Package: cloud-init
Version: 20.4-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
X-Debbugs-Cc: Debian Security Team
cloud-init has the ability to generate and set a randomized password for
system users. This functionality is enabled at runtime by passing
On Fri, Mar 19, 2021 at 10:29:15AM +0100, Emmanuel Kasper wrote:
> I wanted to add a deprecation notice on the old packer repo at
> https://salsa.debian.org/cloud-team/vagrant-boxes
>
> but it seems you need to have the maintainer role to edit project settings.
Editing group membership requires
cloud-init_20.4.1-2_source.changes uploaded successfully to localhost
along with the files:
cloud-init_20.4.1-2.dsc
cloud-init_20.4.1-2.debian.tar.xz
cloud-init_20.4.1-2_source.buildinfo
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
Processing commands for cont...@bugs.debian.org:
> found 985540 0.7.9-2
Bug #985540 {Done: Noah Meyerhans } [cloud-init] cloud-init
logs sensitive password data to world-readable files
Marked as found in versions cloud-init/0.7.9-2.
> thanks
Stopping processing here.
Please contact me if you
cloud-init_20.2-2~deb10u2_source.changes uploaded successfully to localhost
along with the files:
cloud-init_20.2-2~deb10u2.dsc
cloud-init_20.2-2~deb10u2.debian.tar.xz
cloud-init_20.2-2~deb10u2_source.buildinfo
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 19 Mar 2021 09:18:59 -0700
Source: cloud-init
Architecture: source
Version: 20.4.1-2
Distribution: unstable
Urgency: high
Maintainer: Debian Cloud Team
Changed-By: Noah Meyerhans
Closes: 985540
Changes:
Processing commands for cont...@bugs.debian.org:
> found 985540 20.2-2~deb10u1
Bug #985540 {Done: Noah Meyerhans } [cloud-init] cloud-init
logs sensitive password data to world-readable files
Marked as found in versions cloud-init/20.2-2~deb10u1.
> thanks
Stopping processing here.
Please
Mapping buster to stable.
Mapping stable to proposed-updates.
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 19 Mar 2021 09:43:23 -0700
Source: cloud-init
Architecture: source
Version: 20.2-2~deb10u2
Distribution: buster
Urgency: high
Maintainer: Debian Cloud
Your message dated Fri, 19 Mar 2021 16:48:26 +
with message-id
and subject line Bug#985540: fixed in cloud-init 20.4.1-2
has caused the Debian Bug report #985540,
regarding cloud-init logs sensitive password data to world-readable files
to be marked as done.
This means that you claim that
Your message dated Fri, 19 Mar 2021 23:02:07 +
with message-id
and subject line Bug#985540: fixed in cloud-init 20.2-2~deb10u2
has caused the Debian Bug report #985540,
regarding cloud-init logs sensitive password data to world-readable files
to be marked as done.
This means that you claim
Your message dated Fri, 19 Mar 2021 10:18:57 +0100
with message-id <9a728a1d-0a8d-55f3-bc42-836cfbb49...@libera.cc>
and subject line Re: Bug#983551: 983551: cloud.debian.org: Vagrant/Virtualbox
image testing64 ownership of synced_folders is always root
has caused the Debian Bug report #983551,
On 2/28/21 3:18 PM, Lucas Nussbaum wrote:
Hi,
The Vagrant images for buster64 and contrib-buster64 have just been
updated. The building process now uses the debian-vagrant-images git
repo[1], which is based on FAI and on the debian-cloud-images repository
that is used for cloud images. (There
12 matches
Mail list logo