fix is still missing in bzr repo
** Attachment added: "fix"
https://bugs.launchpad.net/bzr/+bug/1710979/+attachment/5140728/+files/24_ssh_hostnames-lp1710979
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.n
** Branch linked: lp:~debian-bazaar/debian/sid/bzr/unstable
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh URLs don't strip SSH options
To manage notifications about this bug
Sure, I updated the tracker. Not sure why it listed 3.0.0.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh URLs don't strip SSH options
To manage notifications about this bug g
+ubuntu-security
Can you please fix the USN to remove "3.0" as version with a fix from
the list? This is what everybody else seems to be copying.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
https://people.canonical.com/~ubuntu-
security/cve/2017/CVE-2017-14176.html claims that "release 3.0.0" of bzr
fixes this issue, but there is no such release.
Also, it claims that Adam Collard found the issue - while it was Augie
who first made mention of it.
--
You received this bug notificatio
This isn't actually fixed in bzr upstream, just in breezy and in the
ubuntu package.
** Changed in: bzr
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
** Changed in: bzr
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh URLs don't strip SSH options
To manage notifications about this bug
CVE-2017-14176 has been assigned for this vulnerability.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14176
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh
Hi Marc, any news on the CVE?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh URLs don't strip SSH options
To manage notifications about this bug go to:
https://bugs.launchpad.
** Changed in: bzr (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh URLs don't strip SSH options
To manage notifications about this
This bug was fixed in the package bzr - 2.6.0+bzr6593-1ubuntu1.6
---
bzr (2.6.0+bzr6593-1ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: Possible arbitrary code execution on clients
through malicious bzr+ssh URLs
- debian/patches/24_ssh_hostnames-lp1710979: ens
This bug was fixed in the package bzr - 2.7.0-2ubuntu3.1
---
bzr (2.7.0-2ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: Possible arbitrary code execution on clients
through malicious bzr+ssh URLs
- debian/patches/24_ssh_hostnames-lp1710979: ensure that host
This bug was fixed in the package bzr - 2.7.0+bzr6619-7ubuntu0.1
---
bzr (2.7.0+bzr6619-7ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: Possible arbitrary code execution on clients
through malicious bzr+ssh URLs
- debian/patches/24_ssh_hostnames-lp1710979: ensu
** Changed in: brz
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
bzr+ssh URLs don't strip SSH options
To manage notifications about this bug go
I've just done so.
** Information type changed from Private Security to Public
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710979
Title:
15 matches
Mail list logo