Viewing all changes in revision 51.
- Committer: Package Import Robot
- Date: 2011-09-30 08:50:31 UTC
- Revision ID: package-import@ubuntu.com-20110930085031-h9a809hxhs5aj66o
* SECURITY UPDATE: k5login can overwrite arbitrary files as root
- debian/patches/CVE-2011-3869.patch: adjust type/k5login.rb to securely
open the file before writing to it as root
- CVE-2011-3869
* SECURITY UPDATE: didn't drop privileges before creating and changing
permissions on SSH keys
- debian/patches/CVE-2011-3870.patch: adjust ssh_authorized_key/parsed.rb
to drop privileges before creating the ssh directory and setting
permissions
- CVE-2011-3870
* SECURITY UPDATE: fix predictable temporary filename in ralsh
- debian/patches/CVE-2011-3871.patch: adjust application/resource.rb to
use an unpredictable filename
- CVE-2011-3871
* SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848
- secure-indirector-file-backed-terminus-base-cla.patch: Since the
indirector file backed terminus base class is only used by the test
suite, remove it and update test cases to use a continuing class.
- debian/patches/CVE-2011-3869.patch: adjust type/k5login.rb to securely
open the file before writing to it as root
- CVE-2011-3869
* SECURITY UPDATE: didn't drop privileges before creating and changing
permissions on SSH keys
- debian/patches/CVE-2011-3870.patch: adjust ssh_authorized_key/parsed.rb
to drop privileges before creating the ssh directory and setting
permissions
- CVE-2011-3870
* SECURITY UPDATE: fix predictable temporary filename in ralsh
- debian/patches/CVE-2011-3871.patch: adjust application/resource.rb to
use an unpredictable filename
- CVE-2011-3871
* SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848
- secure-indirector-file-backed-terminus-base-cla.patch: Since the
indirector file backed terminus base class is only used by the test
suite, remove it and update test cases to use a continuing class.
- files added:
- .pc/CVE-2011-3869.patch
- .pc/CVE-2011-3869.patch/lib
- .pc/CVE-2011-3869.patch/lib/puppet
- .pc/CVE-2011-3869.patch/lib/puppet/type
- .pc/CVE-2011-3870.patch
- .pc/CVE-2011-3870.patch/lib
- .pc/CVE-2011-3870.patch/lib/puppet
- .pc/CVE-2011-3870.patch/lib/puppet/provider
- .pc/CVE-2011-3870.patch/lib/puppet/provider/ssh_authorized_key
- .pc/CVE-2011-3870.patch/spec
- .pc/CVE-2011-3870.patch/spec/unit
- .pc/CVE-2011-3870.patch/spec/unit/provider
- .pc/CVE-2011-3870.patch/spec/unit/provider/ssh_authorized_key
- .pc/CVE-2011-3871.patch
- .pc/CVE-2011-3871.patch/lib
- .pc/CVE-2011-3871.patch/lib/puppet
- .pc/CVE-2011-3871.patch/lib/puppet/application
- .pc/secure-indirector-file-backed-terminus-base-cla.patch
- .pc/secure-indirector-file-backed-terminus-base-cla.patch/lib
- .pc/secure-indirector-file-backed-terminus-base-cla.patch/lib/puppet
- .pc/secure-indirector-file-backed-terminus-base-cla.patch/lib/puppet/indirector
- .pc/secure-indirector-file-backed-terminus-base-cla.patch/spec
- .pc/secure-indirector-file-backed-terminus-base-cla.patch/spec/unit
- .pc/secure-indirector-file-backed-terminus-base-cla.patch/spec/unit/indirector
- files removed:
- lib/puppet/indirector/file.rb
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
