This bug was fixed in the package ubuntu-geoip -
1.0.2+14.04.20131125-0ubuntu2.16.04.1
---
ubuntu-geoip (1.0.2+14.04.20131125-0ubuntu2.16.04.1) xenial; urgency=medium
[ Jim Campbell ]
* Use https for geoip.ubuntu.com/lookup URL (LP: #1617535)
-- Jim Campbell Fri, 16 Mar 2018 1
** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Tit
FWIW, we have the patch for Trusty, and I can test it, but I know that
Trusty will reach EOL in less than four months. I will leave it at your
discretion as to whether to go forward with the update for Trusty.
Also, I thanked Brian for getting the Xenial update into Proposed, but
forgot to thank S
$ apt-cache policy geoclue-ubuntu-geoip
geoclue-ubuntu-geoip:
Installed: 1.0.2+14.04.20131125-0ubuntu2.16.04.1
Candidate: 1.0.2+14.04.20131125-0ubuntu2.16.04.1
Test #1 - Passed - URL includes https on first check
$ gsettings get com.ubuntu.geoip geoip-url
'https://geoip.ubuntu.com/lookup'
Tes
Hi All - I can test this on Xenial tomorrow (Jan 23). I'll report back
after testing.
Thanks to Brian for getting the package into xenial-proposed.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.laun
Hello xtsbdu3reyrbrmroezob, or anyone else affected,
Accepted ubuntu-geoip into xenial-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/ubuntu-
geoip/1.0.2+14.04.20131125-0ubuntu2.16.04.1 in a few hours, and then in
the -proposed repository.
Please hel
Sorry for the delay, I didn't see the previous comments. I've sponsored
to Xenial now, Artful is not supported anymore so marking that one as
wontfix. Unsure it makes sense to do an upload to trusty at this point
** Changed in: ubuntu-geoip (Ubuntu Xenial)
Status: Triaged => Fix Committed
** Changed in: ubuntu-geoip (Ubuntu Artful)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com does not utilize HT
Might anyone be able to clarify what kinds of additional test cases (if
any) are needed? If so, I would appreciate it. I'm making an attempt to
be helpful in fixing this bug, but am a bit new to Canonical's internal
processes in terms of what they expect to test / resolve these kinds of
bugs. Any a
Adding test case here:
1) Install patches / patched package
2) Confirm that the 'geoip url' is set to a correct 'https' value, and that
this value is set as the default:
`$ gsettings get com.ubuntu.geoip geoip-url` should display
`https://geoip.ubuntu.com/lookup`
`$ gsettings reset com.ubu
Unsubscribing the Ubuntu Sponsors Team for now, due to Sebastien's
comment that more work needs to be done.
Please resubscribe the Sponsors Team once adequate tests have been
added.
Thank you.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribe
There is still a need to figure out a testcase here before the SRU can
be uploaded
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com does not utilize
Include associated patch to fix this for Trusty. Please update package
after associated packages for Artful and Xenial.
** Patch added: "One-line fix and associated changelog - Trusty"
https://bugs.launchpad.net/ubuntu/+source/ubuntu-geoip/+bug/1617535/+attachment/5081722/+files/ubuntu_geoip_
Include patch to set https geoip url for Xenial. Package should be
updated after the related Artful package, but before the associated
Trusty package.
** Patch added: "One-line fix and associated changelog - Xenial"
https://bugs.launchpad.net/ubuntu/+source/ubuntu-geoip/+bug/1617535/+attachmen
Include associated patch for Artful. This package should be updated
before packages for Trusty and Xenial, although I'm attaching all three
patches at more or less the same time.
** Patch added: "One-line fix and associated changelog"
https://bugs.launchpad.net/ubuntu/+source/ubuntu-geoip/+bug
This bug was fixed in the package ubuntu-geoip -
1.0.2+18.04.20180223-0ubuntu1
---
ubuntu-geoip (1.0.2+18.04.20180223-0ubuntu1) bionic; urgency=medium
* Use https for geoip.ubuntu.com (LP: #1617535)
-- Jeremy Bicha Fri, 23 Feb 2018 17:23:36 +
** Changed in: ubuntu-geoip (Ub
** Also affects: ubuntu-geoip (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: ubuntu-geoip (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: ubuntu-geoip (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: ubuntu-geoi
It appears as though the servers may have been updated to also serve
this over https (previously, https didn't work at the Ubuntu geoip url),
but the default value for desktops is to use the http value, and the
defaults should be updated
Current values:
$ gsettings reset com.ubuntu.geoip geoip-url
Using the:
$ gsettings set com.ubuntu.geoip geoip-url https://freegeoip.net/xml/
Appears to work well enough after initial testing.
1) $ gsettings set com.canonical.indicator.datetime show-auto-detected-location
true
shows my correct location
2) apt install geoclue-examples
and then geoclu
To reset the value to the ubuntu default:
gsettings reset com.ubuntu.geoip geoip-url
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com does not util
You can update to an alternate provider via:
gsettings set com.ubuntu.geoip geoip-url https://freegeoip.net/xml/
and verify the setting via:
gsettings get com.ubuntu.geoip geoip-url
but I have not done extensive testing to see if this breaks anything.
Assistance on this would be appreciated.
Y
** Changed in: ubuntu-geoip (Ubuntu)
Status: New => Confirmed
** Changed in: ubuntu-geoip (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad
I subscribed security team, it is unlikely that they get such messages
if not subscribed :)
** Changed in: ubuntu-geoip (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
htt
@jim no the ubuntu security team also did not respond regarding this
issue. unfortunately, it is actually being abused by the great firewall
of china to spy on ubuntu users within the border of china. from what we
can tell, the ubuntu security team does not take nation state level
issues very serio
Any update to this bug? Seems that it would be adviseable to make the
change to https for any services possible. The less unencrypted traffic
over the web, the better.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubunt
Your SSH support bad crypto:
arcfour
arcfour128
arcfour256
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com does not utilize HTTPS
Status in ubunt
You're SSH also appears exposed to Internet and vulnerable to Logjam,
which is exploitable by NSA.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com
Your SSH support bad CBC mode:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-...@lysator.liu.se
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.n
Your SSH support weak MAC:
hmac-md5
hmac-md5-96
hmac-md5-96-...@openssh.com
hmac-md5-...@openssh.com
hmac-sha1-96
hmac-sha1-96-...@openssh.com
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bu
You're leaked inode number: 2261065
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com does not utilize HTTPS
Status in ubuntu-geoip package in Ubunt
So, also, ummm yeah, you're also running and end-of-life and insecure
version of ubuntu there too dude. ubuntu 13.04 (saucy) is NOT getting
any security updates. Should someone exploit it remotely to make that
point? ;)
Ubuntu 13.10 EOL was July 2014.
--
You received this bug notification becaus
Exactly. Say I am the NSA and you are connected to Tor. I know your
EMAIL user agent like Thunderbird is leaking data in your mail header,
like Time Zone data. I know you are connected to Tor and that I want to
associate your IP to your email. I fiddle your Time Zone response data
to something esot
Can you elaborate on what an adversary might do with this connection?
The name itself will be leaked via DNS requests regardless of TLS use.
The name itself may be leaked via SNI headers in a hypothetical HTTPS
connection.
I'm not yet familiar with the data actually transferred once connected,
b
** Information type changed from Private Security to Public Security
** Changed in: ubuntu-geoip (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net
34 matches
Mail list logo