Mark Esler
Mark Esler
Debian `libcrypto++` 5.6.4-9 introduced a security patch for CVE-2019-14318. According to a post in 2019 , https://github.com/weidai11/cryptopp/issues/869, the CVE-2019-14318 patch for 5.6.4 was incomplete. A comment in a later 2020...
On Debian's side, only unstable (Sid) was affected as far as I am aware. Buster received 5.6.4-8, which is the version immediately prior to applying the incomplete patch. https://security-tracker.debian.org/tracker/CVE-2019-14318 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934326
@ekera I will request a [SRU](https://wiki.ubuntu.com/StableReleaseUpdates) for `libcrypto++` to effectively roll it back to 5.6.4-8 in Focal. This will mean that `libcrypto++` will remain vulnerable to CVE-2019-14318 in Ubuntu Focal...
A regression fix was proposed last week. I'll shepherd it through and report back when the fix is live. https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751
This issue is related to https://github.com/jellyfin/jellyfin-media-player/issues/357 , but has a much smaller hardware scope (just rpi4, not all arm64 hardware). In the other issue, it was suggested rpi4 support would...
Can we make this work with `curl -sL https://ubuntuasahi.org/install | sh` ? (Does it need to be added to our REPO_BSAE files?)
I "replace" netplan by installing network manager and: ``` $ cat /etc/NetworkManager/conf.d/manage-all.conf [keyfile] unmanaged-devices=none $ # delete other /etc/netplan/*.yaml $ sudo cat /etc/netplan/00-nm.yaml network: version: 2 renderer: NetworkManager $ sudo...
I'm reaching out for AppArmor expertise myself. I'll try to come back with some concrete examples from the AppArmor team. AppArmor.d may have some useful examples, like [polkitd](https://github.com/roddhjav/apparmor.d/blob/c006371e5beb653adf9678411e0dbf8cbb583fb7/apparmor.d/groups/freedesktop/polkitd) or profiles...
Using newlines for formatting text helps CNAs communicate information. e.g., a mitigation: ``` If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do:...
Upstream Asahi Linux (which Ubuntu Asahi is based on) has not yet released M3 support https://github.com/AsahiLinux/docs/wiki/M3-Series-Feature-Support