Hello Jeremy, or anyone else affected, Accepted tracker into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tracker/1.10.2-0ubuntu0.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: tracker (Ubuntu Yakkety) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tracker in Ubuntu. https://bugs.launchpad.net/bugs/1648921 Title: Sandbox the tracker extractor Status in Tracker: Fix Released Status in tracker package in Ubuntu: Fix Released Status in tracker source package in Xenial: New Status in tracker source package in Yakkety: Fix Committed Bug description: * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp - extractor's filesystem and network access is limited to being read and local only (LP: #1648921) - No CVE number The tracker developers have recently confined their extractor to attempt to make tracker more resilient to attacks, especially involving flaws in gstreamer parsers. There is no CVE number assigned to this issue. https://lwn.net/Articles/708196/ https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html The gstreamer security fixes are being handled separately. See bug 1619600 To manage notifications about this bug go to: https://bugs.launchpad.net/tracker/+bug/1648921/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
