This does not constitute an emergency update and as such it should follow any other criteria for OTA. It is marked Critical, so it seems a candidate, but it shouldn't be rushed (ie, it should follow landing procedures, QA signoff, etc). I think if the timing is ok with the release team, targeting OTA-4 is fine, but if it isn't, OTA-5 is ok.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to content-hub in Ubuntu. https://bugs.launchpad.net/bugs/1456628 Title: DBUS API doesn't prevent confined apps from passing paths to files without access Status in the base for Ubuntu mobile products: Confirmed Status in content-hub package in Ubuntu: Fix Released Status in content-hub source package in Vivid: Fix Released Bug description: The DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1456628/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
