[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Patch added: "libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476579/+files/libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, wh

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Description changed: - The version of libseccomp2 in bionic does not know about the openat2 - syscall. + [Impact] - In my particular usecase, I was trying to run podman/buildah in an - nspawn container, using fuse-overlayfs. This leads to peculiar failure - modes as described in this issue:

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Patch added: "libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476578/+files/libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, wh

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Changed in: libseccomp (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Bionic) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Focal) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Groovy) St

[Touch-packages] [Bug 1918696] Re: libseccomp 2.5.1 will break unit tests on ppc

Yes this is not needed for xenial since that version of systemd is not new enough to be affected by this issue (see the bug description for more details). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. http

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

The fix for systemd's LP: #1918696 is not in the systemd xenial SRU since, as noted in that bug, systemd in xenial doesn't include upstream commit 469830d1426a91e0897c321fdc8ee428f0a750c1 which reworked the code to switch from seccomp_rule_add to seccomp_rule_add_exact. In this case systemd could h

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

Tested for libseccomp as follows: cat

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

Regarding the failing autopkgtests from bionic reported in comment #28: - the containerd and chrony ones on s390x are transient failures due to networking issues in the test infrastructure so should hopefully pass on a re-run. - I can't reproduce the flatpak/amd64 failure locally so I assume th

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

The systemd/229-4ubuntu21.29 (i386) test looks very flaky - this seems to fail more often than not looking at https://autopkgtest.ubuntu.com/packages/s/systemd/xenial/i386 - and the tests which failed for the libseccomp 2.5.1-1ubuntu1~16.04.1 run (boot- and-services and boot-smoke) also failed for

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

For the focal autopkgtest failures above: docker.io/19.03.8-0ubuntu1.20.04.2 (arm64) systemd/245.4-4ubuntu3.5 (ppc64el) The docker.io/arm64 failed due to network issues in the test infrastructure: + lxc launch ubuntu-daily:focal/arm64 docker -c security.nesting=true Creating docker Error: Failed

[Touch-packages] [Bug 1922553] Re: libnss3 package contains invalid library paths

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ns

[Touch-packages] [Bug 1908818] Re: pure packaging of libnss3

@paelzer - we just got another duplicate of this filed for nss in groovy - is the server team working on a fix for this for groovy? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

similarly for xenial there is only one failure for libseccomp autopkgtests which is systemd/i386 - https://people.canonical.com /~ubuntu-archive/proposed- migration/xenial/update_excuses.html#libseccomp - and this looks reasonably flaky in recent history https://autopkgtest.ubuntu.com/packages/s/sy

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

libseccomp on bionic looks good from what I can see on https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html#libseccomp - can this please migrate now? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is sub

[Touch-packages] [Bug 1904192] Re: ebtables can not rename just created chain

** Also affects: iptables (Ubuntu Hirsute) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https

[Touch-packages] [Bug 48734] Re: Home permissions too open

s: Fix Committed => Fix Released ** Changed in: shadow (Ubuntu Hirsute) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: adduser (Ubuntu Hirsute) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubun

[Touch-packages] [Bug 675560] Re: Home dirs shouldn't be world readable

*** This bug is a duplicate of bug 48734 *** https://bugs.launchpad.net/bugs/48734 ** This bug has been marked a duplicate of bug 48734 Home permissions too open -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to adduser

[Touch-packages] [Bug 48734] Re: Home permissions too open

As noted in the discourse thread on this https://discourse.ubuntu.com/t /private-home-directories-for-ubuntu-21-04-onwards/19533 - I think a similar ACL approach should be able to be used to give the www-data user or similar access to your home dir for ~/public_html or for samba as needed. -- You

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

I have packages for 2.5.1 in the ubuntu-security-proposed PPA at https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa if you would like to give them a try I would appreciate any feedback etc. -- You received this bug notification because you are a member of Ubuntu Touch seeded pack

[Touch-packages] [Bug 1913339] Re: wrong path install location for groovy package

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ns

[Touch-packages] [Bug 1913493] Re: pc

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1910975] Re: package libflite1:amd64 2.2-1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1910943] Re: package util-linux 2.34-0.1ubuntu9.1 failed to install/upgrade: package util-linux is not ready for configuration cannot configure (current status 'half-installed')

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1909334] Re: bug

Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see https://wiki.ubuntu.

[Touch-packages] [Bug 1909602] Re: package unattended-upgrades 1.1ubuntu1.18.04.7~16.04.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1914652] Re: Broken dir and symlinks in package

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ns

[Touch-packages] [Bug 1908818] Re: pure packaging of libnss3

** Also affects: nss (Ubuntu Hirsute) Importance: Undecided Status: Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1908818 Title: pure packaging of libn

[Touch-packages] [Bug 1914961] Re: Contains literal path: /usr/lib/${DEB_HOST_MULTIARCH}

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ns

[Touch-packages] [Bug 1938938] Re: apparmor denials for gnutls configuration

We already have an abstraction (ie a policy fragment) for openssl - https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor.d/abstractions/openssl - perhaps a similar one should be created for gnutls and then this can be #include'd into the profiles for the various applications that wi

[Touch-packages] [Bug 1938938] Re: apparmor denials for gnutls configuration

Hmm there is also a crypto abstraction too https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor.d/abstractions/crypto - and this is included in the base abstraction so perhaps this *might* be another candidate..? -- You received this bug notification because you are a member of Ub

[Touch-packages] [Bug 2024637] Re: apparmor.service tries to load snapd generated apparmor profiles but fails

** Patch added: "debdiff for bionic" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682828/+files/apparmor_2.12-4ubuntu5.2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in U

[Touch-packages] [Bug 2024637] Re: apparmor.service tries to load snapd generated apparmor profiles but fails

Importance: Undecided => High ** Changed in: apparmor (Ubuntu Xenial) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu Bionic) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu Xenial) Status: New => I

[Touch-packages] [Bug 2024637] Re: apparmor.service tries to load snapd generated apparmor profiles but fails

It turns out there was already an upload of apparmor 2.12-4ubuntu5.2 to bionic-proposed that got rejected (https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703821/comments/15), so this update will instead need to skip this version number and use 2.12-4ubuntu5.3 instead. -- You received th

[Touch-packages] [Bug 2024637] Re: apparmor.service tries to load snapd generated apparmor profiles but fails

** Patch added: "bionic debdiff with corrected version number" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682930/+files/apparmor_2.12-4ubuntu5.3.debdiff ** Patch removed: "debdiff for bionic" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/

[Touch-packages] [Bug 2026227] [NEW] Backport 4.0 ABI for AppArmor 3 in mantic

lt;(aa-features-abi -x) f17b0a97806d733b5b884d8a1c2fea37 /etc/apparmor.d/abi/4.0 f17b0a97806d733b5b884d8a1c2fea37 /dev/fd/63 ** Affects: apparmor (Ubuntu) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: New ** Affects: apparmor (Ubuntu Mantic) Impo

[Touch-packages] [Bug 2034133] Re: i cant update ubuntu

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 2034449] Re: IP phising

Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see https://wiki.ubuntu.

[Touch-packages] [Bug 2035315] [NEW] Unprivileged user namespace restrictions break various applications

) Importance: High Assignee: Alex Murray (alexmurray) Status: Confirmed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu) Importance: Undecided => High ** Changed in: apparmor (Ubuntu) Statu

[Touch-packages] [Bug 2036128] [NEW] [FFe] enable unprivileged user namespace restrictions by default for mantic

Public bug reported: As per https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace- restrictions-via-apparmor-in-ubuntu-23-10/37626, unprivileged user namespace restrictions for Ubuntu 23.10 are to be enabled by default via a sysctl.d conf file in apparmor. In https://bugs.launchpad.net/

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

Proposed changes for FFe to enable the sysctl by default but add fallback logic to disable it if the system doesn't provide all the required features. ** Patch added: "apparmor_4.0.0~alpha2-0ubuntu4.debdiff" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2036128/+attachment/5701125/+f

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

apt log when installing new apparmor packages ** Description changed: As per https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace- restrictions-via-apparmor-in-ubuntu-23-10/37626, unprivileged user namespace restrictions for Ubuntu 23.10 are to be enabled by default via a sysct

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

I have uploaded this new version to https://launchpad.net/~alexmurray/+archive/ubuntu/lp2036128 and so it should be built soon (from which the build log will be available). Please let me know if any other information is required. -- You received this bug notification because you are a member of U

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

@sil2100 - apologies, I think I wasn't clear - for the actual enablement to take effect, this FFe does require the new kernel - BUT I added some fallback logic to detect if the kernel doesn't support the required feature so that the sysctl gets disabled in that case when the apparmor service is sta

[Touch-packages] [Bug 2036302] Re: apparmor 4.0.0~alpha2-0ubuntu3 ships same file as liblxc-common

Apologies for this - I am working on an update now to resolve it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2036302 Title: apparmor 4.0.0~alpha2-0ubuntu3 ships same file

[Touch-packages] [Bug 2036302] Re: apparmor 4.0.0~alpha2-0ubuntu3 ships same file as liblxc-common

Uploaded in apparmor 4.0.0~alpha2-0ubuntu4 - currently waiting to build etc - https://launchpad.net/ubuntu/mantic/+queue?queue_state=3&queue_text=apparmor ** Changed in: apparmor (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ub

[Touch-packages] [Bug 2035315] Re: Unprivileged user namespace restrictions break various applications

As seen in https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2036302 it turns out the lxc package already shipped a profile in /etc/apparmor.d/usr.bin.lxc-create - so this profile itself needs to be updated to add the userns permission and declare the new ABI in lxc in mantic. ** Also affect

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

FYI I redid this change again on top of the fix from https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2036302 and have uploaded it to the aforementioned PPA (debdiff is almost identical, except for the different context in debian/changelog) ** Patch added: "apparmor_4.0.0~alpha2-0ubuntu5.debdiff

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

@vorlon - the FFe you approved was to upload a whole new release apparmor-4.0.0~alpha2 with supporting infrastructure for this feature, but crucially it did not enable it at that time (as we wanted more time to add additional profiles for all the packages in the archive so that when then feature ge

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

** Changed in: apparmor (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2036128 Title: [FFe] enable unprivileged user namespace r

[Touch-packages] [Bug 2036698] [NEW] Unprivileged user namespace restrictions break various third-party applications

Public bug reported: Similar to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2035315 the proposed unprivileged user namespace restrictions feature of apparmor in mantic breaks various third-party applications that use unprivileged userns for sandboxing themselves. These include: - Bra

[Touch-packages] [Bug 2036698] Re: Unprivileged user namespace restrictions break various third-party applications

** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu) Importance: Undecided => High ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

As discussed with the wider security team, we have decided not to push ahead with this change for mantic and instead will look to enable it very early in the 24.04 devel cycle . Marking as invalid and unsubscribing the release team. ** Changed in: apparmor (Ubuntu) Status: New => Won't Fix

[Touch-packages] [Bug 1819240] Re: Many sites will not connect. Very slow. Some siezing.

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1820319] Re: [To Be Filled By O.E.M., Realtek ALC662 rev1, Blue Line In, Rear] No sound at all

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1821030] Re: [To Be Filled By O.E.M., Realtek ALC662 rev1, Green Line Out, Rear] No sound at all

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1821508] Re: there is a lagging while i am accessing the software or browing

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1822736] Re: Passwords longer than 255 characters break authentication

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1822736 Title: Passwords longer than 255 characters break a

[Touch-packages] [Bug 1805316] Re: systemd 229-4ubuntu21.9 faulty - breaks the system!

*** This bug is a duplicate of bug 1804847 *** https://bugs.launchpad.net/bugs/1804847 I've marked this as a duplicate of bug #1804847 - please add any further comments to that bug instead. ** This bug has been marked a duplicate of bug 1804847 systemd=229-4ubuntu21.8 use of fchownat faile

[Touch-packages] [Bug 1828124] Re: org.gnome.evolution.dataserver.Source completely unveils account credentials in plain text while using dbus-monitor

>From a security PoV this is basic security by obscurity and effectively pointless - they are simply XORing each byte with a fixed value and then base64 encoding it - since the source code is public anyone can easily find this out and hence easily decode it - the only way to do this securely would

[Touch-packages] [Bug 1830629] Re: Errors when extracting ZIP files. It can not differentiate between files and directories

Thanks for reporting this issue - this would appear to have potential security implications, however as it is already public I see no reason to keep this private - if a CVE were to be assigned then this could be fixed via a security update by the security team, otherwise this would be fixed via the

[Touch-packages] [Bug 1842383] Re: openssl 1.1.1 memory overuse/leak

Thanks for reporting this issue - this sounds like it might be suitable as a StableReleaseUpdate - in particular the Regressions section https://wiki.ubuntu.com/StableReleaseUpdates#Regressions sounds relevant in this case. Could you please adapt this bug report following the template in https://wi

[Touch-packages] [Bug 1814596] Re: DynamicUser can create setuid binaries when assisted by another process

DynamicUser is only supported in systemd>=235 so this is not needed for xenial, only bionic and disco. ** Also affects: systemd (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Disco) Importance: Undecided Status: New -- You received this bu

[Touch-packages] [Bug 1848784] Re: Crash in Qt 5.12.2

This would appear to have security implications since I imagine if an email were sent to a KMail recipient which was crafted in this same way it would crash KMail? If this is likely true a CVE should be requested from MITRE via https://cveform.mitre.org/ so that other distros etc can ensure they sh

[Touch-packages] [Bug 1848784] Re: Crash in Qt 5.12.2

MITRE has assigned CVE-2019-18281 for this issue. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-18281 ** Changed in: qtbase-opensource-src (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a m

[Touch-packages] [Bug 1849920] Re: ubuntu display problem

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1830865] Re: Integer overflow in bson_ensure_space (bson.c:613)

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1830865 Title: Integer overflow in bson_ensure_space (

[Touch-packages] [Bug 1839415] Re: Fully user controllable lock file due to lock file being located in world-writable directory

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1839415 Title: Fully user controllable lock file due to

[Touch-packages] [Bug 1839795] Re: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1839795 Title: PID recycling enables an unprivileged use

[Touch-packages] [Bug 1839420] Re: Per-process user controllable Apport socket file

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1839420 Title: Per-process user controllable Apport sock

[Touch-packages] [Bug 1830862] Re: Apport reads arbitrary files if ~/.config/apport/settings is a symlink

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1830862 Title: Apport reads arbitrary files if ~/.config

[Touch-packages] [Bug 1839417] Re: Potentially existing (legitimate, root owned) lock file getting deleted by Apport daily cron(8) script

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1839417 Title: Potentially existing (legitimate, root ow

[Touch-packages] [Bug 1839413] Re: TOCTTOU ("time of check to time of use") "cwd" variable race condition

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1839413 Title: TOCTTOU ("time of check to time of use")

[Touch-packages] [Bug 1839418] Re: Partially user controllable lock file due to incorrect, too broad permissions

*** This bug is a duplicate of bug 1839415 *** https://bugs.launchpad.net/bugs/1839415 ** This bug has been marked a duplicate of bug 1839415 Fully user controllable lock file due to lock file being located in world-writable directory ** Information type changed from Private Security to P

[Touch-packages] [Bug 1839414] Re: Apport follows symbolic links in path components when creating core dump file

*** This bug is a duplicate of bug 1839413 *** https://bugs.launchpad.net/bugs/1839413 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu.

[Touch-packages] [Bug 1839420] Re: Per-process user controllable Apport socket file

** Description changed: Author: Sander Bos, Date: 2019-07-30 As defined in data/apport, when Apport thinks a crash originated in a container it will forward the crash handling to a /proc//root/run/apport.socket file, using /proc/ information from the

[Touch-packages] [Bug 1839417] Re: Potentially existing (legitimate, root owned) lock file getting deleted by Apport daily cron(8) script

*** This bug is a duplicate of bug 1839415 *** https://bugs.launchpad.net/bugs/1839415 Yes - marking this as a duplicate against LP #1839415 as noted by Seth earlier too. ** This bug has been marked a duplicate of bug 1839415 Fully user controllable lock file due to lock file being located

[Touch-packages] [Bug 1844853] Re: IBus no longer works in Qt applications after upgrade

@gunnarhj - updated packages for ibus are now available in the ubuntu- security-proposed PPA at https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa Also I note the bug descriptions lists ibus in Focal as Fix Released - but the latest version in focal (1.5.21-1~exp2ubuntu2) is the

[Touch-packages] [Bug 1452115] Re: Python interpreter binary is not compiled as PIE

** Bug watch added: Debian Bug tracker #919134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919134 ** Also affects: python via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919134 Importance: Unknown Status: Unknown -- You received this bug notification because you are a

[Touch-packages] [Bug 1835181] Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1834815] Re: usb mouse is not being detect

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1833479] Re: libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs

>From a security point of view, it is best if this issue is fixed not just in Ubuntu but other distributions - and the best way to ensure that is to get a CVE assigned for it. Has a CVE been applied for for this issue? If not, could you please submit one to MITRE and when one is assigned please rep

[Touch-packages] [Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling dif

[Touch-packages] [Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

Apologies for misinterpreting this issue when initially triaging it - I have re-marked it as Security. I notice from your linked bug report that this was still happening with the upstream code as of September 2016 - but upstream did not appear to engage on the issue. Can you confirm whether this ap

[Touch-packages] [Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

** Changed in: openldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handl

[Touch-packages] [Bug 1830863] Re: Integer overflow in parse_report (whoopsie.c:425)

** Attachment removed: "PoC.tar.bz2" https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830863/+attachment/5267311/+files/PoC.tar.bz2 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seed

[Touch-packages] [Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** Information type changed from Private Security to Public Security ** Attachment removed: "PoC.tar.bz2" https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830858/+attachment/5267305/+files/PoC.tar.bz2 -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1830863] Re: Integer overflow in parse_report (whoopsie.c:425)

** Branch linked: lp:~alexmurray/whoopsie/whoopsie -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1830863 Title: Integer overflow in parse_report (whoopsie.c:425) Status

[Touch-packages] [Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** Branch linked: lp:~alexmurray/apport/apport -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1830858 Title: TOCTOU vulnerability in _get_ignore_dom (report.py) Status in

[Touch-packages] [Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** Changed in: apport Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1830858 Title: TOCTOU vulnerability in _get_ignore_dom (report.py)

[Touch-packages] [Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3560 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1830858 Title: TOCTOU vulnerability in _get_ignore_d

[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically

Didier - could you please add some checks on the return values from the various open/dup2/execvl syscalls? Whilst currently I can't see a huge problem if these silently fail (open returns -1, dup2 then fails, or if dup2 fails anyway - then the only consequence is stdout/stderr is not silenced) I t

[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically

Thanks Didier, looks great :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in

[Touch-packages] [Bug 1812468] Re: package linux-firmware 1.173.3 failed to install/upgrade: installed linux-firmware package post-installation script subprocess returned error exit status 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1848784] Re: Crash in Qt 5.12.2

Removing the bionic task since the version in bionic is not affected (it doesn't contain the original vulnerability). ** No longer affects: qtbase-opensource-src (Ubuntu Bionic) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1853879] Re: Dell E310dw: Default driver doesn't work, driverless fails on sides=two-sided-long-edge

** Attachment added: "error_log" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1853879/+attachment/5309038/+files/error_log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/b

[Touch-packages] [Bug 1853879] Re: Dell E310dw: Default driver doesn't work, driverless fails on sides=two-sided-long-edge

I have the same problem with a Brother HL L2375-DW printer on Ubuntu 19.10. This was auto-detected and added to the GNOME Printers as 'Brother_HL_L2375DW_series' - if I print double sided (long-edge) using the then it prints the second page upside down (as though I had selected short-edge) - but s

[Touch-packages] [Bug 1853879] Re: Dell E310dw: Default driver doesn't work, driverless fails on sides=two-sided-long-edge

Let me know which of these PPDs to attach: $ ls -la /etc/cups/ppd/Brother_HL_L2375DW_series* -rw-r--r-- 1 root root 8499 Dec 1 17:14 /etc/cups/ppd/brother_hl_l2375dw_ser...@brw0c96e67e441e.local.ppd -rw-r- 1 root lp 8424 Dec 1 17:13 /etc/cups/ppd/brother_hl_l2375dw_ser...@brw0c96e67e441e

[Touch-packages] [Bug 1853879] Re: Dell E310dw: Default driver doesn't work, driverless fails on sides=two-sided-long-edge

** Attachment added: "attrs.txt" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1853879/+attachment/5309039/+files/attrs.txt -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/b

[Touch-packages] [Bug 1853879] Re: Dell E310dw: Default driver doesn't work, driverless fails on sides=two-sided-long-edge

** Attachment added: "brother_hl_l2375dw_ser...@brw0c96e67e441e.local.ppd" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1853879/+attachment/5309145/+files/Brother_HL_L2375DW_series%40BRW0C96E67E441E.local.ppd -- You received this bug notification because you are a member of Ubuntu Touc

[Touch-packages] [Bug 1853879] Re: Dell E310dw: Default driver doesn't work, driverless fails on sides=two-sided-long-edge

** Attachment added: "Brother_HL_L2375DW_series.ppd" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1853879/+attachment/5309146/+files/Brother_HL_L2375DW_series.ppd -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups

<    1   2   3   4   >