[Bug 2062406] Re: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88
** Changed in: flatpak (Ubuntu Mantic) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062406/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046372] Re: Potential security issue fixed in 1.1.2, 1.0.3 and 0.103.10
** Changed in: clamav (Ubuntu Mantic) Status: Triaged => Won't Fix ** Changed in: libclamunrar (Ubuntu Mantic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2046372 Title: Potential security issue fixed in 1.1.2, 1.0.3 and 0.103.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2046372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2040280] Re: CVE-2022-40982 on Ubuntu Mantic Linux Kernel still not fixed
** Changed in: intel-microcode (Ubuntu Mantic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2040280 Title: CVE-2022-40982 on Ubuntu Mantic Linux Kernel still not fixed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/2040280/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2040137] Re: exposing the EFI shell in Secure Boot mode can lead to security bypass
** Changed in: lxd (Ubuntu Mantic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2040137 Title: exposing the EFI shell in Secure Boot mode can lead to security bypass To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2036467] Re: Resizing cloud-images occasionally fails due to superblock checksum mismatch in resize2fs
** Changed in: e2fsprogs (Ubuntu Mantic) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2036467 Title: Resizing cloud-images occasionally fails due to superblock checksum mismatch in resize2fs To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2036467/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067445] [NEW] update to 126.0.01
Public bug reported: https://www.mozilla.org/en-US/firefox/126.0.1/releasenotes/ ** Affects: firefox (Ubuntu) Importance: Undecided Assignee: Nishit Majithia (0xnishit) Status: New ** Affects: firefox (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: firefox (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067445 Title: update to 126.0.01 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2067445/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067445] Re: update to 126.0.01
References: https://ubuntu.com/security/notices/USN-6779-2 Package Information: https://launchpad.net/ubuntu/+source/firefox/126.0.1+build1-0ubuntu0.20.04.1 ** Changed in: firefox (Ubuntu) Status: New => Fix Released ** Changed in: firefox (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067445 Title: update to 126.0.01 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2067445/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064553] [NEW] Update to 125.0.3
Public bug reported: https://www.mozilla.org/en-US/firefox/125.0.3/releasenotes/ ** Affects: firefox (Ubuntu) Importance: Undecided Assignee: Nishit Majithia (0xnishit) Status: New ** Affects: firefox (Ubuntu Focal) Importance: Undecided Assignee: Nishit Majithia (0xnishit) Status: New ** Also affects: firefox (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: firefox (Ubuntu Focal) Assignee: (unassigned) => Nishit Majithia (0xnishit) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064553 Title: Update to 125.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2064553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064553] Re: Update to 125.0.3
References: https://ubuntu.com/security/notices/USN-6747-2 Package Information: https://launchpad.net/ubuntu/+source/firefox/125.0.3+build1-0ubuntu0.20.04.1 ** Changed in: firefox (Ubuntu) Status: New => Fix Released ** Changed in: firefox (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064553 Title: Update to 125.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2064553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056258] [NEW] Update to 123.0.1
Public bug reported: https://www.mozilla.org/en-US/firefox/123.0.1/releasenotes/ ** Affects: firefox (Ubuntu) Importance: Undecided Assignee: Nishit Majithia (0xnishit) Status: New ** Affects: firefox (Ubuntu Focal) Importance: Undecided Assignee: Nishit Majithia (0xnishit) Status: New ** Also affects: firefox (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: firefox (Ubuntu Focal) Assignee: (unassigned) => Nishit Majithia (0xnishit) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056258 Title: Update to 123.0.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2056258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056258] Re: Update to 123.0.1
USN-6649-2 Package Information: https://launchpad.net/ubuntu/+source/firefox/123.0.1+build1-0ubuntu0.20.04.1 ** Changed in: firefox (Ubuntu) Status: New => Fix Released ** Changed in: firefox (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056258 Title: Update to 123.0.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2056258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2070807] Re: [MIR] highway
I reviewed highway 1.2.0-3ubuntu2 as checked into oracular. This shouldn't be considered a full audit but rather a quick gauge of maintainability. PLACE OTHER NOTES REGARDING THE NATURE OF THE REVIEW ITSELF. highway is a C++ library that provides portable SIMD/vector intrinsics. It makes SIMD/vector programming easy to increase performace in softwares. - CVE History - None - Build-Depends - Nothing concerning, it requires cmake, libgtest-dev and ninja-build as build depends - pre/post inst/rm scripts - None - init scripts - None - systemd units - None - dbus services - None - setuid binaries - None - binaries in PATH - it will geberate these libraries - /lib/x86_64-linux-gnu/libhwy.so.1 - /lib/x86_64-linux-gnu/libhwy_contrib.so.1 - /lib/x86_64-linux-gnu/libhwy_test.so.1 - sudo fragments - None - polkit files - None - udev rules - None - unit tests / autopkgtests - There are extensive set of unit test cases which runs when building the package - Right now only the smoke test is being run as a autosuggest - cron jobs - None - Build logs - == compiler warnings() == CMake Warning: dh_installdocs: warning: Cannot auto-detect main package for highway-doc. If the default is wrong, please use --doc-main-package - == failures() == -- Performing Test HWY_EMSCRIPTEN - Failed -- Performing Test HWY_RISCV - Failed Dereference of free object 2, next object number as offset failed (code = -18), returning NULL object. 100% tests passed, 0 tests failed out of 1985 Measurement failed: overhead 50 < 52 MeasureClosure failed. - == warnings() == dh_auto_configure -- -DCMAKE_SKIP_RPATH:BOOL=OFF -DBUILD_SHARED_LIBS:BOOL=ON -DHWY_WARNINGS_ARE_ERRORS:BOOL=ON -DHWY_SYSTEM_GTEST:BOOL=ON cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb PKG_CONFIG=/usr/bin/pkg-config cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_USE_PACKAGE_REGISTRY=OFF -DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON -DFETCHCONTENT_FULLY_DISCONNECTED=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run -GNinja -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu -DCMAKE_SKIP_RPATH:BOOL=OFF -DBUILD_SHARED_LIBS:BOOL=ON -DHWY_WARNINGS_ARE_ERRORS:BOOL=ON -DHWY_SYSTEM_GTEST:BOOL=ON .. CMake Deprecation Warning at CMakeLists.txt:28 (cmake_policy): CMake Warning: dh_installdocs: warning: Cannot auto-detect main package for highway-doc. If the default is wrong, please use --doc-main-package - == dpkg_warnings() == dpkg-shlibdeps: warning: diversions involved - output may be incorrect dpkg-shlibdeps: warning: diversions involved - output may be incorrect dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/libhwy1t64/usr/lib/x86_64-linux-gnu/libhwy_contrib.so.1.2.0 debian/libhwy1t64/usr/lib/x86_64-linux-gnu/libhwy.so.1.2.0 debian/libhwy1t64/usr/lib/x86_64-linux-gnu/libhwy_test.so.1.2.0 were not linked against libgcc_s.so.1 (they use none of the library's symbols) - Processes spawned - Looks good, few instances are in tests. - Memory management - Few instances are there in hwy/base.h, hwy/aligned_allocator_test.cc and hwy/contrib/thread_pool/thread_pool.h but all of them look fine - File IO - It is there in docs/ folder. looks good - Logging - Logging is being done carefully - Environment variable usage - None - Use of privileged functions - None - Use of cryptography / random number sources etc - nothing significant, most of the occurrences are in md files as part of documentation, looks fine - Use of temp files - None - Use of networking - Looks fine - Use of WebKit - None - Use of PolicyKit - None - Any significant cppcheck results - All findings are in test files, looks fine - Any significant Coverity results - Coverity scan result is of 247MB, but majority of them are false positive and are from tests/ folder - Few Interger Under/Overflow issues in hwy/alligned_allocator.h, hwy/contrib/algo/find-inl.h, hwy/contrib/algo/find-inl.h, and hwy/nanobenchmark.cc are too false positive since the proper checks has been implemented in alligned_allocator.h file regarding the size before allocating the memory poiters - Any significant shellcheck results - looks fine, findings are in tests and docs folder - Any significant bandit results - Few low findings in docs/mm-converter.py which are false positive - Any significant govulncheck results - N/A, no go files - Any significant Semgrep results - None One possible issue I see is binaries are not PIE enabled, but since these are libraries it should be fine - libhwy_contrib.so.1.2.0 - libhwy_test.so.1.2.0 - libhwy.so.1.2.0 Security team ACK for promoting highway to main. There are no visible issues found. ** Changed in: highway (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received
[Bug 2089071] Re: tarfile.py regression: "ReadError: invalid header"
I can reproduce the issue, this patch https://pastebin.canonical.com/p/J5jzyFkbcT/ can resolve the issue, we're working on releasing the fixed version asap. I will update this thread once it is done thank you for the patience ** Changed in: python2.7 (Ubuntu Focal) Assignee: (unassigned) => Nishit Majithia (0xnishit) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089071 Title: tarfile.py regression: "ReadError: invalid header" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2089071/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2097527] Re: ruby2.7 2.7.0-5ubuntu1.16 regression: REXML parse error with "xml:" prefix
Thanks for reporting the issue. I will be working on fixing this -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2097527 Title: ruby2.7 2.7.0-5ubuntu1.16 regression: REXML parse error with "xml:" prefix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.7/+bug/2097527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2097527] Re: ruby2.7 2.7.0-5ubuntu1.16 regression: REXML parse error with "xml:" prefix
Hey @bpsbaba @lucaskanashiro, I have patched the ruby2.7 and uploaded to security-proposed ppa (https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa) for testing. This version should work as expected. Let me know if there is any issue. I am planning to publish the patched version before end of this week. TIA ** Changed in: ruby2.7 (Ubuntu) Assignee: (unassigned) => Nishit Majithia (0xnishit) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2097527 Title: ruby2.7 2.7.0-5ubuntu1.16 regression: REXML parse error with "xml:" prefix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.7/+bug/2097527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089239] Re: tarfile.py regression: "ReadError: invalid header"
*** This bug is a duplicate of bug 2089071 *** https://bugs.launchpad.net/bugs/2089071 it is also fixed in jammy https://ubuntu.com/security/notices/USN-7015-6 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089239 Title: tarfile.py regression: "ReadError: invalid header" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2089239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089136] Re: python2.7 (2.7.18-1~20.04.5) breaks pip tar downloads
*** This bug is a duplicate of bug 2089071 *** https://bugs.launchpad.net/bugs/2089071 fix has been released: https://ubuntu.com/security/notices/USN-7015-6 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089136 Title: python2.7 (2.7.18-1~20.04.5) breaks pip tar downloads To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-defaults/+bug/2089136/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089071] Re: tarfile.py regression: "ReadError: invalid header"
** Also affects: python2.7 (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: python2.7 (Ubuntu Jammy) Status: New => Fix Released ** Changed in: python2.7 (Ubuntu Jammy) Assignee: (unassigned) => Nishit Majithia (0xnishit) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089071 Title: tarfile.py regression: "ReadError: invalid header" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2089071/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
