Mailinglist Archive: opensuse-buildservice (245 mails)

< Previous Next >
[opensuse-buildservice] OBS 1.7.7 and OBS 2.0.7 are fixing security issues
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Mon, 18 Oct 2010 14:29:31 +0200
  • Message-id: <201010181429.31497.adrian@xxxxxxx>

OBS 1.7.7 and OBS 2.0.7 are fixing security issues
==================================================

The new versions of OBS 1.7 and 2.0 are fixing a security issue,
tracked as CVE-2010-3782, which allowed users independent of
their state to work via the api. The api is blocking now
all users, who are not in state "confirmed".

The user creation is also now dis-allowed, if LDAP or iChain
athentification mode is used.

In addition OBS 2.0.7 is fixing an issue when branching package sources
via project links.

Packages and appliances are available in openSUSE:Tools:2.0 and
openSUSE:Tools:1.7 projects:

http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/
http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/

openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this
issue also.


--
Adrian Schroeter
SUSE Linux Products GmbH
email: adrian@xxxxxxx
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >