Your message dated Sun, 03 Nov 2013 09:18:58 +0000 with message-id <e1vctpi-0000ot...@franck.debian.org> and subject line Bug#728233: fixed in keystone 2013.2-2 has caused the Debian Bug report #728233, regarding keystone: CVE-2013-4477: remove role assignment adds role using LDAP assignment to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 728233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: keystone Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for keystone. CVE-2013-4477[0]: OpenStack Keystone: Unintentional role granting with Keystone LDAP backend Patches are available trough the bugreport at [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-4477 [1] https://bugs.launchpad.net/keystone/+bug/1242855 Please adjust the affected versions in the BTS as needed (e.g. not checked if stable is affected). Regards and thanks for your work! Salvatore
--- End Message ---
--- Begin Message ---Source: keystone Source-Version: 2013.2-2 We believe that the bug you reported is fixed in the latest version of keystone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 728...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated keystone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 03 Nov 2013 16:02:42 +0800 Source: keystone Binary: python-keystone keystone keystone-doc Architecture: source all Version: 2013.2-2 Distribution: unstable Urgency: low Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: keystone - OpenStack identity service keystone-doc - OpenStack identity service - documentation python-keystone - OpenStack identity service - library Closes: 728233 Changes: keystone (2013.2-2) unstable; urgency=low . * Moved python-memcache to Depends: instead of Recommends:. * Added missing python-babel depends. * Fixes a failed install if the target computer doesn't have a default route (lp: #1247342). * CVE-2013-4477: remove role assignment adds role using LDAP assignment (Closes: #728233). Checksums-Sha1: 3f2d6a234268b4c342f16ca22dd49e6096f90192 3087 keystone_2013.2-2.dsc 2490d994fea77002164e0409a0f812969ae2d272 245924 keystone_2013.2-2.debian.tar.gz a6697e51071d40458a84b12e9bda939140fd9d89 561068 python-keystone_2013.2-2_all.deb 02fab3886265443f7a883a0598279ab789b4bbc6 254150 keystone_2013.2-2_all.deb 523254c78f4c9b9fdf78871604c56e72f6c1d793 414052 keystone-doc_2013.2-2_all.deb Checksums-Sha256: 91ac6a3a0ae969296a134a24a0e4c90d2976b9233107bcfdce88f0994ccb6739 3087 keystone_2013.2-2.dsc ce913109e33bb67a95e96a141456ab997b2bbcc00d9c554d3b905d4cfcd031c6 245924 keystone_2013.2-2.debian.tar.gz 278296befd59ae4f6ae0cb3c450b5c750bfbe1b0e4469a4661f2e2fc993f0c61 561068 python-keystone_2013.2-2_all.deb c608c5b04497f2e6189eeef1aa201e231067744a15560311854761bbf1e78606 254150 keystone_2013.2-2_all.deb c3f981a3b91d96060fbde50d9b08edff6cab17b9d5f7beee092c3e0751dc6462 414052 keystone-doc_2013.2-2_all.deb Files: 2213e6c09bcdbd346014b53243d57c43 3087 net extra keystone_2013.2-2.dsc 4c9012df783f8f0fe67d3e6efb04f454 245924 net extra keystone_2013.2-2.debian.tar.gz 97a88646a874e7e537f0f418e8079dc9 561068 python extra python-keystone_2013.2-2_all.deb 824feac794f9f82db2c86ae17b33151d 254150 python extra keystone_2013.2-2_all.deb 3a1ade80e574ffb28f556a8868857093 414052 doc extra keystone-doc_2013.2-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSdg6PAAoJENQWrRWsa0P+H/EP/03dXw8o5zbaEegIePSeb1UL bHDaNw8iLkzi220WugYNPaYezf91JLU1k1l4d02zNEHOwZ0O+Ce173bdwHm8SIfx MwtVq92EhnQJ1Xl3Amp8HQrIERdxuzLmfeJp20SPhgQ3CUhZ/bpBEcqSYc70xd/G mL9wVGv82ZVOt/D8S2+1TBVCYM9/ihx8J02s83OiRfy8juvUvRsL0I6LgRNTtQNS 9qj/B3uZcmk7a3L7OXIZOcFk8VFUSPQTg/7/HiDmwu5TB7WHABW9Q0Jfhht2Lvnf HJMbIDyUWYs/wp80InGLxIe2XJLtDCeT0y05TKzysvIJtWERzQD7s4PUyxyeVCo+ 0R7T1YRjgfXAXjmHQliYnx1cbspwQLcUpQAqaglJ9JW3uziWaVmgss0MAvkFUzRS cCnm4g4Thd4KpAGNdbJO+6Xdt1Uny6505YLwaqMLZmhGu1ARMn5U3UBWIjXBcolX qb9dtYLbyJTtaZujgl+LaWBDzdZ66kzTJs3xJBgKwXf6jiUvdfT1ZvWJ7mRs/m7v U0xtm2YBp8CRsZ7FThioSldZw5dRxXHadVrD1ZHXfjgMqmYT2+7WPw9OzIL3Uy2s iiGfstZ9UyKfg/tjGYPNy5zwgX5+3nG/jDDXFbYQ7AjrRtnO5Tqa/u9LeZ84qR4F Y+N/jahyUGNQV1Dln4wp =KLnK -----END PGP SIGNATURE-----
--- End Message ---
