[ubuntu/vivid-security] simplestreams 0.1.0~bzr354-0ubuntu1.15.04.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Sep 24 22:44:45 UTC 2015

simplestreams (0.1.0~bzr354-0ubuntu1.15.04.1) vivid-security; urgency=medium

  * SECURITY UPDATE: insufficient verification of GPG signatures
    allowing malicious injection into images
    - debian/patches/lp1487004-use-checksumming-reader.patch: Ensure
      that users of the BasicMirrorWriter get exceptions when importing
      data that has invalid checksum or sizes. (LP: #1487004)
    - CVE-2015-1337
    - debian/patches/lp1487004-sru-safetynet.patch:
      provide a backwards compatible behavior via setting
      SS_MISSING_ITEM_CHECKSUM_BEHAVIOR=silent. See bug for more info.

Date: 2015-09-24 05:40:19.386172+00:00
Changed-By: Scott Moser <smoser at ubuntu.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Vivid-changes mailing list