[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
This bug was fixed in the package cobbler - 2.2.2-0ubuntu1 --- cobbler (2.2.2-0ubuntu1) precise; urgency=low [Chuck Short] * New upstream release: + Use dh_python2 everywhere. + Folded debian/patches/49_ubuntu_add_arm_arch_support.patch and debian/patches/56_ubuntu_arm_generate_pxe_files.patch into one patch for easier upstreaming. + Dropped debian/patches/50_fix_cobbler_timezone.patch: Fix upstream. + Dropped debian/patches/47_ubuntu_add_oneiric_codename.patch in favor of debian/patches/47_ubuntu_add_codenames.patch: It adds "precise" and drops unsupported releases as well. + Dropped debian/patches/41_update_tree_path_with_arch.patch: No longer needed. + Dropped debian/patches/55_ubuntu_branding.patch: Will be moved to orchestra [Clint Byrum] * debian/cobbler.postinst: create users.digest mode 0600 so it is not world readable. (LP: #858860) * debian/control: cobbler needs to depend on python-cobbler (LP: #863738) * debian/patches/58_fix_egg_cache.patch: Do not point dangerous PYTHON_EGG_CACHE at world writable directory. (LP: #858875) * debian/cobbler-common.install: remove users.digest as it is not required and contains a known password that would leave cobblerd vulnerable if started before configuration is done * debian/cobbler-web.postinst: fix perms on webui_sessions to be more secure (LP: #863755) [Robie Basak] * Backport safe YAML load from upstream. (LP: #858883) -- Chuck ShortTue, 15 Nov 2011 12:35:40 -0500 ** Changed in: cobbler (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
** Branch linked: lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
Confirmed, simple fix forthcoming.. just need to create the file 600 instead of relying on the default umask. ** Changed in: cobbler (Ubuntu) Status: New => In Progress ** Changed in: cobbler (Ubuntu) Assignee: (unassigned) => Clint Byrum (clint-fewbar) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
** Changed in: cobbler (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs