** Description changed:
[Impact]
With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start.
The log file shows many errors like:
2020-10-05 10:20:37.998 551 ERROR
neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr:
iptables-restore: line 29 failed
FYI the two autopkgtest failures for arm64 (sshuttle & firewalld) both
appear to be transient failures so these are currently being retried...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Tit
** Changed in: intel-microcode (Ubuntu)
Assignee: (unassigned) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1903883
Title:
XPS 13 9310 Tiger Lake Unable to b
Thanks for reporting this issue - thanks @superrm1 for forwarding it
upstream - https://github.com/intel/Intel-Linux-Processor-Microcode-
Data-Files/issues/44 - I'll push an update soon which reverts just this
single microcode for the intel-microcode package in Ubuntu.
** Bug watch added:
github.
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
firefox 82.0.3 was released for xenial, bionic, focal, groovy and
hirsute yesterday.
** Changed in: firefox (Ubuntu)
Status: New => Fix Released
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
B
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
This is now obsolete - we recently updated intel-microcode to the most
recent 20201110 release.
** Changed in: intel-microcode (Ubuntu)
Status: New => Fix Released
** Changed in: intel-microcode (Ubuntu Xenial)
Status: New => Fix Released
** Changed in: intel-microcode (Ubuntu Bion
This was fixed in clamav 0.101.4+dfsg-0ubuntu0.YY.MM.1 for each
corresponding Ubuntu release.
** Changed in: clamav (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
Public bug reported:
I have configured apt-src access to the private ESM PPAs via entries in
/etc/apt/sources.list.d/ubuntu-security.list as follows:
deb-src https://private-ppa.launchpad.net/ubuntu-esm/esm-infra-
security/ubuntu trusty main
and then added credentials as follows to /etc/apt/auth
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Title:
neutron-linuxbridge-agent fails to start with iptables 1.8.5
To manage notifications about this bug
jdstrand sponsored this to groovy-proposed and autopkgtests have all
passed - ~ubuntu-sru - could you please review?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Title:
neutron-linuxbridge-
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
@Pierre - can you please open a new bug report via `ubuntu-bug intel-
microcode` and we can follow up there - thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1903883
Title:
XPS 13 9310 Tiger L
@rokclimb15 - are you still looking at producing debdiff's for focal +
groovy as well?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
To manage notifications about this
Excellent - thank you :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/
Yep I'll take this @Christian
** Changed in: iptables (Ubuntu Groovy)
Assignee: (unassigned) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1904192
Title:
Thanks for reporting this issue, I have tried to reproduce it locally on
a couple machines with the same CPUID but they boot fine with this
microcode revision - from their dmesg:
microcode: microcode updated early to revision 0xe2, date = 2020-07-14
Linux version 5.4.0-54-generic (buildd@lcy01-amd
Deleted PoC etc before marking this public.
** Attachment removed: "snap-escape-POC.tar.gz"
https://bugs.launchpad.net/snapcraft/+bug/1901572/+attachment/5427455/+files/snap-escape-POC.tar.gz
** Attachment removed: "make_libc.py"
https://bugs.launchpad.net/snapcraft/+bug/1901572/+attachme
CVE-2020-35132 was assigned by MITRE for this issue.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-35132
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1906474
Title:
php
*** This bug is a duplicate of bug 1804847 ***
https://bugs.launchpad.net/bugs/1804847
I've marked this as a duplicate of bug #1804847 - please add any further
comments to that bug instead.
** This bug has been marked a duplicate of bug 1804847
systemd=229-4ubuntu21.8 use of fchownat faile
** Changed in: tracker-miners (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Alex Murray
(alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770877
Title:
[MIR] trac
*** This bug is a duplicate of bug 1468526 ***
https://bugs.launchpad.net/bugs/1468526
** Information type changed from Private Security to Public
** This bug has been marked a duplicate of bug 1468526
g15tools.com seems to be not anymore under control be g15tools
--
You received this bu
sensitive bits from HOME etc
- ACK from security team to promote to main.
** Bug watch added: GNOME Bug Tracker #764786
https://bugzilla.gnome.org/show_bug.cgi?id=764786
** Changed in: tracker-miners (Ubuntu)
Assignee: Alex Murray (alexmurray) => (unassigned)
--
You received this b
Whoops - just noticed the comment re which version to review - will take
a look at the suggested version in https://salsa.debian.org/gnome-team
/tracker-miners
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
** Changed in: tracker-miners (Ubuntu)
Assignee: (unassigned) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770877
Title:
[MIR] tracker-miners
To man
,
libgif-dev, libgxps-dev, libosinfo-1.0-dev, libtagc0-dev, libcue-dev,
libseccomp-dev, dbus, dbus-x11, procps, shared-mime-info,
Security team ACK to promote to main.
** Changed in: tracker-miners (Ubuntu)
Assignee: Alex Murray (alexmurray) => (unassigned)
--
You received this
I reviewed libcue (2.2.1-2) from disco. This is not a full security audit but
rather a quick gauge of maintainability.
libcue is a library to parse CUE sheets / files (metadata which describes how
tracks of a CD or DVD are layed out). Stored as plain text and commonly have
the .cue extension. Pars
@cyphermox - this is assigned to the security team for security review
but is still marked Incomplete from your questions earlier - plus looks
like you also NAK'd it above - is this now ACK'd from your side or is it
still blocked - and hence should I un-assign it from the security team?
--
You re
This would also happen to fix 3 outstanding CVEs for ceph in Xenial as
well: CVE-2018-10861, CVE-2018-1128, CVE-2018-1129
I was looking at backporting fixes for these to 10.2.10 but the commits
which fix the actual CVEs seem to depend on a fair few other commits in
between 10.2.10 and 10.2.11 so i
@paelzer - from my experience with gpsd that looks pretty good regarding
the file rules etc - hopefully someone else who is more intimately
familiar with AppArmor can comment on the list of capabilities.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
@vorlon - seems this might be causing a failure - see #1791248
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1776996
Title:
secureboot-db out of date, missing revocations from Aug 2016
To manage no
Since qemu is off the list it looks like the primary motivation for this
MIR is now gone - as such, the security team proposes we close this MIR
and then if another team still wants libsdl2 in main, they should file a
new MIR.
--
You received this bug notification because you are a member of Ubun
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1791248
Title:
package secureboot-db 1.2 failed to install/upgrade: installed
secureboot-d
This looks a lot like #1783110
** Information type changed from Private Security to Public
** Information type changed from Public to Private Security
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
B
*** This bug is a security vulnerability ***
Public security bug reported:
Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 -
libpcre3 can be made to crash when matching the pattern \s*= when the
context is n\xff=
Able to reproduce on current Bionic using the PoC attached (which i
** Attachment added: "PoC using libpcre (ie without libglib)"
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1798725/+attachment/5205348/+files/PoC.c
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
I have reworked the PoC to one which allows to reproduce the crash
directly just using libpcre, and have verified this works directly on
the upstream libpcre releases 8.39, 8.40, 8.41 & 8.42 - waiting on
response from upstream - https://bugs.exim.org/show_bug.cgi?id=2330#c2
** Bug watch added: bug
Seems this is a bug in gvfs not properly validating as UTF8 before
calling into glib: https://bugs.exim.org/show_bug.cgi?id=2330#c9
** Package changed: pcre3 (Ubuntu) => gvfs (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
This was fixed in upstream commit
https://gitlab.gnome.org/GNOME/gvfs/commit/a23eb6f14eb3cffa1585d4e5e566f779337d1e04
Uncertain whether this qualifies as a security issue - there doesn't
seem to be any real security impact from the bug - so unmarking this as
a security issue now.
** Information t
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1800662
Title:
CVE-2017-183 is still present on atril
To manage notifications
@Seb - so there is an autorun.inf in the original tarball which can be
used (I will attach it separately here as well) - and this reproduces
the crash for me - I just copied it to a FAT formatted USB drive,
plugged it in and then in dmesg:
[ 40.361136] gvfs-udisks2-vo[1563]: segfault at 7f3c60a4
@Seb - also I rebuilt gvfs locally for bionic with that upstream patch
added and can confirm it does not segfault after that - would be happy
to test your SRUd version and confirm it as well if needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
*** This bug is a duplicate of bug 1769383 ***
https://bugs.launchpad.net/bugs/1769383
Thank you for taking the time to report this bug and helping to make
Ubuntu better. This particular bug has already been reported and is a
duplicate of bug 1769383, so it is being marked as such. Please look
Tested the version from cosmic-proposed in an up-to-date VM and it
failed - looks like this is not actually applied during the build - see
the build log https://launchpadlibrarian.net/398362236/buildlog_ubuntu-
cosmic-amd64.gvfs_1.38.1-0ubuntu1_BUILDING.txt.gz and notice it is never
listed during u
Tested the version from bionic-proposed in an up-to-date VM and it
passed
Steps to test locally as follows:
1. Enabled bionic-proposed
2. sudo apt-get dist-upgrade
3. sudo reboot
On next boot with the autorun.inf on a local USB drive:
$ dmesg | grep gvfs
$ apt-cache policy gvfs
gvfs:
Installe
Tested the new version in cosmic-proposed on an up-to-date cosmic VM by
inserting a USB drive with the attached autorun.inf and it passes.
Steps to test locally as follows:
1. Enabled cosmic-proposed
2. sudo apt-get dist-upgrade
3. sudo reboot
On next boot with the autorun.inf on a local USB dri
The security team consider the existing behaviour is fine - ie.
automatically connect without authentication when an admin session is
logged in and is an active seat (ie. the screen / session is not
switched to some other users sessions / VT), and the screen is unlocked.
If someone has direct phys
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1801383
Title:
apport uploading WifiSyslog to public bug reports is a major privacy
@yassine-mrabet - In general, Ubuntu does not upgrade major versions of
software and instead backports security fixes to the current version -
also we track CVEs independently in our own CVE tracker - in this case
please see https://people.canonical.com/~ubuntu-
security/cve/2018/CVE-2018-15688.htm
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
@amribrahim1987 if you could please attach a debdiff we can look at
trying to sponsor it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1768984
Title:
CVE-2018-10115 impacts p7zip-rar
To manage not
*** This bug is a duplicate of bug 1802463 ***
https://bugs.launchpad.net/bugs/1802463
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
*** This bug is a duplicate of bug 1769383 ***
https://bugs.launchpad.net/bugs/1769383
Thank you for taking the time to report this bug and helping to make
Ubuntu better. This particular bug has already been reported and is a
duplicate of bug 1769383, so it is being marked as such. Please look
y etc. if it were somehow to be compromised).
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5226
** Changed in: bubblewrap (Ubuntu)
Assignee: Alex Murray (alexmurray) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Ah ok thanks - sorry I somehow missed those details in comment 4 -
cheers.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1709164
Title:
[MIR] bubblewrap
To manage notifications about this bug go to
*** This bug is a duplicate of bug 48734 ***
https://bugs.launchpad.net/bugs/48734
** This bug has been marked a duplicate of bug 48734
Home permissions too open
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a m
** Changed in: android (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1240234
Title:
phablet in android_input group which gives rw access to
/dev/input/even
** Changed in: content-hub (Ubuntu)
Status: New => Won't Fix
** Changed in: mir (Ubuntu)
Status: New => Confirmed
** Changed in: canonical-devices-system-image
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Changed in: python3.5 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1510317
Title:
Shell Command Injection in "Mailcap" file handling
To manage notificat
** Changed in: unity-scope-audacious (Ubuntu)
Status: New => Confirmed
** Changed in: unity-scope-clementine (Ubuntu)
Status: New => Confirmed
** Changed in: unity-scope-gmusicbrowser (Ubuntu)
Status: New => Confirmed
** Changed in: unity-scope-gourmet (Ubuntu)
Status
Based on the most recent comments, changing the priority back to
undecided since there is no clear path forward for now.
** Changed in: libnih (Ubuntu)
Importance: High => Undecided
** Changed in: lxc (Ubuntu)
Importance: High => Undecided
** Changed in: cgmanager (Ubuntu)
Status: N
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1792148
Title:
adopt PHP 7.2.8+ to fix vulnerability in php-fpm
To manage notifica
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1791477
Title:
Thunderbird Multiple Security Vulnerabilities
To manage notificatio
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1791433
Title:
Path traversal vulnerability
To manage notifications about this bug
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1791405
Title:
bluetooth always in discoverable mode (security issue)
To manage no
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1792938
Title:
PHP 7.2.7 contains various security issues.
To manage notifications
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1792953
Title:
Security issue with PHP < 7.0.32 on Xenial
To manage notifications
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Changed in: util-linux (Ubuntu)
Status: New => Confirmed
** Changed in: util-linux (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1792967
Title:
CV
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
The attached should is more robust to optimisation in gcc and is updated
against the latest devscripts in disco
** Patch added: "devscripts_2.19.4ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+attachment/5254407/+files/devscripts_2.19.4ubuntu0.1.debdiff
Relaxed some of the checks to find additional stack-clash-protected
binaries due to more optimisation shenanigans
** Patch added: "devscripts_2.19.4ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+attachment/5254597/+files/devscripts_2.19.4ubuntu0.1.debdiff
targetcli-fb has not been mentioned previously and is not a task on this
bug - does it need to be added?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1854362
Title:
[MIR] ceph-iscsi, tcmu, python-c
I reviewed ntirpc 3.0-0ubuntu2 as checked into focal. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
ntirpc is a fork of the existing libtirpc library providing RPC services
for nfs-ganesha and others.
- CVE History:
- Only 1 past CVEs against ntirpc
** Attachment added: "ntirpc coverity defect results"
https://bugs.launchpad.net/ubuntu/+source/ntirpc/+bug/1843403/+attachment/5329131/+files/coverity.txt
** Changed in: ntirpc (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notificati
** Information type changed from Public to Public Security
** Tags removed: community-security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862600
Title:
sensitive config files are world-readable
I reviewed python-configshell-fb 1.1.fb25-1.1 as checked into focal. This
shouldn't be considered a full audit but rather a quick gauge of
maintainability.
python-configshell-fb provides a python library which is used for building
CLI based user-interfaces. Upstream appears healthy and responsive
I reviewed masakari 9.0.0~b2~git2020020609.8b122a8-0ubuntu2 as checked into
focal. This shouldn't be considered a full audit but rather a quick gauge
of maintainability.
masakari is a OpenStack component providing a high availability service for
instances - this allows KVM-based virtual machine i
301 - 400 of 1239 matches
Mail list logo
