| 2018-10-02 14:27:40 |
Jeremy Bícha |
bug |
|
|
added bug |
| 2018-10-02 14:29:51 |
Jeremy Bícha |
gnome-desktop3 (Ubuntu): status |
New |
Confirmed |
|
| 2018-10-02 14:30:08 |
Jeremy Bícha |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2018-10-02 14:52:03 |
Jeremy Bícha |
description |
Impact
======
gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate several vulnerabilities. Ubuntu had to disable that feature until bubblewrap could be promoted to main.
bubblewrap is now in main for 18.10 and the feature is now enabled there. The intention has been for that change to be backported to 18.04 LTS as a security fix.
The bubblewrap MIR is https://launchpad.net/bugs/1709164
We'll need to promote bubblewrap to main before this update should be pushed to bionic.
Can you sponsor directly from the git repo instead of with a debdiff?
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3 |
Impact
======
gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate several vulnerabilities. Ubuntu had to disable that feature until bubblewrap could be promoted to main.
bubblewrap is now in main for 18.10 and the feature is now enabled there. The intention has been for that change to be backported to 18.04 LTS as a security fix.
The bubblewrap MIR is https://launchpad.net/bugs/1709164
We'll need to promote bubblewrap to main before this update should be pushed to bionic.
Can you sponsor directly from the git repo instead of with a debdiff?
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3
git checkout ubuntu/bionic |
|
| 2018-10-02 15:22:27 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
| 2018-10-02 15:35:14 |
Jeremy Bícha |
description |
Impact
======
gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate several vulnerabilities. Ubuntu had to disable that feature until bubblewrap could be promoted to main.
bubblewrap is now in main for 18.10 and the feature is now enabled there. The intention has been for that change to be backported to 18.04 LTS as a security fix.
The bubblewrap MIR is https://launchpad.net/bugs/1709164
We'll need to promote bubblewrap to main before this update should be pushed to bionic.
Can you sponsor directly from the git repo instead of with a debdiff?
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3
git checkout ubuntu/bionic |
Impact
======
gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate several vulnerabilities. Ubuntu had to disable that feature until bubblewrap could be promoted to main.
bubblewrap is now in main for 18.10 and the feature is now enabled there. The intention has been for that change to be backported to 18.04 LTS as a security fix.
The bubblewrap MIR is https://launchpad.net/bugs/1709164
We'll need to promote bubblewrap to main before this update should be pushed to bionic.
Can you sponsor directly from the git repo instead of with a debdiff?
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3
git checkout ubuntu/bionic
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/bubblewrap
Testing Done
============
I test built bubblewrap. Doing autopkgtest for it now. |
|
| 2018-10-02 15:35:22 |
Jeremy Bícha |
bug task added |
|
bubblewrap (Ubuntu) |
|
| 2018-10-02 15:36:25 |
Jeremy Bícha |
bubblewrap (Ubuntu): status |
New |
Confirmed |
|
| 2018-10-02 15:36:52 |
Jeremy Bícha |
description |
Impact
======
gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate several vulnerabilities. Ubuntu had to disable that feature until bubblewrap could be promoted to main.
bubblewrap is now in main for 18.10 and the feature is now enabled there. The intention has been for that change to be backported to 18.04 LTS as a security fix.
The bubblewrap MIR is https://launchpad.net/bugs/1709164
We'll need to promote bubblewrap to main before this update should be pushed to bionic.
Can you sponsor directly from the git repo instead of with a debdiff?
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3
git checkout ubuntu/bionic
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/bubblewrap
Testing Done
============
I test built bubblewrap. Doing autopkgtest for it now. |
Impact
======
gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate several vulnerabilities. Ubuntu had to disable that feature until bubblewrap could be promoted to main.
bubblewrap is now in main for 18.10 and the feature is now enabled there. The intention has been for that change to be backported to 18.04 LTS as a security fix.
The bubblewrap MIR is https://launchpad.net/bugs/1709164
We'll need to promote bubblewrap to main before this update should be pushed to bionic.
Can you sponsor directly from the git repo instead of with a debdiff?
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3
git checkout ubuntu/bionic
gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/bubblewrap
Testing Done
============
I test built bubblewrap and its autopkgtest passes:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic-jbicha-arch/bionic/amd64/b/bubblewrap/20181002_153548_f5821@/log.gz |
|
| 2018-10-08 23:50:57 |
Andrew Hayzen |
bug |
|
|
added subscriber Andrew Hayzen |
| 2018-11-20 19:25:10 |
Steve Beattie |
bubblewrap (Ubuntu): assignee |
|
Steve Beattie (sbeattie) |
|
| 2018-11-20 19:25:14 |
Steve Beattie |
gnome-desktop3 (Ubuntu): assignee |
|
Steve Beattie (sbeattie) |
|
| 2018-11-28 19:12:09 |
Launchpad Janitor |
bubblewrap (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2018-11-28 21:50:35 |
Launchpad Janitor |
gnome-desktop3 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2018-11-29 07:57:02 |
Eugene Romanenko |
bug |
|
|
added subscriber Eugene Romanenko |
| 2018-12-11 05:17:23 |
Mathew Hodson |
bubblewrap (Ubuntu): importance |
Undecided |
High |
|
| 2018-12-11 05:17:26 |
Mathew Hodson |
gnome-desktop3 (Ubuntu): importance |
Undecided |
High |
|
| 2018-12-14 09:21:03 |
Romano Giannetti |
bug |
|
|
added subscriber Romano Giannetti |
