Your message dated Wed, 22 May 2019 07:48:38 +0000 with message-id <e1htlzk-0001ls...@fasolo.debian.org> and subject line Bug#929332: fixed in ironic-inspector 8.0.0-3 has caused the Debian Bug report #929332, regarding ironic-inspector: CVE-2019-10141: SQL Injection vulnerability when receiving introspection data to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ironic-inspector Version: 8.0.0-2 Severity: grave Tags: security upstream Hi, The following vulnerability was published for ironic-inspector. CVE-2019-10141[0]: SQL Injection vulnerability when receiving introspection data If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10141 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10141 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1711722 [2] https://review.opendev.org/#/c/660234/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ironic-inspector Source-Version: 8.0.0-3 We believe that the bug you reported is fixed in the latest version of ironic-inspector, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated ironic-inspector package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 22 May 2019 09:20:30 +0200 Source: ironic-inspector Binary: ironic-inspector python3-ironic-inspector Architecture: source all Version: 8.0.0-3 Distribution: unstable Urgency: high Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: ironic-inspector - discovering hardware properties for OpenStack Ironic - Daemon python3-ironic-inspector - discovering hardware properties for OpenStack Ironic - Python 2.7 Closes: 929332 Changes: ironic-inspector (8.0.0-3) unstable; urgency=high . * CVE-2019-10141: SQL Injection vulnerability when receiving introspection data. Applied upstream fix: Eliminate SQL injection vulnerability in node_cache (Closes: #929332). Checksums-Sha1: 1e027abad1b3935a684ee58f99b7f4a2b3cd9546 3376 ironic-inspector_8.0.0-3.dsc b37910abfe0cbcddce0f02d1629d30c9b928150b 8064 ironic-inspector_8.0.0-3.debian.tar.xz 4c9c0066df7a59213e207b2e9bd4922a9cdfbad5 36696 ironic-inspector_8.0.0-3_all.deb d82962177a8d29d80db7594b87806f49413d8d98 13830 ironic-inspector_8.0.0-3_amd64.buildinfo 75e9a09e1d14aa1672ff735809cf8cf58b0b56ec 110688 python3-ironic-inspector_8.0.0-3_all.deb Checksums-Sha256: 5fe39181f0d03d0bd95260b72019be0c124fcacb0079945538ba12ff4315b54c 3376 ironic-inspector_8.0.0-3.dsc 69cc07db88cbf14ec43b6ecadd849d08d4e71e66273132e4e461f4422582b288 8064 ironic-inspector_8.0.0-3.debian.tar.xz a257d34974a3c2237dea8a213bdae72d6d644f41b7b6bda4345923c8e58fed1e 36696 ironic-inspector_8.0.0-3_all.deb 9293ee9dfe83d1b611a39f4dcce1e87a1eba1df044e8c335584c2659a996dda5 13830 ironic-inspector_8.0.0-3_amd64.buildinfo 5fd03311854e5df3354100c9081e2653c0651f5c887f1cebfb43379fb55a7bcf 110688 python3-ironic-inspector_8.0.0-3_all.deb Files: badb303748ace3baef903dd6f9ba1c07 3376 python optional ironic-inspector_8.0.0-3.dsc 88173ab7635893eb2e2476de61eaf33c 8064 python optional ironic-inspector_8.0.0-3.debian.tar.xz f81e2dc1cfc0dfeb9be43d11a307811d 36696 python optional ironic-inspector_8.0.0-3_all.deb 6c4d49676788a5650862b27acdebc8a8 13830 python optional ironic-inspector_8.0.0-3_amd64.buildinfo 7b318a170c3540e58692fff4bd96942b 110688 python optional python3-ironic-inspector_8.0.0-3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlzk+XsACgkQq1PlA1ho d6Z2og//fcCFWVXlJ1O/bzYMtLppGPThRiqtiAi0BYdgfNU0YLXxhT8uyy1G1ktu 5pTL6oB3Gt2C7Wr4e4k5MSgk+q5bFqFN5FG/xFivkmMpW+jgFzJGBwvohINFMMVJ LmTWRN3KRW7X69OVdiveYNA1vT6j4txDE5RIv62Y7zpg+BdF7CHRYYRlCZ5ecj1p zFS+nW/foSnU4BE+Zve0JuasqDVL3PfaKTbmjs5ZSRAY1m5P97AsA/2o9vVPTBfG VD3gY4Dz8E1XYImScgWqHidxrk6P7l95T+13aLazuUE4RdFZRJNUxNc0Qsa7ifOV FK6LvXPT5haPL+2A3LEE0xHmVbDCtGXwBaokx6MPE8IDXyl0ejhTA6OTbOqsBCX/ 1VCUbR9OssQHDbzILytCnvizxy1fCxFu27SgQ/OtXNVXuI33VVnD1qIr8YQodIak B8pgcRkGtya8XI9YlKnfh+jnUJq5RrmT8bkVw6OICUD2waLaQ5GSa1RAJdg3wbhH LLISPiXhTU3yO3tiGg80Qki0H9mtUYXf50UocK0DDdNqsKJSKd7jah7lz3bMMeIs SQfSAMA4MShKukywflIRKNbZbIS+TQYvMyRbqA5yyhtsVibv1RReTbvK7G6aj52S LNKgxdB0MOCCkCdHfAzc9VswVBBPWF8/w53gb3uJwMqMf4JQVME= =J3d6 -----END PGP SIGNATURE-----
--- End Message ---
