Ubuntu
pollinate package

[SRU] ship new public cert

Bug #1483762 reported by Dustin Kirkland 
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pollinate (Ubuntu)
Fix Released
High
Dustin Kirkland 
Trusty
Fix Released
High
Dustin Kirkland 
Vivid
Fix Released
High
Dustin Kirkland 
Wily
Fix Released
High
Dustin Kirkland 

Bug Description

Pollinate ships entropy.ubuntu.com's public certificate for tighter security.

This certificate has been updated and pollinate needs to be updated. The previous certificate is expiring at Thursday, October 15, 2015 at 11:10:53 AM.

[Impact]
Any new 14.04 (Trusty) cloud instance with a down-level version of pollinate will fail to seed their PRNG from entropy.ubuntu.com, after Thursday, October 15, 2015 at 11:10:53 AM.

[Test Case]
Run:
 $ sudo pollinate -r
to reseed your PRNG. If you have the old version of pollinate, you'll get certificate errors (See Comment #1), and it will exit non-zero. If you have the new version (already uploaded to ppa:pollinate/ppa, utopic, trusty-proposed), it will work again and exit zero (see Comment #2).

[Regression Potential]
Negligible. A single file is updated with a new public SSL certificate for https://entropy.ubuntu.com, in /etc/pollinate/entropy.ubuntu.com.pem

See original description
Dustin Kirkland  (kirkland)
description: updated
Changed in pollinate (Ubuntu):
importance: Undecided → High
status: New → In Progress
Changed in pollinate (Ubuntu Trusty):
status: New → In Progress
Changed in pollinate (Ubuntu Vivid):
status: New → In Progress
Changed in pollinate (Ubuntu Trusty):
importance: Undecided → High
Changed in pollinate (Ubuntu Vivid):
importance: Undecided → High
Changed in pollinate (Ubuntu Trusty):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Vivid):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Wily):
assignee: nobody → Dustin Kirkland  (kirkland)
Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Wily):
status: In Progress → Fix Committed
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Attaching a patch for trusty.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Attaching a patch for vivid.

Changed in pollinate (Ubuntu Wily):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pollinate - 4.7-0ubuntu1.3

---------------
pollinate (4.7-0ubuntu1.3) trusty-security; urgency=medium

  * entropy.ubuntu.com.pem: LP: #1483762
    - entropy.ubuntu.com SSL is coming up for renewal on 2015-09-15
    - update the certs for the pollinate package
    - Note that this changes the issuing CA to DigiCert, which requires
      a new intermediary.

 -- Dustin Kirkland <email address hidden> Tue, 11 Aug 2015 15:37:26 -0500

Changed in pollinate (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I overlooked a missing bug number for the cert update in the vivid changelog. Sorry.

Changed in pollinate (Ubuntu Vivid):
status: In Progress → Fix Released
Mathew Hodson (mhodson)
information type: Public → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.