Your message dated Wed, 18 Dec 2013 12:19:21 +0000 with message-id <e1vtg5x-0004dt...@franck.debian.org> and subject line Bug#732033: fixed in heat 2013.2.1-1 has caused the Debian Bug report #732033, regarding heat: CVE-2013-6428 and CVE-2013-6426 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 732033: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: heat Version: 2013.2-4 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for heat, the first one beeing a privilege escalation. Only checked against havana (and this should be the first one with supporting heat). CVE-2013-6428[0]: Heat ReST API doesn't respect tenant scoping CVE-2013-6426[1]: Heat CFN policy rules not all enforced The upstream bugreports at launchpad contain also patches for havana. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6428 http://security-tracker.debian.org/tracker/CVE-2013-6428 https://launchpad.net/bugs/1256983 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6426 http://security-tracker.debian.org/tracker/CVE-2013-6426 https://launchpad.net/bugs/1256049 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: heat Source-Version: 2013.2.1-1 We believe that the bug you reported is fixed in the latest version of heat, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 732...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated heat package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 16 Dec 2013 16:25:10 +0800 Source: heat Binary: python-heat heat-common heat-engine heat-api heat-api-cfn heat-api-cloudwatch Architecture: source all Version: 2013.2.1-1 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: heat-api - OpenStack orchestration service - ReST API heat-api-cfn - OpenStack orchestration service - CFN API heat-api-cloudwatch - OpenStack orchestration service - CloudWatch API heat-common - OpenStack orchestration service - common files heat-engine - OpenStack orchestration service - engine python-heat - OpenStack orchestration service - Python files Closes: 732033 732265 Changes: heat (2013.2.1-1) unstable; urgency=high . * New upstream release. (Closes: #732033) * This release includes fixes for CVE-2013-6428 and CVE-2013-6426. * Fixes French debconf translation thanks to our Cheesemaster Christian Perrier (Closes: #732265) * Updates (build-)depends to use python-six >= 1.4.1 and python-iso8601 >= 0.1.8. Checksums-Sha1: 366d17eb12b66ceaf4ec4cc80078be44564be87c 3332 heat_2013.2.1-1.dsc abc12cf2aaf36685056690e0f3a156de8271317f 394596 heat_2013.2.1.orig.tar.xz 88949e02836bd6a24e33294c05e6725ecbc5facd 21562 heat_2013.2.1-1.debian.tar.gz b34b0cff040d09b7e32e59430619e840b4986d53 337932 python-heat_2013.2.1-1_all.deb 0a9988573de0bde4b1ac11b8cf58a5686c0b07e8 25806 heat-common_2013.2.1-1_all.deb 294c182fdfcdae7a477ea59c227c91f991c8e392 6664 heat-engine_2013.2.1-1_all.deb 385fe589ca8f8a082826c5b65f6de981ae148711 6668 heat-api_2013.2.1-1_all.deb 1f77eb7650bd734f4d86fb10f602092d1428c303 6766 heat-api-cfn_2013.2.1-1_all.deb 9a29ce2a62c554ac705694fda8ffdb68c8d5204f 6616 heat-api-cloudwatch_2013.2.1-1_all.deb Checksums-Sha256: 3b1e30a8a7c2a5a293151840c786a538fe392c8cd205dfcb23de9eab7f8b0ad6 3332 heat_2013.2.1-1.dsc 727fde5a88aa4567c5ece2e1e1c9f1a10ee3dceddc7cb3e641b8a29d472c6650 394596 heat_2013.2.1.orig.tar.xz 10e764aa5d4339b48a5b91da26f343aef907d49c03df39c418af889c7a23fd43 21562 heat_2013.2.1-1.debian.tar.gz 8c6646960f8fa68cff849e62491102c6d67d5bf7d7c0476e2d26a004f81f3817 337932 python-heat_2013.2.1-1_all.deb bb1497d988752476bfbfa8b41d2191781f71c53416e53df27416e00c0ef5ec93 25806 heat-common_2013.2.1-1_all.deb 173858c22dde4e44ca38749dbf7bf2f579f86241ba73b9806305ba1b53ac4ba6 6664 heat-engine_2013.2.1-1_all.deb d2bbfda87de556edc85eb7450973908ecc1e36f2537a158b3ac90ad2792dbf33 6668 heat-api_2013.2.1-1_all.deb b03aa005d85cd6e95dd580b14f261b8671b552ee5bead01f5ec9ff56ab8b122c 6766 heat-api-cfn_2013.2.1-1_all.deb e05e35bc9a5a7f318a0d9b8b5cc440591bc83acf383e712309fbc453929d00e3 6616 heat-api-cloudwatch_2013.2.1-1_all.deb Files: a2c27612d8f16d2b2a8e6d4a866ff000 3332 web optional heat_2013.2.1-1.dsc 38f277ab0debaaf0d54a4e7be946cf84 394596 web optional heat_2013.2.1.orig.tar.xz 95f6b879f4574bd815a82f1b9cf6214c 21562 web optional heat_2013.2.1-1.debian.tar.gz cf8f174014b062072f7a2a39a313b723 337932 python optional python-heat_2013.2.1-1_all.deb 3073217e3d85ba8767aead731ce2cd71 25806 web optional heat-common_2013.2.1-1_all.deb 1c1e446cbdde1f580c047c118f9d507a 6664 web optional heat-engine_2013.2.1-1_all.deb 63ccf1dfb7ff4b3c193027448a10fbd9 6668 web optional heat-api_2013.2.1-1_all.deb 62e7ced0f856f55381d95d77a224c3f2 6766 web optional heat-api-cfn_2013.2.1-1_all.deb 66060f3e57ee04c15fb0a7e631092b19 6616 web optional heat-api-cloudwatch_2013.2.1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSsZDzAAoJENQWrRWsa0P+pG8P/R0Ti6p0yYTJXSBKN75fSWGq DxE6OgxJfieDUpskDn2kEprIblWmY5wJt4OHJbW0yjJflGXnHrXSF0HL7Ip+zYQl eiC7xB3lj4iTM0incgw56+qJj7u3ATuDxcLIDIv6O2wRHkCiWl7Gg7Mo70gfWzjA uKyluWxgE7d6zrH2J+FJDjhTUUvVcfuiiiyeS+qdK7v/7qKGMH2yCC/v9rwXCHOc raiykQBsAzqJqhYFh8+B5htIVLJ53VN+M77PrsnCDUsp11Jn71lhcXItDK4WRG0V 267bTHteNg9oUzUDW71jh0n1TyFoEqXPzbNd5utAfPdSrilib2rRVkpSbZduuG6Y 1DnDKheJtaWcYJrHBHrv6+MIqHod4kAxAYrkqhtc7P2dY4oecUMPof1OcPsrWOyE /FcHgO14MAI9xx5S5MbG2btugd2udsGxpcKA6WM2wnb60N8re+k9gUGI7W+p7iZt YakORiiCoewp1NC1faPOz5LaUz1lJs4hY00p5YRXTZ1NDdS+U8Ut0X0bbBGe95Qj wceCygSOXI2O6T6hgYMk4OxboulusoE5VRJ0aP09lxYTS3Wq+2LNkApbXRgacCH/ s9BD/Qa+kt7z76pU2vTAHRUObL29GWCiafwOaO46EQh8pV/8YdseboKMmwpa7Iqi d/EydNHWKiNCvp43h6hC =sKjO -----END PGP SIGNATURE-----
--- End Message ---
