Your message dated Thu, 25 Sep 2014 15:29:41 +0000 with message-id <[email protected]> and subject line Bug#762749: fixed in python-keystoneclient 1:0.10.1-2 has caused the Debian Bug report #762749, regarding [CVE-2014-7144] TLS cert verification option not honored in paste configs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 762749: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762749 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python-keystoneclient Severity: important Tags: security upstream patch fixed-upstream Hi there, the following vulnerabilities were published for python-keystoneclient: CVE-2014-7144: TLS cert verification option not honored in paste configs If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: http://seclists.org/oss-sec/2014/q3/620 https://review.openstack.org/#/c/113191/ Please adjust the affected versions in the BTS as needed. Can you please confirm to the security-team if the stable version is affected? Regards, luciano
--- End Message ---
--- Begin Message ---Source: python-keystoneclient Source-Version: 1:0.10.1-2 We believe that the bug you reported is fixed in the latest version of python-keystoneclient, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <[email protected]> (supplier of updated python-keystoneclient package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 25 Sep 2014 20:30:57 +0800 Source: python-keystoneclient Binary: python-keystoneclient Architecture: source all Version: 1:0.10.1-2 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <[email protected]> Changed-By: Thomas Goirand <[email protected]> Description: python-keystoneclient - client library for the OpenStack Keystone API Closes: 762749 Changes: python-keystoneclient (1:0.10.1-2) unstable; urgency=high . * Uploading to unstable. * Added CVE-2014-7144_Fix_the_condition_expression_for_ssl_insecure.patch, (Closes: #762749). Checksums-Sha1: 76245465f1ac62f8d22425249a1adfee6d03bc53 2899 python-keystoneclient_0.10.1-2.dsc 4b3a23671bd545d23242f73928d8efb1b021ede3 28412 python-keystoneclient_0.10.1-2.debian.tar.xz 6b0b609fe75e7f4b4a92aed4b5772cc9042eb584 412538 python-keystoneclient_0.10.1-2_all.deb Checksums-Sha256: 49e0477024ee3ae1e5633f5521c278132aeabcd1bc7ac130b0ceb5eedb14dfc4 2899 python-keystoneclient_0.10.1-2.dsc 5e49eae275380e880a389bf712e52de7248ac1b91245f6fcf4808d3e9c2593e7 28412 python-keystoneclient_0.10.1-2.debian.tar.xz 1207d3d470b8a6eb1eae3d85fedabd091cf6a074ad501b6d3cbda3811ca055b4 412538 python-keystoneclient_0.10.1-2_all.deb Files: 73b032012342d2a68189be8613370a77 412538 python extra python-keystoneclient_0.10.1-2_all.deb 95883a4de81b263fe3d9bf9547716cfb 2899 python extra python-keystoneclient_0.10.1-2.dsc 6c7c6a080b808c974799fe87cfd37afd 28412 python extra python-keystoneclient_0.10.1-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUJCsNAAoJENQWrRWsa0P+HMUP/3qiN+X47iaa8A4ymYEZnonD 41ZEkKbQAMGGKJ+H90oF973PM8e6wSPznH0ndO+Psr5iIBWzHpAEdYzwXEnDaNT8 ngnMVBqEzq1rU/UTV/gBGh7SFp5VPneam2GYdBBaACVMdSMmFliZ8jeishrxxlW2 LLqwxlCEzZlJu5I07YXPgilk1z8PkXWu36V5NDWp1DMek5sk+1tJwbdeJFEnPLhw Q2B1ggP2dVvHxuzmRHbZaUkckUrUZInopLc2ctYCYvpk9fKfDHrpCK8uecEdYtGj GcDBTJtQvtlJGfLaA0nZntoChhJEFuxxLFKdwW/KcF4HzSGi11gKbS99p46fbnQu c/9rgi5jSmfSHPasMgiKyuhyaAggj/QSypj0SNc6gFbePD+4gsDHgn2bq0licgpo vvAEUmH6CGlK/TMXblMB/9uPLu5/hyQp1nDVThm/CppBBz6RZwnnN7/Xcg596KWa CHuJuT6ZbnXjA/07d1c9g0fZcdvC++EaLAeZRQyep1EiVDu6cRwCFSKCEUoUD1RP FBWpbwPdOBS5GwnuFXxLBdiQavUa634ksaV7qWh3HHmBr5QKqDmKgrQbTlJ4Htgo psbR6obPEqN52qx03gffboRChbfjCM4fUxigNhtp/c3QZL+dc5dp62iEnCCcUmBf 31nqzOUOjZorVlWIISje =nr9f -----END PGP SIGNATURE-----
--- End Message ---
