Public bug reported:
encountered while runnuing do-release-upgrade from 22.04 to 24.04
ProblemType: Package
DistroRelease: Ubuntu 24.04
Package: grub-efi-amd64-signed 1.202+2.12-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-113.123-generic 5.15.152
Uname: Linux 5.15.0-113-generic x86_64
Google has assigned CVE-2024-6284 to describe this issue. Many thanks to
Michael from upstream for the assignment and to Cyril for raising the
need \o/
The fix for https://github.com/google/nftables/issues/225 is
https://github.com/google/nftables/commit/d746ecb0e494e7200180c3886fde9664d9100729
Please refer to this issue as CVE-2024-6388.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6388
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068944
Title:
https://bugs.launchpad.net/bugs/2070096
Same problem?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2070960
Title:
Screen flashes black every few minutes on Lenovo Z13
To manage notifications
Update: The problem occurred again with the changed firmware, so please ignore
my earlier message about the firmware.
I will run with the older 6.5.0-1023-oem for now to see if it works.
Hi,
I believe the blank screen always corresponds with a dmesg entry:
*ERROR* link_enc_cfg_validate: Invalid link encoder assignments - 0x1c
This is not necessarily accompanied by a call trace.
It appears my hardware is similar to nikhilkaushik, they're both fairly
new thinkpads (AMD)
I have
I'm having similar issues - the PCIe device in question seems to be the
wireless card in my case. Every now and then my system (Dell Optiplex
3050) will lock up entirely; no app hosting, no SSH, no anything, and
only a forced reboot will fix it - for a while, before it locks up
again. Syslog has a
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067973
Title:
A series of infinite loop vulnerabilities in the os_ken
To manage
Marking public https://ubuntu.com/security/CVE-2022-30333
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30333
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Cyril, upstream has agreed to assign a CVE. That will alert the Go
ecosystem and distros to the issue and fix \o/
I will update you when I learn more.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Presumably via /usr/bin/runc.
```
# ldd /usr/bin/runc
linux-vdso.so.1 (0x003940e63000)
libseccomp.so.2 => /lib/riscv64-linux-gnu/libseccomp.so.2
(0x003940e3a000)
libc.so.6 => /lib/riscv64-linux-gnu/libc.so.6 (0x003940cba000)
I confirm that this also affects Noble.
If libseccomp2 is >= 2.55, then Docker must be >= 25.0.3.
I looked at fixing the Docker profile, and this works for `docker run`,
but `docker build` always uses the build-in/default profile, so it's a
limited workaround.
--
You received this bug
Thank you for taking the time to report this Cyril.
Do you know if Google intends to assign a CVE?
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Is Ubuntu affected by default or is this an administrative choice?
https://www.openwall.com/lists/oss-security/2024/05/30/3
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Ooo, interesting. If I use the `Papirus` icon theme, then thunderbird
gets its icon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068831
Title:
Thunderbird icon missing in panel of Cinnamon
To
Dist-upgrade from early release of 22.04 to 23.10 then to 24.04.
Thunderbird DEB package replaced by SNAP package in the process.
If I search for Thunderbird and pin it, then there's an icon in Grouped Window
List. If I click the icon, it opens new window without an Icon in the Grouped
Window
Andreas asked that I re-verify that Ubuntu Security wishes to make this
change through SRU. We do.
Since the regression was inherited from sid, it feels most appropriate
to SRU a change into -updates. Also, since a working 5.6 patch for
CVE-2019-14318 does not exist we do not have a fix for the
Marking this as invalid, since devel is not affected. Only focal is
affected.
** Package changed: libcrypto++ (Ubuntu) => ubuntu
** Changed in: ubuntu
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I did some analysis
[here](https://github.com/ocaml/infrastructure/issues/121).
libseccomp needs to be >= 2.55 and Docker >= 25.0.3 and then this issue
goes away. Without these the system call `fchmodat2` return EPERM
rather than `ENOSYS`.
** Bug watch added:
SyncthingPanelIcon@file:///home/mark/.local/share/gnome-shell/extensions/syncth...@gnome.2nv2u.com/extension>
_init@file:///home/mark/.local/share/gnome-shell/extensions/syncth...@gnome.2nv2u.com/extension.js:456
Sounds good!
The impact does sound low. Mostly I recommend CVEs if you want to make
sure that downstreams apply a security patch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/129133
Title:
Hi @zyw o/
_If_ your project wants, I'm happy to assign and publish a CVE for this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/129133
Title:
mc uses predictable temp directory path
To
*** This bug is a duplicate of bug 1987842 ***
https://bugs.launchpad.net/bugs/1987842
Please refer to this issue as CVE-2022-4968.
Marking this bug as a duplicate to
https://bugs.launchpad.net/netplan/+bug/1987842
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4968
**
Public bug reported:
previous non lts upgrades have all completed. This upgrade fails and
their is no specific information in the logs which I could interpret.
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: ubuntu-release-upgrader-core 1:23.10.14
ProcVersionSignature: Ubuntu
Focal (20.04) and Jammy (22.04) swaylock versions are affected
https://ubuntu.com/security/CVE-2022-26530
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26530
** Information type changed from Private Security to Public Security
--
You received this bug notification because
Public bug reported:
I have a 2x1 KVM switch between my work laptop (win10) and my Ubuntu
24.04 (noble) desktop.
When I switch from Ubuntu to the work laptop - whether I have locked the
screen or not - the Ubuntu session logs me out.
I had originally thought it was rebooting the desktop, but
This bug affects me on 24.04 noble too.
It did not on 23.10.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721428
Title:
Artful (17.10) Session logout after screen turned off
To manage
Same behaviour across CentOS 7.9.2009 on AWS
** Also affects: centos
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2020212
Title:
/proc//stat doesn't
Ubuntu LTS 22.04.4
I ran Deku's script, from message 102 above:
sudo apt install -y --allow-downgrades \
gir1.2-mutter-10=42.9-0ubuntu7vv1 \
mutter-common=42.9-0ubuntu7vv1 \
libmutter-10-0=42.9-0ubuntu7vv1;
That cleared things up, no lag / MetaSyncRing errors, but Ubuntu now
wants to re-upgrade
Thanks Deku.
With just a very quick test (applied then rebooted), the snippet posted
above seems to be working for me with Ubuntu 22.04.4 LTS.
I had to add the apt option --allow-downgrades
Mark
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Hey folks,
I think we may have encountered this or a variant of this while running
extremely strenuous Ceph performance tests on a very high speed cluster
we designed for a customer. We have a write-up that includes a section
on needing to disable iommu here:
*** This bug is a duplicate of bug 1875062 ***
https://bugs.launchpad.net/bugs/1875062
This bug is back in 24.04 (noble).
Same issue - Set the keyboard to UK at install, but the keyboard used is US
layout so special characters e.g. # & £ are transposed, and therefore doesn't
work at first
*** This bug is a duplicate of bug 2045931 ***
https://bugs.launchpad.net/bugs/2045931
Ack, thanks for the explanation.
** Tags added: regression-security regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@vorlon answered why in
https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/2046084/comments/7
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046116
Title:
bluetooth device connected but not
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064966
Title:
"accept_source_route" enabled by default in 24.04
To manage
@vanvugt, @vorlon, why is this marked as a regression?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046116
Title:
bluetooth device connected but not recognised as output device
To manage
*** This bug is a duplicate of bug 2045931 ***
https://bugs.launchpad.net/bugs/2045931
This is not a security regression. This is upstreams fix to prevent
https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md
If you wish to to enable legacy devices (and the vulnerability) with
** Description changed:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware,
** Description changed:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware,
Public bug reported:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian only packaged
** Attachment added: "main.cpp"
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751/+attachment/5774479/+files/main.cpp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064751
Title:
** Patch added: "libcrypto++_5.6.4-9ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751/+attachment/5774481/+files/libcrypto++_5.6.4-9ubuntu1.debdiff
** Also affects: libcrypto++ (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this
If you compile tar from scratch within the Docker container, then you do
not see the error.
```
wget https://ftp.gnu.org/gnu/tar/tar-1.35.tar.gz
tar -xzf tar-1.35.tar.gz
```
Ignore the errors from the tar process :-)
```
apt install build-essential libacl1-dev -y
cd tar-1.35
This also affects ppc64le Docker images. These commands work fine on
x86_64, arm64 and s390 but fail on POWER9.
```
docker run -it --rm ubuntu:noble
apt-get -y update
apt install -y wget
cd /tmp
wget a-tar-file-of-your-choice.tar.gz
tar -xzf a-tar-file-of-your-choice.tar.gz
```
Error message:
This has been addressed in the LXD snaps 5.21/stable
(https://github.com/canonical/lxd-pkg-snap/commit/764ee08b) and 5.0/edge
(https://github.com/canonical/lxd-pkg-snap/commit/bfe4270e).
All LXD software before version 4 are not affected.
Jammy, Mantic, and Noble do not have debs. Focal's deb is
This impacts all arm64 installs, not just raspberry pi.
The MIR for qrtr and protection-domain-mapper [0] was requested late in
the Mantic cycle and was only approved by Security since it was promised
to only be used for x13s hardware enablement. Hopefully Qualcomm IPC is
only enabled for x13s
Public bug reported:
When I use the new (24.04) settings and 'Online Accounts' to connect to
Microsoft 365, it authenticates, works well for about 5 minutes and then
disconnects.
I have to remove that account and redo it every time I want to use it.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Can we get the system config details please - CPU, GPU in particular. Also
confirm if WWAN is enabled
Which dock is being used?
Can you confirm if AMT is enabled or not in the BIOS?
We've seen issues with AMT enabled with the TBT dock, especially with
networking.
Will look to reproduce the
Public bug reported:
1.
No LSB modules are available.
Description:Ubuntu 24.04 LTS
Release:24.04
2.
feh:
Installed: 3.10.1-1build3
Candidate: 3.10.1-1build3
Version table:
*** 3.10.1-1build3 500
500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
http-parser has been deprecated [0] for llhttp [1] in libgit2 \o/
[0] https://github.com/libgit2/libgit2/issues/6074
[1] https://github.com/libgit2/libgit2/pull/6713
** Bug watch added: github.com/libgit2/libgit2/issues #6074
https://github.com/libgit2/libgit2/issues/6074
--
You received
Thank you!
This was mistriaged as not affecting Ubuntu, which has been corrected:
https://git.launchpad.net/ubuntu-cve-
tracker/commit/?id=83e00d6f10a8f7a234751a97f87a62c88d0143cb
I have messaged Debian Security to track this as well.
** CVE added:
** Changed in: jq (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063014
Title:
CVE-2023-50246 and CVE-2023-50268
To manage notifications about this bug
CVE-2023-50246 only affects jq >= 1.7 until 1.7.1. That issue was
introduced with cf4b48c7ba30cb30e116b523cff036ea481459f6. Mantic (23.10)
has jq version 1.6-3 and Noble (24.04) has 1.7.1-3build1. This is why
unaffected versions are labeled as "Not vulnerable (code not present)"
on
I reviewed libyuv 0.0~git202401110.af6ac82-1 as checked into noble. This
shouldn't be considered a full audit but rather a quick gauge of
maintainability.
libyuv is an open source project that includes YUV scaling and
conversion functionality.
- CVE History:
- none
- open bug reports are not
** Tags added: sec-4083
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061750
Title:
[MIR] python-s3transfer as indirect dependency of simplestreams
(simplestreams -> python-boto3 ->
** Tags added: sec-4084
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061751
Title:
[MIR] python-botocore as indirect dependency of simplestreams
(simplestreams -> python-boto3 ->
** Tags added: sec-4082
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061217
Title:
[MIR] python-boto3 as a dependency of simplestreams
To manage notifications about this bug go to:
Thanks! That's the detail I was hoping for. (In the meantime I found
that "pandoc --from gfm --to html" did just as good a job and swapped
over to it, so I am no longer personally concerned about the package
itself.)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Public bug reported:
$ apt-cache show grip
N: Unable to locate package grip
E: No packages found
Jammy/22.04 had grip_4.2.0-3_all.deb "Preview GitHub Markdown files like
Readme locally". (Not the ancient gnome cd player/ripper app.) Didn't
see any bugs here about the package being dropped. No
Hello, the MIR process says any MIRs assigned to the security team after
the Beta Freeze deadline need to be discussed with the Director of
Security Engineering:
For a MIR to be considered for a release, it must be assigned to the
Security team (by the MIR team) before Beta Freeze. This
Dag,
Can you confirm you mean 24.04 and not 22.04, please?
On Mon, 15 Apr 2024 at 17:25, Dag Bjerkeli <1875...@bugs.launchpad.net>
wrote:
> I've just tested this, and can confirm that there is a bug regarding
> keyboard layout in 22.04 beta. As this time the error also appears when
> you select
Hi guys,
I'm sorry to say that this bug is back in 24.04 Beta.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875062
Title:
[20.04] Keyboard layout changes during installation before typing
There is a strong chance that
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/1893934 is
related to the incomplete CVE-2019-14318 patch regression.
I plan to propose an SRU to effectively downgrade this regressed package
to 5.6.4-8.
Please see
When is Security review absolutely needed by? Is April 17th, the day
before Final Freeze okay? Would that give Foundation's enough time to
promote to main?
There may not be enough time for Security to complete a review by Final
Freeze, but we are looking for someone to take this asap.
--
You
Setting to In Progress per
https://bugs.launchpad.net/ubuntu/+source/libmail-dmarc-
perl/+bug/2023971/comments/28
** Changed in: libemail-mime-perl (Ubuntu)
Status: Won't Fix => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Tags added: sec-4053
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2004516
Title:
[MIR] libyuv (transitive dependency of libheif)
To manage notifications about this bug go to:
** Tags added: sec-4054
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060035
Title:
[MIR] msgraph
To manage notifications about this bug go to:
Debian `libcrypto++` 5.6.4-9 introduced a security patch for
CVE-2019-14318.
According to a post in 2019 ,
https://github.com/weidai11/cryptopp/issues/869, the CVE-2019-14318
patch for 5.6.4 was incomplete. A comment in a later 2020 issue mentions
that the 2019 8.3 patch was broken:
With fresh amd64 VMs using the latest Ubuntu point releases, I was able
to reproduce your report on Ubuntu Focal 20.04.06 (`libcrypto++` version
5.6.4-9build1). Both Bionic 18.04.06 (`libcrypto++` version 5.6.4-8) and
Jammy 22.04.04 (`libcrypto++` version 8.6.0-2ubuntu1) had the expected
result.
*** This bug is a security vulnerability ***
Public security bug reported:
This issue was reported to the Security team over email and originally
posted to https://github.com/weidai11/cryptopp/issues/1269
> I typically never use Crypto++, but I had to yesterday, and I then
> experienced a
A fix has been released to Noble proposed and the CVE has been
published.
https://launchpad.net/ubuntu/+source/grub2/2.12-1ubuntu7
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I believe this issue can be set to In Progress and is ready for
promotion to main.
@didrocks, @slyon: please ping me if anything is needed from Security.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I am posting this Security MIR on behalf of Sudhakar Verma (@sudhackar)
since he is out of the office.
---
I reviewed authd 0.2.1 as checked into noble. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
authd is a service that builds cloud based
I reviewed trace-cmd 3.2-1 as checked into noble. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
> TRACE-CMD: The front-end application to Ftrace. The back-end
application to KernelShark.
- CVE History
- none
- Build-Depends
- most are for docs
-
I reviewed libtraceevent 1:1.8.2-1 as checked into noble. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
> libtraceevent - Linux kernel trace event library
- CVE History:
- none
- Build-Depends?
- nothing concerning
- most dependencies are for
Per MIR Team's #3 requirement, the described issue was patched on May
20th 2020 (although the GH bug remains open). There are three commits: a
fix, a test, and documentation. These landed in upstream version 1.947.
Please see https://github.com/rjbs/Email-
MIME/issues/66#issuecomment-2019041975
Public bug reported:
If pam_pwqaulity is restrictively set a user can still be created by
adduser without a password.
e.g.,
```
eslerm@mino:~$ cat /etc/pam.d/common-password |grep pwquality
password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1
lcredit=-1 dcredit=-1
Public bug reported:
If pam_pwqaulity is restrictively set a user can still be created by
adduser without a password.
e.g.,
```
eslerm@mino:~$ cat /etc/pam.d/common-password |grep pwquality
password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1
lcredit=-1 dcredit=-1
Thanks Wouter
It appears nbd-client existed in main at some point http://old-
releases.ubuntu.com/ubuntu/pool/main/n/nbd/ (thanks Seth).
Between this MIR and tree's LP#2056099 I am concerned that Security is
being bypassed as NN approaches. That's not to say anything is wrong
with how nbd-client
Security is not asking to review this for NN, but this might have odd
code.
```
/* Should probably use strdup(), but we like our xmalloc() */
#define scopy(x)strcpy(xmalloc(strlen(x)+1),(x))
```
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Was -server code ever reviewed by a MIR?
The client contains many ioctl calls.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2054480
Title:
[MIR] nbd-client
To manage notifications about this bug
I had this problem with Ubuntu 24.04 with VirtualBox 7.0.14-dfsg-4 on my
computer
Fixed it for now by installing Oracle test 7.0.15 test build
https://www.virtualbox.org/download/testcase/VirtualBox-7.0.15-162366-Linux_amd64.run
from https://www.virtualbox.org/wiki/Testbuilds
--
You received
There are unnecessary crates being vendored. I filed an upstream issue:
https://gitlab.gnome.org/GNOME/snapshot/-/issues/137
This causes a bandwidth strain on mirrors or wherever the source package
is needed.
To be clear, this is not a Security issue and does not impact Security's
review (since
The upstream chain for fdk-aac-free is precarious.
The Debian package fdk-aac-free watches
https://gitlab.freedesktop.org/wtaymans/fdk-aac-stripped/ This version
specifically removes the HE (High Efficiency) and HEv2 profiles which
have patent concerns (see README.fedora).
This version does not
Thank you @seb128. I was asked to get your feedback before completing
the Security review. Get well soon!
Security team ACK for promoting dbus-broker to main, under the condition
that src:dbus' binary packages are split as described by @paelzer in
comment #19.
--
You received this bug
I reviewed bpftrace 0.20.1 as checked into noble. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
> bpftrace is a high-level tracing language for Linux enhanced Berkeley
Packet Filter (eBPF) available in recent Linux kernels (4.x). bpftrace
uses LLVM as a
Assigning to Security early, so that this is not blocked for 24.04.
After Feature Freeze, if the MIR Team has requirements for a package,
but is reasonably sure that the owning-team will accomplish them, please
assign MIRs to the Security team immediately.
** Changed in: bpftrace (Ubuntu)
I reviewed bpfcc 0.29.1+ds-1ubuntu2 as checked into noble. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
- CVE History
- no CVEs tracked in UCT, initially
- searching for "bcc" CVEs finds false-positives
- Build-Depends
- nothing concerning
-
@seb128, could you please review the recent discussion?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2015538
Title:
[MIR] dbus-broker
To manage notifications about this bug go to:
Apologize for not responding earlier! This slipped through my emails.
> I know Canonical is also Root CNA, why are you redirecting to another
CNA?
Canonical is a CNA, not a Root CNA.
I don't see how an _unprivileged_ attacker could leverage this bug to be
a vulnerability. A clear proof of
Public bug reported:
I'm following the instructions at:
https://mutschler.dev/linux/ubuntu-btrfs-20-04/#create-filesystems-for-root-and-efi-system-partitions.
All goes well until I attempt to work with the installer ("ubiquity
--no-bootloader" command).
I can select language (English), keyboard
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1231178
Title:
Altec Lansing speakers remote control not working
To manage notifications
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/927225
Title:
Yukon Optima 88E8059 fails to come up as a network interface when
system is
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1884207
Title:
Wifi Enterprice Login Page does not appear at connect
To manage
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696859
Title:
package linux-image-4.10.0-22-generic (not installed) failed to
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919150
Title:
My keyboard stop working
To manage notifications about this bug go to:
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1904391
Title:
Touchpad and Keyboard not detectable in the new kernel
To manage
Update: after a lot of discussion with Mitch Burton on the Landscape
team, he was able to demonstrate this working with a self-signed
certificate. We think that this may actually not be strictly an issue
with the self-signed SSL, but rather that the name in the cert is not an
FQDN, and instead is
** Tags added: sec-3932
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2051850
Title:
[MIR] trace-cmd
To manage notifications about this bug go to:
** Tags added: sec-3931
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2051916
Title:
[MIR] promote libtraceevent as a trace-cmd dependency
To manage notifications about this bug go to:
1 - 100 of 15659 matches
Mail list logo