Your message dated Fri, 08 May 2020 23:03:46 +0000 with message-id <e1jxc1y-000asl...@fasolo.debian.org> and subject line Bug#959900: fixed in keystone 2:17.0.0~rc2-1 has caused the Debian Bug report #959900, regarding keystone: CVE-2020-12689 CVE-2020-12690 CVE-2020-12691 CVE-2020-12692 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 959900: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: keystone Version: 2:14.0.1-2 Severity: grave Tags: patch security kay reported a vulnerability in Keystone's EC2 credentials API. Keystone is the identity service used by OpenStack for authentication (authN) and high-level authorization (authZ). Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining "admin" while the user is on a limited "viewer" role. The details and patches are available here: https://bugs.launchpad.net/keystone/+bug/1872735
--- End Message ---
--- Begin Message ---Source: keystone Source-Version: 2:17.0.0~rc2-1 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of keystone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 959...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated keystone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 09 May 2020 00:14:15 +0200 Source: keystone Architecture: source Version: 2:17.0.0~rc2-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 952795 959900 Changes: keystone (2:17.0.0~rc2-1) unstable; urgency=medium . * New upstream release. - Includes fixes for multiple CVE: CVE-2020-12689 CVE-2020-12690 CVE-2020-12691 CVE-2020-12692 (Closes: #959900). * Uploading to unstable. * Update it.po debconf translation (Closes: #952795). Checksums-Sha1: b08e584056ecfaaa5a0b27ac6104ad44bf9573d8 3578 keystone_17.0.0~rc2-1.dsc 5eafbc4b57f9153bdbfdcf9146c9ed6268d02d4e 1037756 keystone_17.0.0~rc2.orig.tar.xz d5a73cb5a41bbda9c10978f62b25aed5ac9e0458 38860 keystone_17.0.0~rc2-1.debian.tar.xz fd2963f545dcdbe4f99166d79e9856daea73dfdb 16426 keystone_17.0.0~rc2-1_amd64.buildinfo Checksums-Sha256: f73330b2d7466edf12314310e54decdbc8e142a9c2e8138e9868729d455d9b5c 3578 keystone_17.0.0~rc2-1.dsc a9d2b8ba2774af332ddafc2c299294d15c461089bf253d1a5ed37ad65ce188ba 1037756 keystone_17.0.0~rc2.orig.tar.xz 2a7b01672c5561f4bcbbb84a6a1522e7e617927e45a112663ea98006fbfba755 38860 keystone_17.0.0~rc2-1.debian.tar.xz bf573b9de5870b49b17002789488c6f206c166220bc7ed9485c915490897523d 16426 keystone_17.0.0~rc2-1_amd64.buildinfo Files: f427f37f5cbd4184543acc9159717475 3578 net optional keystone_17.0.0~rc2-1.dsc 27ec09253c2ae4ba7e7a7a6aee8060e4 1037756 net optional keystone_17.0.0~rc2.orig.tar.xz 38c55d80637ef520fca640c6de7becc5 38860 net optional keystone_17.0.0~rc2-1.debian.tar.xz d914b09c553e53b311bac52282eff1f4 16426 net optional keystone_17.0.0~rc2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl614TkACgkQ1BatFaxr Q/4vSw/9F2m5H2yr+9K+4aXGyHYDZbQ7yxxeb8xICC6P60Zvr6omXVnzEjzxlxuK zj2ijvfqQPfxSSRN5izwmecaMZ6Xf1nlMpsx8wgSrTiHjybGJS3UJd+/s6oYLv2c Pn90D1Tabb0eZHsN0m/DjxrKjZj5A5v7X3MKZisqOU9EDQEjwlBtBwKEj6UuHZS/ c5rh7/t8/YC/B5gcWDX8eK0v+p0+uuWsWQLgM55RtpB+jsyuHwUvH8N47RQtU8Ua rDVpXfxfYIuqekWata96yQTLmZ7MCdzv04WGT+mHRTC0FOOGA8DxBf7va69YcWxI 3X7lzgClLXAKUOrDSkFKmNjgT7bwx+sdRTApjVLZpP9eEPxu3gcEVBBOdRSj8I4E 0GXBQjbACueb8LmIvMFsbjY/j6yPtxdF6WDiFeoR5KVqsTOvGVpf6gq6WVEhRZww TI9Ov9uOTd9/ERvjCOYtVRAvxLg9i8Ungl0tpkS1+VO+c68KNf53jUbQu37TfSzR o5RjDaIhnfsJOUlfNrPANPg/48R4SlmhzOdjFku6D5Pxca217mWlwQkV1vTGpNMY tPFJ9bLra9Ot3PSbpTk/gxYQoLe26qV2nUx1PlBbpvf+szyGWzBlbUzbEAoO6DpR aD0FiMR90J9hjc1UItr2Lha1/sRXxCs8y6UkrqYVoN2dNMLsWXg= =O6BE -----END PGP SIGNATURE-----
--- End Message ---
