-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 22 Nov 2020 20:33:22 +0100 Source: python-rtslib-fb Architecture: source Version: 2.1.71-3 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 972227 Changes: python-rtslib-fb (2.1.71-3) unstable; urgency=medium . * CVE-2020-14019: Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. In Debian, this file is /etc/rtslib-fb-target/saveconfig.json. Add commits from https://github.com/open-iscsi/rtslib-fb/pull/162/commits to fix this. (Closes: #972227). * Fixed rtslib-fb-targetctl systemd .service installation. Checksums-Sha1: 7e8874ad5cf2c8aea583b55b2195e71520c48d37 2161 python-rtslib-fb_2.1.71-3.dsc 19f64cc479b989f9ae47fccc1a54e19d0391d790 6880 python-rtslib-fb_2.1.71-3.debian.tar.xz 1131b655c63d7aac0f6b2536a4e2530d7ebbfee7 6873 python-rtslib-fb_2.1.71-3_amd64.buildinfo Checksums-Sha256: 6ac1b990f36a79334a575bf2db4d39a06cfeccfbe5901324b2003bb2014f3b1b 2161 python-rtslib-fb_2.1.71-3.dsc c0e385016e2fe5e22a4ed72a17e107f4e39268d99efa52b6cd29ac7358c85126 6880 python-rtslib-fb_2.1.71-3.debian.tar.xz 1fa412e0b8fe8356e0b2b80d4cb4d7668c5a5238849bec5e849caa12d48d1f93 6873 python-rtslib-fb_2.1.71-3_amd64.buildinfo Files: cb3f38ed116df0729d1b39a2c94a6c4f 2161 python optional python-rtslib-fb_2.1.71-3.dsc 4996a20318c76f0d118a525e90444b4e 6880 python optional python-rtslib-fb_2.1.71-3.debian.tar.xz 52e9cbd4e86a2dd0f33e626f31efbefb 6873 python optional python-rtslib-fb_2.1.71-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl+6xfsACgkQ1BatFaxr Q/7A5A/9GGhjYg1Lo1Xl+LzDuzZ23MaK0PiR1oB1n1PA46U05j8UUDD5x8olQ0/t 0yReHdocRqCDtqdQcvW3k46gq/8JXaVvmrwIUzQl1+3EgNi3bxew9ej7pbgZT2ma V05T5Npy19RfFaDykspjfNGxfybh2L65nrJotTnwF6MOBiGATIOL2eYfRPuP2fZL OCOjpQVJrHSC/QlKv6ojMsJEYHVEPz7oNv4nx8j9hGt96tVXTme9tZ2MxiKIN+IM GIGOSlqCE13Bwe4ylsB0/nHljXPolmN4dxbIbUa1/JvZBSA7L4YXYLiq0bBSQ3ys Kr9S8Yjt/tabAUSoAIJMxd2OY2VDkop0Zletpn6CrZlByWZqC1tKuVA6fV6ddpoJ YeSsTVwHDgHHQIFQT3IkqO6mBo+m/grNw18sPGFp04yAly1FKqR1oC0CNYG3dc/X EfZZg/QpPNiOI4wIRBWNbY926ILqrUwTltZDwEtCkKqsM7GVFuwi4tjs469/GVYF HMr+P8lpzRiNTdFildOX/BCdXorgVg0u4pF+8ktgmoOrB+qDp763jOrNkZQgIBev HUdBQFj6FPn9j+1OnczruslqBJc3gfUpxb+IgD/U3DhMI7r1rtJorgjo4RKhpUJ3 vMKvzIS/D5Ox0AkSYUObFgWR+vJ4QtzG+UhWJ0O4x2gKIKk0nJ0= =914j -----END PGP SIGNATURE-----
