OBS 1.7.7 and OBS 2.0.7 are fixing security issues ================================================== The new versions of OBS 1.7 and 2.0 are fixing a security issue, tracked as CVE-2010-3782, which allowed users independent of their state to work via the api. The api is blocking now all users, who are not in state "confirmed". The user creation is also now dis-allowed, if LDAP or iChain athentification mode is used. In addition OBS 2.0.7 is fixing an issue when branching package sources via project links. Packages and appliances are available in openSUSE:Tools:2.0 and openSUSE:Tools:1.7 projects: http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/ http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/ openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this issue also. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org