[ubuntu/trusty-security] simplestreams 0.1.0~bzr341-0ubuntu2.2 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Sep 24 22:44:48 UTC 2015
simplestreams (0.1.0~bzr341-0ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: insufficient verification of GPG signatures
allowing malicious injection into images
- debian/patches/lp1487004-use-checksumming-reader.patch: Ensure
that users of the BasicMirrorWriter get exceptions when importing
data that has invalid checksum or sizes. (LP: #1487004)
- CVE-2015-1337
- debian/patches/lp1487004-sru-safetynet.patch:
provide a backwards compatible behavior via setting
SS_MISSING_ITEM_CHECKSUM_BEHAVIOR=silent. See bug for more info.
Date: 2015-09-24 05:41:16.098493+00:00
Changed-By: Scott Moser <smoser at ubuntu.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr341-0ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list