-2018-5812
  * SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
  and internal/dcraw_common.cpp
- CVE-2018-5813
  * SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-5815.patch: integer overflow in
  internal/dcraw_common.cpp
- CVE-2018-5815
  * SECURITY UPDATE: Divide by zero
- debian/patches/CVE-2018-5816.patch: divide by zero in
  internal/dcraw_common.cpp
- CVE-2018-5816

Date: 2018-12-06 01:32:12.143813+00:00
Changed-By: Alex Murray 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.4
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] flashplugin-nonfree 32.0.0.101ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

flashplugin-nonfree (32.0.0.101ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream release (32.0.0.101)
- debian/flashplugin-installer.{config,postinst},
  debian/post-download-hook: Updated version and sha256sum

Date: 2018-12-05 13:56:18.838202+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/flashplugin-nonfree/32.0.0.101ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] chromium-browser 70.0.3538.110-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

chromium-browser (70.0.3538.110-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
  * debian/patches/relax-ninja-version-requirement.patch: refreshed

chromium-browser (70.0.3538.102-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.102
- CVE-2018-17478: Out of bounds memory access in V8.
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: added

Date: 2018-11-20 11:24:13.575459+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/chromium-browser/70.0.3538.110-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.9 (Accepted)

[Ubuntu Archive Robot]

poppler (0.41.0-0ubuntu1.9) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19149.patch: "check whether
  and embedded file is actually present in the PDF and
  show warning in that case" in glib/poppler-attachment.cc,
  glib/poppler-document.cc.
- CVE-2018-19149
  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite recursion via crafted file
- debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
  poppler/Parser.cc, poppler/XRef.h.
- CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
- debian/patches/CVE-2018-19058.patch: check for stream before calling
  stream methods when saving an embedded file in poppler/FileSpec.cc.
- CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2018-19059.patch: check for valid embedded file
  before trying to save it in utils/pdfdetach.cc.
- CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
- debian/patches/CVE-2018-19060.patch: check for valid file name of
  embedded file in utils/pdfdetach.cc.
- CVE-2018-19060

Date: 2018-12-03 14:20:25.144872+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.9
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] perl 5.22.1-9ubuntu0.6 (Accepted)

[Ubuntu Archive Robot]

perl (5.22.1-9ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
  util.c.
- CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
  * SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
  memchr in regcomp.c.
- CVE-2018-18313
  * SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
  pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c, 
  t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314

Date: 2018-11-20 14:30:15.989733+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ruby-minitar 0.5.4-3.1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

ruby-minitar (0.5.4-3.1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-29 21:23:12.506861+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ruby-minitar/0.5.4-3.1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] python-tablib 0.9.11-2+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

python-tablib (0.9.11-2+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-29 19:18:12.110584+00:00
Changed-By: Mike Salvatore 
Maintainer: PKG OpenStack 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/python-tablib/0.9.11-2+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] rzip 2.1-2ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

rzip (2.1-2ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow (integer overflow)
- debian/patches/CVE-2017-8364.patch: Fix heap buffer overflow by
  allocating a large enough bufferPatch taken from the OpenSUSE leap
  42.2 package.
- CVE-2017-8364

Date: 2018-11-29 18:21:13.162846+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/rzip/2.1-2ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libssh 0.6.3-4.3ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

libssh (0.6.3-4.3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
- debian/patches/CVE-2018-10933-regression.patch: set correct state
  after sending INFO_REQUEST in src/server.c.
- debian/patches/CVE-2018-10933-regression2.patch: add missing break in
  src/packet.c.
- debian/patches/CVE-2018-10933-regression3.patch: set correct state
  after sending GSSAPI_RESPONSE in src/gssapi.c.

Date: 2018-11-27 16:23:21.281941+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libssh/0.6.3-4.3ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

ghostscript (9.26~dfsg+0-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
- CVE-2018-19409
- CVE-2018-19475
- CVE-2018-19476
- CVE-2018-19477
  * Removed patches included in new version:
- debian/patches/0218*.patch
- debian/patches/lp1800062.patch
  * debian/symbols.common: updated for new version.

Date: 2018-11-28 15:04:26.730910+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] redis 2:3.0.6-1ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

redis (2:3.0.6-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Permissions issue
- debian/patches/CVE-2013-7458.patch: fix in
  deps/linenoise/linenoise.c.
- CVE-2013-7458
  * SECURITY UPDATE: Cross protocol scripting
- debian/patches/CVE-2016-10517.patch: fix in
  src/redis.c, src/redis.h.
- CVE-2016-10517
  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-15047.patch: fix in
  src/cluster.c.
- CVE-2017-15047
  * SECURITY UPDATE: Memory corruption
- debian/patches/CVE-2018-11218.patch: fix in
  deps/lua/src/lua_cmsgpack.c.
- CVE-2018-11218
  * SECURITY UPDATE: Integer Overflow
- debian/patches/CVE-2018-11219-*.patch: fix in
  deps/lua/src/lua_struct.c.
- CVE-2018-11219
  * SECURITY UPDATE: Buffer overflow in the redis-cli
- debian/patches/CVE-2018-12326.patch: fix in
  redis-cli.c.
- CVE-2018-12326

Date: 2018-06-27 17:16:12.663220+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/redis/2:3.0.6-1ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] openjdk-8 8u191-b12-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

openjdk-8 (8u191-b12-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Backport from Cosmic.

openjdk-8 (8u191-b12-0ubuntu0.18.10.1) cosmic-security; urgency=medium

  * Update to 8u191-b12. (Closes: #911925, LP: #1800792)
  * debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt
from upstream now.
  * debian/excludelist.langtools.jtx: upstream testing does not use any
exclusion list.
  * debian/patches/sec-webrev-8u191-b12*: removed, applied upstream.
  * debian/patches/jdk-8132985-backport-double-free.patch,
debian/patches/jdk-8139803-backport-warning.patch: fix crash in
freetypescaler due to double free, thanks to Heikki Aitakangas for
the report and patches. (Closes: #911847)
  * debian/rules:
- tar and save JTreport directory.
- run the same limited set of tests as upstream does.
- call the same testsuites scripts used for autopkgtest.
- reenable jdk testsuite.
- simplified and moved xvfb logic into check-jdk rule.
- removed jtreg and xvfb build dependency logic and moved the bdeps
  into debian/control.in.
- added rules to generate autopkgtest scripts from templates.
  * updated dep8 tests:
- debian/test/control: run hotspot, langtools, and jdk testsuites.
- debian/tests/hotspot, debian/tests/jdk, debian/tests/langtools:
  add scripts for each testsuite to be run.
- debian/tests/jtreg-autopkgtest.sh: template to generate the jtreg
  script used by the autopkgtest tests.
- debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report
  any differences between the autopkgtest and the tests results
  generated during the openjdk package build.
- debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg
  and put the resulting artifacts in the right places.
- debian/tests/valid-tests: removed, no longer needed.

Date: 2018-11-20 14:03:27.752680+00:00
Changed-By: Tiago Stürmer Daitx 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] git 1:2.7.4-0ubuntu1.6 (Accepted)

[Ubuntu Archive Robot]

git (1:2.7.4-0ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-15298.patch: fix in diff.h,
  revision.c.
- CVE-2017-15298

Date: 2018-11-27 14:14:13.769764+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.6
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] systemd 229-4ubuntu21.10 (Accepted)

[Ubuntu Archive Robot]

systemd (229-4ubuntu21.10) xenial-security; urgency=medium

  [ Chris Coulson ]
  * Revert the fixes for CVE-2018-6954 for causing a regression when running
in a container on old kernels (LP: #1804847)
- update debian/patches/series

  [ Balint Reczey ]
  * Fix LP: #1803391 - Don't always trigger systemctl stop of udev service
and sockets
- update debian/udev.postinst

Date: 2018-11-27 11:21:12.836003+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.10
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] mercurial 3.7.3-1ubuntu1.2 (Accepted)

[Ubuntu Archive Robot]

mercurial (3.7.3-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Refresh CVE-2018-13347-extras.patch as it was
missing part of the fix. Also updated CVE-2018-13346.patch and
CVE-2018-13348.patch to correctly reflect the correct lines.

Date: 2018-11-27 15:36:13.490587+00:00
Changed-By: Eduardo dos Santos Barretto 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/mercurial/3.7.3-1ubuntu1.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.18 (Accepted)

[Ubuntu Archive Robot]

samba (2:4.3.11+dfsg-0ubuntu0.16.04.18) xenial-security; urgency=medium

  * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server
- debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
  counter in  source4/dns_server/dns_query.c.
- CVE-2018-14629
  * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
- debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with
  mis-matching principal in source4/kdc/db-glue.c.
- CVE-2018-16841
  * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
- debian/patches/CVE-2018-16851.patch: check ret before manipulating
  blob in source4/ldap_server/ldap_server.c.
- CVE-2018-16851

Date: 2018-11-19 14:09:13.104655+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.18
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] wireshark 2.6.4-2~ubuntu16.04.0 (Accepted)

[Ubuntu Archive Robot]

wireshark (2.6.4-2~ubuntu16.04.0) xenial-security; urgency=medium

  * Rebuild for Xenial to fix multiple security issues
  * Make wireshark depend on both wireshark-gtk and wireshark-qt

wireshark (2.6.4-2) unstable; urgency=medium

  [ nyov ]
  * Build and install mmdbresolve to make GeoIP-lookup work.
(adds dependency on libmaxminddb) (Closes: #911567)

  [ Gregor Jasny ]
  * debian: libwireshark-dev must depend on libwiretap-dev
because wireshark/epan/packet_info.h (libwireshark-dev)
depends on wireshark/wiretap/wtap.h (libwiretap-dev)
(LP: #1801666)

  [ Balint Reczey ]
  * Ship man page for mmdbresolve
  * debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr
making the test fail

wireshark (2.6.4-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Removing redundant Priority field in binary package
  * d/changelog: Remove trailing whitespaces

  [ Balint Reczey ]
  * Install at-spi2-core in gui autopkgtest to avoid error messages
  * debian/test/gui: Ignore stderr from wireshark-gtk since upstream deprecated
it and also start bigger virtual screen
  * New upstream version 2.6.4
- release notes:
  https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html
- security fixes:
  - MS-WSP dissector crash (CVE-2018-18227)
  - Steam IHS Discovery dissector memory leak (CVE-2018-18226)
  - CoAP dissector crash (CVE-2018-18225)
  - OpcUA dissector crash (CVE-2018-12086)

wireshark (2.6.3-1) unstable; urgency=medium

  * Use GLX extension in autopkgtest, Qt needs it
  * New upstream version 2.6.3
- release notes:
  https://www.wireshark.org/docs/relnotes/wireshark-2.6.3.html
- security fixes:
  - Bluetooth AVDTP dissector crash. (CVE-2018-16058)
  - Bluetooth Attribute Protocol dissector crash. (CVE-2018-16056)
  - Radiotap dissector crash. (CVE-2018-16057)
  * Refresh patches
  * Update symbols

Date: 2018-11-20 18:15:28.694417+00:00
Changed-By: Balint Reczey 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/wireshark/2.6.4-2~ubuntu16.04.0
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] freedink-dfarc 3.12-1+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

freedink-dfarc (3.12-1+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-21 16:29:18.806344+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/freedink-dfarc/3.12-1+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ruby-ox 2.1.1-2+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

ruby-ox (2.1.1-2+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-21 18:56:13.247161+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ruby-ox/2.1.1-2+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libofx 1:0.9.10-1+deb8u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

libofx (1:0.9.10-1+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-21 16:58:13.053312+00:00
Changed-By: Mike Salvatore 
Maintainer: Sébastien Villemot 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libofx/1:0.9.10-1+deb8u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] qemu 1:2.5+dfsg-5ubuntu10.33 (Accepted)

[Ubuntu Archive Robot]

qemu (1:2.5+dfsg-5ubuntu10.33) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
- debian/patches/CVE-2018-10839.patch: use proper type in
  hw/net/ne2000.c.
- CVE-2018-10839
  * SECURITY UPDATE: buffer overflow via incoming fragmented datagrams
- debian/patches/CVE-2018-11806.patch: correct size computation in
  slirp/mbuf.c, slirp/mbuf.h.
- CVE-2018-11806
  * SECURITY UPDATE: integer overflow via crafted QMP command
- debian/patches/CVE-2018-12617.patch: check bytes count read by
  guest-file-read in qga/commands-posix.c.
- CVE-2018-12617
  * SECURITY UPDATE: buffer overflow in rtl8139
- debian/patches/CVE-2018-17958.patch: use proper type in
  hw/net/rtl8139.c.
- CVE-2018-17958
  * SECURITY UPDATE: buffer overflow in pcnet
- debian/patches/CVE-2018-17962.patch: use proper type in
  hw/net/pcnet.c.
- CVE-2018-17962
  * SECURITY UPDATE: DoS via large packet sizes
- debian/patches/CVE-2018-17963.patch: check size in net/net.c.
- CVE-2018-17963
  * SECURITY UPDATE: DoS in lsi53c895a
- debian/patches/CVE-2018-18849.patch: check message length value is
  valid in hw/scsi/lsi53c895a.c.
- CVE-2018-18849
  * SECURITY UPDATE: race condition in 9p
- debian/patches/CVE-2018-19364-1.patch: use write lock in
  hw/9pfs/cofile.c.
- debian/patches/CVE-2018-19364-2.patch: use write lock in
  hw/9pfs/virtio-9p.c.
- CVE-2018-19364

Date: 2018-11-22 15:08:42.459669+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.33
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] tor 0.2.9.14-1ubuntu1~16.04.3 (Accepted)

[Ubuntu Archive Robot]

tor (0.2.9.14-1ubuntu1~16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote crash attack against directory authorities.
- debian/patches/CVE-2018-0490.patch: Correctly handle NULL returns
  from parse_protocol_list when voting.
- CVE-2018-0490

Date: 2018-11-22 18:58:12.857577+00:00
Changed-By: Eduardo dos Santos Barretto 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/tor/0.2.9.14-1ubuntu1~16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] mercurial 3.7.3-1ubuntu1.1 (Accepted)

[Ubuntu Archive Robot]

mercurial (3.7.3-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: The convert extension might allow attackers to
execute arbitrary code via a crafted git repository name.
- debian/patches/CVE-2016-3105.patch: Pass absolute paths to git.
- CVE-2016-3105
  * SECURITY UPDATE: hg server --stdio allows remote authenticated users
to launch the Python debugger and execute arbitrary code.
- debian/patches/CVE-2017-9462.patch: Protect against malicious hg
  serve --stdio invocations.
- CVE-2017-9462
  * SECURITY UPDATE: A specially malformed repository can cause GIT
subrepositories to run arbitrary code.
- debian/patches/CVE-2017-17458_part1.patch: add test-audit-subrepo.t
  testcase.
- debian/patches/CVE-2017-17458_part2.patch: disallow symlink
  traversal across subrepo mount point.
- CVE-2017-17458
  * SECURITY UPDATE: Missing symlink check could be abused to write to files
outside the repository.
- debian/patches/CVE-2017-1000115.patch: Fix symlink traversal.
- CVE-2017-1000115
  * SECURITY UPDATE: Possible shell-injection attack from not adequately
sanitizing hostnames passed to ssh.
- debian/patches/CVE-2017-1000116.patch: Sanitize hostnames passed to ssh.
- CVE-2017-1000116
  * SECURITY UPDATE: Integer underflow and overflow.
- debian/patches/CVE-2018-13347.patch: Protect against underflow. 
- debian/patches/CVE-2018-13347-extras.patch: Protect against overflow.
- CVE-2018-13347
  * SECURITY UPDATE: Able to start fragment past of the end of original data.
- debian/patches/CVE-2018-13346.patch: Ensure fragment start is not past
  then end of orig.
- CVE-2018-13346
  * SECURITY UPDATE: Data mishandling in certain situations.
- debian/patches/CVE-2018-13348.patch: Be more careful about parsing
  binary patch data.
- CVE-2018-13348
  * SECURITY UPDATE: Vulnerability in Protocol server can result in
unauthorized data access.
- debian/patches/CVE-2018-1000132.patch: Always perform permissions
  checks on protocol commands.
- CVE-2018-1000132

Date: 2018-11-22 17:57:12.046749+00:00
Changed-By: Eduardo dos Santos Barretto 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/mercurial/3.7.3-1ubuntu1.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] firefox 63.0.3+build1-0ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

firefox (63.0.3+build1-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream stable release (63.0.3build1)

firefox (63.0.1+build4.1-0ubuntu0.16.04.1) xenial; urgency=medium

  * Downgrade cbindgen to 0.6.6 in the source tarball to fix a build failure
  * Pin cbindgen version in the tarball to the version explicitly requested,
and bump the requirement to 0.6.6 as this is what has been used for stable
builds
- update debian/build/create-tarball.py

firefox (63.0.1+build4-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream stable release (63.0.1build4)

  * Define CBINDGEN variable instead of changing PATH
- update debian/config/mozconfig.in

Date: 2018-11-16 15:25:31.570766+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/firefox/63.0.3+build1-0ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libapache2-mod-perl2 2.0.9-4ubuntu1.2 (Accepted)

[Ubuntu Archive Robot]

libapache2-mod-perl2 (2.0.9-4ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary perl code execution via .htaccess file
- debian/patches/CVE-2011-2767.patch: only allow perl and pod sections
  in server configuration and not per directory in
  src/modules/perl/mod_perl.c.
- CVE-2011-2767

Date: 2018-11-15 17:49:02.363684+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libapache2-mod-perl2/2.0.9-4ubuntu1.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] flashplugin-nonfree 31.0.0.153ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

flashplugin-nonfree (31.0.0.153ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream release (31.0.0.153)
- debian/flashplugin-installer.{config,postinst},
  debian/post-download-hook: Updated version and sha256sum

Date: 2018-11-20 13:48:15.624267+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/flashplugin-nonfree/31.0.0.153ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] unrar-free 1:0.0.1+cvs20140707-4~build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

unrar-free (1:0.0.1+cvs20140707-4~build0.16.04.1) xenial-security; 
urgency=medium

  * fake sync from Debian

Date: 2018-11-19 21:38:12.928933+00:00
Changed-By: Mike Salvatore 
Maintainer: Ying-Chun Liu 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/unrar-free/1:0.0.1+cvs20140707-4~build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] systemd 229-4ubuntu21.9 (Accepted)

[Ubuntu Archive Robot]

systemd (229-4ubuntu21.9) xenial-security; urgency=medium

  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
  resolve this completely
- CVE-2018-6954

Date: 2018-11-15 21:59:18.335706+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.9
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] minissdpd 1.2.20130907-3+deb8u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

minissdpd (1.2.20130907-3+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-15 20:31:12.764986+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/minissdpd/1.2.20130907-3+deb8u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] minicom 2.7-1+deb8u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

minicom (2.7-1+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-15 20:12:13.336501+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/minicom/2.7-1+deb8u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] miniupnpd 1.8.20140523-4.1+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

miniupnpd (1.8.20140523-4.1+deb9u1build0.16.04.1) xenial-security; 
urgency=medium

  * fake sync from Debian

Date: 2018-11-14 15:29:13.792515+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/miniupnpd/1.8.20140523-4.1+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] unrar-nonfree 1:5.3.2-1+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

unrar-nonfree (1:5.3.2-1+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-14 15:22:12.440057+00:00
Changed-By: Mike Salvatore 
Maintainer: Martin Meredith 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.3.2-1+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] plexus-archiver 2.2-1+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

plexus-archiver (2.2-1+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-09 16:19:13.538650+00:00
Changed-By: Mike Salvatore 
Maintainer: Debian Java Maintainers 

Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/plexus-archiver/2.2-1+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ruby-rack-protection 1.5.3-2+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

ruby-rack-protection (1.5.3-2+deb9u1build0.16.04.1) xenial-security; 
urgency=medium

  * fake sync from Debian

Date: 2018-11-09 16:28:13.008388+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ruby-rack-protection/1.5.3-2+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] flashplugin-nonfree 31.0.0.148ubuntu0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

flashplugin-nonfree (31.0.0.148ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream release (31.0.0.148)
- debian/flashplugin-installer.{config,postinst},
  debian/post-download-hook: Updated version and sha256sum

Date: 2018-11-13 14:58:18.196016+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/flashplugin-nonfree/31.0.0.148ubuntu0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] python2.7 2.7.12-1ubuntu0~16.04.4 (Accepted)

[Ubuntu Archive Robot]

python2.7 (2.7.12-1ubuntu0~16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow via race condition
- debian/patches/CVE-2018-130-1.patch: stop crashes when iterating
  over a file on multiple threads in Lib/test/test_file2k.py,
  Objects/fileobject.c.
- debian/patches/CVE-2018-130-2.patch: fix crash when multiple
  threads iterate over a file in Lib/test/test_file2k.py,
  Objects/fileobject.c.
- CVE-2018-130
  * SECURITY UPDATE: command injection in shutil module
- debian/patches/CVE-2018-1000802.patch: use subprocess rather than
  distutils.spawn in Lib/shutil.py.
- CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
  Lib/difflib.py, Lib/poplib.py. Added tests to
  Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
  Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647

Date: 2018-11-12 17:53:12.869472+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.4
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] python3.5 3.5.2-2ubuntu0~16.04.5 (Accepted)

[Ubuntu Archive Robot]

python3.5 (3.5.2-2ubuntu0~16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
  Lib/difflib.py, Lib/poplib.py. Added tests to
  Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
  Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647

Date: 2018-11-12 15:36:12.624587+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.5
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] systemd 229-4ubuntu21.8 (Accepted)

[Ubuntu Archive Robot]

systemd (229-4ubuntu21.8) xenial-security; urgency=medium

  * SECURITY UPDATE: reexec state injection
- debian/patches/CVE-2018-15686.patch: when deserializing state always use
  read_line(…, LONG_LINE_MAX, …) rather than fgets()
- CVE-2018-15686
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954.patch: don't resolve pathnames when 
traversing
  recursively through directory trees
- CVE-2018-6954

Date: 2018-11-09 07:55:12.827425+00:00
Changed-By: Chris Coulson 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.8
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] gettext 0.19.7-2ubuntu3.1 (Accepted)

[Ubuntu Archive Robot]

gettext (0.19.7-2ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Invalid free
- debian/patches/CVE-2018-18751.patch: fix in
  gettext-tools/src/po-gram-gen.y,
  gettext-tools/src/read-catalog.c,
  gettext-tools/tests/Makefile.am,
  gettext-tools/tests/xgettext-po-2.
   - CVE-2018-18751
  * Add bison as build-dep since gettext runs/needs yacc in build time
- debian/control

Date: 2018-11-08 15:23:15.541211+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/gettext/0.19.7-2ubuntu3.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libmspack 0.5-1ubuntu0.16.04.3 (Accepted)

[Ubuntu Archive Robot]

libmspack (0.5-1ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c
- CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
- debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
  enough in cab.h
- CVE-2018-18584

Date: 2018-11-12 03:39:12.025679+00:00
Changed-By: Alex Murray 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ruby-redis-store 1.1.6-1+deb9u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

ruby-redis-store (1.1.6-1+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-08 20:08:34.034279+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/ruby-redis-store/1.1.6-1+deb9u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] pyopenssl 0.15.1-2ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

pyopenssl (0.15.1-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: use-after-free and memory leak
- debian/patches/CVE-2018-100080x-pre.patch: fix use-after-free and
  introduce _from_raw_x509_ptr in OpenSSL/SSL.py, OpenSSL/crypto.py.
- debian/patches/CVE-2018-100080x.patch: fix issues in OpenSSL/SSL.py,
  OpenSSL/crypto.py, add test to OpenSSL/test/test_ssl.py.
- debian/control: depend on python-cryptography security update to
  get access to new X509_up_ref function.
- CVE-2018-1000807
- CVE-2018-1000808
  * debian/patches/update_certs.patch: update expired test certs.

Date: 2018-11-07 18:59:13.933980+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/pyopenssl/0.15.1-2ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] python-cryptography 1.2.3-1ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

python-cryptography (1.2.3-1ubuntu0.2) xenial-security; urgency=medium

  * debian/patches/add_x509_up_ref.patch: add X509_up_ref function for
pyopenssl security update.

Date: 2018-10-18 11:44:12.070400+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/python-cryptography/1.2.3-1ubuntu0.2
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] plexus-utils 1:1.5.15-4+deb8u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

plexus-utils (1:1.5.15-4+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-07 20:26:12.967769+00:00
Changed-By: Mike Salvatore 
Maintainer: Debian Java Maintainers 

Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/plexus-utils/1:1.5.15-4+deb8u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] nginx 1.10.3-0ubuntu0.16.04.3 (Accepted)

[Ubuntu Archive Robot]

nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
- debian/patches/CVE-2018-16843.patch: add flood detection in
  src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
- debian/patches/CVE-2018-16844-pre.patch: backport new
  http2_max_requests directive.
- debian/patches/CVE-2018-16844.patch: limit the number of idle state
  switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
- debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
  src/http/modules/ngx_http_mp4_module.c.
- CVE-2018-16845

Date: 2018-11-06 20:23:36.169829+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] tre 0.8.0-4+deb8u1build0.16.04.1 (Accepted)

[Ubuntu Archive Robot]

tre (0.8.0-4+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

Date: 2018-11-06 19:41:13.487927+00:00
Changed-By: Mike Salvatore 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/tre/0.8.0-4+deb8u1build0.16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes