Ubuntu
openconnect package

  1. Bug #1655279
  2. Activity log

Activity log for bug #1655279

Date Who What changed Old value New value Message
2017-01-10 09:27:42 Dan Lenski bug added bug
2017-01-10 09:27:42 Dan Lenski attachment added juniper_logout.patch https://bugs.launchpad.net/bugs/1655279/+attachment/4802292/+files/juniper_logout.patch
2017-01-10 09:28:10 Dan Lenski information type Private Security Public Security
2017-01-10 09:28:32 Dan Lenski description The Juniper protocol lacks a .vpn_close_session function; without logout, the VPN cookie remains active and can be used to restart the session from an unrelated computer. This is a security hazard, especially when passing around OpenConnect logs on the mailing list for development and troubleshooting. Patch is straightforward: http://lists.infradead.org/pipermail/openconnect-devel/2017-January/004161.html (Ubuntu 16.04.1 LTS, openconnect v7.06) The Juniper protocol lacks a .vpn_close_session function; without logout, the VPN cookie remains active and can be used to restart the session from an unrelated computer. This is a security hazard, especially when passing around OpenConnect logs on the mailing list for development and troubleshooting. Patch is straightforward: http://lists.infradead.org/pipermail/openconnect-devel/2017-January/004161.html (Ubuntu 16.04.1 LTS, openconnect v7.06)
2017-01-10 12:28:53 Ubuntu Foundations Team Bug Bot tags patch
2017-01-10 12:29:05 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2017-05-05 13:33:46 Marc Deslauriers openconnect (Ubuntu): status New Confirmed
2018-02-28 13:56:16 Launchpad Janitor openconnect (Ubuntu): status Confirmed Fix Released