Hello community,
here is the log from the commit of package openvas-administrator for openSUSE:Factory checked in at 2013-11-13 09:44:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openvas-administrator (Old)
and /work/SRC/openSUSE:Factory/.openvas-administrator.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvas-administrator"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openvas-administrator/openvas-administrator.changes 2013-11-04 15:42:05.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openvas-administrator.new/openvas-administrator.changes 2013-11-13 09:44:59.000000000 +0100
@@ -1,0 +2,6 @@
+Tue Nov 12 10:53:37 UTC 2013 - johann.luce@wanadoo.fr
+
+- Update in 1.3.2
+ * Security fix for handling the authentication state in OAP.
+
+-------------------------------------------------------------------
Old:
----
openvas-administrator-1.3.1.tar.gz
New:
----
openvas-administrator-1.3.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openvas-administrator.spec ++++++
--- /var/tmp/diff_new_pack.u0UDsM/_old 2013-11-13 09:45:00.000000000 +0100
+++ /var/tmp/diff_new_pack.u0UDsM/_new 2013-11-13 09:45:00.000000000 +0100
@@ -18,7 +18,7 @@
Name: openvas-administrator
-Version: 1.3.1
+Version: 1.3.2
Release: 2.2
License: GPL-2.0+
Group: Productivity/Networking/Security
++++++ openvas-administrator-1.3.1.tar.gz -> openvas-administrator-1.3.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-administrator-1.3.1/CHANGES new/openvas-administrator-1.3.2/CHANGES
--- old/openvas-administrator-1.3.1/CHANGES 2013-10-25 08:44:26.000000000 +0200
+++ new/openvas-administrator-1.3.2/CHANGES 2013-11-08 15:38:36.000000000 +0100
@@ -1,3 +1,28 @@
+openvas-administrator 1.3.2 (2013-11-08)
+
+This is the second maintenance release of the OpenVAS Administrator 1.3, the
+local and remote administrative tool for the Open Vulnerability Assessment
+System release 6 (OpenVAS-6).
+
+This is a security release addressing a very serious security bug and it is highly
+recommended to update any installation of OpenVAS Administrator 1.3 with this
+release.
+
+A software bug in OpenVAS Administrator allowed an attacker to bypass the OAP
+authentication procedure. The attack vector was remotely available in case
+OpenVAS Administrator was listening on a public network interface. In case of
+successful attack, the attacker was able to create and modify users and could
+use the gained privileges to take control over an OpenVAS installation if the
+Scanner and/or Manager instances controlled by this Administrator instance were
+also listening on public network interfaces.
+
+Many thanks to everyone who has contributed to this release:
+Matthew Mundell.
+
+Main changes since 1.3.1:
+* Security fix for handling the authentication state in OAP.
+
+
openvas-administrator 1.3.1 (2013-10-25)
This is the first maintenance release of the OpenVAS Administrator 1.3, the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-administrator-1.3.1/CMakeLists.txt new/openvas-administrator-1.3.2/CMakeLists.txt
--- old/openvas-administrator-1.3.1/CMakeLists.txt 2013-10-20 19:47:13.000000000 +0200
+++ new/openvas-administrator-1.3.2/CMakeLists.txt 2013-11-08 15:38:36.000000000 +0100
@@ -78,7 +78,7 @@
set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "1")
set (CPACK_PACKAGE_VERSION_MINOR "3")
-set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}")
+set (CPACK_PACKAGE_VERSION_PATCH "2${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-administrator-1.3.1/ChangeLog new/openvas-administrator-1.3.2/ChangeLog
--- old/openvas-administrator-1.3.1/ChangeLog 2013-10-25 08:45:54.000000000 +0200
+++ new/openvas-administrator-1.3.2/ChangeLog 2013-11-08 15:38:36.000000000 +0100
@@ -1,3 +1,24 @@
+2013-11-08 Michael Wiegand