On 10/18/2010 02:29 PM, Adrian Schröter wrote:
OBS 1.7.7 and OBS 2.0.7 are fixing security issues ==================================================
The new versions of OBS 1.7 and 2.0 are fixing a security issue, tracked as CVE-2010-3782, which allowed users independent of their state to work via the api. The api is blocking now all users, who are not in state "confirmed".
The user creation is also now dis-allowed, if LDAP or iChain athentification mode is used.
In addition OBS 2.0.7 is fixing an issue when branching package sources via project links.
Packages and appliances are available in openSUSE:Tools:2.0 and openSUSE:Tools:1.7 projects:
http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/ http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/
openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this issue also.
Does this have anything to do with my inability to access build.opensuse.org and api.opensuse.org (osc vc etc.)? Thanks Dave P -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org