Format: 1.8
Date: Thu, 20 Apr 2023 20:37:40 -0500
Source: cloud-init
Built-For-Profiles: noudeb
Architecture: source
Version: 23.1.2-0ubuntu0~22.04.1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: James Falcon <james.falcon@canonical.com>
Launchpad-Bugs-Fixed: 2013967
Changes:
 cloud-init (23.1.2-0ubuntu0~22.04.1) jammy; urgency=medium
 .
   * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
     Because user data and vendor data may contain sensitive information,
     this commit ensures that any user data or vendor data written to
     instance-data.json gets redacted and is only available to root user.
 .
     Also, modify the permissions of cloud-init.log to be 640, so that
     sensitive data leaked to the log isn't world readable.
     Additionally, remove the logging of user data and vendor data to
     cloud-init.log from the Vultr datasource.
 .
     This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]
 .
     - d/cloud-init.postinst: postinst fixes for LP: #2013967
       Redact sensitive keys from world-readable instance-data.json on upgrade.
       Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
       Redact sensitive Vultr messages from /var/log/cloud-init.log
     - (CVE-2023-1786)
Checksums-Sha1:
 4282ad3257e46c24250335cb0a5d6c790c5bfda7 2287 cloud-init_23.1.2-0ubuntu0~22.04.1.dsc
 1159533ba8ebe9a6370083542fe15442242b9a92 1522393 cloud-init_23.1.2.orig.tar.gz
 c8e7b790e0f4f9877aee70ad7e19c0c93c73fa6a 89420 cloud-init_23.1.2-0ubuntu0~22.04.1.debian.tar.xz
 7fd84db2e4b67d4265e193a733873e1fb3efa15b 10314 cloud-init_23.1.2-0ubuntu0~22.04.1_source.buildinfo
Checksums-Sha256:
 d1efd7d312faac55b2c69ff268eb977f07663d6617e7dbf0a607bf4e0330d65e 2287 cloud-init_23.1.2-0ubuntu0~22.04.1.dsc
 4c3a2499d9953902a550e2134cceb5a9afd2324009404f6d52bb82d3e96dec3f 1522393 cloud-init_23.1.2.orig.tar.gz
 5e82b46d975661f3f73cb3ba00fe2023ff05797b9178d67122b655548e454d73 89420 cloud-init_23.1.2-0ubuntu0~22.04.1.debian.tar.xz
 cfba95f106a91cbc7a9068e349b611be6c8a945139eb954d5348c110ab4838f9 10314 cloud-init_23.1.2-0ubuntu0~22.04.1_source.buildinfo
Files:
 503537c0c60643646f15635f5e337c5e 2287 admin optional cloud-init_23.1.2-0ubuntu0~22.04.1.dsc
 265414ed51450bd88f03d7b247a9177b 1522393 admin optional cloud-init_23.1.2.orig.tar.gz
 cf84b66ff53a1361dbfc291e7623cdf6 89420 admin optional cloud-init_23.1.2-0ubuntu0~22.04.1.debian.tar.xz
 d02ce7939c2b830debbca2d05bf970b9 10314 admin optional cloud-init_23.1.2-0ubuntu0~22.04.1_source.buildinfo