Format: 1.8
Date: Fri, 21 Apr 2023 14:44:30 -0500
Source: cloud-init
Binary: cloud-init
Architecture: all
Version: 23.1.2-0ubuntu0~18.04.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-114.buildd>
Changed-By: James Falcon <james.falcon@canonical.com>
Description:
 cloud-init - Init scripts for cloud instances
Launchpad-Bugs-Fixed: 2013967
Changes:
 cloud-init (23.1.2-0ubuntu0~18.04.1) bionic; urgency=medium
 .
   * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
     Because user data and vendor data may contain sensitive information,
     this commit ensures that any user data or vendor data written to
     instance-data.json gets redacted and is only available to root user.
 .
     Also, modify the permissions of cloud-init.log to be 640, so that
     sensitive data leaked to the log isn't world readable.
     Additionally, remove the logging of user data and vendor data to
     cloud-init.log from the Vultr datasource.
 .
     This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]
 .
     - d/cloud-init.postinst: postinst fixes for LP: #2013967
       Redact sensitive keys from world-readable instance-data.json on upgrade.
       Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
       Redact sensitive Vultr messages from /var/log/cloud-init.log
     - (CVE-2023-1786)
Checksums-Sha1:
 f69e4ab039bffe344e5d1594c37610cc90a56bbc 534984 cloud-init_23.1.2-0ubuntu0~18.04.1_all.deb
 7834d4ab57c56883116da812dd15bfa251db6131 7321 cloud-init_23.1.2-0ubuntu0~18.04.1_amd64.buildinfo
Checksums-Sha256:
 ecfc7c225f7987fdede95fda5421845c9c19aca122427335f1744065f95df09d 534984 cloud-init_23.1.2-0ubuntu0~18.04.1_all.deb
 8ae7c837a8b8a1980360d472f510805bf3902bc9249c87a218a47874c33f0318 7321 cloud-init_23.1.2-0ubuntu0~18.04.1_amd64.buildinfo
Files:
 f350d9af0554cfdfd24e9095a3ec7d5c 534984 admin optional cloud-init_23.1.2-0ubuntu0~18.04.1_all.deb
 54abd1979d173b3ae8b81808b8fc8544 7321 admin optional cloud-init_23.1.2-0ubuntu0~18.04.1_amd64.buildinfo