[Bug 979426] Re: persistent MitM can truncate list of files passed as script command line arguments
** Branch linked: lp:ubuntu/precise-proposed/update-notifier -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/979426 Title: persistent MitM can truncate list of files passed as script command line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/979426/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 979426] Re: persistent MitM can truncate list of files passed as script command line arguments
This bug was fixed in the package update-notifier - 0.119ubuntu7 --- update-notifier (0.119ubuntu7) precise; urgency=low * Use proto_proxy environment variables to choose the proxy to use for data downloads, not the apt proxy settings, because apt may be configured to point at a package-specific proxy. This makes proxy configuration a little less convenient than before for the flashplugin-installer package, but it at least it makes it possible to have a different proxy setting for packages vs. arbitrary data downloads, which otherwise we don't have any way to support. LP: #979477. * Stop processing after a fatal download error, not just a transient one, so that we can't be tricked into feeding a partial list of files to a handler. Thanks to Kees Cook for spotting the bug. LP: #979426. * Flush stdout before calling subprocess, so that log output makes more sense. * Print a more meaningful status message when downloading, instead of just a bare URL. * Check for existence of /usr/lib/update-notifier/package-data-downloader before trying to run it from our cron job, so that the package doesn't generate error messages when removed but not purged. * The action for our notification should call gksu instead of trying to run the command directly without root access. This is imperfect because kubuntu won't have gksudo available by default, but it's an improvement over failing for everybody. LP: #976761. -- Steve Langasek steve.langa...@ubuntu.com Fri, 13 Apr 2012 03:49:10 + ** Changed in: update-notifier (Ubuntu) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/979426 Title: persistent MitM can truncate list of files passed as script command line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/979426/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 979426] Re: persistent MitM can truncate list of files passed as script command line arguments
** Changed in: update-notifier (Ubuntu) Importance: Undecided = Medium ** Changed in: update-notifier (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/979426 Title: persistent MitM can truncate list of files passed as script command line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/979426/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 979426] Re: persistent MitM can truncate list of files passed as script command line arguments
** Branch linked: lp:update-notifier -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/979426 Title: persistent MitM can truncate list of files passed as script command line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/979426/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 979426] Re: persistent MitM can truncate list of files passed as script command line arguments
(Unrelated: to be purge safe, /etc/cron.daily/update-notifier-common should test for /usr/lib/update-notifier/package-data-downloader before executing it.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/979426 Title: persistent MitM can truncate list of files passed as script command line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/979426/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs