Ubuntu
gui-ufw package

[SRU] Please upgrade gui-ufw to 15.04.4

Bug #1462092 reported by Devid Antonio Filoni
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gui-ufw (Ubuntu)
Fix Released
Low
Unassigned
Vivid
Won't Fix
Low
Unassigned

Bug Description

[Impact]
Please upgrade gui-ufw to 15.04.4 (bugfix only release) in vivid.

[Test Case]
Please ensure various bugs are fixed in new version. Shell injection, and profiles with english language.

[Regression Potential]
This is a bugfix only release. And addresses specific issues.

--

CHANGELOG:
    + 15.04.4
      - Fix: Migrate commands to subprocess > Fixing shell injection (LP: #1412554)
      - Fix: Allow import profile with English language (LP: #1416631)
      - Removed executable flag in config files (mask 600, not 700)
      - Updated translations
    + 15.04.3
      - Properly fix: Shell Command Injection (LP: #1410839)
    + 15.04.2
      - Fix: Shell Injection in the IP & Ports values.
    + 15.04.1
      - Fix: Shell Command Injection (LP: #1410839)
      - Fix: Not allow one interface over the same interface (LP: #1402220)
      - Fix: Not allow Both Protocol with a range of ports (LP: #1402232)
      - Updated languages

EXPLANATION OF NEW UPSTREAM RELEASE (and -proposed):
As you can see in the changelog, this new upstream release is mostly a bug fixes release (some of them are important), other changes are only translations updates.

I uploaded a copy of this package to my PPA (gui-ufw 15.04.4-0ubuntu0.1~devfil2) to prove that it actually builds. Upstream (Marcos) is very active in our community and followed and fixed all bugs in an amazing way asking for tests and so on. This package should have been already uploaded before release, upstream wrote me several email, but I missed them, sorry Marcos and sorry community, my fault.

@Marcos, can I please ask you to provide security issues patches (one for issue, keep them minimal only needed changes) for 14.10, 14.04 and 12.04 (if affected) so I can create packages and get them uploaded through security team? Thank you.

See original description
Revision history for this message
Devid Antonio Filoni (d.filoni) wrote :

I uploaded the package in vivid-proposed.

I'm uploading here a filtered debdiff to show use changes in code (translations updates are excluded) generated with:
filterdiff -x 'gui-ufw-15.04.?/po/*' debdiff > filtered_debdiff

Changed in gui-ufw (Ubuntu):
status: New → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote :

The other bugs associated with Stable Release Update are missing Ubuntu 15.04 tasks, information about the impact, regression potential and a test case.

Please add that information to those bug reports so that the SRU team can approve this SRU. Thanks!

Changed in gui-ufw (Ubuntu Vivid):
status: New → Incomplete
Revision history for this message
costales (costales) wrote : Re: [Bug 1462092] [NEW] [SRU] Please upgrade gui-ufw to 15.04.4

Hi!
The affected systems now are 14.04 & 15.04 (12.04 is not affected).
Yes David :) Of course I can to create patchs for them.
@Brian: Will be the patchs uploaded if I created them?
Best regards and thanks in advance!
Costales.

Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Devid, or anyone else affected,

Accepted gui-ufw into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gui-ufw/15.04.4-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

description: updated
Changed in gui-ufw (Ubuntu Vivid):
status: Incomplete → Fix Committed
tags: added: verification-needed
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote : [gui-ufw/vivid] verification still needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for vivid for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Mathew Hodson (mhodson)
Changed in gui-ufw (Ubuntu):
importance: Undecided → Medium
Changed in gui-ufw (Ubuntu Vivid):
importance: Undecided → Medium
Mathew Hodson (mhodson)
Changed in gui-ufw (Ubuntu):
importance: Medium → Low
Changed in gui-ufw (Ubuntu Vivid):
importance: Medium → Low
Changed in gui-ufw (Ubuntu):
importance: Low → Medium
Changed in gui-ufw (Ubuntu Vivid):
importance: Low → Medium
Changed in gui-ufw (Ubuntu):
importance: Medium → Low
Changed in gui-ufw (Ubuntu Vivid):
importance: Medium → Low
Mathew Hodson (mhodson)
Changed in gui-ufw (Ubuntu Vivid):
status: Fix Committed → Won't Fix
Revision history for this message
Martin Pitt (pitti) wrote : Proposed package removed from archive

The version of gui-ufw in the proposed pocket of Vivid that was purported to fix this bug report has been removed because the bugs that were to be fixed by the upload were not verified in a timely (105 days) fashion.

tags: removed: verification-needed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.