[ubuntu/oneiric-security] ubuntuone-client, ubuntuone-client_2.0.1-0ubuntu1.1_amd64_translations.tar.gz, ubuntuone-client_2.0.1-0ubuntu1.1_powerpc_translations.tar.gz, ubuntuone-client_2.0.1-0ubuntu1.1_i386_translations.tar.gz, ubuntuone-client_2.0.1-0ubuntu1.1_armel_translations.tar.gz 2.0.1-0ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jun 6 13:33:57 UTC 2012


ubuntuone-client (2.0.1-0ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
    - debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 and
      send hostname for validation in ubuntuone/syncdaemon/action_queue.py,
      use correct URL in data/syncdaemon.conf, use pycurl instead of
      urllib2 in tests/syncdaemon/test_action_queue.py.
    - debian/control: bump python-ubuntuone-storageprotocol and
      ubuntu-sso-client dependencies to security updates.
    - CVE-2011-4409

Date: Tue, 29 May 2012 15:23:53 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/ubuntuone-client/2.0.1-0ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Tue, 29 May 2012 15:23:53 -0400
Source: ubuntuone-client
Binary: ubuntuone-client python-ubuntuone-client libsyncdaemon-1.0-1 libsyncdaemon-1.0-dev gir1.2-syncdaemon-1.0 ubuntuone-client-dbg
Architecture: source
Version: 2.0.1-0ubuntu1.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 gir1.2-syncdaemon-1.0 - Ubuntu One synchronization daemon library
 libsyncdaemon-1.0-1 - Ubuntu One synchronization daemon library
 libsyncdaemon-1.0-dev - Ubuntu One synchronization daemon library
 python-ubuntuone-client - Ubuntu One client Python libraries
 ubuntuone-client - Ubuntu One client
 ubuntuone-client-dbg - Debugging symbols for ubuntuone-client
Launchpad-Bugs-Fixed: 882062
Changes: 
 ubuntuone-client (2.0.1-0ubuntu1.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
     - debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 and
       send hostname for validation in ubuntuone/syncdaemon/action_queue.py,
       use correct URL in data/syncdaemon.conf, use pycurl instead of
       urllib2 in tests/syncdaemon/test_action_queue.py.
     - debian/control: bump python-ubuntuone-storageprotocol and
       ubuntu-sso-client dependencies to security updates.
     - CVE-2011-4409
Checksums-Sha1: 
 f2df262a94702fdbf53a4421d0977784f59ed55e 2263 ubuntuone-client_2.0.1-0ubuntu1.1.dsc
 d22a1f4b753ed3c403d8cbeaa361d2a8ac566556 24928 ubuntuone-client_2.0.1-0ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 5a4d5d0744fde0ed2ccffb66d6ecb8a2fbcc452895295360d04a5c1a18cf3ef9 2263 ubuntuone-client_2.0.1-0ubuntu1.1.dsc
 4068f9371212dba7dacf1d2a73d9a325df4d608a1e2a3015744bc6be62fb1431 24928 ubuntuone-client_2.0.1-0ubuntu1.1.debian.tar.gz
Files: 
 cae389ba57b4c57f2b5f417107d0fcdf 2263 net optional ubuntuone-client_2.0.1-0ubuntu1.1.dsc
 455ce4878547ef99f52bcc536d5167be 24928 net optional ubuntuone-client_2.0.1-0ubuntu1.1.debian.tar.gz
Original-Maintainer: Rick McBride <rick.mcbride at canonical.com>


More information about the Oneiric-changes mailing list