This bug was fixed in the package unity-chromium-extension -
2.4.4-0ubuntu0.2
---
unity-chromium-extension (2.4.4-0ubuntu0.2) quantal-security; urgency=low
* New upstream release.
- No installation process triggered when a url matches more than one URL
in the list of avail
** Branch linked: lp:~ken-vandine/unity-firefox-extension/unwind
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same Origin Policy checks via toDataURL()
To manage notificati
This bug was fixed in the package webapps-applications - 2.4.10-0ubuntu3
---
webapps-applications (2.4.10-0ubuntu3) raring; urgency=low
* debian/patches/lp_1069817.patch:
- fix script breakage due to toDataUrl fix (LP: #1069817)
-- Didier RocheThu, 13 Dec 2012 13:12:01 +010
This bug was fixed in the package unity-firefox-extension -
2.4.1-0ubuntu1.2
---
unity-firefox-extension (2.4.1-0ubuntu1.2) quantal-security; urgency=low
* SECURITY UPDATE: same origin policy bypass via toDataURL() (LP: #1069817)
- debian/patches/CVE-2012-0958.patch: merge Unity
This bug was fixed in the package unity-webapps-pandora-com -
2.2ubuntu0.1
---
unity-webapps-pandora-com (2.2ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: same origin policy bypass via toDataURL() (LP: #1069817)
- pandora-com.user.js: Remove use of toDataURL.
-
This bug was fixed in the package unity-webapps-librefm - 2.2ubuntu0.1
---
unity-webapps-librefm (2.2ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: same origin policy bypass via toDataURL() (LP: #1069817)
- LibreFM.user.js: Remove use of toDataURL.
- CVE-2012-09
This bug was fixed in the package unity-webapps-facebookapps -
2.2ubuntu0.1
---
unity-webapps-facebookapps (2.2ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: same origin policy bypass via toDataURL() (LP: #1069817)
- FacebookApps.user.js: Remove use of toDataURL.
This bug was fixed in the package unity-webapps-amazoncloudreader -
2.2ubuntu0.1
---
unity-webapps-amazoncloudreader (2.2ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: same origin policy bypass via toDataURL() (LP: #1069817)
- AmazonCloudReader.user.js: Remove use o
** No longer affects: webapps-applications (Ubuntu Quantal)
** Also affects: unity-webapps-amazoncloudreader (Ubuntu)
Importance: Undecided
Status: New
** Also affects: unity-webapps-facebookapps (Ubuntu)
Importance: Undecided
Status: New
** Also affects: unity-webapps-libref
** Changed in: unity-firefox-extension (Ubuntu)
Status: Fix Committed => Fix Released
** Also affects: webapps-applications (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
The unity-firefox-extension with this fix has been in fact already
uploaded to raring with version 2.4.2-0ubuntu1:
http://launchpadlibrarian.net/124260453/unity-firefox-
extension_2.4.1-0ubuntu3_2.4.2-0ubuntu1.diff.gz
** Changed in: unity-firefox-extension (Ubuntu)
Status: New => Fix Commit
I've passed the manual test suite and everything looks good. I also
passed Amazon Cloud Reader and it worked fine.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same Origin P
Proposed updated packages for Quantal for this issue are in the security team
PPA:
https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
Scripts that have been fixed to avoid using toDataURL() API:
AmazonCloudReader, FacebookApps, GooglePlus, LibreFm, cnn-news, pandora-
com and LibreFm. The commit is available at lp:webapps-applications
revision 412 http://bazaar.launchpad.net/~webapps/webapps-
applications/trunk/revision/412?start
What's the status on the security fix for unity-firefox-extension?
I was told the fix would break API, so updated versions of the
webscripts would be uploaded, and a new unity-firefox-extension was
going to be uploaded to quantal-proposed. Has any progress been made?
--
You received this bug not
Hello Chris, or anyone else affected,
Accepted unity-chromium-extension into quantal-proposed. The package
will build now and be available at http://launchpad.net/ubuntu/+source
/unity-chromium-extension/2.4.4-0ubuntu0.1 in a few hours, and then in
the -proposed repository.
Please help us by test
** Changed in: unity-firefox-extension
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same Origin Policy checks via toDataURL()
T
This bug was fixed in the package unity-chromium-extension -
2.4.4-0ubuntu1
---
unity-chromium-extension (2.4.4-0ubuntu1) raring; urgency=low
* New upstream release.
- No installation process triggered when a url matches more than one URL
in the list of available apps (LP:
** Also affects: unity-firefox-extension (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: unity-chromium-extension (Ubuntu)
Importance: Undecided
Status: New
** Changed in: unity-chromium-extension
Status: Fix Committed => Fix Released
--
You receiv
To be more precise, from what I see it'll break, LibreFm, Pandora and
AmazonCloudReader "only".
Those will be updated in Universe ASAP.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
> Can I push the r331 commit as a security update, or will that break existing
> scripts?
no, It will break some scripts
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same O
** Changed in: unity-chromium-extension
Status: New => Fix Committed
** Changed in: unity-chromium-extension
Assignee: (unassigned) => Alexandre Abreu (abreu-alexandre)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
** Branch linked: lp:~abreu-alexandre/unity-chromium-
extension/fix-1069817
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same Origin Policy checks via toDataURL()
To manage
** Also affects: unity-chromium-extension
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same Origin Policy checks via toDataURL()
Can I push the r331 commit as a security update, or will that break
existing scripts?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1069817
Title:
Bypasses Same Origin Policy checks via toDataURL()
Seems this is public now:
http://bazaar.launchpad.net/~webapps/unity-firefox-
extension/trunk/revision/331
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
26 matches
Mail list logo