Your message dated Thu, 27 Nov 2025 09:45:50 +0100
with message-id <[email protected]>
and subject line Done
has caused the Debian Bug report #1082855,
regarding heat: CVE-2024-7319
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082855: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082855
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: heat
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for heat.
CVE-2024-7319[0]:
| An incomplete fix for CVE-2023-1625 was found in openstack-heat.
| Sensitive information may possibly be disclosed through the
| OpenStack stack abandon command with the hidden feature set to True
| and the CVE-2023-1625 fix applied.
https://storyboard.openstack.org/#!/story/2011007
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-7319
https://www.cve.org/CVERecord?id=CVE-2024-7319
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
FYI, this bug is fixed in Trixie and up, plus in all version of heat in
osbpo.debian.net. Only official Bookworm is still vulnerable. Anyone
willing to fix can take the version from Git in the debian/zed branch.
Cheers,
Thomas Goirand (zigo)
--- End Message ---
