Your message dated Wed, 27 Feb 2013 13:18:21 +0000
with message-id <[email protected]>
and subject line Bug#701773: fixed in nova 2012.2.3-2
has caused the Debian Bug report #701773,
regarding nova: CVE-2013-0335: VNC proxy can connect to the wrong VM
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
701773: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nova
Version: 2012.1.1-13
Severity: important
Tags: security
Hi,
the following vulnerability was published for nova.
CVE-2013-0335[0]:
VNC proxy can connect to the wrong VM
See also the announcement[1].
Patches for folsom are available[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-0335
[1] http://marc.info/?l=oss-security&m=136190371727273&w=2
[2] https://review.openstack.org/#/c/22758/
At first glance it looks nova in testing/unstable and also
experimental are affected, could you please double-check?
Could you prepare a fixed pckage for unstable only containing the
needed change and contact the release team?
I have choosen severity important here. If I understand the issue
correctly, it would be possible for a user accessing a VM he does not
own.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2012.2.3-2
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 27 Feb 2013 20:39:26 +0800
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml
nova-compute-xen nova-compute-qemu nova-compute-kvm nova-xcp-plugins
nova-xcp-network nova-cert nova-scheduler nova-volume nova-xvpvncproxy nova-api
nova-network nova-objectstore nova-console nova-doc nova-api-os-volume
Architecture: source all
Version: 2012.2.3-2
Distribution: experimental
Urgency: low
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-api-os-volume - OpenStack Compute - Volume API frontend
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-compute-xen - OpenStack Compute - compute node (Xen)
nova-console - OpenStack Compute - console
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-objectstore - OpenStack Compute - object store
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage
nova-xcp-network - OpenStack Compute network plugin for the Xen Cloud Platform
nova-xcp-plugins - OpenStack Compute plugin for the Xen Cloud Platform
nova-xvpvncproxy - OpenStack Compute - XVP VNC proxy
python-nova - OpenStack Compute - libraries
Closes: 701773
Changes:
nova (2012.2.3-2) experimental; urgency=low
.
* CVE-2013-0335: VNC proxy can connect to the wrong VM (Closes: #701773).
Checksums-Sha1:
0b1a400c424169ce83c21b7d08a2f891c7206158 3139 nova_2012.2.3-2.dsc
dbc3b3313705e0bbebedacf4ec167a230d2d2cf4 1468347 nova_2012.2.3-2.debian.tar.gz
fe4f15e54bbb92d4c6f123cd35838e5d15c12456 2433706 python-nova_2012.2.3-2_all.deb
ac765d8ac781c0d0fab8e9f7e7e4ac189b963452 1437188 nova-common_2012.2.3-2_all.deb
1434b661edc320de698bc7443577dad10040ed02 1409216
nova-compute_2012.2.3-2_all.deb
22cf98331398ef313f7a0733ae3e79337f0c4ec5 1405028
nova-compute-lxc_2012.2.3-2_all.deb
e93c1691bd568ef8b159f253ee3e29117d127976 1405042
nova-compute-uml_2012.2.3-2_all.deb
9b043701b9f49d604da9ea143a5e578bc39bad6f 1413916
nova-compute-xen_2012.2.3-2_all.deb
863d2c784c436e473cc77f08769d78c41ce3f053 1405030
nova-compute-qemu_2012.2.3-2_all.deb
aa8918f8283542e28a1643a01ba92e41d32c3de4 1405114
nova-compute-kvm_2012.2.3-2_all.deb
d620daf087d2f949494f4efce3226951ff7f3e85 1421432
nova-xcp-plugins_2012.2.3-2_all.deb
2a8cec47e109c21b23902d416a463518a8adcab9 1411420
nova-xcp-network_2012.2.3-2_all.deb
a19b82a815394dbfd045a464e97424ab01d40198 1407304 nova-cert_2012.2.3-2_all.deb
40511bb7768de281318a735f75ceb3bb09160da6 1407322
nova-scheduler_2012.2.3-2_all.deb
0c90c4ce71a6acc47f5d78c8c443826291a9e268 1408016 nova-volume_2012.2.3-2_all.deb
03e31abcaf587917d2a0b0508d2327f95d689e72 1407250
nova-xvpvncproxy_2012.2.3-2_all.deb
548fdb9e6a5981d5f6d263d473ba739543de2b11 1413044 nova-api_2012.2.3-2_all.deb
70ca8bf6d1154f5f413e7f1959068623fa4b94fb 1409662
nova-network_2012.2.3-2_all.deb
28c8f212a584f334366c7626302f6cc86e75de22 1407406
nova-objectstore_2012.2.3-2_all.deb
7a7165ce17d5ab45dc48e67119736ad4ab4288f4 1407868
nova-console_2012.2.3-2_all.deb
a13fe631468186227b8607ef91ac61ac6d21c3c3 3517088 nova-doc_2012.2.3-2_all.deb
872e2c81bd7bd90d2a36706f12bb6312ccb3e9f0 1407186
nova-api-os-volume_2012.2.3-2_all.deb
Checksums-Sha256:
442361593257403b8ef22817bb72904663743b772472d7aba58d8fe398c584cb 3139
nova_2012.2.3-2.dsc
c8552da2039c14b26c06c46caabfc7ea98c9bb22ed8f46d5d37a7b67a600cea1 1468347
nova_2012.2.3-2.debian.tar.gz
a05afb85d40c6cb781c066819b8cc5455bfd9461ed5d26388d8aca21de53f563 2433706
python-nova_2012.2.3-2_all.deb
1aeaf5489cd58387517e0f68b3c1d3b44276eed73798e66493565ff55f75b908 1437188
nova-common_2012.2.3-2_all.deb
4bab29fad86c1afcc793128dfe866dd588fd8473e517c86e42727f5b8732126d 1409216
nova-compute_2012.2.3-2_all.deb
de5b09eee6334f6ba88eabee0e80b08d1bc14b7297d3d83d7841ece7bd6a2f77 1405028
nova-compute-lxc_2012.2.3-2_all.deb
c0dd4f83093d6595eed7434b0996316bc36bc490e157f07e6c1418db8b1b6f82 1405042
nova-compute-uml_2012.2.3-2_all.deb
3e92a9e69bc4f7f7f070ac241c20496c59ed4c7cfe2696f27120d431c198686c 1413916
nova-compute-xen_2012.2.3-2_all.deb
90e65e9dac1cd196483b1a61d31455ed04418adc6220af84ce9250de06b071c3 1405030
nova-compute-qemu_2012.2.3-2_all.deb
a2efc7d2a1722d13492431a8079ab8b7ba22fc572957fbb13779f6b2d8c27c24 1405114
nova-compute-kvm_2012.2.3-2_all.deb
21d8808827f6399cfd16ef300e4e0979e36c421537bdc306a3860061457c020c 1421432
nova-xcp-plugins_2012.2.3-2_all.deb
d4b491e4c0a9687b530740e071603bc156f9f1cee20a3eff5646845d1f62f0e7 1411420
nova-xcp-network_2012.2.3-2_all.deb
726cd832b1d89c5c65d4c78929ef9053fe1d8a2298fdaa3c8091b3c124c296d9 1407304
nova-cert_2012.2.3-2_all.deb
7d9a5b704aeee343055f89585af56b79a11e9d56d4ccb7b68a7195a06fe03943 1407322
nova-scheduler_2012.2.3-2_all.deb
856d9ca415aa565cc04239a89e76f35b866d3b5f89e0cb3ef6fe8fd083f150ae 1408016
nova-volume_2012.2.3-2_all.deb
cc7a0ec1c77131d58b9379d518d7165280376abaca20c9aca75ff1f5a441bc81 1407250
nova-xvpvncproxy_2012.2.3-2_all.deb
ae83d995a6b28d54a6a35fe8f538938c56cab4d5cdf5ca58a9b4873e4668bffb 1413044
nova-api_2012.2.3-2_all.deb
c86802241d523604aeb2ab515d212b36fc2766b14b1d7663c8d9ce4f95568a12 1409662
nova-network_2012.2.3-2_all.deb
39306f3e4efb408a0afee3a7b34cf115a8febd8a0b6b325dd3e8bb378348aea5 1407406
nova-objectstore_2012.2.3-2_all.deb
34dd8ff19337e57d0c43b3ffeb86626f2c932efa77d0b62409e5f8cd3a2d3e6d 1407868
nova-console_2012.2.3-2_all.deb
e46e74cb4898f006b3e395fd61b2b2052ab464321c59011b23fab8335ca95019 3517088
nova-doc_2012.2.3-2_all.deb
e1aab2783389aff4b36021829bac88d954c9bc98907c18d309b46515ad185ae4 1407186
nova-api-os-volume_2012.2.3-2_all.deb
Files:
587e8b297f02d80cf62846db5d2c4e1c 3139 net extra nova_2012.2.3-2.dsc
1856fb61d36e3f1a2560275c2c175f16 1468347 net extra
nova_2012.2.3-2.debian.tar.gz
2181c19e9ad3a1d962c31140d5ec95eb 2433706 python extra
python-nova_2012.2.3-2_all.deb
0f1c985497d17854fbde571e710fd493 1437188 net extra
nova-common_2012.2.3-2_all.deb
2944761988d02410cb8ac202150f665b 1409216 net extra
nova-compute_2012.2.3-2_all.deb
c3fdbc8c1f68d75663970865a13104b0 1405028 net extra
nova-compute-lxc_2012.2.3-2_all.deb
e395e824e5cf1bc915b05b4266f9bad0 1405042 net extra
nova-compute-uml_2012.2.3-2_all.deb
8bb8f3342c1cfb615bed4a0354d71d34 1413916 net extra
nova-compute-xen_2012.2.3-2_all.deb
e86ba7300ce65a2199ca3682329df9b7 1405030 net extra
nova-compute-qemu_2012.2.3-2_all.deb
f5c3a142059beca99b61ff12932ddf0c 1405114 net extra
nova-compute-kvm_2012.2.3-2_all.deb
ae961384f586b9358094a5ea386cf80e 1421432 net extra
nova-xcp-plugins_2012.2.3-2_all.deb
a7f0c2972d2f49aa4c910567f4a2c545 1411420 net extra
nova-xcp-network_2012.2.3-2_all.deb
a4177a18e8f8021d060f86f5010eee73 1407304 net extra nova-cert_2012.2.3-2_all.deb
d5a9b9615e7a11e1c63182eb9a10db72 1407322 net extra
nova-scheduler_2012.2.3-2_all.deb
4ac78e6d30b901542d135fe1a92041bc 1408016 net extra
nova-volume_2012.2.3-2_all.deb
1b49f01f7c33e0fa5270a8cfa3322ac5 1407250 net extra
nova-xvpvncproxy_2012.2.3-2_all.deb
8d36c98536b5cdae606e0fb7f06bdb0d 1413044 net extra nova-api_2012.2.3-2_all.deb
75f78a576a59bdc3b3fbff96a50dfeb5 1409662 net extra
nova-network_2012.2.3-2_all.deb
f04c2e14d4a3fca3ee5f1202cf8c9ffb 1407406 net extra
nova-objectstore_2012.2.3-2_all.deb
59c4a70b020c26db79cfd7555aaa5aa0 1407868 net extra
nova-console_2012.2.3-2_all.deb
24898038e15270cad727ba573a3f8eba 3517088 doc extra nova-doc_2012.2.3-2_all.deb
e2d244a6bfbaded813a98ffabb8f936a 1407186 net extra
nova-api-os-volume_2012.2.3-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlEuBvYACgkQl4M9yZjvmkl1DQCgvDE4LMlXXcbojQacUbzYB98R
S3cAnRqtCBa5LgqmCJVqnOXiVvQ8ZvGa
=b5kx
-----END PGP SIGNATURE-----
--- End Message ---
