← Back to branch summary

~andreserl/+junk/cobbler

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Andres Rodriguez
  • Date: 2011-12-09 19:21:57 UTC
  • Revision ID: andreserl@ubuntu.com-20111209192157-rul6dqkyaog2f3i5
Reverted changes back to rev50

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/changelog
1
 
cobbler (2.1.0+git20110602-0ubuntu26.2) oneiric-security; urgency=low
2
 
 
3
 
  * SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in insecure
4
 
    location (LP: #858875)
5
 
    - debian/patches/58_fix_egg_cache.patch: move PYTHON_EGG_CACHE to
6
 
      /var/lib/cobbler/webui_cache (copied from fix to precise).
7
 
  * SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
8
 
    - debian/patches/59_add_csrf_protection.patch: use Django's built-in
9
 
      CSRF protection (taken from upstream).
10
 
  * SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
11
 
    - debian/patches/60_yaml_safe_load.patch: use yaml.safe_load instead of
12
 
      yaml.load (taken from upstream).
13
 
  * SECURITY UPDATE: users.digest file is world readable (LP: #858860)
14
 
    - debian/cobbler.postinst: create /etc/cobbler/users.digest as 600
15
 
  * SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
16
 
    - debian/cobbler.postinst: fix permissions on webui_{sessions,cache} to
17
 
      0700
18
 
 
19
 
 -- Robie Basak <robie.basak@ubuntu.com>  Thu, 08 Dec 2011 11:51:48 +0000
20
 
 
21
1
cobbler (2.1.0+git20110602-0ubuntu26.1) oneiric-proposed; urgency=low
22
2
 
23
3
  * SRU (LP: #899283):