Ubuntu
installation-guide package

Online Installation Guide contains link to page with pornography

Bug #415108 reported by Connor Imes
268
This bug affects 1 person
Affects Status Importance Assigned to Milestone
installation-guide (Ubuntu)
Fix Released
High
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Hardy
Won't Fix
Undecided
Unassigned
Intrepid
Won't Fix
Undecided
Unassigned
Jaunty
Won't Fix
Undecided
Unassigned
ubuntu-docs (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned
Jaunty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: ubuntu-docs

Per https://lists.ubuntu.com/archives/ubuntu-doc/2009-August/013541.html

The page https://help.ubuntu.com/9.04/installation-guide/i386/what-is-linux.html has a link to kerneltraffic.org which possibly has been hacked as there is pornography displayed on the page. All Ubuntu versions listings are affected on the h.u.c website (i.e. 8.04/, 8.10/, 9.04/).

Links to: http://www.kerneltraffic.org/kernel-traffic/index.html

I could find no reference to this link in the system docs, only in the html files in the "lp:~ubuntu-core-doc/ubuntu-docs/help.ubuntu.com" branch. I'm sorry that I don't know how to provide patches for this since I can't find the reference in the system docs.

I am marking this bug as a security vulnerability as the website in question may contain malicious code; bug should be private. Please be cautious of viewing without adequate protection (disable cookies, block javascripts, etc). However, material does not show if javascript is disabled.

Connor Imes (ckimes)
Changed in ubuntu-docs (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Jamie Strandboge (jdstrand)
visibility: private → public
Revision history for this message
Dougie Richardson (dougierichardson) wrote :

This file isn't part of our branch, it's in installation-guide.

affects: ubuntu-docs (Ubuntu) → installation-guide (Ubuntu)
Revision history for this message
Connor Imes (ckimes) wrote :

Thanks Dougie, that explains why I couldn't find it. A bit confusing since we have an installation-guide section in our serverguide. Sorry for the confusion.

Revision history for this message
Matthew East (mdke) wrote :

I think the correct url to use might be http://kerneltraffic.osmirror.nl/ - but that page indicates that the project is not being updated so it is probably safer to remove the link entirely.

Revision history for this message
Matthew East (mdke) wrote :

Here is a patch on the bzr branch at ~ubuntu-core-dev/installation-guide/ubuntu/.

I haven't updated the translations and probably it's a patch that is best applied upstream if the bug exists there.

Revision history for this message
Matthew East (mdke) wrote :

I've pushed an update to help.ubuntu.com to remove the link using the patch in comment 4. That takes care of the website.

The fix should also be implemented in the installation-guide package.

Changed in ubuntu-docs (Ubuntu):
status: New → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote :

Attached is a debdiff that will resolve the issue in the karmic version of installation-guide.

Changed in installation-guide (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package installation-guide - 20081208ubuntu5

---------------
installation-guide (20081208ubuntu5) karmic; urgency=low

  * Remove link to kerneltraffic.org since it no longer contains any
    linux kernel information (LP: #415108)

 -- Brian Murray <email address hidden> Fri, 28 Aug 2009 10:42:59 -0700

Changed in installation-guide (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Matthew East (mdke) wrote :

Ouch, I wasn't aware Ubuntu was open targets on all distributions for both ubuntu-docs and installation-guide. I meant just to open targets on installation-guide.

Changed in ubuntu-docs (Ubuntu Dapper):
status: New → Fix Released
Changed in ubuntu-docs (Ubuntu Hardy):
status: New → Fix Released
Changed in ubuntu-docs (Ubuntu Intrepid):
status: New → Fix Released
Changed in ubuntu-docs (Ubuntu Jaunty):
status: New → Fix Released
Revision history for this message
Matthew East (mdke) wrote :

I spoke to Colin Watson on irc and he considers that this bug doesn't warrant an SRU to fix the package in other versions. So I'm rejecting those bug tasks and the bug can be regarded as fixed.

Changed in installation-guide (Ubuntu Dapper):
status: New → Won't Fix
Changed in installation-guide (Ubuntu Hardy):
status: New → Won't Fix
Changed in installation-guide (Ubuntu Intrepid):
status: New → Won't Fix
Changed in installation-guide (Ubuntu Jaunty):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.