Your message dated Sat, 31 May 2014 03:34:43 +0000
with message-id <[email protected]>
and subject line Bug#749026: fixed in keystone 2014.1-5
has caused the Debian Bug report #749026,
regarding keystone: CVE-2014-0204: Inproper role assignments to users
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
749026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: keystone
Severity: grave
Tags: security upstream
Hi Thomas,
the following vulnerability was published for keystone.
CVE-2014-0204[0]:
Keystone user and group id mismatch
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
https://security-tracker.debian.org/tracker/CVE-2014-0204
[1] https://bugs.launchpad.net/keystone/%2Bbug/1309228
>From advisory (code not checked) it looks wheezy version should not be
affected, but could you please adjust the affected versions in the BTS
as needed?
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: keystone
Source-Version: 2014.1-5
We believe that the bug you reported is fixed in the latest version of
keystone, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated keystone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 30 May 2014 23:09:45 +0800
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source all
Version: 2014.1-5
Distribution: unstable
Urgency: medium
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
keystone - OpenStack identity service
keystone-doc - OpenStack identity service - documentation
python-keystone - OpenStack identity service - library
Closes: 749026
Changes:
keystone (2014.1-5) unstable; urgency=medium
.
* Updates cve-2014-0204-stable-icehouse.patch with latest version from
upstream (Closes: #749026).
Checksums-Sha1:
c4713856862b8a86394859d0340798174b433a4b 3524 keystone_2014.1-5.dsc
2f464f39115d4eb97e9ed0ee0e6e3dd1f9c60a31 208296 keystone_2014.1-5.debian.tar.xz
d2b7716101aed738dd49f0950cf2844e374e4014 632380
python-keystone_2014.1-5_all.deb
3ea44911889dfea2d13ea2a1b0ee2e7902a9efac 272650 keystone_2014.1-5_all.deb
24a53e3ae17000ae42390f2f3a2e39eabcc16345 450892 keystone-doc_2014.1-5_all.deb
Checksums-Sha256:
eaab799065c68bc49a04847d556325dc6c02ffde4f51bf413f7cd3fee3146ff1 3524
keystone_2014.1-5.dsc
7def65b437d4f666ff87dea783040aa739f8cb8ccd0b572a747cb8a03a456344 208296
keystone_2014.1-5.debian.tar.xz
246ed15b19614145ce0426521f05cbe2dc7ef7c50df2ab01dc97395b5eba96f1 632380
python-keystone_2014.1-5_all.deb
3b3775fb0efd3be3bb4fba517fcc95bbdc8230fef61307bbbf47d887f8f0dcfb 272650
keystone_2014.1-5_all.deb
789aa143cd7a5693e5dd71877d5e1393782cc5558792904ddb48267fdda9933b 450892
keystone-doc_2014.1-5_all.deb
Files:
3d045131f5cfda5c8f7df7542ca4b082 632380 python extra
python-keystone_2014.1-5_all.deb
f8213d4f7fe5066a98fa6e36cd48c122 272650 python extra keystone_2014.1-5_all.deb
c6005f7f47d57bdeab8bd72a7ab63b24 450892 doc extra keystone-doc_2014.1-5_all.deb
50638e4b2ba7b5b7a557056fb3674db1 3524 net extra keystone_2014.1-5.dsc
1285b8d2ddc6f93704bfac87e82b125f 208296 net extra
keystone_2014.1-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTiUF7AAoJENQWrRWsa0P+0bcQAJqFL7pXFgCKbAKFZzexh58V
JgWwS4FLXzyeRn1j1uKeNL8RoG3bkuG4GvRGZutkxZ9qTdOHPKjVE8/Cy0K2ll5E
8InXogdUmUQ/1KlLsJlN7oWEeeWDafOtJI1lqY+6N/WF+AdqUjN4Ermq2QFzx3GE
DlllRFXyZ/zHKG3U/kRsiw+hRMJQGKs42Jm70+G7EVihZ3GGaL8eeCyOsNrEDsX4
b6yd0zwiF7lKWx7esz2tLg5CbYK2VEX1zz+yyQGAj78nKjB2xGGLNCn1OW0do9CY
tilWRFMM0T9HTIetJbjpAmhZAmxGT7BjPEQfu62PKSqzrmk8NmI3aOHQZ2ZaPRn1
F+Sw3vg2sb//Ypjg0G8rkvFRVcUdUyUFFKOmJK7x1A7LC7sNZprOOAw8HIcspMlt
SmmaH79/LC+3FIIgMfcb4UmA9zzBQWZs8Q5BMlBPykLYpKKqChDsDq/0e/Ay/KZP
DDQiBmBuJOAwtYTj+DJ+O0pCaR3mORixWAaNifm7YtaZfhSja0ZM4NOfpdIS4log
L7SZlB1zGWWYItDI4xAMzVvFPlgX35HU+P/HRTh/6WrvrGMgBnFperOPtX+p7YHc
XWm9OQRTc+gQyQAFXEHh3LAjK1SggfSs6uwjD7xK6ncVqtVpTsWFXCxd7snF+PzL
jvf5+KGBBxXlwGUr7QKO
=LicQ
-----END PGP SIGNATURE-----
--- End Message ---
