Viewing all changes in revision 51.
- Committer: Andres Rodriguez
- Date: 2011-12-09 17:39:33 UTC
- mfrom: (50.1.5 trunk)
- Revision ID: andreserl@ubuntu.com-20111209173933-6mel1k0noqjd1vad
* SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in insecure
location (LP: #858875)
- debian/patches/58_fix_egg_cache.patch: move PYTHON_EGG_CACHE to
/var/lib/cobbler/webui_cache (copied from fix to precise).
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
- debian/patches/59_add_csrf_protection.patch: use Django's built-in
CSRF protection (taken from upstream).
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
- debian/patches/60_yaml_safe_load.patch: use yaml.safe_load instead of
yaml.load (taken from upstream).
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
- debian/cobbler.postinst: create /etc/cobbler/users.digest as 600
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
- debian/cobbler.postinst: fix permissions on webui_{sessions,cache} to
0700
location (LP: #858875)
- debian/patches/58_fix_egg_cache.patch: move PYTHON_EGG_CACHE to
/var/lib/cobbler/webui_cache (copied from fix to precise).
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
- debian/patches/59_add_csrf_protection.patch: use Django's built-in
CSRF protection (taken from upstream).
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
- debian/patches/60_yaml_safe_load.patch: use yaml.safe_load instead of
yaml.load (taken from upstream).
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
- debian/cobbler.postinst: create /etc/cobbler/users.digest as 600
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
- debian/cobbler.postinst: fix permissions on webui_{sessions,cache} to
0700
- files added:
- .pc/58_fix_egg_cache.patch
- .pc/58_fix_egg_cache.patch/web
- .pc/59_add_csrf_protection.patch
- .pc/59_add_csrf_protection.patch/web
- .pc/59_add_csrf_protection.patch/web/cobbler_web
- .pc/59_add_csrf_protection.patch/web/cobbler_web/templates
- .pc/60_yaml_safe_load.patch
- .pc/60_yaml_safe_load.patch/cobbler
- .pc/60_yaml_safe_load.patch/cobbler/modules
- .pc/60_yaml_safe_load.patch/scripts
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
