Bug#768408: marked as done (python-requests-kerberos: CVE-2014-8650: failure to handle mutual authentication)

Mon, 10 Nov 2014 05:36:59 -0800 

Your message dated Mon, 10 Nov 2014 13:33:53 +0000
with message-id <e1xnp6p-0004mt...@franck.debian.org>
and subject line Bug#768408: fixed in python-requests-kerberos 0.5-2
has caused the Debian Bug report #768408,
regarding python-requests-kerberos: CVE-2014-8650: failure to handle mutual 
authentication
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
768408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768408
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: python-requests-kerberos
Version: 0.5-1
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for python-requests-kerberos.

CVE-2014-8650[0]:
does not handle mutual authentication

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8650
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1160540
[2] 
https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: python-requests-kerberos
Source-Version: 0.5-2

We believe that the bug you reported is fixed in the latest version of
python-requests-kerberos, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 768...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated python-requests-kerberos 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Nov 2014 21:22:51 +0800
Source: python-requests-kerberos
Binary: python-requests-kerberos python3-requests-kerberos
Architecture: source all
Version: 0.5-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
 python-requests-kerberos - Kerberos/GSSAPI authentication handler for 
python-requests - Pyth
 python3-requests-kerberos - Kerberos/GSSAPI authentication handler for 
python-requests - Pyth
Closes: 768408
Changes:
 python-requests-kerberos (0.5-2) unstable; urgency=high
 .
   * CVE-2014-8650: failure to handle mutual authentication. Applied upstream
     patch: CVE-2014-8650_Handle_mutual_authentication.patch (Closes: #768408).
     Thanks to Salvatore Bonaccorso <car...@debian.org> for reporting it.
Checksums-Sha1:
 5f03c4ba6acfd45501f8d1c082963ccc7c295b0f 2486 
python-requests-kerberos_0.5-2.dsc
 813da998f758288709e7019c11ceaa0f7ad0a41a 3800 
python-requests-kerberos_0.5-2.debian.tar.xz
 afd6d5efe98d6750408619895d0d6e0b8f5651f1 7228 
python-requests-kerberos_0.5-2_all.deb
 4c0613411f7698c98d27dcf4d8c0d54093700ad2 7182 
python3-requests-kerberos_0.5-2_all.deb
Checksums-Sha256:
 af854ac3529eb1ee7a76dc0c70be93334cb75ded37cfe352f1476884fef2eb92 2486 
python-requests-kerberos_0.5-2.dsc
 0ea097722f502c9cd49abefaad88b4d4ea07f0b34cc09ebc33f19d7958485b85 3800 
python-requests-kerberos_0.5-2.debian.tar.xz
 93f5d113e95a487bda7ceb3c44380fa56b166e7704d987de12ed9dac1756f1dd 7228 
python-requests-kerberos_0.5-2_all.deb
 198e355386d9652ac8c36b000870b32f12082c074f9b943b9c8871b8561c510f 7182 
python3-requests-kerberos_0.5-2_all.deb
Files:
 fa69937a905ddc94d09836ff129c5b82 2486 python optional 
python-requests-kerberos_0.5-2.dsc
 85d30ee7aeb2730c9eff58bde550bf20 3800 python optional 
python-requests-kerberos_0.5-2.debian.tar.xz
 4835e07ff812f5926cb054613cdd2341 7228 python optional 
python-requests-kerberos_0.5-2_all.deb
 fcb1e75cb5355168727d5a110aef306d 7182 python optional 
python3-requests-kerberos_0.5-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUYL0rAAoJENQWrRWsa0P+vMYP/0RtPNLkyEONs/upGInitJhT
zzy6B5kPc7bWbJzPPocTRBWxlu5y1j5w6CQ2RZQVFqUdS1tDAQjXOE8t4hKYHi8l
y7wOa952xni62sJq+dyq2+MGTh7N5PMoUgMFQRJi9jhTkJL3cqKC+YUMJ6QhAZbj
Y7Uu4N+L6xHM3Wb9DcqYkqU73nldC8lP+Dtes76If8Y3E2qACXhoHbF318TD+mmR
hgnQy8L65QtgNJ8ljdC57iVbjmgrgZM7whEMNqZHf7on65Qh6Gmr6LqnVlnB7EDe
ysCtmYjE1F3Z2CUGcmkNEWwoj3Tv+7qqI0Sr3+PbpYAB1dfMa4/fRU6n/rApQYFp
l6ztmq3M4j63zD2p3rUW+s8gFZirmsOoO8VsLaTyBACYxy288Ltu1YYxWelMhZKf
1RsQolIGa339WPxkPrmn1lOOX6GNZzperLnuDiltHphMk6JcJUtDwijrXHao2pHR
ynawxgRDLlvap3LxPGuxwh99KZCy68N94nY1CaEqQ5MIlVwzl4fKBSQGuHbYN+N3
SPgKL/j6k0syG9R5GIDV41MM8qg4TOlOLNG871etEXdER+3xVrxM1qh2BsNEso2/
uUDmdnyxQokOJKxIBCfe0BQhoTnWkHOmIU/CsdZKoKM3pzMSMXLRWx06MOSFlyDl
jgk1ibVN0ud/9yRNDUbl
=bke0
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to