apparmor-easyprof-ubuntu (1.1.11) trusty; urgency=medium
* 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
fallback mechanism to QtWebKit works correctly. This is needed so 13.10
framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
@{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
prevent information disclosure so once LP: 1260048 is fixed in oxide, we
can remove the read access.
Leaving the apparmor-easyprof-ubuntu task open since whenever oxide is updated
we'll want to remove the workaround policy.
** Changed in: oxide
Importance: High => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1260048
Title:
oxide should use an application specific location for pki/nss files
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260048/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
