eucalyptus (2.0+bzr1241-0ubuntu4.1) maverick-security; urgency=low
* SECURITY UPDATE: An unauthenticated user to the admin web interface,
could reset a user password, without email confirmation. (LP: #675372).
- debian/patches/26-confirm-password-change.patch: Enable email as an
additional stage confirmation, when a password reset request is made.
Patch courtesy of upstream Eucalyptus.
- debian/eucalyptus-cloud.postinst: Remove the server side web ui cache
and restart eucalyptus.
- CVE-2010-3905
Date: Thu, 18 Nov 2010 17:11:48 +0000
Changed-By: Dave Walker (Daviey) <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/maverick/+source/eucalyptus/2.0+bzr1241-0ubuntu4.1
Format: 1.8
Date: Thu, 18 Nov 2010 17:11:48 +0000
Source: eucalyptus
Binary: eucalyptus-common eucalyptus-sc eucalyptus-cloud eucalyptus-walrus
eucalyptus-java-common eucalyptus-cc eucalyptus-nc eucalyptus-gl
uec-component-listener eucalyptus-udeb
Architecture: source
Version: 2.0+bzr1241-0ubuntu4.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Dave Walker (Daviey) <[email protected]>
Description:
eucalyptus-cc - Elastic Utility Computing Architecture - Cluster controller
eucalyptus-cloud - Elastic Utility Computing Architecture - Cloud controller
eucalyptus-common - Elastic Utility Computing Architecture - Common files
eucalyptus-gl - Elastic Utility Computing Architecture - Logging service
eucalyptus-java-common - Elastic Utility Computing Architecture - Common Java
package
eucalyptus-nc - Elastic Utility Computing Architecture - Node controller
eucalyptus-sc - Elastic Utility Computing Architecture - Storage controller
eucalyptus-udeb - Elastic Utility Computing Architecture - installer
integration (udeb)
eucalyptus-walrus - Elastic Utility Computing Architecture - Walrus (S3)
uec-component-listener - Ubuntu Enterprise Cloud - Component listener
Launchpad-Bugs-Fixed: 675372
Changes:
eucalyptus (2.0+bzr1241-0ubuntu4.1) maverick-security; urgency=low
.
* SECURITY UPDATE: An unauthenticated user to the admin web interface,
could reset a user password, without email confirmation. (LP: #675372).
- debian/patches/26-confirm-password-change.patch: Enable email as an
additional stage confirmation, when a password reset request is made.
Patch courtesy of upstream Eucalyptus.
- debian/eucalyptus-cloud.postinst: Remove the server side web ui cache
and restart eucalyptus.
- CVE-2010-3905
Checksums-Sha1:
0a0c2658255b3daa324af37a6e834ef4abd87cc2 3130
eucalyptus_2.0+bzr1241-0ubuntu4.1.dsc
e8cedfdeb110e90022a9bf6db1fa7723456c3668 1089703
eucalyptus_2.0+bzr1241-0ubuntu4.1.debian.tar.gz
Checksums-Sha256:
c0b6e06ebcdd4ed1f141f501ad2bf3377e6cc0c806a48b8186a72768f6831d29 3130
eucalyptus_2.0+bzr1241-0ubuntu4.1.dsc
fff74dce81d258462315c7a9c7b2054a0e12bc36d59fc040170bf5d2f00928c6 1089703
eucalyptus_2.0+bzr1241-0ubuntu4.1.debian.tar.gz
Files:
cc4ffed69d917b9b79a1e55ce4e4cce5 3130 admin extra
eucalyptus_2.0+bzr1241-0ubuntu4.1.dsc
f069164d6b2ca21b88576a3ca0b9c2c4 1089703 admin extra
eucalyptus_2.0+bzr1241-0ubuntu4.1.debian.tar.gz
--
Maverick-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/maverick-changes
