Ubuntu
signon-ui package

Refuse non-https URLs

Bug #1039084 reported by Ken VanDine on 2012-08-20

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Online Accounts: Sign-on UI	Fix Released	Undecided	Alberto Mardegan
account-plugins (Ubuntu)	Fix Released	Undecided	Unassigned	Ubuntu ubuntu-12.10-beta-2
signon-ui (Ubuntu)	Fix Released	High	Unassigned	Ubuntu ubuntu-12.10-beta-2

Bug Description

Based on feedback from the security team in the MIR review bug 1029549, signon-ui needs to only load https URLS.

Related branches

lp:~mardy/signon-ui/webkit-security

Merged into lp:signon-ui at revision 53

jenkins (community): Needs Fixing (continuous-integration) on 2012-08-31

David King (community): Approve on 2012-08-31

lp:ubuntu/quantal/account-plugins

Ken VanDine (ken-vandine) on 2012-08-20

Changed in signon-ui (Ubuntu):
milestone:	none → ubuntu-12.10
assignee:	nobody → Alberto Mardegan (mardy)
importance:	Undecided → High
status:	New → Triaged

Alberto Mardegan (mardy) on 2012-08-30

Changed in online-accounts-signon-ui:
assignee:	nobody → Alberto Mardegan (mardy)
Changed in signon-ui (Ubuntu):
assignee:	Alberto Mardegan (mardy) → nobody
Changed in online-accounts-signon-ui:
status:	New → In Progress

Alberto Mardegan (mardy) on 2012-08-31

Changed in online-accounts-signon-ui:
status:	In Progress → Fix Committed

Ken VanDine (ken-vandine) on 2012-09-04

Changed in online-accounts-signon-ui:
status:	Fix Committed → Fix Released

Ken VanDine (ken-vandine) on 2012-09-06

Changed in account-plugins (Ubuntu):
milestone:	none → ubuntu-12.10-beta-2
Changed in signon-ui (Ubuntu):
milestone:	ubuntu-12.10 → ubuntu-12.10-beta-2

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-09-07:

This bug was fixed in the package signon-ui - 0.7-0ubuntu1

---------------
signon-ui (0.7-0ubuntu1) quantal; urgency=low

  * New upstream release.
    - protect webkit from untrusted content, only allow https (LP: #1039084)
  * -debian/patches/unit_tests_only.patch, merged upstream
-- Ken VanDine <email address hidden> Fri, 07 Sep 2012 09:33:56 -0400

Changed in signon-ui (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-09-07:

This bug was fixed in the package account-plugins - 0.7-0ubuntu1

---------------
account-plugins (0.7-0ubuntu1) quantal; urgency=low

  * New upstream release.
    - Updates to work with signon-ui >= 0.7 which requires https (LP: #1039084)
  * -debian/patches/py3.patch
    - merged upstream
-- Ken VanDine <email address hidden> Fri, 07 Sep 2012 09:34:51 -0400

Changed in account-plugins (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntusignon-ui package