Hi chuegen,
As cacti is in the universe component of the repository, it is community
maintained and therefore there is no timeframe as to when such a package
will be patched in Ubuntu nor any clear indication if a community member
is working on this at this time.
You can see the status of this
Hi Daniel
In Ubuntu we generally do not upgrade to new package versions to fix
security issues but instead backport the individual fixes. As such you
should not expect to see say apache 2.4.56 in Ubuntu 23.04. Instead we
just add the minimal change needed to fix the vulnerability on top of
the
Hi Robert
On Fri, 2023-01-20 at 19:24:19 +0100, Robert Landers wrote:
> Hello,
>
> I could not, for the life of me, figure out how to report a bug or
> request a package to be updated (other than emailing this list or
> getting on IRC). But thought I'd give this a try.
The easiest way to report
Hi
Thanks for reporting this issue - in general it is better to report bugs
via launchpad than email (e.g. by running the following command (without
the quotation marks) in a terminal: "ubuntu-bug ntfs-3g" or by
https://bugs.launchpad.net/ubuntu/+source/ntfs-3g/+filebug)
I notice you also appear
Hi folks,
I'm Alex Murray (alexmurray on Launchpad/amurray on IRC) and have been a
part of the Ubuntu community as a long-time user and enthusiast since
back in 2006. In 2018 I was privileged to join Canonical as the Ubuntu
Security Tech Lead and have worked as part of that amazing team ever
On Thu, 2022-11-03 at 10:11:59 +, Benjamin Drung wrote:
> On Wed, 2022-11-02 at 18:15 +0100, Alex Murray wrote:
>> On Wed, 2022-11-02 at 15:23:08 +, Benjamin Drung wrote:
>>
>> > Hi everyone,
>> >
>> > adduser 3.123 (in Debian) changed the de
On Wed, 2022-11-02 at 15:23:08 +, Benjamin Drung wrote:
> Hi everyone,
>
> adduser 3.123 (in Debian) changed the default mode for normal users
> (DIR_MODE) from 0755 to 0700. The default mode for system user
> (SYS_DIR_MODE) stayed untouched at 0755. See [1] and [2] for a
> reasoning.
>
>
of the releases at the time of review (see the
> details in the link).
>
>
>
> --
>
> Thomas
>
>
> [1]: https://rsync.samba.org/security.html
> [2]: https://ubuntu.com/security/CVE-2022-37434
> [3]: https://ubuntu.com/security/CVE-2022-29154
>
>
> ___
Hi
In Ubuntu we generally do not upload new versions of packages once a
particular Ubuntu release is made. Instead when a security bug (CVE) is
announced, if the version of the particular package in that Ubuntu
release is affected, the security team will backport the patch which
fixes the bug to
Hi Josh,
The Ubuntu Security team endeavours to support the various packages in
each Ubuntu release for the lifetime of the Ubuntu release itself,
regardless of corresponding upstream project's release / support cycles.
In this case, even though upstream RabbitMQ will be ending support for
On Mon, 2022-05-23 at 10:04:17 -0300, Andreas Hasenack wrote:
> Hi,
>
> On Mon, May 16, 2022 at 2:34 PM Andreas Hasenack
> wrote:
>
>> Removing isc-dhcp would also allow us to reduce the need of old compat
>> src:bind9-libs package, probably even drop it.
>
> I just learned that upstream is now
On Mon, 2022-05-16 at 15:11:27 -0700, Brian Murray wrote:
> On Fri, May 13, 2022 at 10:29:30AM +0930, Alex Murray wrote:
>> On Thu, 2022-05-12 at 13:38:38 -0700, Brian Murray wrote:
>>
>> > The Ubuntu Error Tracker receives crash reports from all releases of
>&
On Thu, 2022-05-12 at 13:38:38 -0700, Brian Murray wrote:
> The Ubuntu Error Tracker receives crash reports from all releases of
> Ubuntu which are not out of standard support. These crash reports are
> then aggregated into buckets where some meta-information (package
> version and release of
On Tue, 2022-05-03 at 10:48:21 -0400, Ken Mandelberg wrote:
> All the other packages for bacula (director, sd) are available but not
> bacula-fd. bacula cannot run without it.
It seems it was removed during the jammy development cycle as it failed
to build from source:
FYI - updates to remediate this for Ubuntu 20.04 LTS and Ubuntu 21.10
were published earlier via USN-5316-1
https://ubuntu.com/security/notices/USN-5316-1
Thanks,
Alex
On Mon, 2022-03-07 at 13:14:12 +1030, Alex Murray wrote:
> Hi Reginaldo,
>
> I am taking a look at this now for Ubu
Hi Reginaldo,
I am taking a look at this now for Ubuntu (note as redis is in universe
it is community maintained but since this is a relatively trivial fix
and you are planning to release a PoC exploit I have taken this on
myself).
Thanks,
Alex
On Thu, 2022-03-03 at 16:21:19 -0300, Reginaldo
Hi Jeff
On Fri, 2021-12-10 at 15:53:51 -0500, Jeffrey Walton wrote:
> Hi Everyone,
>
> Has Ubuntu pushed a patch for the log4j rce that was dropped earlier today?
>
> At work, we think we are seeing activity due to zero day. But I am not
> sure the servers are fully patched at the moment.
>
>
On Tue, 2021-02-16 at 20:04:58 +1030, Matthias Klose wrote:
On 2/15/21 3:17 AM, Alex Murray wrote:
Hi Michael,
For Ubuntu we try and take an approach where we want as much code that
is compiled for and *on* Ubuntu to try and take advantage of the various
toolchain hardening options
On Tue, 2021-02-16 at 20:04:58 +1030, Matthias Klose wrote:
On 2/15/21 3:17 AM, Alex Murray wrote:
Hi Michael,
For Ubuntu we try and take an approach where we want as much code that
is compiled for and *on* Ubuntu to try and take advantage of the various
toolchain hardening options
Hi Michael,
For Ubuntu we try and take an approach where we want as much code that
is compiled for and *on* Ubuntu to try and take advantage of the various
toolchain hardening options that are available. This gives end-users
the most protection with the least amount of work.
In some cases
Hi Dmitriy
Can you please file a bug via launchpad against the intel-microcode
package?
The easiest way to do this is to run the following command in a
terminal on a machine which is experiencing this issue:
ubuntu-bug intel-microcode
This will then collect various information about the
to reply to avoid splitting the discussion.
There's also a cross-post to
https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533
HTH,
Robie
- Forwarded message from Alex Murray
-
Date: Thu, 26 Nov 2020 13:00:52 +1030
From: Alex Murray
To: ubuntu-devel-disc
encounter any significant issues :)
On Fri, 2020-11-27 at 16:40:48 +1030, Alex Murray wrote:
On Fri, 2020-11-27 at 03:39:36 +1030, Dimitri John Ledkov wrote:
On Thu, Nov 26, 2020 at 2:31 AM Alex Murray
wrote:
setfacl -m u:libvirt-qemu:rx $HOME
Similar to above for qemu are there similar
On Fri, 2020-11-27 at 03:39:36 +1030, Dimitri John Ledkov wrote:
> On Thu, Nov 26, 2020 at 2:31 AM Alex Murray wrote:
>>
>> setfacl -m u:libvirt-qemu:rx $HOME
>>
>
> Similar to above for qemu are there similar setfacl commands, would
> something similar be
Hi folks,
After more than 14 years[1] of debate, I propose that it is time we
moved ahead and stopped creating home directories as world-readable on
Ubuntu for hirsute onwards. The old arguments from the bug referenced in
[1] mainly centered on the convenience of this feature when considered
in
On Thu, 2020-06-18 at 03:00:35 +0930, Marc Deslauriers wrote:
> On 2020-06-16 8:40 p.m., Matthew Ruffell wrote:
>> Hello!
>>
>> I am proposing that we enable the CONFIG_SECURITY_DMESG_RESTRICT [1] feature
>> by
>> default for Groovy onward.
>>
This sounds like a great (and long overdue)
On Wed, 2020-03-04 at 03:49:39 +1030, Robie Basak wrote:
> On Tue, Feb 25, 2020 at 09:09:24AM -0800, Steve Langasek wrote:
>> Thanks, it's easy enough to back out later (as long as someone actually
>> raises a flag when things break!), so I'm ok with that.
>
> bacula's various postinsts (at
On Wed, 2019-10-23 at 21:51:27 +1030, Robert Loehning wrote:
> Am 23.10.19 um 09:29 schrieb Alex Murray:
>>
>> On Wed, 2019-10-23 at 17:32:58 +1030, Robert Loehning wrote:
>>
>>> Am 22.10.19 um 18:41 schrieb Dmitry Shachnev:
>>>> Hi again Robert,
&g
On Wed, 2019-10-23 at 17:32:58 +1030, Robert Loehning wrote:
> Am 22.10.19 um 18:41 schrieb Dmitry Shachnev:
>> Hi again Robert,
>>
>> On Fri, Oct 18, 2019 at 02:14:01PM +, Robert Loehning wrote:
>>> Hi,
>>>
>>> every application based on Qt will crash when opening a crafted plain
>>> text
Hi,
The security and foundations teams have been working to enable a couple
new hardening options in GCC as default for eoan / 19.10. These are
-fstack-clash-protection and -fcf-protection.
-fstack-clash-protection causes GCC to instrument variable-length stack
allocations so that each page is
On Wed, 2019-05-15 at 02:42:56 +0930, Dan Streetman wrote:
> in Ubuntu, sudo retains the calling user's $HOME
>
> this is different from upstream sudo as well as all other UNIXes and
> even the sudo documentation we provide. Should we remove our custom
> patch that adds this behavior?
I would
31 matches
Mail list logo