[ubuntu/lucid-security] ubuntuone-client_1.2.2-0ubuntu2.2_ia64_translations.tar.gz, ubuntuone-client_1.2.2-0ubuntu2.2_armel_translations.tar.gz, ubuntuone-client_1.2.2-0ubuntu2.2_powerpc_translations.tar.gz, ubuntuone-client, ubuntuone-client_1.2.2-0ubuntu2.2_sparc_translations.tar.gz, ubuntuone-client_1.2.2-0ubuntu2.2_amd64_translations.tar.gz, ubuntuone-client_1.2.2-0ubuntu2.2_i386_translations.tar.gz 1.2.2-0ubuntu2.2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Jun 6 13:34:57 UTC 2012
ubuntuone-client (1.2.2-0ubuntu2.2) lucid-security; urgency=low
* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
- debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 in
bin/ubuntuone-preferences, tests/syncdaemon/test_action_queue.py,
use pycurl instead of urllib2 and send hostname for validation in
ubuntuone/syncdaemon/action_queue.py, use correct URL in
data/syncdaemon.conf, correctly verify hostname in
ubuntuone/oauthdesktop/auth.py, send hostname for validation in
ubuntuone/u1sync/client.py, use pycurl instead of urllib2 in
ubuntuone/utils/*, ship utils directory in Makefile.*.
- debian/python-ubuntuone-client.install: also ship new utils
directory.
- debian/control: bump python-ubuntuone-storageprotocol dependency to
security update.
- debian/control: add python-pycurl dependency.
- debian/rules: remove simple-patchsys.mk as this is a quilt package.
- CVE-2011-4409
Date: Thu, 31 May 2012 10:47:06 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/ubuntuone-client/1.2.2-0ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Thu, 31 May 2012 10:47:06 -0400
Source: ubuntuone-client
Binary: ubuntuone-client ubuntuone-client-gnome ubuntuone-client-tools python-ubuntuone-client
Architecture: source
Version: 1.2.2-0ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
python-ubuntuone-client - Ubuntu One client Python libraries
ubuntuone-client - Ubuntu One client
ubuntuone-client-gnome - Ubuntu One client GNOME integration
ubuntuone-client-tools - Ubuntu One client tools
Launchpad-Bugs-Fixed: 882062
Changes:
ubuntuone-client (1.2.2-0ubuntu2.2) lucid-security; urgency=low
.
* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
- debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 in
bin/ubuntuone-preferences, tests/syncdaemon/test_action_queue.py,
use pycurl instead of urllib2 and send hostname for validation in
ubuntuone/syncdaemon/action_queue.py, use correct URL in
data/syncdaemon.conf, correctly verify hostname in
ubuntuone/oauthdesktop/auth.py, send hostname for validation in
ubuntuone/u1sync/client.py, use pycurl instead of urllib2 in
ubuntuone/utils/*, ship utils directory in Makefile.*.
- debian/python-ubuntuone-client.install: also ship new utils
directory.
- debian/control: bump python-ubuntuone-storageprotocol dependency to
security update.
- debian/control: add python-pycurl dependency.
- debian/rules: remove simple-patchsys.mk as this is a quilt package.
- CVE-2011-4409
Checksums-Sha1:
99b0c001ee396c439167cdb64a528ab40e15cbaf 2174 ubuntuone-client_1.2.2-0ubuntu2.2.dsc
ea4cd51d405c2ebabf6fa15ec9fef031eadbee6c 19383 ubuntuone-client_1.2.2-0ubuntu2.2.debian.tar.gz
Checksums-Sha256:
7b365637a6c70aeabadaa3a58b363801bf7a8f81232fa6ea4df9448402981cc4 2174 ubuntuone-client_1.2.2-0ubuntu2.2.dsc
ed97074dadffc7b82d6c5922a3f9565011368a7b5e35002c4d0d139eafc79bc5 19383 ubuntuone-client_1.2.2-0ubuntu2.2.debian.tar.gz
Files:
48a1e8c231688b658624ba844a410979 2174 net optional ubuntuone-client_1.2.2-0ubuntu2.2.dsc
17f005993669dcdf4ac22b8e8bc1f381 19383 net optional ubuntuone-client_1.2.2-0ubuntu2.2.debian.tar.gz
Original-Maintainer: Rick McBride <rick.mcbride at canonical.com>
More information about the Lucid-changes
mailing list