[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2018-05-17 Thread Bernhard M. Wiedemann
fix is still missing in bzr repo ** Attachment added: "fix" https://bugs.launchpad.net/bzr/+bug/1710979/+attachment/5140728/+files/24_ssh_hostnames-lp1710979 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.n

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2018-05-12 Thread Launchpad Bug Tracker
** Branch linked: lp:~debian-bazaar/debian/sid/bzr/unstable -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh URLs don't strip SSH options To manage notifications about this bug

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-12-19 Thread Marc Deslauriers
Sure, I updated the tracker. Not sure why it listed 3.0.0. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh URLs don't strip SSH options To manage notifications about this bug g

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-12-19 Thread Jelmer Vernooij
+ubuntu-security Can you please fix the USN to remove "3.0" as version with a fix from the list? This is what everybody else seems to be copying. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-12-08 Thread Jelmer Vernooij
https://people.canonical.com/~ubuntu- security/cve/2017/CVE-2017-14176.html claims that "release 3.0.0" of bzr fixes this issue, but there is no such release. Also, it claims that Adam Collard found the issue - while it was Augie who first made mention of it. -- You received this bug notificatio

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-12-08 Thread Jelmer Vernooij
This isn't actually fixed in bzr upstream, just in breezy and in the ubuntu package. ** Changed in: bzr Status: Fix Released => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-10-13 Thread Haw Loeung
** Changed in: bzr Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh URLs don't strip SSH options To manage notifications about this bug

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-09-07 Thread Emily Ratliff
CVE-2017-14176 has been assigned for this vulnerability. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14176 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-09-05 Thread Jelmer Vernooij
Hi Marc, any news on the CVE? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh URLs don't strip SSH options To manage notifications about this bug go to: https://bugs.launchpad.

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-09-05 Thread Mathew Hodson
** Changed in: bzr (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh URLs don't strip SSH options To manage notifications about this

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-09-05 Thread Launchpad Bug Tracker
This bug was fixed in the package bzr - 2.6.0+bzr6593-1ubuntu1.6 --- bzr (2.6.0+bzr6593-1ubuntu1.6) trusty-security; urgency=medium * SECURITY UPDATE: Possible arbitrary code execution on clients through malicious bzr+ssh URLs - debian/patches/24_ssh_hostnames-lp1710979: ens

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-09-05 Thread Launchpad Bug Tracker
This bug was fixed in the package bzr - 2.7.0-2ubuntu3.1 --- bzr (2.7.0-2ubuntu3.1) xenial-security; urgency=medium * SECURITY UPDATE: Possible arbitrary code execution on clients through malicious bzr+ssh URLs - debian/patches/24_ssh_hostnames-lp1710979: ensure that host

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-09-05 Thread Launchpad Bug Tracker
This bug was fixed in the package bzr - 2.7.0+bzr6619-7ubuntu0.1 --- bzr (2.7.0+bzr6619-7ubuntu0.1) zesty-security; urgency=medium * SECURITY UPDATE: Possible arbitrary code execution on clients through malicious bzr+ssh URLs - debian/patches/24_ssh_hostnames-lp1710979: ensu

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-08-27 Thread Jelmer Vernooij
** Changed in: brz Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: bzr+ssh URLs don't strip SSH options To manage notifications about this bug go

[Bug 1710979] Re: bzr+ssh URLs don't strip SSH options

2017-08-26 Thread Jelmer Vernooij
I've just done so. ** Information type changed from Private Security to Public ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710979 Title: