UbuntuUpdates.org

Package "maas"

Name: maas

Description:

Ubuntu MAAS Server
Latest version: 1.2+bzr1373+dfsg-0ubuntu1~12.04.6
Release: precise (12.04)
Level: security
Repository: main
Homepage: https://launchpad.net/maas

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "maas"

All arch deb package
APT INSTALL

Other versions of "maas" in Precise

Repository Area Version
base main 0.1+bzr482+dfsg-0ubuntu1
security universe 1.2+bzr1373+dfsg-0ubuntu1~12.04.6
updates universe 1.2+bzr1373+dfsg-0ubuntu1~12.04.6
updates main 1.2+bzr1373+dfsg-0ubuntu1~12.04.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2+bzr1373+dfsg-0ubuntu1~12.04.6 2014-12-04 21:06:21 UTC

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.6) precise-security; urgency=medium

  * Fix compatibility with mod-wsgi security update (LP: #1399016)
    - debian/patches/home-directory.patch: specify a valid home directory
      for the maas user, since mod-wsgi no longer works without one.
 -- Marc Deslauriers <email address hidden> Thu, 04 Dec 2014 14:00:28 -0500
Source diff to previous version
1399016 MAAS failed to respond once libapache2-mod-wsgi upgrade on trusty

Version: 1.2+bzr1373+dfsg-0ubuntu1~12.04.5 2014-02-13 20:06:23 UTC

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.5) precise-security; urgency=low

  * SECURITY UPDATE: incorrect Content-type header allowed cross-site
    scripting vulnerability if an unknown API was used. (LP: #1251336)
    - debian/patches/CVE-2013-1070.patch: Use Content-type text/plain to force
      browsers to not render error messages as HTML.
    - CVE-2013-1070
  * SECURITY UPDATE: /etc/maas/txlongpoll.yaml contained a publicly readable
    password. (LP: #1254034)
    - debian/maas-region-controller.postinst: chown and chmod
      /etc/maas/txlongpoll.yaml with correct permissions
    - CVE-2013-1069
 -- Seth Arnold <email address hidden> Mon, 10 Feb 2014 22:49:35 -0800
Source diff to previous version
CVE-2013-1070 RESERVED
CVE-2013-1069 RESERVED

Version: 1.2+bzr1373+dfsg-0ubuntu1~12.04.4 2013-11-07 03:06:44 UTC

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.4) precise-security; urgency=low

  * SECURITY UPDATE: failure to authenticate downloaded content (LP: #1039513)
    - debian/patches/CVE-2013-1058.patch: Authenticate downloaded files with
      GnuPG and MD5SUM files. Thanks to Julian Edwards.
    - CVE-2013-1058
  * SECURITY UPDATE: configuration options may be loaded from current working
    directory (LP: #1158425)
    - debian/patches/CVE-2013-1057-1-2.patch: Do not load configuration
      options from the current working directory. Thanks to Julian Edwards.
    - CVE-2013-1057
 -- Seth Arnold <email address hidden> Fri, 01 Nov 2013 17:09:57 -0700
1039513 maas-import-pxe-files doesn't cryptographically verify what it downloads
1158425 maas-import-pxe-files sources path-relative config
CVE-2013-1058 RESERVED
CVE-2013-1057 RESERVED


About   -   Send Feedback to @ubuntu_updates