Your message dated Sun, 10 Mar 2019 13:32:08 +0000 with message-id <e1h2yyi-000era...@fasolo.debian.org> and subject line Bug#917030: fixed in python-pykmip 0.5.0-4+deb9u1 has caused the Debian Bug report #917030, regarding python-pykmip: CVE-2018-1000872 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-pykmip Version: 0.7.0-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/OpenKMIP/PyKMIP/issues/430 Hi, The following vulnerability was published for python-pykmip. CVE-2018-1000872[0]: | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: | Resource Management Errors (similar issue to CVE-2015-5262) | vulnerability in PyKMIP server that can result in DOS: the server can | be made unavailable by one or more clients opening all of the | available sockets. This attack appear to be exploitable via A client | or clients open sockets with the server and then never close them. | This vulnerability appears to have been fixed in 0.8.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000872 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000872 [1] https://github.com/OpenKMIP/PyKMIP/issues/430 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-pykmip Source-Version: 0.5.0-4+deb9u1 We believe that the bug you reported is fixed in the latest version of python-pykmip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated python-pykmip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 24 Feb 2019 17:43:42 +0100 Source: python-pykmip Binary: python-pykmip python3-pykmip Architecture: source all Version: 0.5.0-4+deb9u1 Distribution: stretch Urgency: medium Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: python-pykmip - implementation of the Key Management Interoperability Protocol - python3-pykmip - KMIP v1.1 library - Python 3.x Closes: 917030 Changes: python-pykmip (0.5.0-4+deb9u1) stretch; urgency=medium . * CVE-2018-1000872: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. Applied upstream patch: Fix a denial-of-service bug by setting the server socket timeout (Closes: #917030). Checksums-Sha1: be5b8d09ee14fcfad1082932304b652ac0b7b1d2 2676 python-pykmip_0.5.0-4+deb9u1.dsc e41770a74f3285fea56218f241e9c93ba4637981 4704 python-pykmip_0.5.0-4+deb9u1.debian.tar.xz 78bfc8e3fea691ab0aa89e7642c9c98a7eeb1413 89202 python-pykmip_0.5.0-4+deb9u1_all.deb c7c72d714994a45aec972b0cc6e229d3784aae91 9156 python-pykmip_0.5.0-4+deb9u1_amd64.buildinfo b1e302ae578b20108ea196e9579b533fd7258211 85054 python3-pykmip_0.5.0-4+deb9u1_all.deb Checksums-Sha256: f33fc40f3df05745f175ce664030abb4ef78c23c365e68a861aab1c58937bb3f 2676 python-pykmip_0.5.0-4+deb9u1.dsc 9ee426f4f47e529e5265ee1e179b697d93ef0432e3bbcf2a7078ed6c7133818a 4704 python-pykmip_0.5.0-4+deb9u1.debian.tar.xz 50df9de86e54be7d160ddd4adfc3f1ecb92921507807d6a0c98eeb93d264fbd0 89202 python-pykmip_0.5.0-4+deb9u1_all.deb a9f68c3c87f1b8ab20b561b9de9775fefd329edc8f678a5ae2be8058f8ab79ce 9156 python-pykmip_0.5.0-4+deb9u1_amd64.buildinfo 45131285c6e3b50c4e0f398f7ae4d0121026f39913308fdc0b6e8851e7aaa953 85054 python3-pykmip_0.5.0-4+deb9u1_all.deb Files: adbe8a9c8a73924555c309d3b5c12fe9 2676 python optional python-pykmip_0.5.0-4+deb9u1.dsc 9ff1ec9813e4918f74a17598723d1a68 4704 python optional python-pykmip_0.5.0-4+deb9u1.debian.tar.xz 5621187dda6fbc086ca5eb7dffb2d676 89202 python optional python-pykmip_0.5.0-4+deb9u1_all.deb 74ef4a0a682a2d6c78eaa8364cc1aa8d 9156 python optional python-pykmip_0.5.0-4+deb9u1_amd64.buildinfo 05881ef0c2e47e2bca5676ea9c4d951d 85054 python optional python3-pykmip_0.5.0-4+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlx1OlkACgkQq1PlA1ho d6Y0YA//arXbTjzK0XpB8R4WHW+sA4nf/yzegZNC+wMHzKNurRRabewVEFaMug5t XfPzLUNK8KAuv/AQ6GqMoCeVr1o2P4BuLmacxWbGMMgtBwMQsGSTV/8LOK28J0+X 1Z83TLfenhkItO+NP+Hnz5xkZr/jlHwuCjfR8QCWMB1DhpjybUHdcDTzg8Dz7ff5 V7Zrb9bulcChYz7oUwUu+L8avayJzzU3+KPZdTP7SwfM3BtC18P87SUJGvpicl7x WCTr4A5OxJcR2PSr+E72UFIDPGh4FBtu0FpSrbRD5oN4TRWEsRm/duswYaSAVZX9 2XtthnQ5R2IAT3AYCZ0t53R29OlQHOmFB/8C2quumvi1PHNJ70MJIwGdn8wHda3D 5Iji3X+V4QR1ljrhpNU/EouiiPMEdfY/2F48wEF1fkns3x/I4/3Z+EAfYtfSUfeb w7joDJc+gAQXjJzwkAsdXDcG+cNrKI/vlJdfLUf/baDT9TNm57fqCERx40hQzTBi Ro7dLsOlXCV63v1a0akzKRNjl9Ogn18jxCwFkOaHcp1AH4YGMUnX6t9LQltDlBT7 0IkW1ucnESLT7clDUsH+KnPNMJ0nhfO4jV/+8azjwJIJSK3LzPTkr5bnASFj+67k T1Hvc6+banoK4Xl7u7SYK3CwgWoE25/EmSXtGKnezgtJM2xcegw= =Yq7P -----END PGP SIGNATURE-----
--- End Message ---
