diff options
| author | James Falcon <james.falcon@canonical.com> | 2023-04-24 15:45:41 -0500 |
|---|---|---|
| committer | Chad Smith <chad.smith@canonical.com> | 2023-04-24 15:07:11 -0600 |
| commit | f3c56527e619b5804afd27171d2c5074fcde91de (patch) | |
| tree | e3e9058cb652dc00dfe954ab5192e3a8924e52bf | |
| parent | b499339f51deb44461eb1a2007f38e9e322c645d (diff) | |
| download | cloud-init-git-f3c56527e619b5804afd27171d2c5074fcde91de.tar.gz | |
update changelog
| -rw-r--r-- | debian/changelog | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index e29c28b2..32d2352b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,27 @@ +cloud-init (23.1.2-0ubuntu0~23.04.1) UNRELEASED; urgency=medium + + * d/changelog: updating 23.1.1-0ubuntu2 changelog entry deleting + mention of a snapshot that was not performed + * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions + Because user data and vendor data may contain sensitive information, + this commit ensures that any user data or vendor data written to + instance-data.json gets redacted and is only available to root user. + + Also, modify the permissions of cloud-init.log to be 640, so that + sensitive data leaked to the log isn't world readable. + Additionally, remove the logging of user data and vendor data to + cloud-init.log from the Vultr datasource. + + This is based on upstream release of 23.1.2 [(LP: #2013967)] + + - d/cloud-init.postinst: postinst fixes for LP: #2013967 + Redact sensitive keys from world-readable instance-data.json on upgrade. + Set perms 640 for /var/log/cloud-init.log on pkg upgrade. + Redact sensitive Vultr messages from /var/log/cloud-init.log + - (CVE-2023-1786) + + -- James Falcon <james.falcon@canonical.com> Thu, 06 Apr 2023 14:09:32 -0500 + cloud-init (23.1.1-0ubuntu2) lunar; urgency=medium * d/apport-general-hook.py: Add general apport hook to append cloud type, |