Comment 8 for bug 1927677
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: novnc allowing open direction which could potentially be used for phishing | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Thanks for digging into this, Melanie! I've ended the embargo and switched to Public Security given the relatively low risk this represents and its relationship with known issues in WebSockify/stdlib.
If the patch is sufficient and gets backported to stable branches, we could issue an advisory (class A in our report taxonomy). We could also consider it a workaround for a bug in a dependency (class C2), but that gets into determining whether the vulnerability is in the dependency or merely in the way we're using it. I'll leave the security advisory task incomplete for the time being, and we'll see how the fix progresses in review.