[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
** Changed in: canonical-devices-system-image Status: Confirmed = Fix Released ** Changed in: canonical-devices-system-image Milestone: ww24-2015 = ww22-2015 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
do we need to poke this into the next image? ** Changed in: canonical-devices-system-image Status: New = Confirmed ** Changed in: canonical-devices-system-image Assignee: (unassigned) = Bill Filler (bfiller) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
This bug was fixed in the package content-hub - 0.0+15.10.20150603-0ubuntu1 --- content-hub (0.0+15.10.20150603-0ubuntu1) wily; urgency=medium [ Ken VanDine ] * SECURITY UPDATE: file disclosure via unchecked AppArmor profile (LP: #1456628) Don't allow exporting of files that aren't allowed by the source apparmor profile CVE-2015-1327 (LP: #1456628) -- CI Train Bot ci-train-...@canonical.com Wed, 03 Jun 2015 17:45:36 + ** Changed in: content-hub (Ubuntu) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
This does not constitute an emergency update and as such it should follow any other criteria for OTA. It is marked Critical, so it seems a candidate, but it shouldn't be rushed (ie, it should follow landing procedures, QA signoff, etc). I think if the timing is ok with the release team, targeting OTA-4 is fine, but if it isn't, OTA-5 is ok. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
** Also affects: canonical-devices-system-image Importance: Undecided Status: New ** Changed in: canonical-devices-system-image Milestone: None = ww24-2015 ** Changed in: canonical-devices-system-image Importance: Undecided = Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
** Changed in: content-hub (Ubuntu Vivid) Importance: Undecided = Critical ** Changed in: content-hub (Ubuntu Vivid) Status: New = In Progress ** Changed in: content-hub (Ubuntu Vivid) Assignee: (unassigned) = Ken VanDine (ken-vandine) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
This bug was fixed in the package content-hub - 0.0+15.04.20150331-0ubuntu1.0 --- content-hub (0.0+15.04.20150331-0ubuntu1.0) vivid-security; urgency=medium * SECURITY UPDATE: file disclosure via unchecked AppArmor profile (LP: #1456628) - debian/patches/lp1456628.patch: Don't allow exporting of files that aren't allowed by the source apparmor profile - CVE-2015-1327 -- Ken VanDine ken.vand...@canonical.com Mon, 01 Jun 2015 11:17:27 -0400 ** Changed in: content-hub (Ubuntu Vivid) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1456628] Re: DBUS API doesn't prevent confined apps from passing paths to files without access
** Changed in: content-hub (Ubuntu) Status: Fix Released = In Progress ** Changed in: content-hub (Ubuntu) Assignee: (unassigned) = Ken VanDine (ken-vandine) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs