Your message dated Thu, 19 May 2016 10:21:59 +0000 with message-id <e1b3l5b-0005rv...@franck.debian.org> and subject line Bug#824683: fixed in keystone 2:9.0.0-2 has caused the Debian Bug report #824683, regarding keystone: CVE-2016-4911: Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 824683: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: keystone Version: 2:9.0.0-1 Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for keystone. CVE-2016-4911[0]: Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4911 [1] https://bugs.launchpad.net/keystone/+bug/1577558 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: keystone Source-Version: 2:9.0.0-2 We believe that the bug you reported is fixed in the latest version of keystone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 824...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated keystone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 19 May 2016 07:22:58 +0000 Source: keystone Binary: python-keystone keystone keystone-doc Architecture: source all Version: 2:9.0.0-2 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: keystone - OpenStack identity service keystone-doc - OpenStack identity service - documentation python-keystone - OpenStack identity service - library Closes: 824683 Changes: keystone (2:9.0.0-2) unstable; urgency=high . [ Ondřej Nový ] * Use /bin/sh as su shell in postinst script explicitly * Standards-Version is 3.9.8 now (no change) * Use /bin/sh instead of /bin/bash as default shell for "keystone" user . [ Thomas Goirand ] * Fix the cron job to not run if we're not using UUID tokens, as it otherwise fail and fill-up the log file (LP: #1520321). * CVE-2016-4911: Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass. Add upstream patch: "Fix fernet audit ids for v2.0". (Closes: #824683). Checksums-Sha1: 3cb43245739cc5e31c36085be45475c8ea86fc3a 3540 keystone_9.0.0-2.dsc 0535f4728886a6a16c51f532b540260dec1b3466 36172 keystone_9.0.0-2.debian.tar.xz 1fbe45966aeec751571a784e47c37b89c3988b8f 208832 keystone-doc_9.0.0-2_all.deb 9312105acb518c8bcf9d473c079338e27f0d2956 84956 keystone_9.0.0-2_all.deb f6397cdd788733489c82416e0031fad443a91af7 639334 python-keystone_9.0.0-2_all.deb Checksums-Sha256: 1f5fac9c64f5013a597eb21074480acbde445287dd394ebab5666bbc81125f96 3540 keystone_9.0.0-2.dsc efed738397470cd587ae2e30700588bd27a467bfa24c3418841a23653ab02563 36172 keystone_9.0.0-2.debian.tar.xz 6fc877745d994a1a125e940ce52830fe4e5a91a9bd020020016a61362ba4ac43 208832 keystone-doc_9.0.0-2_all.deb f7d794f8b4300f7d349881f438f43d3db6b26e01dcb0b70efad96a90afd0355f 84956 keystone_9.0.0-2_all.deb 6b458a09aa12b9cc1b8438b88411014646ab56533313c2949ad35d899e9062d2 639334 python-keystone_9.0.0-2_all.deb Files: bcf89d9c76e748b565e0cbd99357c2d6 3540 net extra keystone_9.0.0-2.dsc 27b47b3a7003f53e1dc8e810ca9d899c 36172 net extra keystone_9.0.0-2.debian.tar.xz c07d811aafed456256e74fd0c5eb852a 208832 doc extra keystone-doc_9.0.0-2_all.deb 34f9d8b24e91cd392cc4dac805cdf137 84956 net extra keystone_9.0.0-2_all.deb c33ad49774a7cebcbf50c940f2e83082 639334 python extra python-keystone_9.0.0-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXPX6mAAoJENQWrRWsa0P+atMQAI7FkeuRB72RkF5Z1+JyEOdj 9zKuxnV0+4dKFmVvFMXexrNB4UYgRUZguikp1xo0vCnz13T9nyOUgiHYokd7qO8c BanYmi2QYj4OeDU5Zg4M57v+pQHmSHu/Gyt90wyx+sZk/JUhXA7jToE7a1vxnBTq X5zBAHtouFs8CcEX88yzqDigpc60WXsNmCYXT7VNoW9iKK5HQFIWej2ZDE849mWE r7E7EutiKJ2OI6Zc9PRJMlhsKDkEQ/dTFxcLT4cPpPlTCaH/Sc9x7Tz+8wyetr9y AzhaQdZcjwcO1lnLP0c0ypnu4e+fSz8y9FBh0HKRdSVs8gM6Oa42ES81Lle2J0DS rACdLSSaH5MNRSqEUODzFXqdwQ9/UjudqPdgiZLCozL2OkMGyGG5depQm4I12Vlt h+h1GyarzGdbJxJ0yJom4cK/57BO+MGJjbyCulbXbtrWe4vtfPERPmMu0JIpcuDb rN7m0MI1n8172QD6sdAah3MGZQ3Krn5ad25EpVLtTYYZeiNf7NHtsNRbQ7MeluM3 ixPXufq4eLEgiCMOzrgXbh8LplPnN/0LzHRc2BUoS4Nwv7MzWwyvzj/cc/wjtHvV BzIOO6MT8kr3kskzkylkl8zFspTi16l4xHQTRLK2+uiHw9OuzG2bU+5LCOd63mio kvr1z8cWgtLDmknqzM76 =JZAL -----END PGP SIGNATURE-----
--- End Message ---
