[Bug 2103420] Re: Security issue with libsaml12
** Also affects: opensaml2 (Ubuntu) Importance: Undecided Status: New ** Changed in: opensaml2 (Ubuntu) Status: New => In Progress ** Changed in: opensaml2 (Ubuntu) Assignee: (unassigned) => John Breton (john-breton) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
** Changed in: opensaml2 (Ubuntu Trusty) Status: In Progress => Invalid ** Changed in: opensaml2 (Ubuntu) Status: In Progress => Fix Committed ** Changed in: opensaml2 (Ubuntu Trusty) Assignee: John Breton (john-breton) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
** Changed in: opensaml2 (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: opensaml2 (Ubuntu Xenial) Assignee: John Breton (john-breton) => (unassigned) ** Changed in: opensaml2 (Ubuntu Bionic) Status: Fix Committed => Fix Released ** Changed in: opensaml2 (Ubuntu Bionic) Assignee: John Breton (john-breton) => (unassigned) ** Changed in: opensaml2 (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: opensaml2 (Ubuntu) Assignee: John Breton (john-breton) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
Hi, thank you for the initial report and an additional thanks for providing a debdiff for Noble. A fix for affected releases is in progress. Once we have further updates we will share them here. ** Changed in: opensaml (Ubuntu) Assignee: (unassigned) => John Breton (john-breton) ** Changed in: opensaml (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
Just to provide an update, we are tentatively targeting Monday, March 24th as the release date for the OpenSAML and OpenSAML2 updates. We appreciate your patience and will provide further updates once the releases are fully published. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
** Changed in: opensaml (Ubuntu Oracular) Status: New => In Progress ** Changed in: opensaml (Ubuntu Oracular) Assignee: (unassigned) => John Breton (john-breton) ** Changed in: opensaml (Ubuntu Noble) Status: New => In Progress ** Changed in: opensaml (Ubuntu Noble) Assignee: (unassigned) => John Breton (john-breton) ** Changed in: opensaml (Ubuntu Jammy) Status: New => In Progress ** Changed in: opensaml (Ubuntu Jammy) Assignee: (unassigned) => John Breton (john-breton) ** Changed in: opensaml (Ubuntu Focal) Status: New => In Progress ** Changed in: opensaml (Ubuntu Focal) Assignee: (unassigned) => John Breton (john-breton) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
** Changed in: opensaml (Ubuntu Plucky) Status: Fix Committed => Fix Released ** Changed in: opensaml (Ubuntu Plucky) Assignee: John Breton (john-breton) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2068805] Re: [SRU] "Install Now" button disappears for good if all packages unselected and Ubuntu Pro packages are shown but unavailable
Xenial and Bionic have been uploaded to our esm-infra-updates-staging PPA. We are just waiting for this SRU to be published in the archive first for the other releases. ** Changed in: update-manager (Ubuntu Xenial) Status: Confirmed => Fix Committed ** Changed in: update-manager (Ubuntu Bionic) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2068805 Title: [SRU] "Install Now" button disappears for good if all packages unselected and Ubuntu Pro packages are shown but unavailable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2068805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104925] Re: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial
Thank you for being so patient while we investigated this issue. An update has been released that corrects the issue and allows Ansible to be successfully installed on Xenial. Full details can be seen in the following USN: https://ubuntu.com/security/notices/USN-7343-2 Please let me know if this resolves the issue or if any other issues arise. ** Changed in: ansible (Ubuntu) Status: Confirmed => Fix Released ** Changed in: ansible (Ubuntu) Assignee: John Breton (john-breton) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104925 Title: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/2104925/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM
** Summary changed: - Fix for CVE-2025-27516 regressed jinja in Python2 on focal and previous releases (ESM) + Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2102129 Title: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jinja2/+bug/2102129/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal
Thank you for the feedback thus far on this. For trusty and xenial I accounted for Python 2 compatibility and wrote a backport of getattr_static: ``` def getattr_static_py2(obj, attr, default=None): """ Mimic getattr_static from Python 3 in Python 2.7. """ for cls in inspect.getmro(type(obj)): if attr in cls.__dict__: return cls.__dict__[attr] return getattr(obj, attr, default) ``` Unfortunately, I did not have the same foresight to do this for bionic and focal. I am in the process of modifying the patches for bionic and focal to reference this function instead. ** Changed in: jinja2 (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2102129 Title: Fix for CVE-2025-27516 regressed jinja in Python2 on focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jinja2/+bug/2102129/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM
This update has now been pushed as of the publication of USN 7343-2: https://ubuntu.com/security/notices/USN-7343-2 The relevant fixes can be grabbed on bionic (available with Ubuntu Pro) and focal via a standard system update. Thank you all for your help in investigating this issue and for confirming its resolution! ** Changed in: jinja2 (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2102129 Title: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jinja2/+bug/2102129/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104925] Re: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial
The issue has been confirmed to only impact xenial. One of the newly introduced files created as part of backporting a patch appears to have been cut off incorrectly, leading to the indentation error. A fix is underway. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104925 Title: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/2104925/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104925] Re: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial
** Changed in: ansible (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104925 Title: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/2104925/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
** Changed in: opensaml2 (Ubuntu Bionic) Status: Confirmed => In Progress ** Changed in: opensaml2 (Ubuntu Bionic) Assignee: (unassigned) => John Breton (john-breton) ** Changed in: opensaml2 (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: opensaml2 (Ubuntu Xenial) Assignee: (unassigned) => John Breton (john-breton) ** Changed in: opensaml2 (Ubuntu Trusty) Status: Confirmed => In Progress ** Changed in: opensaml2 (Ubuntu Trusty) Assignee: (unassigned) => John Breton (john-breton) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
Fixes for Xenial, Bionic, Focal, Jammy, Noble, Oracular, and Plucky have been committed and are currently being built. They are pending publication. ** Changed in: opensaml2 (Ubuntu Xenial) Status: In Progress => Fix Committed ** Changed in: opensaml2 (Ubuntu Bionic) Status: In Progress => Fix Committed ** Changed in: opensaml (Ubuntu Plucky) Status: In Progress => Fix Committed ** Changed in: opensaml (Ubuntu Oracular) Status: In Progress => Fix Committed ** Changed in: opensaml (Ubuntu Noble) Status: In Progress => Fix Committed ** Changed in: opensaml (Ubuntu Jammy) Status: In Progress => Fix Committed ** Changed in: opensaml (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104925] Re: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial
** Changed in: ansible (Ubuntu) Assignee: (unassigned) => John Breton (john-breton) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104925 Title: Version 2.0.0.2-2ubuntu1.3+esm5 fails to install on Xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/2104925/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
** Changed in: opensaml (Ubuntu Oracular) Assignee: John Breton (john-breton) => (unassigned) ** Changed in: opensaml (Ubuntu Noble) Assignee: John Breton (john-breton) => (unassigned) ** Changed in: opensaml (Ubuntu Jammy) Assignee: John Breton (john-breton) => (unassigned) ** Changed in: opensaml (Ubuntu Focal) Assignee: John Breton (john-breton) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
We appreciate your patience on this issue thus far. Fixes have been released for OpenSAML2 on Xenial and Bionic and for OpenSAML on Focal, Jammy, Noble, and Oracular. We will provide another update once a fix has been released for Plucky. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2103420] Re: Security issue with libsaml12
We have published a USN for this issue: https://ubuntu.com/security/notices/USN-7364-1 We recommend upgrading to the latest available version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2103420 Title: Security issue with libsaml12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/2103420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2068805] Re: [SRU] "Install Now" button disappears for good if all packages unselected and Ubuntu Pro packages are shown but unavailable
Hello all, The fix is now available for Xenial and Bionic through esm-infra- updates. ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: update-manager (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2068805 Title: [SRU] "Install Now" button disappears for good if all packages unselected and Ubuntu Pro packages are shown but unavailable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2068805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
