[ubuntu/trusty-proposed] snapd 2.31.1~14.04 (Accepted)

snapd (2.31.1~14.04) trusty; urgency=medium * New upstream release, LP: #1745217 - tests: multiple autopkgtest related fixes for 18.04 - overlord/snapstate: use spread in the default refresh schedule - timeutil: fix scheduling on nth weekday of the month - interfaces:

[ubuntu/trusty-updates] cups 1.7.2-0ubuntu1.9 (Accepted)

cups (1.7.2-0ubuntu1.9) trusty-security; urgency=medium * SECURITY UPDATE: Incorrect whitelist permits DNS rebinding attacks - debian/patches/CVE-2017-18190.patch: Don't treat "localhost.localdomain" as an allowed replacement for localhost, since it isn't - CVE-2017-18190 Date:

[ubuntu/trusty-updates] libvirt 1.2.2-0ubuntu13.1.26 (Accepted)

libvirt (1.2.2-0ubuntu13.1.26) trusty-security; urgency=medium * SECURITY UPDATE: resource exhaustion resulting in DoS - debian/patches/CVE-2018-5748.patch: avoid DoS reading from QEMU monitor in src/qemu/qemu_monitor.c. - CVE-2018-5748 * SECURITY UPDATE: Bypass authentication

[ubuntu/trusty-security] cups 1.7.2-0ubuntu1.9 (Accepted)

cups (1.7.2-0ubuntu1.9) trusty-security; urgency=medium * SECURITY UPDATE: Incorrect whitelist permits DNS rebinding attacks - debian/patches/CVE-2017-18190.patch: Don't treat "localhost.localdomain" as an allowed replacement for localhost, since it isn't - CVE-2017-18190 cups

[ubuntu/trusty-updates] chromium-browser 64.0.3282.167-0ubuntu0.14.04.1 (Accepted)

chromium-browser (64.0.3282.167-0ubuntu0.14.04.1) trusty; urgency=medium * Upstream release: 64.0.3282.167 - CVE-2018-6056: Incorrect derived class instantiation in V8. Date: 2018-02-14 11:28:11.920745+00:00 Changed-By: Olivier Tilloy Signed-By: Ubuntu

[ubuntu/trusty-updates] qemu 2.0.0+dfsg-2ubuntu1.39 (Accepted)

qemu (2.0.0+dfsg-2ubuntu1.39) trusty-security; urgency=medium * SECURITY UPDATE: DoS via guest ram block area - debian/patches/CVE-2017-11334-1.patch: use qemu_ram_ptr_length to access guest ram in exec.c. - debian/patches/CVE-2017-11334-2.patch: add lock parameter to

[ubuntu/trusty-security] libvirt 1.2.2-0ubuntu13.1.26 (Accepted)

libvirt (1.2.2-0ubuntu13.1.26) trusty-security; urgency=medium * SECURITY UPDATE: resource exhaustion resulting in DoS - debian/patches/CVE-2018-5748.patch: avoid DoS reading from QEMU monitor in src/qemu/qemu_monitor.c. - CVE-2018-5748 * SECURITY UPDATE: Bypass authentication

[ubuntu/trusty-security] qemu 2.0.0+dfsg-2ubuntu1.39 (Accepted)

qemu (2.0.0+dfsg-2ubuntu1.39) trusty-security; urgency=medium * SECURITY UPDATE: DoS via guest ram block area - debian/patches/CVE-2017-11334-1.patch: use qemu_ram_ptr_length to access guest ram in exec.c. - debian/patches/CVE-2017-11334-2.patch: add lock parameter to

[ubuntu/trusty-security] chromium-browser 64.0.3282.167-0ubuntu0.14.04.1 (Accepted)

chromium-browser (64.0.3282.167-0ubuntu0.14.04.1) trusty; urgency=medium * Upstream release: 64.0.3282.167 - CVE-2018-6056: Incorrect derived class instantiation in V8. Date: 2018-02-14 11:28:11.920745+00:00 Changed-By: Olivier Tilloy Signed-By: Chris Coulson

[ubuntu/trusty-updates] walinuxagent 2.2.21+really2.2.20-0ubuntu1~14.04.1 (Accepted)

walinuxagent (2.2.21+really2.2.20-0ubuntu1~14.04.1) trusty; urgency=medium * Backport bionic version to trusty. * Revert to an older upstream release: 2.2.20 (LP: #1749589). - Rename upstream tarball to 2.2.21+really2.2.20 to end up with a temporarily higher version number than