Your message dated Wed, 18 Dec 2013 15:22:12 +0000
with message-id <e1vtiwu-0006u7...@franck.debian.org>
and subject line Bug#731981: fixed in keystone 2013.2.1-1
has caused the Debian Bug report #731981,
regarding keystone: CVE-2013-6391: Keystone trust circumvention through
EC2-style tokens
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
731981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: keystone
Version: 2013.2-4
Severity: grave
Tags: security upstream patch
Hi Thomas,
the following vulnerability was published for keystone.
CVE-2013-6391[0]:
Keystone trust circumvention through EC2-style tokens
Upstream bugreport is at [1]. keystone in wheezy does not seem to be
affected, at least I have not found the vulnerable code (and upstream
also says it affects only (grizzly), havana and later).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
http://security-tracker.debian.org/tracker/CVE-2013-6391
[1] https://launchpad.net/bugs/1242597
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1039164
Regards, and thanks for your work.
Salvatore
--- End Message ---
--- Begin Message ---
Source: keystone
Source-Version: 2013.2.1-1
We believe that the bug you reported is fixed in the latest version of
keystone, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 731...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated keystone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 16 Dec 2013 16:46:48 +0800
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source all
Version: 2013.2.1-1
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
keystone - OpenStack identity service
keystone-doc - OpenStack identity service - documentation
python-keystone - OpenStack identity service - library
Closes: 731981
Changes:
keystone (2013.2.1-1) unstable; urgency=high
.
* New upstream release (Closes: #731981) This fixes CVE-2013-6391.
* Refreshed sql_conn.patch.
* Removed CVE-2013-4477-havana.patch now applied upstream.
* (build-)depends on python-iso8601 >= 0.1.8 instead of 0.1.4.
Checksums-Sha1:
2e5dcb41c51706b65f2871c250075157741d4bc2 3112 keystone_2013.2.1-1.dsc
3e675396c70b6745ba4c912c5c8f8de280929b50 498468 keystone_2013.2.1.orig.tar.xz
41004a48212ae9dc35b02d10e84c55429b7d3cd3 245428
keystone_2013.2.1-1.debian.tar.gz
5af35b54475572679cf2edf34f07be0c6d9db5b1 561456
python-keystone_2013.2.1-1_all.deb
c946920e8b0cc35421962d56d316a9132f6b60b9 255200 keystone_2013.2.1-1_all.deb
4cd6fad7f758088fad17d08cc08e0383247089ef 414214 keystone-doc_2013.2.1-1_all.deb
Checksums-Sha256:
94b880f9cd74d581555a6484f9ed77e60a2998205e1de1e831e6492be20b884d 3112
keystone_2013.2.1-1.dsc
36c75724056e01488ee061edbd8aee0cdb36005959038ba6f26b4b4e947ae4c9 498468
keystone_2013.2.1.orig.tar.xz
691217dcef67d7266a606d3ebbd64347f7f6641c2062425d89922200cb2e6ac4 245428
keystone_2013.2.1-1.debian.tar.gz
875a79035dbb227f80162913f779c3e415688b6a34885187a38c37115ce2af63 561456
python-keystone_2013.2.1-1_all.deb
3ec7715861ecc1ad23c94a341a8a094cb229d38ce758bfab5604226172d86260 255200
keystone_2013.2.1-1_all.deb
663025079d0e9fcc5f878125343e01634fbf0763a4df1965818773a842de02de 414214
keystone-doc_2013.2.1-1_all.deb
Files:
2ff150c9fd65aaeb6139613b550e8122 3112 net extra keystone_2013.2.1-1.dsc
c31e06dd732499be99667673eb1880ad 498468 net extra keystone_2013.2.1.orig.tar.xz
f4ca624b3a00fdce7044aaf3561b58ed 245428 net extra
keystone_2013.2.1-1.debian.tar.gz
cceec3ffaed9c4bd64b0cff55be26e9a 561456 python extra
python-keystone_2013.2.1-1_all.deb
e6d08ed488e7af14511153eae6f1fba9 255200 python extra
keystone_2013.2.1-1_all.deb
29c45d773f200e37e2726d0b7ecc6e79 414214 doc extra
keystone-doc_2013.2.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCAAGBQJSsbWIAAoJENQWrRWsa0P+GNgP/2osIjAhj7qRBpvlNjXr+Sqn
fDINWOixVhLuQJ30/AvdaZ7vFBiGjSsE4YjvQm8h80K1w4emz7GSd9tqD89NJAy2
YuFIXvF2/jMPyzy2r/MC4S38P0Qt1rtk6LmNbGBN8scpLjtKjk5FALxKfQvHl8Ov
vSUd8JtITXVVrUrwOiBlk3vAnF5or3QZraztWgH61RMUvF7iwlvSHtWBnBQnO1V0
coZVJfxoOz4OXu88KuCUqRSJcMJFl+5DMIcOBfW0YLXuOC6HHb7R/xyWX+0ts+Fg
sWxQ/1xuJsZCOcgx+YHcG/XaV8v7U/RnZgizK92ak3v9GwEBXcE9/bALqafQ+nwu
BYtg5wEF/cl3HzMd/LVz/qFhx/6QjSrJiubYDQ6GpRG5MQCyHPcWLdJPEVSH9w7F
qTmkDpHRqwQ8qObnBEi11rr3w2lXM4n6iB9avU6jyXPsRuuLcfDs9hX3mJrI5/7D
I98A4LSgUvZmjy07vff90NWsGqIiP4TsRpkKpqFLYQPD9JH/hR4sdxYOpWIYEmsg
hjTD1Ous8eqo2Fv4uURwcyS3RxrxQIQlf9tsar/LWoXzJN8eQ0cfGn1RuCMTjAwQ
nkwyWUQLyYnZwU6KZJ7rBCzzLoz0r0psa6CkhX7x6PST1n+38ugnSmtxP4XjGmDR
DFySTRzxIF94hLgYd+uZ
=KM1u
-----END PGP SIGNATURE-----
--- End Message ---
