Your message dated Fri, 28 Nov 2025 09:42:45 +0100
with message-id <[email protected]>
and subject line Done
has caused the Debian Bug report #1063795,
regarding python-glance-store: CVE-2024-1141
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1063795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063795
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-glance-store
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-glance-store.
CVE-2024-1141[0]:
| A vulnerability was found in python-glance-store. The issue occurs
| when the package logs the access_key for the glance-store when the
| DEBUG log level is enabled.
https://bugzilla.redhat.com/show_bug.cgi?id=2258836
https://github.com/openstack/glance_store/commit/d6e531af4821c8466b1e9404f12f89f6216417f2
https://github.com/openstack/glance_store/commit/a5ba027922ba1230b4ae9abb810f36427be6354a
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-1141
https://www.cve.org/CVERecord?id=CVE-2024-1141
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
This bug was addressed in at least Trixie, and was back-ported in
earlier versions available in osbpo.debian.net (haven't checked official
Bookworm and Bullseye though).
Cheers,
Thomas Goirand (zigo)
--- End Message ---
