[Bug 2132385] Re: Sync aide 0.19.2-3 (main) from Debian unstable (main)
Eduardo Barretto
2132385 at bugs.launchpad.net
Tue Nov 25 09:36:26 UTC 2025
** Description changed:
Please sync aide 0.19.2-3 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
- * SECURITY UPDATE: bypass AIDE detection of malicious files
- - d/p/CVE-2025-54389.patch: fix output neutralization.
- - CVE-2025-54389
- * SECURITY UPDATE: Denial of service
- - d/p/CVE-2025-54409.patch: fix null pointer dereference and segfault
- - CVE-2025-54409
+ * SECURITY UPDATE: bypass AIDE detection of malicious files
+ - d/p/CVE-2025-54389.patch: fix output neutralization.
+ - CVE-2025-54389
+ * SECURITY UPDATE: Denial of service
+ - d/p/CVE-2025-54409.patch: fix null pointer dereference and segfault
+ - CVE-2025-54409
Both vulnerabilities were fixed in debian in version 0.19.2-1.
Changelog entries since current resolute version 0.19.1-2ubuntu1:
aide (0.19.2-3) unstable; urgency=medium
- * complete implementation of build-cache
- * improve rules:
- * 10_aide_dateformats
- * 10_aide_days
- * 10_aide_hardware
- * 11_aide_dateformats_cury
- * 31_aide_apt-cacher-ng
- * 31_aide_bind9
- * 31_aide_cups
- * 31_aide_dehydrated
- * 31_aide_dev
- * 31_aide_icinga2
- * 31_aide_man
- * 31_aide_postgresql
- * 31_aide_samba
- * 31_aide_sudo
- * 31_aide_systemd
- * 31_aide_torrus
- * 31_aide_udev
- * new rules:
- * 31_aide_grub-pc
- * 31_aide_ksmtuned
- * 31_aide_radvd
- * 31_aide_run_systemd_dynamic-uid
- * 31_aide_xfsprogs
+ * complete implementation of build-cache
+ * improve rules:
+ * 10_aide_dateformats
+ * 10_aide_days
+ * 10_aide_hardware
+ * 11_aide_dateformats_cury
+ * 31_aide_apt-cacher-ng
+ * 31_aide_bind9
+ * 31_aide_cups
+ * 31_aide_dehydrated
+ * 31_aide_dev
+ * 31_aide_icinga2
+ * 31_aide_man
+ * 31_aide_postgresql
+ * 31_aide_samba
+ * 31_aide_sudo
+ * 31_aide_systemd
+ * 31_aide_torrus
+ * 31_aide_udev
+ * new rules:
+ * 31_aide_grub-pc
+ * 31_aide_ksmtuned
+ * 31_aide_radvd
+ * 31_aide_run_systemd_dynamic-uid
+ * 31_aide_xfsprogs
- -- Marc Haber <mh+debian-packages at zugschlus.de> Tue, 14 Oct 2025
+ -- Marc Haber <mh+debian-packages at zugschlus.de> Tue, 14 Oct 2025
06:52:06 +0200
aide (0.19.2-2) unstable; urgency=medium
- * new rules:
- * 31_aide_cryptsetup
- * 31_aide_postgresql
- * 31_aide_systemd_tmpfiles
- * 31_aide_valkey
- * update rules
- * 10_aide_bits
- * 10_aide_dateformats
- * 11_aide_dateformats_cury
- * 31_aide_apt-cacher-ng
- * 31_aide_console-setup
- * 31_aide_dehydrated
- * 31_aide_dokuwiki
- * 31_aide_fwupd
- * 31_aide_gnupg
- * 31_aide_lighttpd
- * 31_aide_mariadb
- * 31_aide_run_systemd_netif
- * 31_aide_schroot
- * 31_aide_ssh-server
- * 31_aide_systemd_sessions
- * 31_aide_udev
- * 31_aide_dehydrated
- * 31_aide_samba
- * 31_aide_spamassassin
- * 31_aide_postgresql.
- Thanks to Anton Shestakov
- * remove obsolete 31_aide_postgresql-15
+ * new rules:
+ * 31_aide_cryptsetup
+ * 31_aide_postgresql
+ * 31_aide_systemd_tmpfiles
+ * 31_aide_valkey
+ * update rules
+ * 10_aide_bits
+ * 10_aide_dateformats
+ * 11_aide_dateformats_cury
+ * 31_aide_apt-cacher-ng
+ * 31_aide_console-setup
+ * 31_aide_dehydrated
+ * 31_aide_dokuwiki
+ * 31_aide_fwupd
+ * 31_aide_gnupg
+ * 31_aide_lighttpd
+ * 31_aide_mariadb
+ * 31_aide_run_systemd_netif
+ * 31_aide_schroot
+ * 31_aide_ssh-server
+ * 31_aide_systemd_sessions
+ * 31_aide_udev
+ * 31_aide_dehydrated
+ * 31_aide_samba
+ * 31_aide_spamassassin
+ * 31_aide_postgresql.
+ Thanks to Anton Shestakov
+ * remove obsolete 31_aide_postgresql-15
- -- Marc Haber <mh+debian-packages at zugschlus.de> Fri, 05 Sep 2025
+ -- Marc Haber <mh+debian-packages at zugschlus.de> Fri, 05 Sep 2025
08:00:24 +0200
aide (0.19.2-1) unstable; urgency=medium
- * New Upstream version 0.19.2
- * This fixes CVE-2025-54389 and CVE-2025-54409.
- * improve 31_aide_con-apt
- * move most Build-Dependencies to -Arch
- * override indep build targets to not invoke upstream build
- * make aide-dynamic an Arch: all package
- * reformat some files in debian/
+ * New Upstream version 0.19.2
+ * This fixes CVE-2025-54389 and CVE-2025-54409.
+ * improve 31_aide_con-apt
+ * move most Build-Dependencies to -Arch
+ * override indep build targets to not invoke upstream build
+ * make aide-dynamic an Arch: all package
+ * reformat some files in debian/
- -- Marc Haber <mh+debian-packages at zugschlus.de> Thu, 14 Aug 2025
+ -- Marc Haber <mh+debian-packages at zugschlus.de> Thu, 14 Aug 2025
18:19:18 +0200
+
+
+ A test build is currently being done here:
+ https://launchpad.net/~ebarretto/+archive/ubuntu/devel-testing/+packages?field.name_filter=aide&field.status_filter=published&field.series_filter=
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2132385
Title:
Sync aide 0.19.2-3 (main) from Debian unstable (main)
Status in aide package in Ubuntu:
New
Bug description:
Please sync aide 0.19.2-3 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: bypass AIDE detection of malicious files
- d/p/CVE-2025-54389.patch: fix output neutralization.
- CVE-2025-54389
* SECURITY UPDATE: Denial of service
- d/p/CVE-2025-54409.patch: fix null pointer dereference and segfault
- CVE-2025-54409
Both vulnerabilities were fixed in debian in version 0.19.2-1.
Changelog entries since current resolute version 0.19.1-2ubuntu1:
aide (0.19.2-3) unstable; urgency=medium
* complete implementation of build-cache
* improve rules:
* 10_aide_dateformats
* 10_aide_days
* 10_aide_hardware
* 11_aide_dateformats_cury
* 31_aide_apt-cacher-ng
* 31_aide_bind9
* 31_aide_cups
* 31_aide_dehydrated
* 31_aide_dev
* 31_aide_icinga2
* 31_aide_man
* 31_aide_postgresql
* 31_aide_samba
* 31_aide_sudo
* 31_aide_systemd
* 31_aide_torrus
* 31_aide_udev
* new rules:
* 31_aide_grub-pc
* 31_aide_ksmtuned
* 31_aide_radvd
* 31_aide_run_systemd_dynamic-uid
* 31_aide_xfsprogs
-- Marc Haber <mh+debian-packages at zugschlus.de> Tue, 14 Oct 2025
06:52:06 +0200
aide (0.19.2-2) unstable; urgency=medium
* new rules:
* 31_aide_cryptsetup
* 31_aide_postgresql
* 31_aide_systemd_tmpfiles
* 31_aide_valkey
* update rules
* 10_aide_bits
* 10_aide_dateformats
* 11_aide_dateformats_cury
* 31_aide_apt-cacher-ng
* 31_aide_console-setup
* 31_aide_dehydrated
* 31_aide_dokuwiki
* 31_aide_fwupd
* 31_aide_gnupg
* 31_aide_lighttpd
* 31_aide_mariadb
* 31_aide_run_systemd_netif
* 31_aide_schroot
* 31_aide_ssh-server
* 31_aide_systemd_sessions
* 31_aide_udev
* 31_aide_dehydrated
* 31_aide_samba
* 31_aide_spamassassin
* 31_aide_postgresql.
Thanks to Anton Shestakov
* remove obsolete 31_aide_postgresql-15
-- Marc Haber <mh+debian-packages at zugschlus.de> Fri, 05 Sep 2025
08:00:24 +0200
aide (0.19.2-1) unstable; urgency=medium
* New Upstream version 0.19.2
* This fixes CVE-2025-54389 and CVE-2025-54409.
* improve 31_aide_con-apt
* move most Build-Dependencies to -Arch
* override indep build targets to not invoke upstream build
* make aide-dynamic an Arch: all package
* reformat some files in debian/
-- Marc Haber <mh+debian-packages at zugschlus.de> Thu, 14 Aug 2025
18:19:18 +0200
A test build is currently being done here:
https://launchpad.net/~ebarretto/+archive/ubuntu/devel-testing/+packages?field.name_filter=aide&field.status_filter=published&field.series_filter=
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aide/+bug/2132385/+subscriptions
More information about the Ubuntu-sponsors
mailing list