edubuntu-bugs team mailing list archive

[Andreas Schildbach <launchpad.net@xxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

If I try, I get this GIMP message:

  Opening 'https://[...]' failed:

  Could not load 'https://[...]': Failed to open file 'https://[...]':
open() failed: No such file or directory

Most of the time, I can manually edit the URL to read http://[...] and I
can open the document as expected.

The bug is a security vulnerability because it forces users to use
unsecure communication.

$ lsb_release -rd
Description:	Ubuntu 16.04.1 LTS
Release:	16.04

$ apt-cache policy gimp
gimp:
  Installed: 2.8.16-1ubuntu1.1
  Candidate: 2.8.16-1ubuntu1.1
  Version table:
 *** 2.8.16-1ubuntu1.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu xenial-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     2.8.16-1ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages

** Affects: gimp (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1649428

Title:
  Cannot open file from https location (URL)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1649428/+subscriptions