Package "cloud-init"

  cloud-init (23.1.2-0ubuntu0~20.04.2) focal-security; urgency=medium

  * d/patches/netplan99-cannot-use-default.patch:
    - Retain routes' definitions compatible with netplan 0.99 (Fixes: #4133)
      (LP: #2020375)

 -- James Falcon <email address hidden> Fri, 19 May 2023 12:57:02 -0500

  cloud-init (23.1.2-0ubuntu0~20.04.1) focal; urgency=medium

  * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
    Because user data and vendor data may contain sensitive information,
    this commit ensures that any user data or vendor data written to
    instance-data.json gets redacted and is only available to root user.

    Also, modify the permissions of cloud-init.log to be 640, so that
    sensitive data leaked to the log isn't world readable.
    Additionally, remove the logging of user data and vendor data to
    cloud-init.log from the Vultr datasource.

    This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]

    - d/cloud-init.postinst: postinst fixes for LP: #2013967
      Redact sensitive keys from world-readable instance-data.json on upgrade.
      Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
      Redact sensitive Vultr messages from /var/log/cloud-init.log
    - (CVE-2023-1786)

 -- James Falcon <email address hidden> Fri, 21 Apr 2023 14:28:19 -0500

  cloud-init (22.2-0ubuntu1~20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: schema errors can cause cloud-init to leak
    userdata to system logs
    - d/cloud-init.postinst: redact previously leaked schema errors
      from logs
    - Remove schema errors from log (LP: #1978422)
    - CVE-2022-2084

 -- James Falcon <email address hidden> Wed, 15 Jun 2022 11:34:44 -0500