** Changed in: oem-priority
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1920724
Title:
Upgrade focal/libjcat to version 0.1.3-2 and MIR it
To manage n
This bug was fixed in the package libjcat - 0.1.3-2~ubuntu20.04.1
---
libjcat (0.1.3-2~ubuntu20.04.1) focal; urgency=medium
* no change rebuild in focal (LP: #1920724)
libjcat (0.1.3-2) unstable; urgency=medium
* Remove unused {shlibs:Depends}
libjcat (0.1.3-1) unstable; urgenc
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1920724
Title:
Upgrade focal/libjcat to version 0.1.3-2 and MIR it
To manage noti
verified pass with fwupd 1.5.11-0ubuntu1~20.04.2 per lp:1934209
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
** Changed in: oem-priority
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs
In the meantime, since the security team is aware, I have promoted the
packages in focal-proposed to main:
Override component to main
libjcat 0.1.3-2~ubuntu20.04.1 in focal: universe/misc -> main
gir1.2-jcat-1.0 0.1.3-2~ubuntu20.04.1 in focal amd64:
universe/introspection/optional/100% -> main
gi
Thank you, I'll follow up the verification part.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1920724
Title:
Upgrade focal/libjcat to version 0.1.3-2 and MIR it
To manage notifications about this
Not a big fan of the debian/changelog entry selected, but I think it'll
do.
** Changed in: libjcat (Ubuntu Focal)
Status: In Progress => Fix Committed
** Tags added: verification-needed verification-needed-focal
--
You received this bug notification because you are a member of Ubuntu
Bug
** Changed in: libjcat (Ubuntu Focal)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1920724
Title:
Upgrade focal/libjcat to version 0.1.3-2 and MIR it
To manage no
root@focal:~# reverse-depends libjcat1
Reverse-Depends
* fwupd
* gir1.2-jcat-1.0
* jcat
* libfwupd2
* libfwupdplugin1
* libjcat-dev
* libjcat-tests
I don't have a strong opinion on whether backporting just the CVE fix or
doing a wholesale backport of 0.1.3-2 is the better option - it depends
on ho
On impish:
$ apt-cache rdepends libjcat1
libjcat1
Reverse Depends:
...
fwupd
...
I will be similar on focal if the fwupd in the proposed channel is
installed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
Ok, when I started writing this comment I actually changed my mind. So
orignally I thought we should just cherry-pick the fix, but seeing that
we now ACTUALLY have jcat in main (probably because of fwupd?), maybe we
should just backport 0.1.3-2 and get it promoted.
That being said, I think the sec
per check history of fwupd 1.3.x in focal, we do have a change history that
includes CVE-2020-10759
The logic in the CVE has been moved to jcat after fwupd 1.4.x. Given so it
seems reasonable either to SRU jcat 0.1.3 with the patch for the CVE, or we
include the patch to jcat 0.1.0 in focal.
Re
background:
- the CVE involved seems to be an low impact one [1]
- we never use fwupd + jcat 0.1.0-2 in any ubuntu release. given there
are some other changes between 0.1.0 and 0.1.3, it's harder for us
to tell if testing coverage is good enough or not given we didn't involve
those signing de
fwupd actually built fine without new libjcat, so not sure if we
actually need to upgrade it. Arguably there seems to be a CVE in the old
version and a couple of bug fixes that might be worthwhile anyway.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subs
** Description changed:
+ [Impact]
+ Needed for fwupd 1.5.11
+
+ [Test plan]
+ It has a test suite and fwupd uses it, so testing fwupd tests it to some
extend
+
+ [Where problems could occur]
+ fwupd could break on regressions. Then again, this is a straight backport and
it's fairly small.
+
** Description changed:
per lp:1920723, we need to upgrade focal/lib cat to version 0.1.3-2 (as
in groovy) from version 0.1.0-2.
libjcat in focal is in universe, we need to MIR it.
ppa for upgrade libjcat in focal: https://launchpad.net/~ycheng-
twn/+archive/ubuntu/f5
[Availab
** Description changed:
per lp:1920723, we need to upgrade focal/lib cat to version 0.1.3-2 (as
in groovy) from version 0.1.0-2.
libjcat in focal is in universe, we need to MIR it.
ppa for upgrade libjcat in focal: https://launchpad.net/~ycheng-
- twn/+archive/ubuntu/f2
+ twn/+archiv
** Also affects: libjcat (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: libjcat (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/192
** Description changed:
per lp:1920723, we need to upgrade focal/lib cat to version 0.1.3-2 (as
in groovy) from version 0.1.0-2.
libjcat in focal is in universe, we need to MIR it.
ppa for upgrade libjcat in focal: https://launchpad.net/~ycheng-
- twn/+archive/ubuntu/f4
+ twn/+archiv
** Information type changed from Proprietary to Public
** Also affects: libjcat (Ubuntu)
Importance: Undecided
Status: New
** Changed in: oem-priority
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
20 matches
Mail list logo