Bug#991441: marked as done (nova: CVE-2021-3654: novnc allows open redirection)

Mon, 16 Aug 2021 13:39:14 -0700 

Your message dated Mon, 16 Aug 2021 22:35:02 +0200
with message-id <[email protected]>
and subject line Re: Accepted nova 2:23.0.2-3 (source) into unstable
has caused the Debian Bug report #991441,
regarding nova: CVE-2021-3654: novnc allows open redirection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
991441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: nova
Version: 2:22.0.1-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.launchpad.net/nova/+bug/1927677
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for nova.

CVE-2021-3654[0]:
| novnc allows open redirection

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3654
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654
[1] https://bugs.launchpad.net/nova/+bug/1927677

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: nova
Source-Version: 2:23.0.2-1

On Mon, Aug 16, 2021 at 01:57:59PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Format: 1.8
> Date: Mon, 16 Aug 2021 13:27:20 +0200
> Source: nova
> Architecture: source
> Version: 2:23.0.2-3
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian OpenStack <[email protected]>
> Changed-By: Thomas Goirand <[email protected]>
> Changes:
>  nova (2:23.0.2-3) unstable; urgency=medium
>  .
>    * Do not maintain glance_api_servers through debconf (as the default of
>      reading its URL in the Keystone catalogue is better).
>    * Upload to unstable.

It looks this fixed CVE-2021-3654, #991441.

Regards,
Salvatore

--- End Message ---

Reply via email to