oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: cobbler (Ubuntu-specific)

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 10 Apr 2012 13:27:24 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/10/2012 08:29 AM, Marc Deslauriers wrote:

Could we please get a CVE assigned to the following issue?:

A Ubuntu-specific script called "cobbler-ubuntu-import" in the
Ubuntu cobbler package downloads isos from a mirror, and checks
them against MD5SUMS, but does not verify the validity of that
MD5SUMS file itself against the MD5SUMS.gpg. This was fixed in
version 2.2.2-0ubuntu32 of the package.

Bug: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/974460

Commit: 
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/cobbler/precise/revision/98

 Thanks,

Marc.


Please use CVE-2012-2092 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPhImcAAoJEBYNRVNeJnmT6igP/2c9cgMx9AqAig2Ls3eII/5K
hF7xOh1XdEDMW3Hy2ZzH3EwkH4YSXZAdOLjckWUcf4J5eP2CjaUdHMOm1u46ejwC
jmUj40W8VYubPZmJbrzE4uSy2hL7K67Vk8jF0BEVDWkzcPV6oeqzjE81Ab3mPklf
U0nyFF8KAEzhIuLOrvh5fUM33Wd57CRlnSaNlD+MV+z8NB61EReSHesT6IsdKN9S
WO7hferjRX+kdVlRuhkNY3Yua5jReEGkQt4iVoM07I9mGkTjcuU7/emV/RtSKsx5
AewOxuZ2ez/MADJ3g7679/7hn/7oeG7GEd2Y7f7oAnQJ0/vG2k5T1OGcTpbiiQld
XVKE+a1h7xYKHpUd5YyJivCJXO0UqU+ZD4Uqp0Mpvuapy6UHiPSKk4Uwxnu3DL5E
XG5VPenv8sgKbRsS8b5eUz/mgoOvDKYCeGJ4mDYF7ZbPND2gBpz2gFF/s5/J+AJC
qK1gAMsMu6TPwp4k7kVwVM7LkQ2B1YIMIeOrRvdvCNbg1u2+O9IYR12MGEfQbsSJ
qdyTHagVY48ue5wEpOPXy1rDpd9JAtD0Rz+drfpkR0dP7SRwfLS9jxuoulqw+G57
BT81Sy9pGOg7OUI3MIZDtK6vTgFb+bUn27MoS249NNJvylZgFXpCtwHDctQH0wvt
sjgJhJObRbYRzjQ5wcIA
=eKfp
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: