Your message dated Fri, 17 Aug 2018 17:02:16 +0000 with message-id <e1fqi8e-0006ut...@fasolo.debian.org> and subject line Bug#904616: fixed in keystone 2:10.0.0-9+deb9u1 has caused the Debian Bug report #904616, regarding keystone: CVE-2018-14432: GET /v3/OS-FEDERATION/projects leaks project information to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: keystone Version: 2:13.0.0-1 Severity: grave Tags: security upstream Hi, The following vulnerability was published for keystone. CVE-2018-14432[0]: GET /v3/OS-FEDERATION/projects leaks project information If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14432 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432 [1] http://www.openwall.com/lists/oss-security/2018/07/25/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: keystone Source-Version: 2:10.0.0-9+deb9u1 We believe that the bug you reported is fixed in the latest version of keystone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated keystone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 20 Jul 2018 20:56:41 +0200 Source: keystone Binary: python-keystone keystone keystone-doc Architecture: source all Version: 2:10.0.0-9+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: keystone - OpenStack identity service keystone-doc - OpenStack identity service - documentation python-keystone - OpenStack identity service - library Closes: 904616 Changes: keystone (2:10.0.0-9+deb9u1) stretch-security; urgency=medium . * CVE-2018-14432: authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Applie upstream patch for Ocata rebased to Newton: "Reduce duplication in federated auth APIs (Closes: #904616). Checksums-Sha1: c8c2c8444543c18f7313ff018c33ac22162ce703 3733 keystone_10.0.0-9+deb9u1.dsc 142c73b391350c7e4a2e724396942d554fc93dc7 840476 keystone_10.0.0.orig.tar.xz 2dc1a3a10310d6155268976cc0d7b2e9276cda59 39304 keystone_10.0.0-9+deb9u1.debian.tar.xz e75b671a6cfba52ad659a18d3015a684ac1e3790 241042 keystone-doc_10.0.0-9+deb9u1_all.deb d5e7fb6844d16175f9e3a92d5847c93e8f436e60 72020 keystone_10.0.0-9+deb9u1_all.deb fc870435050e328f242a78091e4f2ab1dd1e7f03 15228 keystone_10.0.0-9+deb9u1_amd64.buildinfo 8dda3f205b8023bdbda501a651e1fcb44ac21291 681674 python-keystone_10.0.0-9+deb9u1_all.deb Checksums-Sha256: 4c6656ce694fec84d40805f1d482b03229baeb44dd4ec8515530d5627ef888fd 3733 keystone_10.0.0-9+deb9u1.dsc 9572a66c165d6203d778a7141c85da0999be62fc23c7c30e45ae96384af59a2a 840476 keystone_10.0.0.orig.tar.xz ebf179cb346aed6b91a355409942c4870fb9a7ae7eac00fd32c13be05ebc74af 39304 keystone_10.0.0-9+deb9u1.debian.tar.xz ef6e9c46485fd64c15631dc33a5fe798fb140bc57560a4299bd233bd76284b45 241042 keystone-doc_10.0.0-9+deb9u1_all.deb 16ab25681c721db60fe76aba50eee7f24fafa9c0c03c665d7078a27a3763bd30 72020 keystone_10.0.0-9+deb9u1_all.deb c2e11a04634960163468c31342c6d921dda9a7293441df3099752d1af544cb0b 15228 keystone_10.0.0-9+deb9u1_amd64.buildinfo 5751f5a09fa821536c7d37ffba5594420074b57d0132bf9007ca74b1cb8bd77b 681674 python-keystone_10.0.0-9+deb9u1_all.deb Files: 25844878601bfab509b12f3ec35f79a3 3733 net extra keystone_10.0.0-9+deb9u1.dsc 85df19d6055facf9de5d9b0bb86efb2a 840476 net extra keystone_10.0.0.orig.tar.xz bf9ca05acae4feaff357bd3a3fa46fd3 39304 net extra keystone_10.0.0-9+deb9u1.debian.tar.xz e516212d2c266791d6262fbea1495e5c 241042 doc extra keystone-doc_10.0.0-9+deb9u1_all.deb 1eda5113004b3618f69c89b069efc552 72020 net extra keystone_10.0.0-9+deb9u1_all.deb d11a77f999ea1beb8e30095fa90e71dd 15228 net extra keystone_10.0.0-9+deb9u1_amd64.buildinfo 540f5a3624fa728b7c05929b1095ea17 681674 python extra python-keystone_10.0.0-9+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAltZmIEACgkQq1PlA1ho d6aP9w/+PlNl+rhj2dHaMAYNrTSu1u65yDj4k6V3ZeVEPBE0QZCrBdLoX38SAuJZ ud1/AMfewy494guAFJe8rtzwex85ihudr+JuBOdNcYjFPAv7diVTV/QL7xucA35I nPRHBVYGaBPJGwPNkeVILH5inM1TP8qxQBzGxVd1FWcbjnf5wOCNUABsJDWzJPcP 30YucKZfkCQFfv8+SxForRD13ZoY0bBPrt106hv2rhbZLN8pp6secDGsDRUh1e92 XG76x7ru3lRCXeGGu+BLnYCh4Ep1wlsU1G51tFFubZ2lpp+lDYF6hcj60dKB8xE7 QFVPIKgo0zaIzwQGFzZuvBlXJ/NvXIatL8vDQQnFCKCJDZayVet4eI9YrjHH0q9A jxh2d8KmrNISvMCDGySMEmxdSr92vYu3k6JivYU3eWdxa6u/VERWeRQIqZ9mTKFl VvBZrD2XszLynTYkKIiSndxgNWjRIN7Y1hyfn2ssJziQgOqBi87yqoSn6YxiI0UE h7zo+7Zl4zcHVm7pTZpeC+iT1rhPjK+KRrDqR2UQ4Bwg4kxQIptUka6BzgbYRbiY qSYFcIlB/9PPSCpjsGoq08Tp+OA5Xd5ohPVp3mYxR25t9oITdsnQi1ns7gYNfZnD /DudcPZu7j2f6w+y7IZoBu/VYsxVow0m1mqFx7V5MmiwLRfJB4c= =KzB4 -----END PGP SIGNATURE-----
--- End Message ---
