Your message dated Sun, 24 Feb 2019 18:20:16 +0000 with message-id <e1gxyns-0000f4...@fasolo.debian.org> and subject line Bug#917030: fixed in python-pykmip 0.7.0-3 has caused the Debian Bug report #917030, regarding python-pykmip: CVE-2018-1000872 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-pykmip Version: 0.7.0-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/OpenKMIP/PyKMIP/issues/430 Hi, The following vulnerability was published for python-pykmip. CVE-2018-1000872[0]: | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: | Resource Management Errors (similar issue to CVE-2015-5262) | vulnerability in PyKMIP server that can result in DOS: the server can | be made unavailable by one or more clients opening all of the | available sockets. This attack appear to be exploitable via A client | or clients open sockets with the server and then never close them. | This vulnerability appears to have been fixed in 0.8.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000872 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000872 [1] https://github.com/OpenKMIP/PyKMIP/issues/430 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-pykmip Source-Version: 0.7.0-3 We believe that the bug you reported is fixed in the latest version of python-pykmip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated python-pykmip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 24 Feb 2019 17:30:07 +0100 Source: python-pykmip Binary: python-pykmip python3-pykmip Architecture: source all Version: 0.7.0-3 Distribution: unstable Urgency: high Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: python-pykmip - implementation of the Key Management Interoperability Protocol - python3-pykmip - KMIP v1.1 library - Python 3.x Closes: 917030 Changes: python-pykmip (0.7.0-3) unstable; urgency=high . [ Ondřej Nový ] * d/control: Add trailing tilde to min version depend to allow backports * d/control: Use team+openst...@tracker.debian.org as maintainer . [ Thomas Goirand ] * CVE-2018-1000872: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. Applied upstream patch: Fix a denial-of-service bug by setting the server socket timeout (Closes: #917030). Checksums-Sha1: b2588a52063c45accae7c3b2414389a6db3bc9ef 2579 python-pykmip_0.7.0-3.dsc 1d05b65a003a46a26d4a84dba7b30e57ea0b9b19 5284 python-pykmip_0.7.0-3.debian.tar.xz f36446db24f2420c5c553ad1ff0295fef682ff3f 123156 python-pykmip_0.7.0-3_all.deb 1c4692222c30a3ef3cdd33167e427f48bd122e6f 9395 python-pykmip_0.7.0-3_amd64.buildinfo 774d34b0d8ecaf4f5b66e96c020ba75c78a37305 118328 python3-pykmip_0.7.0-3_all.deb Checksums-Sha256: 83045bb9bb0ff5b50bc70b6550e60117d19bd6e84db781895ce806c261424dd7 2579 python-pykmip_0.7.0-3.dsc 788e357347de57d6c97c9c2cd28d58092c0f455b0ab3576574731eeb751e134e 5284 python-pykmip_0.7.0-3.debian.tar.xz 3d64d97c3bb0e12bd8b6a510df6fd1448e97a57d54891fbfb7ebdb6ca4fac934 123156 python-pykmip_0.7.0-3_all.deb f10d18f6a9364d92eb5c1a1a5e029673dd1b944ada48bfab428813d818360ec0 9395 python-pykmip_0.7.0-3_amd64.buildinfo 3c328101d17d7f317cea86f85e30dd7a8d8cf0d5f22b32f9ffab989ccf10d987 118328 python3-pykmip_0.7.0-3_all.deb Files: 0abcd1c94ad4fc247d6d079f94ce9ad0 2579 python optional python-pykmip_0.7.0-3.dsc 87009bc93fb7d27494a46ef45725df76 5284 python optional python-pykmip_0.7.0-3.debian.tar.xz 6c445e5437f91ffaec59f71c99bc3417 123156 python optional python-pykmip_0.7.0-3_all.deb e447749001c8f319797d5cdaee8e2cac 9395 python optional python-pykmip_0.7.0-3_amd64.buildinfo 51ff4705b496e8546f931353e42c808c 118328 python optional python3-pykmip_0.7.0-3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlxy2yUACgkQ1BatFaxr Q/55bBAAoNPNNRqq3ccMcFBUjBOSZLvwSOJSSaFiIioemZkjXP1X5yghqI1FY/SQ /rVcz5DwfCiOoCRFnHJmPACWaHvAtMY8hbBuZ8b2Y1zcQU9kSdWrU7pHzpzGsDfG ZxmhzthWWuuEuraJktr1sXsP9bm8sFwdI8SlYRyZ5rnniGPoihfDyszwShLYXWts x+bNVY/2YPOrfnBPGTggc6ItQQkYq9JIwsaAk7qDmO4NVcByW8ZWKIzqweh4UYsD Qd22f4rSIl5LXlrtVlwmP00eaYjxrzLjfCbMFMq06eRvTJEzB5dq7cogoQbP6x/V gqbkjcdUEhkWNpE66JY3cAtT6jMm6HvH699euxqy+37ACwqBtxzOveZvHByPjx1i gMdm/WYRU3IcUjxKulL8QRyAykoGmVi7wSkn5dF65wR3jBnKQYMNki9wI9NQCubw k3bNETsgOJkfLuF8ydNZsMcOKJ5LHOLSLdG+ZRbvh+UpTR/QTXFQYokZ3bAepjkV iXU6nBZT4kvGhKCMXWF0A8PaDrKIyh6soktCazkVPk1DWUzvmaBhP/lbAskCeMOW AaThsuxJ8hIu79ple4tke6rUyJcYwk+9O+ayYKlqjyrgNEZjkTfCavR8LJhz4bIW UXcqYC6tLAHPSBgJ2gY9iKfkiwnWz24TeRjigBeniWjZDaCI5bU= =bZXS -----END PGP SIGNATURE-----
--- End Message ---
