On 05/23/2014 01:16 PM, Salvatore Bonaccorso wrote: > Source: keystone > Severity: grave > Tags: security upstream > > Hi Thomas, > > the following vulnerability was published for keystone. > > CVE-2014-0204[0]: > Keystone user and group id mismatch > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204 > https://security-tracker.debian.org/tracker/CVE-2014-0204 > [1] https://bugs.launchpad.net/keystone/%2Bbug/1309228 > >>From advisory (code not checked) it looks wheezy version should not be > affected, but could you please adjust the affected versions in the BTS > as needed? > > Regards, > Salvatore
Hi Salvatore, This was already uploaded in version 2014.1-3. I forgot to edit the debian/changelog for this (I uploaded mistakenly before I was finished with my work). However, there's an update for the patch which the package still doesn't have, so I will leave the bug open until I can find the time to push for an updated patch. Thanks for your care, Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
