update changelog

1 files changed, 18 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index 4e944234..742b10f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,24 @@
 cloud-init (23.1.2-0ubuntu0~20.04.1) UNRELEASED; urgency=medium
 
-  * Upstream snapshot based on 23.1.2.
-    List of changes from upstream can be found at
-    https://raw.githubusercontent.com/canonical/cloud-init/23.1.2/ChangeLog
+  * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
+    Because user data and vendor data may contain sensitive information,
+    this commit ensures that any user data or vendor data written to
+    instance-data.json gets redacted and is only available to root user.
+
+    Also, modify the permissions of cloud-init.log to be 640, so that
+    sensitive data leaked to the log isn't world readable.
+    Additionally, remove the logging of user data and vendor data to
+    cloud-init.log from the Vultr datasource.
+
+    This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]
+
+    - d/cloud-init.postinst: postinst fixes for LP: #2013967
+      Redact sensitive keys from world-readable instance-data.json on upgrade.
+      Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
+      Redact sensitive Vultr messages from /var/log/cloud-init.log
+    - (CVE-2023-1786)
 
- -- James Falcon <james.falcon@canonical.com>  Fri, 21 Apr 2023 14:24:46 -0500
+ -- James Falcon <james.falcon@canonical.com>  Thu, 06 Apr 2023 14:09:32 -0500
 
 cloud-init (23.1.1-0ubuntu0~20.04.1) focal; urgency=medium