oss-sec mailing list archives
CVE Request: cobbler (Ubuntu-specific)
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 10 Apr 2012 10:29:15 -0400
Could we please get a CVE assigned to the following issue?: A Ubuntu-specific script called "cobbler-ubuntu-import" in the Ubuntu cobbler package downloads isos from a mirror, and checks them against MD5SUMS, but does not verify the validity of that MD5SUMS file itself against the MD5SUMS.gpg. This was fixed in version 2.2.2-0ubuntu32 of the package. Bug: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/974460 Commit: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/cobbler/precise/revision/98 Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE Request: cobbler (Ubuntu-specific) Marc Deslauriers (Apr 10)
- Re: CVE Request: cobbler (Ubuntu-specific) Kurt Seifried (Apr 10)