Your message dated Mon, 27 Jun 2016 19:24:26 +0000 with message-id <e1bhc8w-000794...@franck.debian.org> and subject line Bug#828063: fixed in python-muranoclient 0.8.3-4 has caused the Debian Bug report #828063, regarding python-muranoclient: CVE-2016-4972: RCE vulnerability in Openstack Murano using insecure YAML tags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 828063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828063 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: murano Version: 1:2.0.0-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for murano. CVE-2016-4972[0]: RCE vulnerability in Openstack Murano using insecure YAML tags If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4972 [1] http://seclists.org/oss-sec/2016/q2/593 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-muranoclient Source-Version: 0.8.3-4 We believe that the bug you reported is fixed in the latest version of python-muranoclient, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 828...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated python-muranoclient package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Jun 2016 18:53:01 +0000 Source: python-muranoclient Binary: python-muranoclient python3-muranoclient python-muranoclient-doc Architecture: source all Version: 0.8.3-4 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: python-muranoclient - cloud-ready application catalog - Python 2.7 client module python-muranoclient-doc - cloud-ready application catalog - client doc python3-muranoclient - cloud-ready application catalog - Python 3.x client module Closes: 828063 Changes: python-muranoclient (0.8.3-4) unstable; urgency=high . [ Ondřej Nový ] * Standards-Version is 3.9.8 now (no change) * d/rules: Removed UPSTREAM_GIT, changed to default value * d/copyright: Changed source URL to new one . [ Thomas Goirand ] * CVE-2016-4972: RCE vulnerability in Openstack Murano using insecure YAML tags. Adds upstream patch: Use yaml.SafeLoader instead of yaml.Loader. (Closes: #828063). * Standards-Version is now 3.9.8 (no change). Checksums-Sha1: b826e21a1a82ad7a73417ec162e3af3f159d8597 3646 python-muranoclient_0.8.3-4.dsc 2f480e08de81091197a9cf1bf92f1f0ded8774ff 5804 python-muranoclient_0.8.3-4.debian.tar.xz f3e8fd0a00b97738a67e73c748b6bb50aa1231e2 17448 python-muranoclient-doc_0.8.3-4_all.deb 6ad24c09395be46acef30d03f473e6a5a25eecf6 68036 python-muranoclient_0.8.3-4_all.deb c12ff10c719053d41ec26d5f13b197790fe7b5de 66904 python3-muranoclient_0.8.3-4_all.deb Checksums-Sha256: 71fb76b7173c344bf0c592bdbd61361053a9a1cc8224a8cd6a2d0478247b1dd7 3646 python-muranoclient_0.8.3-4.dsc ae8d8ab4a664d32fb7df3d44dc8ab108c7bae3dffa8aeb55e93ebb8349c00cca 5804 python-muranoclient_0.8.3-4.debian.tar.xz e0dc15fbe8ee36b8d1c677d6cea04ca57ae05c05d4093fca3bccae60f7b47470 17448 python-muranoclient-doc_0.8.3-4_all.deb e09056e1550a506210a3c946314d4ba50ffa71b941c9f8cb16a2c862e0bb6f28 68036 python-muranoclient_0.8.3-4_all.deb 8d6874dc64f10fbe6a430728eacd3b08b935b654e5b5d9715c23f5c19ddbefeb 66904 python3-muranoclient_0.8.3-4_all.deb Files: 34d66640e1faa245790fed7f900aacbf 3646 python extra python-muranoclient_0.8.3-4.dsc a397286404c7325346ef194e68b1b25a 5804 python extra python-muranoclient_0.8.3-4.debian.tar.xz 02c5daa642b0c730e57656fa9051e379 17448 doc extra python-muranoclient-doc_0.8.3-4_all.deb a07a9ea3f0271adb58e42ad372bcf720 68036 python extra python-muranoclient_0.8.3-4_all.deb 8bd1933d80fe5e99255406b25edf313e 66904 python extra python3-muranoclient_0.8.3-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXcXnmAAoJENQWrRWsa0P+I8EP/iSm0qBdsJGOQjh+sd/S/Oyp 7dhHsvkPbZeMqrUq5k+C1p4wZlStQFcxjepZM9uh49avrFimexT6yBsuf72QUNZU UBvmpJwiq+OCRYSgDU2oiXejMb0EzIOtzkb7SfbK2FZGCLjuahSg4UkRNQtRGuy8 8RARdf2vHQQVavxbChSG5BvLrDO5Wq4t3XJucENoOehjJzYKUfNGeMe8Aydr4qer TmDiyyO0K4mymiN/V8DLbYfO53GkKIejfSw6EIMz1onMJ/6Yv5aewbW9gPtoGvOs 4zMB/lvU2XaftHwQW1LS10Uncao1eWbQZeQjK5rVikGQOVuWcsp01MrcgCYBELDs 4woJkML4NHdxGSiPdeWYNO216NCTKuZiPMCHcFh/uxgBjuCT3IhDrwbRJW+fAtWz QWwqowBKTzNAgGGEznYVOrAmX59YPpZDGSjexT+w60nEPkmwnZO6Nkvuu2Nytaco FwwdH+oQMYEZ+qivV6G3m63yxDGdeqEKB6Mx6mbxofQFcQUSZE/OxPMccxZrwU9T hswA3r5yGmWQAarwTpFk+4KIq0P5rFbq2ppX1sVij1YS92exhw763L6d78GyZk6e w6rN4IKlUQcUms+DTZKlghJjLylyRClxlEs5KvUo3V6q9ZgI+/x/BMu1P+xgk055 0F5Mi9kYcswUlOM3fHAT =6axg -----END PGP SIGNATURE-----
--- End Message ---
