Urgs, I forgot to mention that Jan-Simon Möller from LinuxFoundation found the security problems. Sorry for forgetting this ! bye adrian Am Montag, 18. Oktober 2010, 14:29:31 schrieb Adrian Schröter:
OBS 1.7.7 and OBS 2.0.7 are fixing security issues ==================================================
The new versions of OBS 1.7 and 2.0 are fixing a security issue, tracked as CVE-2010-3782, which allowed users independent of their state to work via the api. The api is blocking now all users, who are not in state "confirmed".
The user creation is also now dis-allowed, if LDAP or iChain athentification mode is used.
In addition OBS 2.0.7 is fixing an issue when branching package sources via project links.
Packages and appliances are available in openSUSE:Tools:2.0 and openSUSE:Tools:1.7 projects:
http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/ http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/
openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this issue also.
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org