[ubuntu/xenial-updates] whoopsie 0.2.52.5ubuntu0.1 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
whoopsie (0.2.52.5ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP: #1830863) - src/whoopsie.c: Don't use signed integer types for lengths to ensure large crash dumps do not cause signed integer overflow -

[ubuntu/xenial-updates] apport 2.20.1-0ubuntu2.19 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary files (LP: #1830858) - apport/report.py: Avoid TOCTOU issue on users ignore file by dropping privileges and then opening the file both test for access

[ubuntu/xenial-security] whoopsie 0.2.52.5ubuntu0.1 (Accepted)

2019-07-08 Thread Alex Murray
whoopsie (0.2.52.5ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP: #1830863) - src/whoopsie.c: Don't use signed integer types for lengths to ensure large crash dumps do not cause signed integer overflow -

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.19 (Accepted)

2019-07-08 Thread Alex Murray
apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary files (LP: #1830858) - apport/report.py: Avoid TOCTOU issue on users ignore file by dropping privileges and then opening the file both test for access

[ubuntu/xenial-updates] zeromq3 4.1.4-7ubuntu0.1 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
zeromq3 (4.1.4-7ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated client can cause a stack overflow on any server that is supposed to be protected by encryption/authentication, leading to a DoS (crash) or possibly other impact. -

[ubuntu/xenial-security] zeromq3 4.1.4-7ubuntu0.1 (Accepted)

2019-07-08 Thread Eduardo dos Santos Barretto
zeromq3 (4.1.4-7ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated client can cause a stack overflow on any server that is supposed to be protected by encryption/authentication, leading to a DoS (crash) or possibly other impact. -

[ubuntu/xenial-updates] glib2.0 2.48.2-0ubuntu4.3 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium * SECURITY UPDATE: Not properly restrict directory and file permissions - debian/patches/CVE-2019-13012.patch: changes the permissions when a directory is created, using 700 instead 777 in gio/gkeyfilesettingsbackend.c

[ubuntu/xenial-security] glib2.0 2.48.2-0ubuntu4.3 (Accepted)

2019-07-08 Thread Leonidas S. Barbosa
glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium * SECURITY UPDATE: Not properly restrict directory and file permissions - debian/patches/CVE-2019-13012.patch: changes the permissions when a directory is created, using 700 instead 777 in gio/gkeyfilesettingsbackend.c

[ubuntu/xenial-proposed] aptdaemon 1.1.1+bzr982-0ubuntu14.1 (Accepted)

2019-07-08 Thread Julian Andres Klode
aptdaemon (1.1.1+bzr982-0ubuntu14.1) xenial; urgency=medium * Various locking fixes (LP: #1831981) - Implement frontend locking (incl. fixup from 0ubuntu24) - Adjust locking order to match APT - Use reverse order for unlocking * Test suite fixes: - Fix failing tests - Make

[ubuntu/xenial-proposed] lazr.restfulclient 0.13.4-5ubuntu2 (Accepted)

2019-07-08 Thread Andy Whitcroft
lazr.restfulclient (0.13.4-5ubuntu2) xenial; urgency=medium * Cherry-pick from upstream: - Fix handling of 304 responses with an empty body on Python 3 (LP: #1714960). Date: Mon, 08 Jul 2019 14:44:42 +0100 Changed-By: Andy Whitcroft Maintainer: Ubuntu Developers

[ubuntu/xenial-updates] runc 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 15:00:16.639855+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot

[ubuntu/xenial-updates] docker.io 18.09.7-0ubuntu1~16.04.4 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
docker.io (18.09.7-0ubuntu1~16.04.4) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 13:37:17.299495+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4 Sorry,

[ubuntu/xenial-updates] containerd 1.2.6-0ubuntu1~16.04.3 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
containerd (1.2.6-0ubuntu1~16.04.3) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 14:46:13.812076+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.3 Sorry,

[ubuntu/xenial-security] containerd 1.2.6-0ubuntu1~16.04.3 (Accepted)

2019-07-08 Thread Mike Salvatore
containerd (1.2.6-0ubuntu1~16.04.3) xenial-security; urgency=medium * No change rebuild for the -security pocket Date: 2019-07-03 14:46:13.812076+00:00 Changed-By: Mike Salvatore https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.3 Sorry, changesfile not available.--

[ubuntu/xenial-security] docker.io 18.09.7-0ubuntu1~16.04.4 (Accepted)

2019-07-08 Thread Mike Salvatore
docker.io (18.09.7-0ubuntu1~16.04.4) xenial-security; urgency=medium * No change rebuild for the -security pocket docker.io (18.09.7-0ubuntu1~16.04.1) xenial; urgency=medium * Backport to 16.04 (LP: #1834690). * Version dependency on containerd. * Revert "Let dh_systemd install .service

[ubuntu/xenial-security] runc 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4 (Accepted)

2019-07-08 Thread Mike Salvatore
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4) xenial-security; urgency=medium * No change rebuild for the -security pocket runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.3) xenial; urgency=medium * Correct build dependencies on s390x. * Fix build on powerc (need to check

[ubuntu/xenial-updates] libvirt 1.3.1-1ubuntu10.27 (Accepted)

2019-07-08 Thread Ubuntu Archive Robot
libvirt (1.3.1-1ubuntu10.27) xenial-security; urgency=medium * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for read-only connection - debian/patches/CVE-2019-10161.patch: add check to src/libvirt-domain.c, src/qemu/qemu_driver.c,

[ubuntu/xenial-security] libvirt 1.3.1-1ubuntu10.27 (Accepted)

2019-07-08 Thread Marc Deslauriers
libvirt (1.3.1-1ubuntu10.27) xenial-security; urgency=medium * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for read-only connection - debian/patches/CVE-2019-10161.patch: add check to src/libvirt-domain.c, src/qemu/qemu_driver.c,

[ubuntu/xenial-updates] friendly-recovery 0.2.31ubuntu2.1 (Accepted)

2019-07-08 Thread Ɓukasz Zemczak
friendly-recovery (0.2.31ubuntu2.1) xenial; urgency=medium [ Steven Clarkson ] * lib/systemd/system-generators/friendly-recovery: Symlink default.target to earlydir instead of normaldir to be able to access recovery mode even if default target has been set via systemctl