Refuse non-https URLs

Bug #1039084 reported by Ken VanDine on 2012-08-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Online Accounts: Sign-on UI
Undecided
Alberto Mardegan
account-plugins (Ubuntu)
Undecided
Unassigned
signon-ui (Ubuntu)
High
Unassigned

Bug Description

Based on feedback from the security team in the MIR review bug 1029549, signon-ui needs to only load https URLS.

Related branches

Changed in signon-ui (Ubuntu):
milestone: none → ubuntu-12.10
assignee: nobody → Alberto Mardegan (mardy)
importance: Undecided → High
status: New → Triaged
Alberto Mardegan (mardy) on 2012-08-30
Changed in online-accounts-signon-ui:
assignee: nobody → Alberto Mardegan (mardy)
Changed in signon-ui (Ubuntu):
assignee: Alberto Mardegan (mardy) → nobody
Changed in online-accounts-signon-ui:
status: New → In Progress
Alberto Mardegan (mardy) on 2012-08-31
Changed in online-accounts-signon-ui:
status: In Progress → Fix Committed
Changed in online-accounts-signon-ui:
status: Fix Committed → Fix Released
Changed in account-plugins (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in signon-ui (Ubuntu):
milestone: ubuntu-12.10 → ubuntu-12.10-beta-2
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package signon-ui - 0.7-0ubuntu1

---------------
signon-ui (0.7-0ubuntu1) quantal; urgency=low

  * New upstream release.
    - protect webkit from untrusted content, only allow https (LP: #1039084)
  * -debian/patches/unit_tests_only.patch, merged upstream
 -- Ken VanDine <email address hidden> Fri, 07 Sep 2012 09:33:56 -0400

Changed in signon-ui (Ubuntu):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package account-plugins - 0.7-0ubuntu1

---------------
account-plugins (0.7-0ubuntu1) quantal; urgency=low

  * New upstream release.
    - Updates to work with signon-ui >= 0.7 which requires https (LP: #1039084)
  * -debian/patches/py3.patch
    - merged upstream
 -- Ken VanDine <email address hidden> Fri, 07 Sep 2012 09:34:51 -0400

Changed in account-plugins (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers