whoopsie (0.2.52.5ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow when handling large crash dumps (LP:
#1830863)
- src/whoopsie.c: Don't use signed integer types for lengths to ensure
large crash dumps do not cause signed integer overflow
-
apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access
whoopsie (0.2.52.5ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow when handling large crash dumps (LP:
#1830863)
- src/whoopsie.c: Don't use signed integer types for lengths to ensure
large crash dumps do not cause signed integer overflow
-
apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access
zeromq3 (4.1.4-7ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Unauthenticated client can cause a stack overflow on any
server that is supposed to be protected by encryption/authentication,
leading to a DoS (crash) or possibly other impact.
-
zeromq3 (4.1.4-7ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Unauthenticated client can cause a stack overflow on any
server that is supposed to be protected by encryption/authentication,
leading to a DoS (crash) or possibly other impact.
-
glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium
* SECURITY UPDATE: Not properly restrict directory and file permissions
- debian/patches/CVE-2019-13012.patch: changes the permissions when
a directory is created, using 700 instead 777 in
gio/gkeyfilesettingsbackend.c
glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium
* SECURITY UPDATE: Not properly restrict directory and file permissions
- debian/patches/CVE-2019-13012.patch: changes the permissions when
a directory is created, using 700 instead 777 in
gio/gkeyfilesettingsbackend.c
aptdaemon (1.1.1+bzr982-0ubuntu14.1) xenial; urgency=medium
* Various locking fixes (LP: #1831981)
- Implement frontend locking (incl. fixup from 0ubuntu24)
- Adjust locking order to match APT
- Use reverse order for unlocking
* Test suite fixes:
- Fix failing tests
- Make
lazr.restfulclient (0.13.4-5ubuntu2) xenial; urgency=medium
* Cherry-pick from upstream:
- Fix handling of 304 responses with an empty body on Python 3
(LP: #1714960).
Date: Mon, 08 Jul 2019 14:44:42 +0100
Changed-By: Andy Whitcroft
Maintainer: Ubuntu Developers
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4) xenial-security;
urgency=medium
* No change rebuild for the -security pocket
Date: 2019-07-03 15:00:16.639855+00:00
Changed-By: Mike Salvatore
Signed-By: Ubuntu Archive Robot
docker.io (18.09.7-0ubuntu1~16.04.4) xenial-security; urgency=medium
* No change rebuild for the -security pocket
Date: 2019-07-03 13:37:17.299495+00:00
Changed-By: Mike Salvatore
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4
Sorry,
containerd (1.2.6-0ubuntu1~16.04.3) xenial-security; urgency=medium
* No change rebuild for the -security pocket
Date: 2019-07-03 14:46:13.812076+00:00
Changed-By: Mike Salvatore
Signed-By: Ubuntu Archive Robot
https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.3
Sorry,
containerd (1.2.6-0ubuntu1~16.04.3) xenial-security; urgency=medium
* No change rebuild for the -security pocket
Date: 2019-07-03 14:46:13.812076+00:00
Changed-By: Mike Salvatore
https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.3
Sorry, changesfile not available.--
docker.io (18.09.7-0ubuntu1~16.04.4) xenial-security; urgency=medium
* No change rebuild for the -security pocket
docker.io (18.09.7-0ubuntu1~16.04.1) xenial; urgency=medium
* Backport to 16.04 (LP: #1834690).
* Version dependency on containerd.
* Revert "Let dh_systemd install .service
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4) xenial-security;
urgency=medium
* No change rebuild for the -security pocket
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.3) xenial; urgency=medium
* Correct build dependencies on s390x.
* Fix build on powerc (need to check
libvirt (1.3.1-1ubuntu10.27) xenial-security; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
libvirt (1.3.1-1ubuntu10.27) xenial-security; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
friendly-recovery (0.2.31ubuntu2.1) xenial; urgency=medium
[ Steven Clarkson ]
* lib/systemd/system-generators/friendly-recovery:
Symlink default.target to earlydir instead of normaldir to be
able to access recovery mode even if default target has been set
via systemctl
19 matches
Mail list logo