Your message dated Thu, 14 Mar 2013 21:17:40 +0000
with message-id <[email protected]>
and subject line Bug#703063: fixed in glance 2012.1.1-5
has caused the Debian Bug report #703063,
regarding CVE-2013-1840: Backend credentials leak in Glance v1 API
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
703063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703063
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glance
Severity: grave
Tags: security

Stuart McLaren from HP reported a vulnerability in the information
potentially returned to the user in Glance v1 API. If an authenticated
user requests, through the v1 API, an image that is already cached, the
headers returned may disclose the Glance operator's backend credentials
for that endpoint. Only setups accepting the Glance v1 API and using
either the single-tenant Swift store or S3 store are affected.

--- End Message ---
--- Begin Message ---
Source: glance
Source-Version: 2012.1.1-5

We believe that the bug you reported is fixed in the latest version of
glance, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated glance package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 15 Mar 2013 04:35:22 +0800
Source: glance
Binary: python-glance glance-common glance-api glance-registry glance 
python-glance-doc
Architecture: source all
Version: 2012.1.1-5
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description: 
 glance     - OpenStack Image Service - metapackage
 glance-api - OpenStack Image Service - API server
 glance-common - OpenStack Image Service - common files
 glance-registry - OpenStack Image Service - registry server
 python-glance - OpenStack Image Service - Python client library
 python-glance-doc - OpenStack Image Service - Python library documentation
Closes: 703063
Changes: 
 glance (2012.1.1-5) unstable; urgency=high
 .
   * CVE-2013-1840: fixes "Backend credentials leak in Glance v1 API"
     (Closes: #703063).
Checksums-Sha1: 
 9e1f285247cec1857463a31f8f9be470f68eaeb1 1971 glance_2012.1.1-5.dsc
 09493a1ef53c141090affb47d27d3e185debdd2c 26860 glance_2012.1.1-5.debian.tar.gz
 94b95ecf4be907df10ccec7ceaea04b0ecd27d64 235606 
python-glance_2012.1.1-5_all.deb
 0d9ced386a05a4bee488bc3f8198cd4555ed8214 27624 glance-common_2012.1.1-5_all.deb
 a051ecf3660b8fea76ff46c920866343401e772c 25588 glance-api_2012.1.1-5_all.deb
 dd16d4227ed07b64d219a31e25e27370b8fb744b 14886 
glance-registry_2012.1.1-5_all.deb
 7ae2ee85971aaee3a3da8f0798d4a2c7ca40feeb 5292 glance_2012.1.1-5_all.deb
 426d8deef553ddd69ae2e4f680ab4e1664e01d66 137938 
python-glance-doc_2012.1.1-5_all.deb
Checksums-Sha256: 
 5c22b1ff25788b99f1cc46d0f0ea363bc9c5f93a7acc7dc63f86de8fa12d5e50 1971 
glance_2012.1.1-5.dsc
 6a3fc6377720325641b1475b45ee2a86745119749d93f53f7e6e78339fe8c149 26860 
glance_2012.1.1-5.debian.tar.gz
 59fc54466ddd37a933c043634cd91cb8d9461de062f7c14d489357e646b9bc8f 235606 
python-glance_2012.1.1-5_all.deb
 16bab5741277172be653ab7281d3928dc0e6e174bbb2a78a6542acc387de826b 27624 
glance-common_2012.1.1-5_all.deb
 0d421d11a9c02b6d243e7317d18d461d8799066cf739d7be8125353e2622ce68 25588 
glance-api_2012.1.1-5_all.deb
 915bf63d794468da05d34762f51ce53335364c9dceacf0019d09362b58cb4253 14886 
glance-registry_2012.1.1-5_all.deb
 d6c3d1fefcbe67c0c2afb149979b96e6c7c922c22eb391484588e2a2929d3008 5292 
glance_2012.1.1-5_all.deb
 602cc0065d9d785ac4285a9d34f7ff552a603ac960838ec0c58ddb1d75f88caf 137938 
python-glance-doc_2012.1.1-5_all.deb
Files: 
 3bad480743b90449cd820627ffd31593 1971 net extra glance_2012.1.1-5.dsc
 3c2e337b547dda8078207222980116ad 26860 net extra 
glance_2012.1.1-5.debian.tar.gz
 16a6d20c134b3266b26de6d191d3358f 235606 python extra 
python-glance_2012.1.1-5_all.deb
 26fa962334159763f42b34887d7f7ea8 27624 python extra 
glance-common_2012.1.1-5_all.deb
 e3a8eb3ff23bfb76a815011003dee0c7 25588 python extra 
glance-api_2012.1.1-5_all.deb
 08524f6af4c919aae9b7fe7b711263bf 14886 python extra 
glance-registry_2012.1.1-5_all.deb
 8b26910bccbd6bfab66e533ccd4b1de8 5292 python extra glance_2012.1.1-5_all.deb
 676ff2b2ecfb66aef23828f577814bd2 137938 doc extra 
python-glance-doc_2012.1.1-5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlFCPG8ACgkQl4M9yZjvmkn7CACgrGWFI29DN0Ybtn2Tjnft7aKX
28QAoMifkXLFnco6bPzK32hRGDeaU3hS
=8m6N
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to