Website on Ubuntu Packages invalid, leads to malware

Asked by Nikolas Reist on 2018-11-27

The External Resources website for the G15 packages leads to (in Chrome) a false extension install popup and what looks like a malicious site.

http://www.g15tools.com/

If the site has moved or changed this should probably be updated.

Thanks,

Question information

Manfred Hampl (m-hampl) said : #1

Where do you see this link?

Nikolas Reist (zeroability) said : #2

Here's an example:

https://packages.ubuntu.com/bionic/g15composer

It appears to be any if the components for g15 and probably for all
releases.

Thank you,

On Tue, Nov 27, 2018, 13:03 Manfred Hampl <
<email address hidden> wrote:

> Your question #676398 on libg15 in Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/libg15/+question/676398
>
> Status: Open => Needs information
>
> Manfred Hampl requested more information:
> Where do you see this link?
>
> --
> To answer this request for more information, you can either reply to
> this email or enter your reply at the following page:
> https://answers.launchpad.net/ubuntu/+source/libg15/+question/676398
>
> You received this question notification because you asked the question.
>

Manfred Hampl (m-hampl) said : #3

Ok, tried verifying and this is what I conclude:

The "controls" file for most Ubuntu packages contains a reference
Homepage: http://www.url_of_the_homepage.com/
The value of this field is also displayed on the package pages on packages.ubuntu.com (and that probably is where you saw it).

Waybackmachine shows that the g15tools.com was the home page of the G15 tools (providing details about the software and a forum), but this web presence seems to have ended about 5 years ago. This page was then probably taken over by somebody who now has modified it that it redirects to malicious pages.

It seems that the G15 packages have not been modified for years.
The latest activity on https://sourceforge.net/projects/g15tools/ was three years ago.

It seems to me that it is advisable to remove the link to the outdated homepage from the packages.ubuntu.com pages and from inside the control files.

I suggest that you create a bug report about this issue. File it against the source packages
g15composer
g15daemon
g15macro
g15mpd
g15stats
libg15
libg15render
and mark it as a security bug.
A similar bug should probably also be created for the same packages on Debian.

Nikolas Reist (zeroability) said : #4

Is there a way to convert this to a bug or are you asking me to file it? I
stumbled on this as a new contributor and the deps made reference to this.
I'm not really involved with Debian bug tracking either. I certainly could
file to both trackers.

Thank you,

Nik Reist

On Tue, Nov 27, 2018, 14:23 Manfred Hampl <
<email address hidden> wrote:

> Your question #676398 on libg15 in Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/libg15/+question/676398
>
> Status: Open => Answered
>
> Manfred Hampl proposed the following answer:
> Ok, tried verifying and this is what I conclude:
>
> The "controls" file for most Ubuntu packages contains a reference
> Homepage: http://www.url_of_the_homepage.com/
> The value of this field is also displayed on the package pages on
> packages.ubuntu.com (and that probably is where you saw it).
>
> Waybackmachine shows that the g15tools.com was the home page of the G15
> tools (providing details about the software and a forum), but this web
> presence seems to have ended about 5 years ago. This page was then
> probably taken over by somebody who now has modified it that it
> redirects to malicious pages.
>
> It seems that the G15 packages have not been modified for years.
> The latest activity on https://sourceforge.net/projects/g15tools/ was
> three years ago.
>
> It seems to me that it is advisable to remove the link to the outdated
> homepage from the packages.ubuntu.com pages and from inside the control
> files.
>
> I suggest that you create a bug report about this issue. File it against
> the source packages
> g15composer
> g15daemon
> g15macro
> g15mpd
> g15stats
> libg15
> libg15render
> and mark it as a security bug.
> A similar bug should probably also be created for the same packages on
> Debian.
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
>
> https://answers.launchpad.net/ubuntu/+source/libg15/+question/676398/+confirm?answer_id=2
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.launchpad.net/ubuntu/+source/libg15/+question/676398
>
> You received this question notification because you asked the question.
>

Manfred Hampl (m-hampl) said : #5

There is a "create bug report" button on your question page https://answers.launchpad.net/ubuntu/+source/libg15/+question/676398 to create a bug report based on that question document.

Nikolas Reist (zeroability) said : #6

Bug created, needs confirmed.

Can you help with this problem?

Provide an answer of your own, or ask Nikolas Reist for more information if necessary.

To post a message you must log in.