Your message dated Sun, 23 Jun 2013 12:48:06 +0000
with message-id <[email protected]>
and subject line Bug#713819: fixed in python-keystoneclient 1:0.2.5-2
has caused the Debian Bug report #713819,
regarding python-keystoneclient: CVE-2013-2166 CVE-2013-2167: Issues in
Keystone middleware memcache signing/encryption feature
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
713819: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713819
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-keystoneclient
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerabilities were published for python-keystoneclient.
CVE-2013-2166[0]:
middleware memcache encryption bypass
CVE-2013-2167[1]:
middleware memcache signing bypass
See [2] for further reference.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2166
http://security-tracker.debian.org/tracker/CVE-2013-2166
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2167
http://security-tracker.debian.org/tracker/CVE-2013-2167
[2] http://marc.info/?l=oss-security&m=137165644225629&w=2
According to the advisory it should affect only upstream 0.2.3 to 0.2.5.
Could you please doublecheck this and adjust found version for the BTS?
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-keystoneclient
Source-Version: 1:0.2.5-2
We believe that the bug you reported is fixed in the latest version of
python-keystoneclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Prach Pongpanich <[email protected]> (supplier of updated
python-keystoneclient package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 23 Jun 2013 11:54:52 +0700
Source: python-keystoneclient
Binary: python-keystoneclient
Architecture: source all
Version: 1:0.2.5-2
Distribution: unstable
Urgency: low
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Prach Pongpanich <[email protected]>
Description:
python-keystoneclient - client library for the OpenStack Keystone API
Closes: 713819
Changes:
python-keystoneclient (1:0.2.5-2) unstable; urgency=low
.
* Add Fix-memcache-encryption-middleware.patch (Closes: #713819)
[OSSA 2013-017] Keystone middleware memcache signing/encryption feature
(CVE-2013-2166 and CVE-2013-2167)
Checksums-Sha1:
44e85f0384f55a3e5b135cf8431982ddddad584c 1776 python-keystoneclient_0.2.5-2.dsc
31c0d9c89fe78af037c7a3e77b659697b0646b66 36401
python-keystoneclient_0.2.5-2.debian.tar.gz
7b04954ec92feb7a7ef5c199e956c4429426f54f 82292
python-keystoneclient_0.2.5-2_all.deb
Checksums-Sha256:
9542240a152d0d1cf88c89569adcfd63caa774ca4efc9da6da829ae9a66f20e4 1776
python-keystoneclient_0.2.5-2.dsc
9ce930c74fa9fdf687533515f51a51c988e7bd1cdc25c457493bebc03cc693b0 36401
python-keystoneclient_0.2.5-2.debian.tar.gz
77cd2f2665bd02f233048494a6d3f176ca3f3a2c2bcee6724c80948061fc9094 82292
python-keystoneclient_0.2.5-2_all.deb
Files:
3a28f1a6995d0e76dcbe844a50e9d80c 1776 python extra
python-keystoneclient_0.2.5-2.dsc
777a1a04ee0c694786b29c279b45089d 36401 python extra
python-keystoneclient_0.2.5-2.debian.tar.gz
36689855748341798e3f19557b3fd020 82292 python extra
python-keystoneclient_0.2.5-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHG7pMACgkQl4M9yZjvmkmWKwCfQX/qqGtjizGBMgxRy/EoB2ji
rbYAn16mf0dDWv4X/A/VNJy5X8icON0o
=uGWG
-----END PGP SIGNATURE-----
--- End Message ---
