Arbitrary file disclosure via MITM of twitter feed
Bug #991982 reported by
Marc Deslauriers
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ubiquity-slideshow-ubuntu (Ubuntu) |
Fix Released
|
Critical
|
Stéphane Graber | ||
| Precise |
Fix Released
|
Critical
|
Stéphane Graber | ||
| Quantal |
Fix Released
|
Critical
|
Stéphane Graber | ||
Bug Description
Received via <email address hidden>:
Hi security team,
I discovered a security vulnerability in the Ubuntu Desktop 12.04
installer. I have attached a detailed description of the vulnerability,
along with an example of how it can be exploited by a remote attacker.
I have not disclosed these details to any other parties. Please keep me
updated with progress!
Cheers,
Paul.
Also see pdf attachment for more details.
CVE References
| Changed in ubiquity-slideshow-ubuntu (Ubuntu): | |
| milestone: | none → ubuntu-12.04.1 |
| Changed in ubiquity-slideshow-ubuntu (Ubuntu): | |
| assignee: | nobody → Stéphane Graber (stgraber) |
| importance: | Undecided → Critical |
| status: | Confirmed → Triaged |
| no longer affects: | ubiquity (Ubuntu) |
| no longer affects: | ubiquity-slideshow-ubuntu (Ubuntu Oneiric) |
| Changed in ubiquity-slideshow-ubuntu (Ubuntu Precise): | |
| status: | New → Triaged |
| importance: | Undecided → Critical |
| assignee: | nobody → Stéphane Graber (stgraber) |
| milestone: | none → ubuntu-12.04.1 |
| Changed in ubiquity-slideshow-ubuntu (Ubuntu Quantal): | |
| milestone: | ubuntu-12.04.1 → ubuntu-12.10-beta-1 |
| visibility: | private → public |
To post a comment you must log in.

Evan,
Could you take a look at this and confirm the vulnerability, and see where this should get fixed?
Thanks.