~ubuntu-branches/ubuntu/lucid/ubuntuone-client/lucid-security

Viewing all changes in revision 31.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-05-31 10:47:06 UTC
  • mfrom: (30.1.4 lucid-proposed)
  • Revision ID: package-import@ubuntu.com-20120531104706-bkm9sdx5fmp3zt9l
Tags: 1.2.2-0ubuntu2.2
* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
  - debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 in
    bin/ubuntuone-preferences, tests/syncdaemon/test_action_queue.py,
    use pycurl instead of urllib2 and send hostname for validation in
    ubuntuone/syncdaemon/action_queue.py, use correct URL in
    data/syncdaemon.conf, correctly verify hostname in
    ubuntuone/oauthdesktop/auth.py, send hostname for validation in
    ubuntuone/u1sync/client.py, use pycurl instead of urllib2 in
    ubuntuone/utils/*, ship utils directory in Makefile.*.
  - debian/python-ubuntuone-client.install: also ship new utils
    directory.
  - debian/control: bump python-ubuntuone-storageprotocol dependency to
    security update.
  - debian/control: add python-pycurl dependency.
  - debian/rules: remove simple-patchsys.mk as this is a quilt package.
  - CVE-2011-4409

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: