-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2012-05-31 10:47:06 UTC
-
mfrom:
(30.1.4 lucid-proposed)
-
Revision ID:
package-import@ubuntu.com-20120531104706-bkm9sdx5fmp3zt9l
Tags: 1.2.2-0ubuntu2.2
* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
- debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 in
bin/ubuntuone-preferences, tests/syncdaemon/test_action_queue.py,
use pycurl instead of urllib2 and send hostname for validation in
ubuntuone/syncdaemon/action_queue.py, use correct URL in
data/syncdaemon.conf, correctly verify hostname in
ubuntuone/oauthdesktop/auth.py, send hostname for validation in
ubuntuone/u1sync/client.py, use pycurl instead of urllib2 in
ubuntuone/utils/*, ship utils directory in Makefile.*.
- debian/python-ubuntuone-client.install: also ship new utils
directory.
- debian/control: bump python-ubuntuone-storageprotocol dependency to
security update.
- debian/control: add python-pycurl dependency.
- debian/rules: remove simple-patchsys.mk as this is a quilt package.
- CVE-2011-4409