UbuntuUpdates.org

Package "simplestreams"

Name: simplestreams

Description:

Library and tools for using Simple Streams data
Latest version: 0.1.0~bzr341-0ubuntu2.3
Release: trusty (14.04)
Level: security
Repository: universe
Homepage: http://launchpad.net/simplestreams

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "simplestreams"

All arch deb package
APT INSTALL

Other versions of "simplestreams" in Trusty

Repository Area Version
base main 0.1.0~bzr341-0ubuntu1
base universe 0.1.0~bzr341-0ubuntu1
security main 0.1.0~bzr341-0ubuntu2.3
updates universe 0.1.0~bzr341-0ubuntu2.4
updates main 0.1.0~bzr341-0ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.1.0~bzr341-0ubuntu2.3 2015-09-25 18:06:24 UTC

  simplestreams (0.1.0~bzr341-0ubuntu2.3) trusty-security; urgency=high

  * export checksummer in simplestreams.util (LP: #1499749)
    Users of simplestreams.util checksummer would get an AttributeError
    because this was moved.

 -- Scott Moser Fri, 25 Sep 2015 11:15:24 -0400
Source diff to previous version
1499749 Exception in bootresources.py prevents downloading boot pxe images

Version: 0.1.0~bzr341-0ubuntu2.2 2015-09-25 00:06:27 UTC

  simplestreams (0.1.0~bzr341-0ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: insufficient verification of GPG signatures
    allowing malicious injection into images
    - debian/patches/lp1487004-use-checksumming-reader.patch: Ensure
      that users of the BasicMirrorWriter get exceptions when importing
      data that has invalid checksum or sizes. (LP: #1487004)
    - CVE-2015-1337
    - debian/patches/lp1487004-sru-safetynet.patch:
      provide a backwards compatible behavior via setting
      SS_MISSING_ITEM_CHECKSUM_BEHAVIOR=silent. See bug for more info.

 -- Scott Moser Tue, 22 Sep 2015 17:12:43 -0400
1487004 Malicious server can bypass gpg verification and inject malicious images
CVE-2015-1337 RESERVED


About   -   Send Feedback to @ubuntu_updates