We are closing this bug report because it lacks the information we need
to investigate the problem, as described in the previous comments.
Please reopen it if you can give us the missing information, and don't
hesitate to submit bug reports in the future. To reopen the bug report
you can click on t
I have prepared lp:~racb/ubuntu/oneiric/cobbler/858878_security which
addresses all of Tyler's points (thanks for the review!). Details of
testing to follow.
** Branch linked: lp:~racb/ubuntu/oneiric/cobbler/858878_security
--
You received this bug notification because you are a member of Ubuntu
Hi Robie - Thanks for the oneiric-security branch! I've reviewed the
diff and it looks mostly good. There are a few very minor touch-ups that
will be needed to the changelog:
1) Make the patch attribution style in the changelog match the examples
here:
https://wiki.ubuntu.com/SecurityTeam/UpdatePr
** Branch linked: lp:ubuntu/oneiric-proposed/cobbler
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/858878
Title:
lack of csrf protection in cobbler-web
To manage notifications about this bug go to:
I've prepared an upload for oneiric-security
(lp:~racb/ubuntu/oneiric/cobbler/security_201112) but this still needs
review and testing.
** Branch linked: lp:~racb/ubuntu/oneiric/cobbler/security_201112
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscr
This bug was fixed in the package cobbler - 2.2.2-0ubuntu1, but
evidently got omitted from the changelog entry. I have just verified
that CSRF protection in Precise (2.2.2-0ubuntu6) is working correctly.
Still pending: SRU for Oneiric.
** Changed in: cobbler (Ubuntu Precise)
Status: Triage
Moving milestone to alpha-2, and starting tracking on this since it
missed alpha-1 milestone target.
** Changed in: cobbler (Ubuntu Precise)
Milestone: precise-alpha-1 => precise-alpha-2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
** Branch linked: lp:~racb/ubuntu/oneiric/cobbler/858878_858883
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/858878
Title:
lack of csrf protection in cobbler-web
To manage notifications about this
** Changed in: cobbler (Ubuntu Oneiric)
Assignee: (unassigned) => Robie Basak (racb)
** Changed in: cobbler (Ubuntu Precise)
Assignee: (unassigned) => Robie Basak (racb)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:
** Changed in: cobbler (Ubuntu Precise)
Status: New => Triaged
** Changed in: cobbler (Ubuntu Oneiric)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/858878
Title:
While this is targeted for Precise, it also is going to need to be
backported to Oneiric as this is a security vulnerability.
** Also affects: cobbler (Ubuntu Oneiric)
Importance: High
Status: New
** Also affects: cobbler (Ubuntu Precise)
Importance: Undecided
Status: New
**
** Changed in: cobbler (Ubuntu)
Milestone: None => precise-alpha-1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/858878
Title:
lack of csrf protection in cobbler-web
To manage notifications abo
** Changed in: cobbler (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/858878
Title:
lack of csrf protection in cobbler-web
To manage notifications about thi
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/858878
Title:
lack of csrf protection in cobbler-web
To manage notifications about this bug go to:
https://bugs.launch
14 matches
Mail list logo