[ubuntu/xenial-security] whoopsie 0.2.52.5ubuntu0.2 (Accepted)

: ensure bson objects are not bigger than INT_MAX. - CVE-2019-11484 Date: 2019-10-28 10:08:14.861684+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: Evan Signed-By: Alex Murray https://launchpad.net/ubuntu/+source/whoopsie/0.2.52.5ubuntu0.2 Sorry, changesfile not available.-- Xenial

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.20 (Accepted)

) - data/apport, apport/report.py, apport/ui.py: only access or open /proc/[pid] through a file descriptor for that directory. - CVE-2019-15790 Date: 2019-10-30 04:37:15.163428+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: Martin Pitt Signed-By: Alex Murray https://launchpad.net

[ubuntu/xenial-security] whoopsie 0.2.52.5ubuntu0.4 (Accepted)

+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: Evan Signed-By: Alex Murray https://launchpad.net/ubuntu/+source/whoopsie/0.2.52.5ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.21 (Accepted)

: 2019-11-05 04:28:17.357120+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: Martin Pitt Signed-By: Alex Murray https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.21 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or

[ubuntu/xenial-security] amd64-microcode 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2 (Accepted)

amd64-microcode (3.20191021.1+really3.20180524.1~ubuntu0.16.04.2) xenial-security; urgency=medium * Revert to 3.20180524.1 version of microcode because of regressions on certain hardware. (LP: #1853614) Date: 2019-11-25 20:02:15.219337+00:00 Changed-By: Marc Deslauriers Signed-By: Alex

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.22 (Accepted)

d64 and ppc64el. (LP: #1766740) Date: 2020-03-11 10:52:27.696222+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: Martin Pitt Signed-By: Alex Murray https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.22 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lis

[ubuntu/xenial-security] glib2.0 2.48.2-0ubuntu4.6 (Accepted)

breaking ibus for Qt applications (LP: #1844853). Date: 2020-03-24 02:40:20.121682+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.6 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe

[ubuntu/xenial-security] ibus 1.5.11-1ubuntu2.4 (Accepted)

add access control to the DBus server socket - CVE-2019-14822 * Add breaks for older libglib2.0-0 releases which do not contain the GDBusServer fix for Qt applications Date: 2020-03-24 00:23:14.504502+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/ibus/1.5.11

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.23 (Accepted)

users can not cause Apport to change the ownership of other files via a symlink attack. - CVE-2020-8833 Date: 2020-03-27 07:00:19.529151+00:00 Changed-By: Alex Murray Maintainer: Martin Pitt https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.23 Sorry, changesfile not

[ubuntu/xenial-security] apt 1.2.32ubuntu0.1 (Accepted)

ats script hook point (LP: #1815760) * Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761) Date: 2020-05-13 13:16:15.047351+00:00 Changed-By: Julian Andres Klode Signed-By: Alex Murray https://launchpad.net/ubuntu/+source/apt/1.2.32ubuntu0.1 Sorry, changesfile not

[ubuntu/xenial-security] glib-networking 2.48.2-1~ubuntu16.04.2 (Accepted)

from upstream. - CVE-2020-13645 Date: 2020-06-25 06:47:23.213023+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/glib-networking/2.48.2-1~ubuntu16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or

[ubuntu/xenial-security] libseccomp 2.4.3-1ubuntu3.16.04.2 (Accepted)

is now upstream - LP: #1876055 * Add missing aarch64 system calls - d/p/fix-aarch64-syscalls.patch - LP: #1877633 * Re-enable build failure on unit test failure Date: 2020-06-02 07:28:55.932200+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/libseccomp

[ubuntu/xenial-security] freetype 2.6.1-0.1ubuntu2.5 (Accepted)

Load_SBit_Png. Based on upstream patch. - CVE-2020-15999 Date: 2020-10-20 04:04:24.603479+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/freetype/2.6.1-0.1ubuntu2.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or

[ubuntu/xenial-security] intel-microcode 3.20201110.0ubuntu0.16.04.1 (Accepted)

initramfs-tools. Date: 2020-11-11 02:01:44.958912+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https

[ubuntu/xenial-security] intel-microcode 3.20201110.0ubuntu0.16.04.2 (Accepted)

intel-microcode (3.20201110.0ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY REGRESSION: Some CPUs in the Tiger Lake family sig=0x806c1 fail to boot (LP: #1903883) - remove 06-8c-01/0x000806c1 microcode Date: 2020-11-11 23:55:16.634837+00:00 Changed-By: Alex Murray https

[ubuntu/xenial-security] gnupg 1.4.20-1ubuntu3.3 (Accepted)

:08:17.468128+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/gnupg/1.4.20-1ubuntu3.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] znc 1.6.3-1ubuntu0.1 (Accepted)

traversal components in skin names to ensure path traversal is not possible. Based on upstream patch. - CVE-2018-14056 Date: 2018-08-03 05:08:39.022036+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/znc/1.6.3-1ubuntu0.1 Sorry, changesfile not available.-- Xenial

[ubuntu/xenial-security] vim-syntastic 3.7.0-1+deb9u2build0.16.04.1 (Accepted)

vim-syntastic (3.7.0-1+deb9u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian Date: 2018-08-10 00:53:12.263208+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/vim-syntastic/3.7.0-1+deb9u2build0.16.04.1 Sorry, changesfile not available.-- Xenial

[ubuntu/xenial-security] libmspack 0.5-1ubuntu0.16.04.3 (Accepted)

: Ensure input buffer is large enough in cab.h - CVE-2018-18584 Date: 2018-11-12 03:39:12.025679+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.16.04.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes

[ubuntu/xenial-security] libraw 0.17.1-1ubuntu0.4 (Accepted)

-2018-5815.patch: integer overflow in internal/dcraw_common.cpp - CVE-2018-5815 * SECURITY UPDATE: Divide by zero - debian/patches/CVE-2018-5816.patch: divide by zero in internal/dcraw_common.cpp - CVE-2018-5816 Date: 2018-12-06 01:32:12.143813+00:00 Changed-By: Alex Murray

[ubuntu/xenial-security] freerdp 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 (Accepted)

Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] evolution-data-server 3.18.5-1ubuntu1.2 (Accepted)

:14.365200+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial

[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.19 (Accepted)

and open the file in a single operation, instead of using access() before reading the file which could be abused by a symlink to cause Apport to read and embed an arbitrary file in the resulting crash dump. - CVE-2019-7307 Date: 2019-07-04 06:07:14.079469+00:00 Changed-By: Alex

[ubuntu/xenial-security] whoopsie 0.2.52.5ubuntu0.1 (Accepted)

- CVE-2019-11476 Date: 2019-07-05 07:42:38.503518+00:00 Changed-By: Alex Murray Maintainer: Evan https://launchpad.net/ubuntu/+source/whoopsie/0.2.52.5ubuntu0.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at:

[ubuntu/xenial-security] cups 2.1.3-4ubuntu0.10 (Accepted)

handling of MaxJobTime 0 (LP: #1804576) Date: 2019-08-20 00:30:13.441679+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.10 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at

[ubuntu/xenial-security] exim4 4.86.2-2ubuntu2.5 (Accepted)

exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium * SECURITY UPDATE: remote command execution - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\' before '\0' in src/string.c - CVE-2019-15846 Date: 2019-09-05 05:42:14.095608+00:00 Cha

[ubuntu/xenial-security] curl 7.47.0-1ubuntu2.14 (Accepted)

size in lib/tftp.c - CVE-2019-5482 Date: 2019-09-10 13:02:14.197305+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.14 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at

[ubuntu/xenial-security] ibus 1.5.11-1ubuntu2.2 (Accepted)

control to the DBus server socket - CVE-2019-14822 Date: 2019-09-12 03:11:21.466689+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/ibus/1.5.11-1ubuntu2.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or

[ubuntu/xenial-security] snapd 2.48.3 (Accepted)

snapd (2.48.3) xenial-security; urgency=medium * SECURITY UPDATE: sandbox escape vulnerability for containers (LP: #1910456) - many: add Delegate=true to generated systemd units for special interfaces - interfaces/greengrass-support: back-port interface changes to 2.48

[ubuntu/xenial-proposed] libseccomp 2.5.1-1ubuntu1~16.04.1 (Accepted)

to Build-Depends as this is now required by upstream - debian/libseccomp2.symbols: Added new symbols * Add system call headers for powerpc required for backport to xenial - d/p/add-5.8-powerpc-syscall-headers.patch Date: Mon, 01 Mar 2021 13:50:00 +1030 Changed-By: Alex Murray

[ubuntu/xenial-security] intel-microcode 3.20210216.0ubuntu0.16.04.1 (Accepted)

-2020-8698 Fast forward store predictor, INTEL-TA-00381 Date: 2021-05-14 08:13:19.180896+00:00 Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/intel-microcode/3.20210216.0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com

[ubuntu/xenial-security] apparmor 2.10.95-0ubuntu2.12 (Accepted)

Changed-By: Alex Murray https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.12 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes