No security checks when creating branches from bundles
Bug #337942 reported by
Aaron Bentley
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
High
|
Tim Penhey | ||
Bug Description
We should add some security checks so that people can't write to branches they don't have permission to write to, or read from branches they don't have permission to read from.
| Changed in launchpad-bazaar: | |
| importance: | Undecided → Critical |
| milestone: | none → 2.2.3 |
| status: | New → Triaged |
| Changed in launchpad-bazaar: | |
| assignee: | nobody → thumper |
| importance: | Critical → High |
Revision history for this message
| Diogo Matsubara (matsubara) wrote | #1 |
| Changed in launchpad-bazaar: | |
| status: | Triaged → Fix Committed |
| Changed in launchpad-bazaar: | |
| status: | Fix Committed → Fix Released |
| visibility: | private → public |
To post a comment you must log in.
<matsubara> thumper, bug 337942 was critical earlier today. Do you mind explaining why importance was lowered?
<thumper> matsubara: because it isn't critical
<thumper> matsubara: it needs to be done before release
<thumper> matsubara: but was mistakenly given critical
<thumper> matsubara: it is high, and needs to be done
<thumper> matsubara: we don't run edge scripts
<matsubara> and bundles are only on edge right now?
<thumper> matsubara: right
<thumper> matsubara: the bundle processing was reverted from production rollout of 2.2.2