Your message dated Wed, 14 Aug 2013 21:17:11 +0000
with message-id <[email protected]>
and subject line Bug#719008: fixed in swift 1.4.8-2+deb7u1
has caused the Debian Bug report #719008,
regarding swift: CVE-2013-4155: Swift Denial of Service using superfluous
object tombstones
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
719008: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719008
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: swift
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for swift.
CVE-2013-4155[0]:
Swift Denial of Service using superfluous object tombstones
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4155
[1] http://marc.info/?l=oss-security&m=137589052905204&w=2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: swift
Source-Version: 1.4.8-2+deb7u1
We believe that the bug you reported is fixed in the latest version of
swift, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated swift package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Jul 2013 13:54:33 +0800
Source: swift
Binary: python-swift swift swift-proxy swift-object swift-container
swift-account swift-doc
Architecture: source all
Version: 1.4.8-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
python-swift - OpenStack Object Storage - libraries
swift - OpenStack Object Storage - common files
swift-account - OpenStack Object Storage - account server
swift-container - OpenStack Object Storage - container server
swift-doc - OpenStack Object Storage - documentation
swift-object - OpenStack Object Storage - object server
swift-proxy - OpenStack Object Storage - proxy server
Closes: 712202 719008
Changes:
swift (1.4.8-2+deb7u1) wheezy-security; urgency=high
.
* CVE-2013-2161: Applied fix for unchecked user input in Swift XML responses
(Closes: #712202).
* CVE-2013-4155: Backported fix for Denial of Service using superfluous
object tombstones (Closes: #719008).
* Updated debian/gbp.conf to track Wheezy fixes.
Checksums-Sha1:
a0f8c4bc97078453361956e1041838f4163c347b 1831 swift_1.4.8-2+deb7u1.dsc
b3ccd10902f9aa3432f02a6a0f89ed5a10e6b3ae 304096 swift_1.4.8.orig.tar.xz
986a092d9bbfbcaea7cd534bf3b0beb0511cbffa 21179
swift_1.4.8-2+deb7u1.debian.tar.gz
370be64932459c545e282ecd4b557c5c13b1984e 166230
python-swift_1.4.8-2+deb7u1_all.deb
99fd01b0ffda6c3fed2200024ae8561077d4858f 41604 swift_1.4.8-2+deb7u1_all.deb
37c0557289654b24f6d210a99e34538991fd0780 12704
swift-proxy_1.4.8-2+deb7u1_all.deb
d2ff33959ef90f57a92835982b617667895e954a 13036
swift-object_1.4.8-2+deb7u1_all.deb
b0436205f144963d124ce8921f4fda7786e4a608 11368
swift-container_1.4.8-2+deb7u1_all.deb
9f23260c937015828203c735d89d37bbf9405c6e 11524
swift-account_1.4.8-2+deb7u1_all.deb
dd5ffa91a9c8859d5bd8bbd5c56f99a27697ac6b 255802
swift-doc_1.4.8-2+deb7u1_all.deb
Checksums-Sha256:
da67ff95c99e4522676d0e0be175326c9b3039455ccef55f4bfddee4e830ab48 1831
swift_1.4.8-2+deb7u1.dsc
98c3596e0a35bc271d379d05f595c74c19de76d748b6a15873bb4ef5acaf92db 304096
swift_1.4.8.orig.tar.xz
ae23b8c5056a46d54777b0e8cd1c31a93a0272485831073fd35f7c932e4c8f4b 21179
swift_1.4.8-2+deb7u1.debian.tar.gz
5a76feca240b53592c3255a2bbc1acdd7cda03cc320ff153b90ee0d8d9ff477a 166230
python-swift_1.4.8-2+deb7u1_all.deb
c854d077cacc9df9885586e4d3624847fcc3e86594dd84cd3923ff663cd2823a 41604
swift_1.4.8-2+deb7u1_all.deb
3e07aee8a33cb1d3c589eb8863365d8e66f1bb4df616bd09ffb70fce395b7e46 12704
swift-proxy_1.4.8-2+deb7u1_all.deb
893cee1630d1534d8ba1df0dc40b8017651209c9fe7bdd6ccf2bc89ba1de9975 13036
swift-object_1.4.8-2+deb7u1_all.deb
f732b6250d0cce461fb03ab8b9ff65607eb6f37934fea74f349c0b65ce75568c 11368
swift-container_1.4.8-2+deb7u1_all.deb
33418ea49db08898f1c5549e5a7e4f5f9d0a5cede336b4a76a70984eed6300d4 11524
swift-account_1.4.8-2+deb7u1_all.deb
3aa30d2ed67cd69cac149036f863f15a693ba1696a514cec8a4a5a93163e010c 255802
swift-doc_1.4.8-2+deb7u1_all.deb
Files:
f368d5e3d33353d505c0af28ffa768ec 1831 net optional swift_1.4.8-2+deb7u1.dsc
66eb01f5e14a68e33de910acddd76b8a 304096 net optional swift_1.4.8.orig.tar.xz
c540a7c1039a322ff81763067b7b6fbb 21179 net optional
swift_1.4.8-2+deb7u1.debian.tar.gz
67c44018feec8e4f2c96cd177a20a4c7 166230 python optional
python-swift_1.4.8-2+deb7u1_all.deb
745f540450521d793d4f7a4fef9536b1 41604 net optional
swift_1.4.8-2+deb7u1_all.deb
f2e7c954a87246aced03f30e92fb9034 12704 net optional
swift-proxy_1.4.8-2+deb7u1_all.deb
07fd57d69b0630fec3d636ef95c07fb1 13036 net optional
swift-object_1.4.8-2+deb7u1_all.deb
1ee0cacfb6247803d50c142b27edbdcf 11368 net optional
swift-container_1.4.8-2+deb7u1_all.deb
486651afe7d8587dda8bad128ee052c1 11524 net optional
swift-account_1.4.8-2+deb7u1_all.deb
b8b2ce9623d09ddf0c08354d9f84d023 255802 doc optional
swift-doc_1.4.8-2+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlID4fYACgkQl4M9yZjvmkntKACg5LgNjh4G3FWNUJUwpa5WYWJs
ptEAnRU3Qy1/fJH1BPSF9LObLbugTKQH
=0rfF
-----END PGP SIGNATURE-----
--- End Message ---
