Your message dated Thu, 14 Mar 2013 21:32:36 +0000 with message-id <e1ugflm-0003r2...@franck.debian.org> and subject line Bug#703063: fixed in glance 2012.2.3-2 has caused the Debian Bug report #703063, regarding CVE-2013-1840: Backend credentials leak in Glance v1 API to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 703063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703063 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: glance Severity: grave Tags: security Stuart McLaren from HP reported a vulnerability in the information potentially returned to the user in Glance v1 API. If an authenticated user requests, through the v1 API, an image that is already cached, the headers returned may disclose the Glance operator's backend credentials for that endpoint. Only setups accepting the Glance v1 API and using either the single-tenant Swift store or S3 store are affected.
--- End Message ---
--- Begin Message ---Source: glance Source-Version: 2012.2.3-2 We believe that the bug you reported is fixed in the latest version of glance, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 703...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated glance package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 15 Mar 2013 04:57:35 +0800 Source: glance Binary: python-glance glance-common glance-api glance-registry glance python-glance-doc Architecture: source all Version: 2012.2.3-2 Distribution: experimental Urgency: low Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: glance - OpenStack Image Service - metapackage glance-api - OpenStack Image Service - API server glance-common - OpenStack Image Service - common files glance-registry - OpenStack Image Service - registry server python-glance - OpenStack Image Service - Python client library python-glance-doc - OpenStack Image Service - Python library documentation Closes: 703063 Changes: glance (2012.2.3-2) experimental; urgency=low . * CVE-2013-1840: fixes "Backend credentials leak in Glance v1 API" (Closes: #703063). Checksums-Sha1: 52574ebc923cfcd4618769594ed9eaf4b4532616 2090 glance_2012.2.3-2.dsc 7a40f4ef4e28b4eeb26ef980d7dbc7242000f4d6 231823 glance_2012.2.3-2.debian.tar.gz 2d164ea5f5f575357264f3fe08269f404d03e786 435114 python-glance_2012.2.3-2_all.deb cfcfd58c8abc76bb5ffd5c24c73638f9c011e7c9 227670 glance-common_2012.2.3-2_all.deb 6b732e1d49e92e5a095420df1aeb5879671e9f77 221564 glance-api_2012.2.3-2_all.deb afe31f2e5d1e5eb4ca297146009fa4797725d51c 211828 glance-registry_2012.2.3-2_all.deb 5372435293dd5ca7429e060e709974fd19295b16 209830 glance_2012.2.3-2_all.deb 95887e5fd03f9bdb388d7df1710a96725aeacfd4 291640 python-glance-doc_2012.2.3-2_all.deb Checksums-Sha256: bfe54dafc2d5843168a8c6af6a59374e7d9d7125abb710c0498f0d81c739f409 2090 glance_2012.2.3-2.dsc 03190d127bddd78e4040a95e8777a388239a6654cd273a4774ca5d462d361178 231823 glance_2012.2.3-2.debian.tar.gz f90b529e5b9c3fdb7a257e5ba5bc6b1f7fe15b5872048924ffb214a446d0b0b4 435114 python-glance_2012.2.3-2_all.deb 6f5ca7970a57a485301a27e48bd67b70df418bd1e2706fcecfbcb42ff1d2a393 227670 glance-common_2012.2.3-2_all.deb 2657761dd13d84756fa1d5a2b9124337ee8eae03fc35d7073ada106983811e37 221564 glance-api_2012.2.3-2_all.deb b1f5a589ffb11a46f293a9493a419f6100151c5fa6d1744783d2edfc873ba773 211828 glance-registry_2012.2.3-2_all.deb 966c92320992989f500c0eab11d28a8c62fbdfbcb7f8bada494df83e3c779df3 209830 glance_2012.2.3-2_all.deb ee863e27a5796ff6e9f6e647aa26aa4b3e07e2a50c7dc1a8ea8b8c7316f6101e 291640 python-glance-doc_2012.2.3-2_all.deb Files: a14297b835033e9ceda1d024583b701f 2090 net extra glance_2012.2.3-2.dsc 1d3a269dd35a96765a046f2462e5715d 231823 net extra glance_2012.2.3-2.debian.tar.gz 6b3877419b7307845c2bbdfb726538c5 435114 python extra python-glance_2012.2.3-2_all.deb 9246527971914fe4bcc8d3c09a052374 227670 python extra glance-common_2012.2.3-2_all.deb 528648584f2cf78d7bb01e36d9b11101 221564 python extra glance-api_2012.2.3-2_all.deb f4385e07843dee23fc5869eb33572ea9 211828 python extra glance-registry_2012.2.3-2_all.deb 81b68aac560dd23a567076a22eb24503 209830 python extra glance_2012.2.3-2_all.deb 92c9cfcc0042af78acc4973840b6d5c2 291640 doc extra python-glance-doc_2012.2.3-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlFCP1kACgkQl4M9yZjvmknBRACg5hb9CnB07x792UGWWI4LOQn5 +S8AoOOaDq0WCU/9lq7yLsi5/Vby4zff =wdjt -----END PGP SIGNATURE-----
--- End Message ---
