** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to content-hub in Ubuntu. https://bugs.launchpad.net/bugs/1456628
Title: DBUS API doesn't prevent confined apps from passing paths to files without access Status in content-hub package in Ubuntu: Fix Released Status in content-hub source package in Vivid: New Bug description: The DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
