oss-sec mailing list archives
Re: CVE Request: cobbler (Ubuntu-specific)
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 10 Apr 2012 13:27:24 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/10/2012 08:29 AM, Marc Deslauriers wrote:
Could we please get a CVE assigned to the following issue?: A Ubuntu-specific script called "cobbler-ubuntu-import" in the Ubuntu cobbler package downloads isos from a mirror, and checks them against MD5SUMS, but does not verify the validity of that MD5SUMS file itself against the MD5SUMS.gpg. This was fixed in version 2.2.2-0ubuntu32 of the package. Bug: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/974460 Commit: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/cobbler/precise/revision/98 Thanks, Marc.
Please use CVE-2012-2092 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPhImcAAoJEBYNRVNeJnmT6igP/2c9cgMx9AqAig2Ls3eII/5K hF7xOh1XdEDMW3Hy2ZzH3EwkH4YSXZAdOLjckWUcf4J5eP2CjaUdHMOm1u46ejwC jmUj40W8VYubPZmJbrzE4uSy2hL7K67Vk8jF0BEVDWkzcPV6oeqzjE81Ab3mPklf U0nyFF8KAEzhIuLOrvh5fUM33Wd57CRlnSaNlD+MV+z8NB61EReSHesT6IsdKN9S WO7hferjRX+kdVlRuhkNY3Yua5jReEGkQt4iVoM07I9mGkTjcuU7/emV/RtSKsx5 AewOxuZ2ez/MADJ3g7679/7hn/7oeG7GEd2Y7f7oAnQJ0/vG2k5T1OGcTpbiiQld XVKE+a1h7xYKHpUd5YyJivCJXO0UqU+ZD4Uqp0Mpvuapy6UHiPSKk4Uwxnu3DL5E XG5VPenv8sgKbRsS8b5eUz/mgoOvDKYCeGJ4mDYF7ZbPND2gBpz2gFF/s5/J+AJC qK1gAMsMu6TPwp4k7kVwVM7LkQ2B1YIMIeOrRvdvCNbg1u2+O9IYR12MGEfQbsSJ qdyTHagVY48ue5wEpOPXy1rDpd9JAtD0Rz+drfpkR0dP7SRwfLS9jxuoulqw+G57 BT81Sy9pGOg7OUI3MIZDtK6vTgFb+bUn27MoS249NNJvylZgFXpCtwHDctQH0wvt sjgJhJObRbYRzjQ5wcIA =eKfp -----END PGP SIGNATURE-----
Current thread:
- CVE Request: cobbler (Ubuntu-specific) Marc Deslauriers (Apr 10)
- Re: CVE Request: cobbler (Ubuntu-specific) Kurt Seifried (Apr 10)