Bug#689210: marked as done (keystone: CVE-2012-445{6,7})

Mon, 01 Oct 2012 00:21:15 -0700 

Your message dated Mon, 01 Oct 2012 07:17:58 +0000
with message-id <e1tiagm-0007g8...@franck.debian.org>
and subject line Bug#689210: fixed in keystone 2012.1.1-9
has caused the Debian Bug report #689210,
regarding keystone: CVE-2012-445{6,7}
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: keystone
Severity: grave
Tags: security
Justification: user security hole

Hi,

two more CVEs were allocated for keystone:

CVE-2012-4456: fails to validate tokens in Admin API
CVE-2012-4457: fails to raise Unauthorized user error for disabled
tenant

Could you upload isolated fixes to unstable?

Regards,

-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: keystone
Source-Version: 2012.1.1-9

We believe that the bug you reported is fixed in the latest version of
keystone, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated keystone package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Oct 2012 05:52:23 +0000
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source all
Version: 2012.1.1-9
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description: 
 keystone   - OpenStack identity service
 keystone-doc - OpenStack identity service - documentation
 python-keystone - OpenStack identity service - library
Closes: 689210
Changes: 
 keystone (2012.1.1-9) unstable; urgency=high
 .
   * Fixes sometimes failing keystone.postrm (db_get in some conditions can
   return false), and fixed non-consistant indenting.
   * Uses /usr/share/keystone/keystone.conf instead of /usr/share/doc/keystone
   /keystone.conf.sample for temporary storing the conf file (this was a policy
   violation, as the doc folder should never be required).
   * Fixes CVE-2012-4457: fails to raise Unauthorized user error for disabled,
   CVE-2012-4456: fails to validate tokens in Admin API (Closes: #689210).
Checksums-Sha1: 
 b4140d9930871a3b5a2a82adc4c7847d2d5bfcc6 1898 keystone_2012.1.1-9.dsc
 1bcac4345f20d3d9fc1e1923813763ec206df008 24481 
keystone_2012.1.1-9.debian.tar.gz
 499ae47eda59e50d7408dc81e788eb967ef32322 92700 
python-keystone_2012.1.1-9_all.deb
 8d8515f60590c12613c09df24ae18bf99782fdb9 17404 keystone_2012.1.1-9_all.deb
 c98ca4b5e8eabf342d1530437e68e852c7731ef6 239946 keystone-doc_2012.1.1-9_all.deb
Checksums-Sha256: 
 95903a9ff8db265501aabebfedc9a587c7b350acce3efe581b667edf128afdf4 1898 
keystone_2012.1.1-9.dsc
 aa557112e510eeb988101cc2482a6bd1c6a148928f39a71289fe8c8992f294be 24481 
keystone_2012.1.1-9.debian.tar.gz
 f84faa719b1272fff0fdf41f0b39ebffaa919f98009a8ecfc51b9cffbeaa242e 92700 
python-keystone_2012.1.1-9_all.deb
 6d19e87f95c6bde2d0ec61d506f997a6dacf9170035daff0728e108546b136c5 17404 
keystone_2012.1.1-9_all.deb
 a9a15a32bf2eb78c11a1b1bea54843cdae7d4b834df17a095466c3f9f025579c 239946 
keystone-doc_2012.1.1-9_all.deb
Files: 
 191ed652897ebca7f16965df8a8b55da 1898 net extra keystone_2012.1.1-9.dsc
 821a494e1814a5abc5484ce38991385a 24481 net extra 
keystone_2012.1.1-9.debian.tar.gz
 bf7dc62526b06d9f219f1bac69a62379 92700 python extra 
python-keystone_2012.1.1-9_all.deb
 36c7bdaad215765a7b984f5736848acc 17404 python extra keystone_2012.1.1-9_all.deb
 81cd03f291794beb91ba735a8e798866 239946 doc extra 
keystone-doc_2012.1.1-9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBpPakACgkQl4M9yZjvmklabQCdHcK4ZMTdbNlNcdkGwxb8oHJd
yK0AnRcNr2qjJd5hV/PQp0TNSfo/d6M3
=L30x
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to