oss-sec mailing list archives

CVE Request: cobbler (Ubuntu-specific)

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 10 Apr 2012 10:29:15 -0400

Could we please get a CVE assigned to the following issue?:

A Ubuntu-specific script called "cobbler-ubuntu-import" in the Ubuntu
cobbler package downloads isos from a mirror, and checks them against
MD5SUMS, but does not verify the validity of that MD5SUMS file itself
against the MD5SUMS.gpg. This was fixed in version 2.2.2-0ubuntu32 of
the package.

Bug:
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/974460

Commit:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/cobbler/precise/revision/98

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Current thread:

CVE Request: cobbler (Ubuntu-specific) Marc Deslauriers (Apr 10)
- Re: CVE Request: cobbler (Ubuntu-specific) Kurt Seifried (Apr 10)