[Openstack-devel] Bug#693290: unblock: horizon/2012.1.1-7 (CVE-2012-5474 fix)
Thomas Goirand
zigo at debian.org
Thu Nov 15 08:04:35 UTC 2012
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Horizon had its /etc/openstack-dashboard/local_settings.py
world readable. This file contains passwords, so that isn't
good. My latest upload to SID fixes this.
Please unblock package horizon 2012.1.1-7.
Note that Debian isn't affected by CVE-2012-5476, or by
CVE-2012-5483. I've checked, and the corresponding
configuration files are *not* world readable in Debian.
The security tracker has been updated for this.
Our Folsom packaging, currently in our Git on Alioth only,
isn't affected by any of the above (we rewrote all the
management on a unified library which uses BSD install,
with -m 0640, so we don't have such problems).
Cheers,
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: horizon_2012.1.1-7.debdiff
Type: text/x-diff
Size: 1351 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20121115/aba5a753/attachment.diff>
More information about the Openstack-devel
mailing list