lp:~racb/ubuntu/oneiric/cobbler/security_201112
- Get this branch:
- bzr branch lp:~racb/ubuntu/oneiric/cobbler/security_201112
Branch merges
Related bugs
Related blueprints
Branch information
- Owner:
- Robie Basak
- Status:
- Development
Recent revisions
- 55. By Robie Basak
-
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
- debian/cobbler. postinst: fix permissions on webui_{ sessions, cache} to
0700 - 54. By Robie Basak
-
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
- debian/cobbler. postinst: create /etc/cobbler/ users.digest as 600 - 53. By Robie Basak
-
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
- debian/patches/ 60_yaml_ safe_load. patch: use yaml.safe_load instead of
yaml.load (taken from upstream). - 52. By Robie Basak
-
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
- debian/patches/ 59_add_ csrf_protection .patch: use Django's built-in
CSRF protection (taken from upstream). - 51. By Robie Basak
-
* SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in
insecure location (LP: #858875)
- debian/patches/ 58_fix_ egg_cache. patch: move PYTHON_EGG_CACHE to
/var/lib/cobbler/ webui_cache (copied from fix to precise). - 50. By Andres Rodriguez
-
* SRU (LP: #899283):
- debian/patches/ 47_ubuntu_ add_oneiric_ codename. patch: Updated to add
'precise' as a importable/supported release. - 47. By Andres Rodriguez
-
debian/
cobbler- common. install: Install missing pxeprofile_ arm.template
and pxesystem_arm.template (LP: #844982). - 46. By Andres Rodriguez
-
debian/
cobbler- web.postinst: Correctly handle creation/validation of
links for the Ubuntu font for cobbler-web. (LP: #840188)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/cobbler