unity-scope-video-remote server field should use "https" for privacy
Bug #1071079 reported by
Benjamin Kerensa
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Unity Remote Videos scope |
Fix Released
|
Low
|
Unassigned | ||
unity-scope-video-remote (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Precise |
Fix Released
|
Low
|
Timo Jyrinki | ||
Quantal |
Fix Released
|
Low
|
Timo Jyrinki |
Bug Description
[Impact]
The video scope uses http instead of https, allowing user queries to be potentially intercepted.
[Test Case]
Use the video lens after the fix, check network traffic so that https is used instead of http.
[Regression Potential]
Low, the servers answers identically to https/SSL requests.
--
What happened: SERVER = "http://
What was expected: SERVER = "https:/
Without SSL this scope would allow users queries to be intercepted and have malicious results returned if MitM took place.
Related branches
lp:~bkerensa/unity-scope-video-remote/fix-for-1071079
Rejected
for merging
into
lp:unity-scope-video-remote
- Unity Videos lens: Pending requested
-
Diff: 12 lines (+1/-1)1 file modifiedsrc/unity-scope-video-remote (+1/-1)
lp:~mhr3/unity-lens-video/remote-scope-use-https
- Paweł Stołowski (community): Approve
-
Diff: 21 lines (+3/-1)1 file modifiedsrc/unity-scope-video-remote (+3/-1)
lp:~unity-team/unity-lens-video/unity-scope-video-remote-precise
- Sebastien Bacher: Approve
-
Diff: 117 lines (+42/-16)4 files modifiedMANIFEST.in (+4/-0)
debian/changelog (+15/-0)
debian/control (+3/-1)
src/unity-scope-video-remote (+20/-15)
lp:~timo-jyrinki/ubuntu/quantal/unity-scope-video-remote/ubuntu.0310_11
- Sebastien Bacher: Approve
- Ubuntu branches: Pending requested
-
Diff: 36 lines (+10/-1)2 files modifieddebian/changelog (+7/-0)
src/unity-scope-video-remote (+3/-1)
description: | updated |
Changed in unity-scope-video-remote: | |
status: | New → Fix Released |
importance: | Undecided → Low |
Changed in unity-scope-video-remote (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → Low |
Changed in unity-scope-video-remote (Ubuntu Precise): | |
importance: | Undecided → Low |
Changed in unity-scope-video-remote (Ubuntu Quantal): | |
importance: | Undecided → Low |
Changed in unity-scope-video-remote (Ubuntu Precise): | |
status: | New → In Progress |
Changed in unity-scope-video-remote (Ubuntu Quantal): | |
status: | New → In Progress |
Changed in unity-scope-video-remote (Ubuntu Quantal): | |
assignee: | nobody → Timo Jyrinki (timo-jyrinki) |
Changed in unity-scope-video-remote (Ubuntu Precise): | |
assignee: | nobody → Timo Jyrinki (timo-jyrinki) |
To post a comment you must log in.
Hello Benjamin, or anyone else affected,
Accepted unity-scope- video-remote into precise-proposed. The package will build now and be available at http:// launchpad. net/ubuntu/ +source/ unity-scope- video-remote/ 0.3.5-0ubuntu2. 2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!