| 2015-03-23 15:49:56 |
hgre |
bug |
|
|
added bug |
| 2015-03-23 15:50:13 |
hgre |
information type |
Private Security |
Public |
|
| 2015-03-23 15:56:42 |
hgre |
information type |
Public |
Public Security |
|
| 2015-03-23 15:57:01 |
hgre |
cve linked |
|
2014-3207 |
|
| 2015-06-08 21:42:01 |
Micah Gersten |
description |
Binary package hint: sks
Since sks servers running versions < 1.15 will not be included within sks.keyserver pool
attached is the changelog between 1.1.4 to 1.1.5 from https://bitbucket.org/skskeyserver/sks-keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default
Maybe it is also kind of security related due to CVE-2014-3207
Thanx in advance
1.1.5
- Fixes for machine-readable indices. Key expiration times are now read
from self-signatures on the key's UIDs. In addition, instead of 8-digit
key IDs, index entries now return the most specific key ID possible:
16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
- Add metadata information (number of keys, number of files,
checksums, etc) to key dump. This allows for information on the
key dump ahead of download/import, and direct verification of checksums
using md5sum -c <metadata-file>.
- Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
- Upgraded to cryptlib-1.7 and own changes are now packaged as separate
patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
- Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
- op=hget now supports option=mr for completeness (BB issue #17)
- Add CORS header to web server responses. Allows JavaScript code to
interact with keyservers, for example the OpenPGP.js project.
- Change the default hkp_address and recon_address to making the
default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
- Only use '-warn-error A' if the source is marked as development as per
the version suffix (+) (part of BB Issue #2)
- Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
- Add additional OIDs for ECC RFC6637 style implementations
(brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
- Fix a non-persistent cross-site scripting possibility resulting from
improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207) |
Binary package hint: sks
Since sks servers running versions < 1.15 will not be included within sks.keyserver pool
attached is the changelog between 1.1.4 to 1.1.5 from https://bitbucket.org/skskeyserver/sks-keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default
Maybe it is also kind of security related due to CVE-2014-3207
Thanx in advance
1.1.5
- Fixes for machine-readable indices. Key expiration times are now read
from self-signatures on the key's UIDs. In addition, instead of 8-digit
key IDs, index entries now return the most specific key ID possible:
16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
- Add metadata information (number of keys, number of files,
checksums, etc) to key dump. This allows for information on the
key dump ahead of download/import, and direct verification of checksums
using md5sum -c <metadata-file>.
- Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
- Upgraded to cryptlib-1.7 and own changes are now packaged as separate
patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
- Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
- op=hget now supports option=mr for completeness (BB issue #17)
- Add CORS header to web server responses. Allows JavaScript code to
interact with keyservers, for example the OpenPGP.js project.
- Change the default hkp_address and recon_address to making the
default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
- Only use '-warn-error A' if the source is marked as development as per
the version suffix (+) (part of BB Issue #2)
- Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
- Add additional OIDs for ECC RFC6637 style implementations
(brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
- Fix a non-persistent cross-site scripting possibility resulting from
improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
Testing:
========
Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.
You can test-build the backport in your PPA with backportpackage:
$ backportpackage -u ppa:<lp username>/<ppa name> -s utopic -d trusty sks
* trusty:
[ ] Package builds without modification
[ ] sks installs cleanly and runs |
|
| 2015-06-08 21:48:18 |
Micah Gersten |
trusty-backports: status |
New |
Incomplete |
|
| 2015-08-02 18:08:07 |
hgre |
description |
Binary package hint: sks
Since sks servers running versions < 1.15 will not be included within sks.keyserver pool
attached is the changelog between 1.1.4 to 1.1.5 from https://bitbucket.org/skskeyserver/sks-keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default
Maybe it is also kind of security related due to CVE-2014-3207
Thanx in advance
1.1.5
- Fixes for machine-readable indices. Key expiration times are now read
from self-signatures on the key's UIDs. In addition, instead of 8-digit
key IDs, index entries now return the most specific key ID possible:
16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
- Add metadata information (number of keys, number of files,
checksums, etc) to key dump. This allows for information on the
key dump ahead of download/import, and direct verification of checksums
using md5sum -c <metadata-file>.
- Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
- Upgraded to cryptlib-1.7 and own changes are now packaged as separate
patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
- Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
- op=hget now supports option=mr for completeness (BB issue #17)
- Add CORS header to web server responses. Allows JavaScript code to
interact with keyservers, for example the OpenPGP.js project.
- Change the default hkp_address and recon_address to making the
default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
- Only use '-warn-error A' if the source is marked as development as per
the version suffix (+) (part of BB Issue #2)
- Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
- Add additional OIDs for ECC RFC6637 style implementations
(brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
- Fix a non-persistent cross-site scripting possibility resulting from
improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
Testing:
========
Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.
You can test-build the backport in your PPA with backportpackage:
$ backportpackage -u ppa:<lp username>/<ppa name> -s utopic -d trusty sks
* trusty:
[ ] Package builds without modification
[ ] sks installs cleanly and runs |
Binary package hint: sks
Since sks servers running versions < 1.15 will not be included within sks.keyserver pool
attached is the changelog between 1.1.4 to 1.1.5 from https://bitbucket.org/skskeyserver/sks-keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default
Maybe it is also kind of security related due to CVE-2014-3207
Thanx in advance
1.1.5
- Fixes for machine-readable indices. Key expiration times are now read
from self-signatures on the key's UIDs. In addition, instead of 8-digit
key IDs, index entries now return the most specific key ID possible:
16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
- Add metadata information (number of keys, number of files,
checksums, etc) to key dump. This allows for information on the
key dump ahead of download/import, and direct verification of checksums
using md5sum -c <metadata-file>.
- Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
- Upgraded to cryptlib-1.7 and own changes are now packaged as separate
patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
- Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
- op=hget now supports option=mr for completeness (BB issue #17)
- Add CORS header to web server responses. Allows JavaScript code to
interact with keyservers, for example the OpenPGP.js project.
- Change the default hkp_address and recon_address to making the
default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
- Only use '-warn-error A' if the source is marked as development as per
the version suffix (+) (part of BB Issue #2)
- Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
- Add additional OIDs for ECC RFC6637 style implementations
(brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
- Fix a non-persistent cross-site scripting possibility resulting from
improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
Testing:
========
Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.
You can test-build the backport in your PPA with backportpackage:
$ backportpackage -u ppa:<lp username>/<ppa name> -s utopic -d trusty sks
* trusty:
[*] Package builds without modification
[*] sks installs cleanly and runs
Sorry for the late reply both works fine. |
|
| 2015-08-04 02:01:44 |
Micah Gersten |
trusty-backports: status |
Incomplete |
Confirmed |
|
| 2015-08-04 02:01:50 |
Micah Gersten |
trusty-backports: importance |
Undecided |
Wishlist |
|
| 2021-11-16 21:53:59 |
Dan Streetman |
trusty-backports: status |
Confirmed |
Won't Fix |
|
