[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Hi Corey, thanks for the update and testing. The USN is now live: https://usn.ubuntu.com/3666-1/ Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
This bug was fixed in the package python-oslo.middleware - 3.8.0-2ubuntu1 --- python-oslo.middleware (3.8.0-2ubuntu1) xenial-security; urgency=medium * SECURITY UPDATE: Information disclosure in log file (LP: #1628031) - d/p/filter-token-data-out-of-catch_errors-middleware.patch: ensure sensitive token data is not written to log file. - CVE-2017-2592 -- Corey Bryant Thu, 10 May 2018 10:00:18 -0400 ** Changed in: python-oslo.middleware (Ubuntu Xenial) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Hi Seth, this is working as expected in your PPA. Details are here: https://paste.ubuntu.com/p/Gjm9pfdXVQ/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Thank you Corey; I've copied a package to the Ubuntu Security Proposed PPA: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Let us know if this package works well and we can release it Monday. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Attaching patch for Ubuntu xenial package. ** Patch added: "ubuntu-xenial-1628031.patch" https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+attachment/5137255/+files/ubuntu-xenial-1628031.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Tobias, the Ubuntu security team has marked this with a 'Low' priority, which means we'll fix this if a 'Medium' priority (or higher) issue is found, or if several other 'Low' issues can be fixed simultaneously. Have we miscategorized this issue? Alternatively, we could probably sponsor an update. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Any update on releasing fix in Xenial? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Reflected in https://people.canonical.com/~ubuntu- security/cve/2017/CVE-2017-2592.html ** Changed in: python-oslo.middleware (Ubuntu Xenial) Importance: High => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
Impacts 3.8.0-2 in 16.04. ** Also affects: python-oslo.middleware (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: python-oslo.middleware (Ubuntu) Status: New => Fix Released ** Changed in: python-oslo.middleware (Ubuntu Xenial) Status: New => Triaged ** Changed in: python-oslo.middleware (Ubuntu Xenial) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
The attachment "0001-Filter-token-data-out-of-catch_errors- middleware.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628031] Re: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)
** Also affects: python-oslo.middleware (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628031 Title: [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) To manage notifications about this bug go to: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
