Your message dated Fri, 17 Oct 2014 16:24:37 +0000
with message-id <[email protected]>
and subject line Bug#765714: fixed in nova 2014.1.3-5
has caused the Debian Bug report #765714,
regarding CVE-2014-7230 & CVE-2014-7231: Potential leak of passwords into log
files.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
765714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nova
Version: 2014.1.3-4
Severity: important
Tags: security
Description:
Amrith Kumar from Tesora reported two vulnerabilities in the
processutils.execute() and strutils.mask_password() functions available
from oslo-incubator that are copied into each project's code. An
attacker with read access to the services' logs may obtain passwords
used as a parameter of a command that has failed (CVE-2014-7230) or when
mask_password did not mask passwords properly (CVE-2014-7231). All
Cinder, Nova and Trove setups are affected.
This patch:
https://review.openstack.org/121096 (Nova)
seems to be already applied.
This one:
https://review.openstack.org/126699 (Nova ssh_execute)
will be included in the next upload: nova 2014.1.3-5.
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2014.1.3-5
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 17 Oct 2014 21:01:39 +0800
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml
nova-compute-qemu nova-compute-kvm nova-conductor nova-cert nova-scheduler
nova-volume nova-api nova-network nova-console nova-consoleauth nova-doc
nova-cells nova-baremetal nova-consoleproxy
Architecture: source all
Version: 2014.1.3-5
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-baremetal - Openstack Compute - baremetal virt
nova-cells - Openstack Compute - cells
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-conductor - OpenStack Compute - conductor service
nova-console - OpenStack Compute - console
nova-consoleauth - OpenStack Compute - Console Authenticator
nova-consoleproxy - OpenStack Compute - NoVNC proxy
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage metapackage
python-nova - OpenStack Compute - libraries
Closes: 765714
Changes:
nova (2014.1.3-5) unstable; urgency=high
.
* CVE-2014-7230 & CVE-2014-7231: Potential leak of passwords into log files.
Added CVE-2014-7230_CVE-2014-7231_Sync_process_utils_from_oslo.patch from
upstream (Closes: #765714).
Checksums-Sha1:
afb372beb42388ce3268cd134e46fab8499ce0f8 4617 nova_2014.1.3-5.dsc
7a7e7d7d9033c0bb1967e36b39c6bb1b187e7a91 213380 nova_2014.1.3-5.debian.tar.xz
de7790d736a00d96f46786f98a3af76d52ef220a 1765004 python-nova_2014.1.3-5_all.deb
37fca495da462f6feef28198c125b5850033767a 76334 nova-common_2014.1.3-5_all.deb
20a557c626bd21f230feaa1f1079913ffc6e6011 22020 nova-compute_2014.1.3-5_all.deb
8e858809c0648021c8606b1c73a23d492836871b 16642
nova-compute-lxc_2014.1.3-5_all.deb
ecd3c13f9c585b63513ec43cab936da196fcacbc 16658
nova-compute-uml_2014.1.3-5_all.deb
72fe3a2e7facf712a06c2872fd7a646f17c54398 16640
nova-compute-qemu_2014.1.3-5_all.deb
15e9e65031dd7d31f21353ed3acfd3b9065e4389 16752
nova-compute-kvm_2014.1.3-5_all.deb
c5e810cc443fa2d2a4b75fbb74518e64ce4ae0ea 19638
nova-conductor_2014.1.3-5_all.deb
9dbd3a3a9bfa0fbecc9da75962259d656f66e313 19744 nova-cert_2014.1.3-5_all.deb
2184ac17b85bb76c9b35b9af4965e1c419627b4c 20638
nova-scheduler_2014.1.3-5_all.deb
5e0747f1a75ac69ab46c1ce1777dea845b670d54 16292 nova-volume_2014.1.3-5_all.deb
95fcf62dce3b888a8190371c30e14ce9d98e9f83 37402 nova-api_2014.1.3-5_all.deb
213ba88e52731f3f31fa59a62f204ab81b9aa62d 21734 nova-network_2014.1.3-5_all.deb
ff96c1843348528bac2b5a078b593a55452b5d83 19748 nova-console_2014.1.3-5_all.deb
907da55e7ac06c9f1636c524a264dd988c9b0c3e 19694
nova-consoleauth_2014.1.3-5_all.deb
39fecac4ea488afada5d23b434363eb6ba59f2b1 1044564 nova-doc_2014.1.3-5_all.deb
6eb36ca09b5189c0c122d095cd6a65ff8fb2a12b 18760 nova-cells_2014.1.3-5_all.deb
225c934f56960e9268532ee13bd78afdd4791478 19108
nova-baremetal_2014.1.3-5_all.deb
d09163f936a0aa8651429f5ce794846d5c31271a 24746
nova-consoleproxy_2014.1.3-5_all.deb
Checksums-Sha256:
2f544b8b6d5927bbff7a114f466859e1f285db295e0e99f9dbe99d6bbb3cc12d 4617
nova_2014.1.3-5.dsc
07a76b8808b345421623b49c1d49303c6a7537cb7e6997726b298b517b49ce88 213380
nova_2014.1.3-5.debian.tar.xz
46b53972881ad8150d0f250f7b0fcd02a994aa4dc43bbd2e81e723a0dac28d8d 1765004
python-nova_2014.1.3-5_all.deb
38a5e607f32493b5bb89b4f256c77ce7fbd35b9f0b77ca2bf8d79b5351247052 76334
nova-common_2014.1.3-5_all.deb
d0200847e089869056ed28fff353569ce767c786a423a81a8bac71b0917a8ae9 22020
nova-compute_2014.1.3-5_all.deb
9bdc4a7daf2014a98f1be74ee2b882c4e95fb92c620b5a48574d05492fa3f5b1 16642
nova-compute-lxc_2014.1.3-5_all.deb
32d03bd47d07e0a666e7d6b7801d3e625d52ffcb734eff4856d7889a5f4f32ea 16658
nova-compute-uml_2014.1.3-5_all.deb
96e41ac53a96df4d1892faf54ef071279575cbf58629cc766adac3f4aacb5efa 16640
nova-compute-qemu_2014.1.3-5_all.deb
b5570b95bd615f184eb6c1c52ffc5d63a1ff48c22ede5ac49d88350e4218de11 16752
nova-compute-kvm_2014.1.3-5_all.deb
5653111c2842251d08f968c5f4ec52cfc28846fe2efb297a7986b272584ea3c7 19638
nova-conductor_2014.1.3-5_all.deb
4287e3657d95d3af66782c7cbab3cc09b5ac56ab8868398c94a44c7e31a9239e 19744
nova-cert_2014.1.3-5_all.deb
90e0d138b680b61fef90516eb34536f2cff5286700981f024194a90eb3ee8279 20638
nova-scheduler_2014.1.3-5_all.deb
d77d7f2a18f6d16120c52e417a312b23e4e3be711f2960522009886da764179d 16292
nova-volume_2014.1.3-5_all.deb
15fdb73578c25944fa5ab7c018a330ea98ee7b3e9d43780b14e5c2249226fdae 37402
nova-api_2014.1.3-5_all.deb
8b2312dba2f83703540f43157f3a29eea79a53ea5b518b9dd0f4f85dc9a07743 21734
nova-network_2014.1.3-5_all.deb
d17b8a3eef8631d57ed51a6e71e262ca730ab2c18a8748ffa7296f78dc053322 19748
nova-console_2014.1.3-5_all.deb
f7c695c98f5c7d0e8cfac60326c20309a395b0e0e9d07c774ac24f8c13f39dab 19694
nova-consoleauth_2014.1.3-5_all.deb
ad2b0581a56a93001df62d9b6939eb39a216807e26c133343ff275d6a67e67dd 1044564
nova-doc_2014.1.3-5_all.deb
7136e7f8b99220d7692619427e59eb69b6016576318fd5467e21600a8df07440 18760
nova-cells_2014.1.3-5_all.deb
2a3dae1d1af925360612f1c62b6668dffb6948a0aad51d1d3f02f6fc8b10d651 19108
nova-baremetal_2014.1.3-5_all.deb
231e2b3d6bb722ed6d6d5a3a695f39e2ae9e5fce60271c912a7faf8899c41ab2 24746
nova-consoleproxy_2014.1.3-5_all.deb
Files:
c21f9981893c81deb7cc6f516379ced9 4617 net extra nova_2014.1.3-5.dsc
2d57774479461e21f75413ef27c37b71 213380 net extra nova_2014.1.3-5.debian.tar.xz
173db71d09ec749a5610557c39e5fae0 1765004 python extra
python-nova_2014.1.3-5_all.deb
d99929a90bc77e6507b0ff103724e576 76334 net extra nova-common_2014.1.3-5_all.deb
3ae469ec7c17ebab54406853ea03e237 22020 net extra
nova-compute_2014.1.3-5_all.deb
ec00da521ae019246fd594365bc1e8ac 16642 net extra
nova-compute-lxc_2014.1.3-5_all.deb
bba5d1ae8aa846bb5d45e8ba35e73c06 16658 net extra
nova-compute-uml_2014.1.3-5_all.deb
ca4d94ec4dac25290043808edd428fd9 16640 net extra
nova-compute-qemu_2014.1.3-5_all.deb
685f30461cec75015c86667529fb2311 16752 net extra
nova-compute-kvm_2014.1.3-5_all.deb
ff7ab25ba04b984ea8b923b160426c20 19638 net extra
nova-conductor_2014.1.3-5_all.deb
cb1fde5aa4d3b3b39fbb01fd57a751c1 19744 net extra nova-cert_2014.1.3-5_all.deb
5ec085ccb2d9be325eaa6dd4a97d6abf 20638 net extra
nova-scheduler_2014.1.3-5_all.deb
04888c29c044f89780dc044f2abb0835 16292 oldlibs extra
nova-volume_2014.1.3-5_all.deb
c49eae23b3977eeec5f52c24f2cd6bc9 37402 net extra nova-api_2014.1.3-5_all.deb
fcb1af7940943b71af20cb6bd1612810 21734 net extra
nova-network_2014.1.3-5_all.deb
6e5ae7693af26ab84019f78f187bff94 19748 net extra
nova-console_2014.1.3-5_all.deb
8dc6354ad472e45af1f2746a6b7759dd 19694 net extra
nova-consoleauth_2014.1.3-5_all.deb
3f733616f423bfab24c51ed06cef6c53 1044564 doc extra nova-doc_2014.1.3-5_all.deb
a672bb5635e8c1ad516e6cf7e0fae4e6 18760 net extra nova-cells_2014.1.3-5_all.deb
5787947adb393dd744002077f4977879 19108 net extra
nova-baremetal_2014.1.3-5_all.deb
61aadf41f6980e552de7c1075f07ebec 24746 net extra
nova-consoleproxy_2014.1.3-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUQTyQAAoJENQWrRWsa0P+Qa4P/AmyRZXF0hQphVRXfjluQU9a
NOYbK5QAbcTNtZ2O7jdy7dh+2SCFxgNT4Ol8nDQ2XOLYwbguQkQOP7eniv7o9eFI
MqeYFhUxWu6n63+uE2069952Zhs1xp/j1sov1KkciiuwEUvvh1BmPeLCXWvoqN7E
O2oGYQa+iturej4VKRVvOSjs+fj6lA8/5u6rjt2Kz2iYbtO9bsr2zE6Guug2pvy+
MjdwO5dEiSGN9aOinuIqIAsPmDEM12Y9T/QjqtHC4/f9V4osX1CPOrI8QiZxdPvp
06ChEwol556IOB966VYUe1hR+fHABKLznRq3+NciwTKnzy/Gz5zGCh+d1vY2/wjX
iIivRXxsJJsRP9Fwhr/qV0Ta2omAdKv7nwF2WtFmdd9z7Uxj3/QeEdfhssClZ+kR
c544p9mOyIb+wAC4s07Nyb/Dho1/CXZ760j3m/00ePG6E+DGDP/wlFquSsF11qEc
/R2rSOtsxVTtL6keLrBZAf5i1yqPJci/ssLTSYU3PyNsj+EcC6zzhmmTSNVHjpVT
eqgeuJoLW11pPpSNYeviyNI/EWXgEUAjHDhXRV1LgX3vU59C0kGlV/K0t3VTZUrA
GstKKWaDp++Sc9g8IXJNF6gwd4LnA8836QnrR+QDnaptiVBazPXhIl0t5KLHTtsu
hm45WXFQ78BjrRqHVAiS
=iDxL
-----END PGP SIGNATURE-----
--- End Message ---
