[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

Trusty would require a significant backport, marking it as won't fix to prevent possible regressions. ** Changed in: openssl (Ubuntu Trusty) Assignee: David Fernandez Gonzalez (litios) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch see

[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

Fixed released for Xenial ESM: 1.0.2g-1ubuntu4.20+esm12 https://ubuntu.com/security/notices/USN-6663-2 ** Changed in: openssl (Ubuntu Xenial) Status: New => Fix Released ** Changed in: openssl (Ubuntu Trusty) Status: New => Won't Fix -- You received this bug notification because

[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

https://ubuntu.com/security/notices/USN-6663-1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl

[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

Bionic released in ESM Infra, version 1.1.1-1ubuntu2.1~18.04.23+esm5 ** Changed in: openssl (Ubuntu Bionic) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

** Changed in: openssl (Ubuntu Bionic) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Focal) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Jammy) Assignee: (unassigned) => David

[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

** Changed in: openssl (Ubuntu) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Also affects: openssl (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: open

[Touch-packages] [Bug 2054090] [NEW] Implicit rejection of PKCS#1 v1.5 RSA

Public bug reported: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos-

[Touch-packages] [Bug 1989731] Re: Non-root user unable to change own password if pam_pwhistory is used

Thanks for the heads up Alejandro! A fix was committed and merged for the CIS/USG tooling. We are preparing a new version but we are still working on some other fixes to include. I'll update the thread when it comes out. ** Changed in: pam (Ubuntu) Status: New => Fix Committed **

[Touch-packages] [Bug 1998444] Re: Backport security fix for CVE-2022-3970

The fix for CVE-2022-3970 has been released in the following versions: Ubuntu 22.10: 4.4.0-4ubuntu3.2 Ubuntu 22.04 LTS: 4.3.0-6ubuntu0.3 Ubuntu 20.04 LTS: 4.1.0+git191117-2ubuntu0.20.04.7 Ubuntu 18.04 LTS: 4.0.9-5ubuntu0.9 ** Changed in: tiff (Ubuntu) Status: In Progress => Fix

[Touch-packages] [Bug 1998444] Re: Backport security fix for CVE-2022-3970

** Changed in: tiff (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1998444 Title: Backport security fix for CVE-2022-3970 Status

[Touch-packages] [Bug 1998444] Re: Backport security fix for CVE-2022-3970

** Changed in: tiff (Ubuntu) Assignee: (unassigned) => David Fernandez Gonzalez (litios) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1998444 Title: Backport secur

[Touch-packages] [Bug 1998169] Re: useradd command does not copy all of /etc/skel

** Changed in: shadow (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1998169 Title: useradd command does not copy all of /etc/skel

[Touch-packages] [Bug 1989731] Re: Non-root user unable to change own password if pam_pwhistory is used

** Changed in: usg Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: usg Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu.

[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal and Jammy

New security versions of tiff have been released for focal and bionic. These versions provide the corresponding fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844. https://ubuntu.com/security/notices/USN-5523-2 -- You received this bug notification because

[Touch-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal, Impish and Jammy

Packages patched for CVE-2020-35522, CVE-2022-0561, CVE-2022-0562, CVE-2022-0865 and CVE-2022-0891 are now released and available. (https://ubuntu.com/security/notices/USN-5421-1). Jammy is currently at version 4.3.0-6 which includes the patch for CVE-2022-0865 as it was introduced in 4.3.0-5.