MITRE assigned CVE-2015-8838: http://www.openwall.com/lists/oss-
security/2016/03/31/13
Thanks
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8838
** Summary changed:
- mysqlnd is vulnerable to BACKRONYM (CVE-2015-3152)
+ mysqlnd is vulnerable to BACKRONYM
Thomas and the nginx team have convinced me that nginx's http/2
implementation is widely used and mature enough to enable before 16.04
LTS release.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
I'm having trouble reproducing this. I started a few thousand /bin/sleep
commands and was able to log in via ssh as another user; the error
message when logging in again as my normal user account showed an error
message that looked appropriate.
In one ssh:
sarnold@sec-xenial-amd64:~$ for i in
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1564451
Title:
User processes are counted towards systemd limit
I've asked MITRE if this needs a new CVE or not:
http://www.openwall.com/lists/oss-security/2016/03/31/10
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1564388
Title:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1564388
Title:
mysqlnd is vulnerable to BACKRONYM (CVE-2015-3152)
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
OFERBA, I suspect you have a different issue than this bug report, which
is about a misleading pathname in an error message.
I'd suggest filing a new bug for your issue however I do not think it is
appropriate to be shipping a new release with 1024 bit DH primes as a
default supported
Likely related to https://bugs.launchpad.net/ubuntu/+source/isc-
dhcp/+bug/1551855
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1556175
Title:
networking.service hangs on shutdown
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Just confirmed that this bug is still present in xenial-server-* builds
as of March 2.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to a duplicate bug report (1537252).
https://bugs.launchpad.net/bugs/1505839
Title:
Unable to
Public bug reported:
Please consider a Feature Freeze exception for libvirt upstream version
1.3.2 which enables ZFS support on Linux hosts:
https://libvirt.org/news.html
ZFS is an excellent match for virtual machine storage:
- transparent high-speed compression that improves performance
-
I've asked teward to keep HTTP/2 disabled in nginx for a little while.
We certainly want HTTP/2 support in 16.04 LTS but (a) http/2 is very new
(b) http/2 is based on design patterns that have proved to be very
difficult to implement without security issues. So I hope to offer
http/2 support in
I'm sceptical of pushing an update for config files to precise; it's
only got a year left, people probably have it working or they're
deploying trusty or xenial instead. The change itself looks fine though.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server
Jesse, thanks for the excellent detailed report; please do report future
findings. I'm setting this public as it's apparently public enough
already.
Thanks
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of
Neal,
https://launchpad.net/ubuntu/+source/php5/+bugs?field.searchtext=fpm
The FPM mode of execution feels far better to me than running a PHP
interpreter in the same address space as the webserver -- however I have
to balance my enthusiasm for the better design against the fact that
there are a
Adding dns_v4_first on to my 14.04 LTS /etc/squid-deb-proxy/squid-deb-
proxy.conf solved this for me.
My personal best guess is that something happened during machine reboots
in the Canonical datacenter to address the glibc updates.
My failures were to both security.ubuntu.com and
I reviewed libiscsi version 1.12.0-2 as checked into xenial. This
shouldn't be considered a full security audit but rather a quick gauge of
maintainability.
- libiscsi provides user-space iscsi initiator support so applications can
use iscsi targets without needing privileged access to the
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.launchpad.net/bugs/1542509
Title:
/build/qemu-YZq7uh/qemu-2.3+dfsg/nbd.c:nbd_init():L670:
Thanks for the report; considering the WP install looks useless with
this configuration, I don't think the path presence outside the root is
much issue.
(I personally think the "path disclosure" issues are a bit thin at best
-- if the web server really shouldn't see some paths, it ought to be
e-Vent, we rated this issue "low" because:
- snmp is not enabled by default
- squid's snmp listener can listen on specific interfaces
- local iptables / ufw rules probably already allow only specific services on
the hosts that run squid
- network firewalls / routers probably already allow only
Ken, that's great: denying lttng in the profile just to silence the logs
is certainly unfortunate for the people who want to use lttng to measure
and inspect their VMs as the reason why lttng doesn't work is impossible
to discover.
Thanks
--
You received this bug notification because you are a
Note the following:
Aborting downgrade from (at least) 10.0 to 5.6.
If are sure you want to downgrade to 5.6, remove the file
/var/lib/mysql/debian-*.flag and try installing again.
I suspect this is intentional behaviour, thus I'm closing the bug. If
this isn't intentional, feel free to set the
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Note that adding that entry may allow virtual machines an unexpected and
unwelcome amount of influence over the host system. If you just want the
errors silenced, use 'deny /run/shm/lttng-ust-wait-5 rw,' instead. If
you actually want lttng to function, then feel free to continue using
the allow
Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.
Submitting the bug about the proper source package is essential. For
help see
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Christy, can you please include the full relevant DENIED lines from your
logs so that we can best determine which rules need to be added to the
libvirt profiles?
Thanks
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
** Also affects: libvirt (Ubuntu)
Importance: Undecided
I'm seeing a direct correlation here between the symptom and the kernel
emitting uevents. For example, in the host run:
$ udevadm --monitor
And in another terminal in the host run:
# losetup /dev/loop0 foo
This causes the symptoms even though it has no direct impact on the
container, but
On Wed, Jan 06, 2016 at 02:07:59PM -, msp3k wrote:
> I tried following one of the links to ubuntu.com, but was told "Sorry,
> you are not a member of a group that is allowed to see the data from
> error reports."
Hmm, I thought you'd always be able to view your own reports.
> If you think
Looks like this is http://people.canonical.com/~ubuntu-
security/cve/2014/CVE-2014-9512.html
** Information type changed from Private Security to Public Security
** Changed in: rsync (Ubuntu)
Status: New => Confirmed
** CVE added: http://www.cve.mitre.org/cgi-
Thanks for finding and reporting this issue; I'm inclined to agree with
upstream that this isn't crossing a security boundary, even though it is
relatively unpleasant.
Thanks
** Changed in: samba (Ubuntu)
Status: Incomplete => Won't Fix
--
You received this bug notification because you
It may not be making its way to errors.ubuntu.com. If you've got the GUI
installed, you can find a link to reported issues via the control panel,
security & privacy, diagnostics --> "show previous reports". I didn't
see any errors that matched _IO_vfprintf_internal(), though I did notice
that the
Note that the Ubuntu packages have had CVE-2014-7141 and CVE-2014-7142
fixed; CVE-2014-6270 is still open. We've rated CVE-2014-6270 as a low
priority issue and will update it when a higher priority issue is found.
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7141.html
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Please disable HTTP/2 / SPDY for initial inclusion into Xenial; the
security team would really prefer this code have some more real-world
exposure and fuzzing before we turn it on. We can always turn it on
after release via an SRU later.
Thanks
--
You received this bug notification because you
Which IPs show the errors? It could be that different results may be due
to different TLS terminators at Google. Figuring out one specific IP
that demonstrates the issue may help (assuming Google hasn't done
something crazy like anycast on their search IPs).
--
You received this bug notification
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
I don't think we will want to push updates to disable ssl3 on existing
systems, and I'm not sure how feasible it would be to push an update
that only modifies the defaults for brand-new installs. I suspect the
only thing to be done for 14.04 LTS is to educate system administrators
about the risks
Chris, please do, I just recreated the issue with the "uvt update -rf"
recipe from earlier; four of six VMs couldn't boot to a login: prompt,
presumably from this bug.
Linux hunt 3.13.0-65-generic #106-Ubuntu SMP Fri Oct 2 22:08:27 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
(I know, it misses this
I had the impression that chkrootkit hadn't been maintained for many
years the last time I looked at it; it may require significant work to
make it functional.
Thanks
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of
http://www.ubuntu.com/usn/usn-2709-2/
** Changed in: pollinate (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to pollinate in Ubuntu.
https://bugs.launchpad.net/bugs/1506238
Title:
ship new
*** This bug is a security vulnerability ***
Public security bug reported:
USN-2709-1 supplied a new certificate but did not include the entire
certificate chain. This is similar to bugs #1304777 #1381359 #1483762.
Robie Basak provided debdiffs, http://paste.ubuntu.com/12774324/ and
Is this still open against the 14.04.1 LTS kernel?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.launchpad.net/bugs/1292234
Title:
qcow2 image corruption on non-extent filesystems (ext3)
To
Thank you Colin, that's great news.
I think we should have a discussion about which algorithms to deprecate,
when, for the whole distribution. I'd like a consistent approach to when
we stop supporting md5/sha-1/rc4 etc. Of course different protocols may
have different threat models so it may not
~ubuntu-reviewers, the patch posted here is intended to sketch what a
new patch for this feature may look like and is not intended to be used
as-is in any capacity. Feel free to unsub from this bug.
Thanks
** Tags removed: patch
--
You received this bug notification because you are a member of
Hello Eldin, you're right that it is time to begin migrating away from
SHA-1 in default OpenSSH configurations. However there is some
historical baggage in parts of the launchpad infrastructure that
prevented upgrading algorithms earlier. (Strictly speaking, the defaults
aren't tied to launchpad
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1499392
Title:
OpenSSH Security and SHA1
To manage
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
On Mon, Sep 28, 2015 at 07:51:47AM -, Tim Penhey wrote:
> > It is currently impossible to upgrade from 14.04 LTS to 15.04 due to
> > incorrect version numbers. Has anyone else noticed this yet? When will
> > this be fixed? Are there any changes in process needed to ensure this
> > doesn't
Public bug reported:
juju 1.18.1 is in trusty-release
Juju 1.22.6 is in trusty-updates
Juju 1.22.1 is in vivid-release, meaning upgrades from updated trusty to vivid
fail
Juju 1.22.6 is in wily
As a result of these version numbers, a fully-updated trusty system
should fail to upgrade to vivid
juju 0.7 is still available in wily. Is it too late to remove it?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to juju in Ubuntu.
https://bugs.launchpad.net/bugs/1426549
Title:
drop pyjuju from vivid and newer
To manage
I reviewed juju version ff791983cd1a186e2e09878a37cf243f7f9eb734. The
review covered significantly less portion of the codebase than usual, and
should not be considered a security audit.
Juju 1.18.1 is in trusty-release
Juju 1.22.6 is in trusty-updates
Juju 1.22.1 is in vivid-release, meaning
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1490361
Title:
IncompatibleObjectVersion: Version 1.2 of PciDeviceList is not
Are you sure that the Ubuntu OpenSSH should be running 'inside' the
crouton environment? Does crouton run things in a VM, or chroot, or full
containers?
There's many X11 errors mentioned there, are they indicative of bigger
problems in the crouton environment?
This is probably worth a parallel
I overlooked a missing bug number for the cert update in the vivid
changelog. Sorry.
** Changed in: pollinate (Ubuntu Vivid)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to pollinate in
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
You appear to be running a release of Ubuntu that is no longer supported.
Please see https://wiki.ubuntu.com/Releases for information on our
currently supported releases; consider using one of the LTS releases,
My primary concern was with the confused double duty of the shell
quoting -- sometimes it was being used to protect an input from a user,
and sometimes it was being used to transmit scripts to remote peers.
I really hope to see something akin to sql prepared statements in juju
that use the class
Port 25 is probably handled by postfix, exim, or sendmail, not dovecot.
In any event, you can't simply connect directly to SMTP with TLS; SMTP
requires using the STARTTLS command to upgrade a connection to TLS.
I suspect you'll find similar issues with your other ports; I don't know
the details
Please see bug #1244635 -- I'm afraid this bug may re-introduce 1244635
if not handled carefully.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1472142
Title:
/var/cache/lxc
Hello, the Ubuntu Security Team does not provide security support for
the backports project. If you wish to prepare a debdiff to address the
security issues, or help the backports project prepare an update to a
newer version, I suspect the backports project would be happy for the
help.
Please see
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to irqbalance in Ubuntu.
https://bugs.launchpad.net/bugs/1471373
Title:
My wifi keeps disconnecting after some interval of time
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
George, if you want to allow the lttng accesses, edit
/etc/apparmor.d/libvirt/TEMPLATE and the other similar profiles in
/etc/apparmor.d/libvirt/ and add:
/run/shm/lttng-ust-wait-5 rw,
Then run apparmor_parser --replace $(ls -1
/etc/apparmor.d/libvirt/libvirt* | grep -v files)
This does allow
NTP uses UDP port 123. The pasted conky configuration doesn't monitor
any UDP ports.
Thanks
** Information type changed from Private Security to Public
** Changed in: ntp (Ubuntu)
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server
I don't think stopped apparmor is going to do it -- the generic
apparmor profiles are loaded via a sysv-init compatibility script.
I think the job file that starts this dnsmasq instance needs to use
apparmor load before starting the process:
http://upstart.ubuntu.com/cookbook/#apparmor-load
I
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
We've decided this is a security hardening measure rather than a
security issue, and thus won't apply for a CVE and won't attempt an
embargoed coordination with other vendors: any process that has
sufficient privileges to read this file and thus the password has every
opportunity to perform dozens
Does not affect nova; this is probably a misconfiguration rather than a
bug.
** Information type changed from Private Security to Public
** Changed in: nova (Ubuntu)
Status: New = Invalid
** Package changed: nova (Ubuntu) = ubuntu
--
You received this bug notification because you are a
Andrej, sorry, normally the person who supplies the additional
information sets the status back to 'new' or 'confirmed' as needed. We
don't say that nearly often enough. sorry.
** Changed in: openssh (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because
Changing the ssh service file to use network-online.target should also
work; see
http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ for more
information.
** Tags added: systemd-boot
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage
this is handled shortly after the U series is opened, so
that it is not forgotten.
Security team ACK for promoting conntrack to main.
Thanks
** Changed in: conntrack (Ubuntu)
Assignee: Seth Arnold (seth-arnold) = (unassigned)
--
You received this bug notification because you are a member
Brendan Gregg has an awesome execsnoop tool that can report systemwide
execs in his perf-tools package, the whole thing is a goldmine of
amazing tools:
http://www.brendangregg.com/blog/2014-07-28/execsnoop-for-linux.html
Probably this is easier than the process accounting.
Thanks
--
You
While this might initially seem like prematurely early to end support
for SHA-1, it's the tail end of 16.04 LTS's support window that worries
me -- I suspect SHA-1 will feel less safe by 2021, but removing support
for it in an LTS release feels like the wrong approach.
We may also wish to
python-cryptography-vectors is as described -- an impressive collection
of test vectors. The only slightly surprising thing is the pre/post
inst/rm scripts, due to this being part of a python module package.
Security team ACK for promoting python-cryptography-vectors to main,
though I suspect we
I reviewed python-cryptography version 0.8-1ubuntu2 as checked into Ubuntu
vivid. This shouldn't be considered a full security audit but rather a
quick gauge of maintainability.
- python-cryptography provides a cffi interface to OpenSSL with friendly
shims for better python integration
-
Ken,
The ptrace mediation in 12.04 LTS is very rudimentary; if you add
capability sys_ptrace, to a profile then processes running in that
profile are allowed to trace any process the discretionary access
controls allow. The fine-grained permissions introduced in 14.04 LTS
require both the new
Do you know if a CVE has been assigned to this issue? I don't directly
see how it could be used to cross privilege boundaries. Is there
something I've missed?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to numactl in Ubuntu.
** Tags added: systemd-boot
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1440070
Title:
openssh-server attempts to connect to upstart and the connection is
refused
To manage
Thanks James and Michael, looks good to me.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR] python-saml2, xmlsec1
To manage notifications about this bug
Public bug reported:
I tried to create a new undercloud on the server team's serverstack test
environment; I realized shortly after starting the juju-deployer that I
had made a mistake and used ^C to interrupt the deploy, to save ten
minutes of time, and then juju destroy-environment hung when
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Information type changed from Private Security to Public Security
** Changed in: openssh (Ubuntu)
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
You can configure this with /etc/pam.d/sshd -- simply remove the
pam_motd lines from your PAM sshd configuration and this information
will no longer be shown when users successfully authenticate. (Neither
sshd nor pam_motd.so care if your users are using bash or false or
nologin for their shell;
I got a response from Tres Seaver to some of the issues I raised in this
MIR:
Thanks for the report! 1.0.18 is a long time ago now (almost 4 1/2
years). The latest release is 2.2, and there will likely be a 2.2.1
released in the near future.
We are pretty unlikely to make another 1.x
to manage logins.
*2* a statement from the server team that they will assist in maintenance
efforts for the supported life of this package, and will ask to demote it
again in the future if a viable replacement is found.
Thanks
** Changed in: python-repoze.who (Ubuntu)
Assignee: Seth Arnold
I reviewed python-pysaml2 version 2.2.0-0ubuntu2 as found in Ubuntu vivid.
This should not be considered a full security audit, but rather a quick
gauge of maintainability.
- python-pysaml2 is a middleware designed to handle SAML2 authentication,
a competitor to oauth and FIDO. SAML2 is popular
Public bug reported:
Hello, it appears that juju-0.7 is still available to install in vivid;
given that the juju upstream team has moved on significantly from this
point, I think it is best to drop the old pyjuju from vivid and all
future releases.
Note that it is not coming from Debian:
Valentin, do you have any DENIED messages from AppArmor in your dmesg
output, /var/log/syslog, or /var/log/audit/audit.log files?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in Ubuntu.
** Changed in: xmlsec1 (Ubuntu)
Assignee: Seth Arnold (seth-arnold) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-pysaml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1407695
Title:
[MIR] python-saml2
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
I'd suggest running memtest86+ on your computer overnight or over a
weekend; there are crashes from chrome, chromium-browser, gdb, software-
center, apport-gtk, apt-check, oneconf-service. While many of the errors
were in apt's libraries, making me suspect hard drive corruption there,
that
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libfcgi in Ubuntu.
https://bugs.launchpad.net/bugs/1418778
Title:
Stack smashing while using a lot of connections
1 - 100 of 252 matches
Mail list logo
