Mailinglist Archive: opensuse-buildservice (245 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS 1.7.7 and OBS 2.0.7 are fixing security issues
  • From: Dave Plater <davejplater@xxxxxxxxx>
  • Date: Mon, 18 Oct 2010 16:04:59 +0200
  • Message-id: <4CBC540B.2060200@xxxxxxxxx>
On 10/18/2010 02:29 PM, Adrian Schröter wrote:
OBS 1.7.7 and OBS 2.0.7 are fixing security issues
==================================================

The new versions of OBS 1.7 and 2.0 are fixing a security issue,
tracked as CVE-2010-3782, which allowed users independent of
their state to work via the api. The api is blocking now
all users, who are not in state "confirmed".

The user creation is also now dis-allowed, if LDAP or iChain
athentification mode is used.

In addition OBS 2.0.7 is fixing an issue when branching package sources
via project links.

Packages and appliances are available in openSUSE:Tools:2.0 and
openSUSE:Tools:1.7 projects:

http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/
http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/

openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this
issue also.



Does this have anything to do with my inability to access
build.opensuse.org and api.opensuse.org (osc vc etc.)?
Thanks
Dave P
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
References