Rik only pushed an update for 20.10 Beta i.e groovy as he only has
access to the development version.
For the LTS release 20.04, the patch has not been released as it can
only be pushed by the Ubuntu security team or the release sponsors team.
I have just now added the ubuntu-security sponsors to
Upstream has included the below test archive in the original advisory.
Upon trying to open the test archive in ark, a warning will show below
the menu bar.
Proof of concept
For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/re
I have tested steve's focal build from security-proposed and was able to
succesfully validate the fix i.e. warning for the PoC.
I have attached a screenshot of the warning when trying to open the PoC
** Attachment added: "ark_fix_test.png"
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1
** Attachment removed: "ark_fix_test.png"
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+attachment/5399333/+files/ark_fix_test.png
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bug
Code went through a major refactor after xenial to integrate with
updated Qt. See https://phabricator.kde.org/T2704
The refactor for this function was
-void Job::onEntry(const ArchiveEntry & archiveEntry)
+void Job::onEntry(Archive::Entry *entry)
{
-emit newEntry(archiveEntry);
+emit new
debdiff for yakkety is included in the attachment.
** Attachment added: "yakkety-debdiff"
https://bugs.launchpad.net/ubuntu/+source/ktnef/+bug/1668552/+attachment/4828791/+files/yakkety-debdiff
** Changed in: ktnef (Ubuntu Xenial)
Status: New => Confirmed
** Changed in: ktnef (Ubuntu
Xenial is in kdepim not ktnef.
** Changed in: ktnef (Ubuntu Xenial)
Status: Confirmed => New
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepim in Ubuntu.
https://bugs.launchpad.net/bugs/1668552
Title:
KDE Project Security Advi
Added kio-yakkety-debdiff.patch
** Changed in: kde4libs (Ubuntu Yakkety)
Status: New => Confirmed
** Changed in: kio (Ubuntu Yakkety)
Status: New => Confirmed
** Patch added: "kio-yakkety-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/kio/+bug/1668871/+attachment/4828
Added kde4libs-yakkety-debdiff.patch
** Patch added: "kde4libs-yakkety-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/kio/+bug/1668871/+attachment/4828811/+files/kde4libs-yakkety-debdiff.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
Why did the kde4libs amd64 build in ubuntu-security-proposed fail? It
built fine in my ppa.
my ppa: https://launchpad.net/~visred/+archive/ubuntu/rel-ppa/+packages
https://launchpad.net/~visred/+archive/ubuntu/rel-ppa/+build/12070850
ubuntu-security-proposed build: https://launchpad.net/~ubuntu-
debdiff for ktnef in xenial is attached.
kdepim also needs to patched both in xenial and trusty.
** Attachment added: "ktnef-xenial-debdiff"
https://bugs.launchpad.net/ubuntu/+source/ktnef/+bug/1668552/+attachment/4829858/+files/ktnef-xenial-debdiff
--
You received this bug notification bec
I cannot make debdiffs' for kdepim as I am not sure if the patch is
compatible. Someone familiar with the code should patch it.
** Changed in: ktnef (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
I am not going to touch the code myself but I will post a debdiff if
upstream debian updates it in wheezy.
But I still request the security team to look at it because this problem
exists in a default install and also could compromise the system by just
opening nautilus.
--
You received this bug
This is not a bug with chrome. It is a bug with symantec's certificate
issuance systems.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1641380
Title:
chromium-browser: ERR_CERTIFICATE_TRANSPARENCY_R
debdiff for kde4libs in xenial is attached.
** Attachment added: "kde4libs-xenial-debdiff"
https://bugs.launchpad.net/ubuntu/+source/kio/+bug/1668871/+attachment/4829903/+files/kde4libs-xenial-debdiff
** Changed in: kio (Ubuntu Xenial)
Status: New => Confirmed
** Changed in: kde4libs
debdiff for kio in xenial is attached.
** Attachment added: "kio-xenial-debdiff"
https://bugs.launchpad.net/ubuntu/+source/kio/+bug/1668871/+attachment/4829901/+files/kio-xenial-debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
** Changed in: kde4libs (Ubuntu Zesty)
Status: New => Confirmed
** Changed in: kio (Ubuntu Zesty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668871
Title:
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-6410
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668871
Title:
kio: Information Leak when accessing https when using a malici
Public bug reported:
CVE-2016-6321 path name extract bypass vulnerability is not patched in
stable releases of yakkety, xenial and other supported releases.
The maintainer appears to have only pushed the patch to zesty proposed.
Please push the patch for the stable releases as this bug could hav
I removed the needs-packaging tag. Wasn't aware that it is only for new
packages.
** Tags removed: needs-packaging
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1638922
Title:
[needs-packaging] tar
*** This bug is a security vulnerability ***
Public security bug reported:
I have included a debdiff imported from upstream for the below security
advisory for ark.
I have tested the patch in ppa with the sample archive issued in the
advisory and can confirm it works without any noticeable issue
All previous and current releases are possibly affected.
The above debdiff is compatible with focal and bionic which are affected.
Groovy can be updated to the latest upstream by the maintainer.
The nature of impact of this bug on xenial is unknown as the code in
xenial is very different and upst
** Changed in: netplan.io (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968287
Title:
loopback addresses disappear after running "netplan apply" multiple
23 matches
Mail list logo
