I reviewed exfatprogs 1.2.6-1 as checked into plucky and 1.2.5-2 as checked
into oracular. This shouldn't be considered a full audit but rather a
quick gauge of maintainability. plucky version was mainly considered for
the most part of this review but it is also valid for oracular as they are
pret
Hi,
thanks for getting in touch.
for noble, CVE-2024-45006 is queued to be fixed in version 6.8.0-50.51.
This version is planned be released in the week of 02-Dec.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-45006
** Changed in: linux (Ubuntu)
Status: New => Fix Co
** Package changed: linux-signed (Ubuntu) => linux (Ubuntu)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2088444
Title:
CVE-202
** No longer affects: python-urllib3 (Ubuntu Noble)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2084715
Title:
recent date test causes new builds to fail
To manage notifications about this bug go
** Also affects: python-urllib3 (Ubuntu Noble)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2084715
Title:
recent date test causes new builds to fail
To
Testing Documentation:
This update was tested following the guidelines available at:
https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
In summary, they are:
- AppArmor cache files verification;
- Basic Ubuntu login tests: network, browser, apt;
- LXC, LXD, Docker basic operations and appa
I reviewed libdex 0.7.1-1 as checked into oracular. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
libdex is basically a GNOME library used for asynchronous operations.
from upstream:
Dex provides Future-based programming for GLib-based applications.
Dex
** Tags removed: verification-needed-focal verification-needed-jammy
** Tags added: verification-done-focal verification-done-jammy
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscr
** Changed in: kernel-sru-workflow/security-signoff
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2076174
Title:
noble/linux-oem-6.11: 6.11.0-1001.1 -propo
.
- CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
* Fix autopkgtest:
- debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch:
check if new_template is NULL at vorbis_encode_ctl() in
lib/vorbisenc.c.
-- Rodrigo Figueiredo Zaiden Wed, 11
May 2022 14:54:32 -0300
Upstream issue is: https://gitlab.xiph.org/xiph/vorbis/-/issues/1975
and the solution is the commit:
https://gitlab.xiph.org/xiph/vorbis/-/commit/42f2bb2936ea06e3a9a2fc2260988120d6dfc97d
the '--advanced-encode-option disable_coupling' in oggenc is used on
autopkgtests for libvorbis.
so, in xenia
/cron/-/commit/23047851
-- Rodrigo Figueiredo Zaiden Tue, 10
May 2022 18:07:46 -0300
** Changed in: cron (Ubuntu Xenial)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
** Changed in: cron (Ubuntu Xenial)
Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
** Changed in: cron (Ubuntu Bionic)
Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
--
You received this bug notification because you are a member of
Fixed in xenial 1.14.6-1ubuntu0.1~esm1:
https://ubuntu.com/security/notices/USN-5407-1
** Changed in: cairo (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29799
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971550
Title:
networkd-dispatcher missing state 'initialized'
To manage notifi
** Changed in: networkd-dispatcher (Ubuntu)
Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971550
Title:
netwo
VE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17134
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3895
** Changed in: octavia (Ubuntu)
Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden) => (unassigned)
--
You received this bug notification because y
** Changed in: tar (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: tar (Ubuntu Focal)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912091
Title:
This bug was fixed in the tagged releases
https://ubuntu.com/security/notices/USN-5329-1
General changelog:
* SECURITY UPDATE: Denial of service (LP: #1912091)
- debian/patches/CVE-2021-20193.patch: in read_header method in
src/list.c, change the return value to be the value of status
after a validation is succeeded, and add a test for this
case in ext/filter/tests/bug81708.phpt
- CVE-2021-21708
-- Rodrigo Figueiredo Zaiden Thu, 24
Feb 2022 12:03:09 -0300
** Changed in: php8.0 (Ubuntu)
Status: In Progress => Fix Released
--
You received this
after a validation is succeeded, and add a test for this
case in ext/filter/tests/bug81708.phpt
- CVE-2021-21708
-- Rodrigo Figueiredo Zaiden Thu, 24
Feb 2022 11:55:48 -0300
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21708
** Changed in: php7.4 (Ubuntu
** Also affects: php8.0 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: php8.0 (Ubuntu)
Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
** Changed in: php8.0 (Ubuntu)
Status: New => In Progress
--
You received this bug notification b
** Changed in: php7.4 (Ubuntu)
Status: Confirmed => In Progress
** Changed in: php7.4 (Ubuntu)
Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: octavia (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Rodrigo Figueiredo
Zaiden (rodrigo-zaiden)
** Changed in: octavia (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
giref (Ubuntu)
Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953173
Title:
[MIR] python-asgiref
To manage notificatio
From:
https://github.com/django/asgiref/issues/317
Upstream confirmed that it is in fact an issue, but, it's not exploitable.
My understanding is that it will hit other guards before falling in that case.
And, changing it would be a potential risk of breaking other things.
I'm pretty satisfied w
Hi Lena,
Thanks for checking and testing it.
I raised an issue in the upstream to ask about it:
https://github.com/django/asgiref/issues/317
Thanks!
** Bug watch added: github.com/django/asgiref/issues #317
https://github.com/django/asgiref/issues/317
--
You received this bug notification
Hi Server team,
could you, please, take a look into the following lines in wgsi.py:
def build_environ(self, scope, body):
...
environ = {
...
"SCRIPT_NAME": scope.get("root_path",
"").encode("utf8").decode("latin1"),
"PATH_INFO": scope["pat
** Changed in: python-asgiref (Ubuntu)
Status: New => In Progress
** Changed in: python-asgiref (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Rodrigo Figueiredo
Zaiden (rodrigo-zaiden)
--
You received this bug notification because you are a member of Ubunt
Public bug reported:
autopkgtest test-tls-passphrase is failing due to an expired
certificate:
not ok 1808 parallel/test-tls-passphrase
---
duration_ms: 1.117
severity: fail
exitcode: 1
stack: |-
events.js:174
throw er; // Unhandled 'error' event
^
Error
Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951432
Title:
fail to build from source
To manage notifications about this
31 matches
Mail list logo
