2018-01-19 13:27:40 |
TJ |
bug |
|
|
added bug |
2018-01-19 13:32:14 |
Dimitri John Ledkov |
update-manager (Ubuntu): assignee |
|
Steve Langasek (vorlon) |
|
2018-01-19 13:36:01 |
Marc Deslauriers |
information type |
Public |
Public Security |
|
2018-01-22 16:07:10 |
Brian Murray |
tags |
|
rls-bb-incoming |
|
2018-02-01 16:21:26 |
Steve Langasek |
nominated for series |
|
Ubuntu Bionic |
|
2018-02-01 16:21:26 |
Steve Langasek |
bug task added |
|
update-manager (Ubuntu Bionic) |
|
2018-02-01 16:21:51 |
Steve Langasek |
update-manager (Ubuntu Bionic): assignee |
Steve Langasek (vorlon) |
|
|
2018-02-01 16:22:13 |
Steve Langasek |
update-manager (Ubuntu Bionic): importance |
Undecided |
High |
|
2018-02-01 16:22:15 |
Steve Langasek |
update-manager (Ubuntu Bionic): status |
New |
Triaged |
|
2018-02-01 16:25:22 |
Steve Langasek |
tags |
rls-bb-incoming |
|
|
2018-02-15 19:50:27 |
Francis Ginther |
tags |
|
id-5a733ec9244ad5f76d9cf9c8 |
|
2018-03-15 10:19:57 |
Julian Andres Klode |
bug task added |
|
ubuntu-release-upgrader (Ubuntu) |
|
2018-03-15 10:22:12 |
Launchpad Janitor |
branch linked |
|
lp:~juliank/ubuntu-release-upgrader/https-changelogs |
|
2018-03-15 10:22:48 |
Launchpad Janitor |
branch linked |
|
lp:~juliank/update-manager/https-changelogs |
|
2018-03-15 13:21:55 |
Julian Andres Klode |
ubuntu-release-upgrader (Ubuntu Bionic): status |
New |
Fix Committed |
|
2018-03-15 13:21:56 |
Julian Andres Klode |
update-manager (Ubuntu Bionic): status |
Triaged |
In Progress |
|
2018-03-15 13:21:58 |
Julian Andres Klode |
update-manager (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2018-03-15 13:22:01 |
Julian Andres Klode |
ubuntu-release-upgrader (Ubuntu Bionic): importance |
Undecided |
High |
|
2018-03-15 17:54:50 |
Launchpad Janitor |
update-manager (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2018-03-22 01:54:11 |
Launchpad Janitor |
ubuntu-release-upgrader (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2019-06-25 13:12:43 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Xenial |
|
2019-06-25 13:12:43 |
Julian Andres Klode |
bug task added |
|
update-manager (Ubuntu Xenial) |
|
2019-06-25 13:12:43 |
Julian Andres Klode |
bug task added |
|
ubuntu-release-upgrader (Ubuntu Xenial) |
|
2019-08-16 12:39:15 |
Francis Ginther |
tags |
id-5a733ec9244ad5f76d9cf9c8 |
id-5a733ec9244ad5f76d9cf9c8 id-5ce6d6855257155f211b5d3f |
|
2019-08-19 11:35:39 |
Julian Andres Klode |
description |
Although the packages listed in meta-release files on changelogs.ubuntu.com are signature-checked there doesn't appear to be any way to verify the meta-release files are valid so a man-in-the-middle could maliciously supply an alternate meta-release.
meta-release files should be signed with the archive GPG key and/or delivered over HTTPS. |
[Impact]
Although the packages listed in meta-release files on changelogs.ubuntu.com are signature-checked there doesn't appear to be any way to verify the meta-release files are valid so a man-in-the-middle could maliciously supply an alternate meta-release.
meta-release files should be signed with the archive GPG key and/or delivered over HTTPS.
[Test case]
Block port 80 access to changelogs.ubuntu.com and check that do-release-upgrade still works
[Regression potential]
This breaks any clients behind a proxy where HTTPS is not allowed. |
|
2019-08-19 11:35:52 |
Julian Andres Klode |
description |
[Impact]
Although the packages listed in meta-release files on changelogs.ubuntu.com are signature-checked there doesn't appear to be any way to verify the meta-release files are valid so a man-in-the-middle could maliciously supply an alternate meta-release.
meta-release files should be signed with the archive GPG key and/or delivered over HTTPS.
[Test case]
Block port 80 access to changelogs.ubuntu.com and check that do-release-upgrade still works
[Regression potential]
This breaks any clients behind a proxy where HTTPS is not allowed. |
[Impact]
Although the packages listed in meta-release files on changelogs.ubuntu.com are signature-checked there doesn't appear to be any way to verify the meta-release files are valid so a man-in-the-middle could maliciously supply an alternate meta-release.
meta-release files should be signed with the archive GPG key and/or delivered over HTTPS.
[Test case]
Block port 80 access to changelogs.ubuntu.com and check that do-release-upgrade still works
[Regression potential]
This breaks any clients behind a proxy where HTTPS (CONNECT on the proxy) is not allowed. |
|
2019-08-26 11:58:36 |
Julian Andres Klode |
ubuntu-release-upgrader (Ubuntu Xenial): status |
New |
In Progress |
|
2019-08-26 11:58:44 |
Julian Andres Klode |
ubuntu-release-upgrader (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2019-08-26 11:58:45 |
Julian Andres Klode |
update-manager (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2019-08-26 11:58:57 |
Julian Andres Klode |
update-manager (Ubuntu Xenial): status |
New |
In Progress |
|
2019-09-24 20:45:34 |
Brian Murray |
update-manager (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2019-09-24 20:45:39 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-09-24 20:45:42 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2019-09-24 20:45:46 |
Brian Murray |
tags |
id-5a733ec9244ad5f76d9cf9c8 id-5ce6d6855257155f211b5d3f |
id-5a733ec9244ad5f76d9cf9c8 id-5ce6d6855257155f211b5d3f verification-needed verification-needed-xenial |
|
2019-10-02 08:58:53 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~juliank/ubuntu/+source/ubuntu-release-upgrader/+git/ubuntu-release-upgrader/+merge/373494 |
|
2019-10-03 16:49:19 |
Brian Murray |
ubuntu-release-upgrader (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2019-10-10 11:11:47 |
Julian Andres Klode |
tags |
id-5a733ec9244ad5f76d9cf9c8 id-5ce6d6855257155f211b5d3f verification-needed verification-needed-xenial |
id-5a733ec9244ad5f76d9cf9c8 id-5ce6d6855257155f211b5d3f verification-done verification-done-xenial |
|
2019-10-10 22:35:13 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-10-10 22:38:51 |
Launchpad Janitor |
ubuntu-release-upgrader (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2019-10-10 22:45:19 |
Launchpad Janitor |
update-manager (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2023-11-20 15:53:56 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~nteodosio/update-manager/+git/update-manager/+merge/455893 |
|
2023-11-20 15:57:17 |
Nathan Teodosio |
merge proposal unlinked |
https://code.launchpad.net/~nteodosio/update-manager/+git/update-manager/+merge/455893 |
|
|
2023-11-22 15:44:25 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Sebastien Bacher |
2023-11-22 16:19:51 |
Sebastien Bacher |
removed subscriber Sebastien Bacher |
|
|
|