[Bug 1469653] Re: CVE-2014-0224 not fixed for python-openssl based servers
It seems this bug report is invalid after all. While the main system was fully updated, it appears the actual server was running in a 'debootstrap' generated chroot that, while updated regularly, was missing security related entries from the sources.list inside the chroot environment. Please remove this bug report, its invalid. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1469653 Title: CVE-2014-0224 not fixed for python-openssl based servers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1469653] Re: CVE-2014-0224 not fixed for python-openssl based servers
Also please note that the server code Tyler referenced to, as far as I can determine, imports 'ssl' from the libpython2.7-minimal package. This bug however seems to relate to the python-openssl package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1469653 Title: CVE-2014-0224 not fixed for python-openssl based servers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1469653] Re: CVE-2014-0224 not fixed for python-openssl based servers
A stripped down version of the server code used. Using this code on a fully patched Ubuntu 14.04 server, ssllabs will report: This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F. ** Attachment added: Demo server code https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+attachment/4424979/+files/demo.py -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1469653 Title: CVE-2014-0224 not fixed for python-openssl based servers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1469653] [NEW] CVE-2014-0224 not fixed for python-openssl based servers
Public bug reported: When creating a minimal https based server in python using 'from OpenSSL import SSL' on a fully patched Ubuntu 14.04 system, the OpenSSL bug as reported in CVE-2014-0224 seems to persist for that server. A C++ implementation with the same functionality on the same system does not show such issues so it would appear that its specific to python-openssl . The existence of this bug can be validated by running a simple python based https server that uses the Python OpenSSL module on a public IP adress and using the web form as provided on https://www.ssllabs.com/ssltest/ ** Affects: pyopenssl (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1469653 Title: CVE-2014-0224 not fixed for python-openssl based servers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826613] Re: [needs-packaging] JsonMe++
The source tree already contains packaging files for Ubuntu 64 bits (jsonme++/DEBIAN/* ) and a package can be build after make by invoking the script named makedepstuff.sh. So basically the bug 'needs packaging' should be almost fixed. I could use some help in getting this issue moved to the next stage of acceptance. ** Changed in: ubuntu Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826613 Title: [needs-packaging] JsonMe++ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826613/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826613] Re: [needs-packaging] JsonMe++
The source tree already contains packaging files for Ubuntu 64 bits ( ) and a package can be buikd after make by invoking the script named makedepstuff.sh. So basically the bug 'needs packaging' should be almost fixed. I could use some help in getting this issue moved to the next stage of acceptance. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826613 Title: [needs-packaging] JsonMe++ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826613/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826620] Re: [needs-packaging] dynr-pbrouting
As stated in the bug description, the source tree of this project contains the script build.sh that makes an architecture independant package using the files in dynr-pbrouting/DEBIAN. I could use some help getting this bug from this package to the next stage. ** Changed in: ubuntu Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826620 Title: [needs-packaging] dynr-pbrouting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 938533] [NEW] [needs-packaging] dynr-pbdns
Public bug reported: The DynrLite-II project ( http://robklpd.github.com/dynrlite-ii/ ) allows placing a so called dynamic router between a lan that contains workstations and a lan that contains internet gateways. The dynamic router has a simple web interface that lets the users on the workstations pick or switch what gateway they want to use. The dynr-pbdns package provides the core policy based DNS package consisting of an upstart startup and teardown script, a dbus service and a simple commandline tool for administration purposes and a policy based DNS proxy server for forwarding dns queries to the proper next-hop router. The dynr-pbdns package is written partly in python and partly in C++. Other components of the DynrLite-II project are dynr-pbrouting (A policy based routing core) and dynr-web (the web interface) URL: https://github.com/robklpd/dynr-pbns License: LGPL Note: The main target of the project's makefile is already the package (for 64 bit ubuntu) build using the packaging files under dynr-dns/DEBIAN/* Hope the existence of this package can move this package quickly pass the 'wishlist'state and into the next step of getting this package accepted. ** Affects: ubuntu Importance: Undecided Status: New ** Tags: needs-packaging -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/938533 Title: [needs-packaging] dynr-pbdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/938533/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 938536] [NEW] [needs-packaging] dynr-web
Public bug reported: The DynrLite-II project ( http://robklpd.github.com/dynrlite-ii/ ) allows placing a so called dynamic router between a lan that contains workstations and a lan that contains internet gateways. The dynamic router has a simple web interface that lets the users on the workstations pick or switch what gateway they want to use. The dynr-web package the web frontend for the dynamic router system. The dynr-web package is written partly in python and partly in (client-side) JavaScript. Other components of the DynrLite-II project are dynr-pbrouting (A policy based routing core) and dynr-pbdns (a policy based DNS core) URL: https://github.com/robklpd/dynr-web License: LGPL Note: The source tree already contains a build.sh script that creates an architecture independent package using the packaging files under dynr-web/DEBIAN/* Hope the existence of this package can move this package quickly pass the 'wishlist'state and into the next step of getting this package accepted. ** Affects: ubuntu Importance: Undecided Status: New ** Tags: needs-packaging -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/938536 Title: [needs-packaging] dynr-web To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/938536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826613] [NEW] [needs-packaging] JsonMe++
Public bug reported: JsonMe++ is a convenience C++ wrapper library for JSON-Glib providing friendly syntactic sugar for parsing JSON URL: https://github.com/pibara/jsonme-- License: LGPL Note: The source tree already contains a script 'makedepstuff.sh' for building a simple package from this. [needs-packaging] JsonMe++ The JsonMe++ (JSON Made easy for C++) library is a C++ wrapper for the JSON-Glib C library. The library makes heavy use of C++ syntactic sugar type C++ language constructs, most notably the subscript operator and cast operator as essential API components, that make this JSON library extremely simple to use. As a result, access to a deeply nested value from a piece of JSON data can be expressed as simple as for example: long long bar=rootnode[foolist][index][bar]; URL: https://github.com/pibara/jsonme-- License: LGPL ** Affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826613 Title: [needs-packaging] JsonMe++ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826613/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826620] Re: [needs-packaging] dynr-pbrouting
Note: depends on 826613 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826620 Title: [needs-packaging] dynr-pbrouting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826620] [NEW] [needs-packaging] dynr-pbrouting
Public bug reported: The DynrLite-II project allows placing a so called dynamic router between a lan that contains workstations and a lan that contains internet gateways. The dynamic router has a simple web interface that lets the users on the workstations pick or switch what gateway they want to use. The dynr-pbrouting package provides the core policy based routing package consisting of an upstart startup and teardown script, a dbus service and a simple commandline tool for administration purposes. The dynr-pbrouting package is written purely in python and leans heavily on functionality provided by iproute2. Other components of the DynrLite-II project are dynr-pbdns (A policy based dns forwarder) and dynr-web (the web interface) URL: https://github.com/robklpd/dynr-pbrouting License: LGPL Note: The source tree already contains a script 'build.sh' for building a simple package from this. ** Affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826620 Title: [needs-packaging] dynr-pbrouting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826620] Re: [needs-packaging] dynr-pbrouting
** Tags added: needs-packaging -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826620 Title: [needs-packaging] dynr-pbrouting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826613] Re: [needs-packaging] JsonMe++
** Tags added: needs-packaging -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826613 Title: [needs-packaging] JsonMe++ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/826613/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs