lp:~racb/ubuntu/oneiric/cobbler/858878_security
- Get this branch:
- bzr branch lp:~racb/ubuntu/oneiric/cobbler/858878_security
Branch merges
Related bugs
Related blueprints
Branch information
- Owner:
- Robie Basak
- Status:
- Development
Recent revisions
- 58. By Robie Basak
-
debian/
cobbler- common. install: do not install /etc/cobbler/ users.digest.
This is created with the correct permissions by cobbler.postinst. Based
on fix to precise. - 57. By Robie Basak
-
debian/
cobbler. preinst: set /etc/cobbler/ users.digest to 600 if upgrading
from a vulnerable version. Based on fix in precise. - 55. By Robie Basak
-
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
- debian/cobbler. postinst: fix permissions on webui_{ sessions, cache} to
0700 - 54. By Robie Basak
-
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
- debian/cobbler. postinst: create /etc/cobbler/ users.digest as 600 - 53. By Robie Basak
-
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
- debian/patches/ 60_yaml_ safe_load. patch: use yaml.safe_load instead of
yaml.load (taken from upstream). - 52. By Robie Basak
-
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
- debian/patches/ 59_add_ csrf_protection .patch: use Django's built-in
CSRF protection (taken from upstream). - 51. By Robie Basak
-
* SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in
insecure location (LP: #858875)
- debian/patches/ 58_fix_ egg_cache. patch: move PYTHON_EGG_CACHE to
/var/lib/cobbler/ webui_cache (copied from fix to precise). - 50. By Andres Rodriguez
-
* SRU (LP: #899283):
- debian/patches/ 47_ubuntu_ add_oneiric_ codename. patch: Updated to add
'precise' as a importable/supported release.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/cobbler