diff -u vm-builder-0.9/VMBuilder/plugins/ubuntu/dapper.py vm-builder-0.9/VMBuilder/plugins/ubuntu/dapper.py --- vm-builder-0.9/VMBuilder/plugins/ubuntu/dapper.py +++ vm-builder-0.9/VMBuilder/plugins/ubuntu/dapper.py @@ -118,7 +118,7 @@ self.run_in_target('adduser', self.vm.user, group, ignore_fail=True) # Lock root account - self.run_in_target('chpasswd', stdin='root:!\n') + self.run_in_target('chpasswd', '-e', stdin='root:!\n') def kernel_name(self): return 'linux-image-%s' % (self.vm.flavour or self.default_flavour[self.vm.arch],) diff -u vm-builder-0.9/debian/changelog vm-builder-0.9/debian/changelog --- vm-builder-0.9/debian/changelog +++ vm-builder-0.9/debian/changelog @@ -1,3 +1,12 @@ +vm-builder (0.9-0ubuntu3.1) intrepid-security; urgency=low + + * SECURITY UPDATE: vm-builder creates predictable root password when + creating virtual machines (LP: #296841) + - VMBuilder/plugins/ubuntu/dapper.py: invoke chpasswd with '-e' + - CVE-2008-XXXX (to be filled in) + + -- Jamie Strandboge Tue, 11 Nov 2008 16:05:56 -0600 + vm-builder (0.9-0ubuntu3) intrepid; urgency=low [ Johan Euphrosine ]