[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal

2025-03-12 Thread Marc Deslauriers
I am making this bug public as this regression is probably hitting more than one person. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/b

[Bug 2100975] Re: CVE-2025-1080

2025-03-12 Thread Marc Deslauriers
https://ubuntu.com/security/notices/USN-7337-1 ** Changed in: libreoffice (Ubuntu Focal) Status: In Progress => Fix Released ** Changed in: libreoffice (Ubuntu Jammy) Status: In Progress => Fix Released ** Changed in: libreoffice (Ubuntu Noble) Status: In Progress => Fix Rel

[Bug 2100975] Re: CVE-2025-1080

2025-03-06 Thread Marc Deslauriers
Thanks! Packages are now building in the security team PPA and will be released soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2100975 Title: CVE-2025-1080 To manage notifications about this b

[Bug 2078822] Re: With Bluetooth headset connect, a malicious program can crash Pulseaudio on Ubuntu16.04

2025-02-17 Thread Marc Deslauriers
Hi Rachanan, Since the standard support for Ubuntu 16.04 LTS has ended, fixing this will be available in the ESM repository only. Are you still interested in us sponsoring your fix even if it is only available as an ESM update? Thanks! -- You received this bug notification because you are a memb

[Bug 1977718] Re: buffer overflow in nginx rtmp module

2025-02-14 Thread Marc Deslauriers
** Also affects: nginx (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: nginx (Ubuntu Focal) Status: New => Confirmed ** Changed in: nginx (Ubuntu Jammy) Status: New => Confir

[Bug 1987228] Re: Bug display when turning to hibernation

2025-02-14 Thread Marc Deslauriers
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1987228 Title: Bug display when turning to hibernation To manage notifications about

[Bug 1977875] Re: Ubuntu Desktop boot hangs absent zeroconf packets and after avahi-daemon purge

2025-02-14 Thread Marc Deslauriers
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1977875 Title: Ubuntu Desktop boot hangs absent zeroconf packets and after avahi- daemon pu

[Bug 1977718] Re: buffer overflow in nginx rtmp module

2025-02-14 Thread Marc Deslauriers
** Changed in: nginx (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1977718 Title: buffer overflow in nginx rtmp module To manage notifications about this bu

[Bug 1976478] Re: Telegram Desktop steals input on Lock screen (Xorg session)

2025-02-14 Thread Marc Deslauriers
** Changed in: gnome-shell (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976478 Title: Telegram Desktop steals input on Lock screen (Xorg session) To manage

[Bug 1942673] Re: glibc AddressSanitizer:DEADLYSIGNAL

2025-02-14 Thread Marc Deslauriers
** Changed in: pcre2 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1942673 Title: glibc AddressSanitizer:DEADLYSIGNAL To manage notifications about this bu

[Bug 1922189] Re: integer overflow for maliciously crafted tga file

2025-02-14 Thread Marc Deslauriers
Since the upstream bug is public, I am making this bug public too. Thanks. ** Also affects: launchphplib Importance: Undecided Status: New ** No longer affects: launchphplib ** Information type changed from Private Security to Public Security ** Changed in: plib (Ubuntu) Status

[Bug 1921301] Re: heap overflow

2025-02-14 Thread Marc Deslauriers
Please file a bug with the upstream jhead developers here: https://github.com/Matthias-Wandel/jhead/issues Once you have done that, please add a comment here with the bug number. Thanks! ** Changed in: jhead (Ubuntu) Status: New => Incomplete -- You received this bug notification becaus

[Bug 1535768] Re: pkexec tty hijacking via TIOCSTI ioctl

2025-02-14 Thread Marc Deslauriers
This is CVE-2016-2568, and there is no solution to this issue as of today. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-2568 ** Bug watch added: Debian Bug tracker #816062 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062 ** Also affects: policykit-1 (Debian) via

[Bug 2098089] Re: package cloudkitty-common 20.0.0-1ubuntu2 failed to install/upgrade: 已安装 cloudkitty-common 软件包 post-installation 脚本 子进程返回错误状态 1

2025-02-14 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2088268] Re: systemd /tmp cleaning removes files that it shouldn't

2025-02-13 Thread Marc Deslauriers
So, before systemd-tmpfiles was used, Ubuntu used tmpreaper to perform periodic cleaning of the /tmp dir. tmpreaper had a list of exceptions: --protect '/tmp/.X*-{lock,unix,unix/*}' \ --protect '/tmp/.ICE-{unix,unix/*}' \ --protect '/tmp/.iroha_{unix,unix/*}' \ --protect '/tmp/.ki2-{unix,unix/*}'

[Bug 2097004] Re: Security bug update to 535.230.02

2025-02-11 Thread Marc Deslauriers
** Changed in: nvidia-graphics-drivers-535 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2097004 Title: Security bug update to 535.230.02 To manage

[Bug 2073500] Re: Ubuntu RT2x00 USB Driver Kernel Use-After-Free Vulnerability

2025-02-11 Thread Marc Deslauriers
** Changed in: linux (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073500 Title: Ubuntu RT2x00 USB Driver Kernel Use-After-Free Vulnerability To manage noti

[Bug 2078822] Re: With Bluetooth headset connect, a malicious program can crash Pulseaudio on Ubuntu16.04

2025-02-11 Thread Marc Deslauriers
** Changed in: pulseaudio (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078822 Title: With Bluetooth headset connect, a malicious program can crash Pulsea

[Bug 2083047] Re: Failure to maintain locked screen after monitor is turned off for inactivity

2025-02-11 Thread Marc Deslauriers
** Package changed: ubuntu => xscreensaver (Ubuntu) ** Changed in: xscreensaver (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2083047 Title: Failure t

[Bug 2083312] Re: linux-libc-dev package has vulnerabilities

2025-02-11 Thread Marc Deslauriers
** Changed in: linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083312 Title: linux-libc-dev package has vulnerabilities To manage notifications about t

[Bug 2086515] Re: Cryptographically unsafe RNG used for FIT images

2025-02-11 Thread Marc Deslauriers
** Changed in: u-boot (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2086515 Title: Cryptographically unsafe RNG used for FIT images To manage notifications

[Bug 2086695]

2025-02-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 2086697]

2025-02-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 2086696]

2025-02-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 2088433] Re: Problems with tigervncserver copying credential files to /tmp

2025-02-11 Thread Marc Deslauriers
** No longer affects: systemd (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2088433 Title: Problems with tigervncserver copying credential files to /tmp To manage notifications about this

[Bug 2095001] Re: Very weird and dangerous bug in systemd's sudoing (polkit?) process

2025-02-11 Thread Marc Deslauriers
** Also affects: policykit-1 via https://github.com/polkit-org/polkit/issues/545 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2095001 Title:

[Bug 2097004] Re: Security bug update to 535.230.02

2025-02-11 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2097004 Title: Security bug update to 535.230.02 To manage notifications about thi

[Bug 2097105] Re: acpitool 0.5.1-7 crashes with -e flag (buffer overflow)

2025-02-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2097656] Re: package libheif-plugin-aomenc:i386 1.17.6-1ubuntu4.1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

2025-02-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2097707] Re: package keyutils (not installed) failed to install/upgrade: dpkg-deb --control subprocess returned error exit status 2

2025-02-11 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2070285] Re: package tzdata 2024a-3ubuntu1.1 failed to install/upgrade: installed tzdata package post-installation script subprocess returned error exit status 10

2025-01-29 Thread Marc Deslauriers
Please also release this package into the security pocket as we want to keep them in sync. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2070285 Title: package tzdata 2024a-3ubuntu1.1 failed

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-27 Thread Marc Deslauriers
These updates have been published. Thanks! https://ubuntu.com/security/notices/USN-7228-1 ** Changed in: libreoffice (Ubuntu Focal) Status: In Progress => Fix Released ** Changed in: libreoffice (Ubuntu Jammy) Status: In Progress => Fix Released ** Changed in: libreoffice (Ubuntu

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-24 Thread Marc Deslauriers
Thanks for these! I'll upload them for building and will release them when done. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095307 Title: CVE-2024-12425 and CVE-2024-12426 To manage notificatio

[Bug 2060613] Re: Gedit sometimes crashes by segmentation fault at closure

2025-01-14 Thread Marc Deslauriers
I believe this is caused by the snippets plugin. When I disable it, I no longer get a crash on exit. Unfortunately, it looks like the snippets plugin was removed in later versions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https:

[Bug 2067480] Re: MRE updates of dpdk 23.11.2(Noble)/22.11.5(Mantic)/21.11.7(Jammy)

2024-12-19 Thread Marc Deslauriers
Unfortunately, there was a security update published today to the existing packages, so we definitely need to respin the proposed packages to 23.11.3 and 21.11.9. https://ubuntu.com/security/notices/USN-7178-1 -- You received this bug notification because you are a member of Ubuntu Bugs, which i

[Bug 2091695] Re: PHP ldap: undefined symbol RETURN_THROWS

2024-12-13 Thread Marc Deslauriers
** Changed in: php7.4 (Ubuntu Jammy) Status: Confirmed => Invalid ** Changed in: php7.4 (Ubuntu Noble) Status: Confirmed => Invalid ** Changed in: php7.4 (Ubuntu Oracular) Status: Confirmed => Invalid ** Changed in: php7.4 (Ubuntu Plucky) Status: Confirmed => Invalid

[Bug 2091695] Re: PHP ldap: undefined symbol RETURN_THROWS

2024-12-13 Thread Marc Deslauriers
Thanks for reporting this issue, we are currently investigating. ** Also affects: php7.4 (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: php7.4 (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: php7.4 (Ubuntu Jammy) Importance: Undecide

[Bug 1987569] Re: Versions in Bionic and Focal are vulnerable to CVE-2020-12823

2024-12-06 Thread Marc Deslauriers
Due to lack of activity from the original bug reporter, we are closing this bug. ** Changed in: openconnect (Ubuntu Bionic) Status: New => Invalid ** Changed in: openconnect (Ubuntu Focal) Status: New => Invalid ** Changed in: openconnect (Ubuntu) Status: In Progress => Inva

[Bug 1955352] Re: Vulnerable to information disclosure through various actions

2024-12-06 Thread Marc Deslauriers
Due to lack of activity from the original bug reporter, we are closing this bug. ** Changed in: mediawiki (Ubuntu Bionic) Status: In Progress => Invalid ** Changed in: mediawiki (Ubuntu Focal) Status: In Progress => Invalid ** Changed in: mediawiki (Ubuntu Jammy) Status: Fix

[Bug 2089680] Re: Insufficient fix for CVE-2024-10573

2024-11-26 Thread Marc Deslauriers
This only affected Focal, the later releases include the second commit already. ** Changed in: mpg123 (Ubuntu Jammy) Status: New => Fix Released ** Changed in: mpg123 (Ubuntu Noble) Status: New => Fix Released ** Changed in: mpg123 (Ubuntu Oracular) Status: New => Fix Releas

[Bug 2089680] [NEW] Insufficient fix for CVE-2024-10573

2024-11-26 Thread Marc Deslauriers
*** This bug is a security vulnerability *** Public security bug reported: The fix for CVE-2024-10573 is insufficient in certain releases, pending investigation. This is the tracking bug. ** Affects: mpg123 (Ubuntu) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur

[Bug 1889248] Re: [MIR] mdevctl, jq, libonig

2024-11-26 Thread Marc Deslauriers
Since the jq and libonig focal packages contain mostly the same major versions as the packages which are in main in jammy, and the detailed information in comment #15, ACK from the security team on promoting them to main in focal. -- You received this bug notification because you are a member of

[Bug 2088217] Re: Feature request, can we distro-patch sshd to emit warnings on dangerous configurations?

2024-11-14 Thread Marc Deslauriers
I think this is a great idea. We should, at the very least, print a warning about password authentication if it's enabled, as that is a default configuration we know should ideally be changed once a system is installed. -- You received this bug notification because you are a member of Ubuntu Bugs

[Bug 2088207] Re: cloud-init enables ssh password auth in an unexpected config file

2024-11-14 Thread Marc Deslauriers
I'm adding the openssh package to this bug, as the default configuration file has a Debian/Ubuntu-specific include directory configured and I think we should add an appropriate comment to inform the user that files included in the directory may override the configuration items in ssd_config. This w

[Bug 2088207] Re: cloud-init enables ssh password auth in an unexpected config file

2024-11-14 Thread Marc Deslauriers
If you google "how to disable ssh password authentication", there are pages and pages of instructions that instruct to modify sshd_config. I'm not sure how to correct user expectations. Maybe adding more explicit comments to sshd_config could be okay. How is cloud-init making sure another file in

[Bug 2088207] Re: cloud-init enables ssh password auth in an unexpected config file

2024-11-14 Thread Marc Deslauriers
Perhaps an acceptable solution could be to write the file only if cloud- init needs to overwrite the value to "no", but if the value is "yes", the openssh default, it shouldn't create the file. This would allow continuing to use the .d directory, but would prevent confusion which results in passwor

[Bug 2088207] Re: cloud-init enables ssh password auth in an unexpected config file

2024-11-14 Thread Marc Deslauriers
While the override directory is documented, it is quite unexpected that a default installation will make use of it, which is why this bug exists in the first place. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad

[Bug 2088207] Re: cloud-init enables ssh password auth in an unexpected config file

2024-11-14 Thread Marc Deslauriers
Is there a reason cloud-init needs to create an override in the first place, rather than changing the setting in the main file? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2088207 Title: cloud-ini

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

2024-11-07 Thread Marc Deslauriers
@james-page thanks for the tests, will publish today. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2085851 Title: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces To mana

[Bug 2085667] Re: package mysql-server-8.0 8.0.39-0ubuntu0.24.04.2 failed to install/upgrade: installed mysql-server-8.0 package post-installation script subprocess returned error exit status 1 , also

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2084401] Re: My whole system has been collapsing. I'm going to down load and reinstall.

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2084491] Re: In my HD is installed ubuntu 24 and I'm trying to downgrade to 22. I was intaling and everything was ok until I got back a step and the it wasn't able to access my HD anymore

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2086358]

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 2085388] Re: MSI Bravo 15, AMD, Radeon - loud fan, HDMI not working

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2085666] Re: Roundcube CVE-2024-37383 and CVE-2024-37384

2024-11-07 Thread Marc Deslauriers
** Changed in: roundcube (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2085666 Title: Roundcube CVE-2024-37383 and CVE-2024-37384 To manage notifications ab

[Bug 2086160] Re: package xdiagnose 3.8.10 failed to install/upgrade: no se puede abrir `/usr/lib/systemd/system/failsafe-x.service.dpkg-new': No existe el archivo o el directorio

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2085731] Re: keine bereitschaft möglich in ubutu 24.04

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2086546] Re: I get the bug as an esm bug problem when I write the command sudo apt update

2024-11-07 Thread Marc Deslauriers
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2086546 Title: I get the bug as an esm bug problem when I write the command sudo apt updat

[Bug 2086573] Re: package libcom-err2:amd64 1.45.5-2ubuntu1.2 failed to install/upgrade: package libcom-err2:amd64 is already installed and configured

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2086597] Re: package mariadb-server (not installed) failed to install/upgrade: new mariadb-server package pre-installation script subprocess returned error exit status 1

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2086582] Re: package libavutil55:amd64 7:3.4.6-0ubuntu0.18.04.1 failed to install/upgrade: problèmes de dépendances - laissé non configuré

2024-11-07 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

2024-11-04 Thread Marc Deslauriers
** Changed in: cinder (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Information type changed from Public to Public Security ** Changed in: cinder (Ubuntu Jammy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: cinder (Ubuntu

[Bug 2081166] Re: Embedded webkit view doesn't work with wasm

2024-10-24 Thread Marc Deslauriers
webkit2gtk in supported releases is now more recent than the problematic version listed in this bug, so I am closing it. Feel free to reopen it if the issue persists. Thanks! ** Changed in: webkit2gtk (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because

[Bug 2083293] Re: [GNR] Virt-Libvirt: Add platform support to libvirt

2024-10-07 Thread Marc Deslauriers
** Also affects: libvirt (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: Ubuntu Noble Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Oracular) Importance: Undecided Assignee: Hector CAO (hectorcao) Status: In Progress ** Al

[Bug 1957077] Re: SIGSEGV during processing of unicode string

2024-10-02 Thread Marc Deslauriers
tatus: Fix Released => In Progress ** Changed in: unzip (Ubuntu Noble) Status: New => In Progress ** Changed in: unzip (Ubuntu Noble) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: unzip (Ubuntu Oracular) Assignee: (unassigned) => Marc Desl

[Bug 2083176] Re: grub-efi/install_devices becoming stale due to by-id/nvme-eui.* symlinks disappearing

2024-09-30 Thread Marc Deslauriers
grub-install worked, and the laptop reboot successfully. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083176 Title: grub-efi/install_devices becoming stale due to by-id/nvme-eui.* symlin

[Bug 2083176] Re: grub-efi/install_devices becoming stale due to by-id/nvme-eui.* symlinks disappearing

2024-09-30 Thread Marc Deslauriers
So now that we've identified the root cause, I have checked the box beside the disk that is displayed, clicked the Next button and am presented with a dialog with an unchecked box that says "Continue without installing grub". If I don't check that, I get a warning and I go back to the disk selectio

[Bug 2083176] Re: grub-efi/install_devices becoming stale due to by-id/nvme-eui.* symlinks disappearing

2024-09-30 Thread Marc Deslauriers
We have a winner! 01:00.0 Non-Volatile memory controller [0108]: SK hynix Gold P31 SSD [1c5c:174a] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083176 Title: grub-efi/install_devices becoming sta

[Bug 2083176] Re: grub-efi/install_devices becoming stale due to by-id/nvme-eui.* symlinks disappearing

2024-09-30 Thread Marc Deslauriers
/sys/class/block/nvme0n1/wwid is: nvme.1c5c-465342334e3636383131343130334f3259-534b48796e69785f48464d35313247443348583031354e-0001 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083176 Title: g

[Bug 2083176] Re: grub-efi install device being prompted on upgrade, despite only /boot/efi being an option.

2024-09-30 Thread Marc Deslauriers
I didn't migrate the installation. It looks like I installed it with jammy. Here are the /var/log/installer contents if that helps any. ** Attachment added: "Contents of /var/log/installer" https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2083176/+attachment/5823468/+files/installer.tgz -

[Bug 2083176] Re: grub-efi install device being prompted on upgrade, despite only /boot/efi being an option.

2024-09-30 Thread Marc Deslauriers
** Attachment added: "Contents of /dev/disk/by-id" https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2083176/+attachment/5823467/+files/by-id.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/20

[Bug 2083176] Re: grub-efi install device being prompted on upgrade, despite only /boot/efi being an option.

2024-09-30 Thread Marc Deslauriers
Here's the output of debconf-show grub-pc. debconf-show grub-efi-amd64 didn't return anything. ** Attachment added: "grub-pc debconf" https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2083176/+attachment/5823439/+files/output.txt -- You received this bug notification because you are a mem

[Bug 2083176] Re: grub-efi install device being prompted on upgrade, despite only /boot/efi being an option.

2024-09-30 Thread Marc Deslauriers
The laptop is still waiting at this dialog in case there's some relevant information that would be useful for this bug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083176 Title: grub-efi install d

[Bug 2083176] Re: grub-efi install device being prompted on upgrade

2024-09-30 Thread Marc Deslauriers
> Is it possible that something was changed about this installation / computer since it was originally installed that could have caused the install device to become invalid? There nothing special about this device. It's just an HP laptop with a single disk that was installed by me in a default way

[Bug 2083176] [NEW] Technical dialog during upgrade

2024-09-29 Thread Marc Deslauriers
Public bug reported: A family member just sent me this dialog that popped up when they installed their updates today. I'm not sure how a regular user is supposed to be able to handle what is presented here. Do they check the box? What happens if they don't? Heck, even I don't know what the proper

[Bug 2082335] Re: Sept 2024 security issue tracking bug

2024-09-27 Thread Marc Deslauriers
** Changed in: cups (Ubuntu Oracular) Status: New => Fix Committed ** Changed in: cups (Ubuntu Focal) Assignee: Kevin bush (akjk32002) => (unassigned) ** Changed in: cups (Ubuntu Jammy) Assignee: Kevin bush (akjk32002) => (unassigned) ** Changed in: cups (Ubuntu Noble) Assi

[Bug 2082335] Re: Sept 2024 security issue tracking bug

2024-09-26 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2082335 Title: Sept 2024 security issue tracking bug To manage notifications about

[Bug 2081756] Re: Annoying pop-ups from gpgsm

2024-09-24 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security ** Changed in: gnupg2 (Ubuntu) Status: New => Confirmed ** Changed in: gnupg2 (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscri

[Bug 2081875] [NEW] Update to 20240203 bundle

2024-09-24 Thread Marc Deslauriers
) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Jammy) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Noble) Importance: Undecided

[Bug 2072370]

2024-09-24 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is availabl

[Bug 2073033] Re: request to /storage/v2/edit_partition crashed with Exception | I like specifc byte count with files in Gnome It is no longer available I use them for comparison Only GB & MB are avai

2024-09-24 Thread Marc Deslauriers
** Information type changed from Public Security to Public ** Tags added: noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073033 Title: request to /storage/v2/edit_partition crashed with Excep

[Bug 2073515] Re: functionality loss in mod_proxy rewritten path

2024-09-24 Thread Marc Deslauriers
** Changed in: apache2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073515 Title: functionality loss in mod_proxy rewritten path To manage notifications a

[Bug 2076471] Re: Screen locking issue

2024-09-24 Thread Marc Deslauriers
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2076471 Title: Screen locking issue To manage notifications about this bug go to: ht

[Bug 2075118] Re: PNG images in .deb don't match md5sums file or local build

2024-09-24 Thread Marc Deslauriers
** Also affects: pkgbinarymangler (Ubuntu) Importance: Undecided Status: New ** Changed in: pkgbinarymangler (Ubuntu) Status: New => Confirmed ** Changed in: sunpy (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu

[Bug 2076397] Re: Ghostwrite mitigation

2024-09-24 Thread Marc Deslauriers
** Changed in: opensbi (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076397 Title: Ghostwrite mitigation To manage notifications about this bug go to: http

[Bug 2080555] Re: ubunutu 20 has many vulnerability for the package linux-aws-5.15

2024-09-24 Thread Marc Deslauriers
** Changed in: linux-aws-5.15 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2080555 Title: ubunutu 20 has many vulnerability for the package linux-aws-5.15

[Bug 2079834] Re: libssh2-1 lacks support for rsa-sha2-{512,256}

2024-09-24 Thread Marc Deslauriers
** Changed in: libssh2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2079834 Title: libssh2-1 lacks support for rsa-sha2-{512,256} To manage notifications a

[Bug 2081600] Re: Issue with upgrading

2024-09-24 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2081605] Re: 3.32.2 Deprecated

2024-09-24 Thread Marc Deslauriers
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2081605 Title: 3.32.2 Deprecated To manage notifications about this bug go to: https://bugs

[Bug 2081855] Re: Following recent Ubuntu 24.04.1 LTS upgrade an 'Error: opening the cache'.

2024-09-24 Thread Marc Deslauriers
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Bug 2080940] Re: unattended-upgrades broken by python-upgrade

2024-09-17 Thread Marc Deslauriers
** Bug watch added: github.com/python/cpython/issues #124170 https://github.com/python/cpython/issues/124170 ** Also affects: python via https://github.com/python/cpython/issues/124170 Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #1079780 https://b

[Bug 2075145] Re: exfatprogs CVE-2023-45897 backport to jammy

2024-08-20 Thread Marc Deslauriers
Update has been published now, thanks for testing! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2075145 Title: exfatprogs CVE-2023-45897 backport to jammy To manage notifications about this bug go

[Bug 2075145] Re: exfatprogs CVE-2023-45897 backport to jammy

2024-08-19 Thread Marc Deslauriers
Thanks for the debdiff for this issue. I've validated that that is the only commit that affects jammy. I have uploaded this package for building in the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Once the package has finished building, c

[Bug 2051574] Re: gnome-shell-portal-helper crashed with SIGTRAP in waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap: setting up uid map: Permission denied" ; "Failed to fully launch

2024-08-16 Thread Marc Deslauriers
I'll let someone else decide if this bug is still worth fixing even though we aren't using the helper anymore. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2051574 Title: gnome-shell-portal-helper

[Bug 2051574] Re: gnome-shell-portal-helper crashed with SIGTRAP in waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap: setting up uid map: Permission denied" ; "Failed to fully launch

2024-08-16 Thread Marc Deslauriers
Ah yes, this should be fixed now because of the security update. I meant to update this bug, but forgot. Thanks for noticing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2051574 Title: gnome-shell

[Bug 2077001] Re: Clipboard contents available at locked screen

2024-08-14 Thread Marc Deslauriers
Thanks! ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077001 Title: Clipboard contents available at locked screen To manage no

[Bug 2076130] Re: CVE-2024-6472

2024-08-13 Thread Marc Deslauriers
Thanks Rico! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076130 Title: CVE-2024-6472 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2076

[Bug 2076130] Re: CVE-2024-6472

2024-08-13 Thread Marc Deslauriers
Hi Rico, the debdiff in comment #1 contains a patch that doesn't actually apply to jammy. Could you please fix it? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076130 Title: CVE-2024-6472

[Bug 2076130] Re: CVE-2024-6472

2024-08-13 Thread Marc Deslauriers
Thanks for preparing these Rico, I'll prepare the security updates! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076130 Title: CVE-2024-6472 To manage notifications about this bug go to: https://

[Bug 1967245] Re: 'net usershare' returned error 255 on jammy-desktop-amd64

2024-08-13 Thread Marc Deslauriers
** Changed in: nautilus-share (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: nautilus-share (Ubuntu Focal) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

  1   2   3   4   5   6   7   8   9   10   >