Hi Thomas, On Fri, May 23, 2014 at 02:39:20PM +0800, Thomas Goirand wrote: > On 05/23/2014 01:16 PM, Salvatore Bonaccorso wrote: > > Source: keystone > > Severity: grave > > Tags: security upstream > > > > Hi Thomas, > > > > the following vulnerability was published for keystone. > > > > CVE-2014-0204[0]: > > Keystone user and group id mismatch > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204 > > https://security-tracker.debian.org/tracker/CVE-2014-0204 > > [1] https://bugs.launchpad.net/keystone/%2Bbug/1309228 > > > >>From advisory (code not checked) it looks wheezy version should not be > > affected, but could you please adjust the affected versions in the BTS > > as needed? > > > > Regards, > > Salvatore > > Hi Salvatore, > > This was already uploaded in version 2014.1-3. I forgot to edit the > debian/changelog for this (I uploaded mistakenly before I was finished > with my work). However, there's an update for the patch which the > package still doesn't have, so I will leave the bug open until I can > find the time to push for an updated patch.
Indeed, thanks for correction! I have added also a note on the security-tracker, that the patch needs a follow-up patch first (and we can mark then as fixed with 2014.1-4 or whatever it will be). Thanks for your work, Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
