[Bug 1874229] [NEW] RST/BitLocker - Do not make URLs translatable

Launchpad Bug Tracker 1874229 at bugs.launchpad.net
Fri May 22 04:37:31 UTC 2020 

*** This bug is a security vulnerability ***

You have been subscribed to a private security bug by Alex Murray (alexmurray):

In the debconf template and and the UI file, URL for bitlocker and rst
are translatable introducing a risk for a translator to break the URL or
more importantly to inject a malicious URL in the translation.

$ grep -r -E 'ubuntu.com/(rst|bitlocker)'

debian/ubiquity.templates:_Description: This computer uses Intel RST (Rapid Storage Technology). You need to turn off RST before installing Ubuntu. For instructions, open this page on a phone or other device: <a href="https://help.ubuntu.com/rst">help.ubuntu.com/rst</a>
debian/ubiquity.templates:_Description: This computer uses Windows BitLocker encryption. You need to turn off BitLocker in Windows before installing Ubuntu. For instructions, open this page on a phone or other device: <a href="https://help.ubuntu.com/bitlocker">help.ubuntu.com/bitlocker</a>
gui/gtk/stepPrepare.ui:            <property name="label" translatable="yes">This computer uses Intel RST (Rapid Storage Technology). You need to turn off RST before installing Ubuntu. For instructions, open this page on a phone or other device: <a href="https://help.ubuntu.com/rst">help.ubuntu.com/rst</a></property>
gui/gtk/stepPartAsk.ui:            <property name="label" translatable="yes">This computer uses Windows BitLocker encryption. You need to turn off BitLocker in Windows before installing Ubuntu. For instructions, open this page on a phone or other device: <a href="https://help.ubuntu.com/bitlocker">help.ubuntu.com/bitlocker</a></property>

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: ubiquity (not installed)
ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24
Uname: Linux 5.4.0-18-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu27
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Wed Apr 22 12:28:09 2020
InstallCmdLine: file=/cdrom/preseed/ubuntu.seed boot=casper initrd=/casper/initrd.lz quiet splash -- keyboard-configuration/layoutcode=fr keyboard-configuration/variantcode=oss
InstallationDate: Installed on 2014-07-15 (2108 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140520)
SourcePackage: ubiquity
UpgradeStatus: Upgraded to focal on 2018-03-24 (759 days ago)

** Affects: ubiquity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug focal ubiquity-2.18.8
-- 
RST/BitLocker - Do not make URLs translatable
https://bugs.launchpad.net/bugs/1874229
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to the bug report.

More information about the foundations-bugs mailing list