Sorry, I did mean "to be updated".
To clarify what I meant by the duplicate update issue, I have attached
another screenshot.
The python3-pip package is showing in the "Other updates" section and also in
the (disabled) Ubuntu Pro security updates section. It's the same versions in
both sections
I've now installed 4:20.69
Unfortunately, it's showing duplicate entries for updated packages that
are in upstream ESM and also in our staged repos. The highlighted
package in the screenshot is also one of the "Python package installer"
updates in the "Other updates" section. I think that's going
I don;t think we've pinned it - it's just not seeing the +esm3 package:
# apt policy python2.7-minimal
python2.7-minimal:
Installed: 2.7.18-1~20.04.4+esm2
Candidate: 2.7.18-1~20.04.4+esm2
Version table:
*** 2.7.18-1~20.04.4+esm2 500
500 http://landscape.nowhere.com/repository/standa
Morning Nathan,
apt wasn't offering the python2-minimal patch:
# apt list --upgradable
Listing... Done
google-chrome-stable/stable 129.0.6668.89-1 amd64 [upgradable from:
128.0.6613.113-1]
krb5-locales/devclient-focal-staging-updates,devclient-focal-staging-updates
1.17-6ubuntu4.7 all [upgradab
I think I know why the Python2.7 packages are showing like that.
In the current cut of our ESM Landscape staged repos, we have Python
2.7.18-1~20.04.4+esm2, but version 2.7.18-1~20.04.4+esm3 is available
directly from upstream ESM, even though ESM isn't enabled in UA pro.
That's the same behaviou
** Attachment added: "Standard package"
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2083081/+attachment/5823738/+files/update-manager%201%3A20.04.10.21.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
** Attachment added: "update-manager 4:20.66.png"
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2083081/+attachment/5823739/+files/update-manager%204%3A20.66.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
Nathen,
I've tested your patch on my laptop (used for the original report above)
and there's definitely an improvement, however the prompt to enable
still shows. See attached screenshots of standard vs your version
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
# ua security-status --format=json | jq .
{
"_schema_version": "0.1",
"livepatch": {
"fixed_cves": []
},
"packages": [
{
"download_size": 1274208,
"origin": "esm.ubuntu.com",
"package": "python2.7-minimal",
"service_name": "esm-apps",
"status": "pending
I reviewed rpds-py 0.20.0-0ubuntu3 as checked into oracular. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
> rpds.py: Python bindings to the Rust rpds crate for persistent data
> structures
- CVE History
- None
- overflow reported (issue #86 PR #87)
Thanks Mark, Nitin, and Seth.
Since this is going to OEM, a Main Inclusion Review and Security's review seem
to no longer be needed.
Nonetheless, the packaging around the binaries looks alright. (The binaries
could contain anything of course.) A root privileged systemd service runs FCC
u
Public bug reported:
http-parser has been deprecated [0] for llhttp [1] in libgit2.
http-parser is unmaintained. There is nobody writing security patches
for http-parser. It should be removed as a libgit2 dependency and then
removed from the main archive.
Note http-parser's MIR clause [2]:
Se
I've noticed on Ubuntu 24.04 this appears to occur due to a mismatch
between how Xorg blanks the screen and the configuration gnome-settings-
daemon applies.
If you go into GSD -> Power -> Screen Blank and set it to "Never", then
go to Privacy & Security -> Blank Screen Delay -> Never, xset q stil
For the 8 non-kernel cves, I matched our internal priority to NVDs CVSS ratings
when higher.
https://git.launchpad.net/ubuntu-cve-tracker/commit/?id=ef4355cdd0cb2677d21681b42615d7208eb0c187
** Information type changed from Private Security to Public Security
--
You received this bug notificatio
No objections from me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+b
The Ubuntu Security Team is leaning towards this needing to be part of
the OEM Archives instead of restricted.
Does that seem appropriate to others?
https://github.com/canonical/ubuntu-mir/blob/main/exceptions/OEM.md
https://wiki.ubuntu.com/OEMArchive
--
You received this bug notification becau
Done! Nice write-up Rory :D
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067613
Title:
CVE-2024-5290 : Fix loading of arbitrary shared objects
To manage notifications about this bug go to:
https:
For GPU+OpenCL through ROCm. That particular machine only uses it for
the graphics driver, but others will get the error when they get the
latest kernel on 24.04.1 LTS.
I don't know if mixing Ubuntu amdgpu with ROCm libraries from amdgpu-
install script will work. Is there another way?
--
You re
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2080290
Title:
tools/power/cpupower: Fix Pstate frequency reporting on AMD Family
1Ah CPU
Public bug reported:
The following information was taken from (1) the command line after
package updates and (2) make.log
These errors occurred after updating the Linux kernel packages to 6.8.0-44
through the package:
linux-image-generic-hwe-24.04
amdgpu is installed from repo.radeon.com:
deb [
Thanks! Updated description.
** Description changed:
> Currently, -fhardened enables:
>
> -D_FORTIFY_SOURCE=3 (or =2 for older glibcs)
> -D_GLIBCXX_ASSERTIONS
- > -ftrivial-auto-var-init=pattern
+ > -ftrivial-auto-var-init=zero
> -fPIE -pie -Wl,-z,relro,-z,now
> -fstack-
** Description changed:
> Currently, -fhardened enables:
>
> -D_FORTIFY_SOURCE=3 (or =2 for older glibcs)
> -D_GLIBCXX_ASSERTIONS
> -ftrivial-auto-var-init=pattern
> -fPIE -pie -Wl,-z,relro,-z,now
> -fstack-protector-strong
> -fstack-clash-protection
> -fcf-protec
** Also affects: gcc-14 (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: gcc-14 (Ubuntu Kinetic)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972043
Title:
Please add -f
Public bug reported:
> Currently, -fhardened enables:
>
> -D_FORTIFY_SOURCE=3 (or =2 for older glibcs)
> -D_GLIBCXX_ASSERTIONS
> -ftrivial-auto-var-init=pattern
> -fPIE -pie -Wl,-z,relro,-z,now
> -fstack-protector-strong
> -fstack-clash-protection
> -fcf-protection=full (x86 GNU/Li
Public bug reported:
Full RELRO is only used when PIE is (i.e., it is not being used for
libraries).
Full RELRO has the advantage of making the Global Offset Table (GOT) read-only,
which prevents GOT overwrite attacks. This requires resolving all dynamic
symbols at program startup, instead of la
** Also affects: gcc-14 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2016042
Title:
Please add -D_GLIBCXX_ASSERTIONS to default build flags
To
** Changed in: gcc-13 (Ubuntu)
Milestone: ubuntu-24.04 => None
** Package changed: gcc-13 (Ubuntu) => gcc-14 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2040321
Title:
Please add -mb
Public bug reported:
wifi login not recalling password used. asks for password after sleep or
idle time - not storing password entered or else not recalling the
stored password entered for any user.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: ubuntu-release-upgrader-core 1:24.04.22
Pro
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077445
Title:
CVE-2024-40724
To manage notifications about this bug go to:
https:
Do you have unattended upgrades enabled?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073423
Title:
thunderbird from mozilla ppa repeatedly replaced by snap
To manage notifications about this bug
*** This bug is a duplicate of bug 2054761 ***
https://bugs.launchpad.net/bugs/2054761
I ran into this problem recently while upgrading from Ubuntu 22.04.04
LTS to 24.04, although mine is little more severe. I'm missing
/etc/resolv.conf (which typically links to /run/systemd/resolve/stub-
res
This issue was reported publicly to https://lore.kernel.org/linux-
wireless/caov16xesck0-smenjfxvwikqogbj4pqwa2dvjbvwq-g+ntv...@mail.gmail.com/T/#u
Therefore, I am making this bug report public as well.
The new report claims that "Debian systems are not affected.".
If Ubuntu is truly the only di
mutter --version
mutter 46.2
I am still experiencing the issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2026194
Title:
When clicking on some maximized or tiled windows, focus on roughly the
Public bug reported:
Problems with jack detection.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: alsa-base 1.0.25+dfsg-0ubuntu7
ProcVersionSignature: Ubuntu 6.5.0-41.41~22.04.2-generic 6.5.13
Uname: Linux 6.5.0-41-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
Audio
Can an owning team (Desktop?) verify that they will own
https://github.com/Vladimir-csp/xdg-terminal-exec ?
There are several current MIRs without owning teams. There _should_ be
an owning team before Security invests time reviewing a package.
--
You received this bug notification because you ar
Please use Ubuntu Security Team (~ubuntu-security) for MIR tasks.
Security Engineering is not part of (and does not monitor) the Canonical
Security Team (~canonical-security).
** Changed in: lenovo-wwan-unlock (Ubuntu)
Assignee: Canonical Security Team (canonical-security) => Ubuntu Security
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24791
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45283
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2072883
T
Public bug reported:
encountered while runnuing do-release-upgrade from 22.04 to 24.04
ProblemType: Package
DistroRelease: Ubuntu 24.04
Package: grub-efi-amd64-signed 1.202+2.12-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-113.123-generic 5.15.152
Uname: Linux 5.15.0-113-generic x86_64
ApportVers
Google has assigned CVE-2024-6284 to describe this issue. Many thanks to
Michael from upstream for the assignment and to Cyril for raising the
need \o/
The fix for https://github.com/google/nftables/issues/225 is
https://github.com/google/nftables/commit/d746ecb0e494e7200180c3886fde9664d9100729
*
Please refer to this issue as CVE-2024-6388.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6388
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068944
Title:
ubuntu-advantage-des
https://bugs.launchpad.net/bugs/2070096
Same problem?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2070960
Title:
Screen flashes black every few minutes on Lenovo Z13
To manage notifications abou
Update: The problem occurred again with the changed firmware, so please ignore
my earlier message about the firmware.
I will run with the older 6.5.0-1023-oem for now to see if it works.
Hi,
I believe the blank screen always corresponds with a dmesg entry:
*ERROR* link_enc_cfg_validate: Invalid link encoder assignments - 0x1c
This is not necessarily accompanied by a call trace.
It appears my hardware is similar to nikhilkaushik, they're both fairly
new thinkpads (AMD)
I have
I'm having similar issues - the PCIe device in question seems to be the
wireless card in my case. Every now and then my system (Dell Optiplex
3050) will lock up entirely; no app hosting, no SSH, no anything, and
only a forced reboot will fix it - for a while, before it locks up
again. Syslog has a
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067973
Title:
A series of infinite loop vulnerabilities in the os_ken
To manage n
Marking public https://ubuntu.com/security/CVE-2022-30333
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30333
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscrib
Cyril, upstream has agreed to assign a CVE. That will alert the Go
ecosystem and distros to the issue and fix \o/
I will update you when I learn more.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/206
Presumably via /usr/bin/runc.
```
# ldd /usr/bin/runc
linux-vdso.so.1 (0x003940e63000)
libseccomp.so.2 => /lib/riscv64-linux-gnu/libseccomp.so.2
(0x003940e3a000)
libc.so.6 => /lib/riscv64-linux-gnu/libc.so.6 (0x003940cba000)
/lib/ld-linux-riscv64-lp64d.
I confirm that this also affects Noble.
If libseccomp2 is >= 2.55, then Docker must be >= 25.0.3.
I looked at fixing the Docker profile, and this works for `docker run`,
but `docker build` always uses the build-in/default profile, so it's a
limited workaround.
--
You received this bug notificat
Thank you for taking the time to report this Cyril.
Do you know if Google intends to assign a CVE?
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.laun
Is Ubuntu affected by default or is this an administrative choice?
https://www.openwall.com/lists/oss-security/2024/05/30/3
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Ooo, interesting. If I use the `Papirus` icon theme, then thunderbird
gets its icon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068831
Title:
Thunderbird icon missing in panel of Cinnamon
To ma
Dist-upgrade from early release of 22.04 to 23.10 then to 24.04.
Thunderbird DEB package replaced by SNAP package in the process.
If I search for Thunderbird and pin it, then there's an icon in Grouped Window
List. If I click the icon, it opens new window without an Icon in the Grouped
Window Li
Andreas asked that I re-verify that Ubuntu Security wishes to make this
change through SRU. We do.
Since the regression was inherited from sid, it feels most appropriate
to SRU a change into -updates. Also, since a working 5.6 patch for
CVE-2019-14318 does not exist we do not have a fix for the se
Marking this as invalid, since devel is not affected. Only focal is
affected.
** Package changed: libcrypto++ (Ubuntu) => ubuntu
** Changed in: ubuntu
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
I did some analysis
[here](https://github.com/ocaml/infrastructure/issues/121).
libseccomp needs to be >= 2.55 and Docker >= 25.0.3 and then this issue
goes away. Without these the system call `fchmodat2` return EPERM
rather than `ENOSYS`.
** Bug watch added: github.com/ocaml/infrastructure/issu
SyncthingPanelIcon@file:///home/mark/.local/share/gnome-shell/extensions/syncth...@gnome.2nv2u.com/extension>
_init@file:///home/mark/.local/share/gnome-shell/extensions/syncth...@gnome.2nv2u.com/extension.js:456
Sounds good!
The impact does sound low. Mostly I recommend CVEs if you want to make
sure that downstreams apply a security patch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/129133
Title:
Hi @zyw o/
_If_ your project wants, I'm happy to assign and publish a CVE for this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/129133
Title:
mc uses predictable temp directory path
To m
*** This bug is a duplicate of bug 1987842 ***
https://bugs.launchpad.net/bugs/1987842
Please refer to this issue as CVE-2022-4968.
Marking this bug as a duplicate to
https://bugs.launchpad.net/netplan/+bug/1987842
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4968
** In
Public bug reported:
previous non lts upgrades have all completed. This upgrade fails and
their is no specific information in the logs which I could interpret.
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: ubuntu-release-upgrader-core 1:23.10.14
ProcVersionSignature: Ubuntu 6.5.0-26.26-g
Focal (20.04) and Jammy (22.04) swaylock versions are affected
https://ubuntu.com/security/CVE-2022-26530
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26530
** Information type changed from Private Security to Public Security
--
You received this bug notification because yo
Public bug reported:
I have a 2x1 KVM switch between my work laptop (win10) and my Ubuntu
24.04 (noble) desktop.
When I switch from Ubuntu to the work laptop - whether I have locked the
screen or not - the Ubuntu session logs me out.
I had originally thought it was rebooting the desktop, but usi
This bug affects me on 24.04 noble too.
It did not on 23.10.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721428
Title:
Artful (17.10) Session logout after screen turned off
To manage notificati
Same behaviour across CentOS 7.9.2009 on AWS
** Also affects: centos
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2020212
Title:
/proc//stat doesn't upd
Ubuntu LTS 22.04.4
I ran Deku's script, from message 102 above:
sudo apt install -y --allow-downgrades \
gir1.2-mutter-10=42.9-0ubuntu7vv1 \
mutter-common=42.9-0ubuntu7vv1 \
libmutter-10-0=42.9-0ubuntu7vv1;
That cleared things up, no lag / MetaSyncRing errors, but Ubuntu now
wants to re-upgrade
Thanks Deku.
With just a very quick test (applied then rebooted), the snippet posted
above seems to be working for me with Ubuntu 22.04.4 LTS.
I had to add the apt option --allow-downgrades
Mark
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Hey folks,
I think we may have encountered this or a variant of this while running
extremely strenuous Ceph performance tests on a very high speed cluster
we designed for a customer. We have a write-up that includes a section
on needing to disable iommu here:
https://ceph.io/en/news/blog/2024/ce
*** This bug is a duplicate of bug 1875062 ***
https://bugs.launchpad.net/bugs/1875062
This bug is back in 24.04 (noble).
Same issue - Set the keyboard to UK at install, but the keyboard used is US
layout so special characters e.g. # & £ are transposed, and therefore doesn't
work at first lo
*** This bug is a duplicate of bug 2045931 ***
https://bugs.launchpad.net/bugs/2045931
Ack, thanks for the explanation.
** Tags added: regression-security regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://
@vorlon answered why in
https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/2046084/comments/7
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046116
Title:
bluetooth device connected but not reco
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064966
Title:
"accept_source_route" enabled by default in 24.04
To manage notific
@vanvugt, @vorlon, why is this marked as a regression?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046116
Title:
bluetooth device connected but not recognised as output device
To manage notifica
*** This bug is a duplicate of bug 2045931 ***
https://bugs.launchpad.net/bugs/2045931
This is not a security regression. This is upstreams fix to prevent
https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md
If you wish to to enable legacy devices (and the vulnerability) with t
** Description changed:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian
** Description changed:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian
Public bug reported:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian only packaged 5.6.4-
** Attachment added: "main.cpp"
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751/+attachment/5774479/+files/main.cpp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064751
Title:
** Patch added: "libcrypto++_5.6.4-9ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751/+attachment/5774481/+files/libcrypto++_5.6.4-9ubuntu1.debdiff
** Also affects: libcrypto++ (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this b
If you compile tar from scratch within the Docker container, then you do
not see the error.
```
wget https://ftp.gnu.org/gnu/tar/tar-1.35.tar.gz
tar -xzf tar-1.35.tar.gz
```
Ignore the errors from the tar process :-)
```
apt install build-essential libacl1-dev -y
cd tar-1.35
FORCE_UNSAFE_CONFIGU
This also affects ppc64le Docker images. These commands work fine on
x86_64, arm64 and s390 but fail on POWER9.
```
docker run -it --rm ubuntu:noble
apt-get -y update
apt install -y wget
cd /tmp
wget a-tar-file-of-your-choice.tar.gz
tar -xzf a-tar-file-of-your-choice.tar.gz
```
Error message:
.
This has been addressed in the LXD snaps 5.21/stable
(https://github.com/canonical/lxd-pkg-snap/commit/764ee08b) and 5.0/edge
(https://github.com/canonical/lxd-pkg-snap/commit/bfe4270e).
All LXD software before version 4 are not affected.
Jammy, Mantic, and Noble do not have debs. Focal's deb is
This impacts all arm64 installs, not just raspberry pi.
The MIR for qrtr and protection-domain-mapper [0] was requested late in
the Mantic cycle and was only approved by Security since it was promised
to only be used for x13s hardware enablement. Hopefully Qualcomm IPC is
only enabled for x13s ker
Public bug reported:
When I use the new (24.04) settings and 'Online Accounts' to connect to
Microsoft 365, it authenticates, works well for about 5 minutes and then
disconnects.
I have to remove that account and redo it every time I want to use it.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Can we get the system config details please - CPU, GPU in particular. Also
confirm if WWAN is enabled
Which dock is being used?
Can you confirm if AMT is enabled or not in the BIOS?
We've seen issues with AMT enabled with the TBT dock, especially with
networking.
Will look to reproduce the issu
Public bug reported:
1.
No LSB modules are available.
Description:Ubuntu 24.04 LTS
Release:24.04
2.
feh:
Installed: 3.10.1-1build3
Candidate: 3.10.1-1build3
Version table:
*** 3.10.1-1build3 500
500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
http-parser has been deprecated [0] for llhttp [1] in libgit2 \o/
[0] https://github.com/libgit2/libgit2/issues/6074
[1] https://github.com/libgit2/libgit2/pull/6713
** Bug watch added: github.com/libgit2/libgit2/issues #6074
https://github.com/libgit2/libgit2/issues/6074
--
You received thi
Thank you!
This was mistriaged as not affecting Ubuntu, which has been corrected:
https://git.launchpad.net/ubuntu-cve-
tracker/commit/?id=83e00d6f10a8f7a234751a97f87a62c88d0143cb
I have messaged Debian Security to track this as well.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=
** Changed in: jq (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063014
Title:
CVE-2023-50246 and CVE-2023-50268
To manage notifications about this bug g
CVE-2023-50246 only affects jq >= 1.7 until 1.7.1. That issue was
introduced with cf4b48c7ba30cb30e116b523cff036ea481459f6. Mantic (23.10)
has jq version 1.6-3 and Noble (24.04) has 1.7.1-3build1. This is why
unaffected versions are labeled as "Not vulnerable (code not present)"
on https://ubuntu.c
I reviewed libyuv 0.0~git202401110.af6ac82-1 as checked into noble. This
shouldn't be considered a full audit but rather a quick gauge of
maintainability.
libyuv is an open source project that includes YUV scaling and
conversion functionality.
- CVE History:
- none
- open bug reports are not
** Tags added: sec-4083
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061750
Title:
[MIR] python-s3transfer as indirect dependency of simplestreams
(simplestreams -> python-boto3 -> python-s3tran
** Tags added: sec-4084
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061751
Title:
[MIR] python-botocore as indirect dependency of simplestreams
(simplestreams -> python-boto3 -> python-s3transf
** Tags added: sec-4082
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061217
Title:
[MIR] python-boto3 as a dependency of simplestreams
To manage notifications about this bug go to:
https://bugs.l
Thanks! That's the detail I was hoping for. (In the meantime I found
that "pandoc --from gfm --to html" did just as good a job and swapped
over to it, so I am no longer personally concerned about the package
itself.)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Public bug reported:
$ apt-cache show grip
N: Unable to locate package grip
E: No packages found
Jammy/22.04 had grip_4.2.0-3_all.deb "Preview GitHub Markdown files like
Readme locally". (Not the ancient gnome cd player/ripper app.) Didn't
see any bugs here about the package being dropped. No
Hello, the MIR process says any MIRs assigned to the security team after
the Beta Freeze deadline need to be discussed with the Director of
Security Engineering:
For a MIR to be considered for a release, it must be assigned to the
Security team (by the MIR team) before Beta Freeze. This do
Dag,
Can you confirm you mean 24.04 and not 22.04, please?
On Mon, 15 Apr 2024 at 17:25, Dag Bjerkeli <1875...@bugs.launchpad.net>
wrote:
> I've just tested this, and can confirm that there is a bug regarding
> keyboard layout in 22.04 beta. As this time the error also appears when
> you select
Hi guys,
I'm sorry to say that this bug is back in 24.04 Beta.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875062
Title:
[20.04] Keyboard layout changes during installation before typing
usern
There is a strong chance that
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/1893934 is
related to the incomplete CVE-2019-14318 patch regression.
I plan to propose an SRU to effectively downgrade this regressed package
to 5.6.4-8.
Please see https://github.com/weidai11/cryptopp/issue
1 - 100 of 14073 matches
Mail list logo
