Trusty would require a significant backport, marking it as won't fix to
prevent possible regressions.
** Changed in: openssl (Ubuntu Trusty)
Assignee: David Fernandez Gonzalez (litios) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch see
Fixed released for Xenial ESM: 1.0.2g-1ubuntu4.20+esm12
https://ubuntu.com/security/notices/USN-6663-2
** Changed in: openssl (Ubuntu Xenial)
Status: New => Fix Released
** Changed in: openssl (Ubuntu Trusty)
Status: New => Won't Fix
--
You received this bug notification because
https://ubuntu.com/security/notices/USN-6663-1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2054090
Title:
Implicit rejection of PKCS#1 v1.5 RSA
Status in openssl
Bionic released in ESM Infra, version 1.1.1-1ubuntu2.1~18.04.23+esm5
** Changed in: openssl (Ubuntu Bionic)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
** Changed in: openssl (Ubuntu Bionic)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Focal)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Jammy)
Assignee: (unassigned) => David
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Also affects: openssl (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: open
Public bug reported:
OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random
output instead of an exception when detecting wrong padding
(https://github.com/openssl/openssl/pull/13817).
There are available backports already:
* 3.0 https://gitlab.com/redhat/centos-
Thanks for the heads up Alejandro!
A fix was committed and merged for the CIS/USG tooling.
We are preparing a new version but we are still working on some other
fixes to include. I'll update the thread when it comes out.
** Changed in: pam (Ubuntu)
Status: New => Fix Committed
**
The fix for CVE-2022-3970 has been released in the following versions:
Ubuntu 22.10: 4.4.0-4ubuntu3.2
Ubuntu 22.04 LTS: 4.3.0-6ubuntu0.3
Ubuntu 20.04 LTS: 4.1.0+git191117-2ubuntu0.20.04.7
Ubuntu 18.04 LTS: 4.0.9-5ubuntu0.9
** Changed in: tiff (Ubuntu)
Status: In Progress => Fix
** Changed in: tiff (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1998444
Title:
Backport security fix for CVE-2022-3970
Status
** Changed in: tiff (Ubuntu)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1998444
Title:
Backport secur
** Changed in: shadow (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1998169
Title:
useradd command does not copy all of /etc/skel
** Changed in: usg
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: usg
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
New security versions of tiff have been released for focal and bionic.
These versions provide the corresponding fixes for CVE-2022-0907,
CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844.
https://ubuntu.com/security/notices/USN-5523-2
--
You received this bug notification because
Packages patched for CVE-2020-35522, CVE-2022-0561, CVE-2022-0562,
CVE-2022-0865 and CVE-2022-0891 are now released and available.
(https://ubuntu.com/security/notices/USN-5421-1).
Jammy is currently at version 4.3.0-6 which includes the patch for
CVE-2022-0865 as it was introduced in 4.3.0-5.
15 matches
Mail list logo