/var/lib/cobbler/webui_sessions has insecure permissions

Bug #863755 reported by Clint Byrum
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cobbler (Ubuntu)
Clint Byrum

Bug Description

This directory, owned by cobbler-web, Should not be world readable, but is.

Related branches

Changed in cobbler (Ubuntu):
assignee: nobody → Clint Byrum (clint-fewbar)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cobbler - 2.2.2-0ubuntu1

cobbler (2.2.2-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream release:
    + Use dh_python2 everywhere.
    + Folded debian/patches/49_ubuntu_add_arm_arch_support.patch
      and debian/patches/56_ubuntu_arm_generate_pxe_files.patch
      into one patch for easier upstreaming.
    + Dropped debian/patches/50_fix_cobbler_timezone.patch:
      Fix upstream.
    + Dropped debian/patches/47_ubuntu_add_oneiric_codename.patch
      in favor of debian/patches/47_ubuntu_add_codenames.patch:
      It adds "precise" and drops unsupported releases as well.
    + Dropped debian/patches/41_update_tree_path_with_arch.patch:
      No longer needed.
    + Dropped debian/patches/55_ubuntu_branding.patch: Will be moved
      to orchestra

   [Clint Byrum]
   * debian/cobbler.postinst: create users.digest mode 0600 so it
     is not world readable. (LP: #858860)
   * debian/control: cobbler needs to depend on python-cobbler
     (LP: #863738)
   * debian/patches/58_fix_egg_cache.patch: Do not point dangerous
     PYTHON_EGG_CACHE at world writable directory. (LP: #858875)
   * debian/cobbler-common.install: remove users.digest as it is
     not required and contains a known password that would leave
     cobblerd vulnerable if started before configuration is done
   * debian/cobbler-web.postinst: fix perms on webui_sessions to
     be more secure (LP: #863755)

   [Robie Basak]
   * Backport safe YAML load from upstream. (LP: #858883)
 -- Chuck Short <email address hidden> Tue, 15 Nov 2011 12:35:40 -0500

Changed in cobbler (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers