Package "simplestreams"

Name: simplestreams


Library and tools for using Simple Streams data

Latest version: 0.1.0~bzr341-0ubuntu2.3
Release: trusty (14.04)
Level: security
Repository: universe
Homepage: http://launchpad.net/simplestreams


Download "simplestreams"

Other versions of "simplestreams" in Trusty

Repository Area Version
base main 0.1.0~bzr341-0ubuntu1
base universe 0.1.0~bzr341-0ubuntu1
security main 0.1.0~bzr341-0ubuntu2.3
updates universe 0.1.0~bzr341-0ubuntu2.4
updates main 0.1.0~bzr341-0ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Version: 0.1.0~bzr341-0ubuntu2.3 2015-09-25 18:06:24 UTC

  simplestreams (0.1.0~bzr341-0ubuntu2.3) trusty-security; urgency=high

  * export checksummer in simplestreams.util (LP: #1499749)
    Users of simplestreams.util checksummer would get an AttributeError
    because this was moved.

 -- Scott Moser Fri, 25 Sep 2015 11:15:24 -0400

Source diff to previous version
1499749 Exception in bootresources.py prevents downloading boot pxe images

Version: 0.1.0~bzr341-0ubuntu2.2 2015-09-25 00:06:27 UTC

  simplestreams (0.1.0~bzr341-0ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: insufficient verification of GPG signatures
    allowing malicious injection into images
    - debian/patches/lp1487004-use-checksumming-reader.patch: Ensure
      that users of the BasicMirrorWriter get exceptions when importing
      data that has invalid checksum or sizes. (LP: #1487004)
    - CVE-2015-1337
    - debian/patches/lp1487004-sru-safetynet.patch:
      provide a backwards compatible behavior via setting
      SS_MISSING_ITEM_CHECKSUM_BEHAVIOR=silent. See bug for more info.

 -- Scott Moser Tue, 22 Sep 2015 17:12:43 -0400

1487004 Malicious server can bypass gpg verification and inject malicious images
CVE-2015-1337 RESERVED

About   -   Send Feedback to @ubuntu_updates