Source: cloud-init Version: 22.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for cloud-init. CVE-2022-2084[0]: | logged schema failures can include password hashes Ubuntu has apparently fixed this with [1,2] and should affect only unstable/testing. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2084 [1] https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c [2] https://bugs.launchpad.net/cloud-init/+bug/1978422 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
