Bug#751454: marked as done (keystone: CVE-2014-3476: privilege escalation through trust chained delegation)

Fri, 13 Jun 2014 03:52:27 -0700 

Your message dated Fri, 13 Jun 2014 10:48:56 +0000
with message-id <[email protected]>
and subject line Bug#751454: fixed in keystone 2014.1.1-2
has caused the Debian Bug report #751454,
regarding keystone: CVE-2014-3476: privilege escalation through trust chained 
delegation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
751454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: keystone
Severity: grave
Tags: security upstream patch
Justification: user security hole

Hi Thomas,

As you might know, the following vulnerability was published for
keystone.

CVE-2014-3476[0]:
privilege escalation through trust chained delegation

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-3476
[1 
]http://lists.openstack.org/pipermail/openstack-announce/2014-June/000240.html

Please adjust the affected versions in the BTS as needed. From the
advisory at least all version up to 2013.2.3, and 2014.1 to 2014.1.1
are affected.

Regards and thanks for your work,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: keystone
Source-Version: 2014.1.1-2

We believe that the bug you reported is fixed in the latest version of
keystone, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated keystone package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 13 Jun 2014 17:30:08 +0800
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source all
Version: 2014.1.1-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
 keystone   - OpenStack identity service
 keystone-doc - OpenStack identity service - documentation
 python-keystone - OpenStack identity service - library
Closes: 751454
Changes:
 keystone (2014.1.1-2) unstable; urgency=high
 .
   * CVE-2014-3476: privilege escalation through trust chained delegation.
     Applied upstream patch. (Closes: #751454).
Checksums-Sha1:
 30cd367bb0b76febc7361c4973c570c74d969005 3531 keystone_2014.1.1-2.dsc
 ee129c87622e7c487e493a2fa868788cfdf8421a 206388 
keystone_2014.1.1-2.debian.tar.xz
 13fa9b6ce4d34d4bba86e6081ed6e62b9ddd9642 633510 
python-keystone_2014.1.1-2_all.deb
 3f0badef0025a9c0dd23c1714fb61adaab420751 273348 keystone_2014.1.1-2_all.deb
 8945ea5e533099c7357e718a965175852908496b 451108 keystone-doc_2014.1.1-2_all.deb
Checksums-Sha256:
 4e244372e71bfd8668bef8bc120d809e77123bb32e170a1d453477a92875b7d7 3531 
keystone_2014.1.1-2.dsc
 d3f23c026d9f81f70aa01e93ae69c1e96459ed9500d4e93ce5d08f00205493a9 206388 
keystone_2014.1.1-2.debian.tar.xz
 0dcf3ffcf2ca10fe63039d308e69c1f7c484b756d17b9346c50089e16bcce0e6 633510 
python-keystone_2014.1.1-2_all.deb
 41a917ebc4770fd6cfec203e47caadb7491d7570d072b35a2887ac873fc58664 273348 
keystone_2014.1.1-2_all.deb
 cc297832089d66b4fed2b882f3fe9dd44b66476aa286ee32b278bbbc9f419207 451108 
keystone-doc_2014.1.1-2_all.deb
Files:
 333133a87eeea7e58ab2204b8e17d289 633510 python extra 
python-keystone_2014.1.1-2_all.deb
 f30e0d87d38944d123f66c89c935da8a 273348 python extra 
keystone_2014.1.1-2_all.deb
 0cd3fe7b17b2c0ae267b881b2144ba12 451108 doc extra 
keystone-doc_2014.1.1-2_all.deb
 cec658a0b854909eeddbd4b98402ff4c 3531 net extra keystone_2014.1.1-2.dsc
 cd043f092e6d6e7fabbe403525413e67 206388 net extra 
keystone_2014.1.1-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTmtSJAAoJENQWrRWsa0P+rFAP/ixtrGmm/3Nd3JycsR5tiLbj
A5Ijbvu0jmBVCQpv+wV/o2LqZu0tamIRDW2b597aU+qbdTTOcDTNxKSLgv5v9UCv
POyBT9p8xr4Fe0p464nehylSoYtCyQ0miCvSzBZ2T2qEMI8Vp2AQ1GnHWpV13zkO
aYbXj+lSa9MGiAXgucnmTZNbDy+kVv/xnNRn2hPCI4VckhXlhuS5j0vmxSnMzCq2
5TlHwdsG45w4EQh8xbOQRD+ZpbnEt0bVS/8SiJ8zpyXyVw5qlbVD8Jq0uM4qADyE
khrj4FVX5P70JvrQgMN7p0mprQ1OoXfgj7e5se7gFvS5LhpLSS+i1GXIvW6jW031
06gI4tv5Es8dM0vvyN0RLlAhbwW9o0WwX/o/jRUEB+TSIV0SNzxG5e3V1mFAL4iq
dgtrHbgr2+bAikD+aYxeXcEQU3pDuMRCpTz6vRXarWxW9JQ14VjBf2M6Sh6PooHd
5seKL1aVUeTwtVkNAMSaXQBG92qnoscOQQqJiuS09Q+JYKIAha3QDj6Awp0swhPm
E51ny5RhsDkJOypa8VZX9hPDl86HfLcCS4yr2v1F7CCqwdLCOk663QsFbhvOBBMW
WAADw2ADev1JpEQf0sQ+utVRgCKb+B+HHegpoCYYZQX0lzLTdxWGsMT4HBCsFO5t
x3frKHr63GaqKGD4qjLI
=agyG
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to