[Bug 1487004] Re: Malicious server can bypass gpg verification and inject malicious images
Launchpad Bug Tracker
1487004 at bugs.launchpad.net
Fri Sep 25 11:21:11 UTC 2015
This bug was fixed in the package simplestreams - 0.1.0~bzr400-0ubuntu1
---------------
simplestreams (0.1.0~bzr400-0ubuntu1) wily; urgency=medium
* New upstream snapshot.
- sstream-mirror, sstream-query, sstream-sync: add --no-verify
flag (LP: #1249018)
- pep8/flake8 cleanups
- several closing of filehandle fixes (LP: #1461181)
- GlanceMirror fix stack trace if no matching entries (LP: #1353724)
- tools: upstream development tools fixes (not shipped in ubuntu)
- GlanceMirror: change known Ubuntu arches into appropriate glance
arch values (LP: #1483159)
- Ensure all users of 'sync' get checksumming of content by default.
insert_item now provides a content source that does checksumming
during reads and raises exception on error (LP: #1487004)
* debian/README.source: add file, doc how to take upstream snapshot
* debian/rules: export SS_REQUIRE_DISTRO_INFO so that test
runs without a dependency on distro-info
-- Scott Moser <smoser at ubuntu.com> Thu, 24 Sep 2015 21:53:46 -0400
** Changed in: simplestreams (Ubuntu Wily)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to simplestreams in Ubuntu.
https://bugs.launchpad.net/bugs/1487004
Title:
Malicious server can bypass gpg verification and inject malicious
images
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/simplestreams/+bug/1487004/+subscriptions
More information about the Ubuntu-server-bugs
mailing list