[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

Ah thanks Dan! - I realise now that perhaps I should have had just the 1 bug report for both issues to make things simpler as having two seems to have complicated things too much. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https:/

[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

@ddstreet - is there anything I can / still need to do to get this into -updates? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving

[Bug 1876055] [NEW] SRU: Backport 2.4.3-1ubuntu1 from focal to eoan/bionic/xenial for newer syscalls for core20 base

Public bug reported: Placeholder to start preparing SRU for https://github.com/snapcore/core20/issues/48 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

When generating the list of systems calls for aarch64, libseccomp uses the generic kernel API headers rather than the architecture specific ones - and so misses the definitions of getrlimit, setrlimit and clone3 for aarch64 - if this is changed to use arch-specific headers then we can regenerate th

[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

Tested on an up-to-date groovy install: amurray@sec-groovy-amd64:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu Groovy Gorilla (development branch) Release:20.10 Codename: groovy amurray@sec-groovy-amd64:~$ dpkg -l seccomp Desired=Unknow

[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

@jdstrand would you be willing to sponsor that for me to groovy and then I'll update this bug for SRU of this back to focal (and will add this change also for the existing libseccomp SRU for eoan/bionic/xenial in LP #1876055) -- You received this bug notification because you are a member of Ubunt

[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

See attached for a debdiff to fix this in groovy - this backports the PR mentioned above to add these missing syscalls for aarch64. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title: libse

[Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

** Patch added: "libseccomp_2.4.3-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1877633/+attachment/5370131/+files/libseccomp_2.4.3-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. http

[Bug 1878062] Re: USB Mic (Blue Yeti) not detcted in Audacity or Ardour

For the issue of not being able to save files to / from external drives, you need to manually connect the removable-media interface for the audacity snap - so either in Ubuntu Software search again for audacity and then via the 'Permissions' button ensure the 'Read/write files on removable storage

[Bug 1878115] Re: logged luks passwords

CVE-2020-11932 has been assigned for this issue. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11932 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878115 Title: logged luks pas

[Bug 1878177] Re: CVE-2020-3810 out-of-bound stack reads in arfile

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878177 Title: CVE-2020-3810 out-of-bound stack reads in arfile To manage notifica

[Bug 1873074] Re: kernel panic hit by kube-proxy iptables-save/restore caused by aufs

This is public in the Ubuntu CVE Tracker so making the bug public too. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1873074 Title

[Bug 1888160] Re: ClamAV needs updated to reflect security fixes

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888160 Title: ClamAV needs updated to reflect security fixes To manage notifications about

[Bug 1882889] Re: Update vulnerable radare2 on 16.04, 18.04, 19.10

The version of radare2 in Ubuntu 16.04 LTS is not necessarily affected by all the listed CVEs - for more detailed status of which CVE affects which version please consult the Ubuntu CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/ ie. for instance for CVE-2017-7274 which you can se

[Bug 1882889]

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 1819344] Re: I don't know this bug

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1819366] Re: package libstdc++-8-dev 8.2.0-7ubuntu1 failed to install/upgrade: dpkg-deb --fsys-tarfile subprocess returned error exit status 2

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1812527] Re: [bionic][regression] gnome-shell crashes with SIGSEGV in meta_window_actor_is_destroyed(self=NULL) called from _switchWorkspaceDone() [windowManager.js:1787]

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812527 Title: [bionic][regression] gnome-shell crashes with SIGSEGV in meta_window_actor_

[Bug 1819240] Re: Many sites will not connect. Very slow. Some siezing.

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1820319] Re: [To Be Filled By O.E.M., Realtek ALC662 rev1, Blue Line In, Rear] No sound at all

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1820369] Re: crash while installation

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1811661] Re: Information leak (resource disk swap file created world-readable)

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1811661 Title: Information leak (resource disk swap file created world-readable) T

[Bug 1820798] [NEW] hardening-check: add support for detecting stack clash protected binaries

Public bug reported: The security team is in the process of making -fstack-clash-protection enabled by default in gcc-8/9 for 19.10 / 20.04. To support this it is useful to be able to detect binaries which include this new feature via hardening-check. Unlike previous features this can only be dete

[Bug 1821030] Re: [To Be Filled By O.E.M., Realtek ALC662 rev1, Green Line Out, Rear] No sound at all

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1821003] Re: Screen locking issue

*** This bug is a duplicate of bug 1772791 *** https://bugs.launchpad.net/bugs/1772791 ** This bug has been marked a duplicate of bug 1772791 Lock/login screen displays password in clear text occasionally ** Information type changed from Private Security to Public Security -- You receive

[Bug 1772791] Re: Lock/login screen displays password in clear text occasionally

https://gitlab.gnome.org/GNOME/gnome-shell/issues/460#note_331931 seems to offer a pretty compelling explanation of why this might be seen inadvertently. ** Bug watch added: gitlab.gnome.org/GNOME/gnome-shell/issues #460 https://gitlab.gnome.org/GNOME/gnome-shell/issues/460 -- You received th

[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries

Updated debdiff with some minor improvements to the proposed changes to be a bit more efficient and add some more comments ** Patch added: "devscripts_2.19.3ubuntu0.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+attachment/5248101/+files/devscripts_2.19.3ubuntu0.

[Bug 1746772] Re: [MIR] pymacaroons, python-libnacl

** Changed in: pymacaroons (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1746772 Title: [MIR] pymacaroons, python-libna

[Bug 1817327] Re: [Mir] python-libnacl

python-libnacl is a thin python wrapper over the libsodium C library, using ctypes to interact with libsodium. I reviewed python-libnacl 1.4.5-0ubuntu1 from xenial. This shouldn't be considered a full security audit but rather a quick check of maintainability. Furthermore this is not an audit of t

[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries

Update the debdiff again to fix a possible runtime failure in a highly unlikely corner case. ** Patch added: "devscripts_2.19.3ubuntu0.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+attachment/5248326/+files/devscripts_2.19.3ubuntu0.1.debdiff -- You received th

[Bug 1746772] Re: [MIR] pymacaroons, python-libnacl

I reviewed pymacaroons 0.9.2-0ubuntu1 as checked in to Xenial. pymacaroons is a python implementation of the Macaroon concept - like cookies but with caveats, allowing delegation and attenuation of authority - so kind of like capabilites (the real ones, not POSIX / Linux ones). - No CVE history i

[Bug 1821508] Re: there is a lagging while i am accessing the software or browing

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1621386] Re: [MIR] libsodium

I reviewed libsodium version 1.0.8-5 as checked into xenial, looking for any deviations from Seth's original review since this is a different version. - No CVE history in our database - libsodium provides a programmer- and packager-friendly library around the NaCl family of cryptography APIs. -

[Bug 1742711] Re: MIR: vulkan-loader

I reviewed vulkan-loader version 1.1.101.0-2_amd64 as checked into disco. This shouldn't be considered a full security audit but rather a quick check of maintainability. - No CVE history in our database - vulkan-loader provides support for loading the main vulkan library, handling layer and driv

[Bug 1787630] Re: [FFe] Include HTTP support in pre-build GRUB module

http.c generally looks okay - errors are usually checked and handled, care is taken to ensure buffers are not overrun etc, sizes are handled well etc. From what I can see it appears to also appropriately check input to ensure it doesn't blindly trust it as well. Also the upstream history of this f

[Bug 1825753] Re: fan speed not reported with Ubuntu 18.10 and 19.04

Sounds like this is a kernel bug / change which has caused this - reassigning. ** Changed in: indicator-sensors Status: New => Invalid ** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs

[Bug 1827202] [NEW] Apport hook may expose sensitive information

*** This bug is a security vulnerability *** Public security bug reported: OVERVIEW Author: Sander Bos Author's e-mail address: sbos _at_ sbosnet _dot_ nl Author's website: CVE identifier: requested Date: 2019-04-19 Report version: 2 SUMMARY --- The Ubun

[Bug 1827202] Re: Apport hook may expose sensitive information

This has been assigned CVE-2019-7306 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1827202 Title: Apport hook may expose sensitive information To manage notifications about this bug go to: https://

[Bug 1827202] Re: Apport hook may expose sensitive information

** Also affects: byobu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1827202 Title: Apport hook may expose sensitive information To manage notifications

[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries

Sure I'll see what I can do - my understanding was the process was to get it into Ubuntu first and then submit it back to Debian but am happy to go the other way round. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launc

[Bug 1781699] Re: DHCPv6 server crashes regularly (bionic)

This looks like a possible use-after-free so likely has a security impact (at a minimum it is a denial of service due to the crash, especially if it can be triggered remotely) - I've reported it to ISC as such who will hopefully assign a CVE and then we can fix it as a security update. For future r

[Bug 1781699] Re: DHCPv6 server crashes regularly (bionic)

This has been assigned CVE-2019-6470 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6470 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1781699 Title: DHCPv6 server crashes regula

[Bug 1827282] Re: package sgml-base 1.29 failed to install/upgrade: triggers looping, abandoned

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1827309] Re: cant upgrade via terminal

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1826746]

I noticed that some of the sentences in this bug report are not in English. If they were translated to English they would be accessible to more triagers. Could you please translate them? ** Information type changed from Private Security to Public -- You received this bug notification because y

[Bug 1827183] Re: package phonon:amd64 4:4.8.3-0ubuntu3 failed to install/upgrade: package phonon:amd64 is not ready for configuration cannot configure (current status 'half-installed')

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1826746] Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1824635] Re: zmq

** Changed in: zeromq (Ubuntu) Status: New => Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824635 Title: z

[Bug 1827959] Re: All extensions disabled due to expiration of intermediate signing cert

*** This bug is a duplicate of bug 1827727 *** https://bugs.launchpad.net/bugs/1827727 Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a

[Bug 1827959]

*** This bug is a duplicate of bug 1827727 *** https://bugs.launchpad.net/bugs/1827727 Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1827727, so it is being marked as such. Please look

[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries

MR submitted in https://salsa.debian.org/debian/devscripts/merge_requests/121 Will still try and work on the tests for it in addition so expect a follow up MR later. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchp

[Bug 1820225] Re: [MIR] robot-detection as dependency of mailman3

** Changed in: robot-detection (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820225 Title: [MIR] robot-detection as de

[Bug 1827985] Re: package acpid 1:2.0.28-1ubuntu1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1814997] Re: [MIR] libxmlb

libxmlb is a recently developed and released library written in C to allow applications to perform fast XPath queries against an XML document without having to parse the entire document into memory. This is designed to only support a subset of XPath for the purposes for fwupd and other utilities. P

[Bug 1818462] Re: exposed canonical server

people.canonical.com is publically accessible by design. There is no security issue here. ** Information type changed from Private Security to Public ** Changed in: ubuntu Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subsc

[Bug 1787630] Re: [FFe] Include HTTP support in pre-build GRUB module

** Changed in: grub2 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1787630 Title: [FFe] Include HTTP support in pre-bui

[Bug 1818584] Re: snaps applications can't open files on an USB key

Can you try connecting the removable-media interface for these snaps? snap connect telegram-desktop:removable-media :removable-media -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1818584 Title: sna

[Bug 1829016]

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 1834315] [NEW] Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan

Public bug reported: [Impact] As reported in #1833067 and https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1830890/comments/7 some glibc testcases are still regressing on i386 after applying both the following commits: commit 379d98ddf41344273d9718556f761420f4dc80b3 Author: Alistair Strach

[Bug 1834315] Re: Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan

** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1834315 Title: Revert x86/vdso linker changes from #1830890 as this causes glibc

[Bug 1834315] Re: Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan

** Tags removed: eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1834315 Title: Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan To manage notifica

[Bug 1834315] Re: Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan

Seth - the reason this is targeted against xenial is that the launchpad builders are running the 4.4 xenial kernel - and so glibc *from eoan- proposed* FTBFS when building on launchpad - and it would appear to be as a result of this change. Oddly, I cannot reproduce the same failure locally using a

[Bug 1834439] Re: designated object in OVAL definition may be wrong

Reassigning to the ubuntu-cve-tracker project since this is the relevant project ** Package changed: linux (Ubuntu) => ubuntu-cve-tracker -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1834439 Title:

[Bug 1811139] Re: [MIR] kronosnet

I reviewed kronosnet 1.8-2 as checked into eoan. This shouldn't be considered a full audit but rather a quick gauge of maintainability. kronosnet is a networking abstraction layer, designed to be used by corosync (group communication engine) to provide a better, more reliable, secure, fault toler

[Bug 1835166] [NEW] Update bolt to latest 0.8 release for eoan

Public bug reported: bolt 0.8 adds support for IOMMU handling which should help mitigate some of the risks identified in the thunderclap research https://thunderclap.io/ https://gitlab.freedesktop.org/bolt/bolt/-/tags/0.8 ** Affects: bolt (Ubuntu) Importance: Undecided Status: New

[Bug 1834315] Re: Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan

See the attached log showing a successful build of glibc from bionic on the launchpad staging build farm running the proposed kernel (4.4.0-155). ** Attachment added: "buildlog_ubuntu-bionic-i386.glibc_2.27-3ubuntu1_BUILDING.txt.gz" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834315

[Bug 1833067] Re: FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

As per https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834315/comments/7 this should be resolved once the launchpad builders are updated to the kernel in xenial-proposed (4.4.0-155) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1835181] Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1835194] Re: Upgrading 12.04 to 14.04, Broken package crashing

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1835062] Re: package etcd-server (not installed) failed to install/upgrade: installed etcd-server package post-installation script subprocess returned error exit status 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1833479] Re: libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs

>From a security point of view, it is best if this issue is fixed not just in Ubuntu but other distributions - and the best way to ensure that is to get a CVE assigned for it. Has a CVE been applied for for this issue? If not, could you please submit one to MITRE and when one is assigned please rep

[Bug 1834815] Re: usb mouse is not being detect

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// a

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

Apologies for misinterpreting this issue when initially triaging it - I have re-marked it as Security. I notice from your linked bug report that this was still happening with the upstream code as of September 2016 - but upstream did not appear to engage on the issue. Can you confirm whether this ap

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

** Changed in: openldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between lda

[Bug 1833067] Re: FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

** Changed in: glibc (Ubuntu Eoan) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1833067 Title: FTBFS on amd64 / i386 when compiled with new hardening defaults in

[Bug 1830863] Re: Integer overflow in parse_report (whoopsie.c:425)

** Attachment removed: "PoC.tar.bz2" https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830863/+attachment/5267311/+files/PoC.tar.bz2 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, whic

[Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** Information type changed from Private Security to Public Security ** Attachment removed: "PoC.tar.bz2" https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830858/+attachment/5267305/+files/PoC.tar.bz2 -- You received this bug notification because you are a member of Ubuntu Bugs, which

[Bug 1830863] Re: Integer overflow in parse_report (whoopsie.c:425)

** Branch linked: lp:~alexmurray/whoopsie/whoopsie -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1830863 Title: Integer overflow in parse_report (whoopsie.c:425) To manage notifications about this

[Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** Branch linked: lp:~alexmurray/apport/apport -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1830858 Title: TOCTOU vulnerability in _get_ignore_dom (report.py) To manage notifications about this bu

[Bug 1835166] Re: Update bolt to latest 0.8 release for eoan

Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835166 Title: Update bolt to latest 0.8 release for eoan To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+sourc

[Bug 1827202] Re: Apport hook may expose sensitive information

Is there anything blocking this being merged upstream? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1827202 Title: Apport hook may expose sensitive information To manage notifications about this b

[Bug 1830858] Re: TOCTOU vulnerability in _get_ignore_dom (report.py)

** Changed in: apport Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1830858 Title: TOCTOU vulnerability in _get_ignore_dom (report.py) To manage notifications ab

[Bug 1832309] Re: netplan stores wifi-password world-readable

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832309 Title: netplan stores wifi-password world-readable To manage notifications about thi

[Bug 1833067] [NEW] FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

Public bug reported: In eoan we are activating new hardening defaults in gcc (-fstack-clash- protection on all non-32-bit ARM arches and -fcet-protection on i386/amd64/x32). As a result of -fcet-protection by default, glibc FTBFS since it has to be explicitly configured (./configure --enable-cet)

[Bug 1833180] [NEW] Fix test-suite failures due to -fcf-protection as default in eoan

Public bug reported: The addition of -fcf-protection by default on amd64/i386/x32 on eoan causes a bunch of gcc-test-suite failures - these can be fixed by simply overriding the build options for these tests to specify -fcf- protection=none. ** Affects: gcc-9 (Ubuntu) Importance: Undecided

[Bug 1833067] Re: FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

I am a bit stumped on this one - glibc_2.29-0ubuntu3 built fine in my PPA (https://launchpad.net/~alexmurray/+archive/ubuntu/gcc-stack-clash- protection2) but FTBFS on amd64/i386 for eoan-proposed - but I cannot reproduce the same failure locally either in an schroot or in an eoan VM - however, it

[Bug 1833067] Re: FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

Using the hwe-edge kernel (5.0.0-17-generic) on a bionic host with an eoan schroot seems to work - not sure what this says about the copy_file_range test on the normal hwe kernel on bionic or for the builders on launchpad...? -- You received this bug notification because you are a member of Ubunt

[Bug 1802305] Re: "setup-data.conf" is saved as plaintext

Looks like upstream used to store the password as plaintext but changed this a while ago to instead store it in the keyring - https://github.com/GNOME/gnome- boxes/commit/ac552985647ebb6d7ee924cd77f0b93df44b4ff0 I suggest filing an issue directly upstream if you believe the current behaviour is no

[Bug 1812554] Re: package udev 229-4ubuntu21.15 failed to install/upgrade: package udev is already installed and configured

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1812544] Re: package libasprintf0v5:amd64 0.19.7-2ubuntu3.1 failed to install/upgrade: package libasprintf0v5:amd64 is already installed and configured

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1812436] Re: Display locking leaves the Ubuntu dock available and functional

*** This bug is a duplicate of bug 1769383 *** https://bugs.launchpad.net/bugs/1769383 Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1769383, so it is being marked as such. Please look

[Bug 1812480] Re: [SRU] Update to bugfix release 3.0.6 in Bionic

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812480 Title: [SRU] Update to bugfix release 3.0.6 in Bionic To manage notifications about

[Bug 1812783] Re: package tex-common 6.09 failed to install/upgrade: installed tex-common package post-installation script subprocess returned error exit status 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1812545] Re: package libasprintf0v5:amd64 0.19.7-2ubuntu3.1 failed to install/upgrade: package libasprintf0v5:amd64 is already installed and configured

*** This bug is a duplicate of bug 1812544 *** https://bugs.launchpad.net/bugs/1812544 Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a

[Bug 1812468] Re: package linux-firmware 1.173.3 failed to install/upgrade: installed linux-firmware package post-installation script subprocess returned error exit status 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 1799009] Re: Failed upgrade from Ubuntu 18.04 to 18.10

Please try running 'sudo apt-get dist-upgrade' instead -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1799009 Title: Failed upgrade from Ubuntu 18.04 to 18.10 To manage notifications about this bug

[Bug 1765304] Re: Ubuntu 18.04's ibus package breaks password fields in Firefox (by lowering & raising window whenever they're focused)

Seems this is an issue with gnome-shell: https://gitlab.gnome.org/GNOME /gnome-shell/issues/391 I have rebuilt gnome-shell with the patch from that upstream issue and it resolves this for me - if anyone wants to test I've put it in the following PPA (I just uploaded it so it will take a while to b

[Bug 1769252] Re: [SRU] ceph 12.2.7

This update will also fix CVE-2018-10861, CVE-2018-1128 & CVE-2018-1129 - which were all fixed in 12.2.6 according to upstream - subscribing myself. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10861 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1128 ** C

[Bug 1787932] Re: package linux-image-4.4.0-133-generic (not installed) failed to install/upgrade: impossible de copier les données extraites pour « ./boot/vmlinuz-4.4.0-133-generic » vers « /boot/vml

The /boot partition is full (see Df.txt attached in comment #1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1787932 Title: package linux-image-4.4.0-133-generic (not installed) failed to install

<    3   4   5   6   7   8   9   10   11   12   >