Date: Tue, 10 Apr 2012 10:29:15 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: coley@...us.mitre.org Cc: oss-security@...ts.openwall.com, security@...ntu.com Subject: CVE Request: cobbler (Ubuntu-specific) Could we please get a CVE assigned to the following issue?: A Ubuntu-specific script called "cobbler-ubuntu-import" in the Ubuntu cobbler package downloads isos from a mirror, and checks them against MD5SUMS, but does not verify the validity of that MD5SUMS file itself against the MD5SUMS.gpg. This was fixed in version 2.2.2-0ubuntu32 of the package. Bug: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/974460 Commit: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/cobbler/precise/revision/98 Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.