[Bug 1459692] Re: [MIR] anope

[Eduardo dos Santos Barretto]

** Changed in: anope (Ubuntu)
 Assignee: Ubuntu Security Team (ubuntu-security) => Eduardo dos Santos 
Barretto (ebarretto)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1459692

Title:
  [MIR] anope

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/anope/+bug/1459692/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1806307] Re: package python-requests 2.18.4-2 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806307

Title:
  package python-requests 2.18.4-2 failed to install/upgrade: package is
  in a very bad inconsistent state; you should  reinstall it before
  attempting configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/1806307/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1806285] Re: Dock is visible on lock screen

[Eduardo dos Santos Barretto]

*** This bug is a duplicate of bug 1769383 ***
https://bugs.launchpad.net/bugs/1769383

Thank you for taking the time to report this bug and helping to make
Ubuntu better. This particular bug has already been reported and is a
duplicate of bug 1769383, so it is being marked as such and marked as
public-security. Please continue to report any other bugs you may find.

** Information type changed from Private Security to Public Security

** This bug has been marked a duplicate of bug 1769383
   Ubuntu dock/launcher is shown on the lock screen

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806285

Title:
  Dock is visible on lock screen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1806285/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1806142] Re: plantage Grub

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806142

Title:
  plantage Grub

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1806142/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805614] Re: screensaver crashed on wake up

[Eduardo dos Santos Barretto]

*** This bug is a duplicate of bug 1769383 ***
https://bugs.launchpad.net/bugs/1769383

Thank you for taking the time to report this bug and helping to make
Ubuntu better. This particular bug has already been reported and is a
duplicate of bug 1769383, so it is being marked as such. Please look at
the other bug report to see if there is any missing information that you
can provide, or to see if there is a workaround for the bug.
Additionally, any further discussion regarding the bug should occur in
the other report. Please continue to report any other bugs you may find

** Information type changed from Private Security to Public Security

** This bug has been marked a duplicate of bug 1769383
   Ubuntu dock/launcher is shown on the lock screen

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805614

Title:
  screensaver crashed on wake up

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1805614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1804949]

[Eduardo dos Santos Barretto]

*** This bug is a duplicate of bug 1769383 ***
https://bugs.launchpad.net/bugs/1769383

Thank you for taking the time to report this bug and helping to make
Ubuntu better. This particular bug has already been reported and is a
duplicate of bug 1769383, so it is being marked as such. Please look at
the other bug report to see if there is any missing information that you
can provide, or to see if there is a workaround for the bug.
Additionally, any further discussion regarding the bug should occur in
the other report. Please continue to report any other bugs you may find

** This bug has been marked a duplicate of bug 1769383
   Ubuntu dock/launcher is shown on the lock screen

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1804949

Title:
  Screen locking issue data leak~

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1804949/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1806526] Re: [HDA-Intel - HDA Intel PCH, playback] No sound at all

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806526

Title:
  [HDA-Intel - HDA Intel PCH, playback] No sound at all

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1806526/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802653] Re: [HDA-Intel - HDA ATI HDMI, playback] No sound at all

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802653

Title:
  [HDA-Intel - HDA ATI HDMI, playback] No sound at all

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1802653/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1770655]

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770655

Title:
  nodejs is at 8.10 while 8.11 is a security release.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1770655/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1770655]

[Eduardo dos Santos Barretto]

Sorry, for the duplicate message as sarnold already mentioned. Please
ignore it.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770655

Title:
  nodejs is at 8.10 while 8.11 is a security release.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1770655/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1806747]

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Tags added: community-security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806747

Title:
  November 2018 Security Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1806747/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1806687] Re: package ca-certificates 20180409 failed to install/upgrade: installed ca-certificates package post-installation script subprocess returned error exit status 23

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806687

Title:
  package ca-certificates 20180409 failed to install/upgrade: installed
  ca-certificates package post-installation script subprocess returned
  error exit status 23

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1806687/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805715] Re: password exposed in calculator input box

[Eduardo dos Santos Barretto]

Hi Peter,
are you still experiencing this issue?


** Changed in: gnome-screensaver (Ubuntu)
   Status: New => Invalid

** Changed in: gnome-screensaver (Ubuntu)
   Status: Invalid => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1805715

Title:
  password exposed in calculator input box

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1805715/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1205384] Re: Lock can be circumvented by switching to console

[Eduardo dos Santos Barretto]

Hi smurfendrek,

Please check jarnos comment #89, you need to use light-locker, using dm-tool 
for lock is not recommended.
You could also try with other screen lockers program.
Also this is an old bug, if you are still experiencing the problem, please open 
a new bug.
I am unsubscribing the security team from this ticket.
If needed please subscribe it again.

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1205384

Title:
  Lock can be circumvented by switching to console

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxde/+bug/1205384/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805715]

[Eduardo dos Santos Barretto]

Daniel, since you are dealing with many reports on
screensavers/screenlockers, have you seen this before?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1805715

Title:
  password exposed in calculator input box

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1805715/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Hi shaochieh.chiang,

Thanks for getting back to me.

I still need more information, how many services, processes and so on are you 
monitoring? 
Can you share your monitrc configuration? 

Your log also contain errors from nginx ... have you tried to solve
them?

I'm still not convinced that your problem is related to the "restart
all" problem reported here.

The "cannot parse response" error message comes from util.c:2072
(Util_parseMonitHttpResponse) and it comes up when the HTTP response is
larger than 300 ... so a 404 (not found) or any other error response
code could end up generating the "cannot parse response".

So I believe that there's some problem between your monit and nginx.

Since you are the only person reporting this problem so far, I also would like 
you to send the information directly to my email (you can get from my launchpad 
profile), as I am considering your problem as a different problem, not related 
to the main topic here.
And I don't want people to get confused by our discussion.

As soon as we get more information, we can open a new bug ticket here in
launchpad to track your issue, or update this one if there's any
relation.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1797858] Re: Bug in Ubuntu 18.10 Cosmic Cuttlefish development branch

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797858

Title:
  Bug in Ubuntu 18.10 Cosmic Cuttlefish development branch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-7/+bug/1797858/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1797898] Re: evebody

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797898

Title:
  evebody

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1797898/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1797785] Re: heap buffer overflow in ft_font_face_hash of gxps-fonts.c CVE-2018-10733

[Eduardo dos Santos Barretto]

** Changed in: libgxps (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797785

Title:
  heap buffer overflow in ft_font_face_hash of gxps-fonts.c
  CVE-2018-10733

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgxps/+bug/1797785/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1797707] Re: system friert ständig ein, 18.04.1

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797707

Title:
  system friert ständig ein, 18.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1797707/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1795039] Re: сбой ри обновлении

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1795039

Title:
  сбой ри обновлении

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1795039/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1795395] Re: plymouthd crashed with SIGSEGV in ply_keyboard_stop_watching_for_renderer_input()

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1795395

Title:
  plymouthd crashed with SIGSEGV in
  ply_keyboard_stop_watching_for_renderer_input()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1795395/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1795006] Re: package libxslt1.1:amd64 1.1.28-2.1 failed to install/upgrade: package libxslt1.1:amd64 is not ready for configuration cannot configure (current status 'half-installed')

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1795006

Title:
  package libxslt1.1:amd64 1.1.28-2.1 failed to install/upgrade: package
  libxslt1.1:amd64 is not ready for configuration  cannot configure
  (current status 'half-installed')

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxslt/+bug/1795006/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1794981] Re: package libtidy5 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libtidy.so.5', which is also in package tidy 5.4.0

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794981

Title:
  package libtidy5 (not installed) failed to install/upgrade: trying to
  overwrite '/usr/lib/libtidy.so.5', which is also in package tidy 5.4.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tidy-html5/+bug/1794981/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1794592] Re: Can't upgrade ubuntu 16.04 up to 18.04

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794592

Title:
  Can't upgrade ubuntu 16.04 up to 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1794592/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1794566] Re: package gnome-accessibility-themes 3.18.0-2ubuntu2 failed to install/upgrade: unable to open '/usr/share/icons/HighContrast/16x16/status/dialog-warning.png.dpkg-new': Operation not p

[Eduardo dos Santos Barretto]

*** This bug is a duplicate of bug 1794565 ***
https://bugs.launchpad.net/bugs/1794565

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794566

Title:
  package gnome-accessibility-themes 3.18.0-2ubuntu2 failed to
  install/upgrade: unable to open
  '/usr/share/icons/HighContrast/16x16/status/dialog-warning.png.dpkg-
  new': Operation not permitted

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-themes-standard/+bug/1794566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1791397] Re: Bug

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1791397

Title:
  Bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1791397/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790256] Re: 1 Crash Annotation GraphicsCriticalError

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790256

Title:
  1 Crash Annotation GraphicsCriticalError

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1790256/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790257] Re: sudo update issue

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790257

Title:
  sudo update issue

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1790257/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1798487] Re: ubuntu

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798487

Title:
  ubuntu

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1798487/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1794999]

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu better.
I took a look at your patch and I don't think it is the best solution. As far 
as I can tell, the problem is actually caused because of toolchain (gcc) 
version in bionic. I've tried to build the same version of pam-python on Xenial 
and it worked. So changing the logic, like your patch does, will probably break 
something else during execution or bring up other problems.
Also checking the build of pam-python with gcc8 brings up more errors during 
build, besides the one you mentioned. So the project needs an update.
Have you tried to contact upstream maintainer?
http://pam-python.sourceforge.net/
It seems like the project is not being developed anymore, so it might be 
difficult to get an answer, but worth a try.
Let me know if you have problems in contacting upstream maintainer.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794999

Title:
  wrong null pointer check

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1794999/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1794999] Re: wrong null pointer check

[Eduardo dos Santos Barretto]

So I took another look at the patch and the current code and maybe I was too 
hard in my response.
The current code is wrong as it will still make the string comparison even if 
dot is null. So the patch fixes this problem and should be proposed to upstream.

As I mentioned the package also has other warnings that make the build fail 
(because of -Werror) with gcc8, if you also want to get this fixed and send to 
upstream here is a log file that shows all the failures found so far (if you 
get them fixed, maybe other errors/warnings might come up):
https://launchpadlibrarian.net/367623423/buildlog_ubuntu-bionic-amd64.pam-python_1.0.6-1_BUILDING.txt.gz

Let me know if you have problems to access the build log.

If upstream doesn't respond we can discuss about shipping the patch with
the package.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794999

Title:
  wrong null pointer check

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1794999/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1798768] Re: package libvamp-hostsdk3v5:amd64 2.7.1~repack0-1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798768

Title:
  package libvamp-hostsdk3v5:amd64 2.7.1~repack0-1 failed to
  install/upgrade: package is in a very bad inconsistent state; you
  should  reinstall it before attempting configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vamp-plugin-sdk/+bug/1798768/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1798723] Re: package libvdpau1 (not installed) failed to install/upgrade: 尝试覆盖共享的 '/etc/vdpau_wrapper.cfg', 它与软件包 libvdpau1:amd64 中的其他实例不同

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798723

Title:
  package libvdpau1 (not installed) failed to install/upgrade: 尝试覆盖共享的
  '/etc/vdpau_wrapper.cfg', 它与软件包 libvdpau1:amd64 中的其他实例不同

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvdpau/+bug/1798723/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799990] Re: tomcat7 doesn't start after upgrade to 7.0.68-1ubuntu0.3

[Eduardo dos Santos Barretto]

Thank you all for reporting the issue and sorry that it affected you.
I'm already working on the fix and will let you know here if you can also test 
it before we publish it in the repository.
>From what I've looked this is a Xenial issue only, so I am marking Trusty as 
>Invalid.


** Changed in: tomcat7 (Ubuntu Trusty)
   Status: Confirmed => Invalid

** Changed in: tomcat7 (Ubuntu Xenial)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/170

Title:
  tomcat7 doesn't start after upgrade to 7.0.68-1ubuntu0.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/170/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1794999] Re: wrong null pointer check

[Eduardo dos Santos Barretto]

So I've talked to upstream and Russel mentioned that a new version is coming 
next year.
For more information:
https://sourceforge.net/p/pam-python/tickets/5/

** Changed in: pam-python (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794999

Title:
  wrong null pointer check

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1794999/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799990] Re: tomcat7 doesn't start after upgrade to 7.0.68-1ubuntu0.3

[Eduardo dos Santos Barretto]

Can anyone test the tomcat7 built here: 
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

My tests were successful but I would appreciate more feedback about it.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/170

Title:
  tomcat7 doesn't start after upgrade to 7.0.68-1ubuntu0.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/170/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799990] Re: tomcat7 doesn't start after upgrade to 7.0.68-1ubuntu0.3

[Eduardo dos Santos Barretto]

Thanks SWick!

Tomcat7 with the fix published, should reach in the repositories in a
few minutes.

Thanks for all the feedback and in case of problems just let us know!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/170

Title:
  tomcat7 doesn't start after upgrade to 7.0.68-1ubuntu0.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/170/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Thanks for testing the package and giving feedback! 
I really appreciate it.

So based on your feedback and on my tests, we just released monit 
1:5.16-2ubuntu0.2 to the repository.
It should be available for upgrade in a few minutes depending on the mirrors.

If you encounter any problems, please do report and add me to the
ticket.

Thanks again!

** Changed in: monit (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Hi shaochieh.chiang,

I appreciate you taking the time to report it and helping make Ubuntu
better.

My tests didn't give the "cannot parse response", and from the feedback
received above, it appears that no one faced this so far.

So could you give more information? 
Which are the steps to reproduce the message you see?
How easy can you reproduce it? 

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Hi shaochieh.chiang,

Could you try to downgrade the package version as below:
sudo apt-get install monit=1:5.16-2

And see if you can reproduce the error?

I've also found this on monit bug tracker:
https://bitbucket.org/tildeslash/monit/issues/327

It might be related to what you're facing.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Thanks for reporting this bug and helping make Ubuntu better.
 
I'm sorry this affected you all.

I would like you to ask the reporter and all the involved people in the
thread to always include the last person listed as Maintainer for the
package (you can check this in the debian/changelog) in the bug tickets,
otherwise the tickets might never get the attention of those responsible
for it and we want to support you all.

Thanks Nye Liu for adding me to the ticket!

As you may know packages in Universe are community based and we're
trying to give them security updates from time to time. Regressions may
happen from time to time, and this was the case here.

Updating to upstream is not always an option as there might be ABI and
API changes.

For now the temporary solution (and every time you find a problem in a
package) is to downgrade the package.

I will be taking a look at it from now on and will release an update as
soon as possible.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

** Changed in: monit (Ubuntu)
 Assignee: (unassigned) => Eduardo dos Santos Barretto (ebarretto)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Has anyone seen the same problem in Trusty (Ubuntu 14.04)?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1786910] Re: Latest patch breaks command line 'restart all'

[Eduardo dos Santos Barretto]

Thanks to Carlos Peñas for proposing the fix.

Can anyone test the new version?
You can download it from here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

This new version if approved will be released on Monday, as we don't
want to release today and not having anyone during the weekend to
respond in case of a problem.

Thanks!

** Changed in: monit (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910

Title:
  Latest patch breaks command line 'restart all'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1824679] Re: package phpmyadmin 4:4.5.4.1-2ubuntu2.1 failed to install/upgrade: подпроцесс установлен сценарий post-removal возвратил код ошибки 10

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824679

Title:
  package phpmyadmin 4:4.5.4.1-2ubuntu2.1 failed to install/upgrade:
  подпроцесс установлен сценарий post-removal возвратил код ошибки 10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/1824679/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1824678] Re: package libqt5svg5:amd64 5.11.1-2 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824678

Title:
  package libqt5svg5:amd64 5.11.1-2 failed to install/upgrade: package
  is in a very bad inconsistent state; you should  reinstall it before
  attempting configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtsvg-opensource-src/+bug/1824678/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1824604] Re: how to install ubuntu on predator helios

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824604

Title:
  how to install ubuntu on predator helios

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1824604/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1824817] Re: Security breach with CRTL+ALT+F7

[Eduardo dos Santos Barretto]

*** This bug is a duplicate of bug 1806961 ***
https://bugs.launchpad.net/bugs/1806961

** This bug has been marked a duplicate of bug 1806961
   Lock can be circumvented by switching tty when using lightdm

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824817

Title:
  Security breach with CRTL+ALT+F7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1824817/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1824530] Re: Heap Buffer Overflow in UzpPassword

[Eduardo dos Santos Barretto]

** Changed in: unzip (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1824530

Title:
  Heap Buffer Overflow in UzpPassword

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1824530/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1821957] Re: Turning off a monitor unlocks the computer

[Eduardo dos Santos Barretto]

** Information type changed from Private Security to Public Security

** Changed in: ubuntubudgie
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1821957

Title:
  Turning off a monitor unlocks the computer

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntubudgie/+bug/1821957/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1852367] Re: [MIR] mysql-router (mysql-8.0)

[Eduardo dos Santos Barretto]

I reviewed mysql-router 8.0.19-0ubuntu2 as checked into focal (when this review
started). This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

mysql-router is a binary package from mysql-8.0 that is responsible for routing
connections from MySQL clients to MySQL servers. As mentioned previously, only
mysql-router is missing in main from mysql-8.0 source package.

- No CVE History:
- Build-Depends
  - libc6 (>= 2.28)
  - libevent-core-2.1-7 (>= 2.1.8-stable)
  - libevent-extra-2.7-7 (>= 2.1.8-stable)
  - libevent-openssl-2.7-7 (>= 2.1.8-stable)
  - libgcc1
  - liblz4-1
  - libssl1.1
  - libstdc++6
  - zlib1g
- No pre/post rm and pre/post inst scripts.
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- binaries in PATH
  - /usr/bin/mysqlrouter
  - /usr/bin/mysqlrouter_keyring
  - /usr/bin/mysqlrouter_passwd
  - /usr/bin/mysqlrouter_plugin_info
- No sudo fragments
- No polkit files
- No udev rules
- unit tests / autopkgtests
  - As mentioned previously, router has its own test section in the code at
router/tests, but it's not available during build or in autopkgtest.
- No cron jobs
- Build logs:
  - Apparently no relevant issues on router build log.


- Processes spawned
  - Some bash scripts are created on router. We don't like the sudo commands but
it looks unlikely to be used in an automated way:
- router/src/router/src/config_generator.cc:2781
  - router/src/http/src/posix_re.h:173: Posix extended regular expressions.
 C++11 has std::regex, by gcc-4.x throws exceptions when it it used. Instead
 mysql-router implements a subset of std::regex. It looks like they didn't
 try to recreate the wheel on this, so looks fine.
  - router/src/harness/src/utilities-posix.cc:49
  - router/src/harness/src/process_launcher.cc:448
  - router/src/harness/src/hostname_validator.cc:51
  - All above look fine
- Memory management
  - Lots of memory management, hard to say just by looking if anything is
wrong, so will dig into it during cppcheck.
- File IO
  - Lots of file IO, but looks ok.
- Logging
  - router/src/json_schema_embedder/json_schema_embedder.cc: logs to in_filename
and out_filename that the user passed as argument.
  - the rest of the code seems to be covered by mysql-router logging feature
e.g.: 
https://dev.mysql.com/doc/mysql-router/8.0/en/mysql-router-server-logging.html
- Environment variable usage
  - router uses some environment variables in its tests.
  - other than that:
   - router/src/router/src/router_app.cc:117:std::string 
path(std::getenv("PATH"));
   - router/src/router/src/router_app.cc:585:  auto pid_file_env = 
std::getenv("ROUTER_PID");
   - router/src/router/src/config_generator.cc:1761:std::string 
path(std::getenv("PATH"));
   - router/src/router/src/common/mysql_session.cc:290:
getenv("MYSQL_ROUTER_RECORD_MOCK") ? getenv("MYSQL_ROUTER_RECORD_MOCK")
   - router/src/router/src/common/mysql_session.cc:297:const char *outfile 
= std::getenv("MYSQL_ROUTER_RECORD_MOCK");
   - router/src/router/src/keyring_info.cc:179:  err_code = 
::setenv("ROUTER_ID", std::to_string(router_id).c_str(), 1);
   - router/src/router/src/utils.cc:215:  const char *env_var_value = 
std::getenv(env_var.c_str());
   - router/src/mock_server/src/duk_module_shim.c:231:static duk_ret_t 
node_process_getenv(duk_context *ctx) {
   - router/src/mock_server/src/duk_module_shim.c:232:  duk_push_string(ctx, 
getenv(duk_require_string(ctx, 0)));
   - router/src/mock_server/src/duk_module_shim.c:325:  
"process.getenv(key);}}); }")) {
   - seem ok to me.
- Use of privileged functions
  - router/src/routing/src/mysql_routing.cc:477 - chmod 777 to a socket file, it
is not clear to me if that can be a problem, but some comments in the code
say this permission is to mimic what mysql server does.
  - router/src/harness/src/filesystem.cc:649: runs chmod on top of a file with
the permissions passed to the function.
  - router/src/harness/src/filesystem.cc:661: chmod 777, used to make file
public, so it will be really public.
  - router/src/harness/src/filesystem.cc:677: chmod 600, used to make file
private.
  - router/src/harness/src/tty.c:163: ioctl used to fill the winsize structure
with the screen width and height.
  - router/src/router/src/config_generator.cc:2741: chmod 700 to script file.
- Use of cryptography / random number sources etc
  - To communicate with MySQL metadata server when ssl_mode is set.
- Use of temp files
  - overall looks safe
  - router/src/router/src/config_generatior.cc:584: set socketsdir to /tmp if 
user didn't specify one
  - router/src/router/src/utils.cc:100
- Use of networking
  - plenty of use of networking as one should expect.
  - It looks ok enough, going in-depth will be overkill.
- No use of WebKit
- No use of PolicyKit

- cppcheck results
  - plenty of warnings in testing code, ignoring it. Some warnings on
uni

[Bug 1864379] Re: plasma-discover crashed with SIGABRT in raise()

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Your bug report is more likely to get attention if it is made in
English, since this is the language understood by the majority of Ubuntu
developers.  Additionally, please only mark a bug as "security" if it
shows evidence of allowing attackers to cross privilege boundaries or to
directly cause loss of data/privacy. Please feel free to report any
other bugs you may find.

** Information type changed from Private Security to Public

** Changed in: plasma-discover (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864379

Title:
  plasma-discover crashed with SIGABRT in raise()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-discover/+bug/1864379/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862555]

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Tags added: community-security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862555

Title:
  Filezilla outdated version

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/filezilla/+bug/1862555/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862488] Re: clementine crashed with SIGSEGV in gst_element_set_state()

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862488

Title:
  clementine crashed with SIGSEGV in gst_element_set_state()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clementine/+bug/1862488/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856698] Re: I can see the password as I type into the password field after I reboot my PC

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856698

Title:
  I can see the password as I type into the password field after I
  reboot my PC

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1856698/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856922] Re: Ubuntu One Cannot Sign in. downloaded Installerfetch, Security

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856922

Title:
  Ubuntu One Cannot Sign in. downloaded Installerfetch, Security

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1856922/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856459]

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Tags added: community-security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856459

Title:
  Update FFmpeg to 3.4.7 in Bionic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1856459/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1864979] Re: Ubuntu Re-installation Aborted

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864979

Title:
  Ubuntu Re-installation Aborted

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1864979/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1819761] Re: [MIR] containerd

[Eduardo dos Santos Barretto]

I reviewed containerd 1.3.1-0ubuntu1 as checked into focal. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.

containerd is a daemon that manages the complete container lifecycle of its
host system. Containerd controls runc.

- No CVE History:
- Build-Depends
 - debhelper (>= 9)
 - go-md2man
 - golang-go (>= 2:1.10~)
 - golang-race-detector-runtime
 - libbtrfs-dev | btrfs-progs (<< 4.16.1~)
 - libseccomp-dev
 - pkg-config
- pre/post rm and postinst scripts added automatically
- No init scripts
- systemd units
  - containerd.service - add overlay module to kernel and runs
/usr/bin/containerd. Also sets some limits on number of processes,
number of cores and files.
- No dbus services
- No setuid binaries
- binaries in PATH
  - /usr/bin/containerd
  - /usr/bin/containerd-shim
  - /usr/bin/containerd-shim-runc-v1
  - /usr/bin/containerd-shim-runc-v2
  - /usr/bin/containerd-stress
  - /usr/bin/ctr
- No sudo fragments
- No polkit files
- No udev rules
- unit tests / autopkgtests
  - different tests are available in the source code
   - imake test (run automatically during build): non-integration tests
   - make root-test: non-integration tests (requires root)
   - make integration: run all tests, including integration tests (requires 
root)
  - also autopkgtest available (basic smoke DEP8 test)
   - http://autopkgtest.ubuntu.com/packages/containerd 
- No cron jobs
- Build logs:
  - No compilation errors or warnings.
  - E: Lintian run failed (policy violation)
Lintian: fail


- Processes spawned
  - in pkg/process/ it implements its own way of Exec'ing processes
  - nsexec.c and cloned_binary.c: from runc, we commented about this function in
runc MIR, nothing new.
  - vendor/github.com/containerd/go-runc/runc.go: Execute process inside the
container.
- Memory management
  - Only in vendored code.
- File IO
  - Some File IO in archive/tar*.go, looks ok.
  - Other File IO are mostly done in vendored code.
- Logging
  - uses logrus for logging, much like runc.
- Environment variable usage
  - only in vendored code.
- Use of privileged functions
  - setuid, setgid and setresuid from runc code.
  - Lchown used in some places to change the uid and gid of the named file.
- No use of cryptography / random number sources etc
- Use of temp files mainly in test code.
- Use of networking
  - Only found something on:
- runtime/v1/shim/client/client.go
- runtime/v2/shim/publisher.go
- cmd/containerd/command/publish.go
- client.go
- looks ok
- No use of WebKit
- No use of PolicyKit

- Coverity results
  - We end up finding a possible bug, we are working with upstream to get it 
investigated.

Security team ACK for promoting containerd to main.

Unassigning the Security Team.

** Changed in: containerd (Ubuntu)
 Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1819761

Title:
  [MIR] containerd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1819761/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1819912] Re: CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration

[Eduardo dos Santos Barretto]

Thanks Etienne,

Updated version was released for trusty, xenial, bionic and cosmic.

Thanks again for the testing and for providing the debdiffs.

Any problems just let us know.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1819912

Title:
  CVE-2019-9628 XML parser class fails to trap exceptions on malformed
  XML declaration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1813837] Re: Multiple vulnerabilities affecting 4.5.0.7

[Eduardo dos Santos Barretto]

** Information type changed from Private Security to Public Security

** Changed in: coturn (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1813837

Title:
  Multiple vulnerabilities affecting 4.5.0.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coturn/+bug/1813837/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848076] Re: libc programme was unable to get updated

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848076

Title:
  libc programme was unable to get updated

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1848076/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1847960] Re: After returning from suspend the screen content (with all previously opened programs, like code editor) is shown for 1 second before displaying login form

[Eduardo dos Santos Barretto]

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847960

Title:
  After returning from suspend the screen content (with all previously
  opened programs, like code editor) is shown for 1 second before
  displaying login form

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1847960/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1847520] Re: 33 Upstream CVEs patched

[Eduardo dos Santos Barretto]

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847520

Title:
  33 Upstream CVEs patched

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1847520/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1847831] Re: pppp

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847831

Title:
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1847831/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1847701] Re: Buffer Overflow Write when libntlm generates NTLM request

[Eduardo dos Santos Barretto]

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847701

Title:
  Buffer Overflow Write when libntlm generates NTLM request

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libntlm/+bug/1847701/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862364] [NEW] mysql-8.0 FTBFS (focal) because of hardcoded date in test

[Eduardo dos Santos Barretto]

Public bug reported:

Just similar to bug #1859100 there is another test that just started
failing because of a date that expired.

See the snippet of build log below:


[ 51%] main.events_1w4  [ fail ]
Test ended at 2020-02-07 10:46:06

CURRENT_TEST: main.events_1
mysqltest: At line 69: Query 'ALTER EVENT event_starts_test ON SCHEDULE AT 
'2020-02-02 20:00:02'' failed.
ERROR 1589 (HY000): Event execution time is in the past and ON COMPLETION NOT 
PRESERVE is set. The event was not changed. Specify a time in the future.

The result from queries just before the failure was:
drop event if exists event1;
Warnings:
Note1305Event event1 does not exist
create event event1 on schedule every 15 minute starts now() ends 
date_add(now(), interval 5 hour) DO begin end;
alter event event1 rename to event2 enable;
alter event event2 disable;
alter event event2 enable;
alter event event2 on completion not preserve;
alter event event2 on schedule every 1 year on completion preserve rename to 
event3 comment "new comment" do begin select 1; end__
alter event event3 rename to event2;
drop event event2;
create event event2 on schedule every 2 second starts now() ends 
date_add(now(), interval 5 hour) comment "some" DO begin end;
drop event event2;
CREATE EVENT event_starts_test ON SCHEDULE EVERY 10 SECOND COMMENT "" DO SELECT 
1;
SELECT interval_field, interval_value, event_definition FROM 
information_schema.events WHERE event_name='event_starts_test';
INTERVAL_FIELD  INTERVAL_VALUE  EVENT_DEFINITION
SECOND  10  SELECT 1
SELECT execute_at IS NULL, starts IS NULL, ends IS NULL, event_comment FROM 
information_schema.events WHERE event_schema='events_test' AND 
event_name='event_starts_test';
execute_at IS NULL  starts IS NULL  ends IS NULLEVENT_COMMENT
1   0   1   
safe_process[29375]: Child process: 29376, exit: 1

 - the logfile can be found in '/<>/builddir/mysql-
test/var/log/main.events_1/events_1.log'


Doing a grep for 2020 shows some other tests that has a 2020 date, it might be 
a good idea to fix them altogether.

** Affects: mysql-8.0 (Ubuntu)
 Importance: Undecided
 Assignee: Rafael David Tinoco (rafaeldtinoco)
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862364

Title:
  mysql-8.0 FTBFS (focal) because of hardcoded date in test

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1862364/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1859100] Re: mysql-server FTBFS (focal) because of build tests

[Eduardo dos Santos Barretto]

Thanks, I will try to test or at least let the build running on xnox's
proposed mysql version.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1859100

Title:
  mysql-server FTBFS (focal) because of build tests

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1859100/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1817336] Re: [MIR] runc

[Eduardo dos Santos Barretto]

I reviewed runc 1.0.0~rc8+git20190923.3e425f80-0ubuntu1 as checked into focal.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

runc, a lightweight universal container runtime, is a CLI tool for spawning and
running containers according to the Open Container Initiative (OCI) 
specification.

The runc .deb package contains lots of vendored code. This was already discussed
in the previous comments.

- CVE History:
  - CVE-2019-19921 - Race condition on volume mounting. Not fixed yet in 
upstream.
  - CVE-2019-16884 - Apparmor bypass. Currently fixed in eoan and focal.
  - CVE-2019-5736 - mishandling of file-descriptor, related to /proc/self/exe,
may allow attacker to obtain host root access. Fixed in all active releases.
  - CVE-2016-9962 - privilege escalation allowed when opening a file-descriptor.
Fixed in all active releases.
  - CVE-2016-3697 - privilege escalation because of improperly handling of
usernames. Fixed in all active releases.
- Build-Depends
  - debhelper,
  - dh-golang,
  - go-md2man,
  - golang-any,
  - libapparmor-dev,
  - libseccomp-dev,
  - pkg-config,
  - protobuf-compiler
- No pre/post inst/rm scripts
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- binaries in PATH
  - /usr/sbin/recvtty - recvtty is a reference implementation of a consumer of
runC's --console-socket API.
  - /usr/sbin/runc - the command-line client for running containers.
- No sudo fragments
- No udev rules
- unit tests / autopkgtests
  - unit tests can be found under libcontainer/ and they test multiple
functionalities of the code. They make use of Go's unit test framework.
Unit tests are run during the package build.
  - Integrations tests provide end-to-end testing of runc, they can be found
under tests/ and under libcontainer/.
- No cron jobs
- Build logs:
  - No build errors
  - No meaningful lintian failures

- Processes spawned
  - libcontainer/nsenter/nsexec.c:276:   execve(app, argv, envp);
It try to call /proc//uid_map or /pro//gid_map
Apparently the pid is retrieved from the environment variable
_LIBCONTAINER_INITPIPE, "which was opened by the parent and kept open across
the fork-exec of the `nsexec()` init"
  - libcontainer/nsenter/cloned_binary.c:512:  fexecve(execfd, argv, environ);
Looks like it calls /proc/self/exe
- Memory management
  - A few .c file doing memory management, seems ok.
  - and a vendored secccomp code in golang doing a calloc.
- File IO
  - A few file IO in the C code of libcontainer, looks ok.
- Logging
  - make use of the errors package in some places.
  - but mostly uses logrus (vendored code)
- Environment variable usage
  - _LIBCONTAINER_INITPIPE
  - CLONED_BINARY_ENV
  - _LIBCONTAINER_STATEDIR
- Use of privileged functions
  - Seth took a look on those and the only relevant finding was reported here:
https://github.com/opencontainers/runc/issues/2214
  - Nothing troublesome.
- Use of cryptography / random number sources:
  - Vendored godbus has a sha1 auth implementation. 
- Use of temp files
  - Some tests make use of /tmp and libcontainer uses /tmp when it wants to
mount rootfs on tmpfs and also while cloning binaries.
- Use of networking
  - you can pass an AF_UNIX socket to runc so you can have a detached terminal.
  - nsexec also creates socket to make communication between parent and child
process.
- No use of WebKit
- No use of PolicyKit

- Coverity issues:
 - 6 Issues listed by Coverity, all of them in vendored code.
 - 4 issues related to null pointer dereference
 - 1 issue of sha1 used in vendored godbus code
 - 1 issue related to unchecked return value
  

Security team ACK for promoting runc to main.

** Bug watch added: github.com/opencontainers/runc/issues #2214
   https://github.com/opencontainers/runc/issues/2214

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3697

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9962

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16884

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19921

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5736

** Changed in: runc (Ubuntu)
 Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817336

Title:
  [MIR] runc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/runc/+bug/1817336/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1855768] Re: Ubuntu-security CVE-2019-18224 web page shows incorrect info about libidn2-0 status

[Eduardo dos Santos Barretto]

Hi Srdjan,

Thanks for taking the time to report this issue and help making Ubuntu
better.

The USN you mentioned, applied the fix to the source package libidn2 
(https://packages.ubuntu.com/source/bionic/libidn2)
You can see on the mentioned page that this source package generates multiple 
binary packages, including: idn2 and libidn2-0. So, on the USN page that you 
mentioned we are referring to those binary packages, but on the CVE page we are 
only dealing with source package names. So we already have the released in the 
lines for libidn2.

The lines that you are referring that are marked as DNE, is for the
libidn2-0 source package
(https://packages.ubuntu.com/source/xenial/libidn2-0), which only exists
on Ubuntu Xenial (16.04) and Trusty (14.04), and that's why it is marked
as DNE (Do Not Exist) in the CVE page.

So this is just a confusion between source packages and binary packages.
Binary packages is what you install on a apt-get install command. Source
packages is where we apply the fix, and where the binary packages will
be generated from.

Hope I didn't get you more confused on this.
Thanks

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1855768

Title:
  Ubuntu-security CVE-2019-18224 web page shows incorrect info about
  libidn2-0 status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1855768/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1855768] Re: Ubuntu-security CVE-2019-18224 web page shows incorrect info about libidn2-0 status

[Eduardo dos Santos Barretto]

Also, I am not aware of this Trivy tool, but could you give us more
information on what you are seeing?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1855768

Title:
  Ubuntu-security CVE-2019-18224 web page shows incorrect info about
  libidn2-0 status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1855768/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1855768] Re: Ubuntu-security CVE-2019-18224 web page shows incorrect info about libidn2-0 status

[Eduardo dos Santos Barretto]

Hi Srdjan,

Awesome, thanks! I will give it a try.

Yes, the analysis seems correct to me. So I encourage you to file a bug
on Trivy Github and let them verify what's going on. If possible, keep
us updated on the outcomes of your bug report.

I appreciate it!
Thanks,
Eduardo

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1855768

Title:
  Ubuntu-security CVE-2019-18224 web page shows incorrect info about
  libidn2-0 status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1855768/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856979] Re: GIT 2.x vulnerabilities

[Eduardo dos Santos Barretto]

Actually marking it as Fixed Released.

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856979

Title:
  GIT 2.x  vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1856979/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1857059] Re: encontre un error y me vanearon

[Eduardo dos Santos Barretto]

Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.

Submitting the bug about the proper source package is essential. For
help see https://wiki.ubuntu.com/Bugs/FindRightPackage . Additionally,
in the report please include:

1) The release of Ubuntu you are using, via 'cat /etc/lsb-release' or System -> 
About Ubuntu.
2) The version of the package you are using, via 'dpkg -l PKGNAME | cat' or by 
checking in Synaptic.
3) What happened and what you expected to happen.

The Ubuntu community has also created debugging procedures for a wide
variety of packages at https://wiki.ubuntu.com/DebuggingProcedures .
Following the debugging instructions for the affected package will make
your bug report much more complete. Thanks!


** Information type changed from Private Security to Public

** Changed in: apache2 (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857059

Title:
  encontre un error y me vanearon

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1857059/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856944] Re: package login 1:4.2-3.1ubuntu5.4 failed to install/upgrade: package architecture (amd64) does not match system (i386)

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856944

Title:
  package login 1:4.2-3.1ubuntu5.4 failed to install/upgrade: package
  architecture (amd64) does not match system (i386)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1856944/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856997] Re: Nvidia driver is not working / not supported

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856997

Title:
  Nvidia driver is not working / not supported

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1856997/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856771] Re: package samba 2:4.3.11+dfsg-0ubuntu0.16.04.24 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856771

Title:
  package samba 2:4.3.11+dfsg-0ubuntu0.16.04.24 failed to
  install/upgrade: subprocess installed post-installation script
  returned error exit status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1856771/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856597] Re: sepackage mysql-server-5.7 5.7.28-0ubuntu0.18.04.4 failed to install/upgrade: instalado mysql-server-5.7 paquete post-installation guión el subproceso devolvió un error con estado de

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856597

Title:
  sepackage mysql-server-5.7 5.7.28-0ubuntu0.18.04.4 failed to
  install/upgrade: instalado mysql-server-5.7 paquete post-installation
  guión el subproceso devolvió un error con estado de salida 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1856597/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856510] Re: Gtk-Message: 23:32:48.890: Failed to load module "canberra-gtk-module" (etherape:2564): libglade-WARNING **: 23:32:48.893: Could not load support for `gnome': libgnome.so: Ne peut o

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856510

Title:
  Gtk-Message: 23:32:48.890: Failed to load module "canberra-gtk-module"
  (etherape:2564): libglade-WARNING **: 23:32:48.893: Could not load
  support for `gnome': libgnome.so: Ne peut ouvrir le fichier d'objet
  partagé: Aucun fichier ou dossier de ce type  (etherape:2564):
  libglade-WARNING **: 23:32:48.977: unknown widget class 'GnomeCanvas'
  (etherape:2564): Gtk-WARNING **: 23:32:48.977:
  gtk_scrolled_window_add(): cannot add non scrollable widget use
  gtk_scrolled_window_add_with_viewport() instead EtherApe-INFO:
  23:32:48.988: sctp protocol not supported EtherApe-INFO: 23:32:48.988:
  ddp protocol not supported EtherApe-INFO: 23:32:48.988: ddp protocol
  not supported EtherApe-INFO: 23:32:48.989: ddp protocol not supported
  EtherApe-INFO: 23:32:48.989: ddp protocol not supported
  (etherape:2564): GLib-GObject-WARNING **: 23:32:48.990: invalid cast
  from 'GtkLabel' to 'GnomeCanvas'  (etherape:2564): GnomeCanvas-
  CRITICAL **: 23:32:48.990: gnome_canvas_root: assertion
  'GNOME_IS_CANVAS (canvas)' failed  (etherape:2564): GnomeCanvas-
  CRITICAL **: 23:32:48.990: gnome_canvas_item_new: assertion
  'GNOME_IS_CANVAS_GROUP (parent)' failed **
  ERROR:diagram.c:250:addref_canvas_obj: assertion failed: (obj) Abandon
  (core dumped) unexpected EOF in read_all() critical: read_all() failed
  on control socket

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/etherape/+bug/1856510/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1856456] Re: package systemd 242-7ubuntu3.2 failed to install/upgrade: package systemd is already installed and configured

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856456

Title:
  package systemd 242-7ubuntu3.2 failed to install/upgrade: package
  systemd is already installed and configured

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1856456/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1866113] Re: CVE-2019-16235, CVE-2019-16236, CVE-2019-16237

[Eduardo dos Santos Barretto]

You can find it built here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

** Changed in: dino-im (Ubuntu Bionic)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1866113

Title:
  CVE-2019-16235, CVE-2019-16236, CVE-2019-16237

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dino-im/+bug/1866113/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1841978] Re: package login 1:4.2-3.1ubuntu5 failed to install/upgrade: package login is already installed and configured

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841978

Title:
  package login 1:4.2-3.1ubuntu5 failed to install/upgrade: package
  login is already installed and configured

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1841978/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815483] Re: [MIR] libhandy

[Eduardo dos Santos Barretto]

I reviewed libhandy 0.0.10-1 as checked into eoan. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.

libhandy is a library full of GTK widgets for mobile phones. The aim of
libhandy is to help with developing UI for mobile devices using GTK/GNOME.

- No CVE History:
- Build-Depends
  - debhelper-compat
  - dh-sequence-gir
  - gtk-doc-tools
  - libgirepository1.0-dev
  - libgladeui-dev
  - libglib2.0-doc
  - libgnome-desktop-3-dev
  - libgtk-3-doc
  - libgtk-3-dev
  - libxml2-utils
  - meson
  - pkg-config
  - valac
- No pre/post inst/rm scripts
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- No binaries in PATH
- No sudo fragments
- No udev rules
- Unit tests / autopkgtests
  - under tests/ there are quite a few tests available testing different
widgets
  - autopkgtests passing on:
https://autopkgtest.ubuntu.com/packages/libh/libhandy
https://ci.debian.net/packages/libh/libhandy/
- No cron jobs
- Build logs:
  - Some compiler warnings:
update-rc.d: warning: start and stop actions are no longer supported; falling 
back to defaults
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-action-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-arrows'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-combo-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-dialer'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-dialer-cycle-button'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-dialog'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-expander-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-header-bar'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-header-group'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-preferences-group'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-preferences-page'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-preferences-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-preferences-window'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-search-bar'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-squeezer'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-string-utf8'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-value-object'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-view-switcher'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 
'test-view-switcher-bar'
html/HdyViewSwitcher.html:135: warning: no link for: "PangoEllipsizeMode" -> 
(PangoEllipsizeMode).
html/HdyViewSwitcher.html:543: warning: no link for: 
"PANGO-ELLIPSIZE-NONE:CAPS" -> (PANGO_ELLIPSIZE_NONE)

- No processes spawned
- Memory management
  - It looks safe
- No File IO
- No Logging
- No Environment variable usage
- No Use of privileged functions
- No Use of cryptography
- No Use of temp files
- No Use of networking
- No Use of WebKit
- No Use of PolicyKit
- No significant cppcheck results
- We don't have Coverity results so far, as we are having issues with coverity 
+ meson.
- A few FIXME around the code, mostly on src/hdy-leaflet.c, nothing that would 
block the MIR

This library is well maintained and GNOME apps should use even more
libhandy in the future. Although this is still not a "stable" release,
we don't have any objections on it going to main.

I am not sure if you will want to wait for version 0.1.0 or will need to
move ahead to get the current version into 19.10. If you are going to
wait for the "stable" release, just let us know and we can review and
compare the changes with the current audit.

Security team ACK for promoting libhandy to main.

** Changed in: libhandy (Ubuntu)
 Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815483

Title:
  [MIR] libhandy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1820212] Re: [MIR] python-aiosmtpd as dependency of mailman3

[Eduardo dos Santos Barretto]

I reviewed python-aiosmtpd version 1.2-3 as checked into eoan as of this
writing.

This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

python-aiosmtpd is an asyncio based SMTP server.

- Last commit from March
- No CVE history
- Build-depends:
 - debhelper,
 - dh-python,
 - openssl,
 - python3-all,
 - python3-docutils,
 - python3-setuptools,
 - python3-sphinx
- postinst and prerm added automatically
- No init scripts
- No systemd services
- No DBus services
- No setuid
- Binaries in PATH:
 /usr/bin/aiosmtpd
- No sudo fragments
- No udev rules
- Some tests under aiosmtpd/tests/
 - FTBS in debian (from 2017). A test randomly fails, seems to be related to a
   possible race condition in test code. See:
   https://github.com/aio-libs/aiosmtpd/issues/133
 - test SMTP protocol
 - test SMTP over SSL/TLS
 - test server implementation
 - test LMTP protocol
- No cron jobs
- A lot of warnings in the build log:
 - Most warnings are about doc files
 - Some warnings that might be relevant to someone:
test_message (aiosmtpd.tests.test_handlers.TestAsyncMessage) ... 
/<>/.pybuild/cpython3_3.7_aiosmtpd/build/aiosmtpd/controller.py:64:
 PendingDeprecationWarning: Task.all_tasks() is deprecated, use 
asyncio.all_tasks() instead
test_setuid (aiosmtpd.tests.test_main.TestMain) ... 
/usr/lib/python3.7/asyncio/base_events.py:623: ResourceWarning: unclosed event 
loop <_UnixSelectorEventLoop running=False closed=False debug=False>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
test_quit_with_arg (aiosmtpd.tests.test_smtp.TestSMTP) ... 
/usr/lib/python3.7/socket.py:660: ResourceWarning: unclosed 
ResourceWarning: Enable tracemalloc to get the object allocation traceback

- No subprocess spawned
- File IO only in setup_helpers.py (helper functions for setup.py).
  Path to file hardcoded in setup.py and conf.py.
- Not so much logging done, mainly in smtp.py
 - uses logging module for logging debug and info messages
 - uses warnings module for logging warnings
 - apparently no logging in case of errors
- Environment variable
 - make use of AIOSMTPD_CONTROLLER_TIMEOUT environment variable, expecting a
   float number
 - if variable not set, falls back to default '1.0'
 - no sanitization of input, but if a float number is not passed, will trigger
   exception
- setuid() server to 'nobody' user. This shouldn't be done, 'nobody' should be
  strictly used for NFS.
- Encryption
 - make use of SSL/TLS
- Networking
 - SMTP server listens on a port specified on command line, or default port
   8025.
- No WebKit
- No polkit
- No shell scripts
- No coverity issues

This is not an ACK or a NACK, we will keep waiting on the setuid to
'nobody' issue.

** Bug watch added: github.com/aio-libs/aiosmtpd/issues #133
   https://github.com/aio-libs/aiosmtpd/issues/133

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820212

Title:
  [MIR] python-aiosmtpd as dependency of mailman3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-aiosmtpd/+bug/1820212/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1825572] Re: April 2019 Oracle CPU might also affect MariaDB

[Eduardo dos Santos Barretto]

I will be handling it for the security team, thanks Otto.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1825572

Title:
  April 2019 Oracle CPU might also affect MariaDB

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1825572/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1825572] Re: April 2019 Oracle CPU might also affect MariaDB

[Eduardo dos Santos Barretto]

Hi Otto,

You based your update on version 1:10.1.38-0ubuntu0.18.04.1.

We currently have in the archive version 1:10.1.38-0ubuntu0.18.04.2.

Could you please rebase your changes with what is in the archive?

Thanks in advance!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1825572

Title:
  April 2019 Oracle CPU might also affect MariaDB

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1825572/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1838879] Re: Nvidia MX130 Video

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838879

Title:
  Nvidia MX130 Video

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1838879/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1838795] Re: package linux-image-extra-4.4.0-57-generic 4.4.0-57.78 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838795

Title:
  package linux-image-extra-4.4.0-57-generic 4.4.0-57.78 failed to
  install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
  exited with return code 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1838795/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1838067] Re: made Ubuntu very slow then crash

[Eduardo dos Santos Barretto]

** Changed in: clamtk (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1838067

Title:
  made Ubuntu very slow then crash

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamtk/+bug/1838067/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1833479] Re: libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs

[Eduardo dos Santos Barretto]

** Changed in: jackd2 (Ubuntu)
   Status: New => Confirmed

** Changed in: jackd2 (Debian)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1833479

Title:
  libjack-jackd2-0 double close on a failure to connect to jackd which
  causes crashes in multithreaded programs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jackd2/+bug/1833479/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1814596] Re: DynamicUser can create setuid binaries when assisted by another process

[Eduardo dos Santos Barretto]

** Changed in: systemd (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1814596

Title:
  DynamicUser can create setuid binaries when assisted by another
  process

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1839071] Re: numad sched_setaffinity bug

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839071

Title:
  numad sched_setaffinity bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/numad/+bug/1839071/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1839531] Re: 14.04 LTS does not upgrade to 16.04 LTS

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839531

Title:
  14.04 LTS does not upgrade to 16.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1839531/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1820226] Re: [MIR] twitter-bootstrap3 as dependency of mailman3

[Eduardo dos Santos Barretto]

I reviewed twitter-bootstrap3 3.4.0+dfsg-4 as checked into eoan. This shouldn't
be considered a full audit but rather a quick gauge of maintainability.

twitter-bootstrap3 is an open source toolkit for developing with HTML, CSS, and
JS. 

- There are different versions of twitter-bootstrap in the archive, after some
  search we have that
  - twitter-bootstrap4: Highly maintained
  - twitter-bootstrap3: The 3.4.0 version landed in December 2018 and it shows
that development is more focused in the 4.x version than in 3.x. See:
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
After the 3.4.0 release we had 3.4.1 (Feb 2019) which fixed a security
issue. So it seems that they are doing the minimum of giving at least
security updates to version 3. (we might want to consider updating to 3.4.1)
It is used in mailman-website where you can manage lists. It is unclear to
me if the version 3 is a hard dependency.
- CVE History:
  - 7 open CVEs
  - 1 still open in eoan CVE-2019-8331 (fixed in version 3.4.1)
  - All CVEs are XSS
- Build-Depends
  - cssmin,
  - debhelper,
  - lcdf-typetools,
  - node-less,
  - node-source-map,
  - node-uglify,
  - pandoc
- No pre/post inst/rm scripts
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- No binaries in PATH
- No sudo fragments
- No udev rules
- Unit tests found in js/tests/
  - unit/ contains the unit test files for each Bootstrap plugin
  - vendor/ contains jQuery
  - visual/ contains "visual" tests which are run interactively in real browsers
and require manual verification
- No cron jobs
- Build logs:
  - No security relevant warnings or errors
dpkg-scanpackages: warning: Packages in archive but missing from override file:
dpkg-scanpackages: warning:   sbuild-build-depends-core-dummy
dpkg-scanpackages: info: Wrote 1 entries to output Packages file.
E: twitter-bootstrap3 changes: bad-distribution-in-changes-file unstable
N: 4 tags overridden (1 error, 3 warnings)

- Processes spawned
  - Mostly on Grunt, a javascript task runner that is embedded in this
package, or documentation
- Memory management: looks like there's not much and seem ok.
- No file IO
- Logging only in Grunt
- No use of environment variables
- No use of privileged functions
- No use of encryption
- No temp files
- No use of networking
- Make use of WebKit
- No PolicyKit
- No shell scripts
- Multiple (most from test code, which might be low priority) NULL_RETURNS from 
Coverity analysis, mostly related to jquery.


Someone with better JS skills might want to check coverity results before we 
ACK/NACK.

Christian could you please assign someone to take a look on those
warnings?

Attached goes the coverity output.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8331

** Attachment added: "coverity-bootstrap.txt"
   
https://bugs.launchpad.net/ubuntu/+source/twitter-bootstrap3/+bug/1820226/+attachment/5268126/+files/coverity-bootstrap.txt

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820226

Title:
  [MIR] twitter-bootstrap3 as dependency of mailman3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/twitter-bootstrap3/+bug/1820226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1820226] Re: [MIR] twitter-bootstrap3 as dependency of mailman3

[Eduardo dos Santos Barretto]

On Mon, 2019-06-03 at 05:54 +, Christian Ehrhardt  wrote:
> > - There are different versions of twitter-bootstrap in the archive,
> > after some
> >   search we have that
> 
> [...]
> > It is used in mailman-website where you can manage lists. It is
> > unclear to
> > me if the version 3 is a hard dependency.
> 
> Yes it is, I have checked with upstream already for the same reason
> (expect to be longer maintained) but the move seems to be non
> trivial.
> So for now it is a hard dependency on v3
> 

Thanks for confirming it!

> [...]
> 
> >   - No security relevant warnings or errors
> > dpkg-scanpackages: warning: Packages in archive but missing from
> > override file:
> > dpkg-scanpackages: warning:   sbuild-build-depends-core-dummy
> > dpkg-scanpackages: info: Wrote 1 entries to output Packages file.
> > E: twitter-bootstrap3 changes: bad-distribution-in-changes-file
> > unstable
> > N: 4 tags overridden (1 error, 3 warnings)
> 
> [...]
> 
> > - Multiple (most from test code, which might be low priority)
> > NULL_RETURNS from Coverity analysis, mostly related to jquery.
> > 
> > 
> > Someone with better JS skills might want to check coverity results
> > before we ACK/NACK.
> > 
> > Christian could you please assign someone to take a look on those
> > warnings?
> 
> First of all thanks for the review Eduardo!
> Looking at your summary I wondered which warnings you meant.
> a) the few dpkg-scanpackage warnings
> b) the coverity report to be looked at with JS skills
> 

Sorry for not being so clear, the warnings here means the coverity
report.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820226

Title:
  [MIR] twitter-bootstrap3 as dependency of mailman3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/twitter-bootstrap3/+bug/1820226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1825572] Re: April 2019 Oracle CPU might also affect MariaDB

[Eduardo dos Santos Barretto]

Thanks Otto for providing the update for 18.04.
We just released it and it should be available in the archive in some minutes.
We appreciate all the work you've done.

** Changed in: mariadb-10.1 (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1825572

Title:
  April 2019 Oracle CPU might also affect MariaDB

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1825572/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1853696] Re: linux corrompido

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853696

Title:
  linux corrompido

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1853696/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1851738] Re: cqrlog cant be remove , cant download other apps because of it

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1851738

Title:
  cqrlog cant be remove ,cant download other apps because of it

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1851738/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1853760] Re: php 7.2 has dependency problems and they are not letting to update apache2 and php7.2 * modules

[Eduardo dos Santos Barretto]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853760

Title:
  php 7.2 has dependency problems and they are not letting to update
  apache2 and php7.2 * modules

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1853760/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs