Your message dated Wed, 18 Apr 2018 12:19:41 +0000
with message-id <[email protected]>
and subject line Bug#893690: fixed in dogtag-pki 10.6.0-2
has caused the Debian Bug report #893690,
regarding dogtag-pki: CVE-2018-1080: Mishandled ACL configuration in
AAclAuthz.java reverses rules that allow and deny access
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
893690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893690
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dogtag-pki
Version: 10.5.5-1
Severity: grave
Tags: security upstream
Forwarded: https://pagure.io/freeipa/issue/7453
Hi,
the following vulnerability was published for dogtag-pki.
CVE-2018-1080[0]:
Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and
deny access
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1080
[1] https://pagure.io/freeipa/issue/7453
[2] https://review.gerrithub.io/#/c/404435/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dogtag-pki
Source-Version: 10.6.0-2
We believe that the bug you reported is fixed in the latest version of
dogtag-pki, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated dogtag-pki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Apr 2018 15:07:20 +0300
Source: dogtag-pki
Binary: dogtag-pki pki-base pki-base-java python3-pki-base pki-tools pki-server
pki-ca dogtag-pki-console-theme dogtag-pki-server-theme pki-console pki-kra
pki-ocsp pki-tks pki-tps pki-tps-client pki-javadoc libsymkey-java libsymkey-jni
Architecture: source
Version: 10.6.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
dogtag-pki - Dogtag Public Key Infrastructure (PKI) Suite
dogtag-pki-console-theme - Certificate System - PKI Console User Interface
dogtag-pki-server-theme - Certificate System - PKI Server User Interface
libsymkey-java - Symmetric Key Java library
libsymkey-jni - Symmetric Key JNI Library
pki-base - Certificate System - PKI Framework
pki-base-java - Certificate System - PKI Framework -- java client support
pki-ca - Certificate System - Certificate Authority
pki-console - Certificate System - PKI Console
pki-javadoc - Certificate System - PKI Framework Javadocs
pki-kra - Certificate System - Data Recovery Manager
pki-ocsp - Certificate System - Online Certificate Status Protocol Manager
pki-server - Certificate System - PKI Server Framework
pki-tks - Certificate System - Token Key Service
pki-tools - Certificate System - PKI Tools
pki-tps - Certificate System - Token Processing System
pki-tps-client - Certificate System - Token Processing System client
python3-pki-base - Certificate System - PKI Framework -- python3 client support
Closes: 893690
Changes:
dogtag-pki (10.6.0-2) experimental; urgency=medium
.
* rules: Build everything in one pass.
* Fix ACL evaluation in allow,deny mode. (Closes: #893690)
- CVE-2018-1080
Checksums-Sha1:
6ccbb5d35c52f92a2a9910c2c0705f02492447b3 3709 dogtag-pki_10.6.0-2.dsc
a211a46e56ae28d3e9cf407c694ace203c4c6feb 32584
dogtag-pki_10.6.0-2.debian.tar.xz
3688da8ee57f57ebbb09eec3eb323f94d869f09a 17932
dogtag-pki_10.6.0-2_source.buildinfo
Checksums-Sha256:
6bd3401e9afaebc8369e2c50dc3ade4c7c060f2a22134730d9230abd559b7f0e 3709
dogtag-pki_10.6.0-2.dsc
54fe3534494dd22c7dd23ede490a49515a4d3ce0a238d71cc24ac424e3e30083 32584
dogtag-pki_10.6.0-2.debian.tar.xz
d7e902752d2944fdda262051999618090c347af8bf699028b6ffce4fba53325c 17932
dogtag-pki_10.6.0-2_source.buildinfo
Files:
09597b27529fd80763ad92966a99ca1f 3709 java optional dogtag-pki_10.6.0-2.dsc
3f193ab6d0ea88446943370304e03efc 32584 java optional
dogtag-pki_10.6.0-2.debian.tar.xz
aa9dcf4900bcd484ab8a76b2ff4ab310 17932 java optional
dogtag-pki_10.6.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAlrXNRsUHHRqYWFsdG9u
QGRlYmlhbi5vcmcACgkQy3AxZaiJhNxSJQ//R8yLU6np9GcBQnRdSFeMxt1TssPW
8TrZZF1mTq8Q5qjjEq/NzRqn3PBCiE3fP0YlSF8iwJGLY2ipSlp8DEAnGcdv7Sfq
Ac58O7ZZy/M1AAD/YiDwUWCAGyML2qG5htWimt7t/wDVNR9SDvUtmeJb4+OlqTlp
wtH21Fwm1uaZU9OrXmV3Jl+0RZFGk3JNqtWf0kaYP7yZyM1Jj6Z2hWBHyVYLlxjP
jCop5r8Wz7FGfrARan3Vimde/pLNQ2I2r8rKupDU6VNJPl1CMFV7vW+pxPS5WUEi
FkPXkvRJw4XXDggQPp2ECLCYjsViTmiRKehYECPn/JNgjh+ut30+8liw6qQMu2Hm
ehdDIQoW861UdY3kkt4oDpQaOZ++aC9KVwrOsC9qW1nmlP+MbrvRfi2zmU7Y5kTE
ZBBg8CsKr3bEu6oSAKBaOrC+ngnZGvmw0YmGswdOohqMaARvDN3kybh9IeRYtw+4
wQF+zT4VX4615viWi/Y+kAU9B9i2E3Jqqpq3aFo/hGPjrNzlj6YBeLrEvUYasO5N
42SXJJ84aPvIvFob+2W8AgQ/uJWXaQ3K7aWb/AOBUNCKIC4VzI/w8s8Re382Xmui
u3DacbgBRCFlfS5IgjP0iAb2XbB/KaU1C97azB0E1scKgDjRNJCteASlW/gn1SKA
fDKhNE3JfLVdLiA=
=Reeo
-----END PGP SIGNATURE-----
--- End Message ---