Your message dated Wed, 22 Jun 2016 10:24:55 +0000 with message-id <e1bffl5-000774...@franck.debian.org> and subject line Bug#827886: fixed in ironic 1:5.1.2-1 has caused the Debian Bug report #827886, regarding ironic: CVE-2016-4985: Ironic node information including credentials exposed to unathenticated users to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 827886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ironic Version: 1:5.1.0-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for ironic. Setting security to grave, since looks it would allow to expose credentials to unauthenticated users. CVE-2016-4985[0]: Ironic node information including credentials exposed to unathenticated users If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4985 [1] http://www.openwall.com/lists/oss-security/2016/06/21/6 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ironic Source-Version: 1:5.1.2-1 We believe that the bug you reported is fixed in the latest version of ironic, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 827...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated ironic package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 22 Jun 2016 10:05:13 +0200 Source: ironic Binary: python-ironic ironic-common ironic-api ironic-conductor ironic-doc Architecture: source all Version: 1:5.1.2-1 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: ironic-api - bare metal hypervisor API for OpenStack - API server ironic-common - bare metal hypervisor API for OpenStack - common files ironic-conductor - bare metal hypervisor API for OpenStack - conductor ironic-doc - bare metal hypervisor API for OpenStack - doc python-ironic - bare metal hypervisor API for OpenStack - Python lib Closes: 827886 Changes: ironic (1:5.1.2-1) unstable; urgency=high . * New upstream release: - addresses CVE-2016-4985: Node information including credentials exposed to unathenticated users. Includes upstream patch: Mask password on agent lookup according to policy (Closes: #827886). Checksums-Sha1: ffbe40e61e55eea7b1813b92e35b9b9841de251e 4018 ironic_5.1.2-1.dsc c79991d77921054817f5d6ba865d0798f9090ec9 786436 ironic_5.1.2.orig.tar.xz 4fd13581286cfa3e5709a2160063b96028bc1b58 19828 ironic_5.1.2-1.debian.tar.xz 72e1bd677be0ba7232f15dfe521ebad746b60217 21110 ironic-api_5.1.2-1_all.deb 82451c716add17f2654a5c42c7eecaeef6824e7d 43162 ironic-common_5.1.2-1_all.deb eea1e235f3d54ef856c84ca65e46cd7e324b8db7 7304 ironic-conductor_5.1.2-1_all.deb 138be2d67d8903c1976e8e2a1e28d60a385cb5aa 369280 ironic-doc_5.1.2-1_all.deb 25985bef7e5d878de7f2a63fccf801ad37fae07a 474042 python-ironic_5.1.2-1_all.deb Checksums-Sha256: 1417953a65bb54d57c59a6e84072eb66dae4a791a792891e845d0939607a6afd 4018 ironic_5.1.2-1.dsc d22d358fb6938fb0ba35ffa47ad0715d42dff024f7db7b00d9b803f63629ec93 786436 ironic_5.1.2.orig.tar.xz 4fdcd122a00564b750a8a9d2ef8c162035f3277b294ce0f772c220aacf1d195e 19828 ironic_5.1.2-1.debian.tar.xz 64a452e260471ff6e09db18aa64a6da897c527ba8ec581ea4ac6bcf8f1253f81 21110 ironic-api_5.1.2-1_all.deb 3ff7e1033f5b5284c102c75a9af40887fb3296bd7089552b4dc779f947e0935e 43162 ironic-common_5.1.2-1_all.deb 453489005e6df7d3a2327371fce78894a373eb904fab2d676e364a679b11069b 7304 ironic-conductor_5.1.2-1_all.deb c35f0737bf6c59e7edcb68cb4b9020ceab1d467d73597f5332859eb4b8b7f38e 369280 ironic-doc_5.1.2-1_all.deb 669be1ca9a04fa648a4ede4ad30914553ce4f0df869b9eaecdc71ac386a3a801 474042 python-ironic_5.1.2-1_all.deb Files: 57a9e93b5e6078a6fec212d01266493a 4018 net extra ironic_5.1.2-1.dsc a94dabea254b4ef2a226785b56aaacc1 786436 net extra ironic_5.1.2.orig.tar.xz 493b2a40a806bdc5accb6ce6b483457e 19828 net extra ironic_5.1.2-1.debian.tar.xz 5acedd32275e9ddbf6aa1cf348541d9e 21110 net extra ironic-api_5.1.2-1_all.deb fb55d9bbe25638c4f1828c7639d98fe0 43162 net extra ironic-common_5.1.2-1_all.deb f6fe4b6d2455eb1147900f9fffe0bf03 7304 net extra ironic-conductor_5.1.2-1_all.deb be10bbaf83541b544d567b88ddbb4a7a 369280 doc extra ironic-doc_5.1.2-1_all.deb 7bfabf1ae86010eadddd7e60c0e7cb8f 474042 python extra python-ironic_5.1.2-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXak6vAAoJENQWrRWsa0P+mv0P/jS5VjFSZ2Dl7aW3Gg3sLWjM MC3hlktAiewXFQ+NPw86xFbLtmjeEckZrzIjaO18oQzFuxBCd817ubjGDE4U+zfv kqTip/sXCijqDa+xCEJgPVrgskl47yxJmPkRSkmHhFDOsBT0yK56HrHBpRqGqhRe T9X436i5S5AzBgQzWsdWVqmFD2JD7tZVldww0Ji//H36N2ltiFTJf0e74F36Hjob 00y1VTNsJE8gSnpOsE7MyV4c4VH7IiIXwOqrScGf8K8XBU3sSqs5HFiXMWQuzAJv RSzoVSTWHdGBrypyYeaGj89w1PyxQ4DGdidrUU+StyNTEOlEwWnpHGGPaY8TnLHS xoKB4lPY09U4dZo9KtDmNx6nd8ej5mJJHHicQFVyisQs1HDX2b1Jf4ehiBplJe0A DurZlPtQ6VmrES7d/M7ZvfZr1h1rTB+dCXqxqpXE5folf1utIwjpaaUkGqG+H1K+ FmniNvpcPswCdyKj+3/KRswPMNWq1Ojg7BPoXkHCNdAceSrKfh8dOosrI/GWZVPi 1HFtDW294GJ6KG4wdU8X4I4QpVtcT620he/lZeCyBdQwN6k1Pnm96TJ/xzYnAbwo xqT1zZ1+ZrO1eU3zDlS7Ah7WFt2XzOD2gENVWGZak2KqIE0nTAKpFFoR+hUAWVqE 8FWhXuGlP86kwMGJFTCX =z9+T -----END PGP SIGNATURE-----
--- End Message ---
