Your message dated Sun, 22 Nov 2020 20:45:25 +0000
with message-id <[email protected]>
and subject line Bug#972227: fixed in python-rtslib-fb 2.1.71-3
has caused the Debian Bug report #972227,
regarding CVE-2020-14019
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972227
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-rtslib-fb
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14019 :
https://github.com/open-iscsi/rtslib-fb/pull/162
Patch:
https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: python-rtslib-fb
Source-Version: 2.1.71-3
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-rtslib-fb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated python-rtslib-fb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 22 Nov 2020 20:33:22 +0100
Source: python-rtslib-fb
Architecture: source
Version: 2.1.71-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 972227
Changes:
python-rtslib-fb (2.1.71-3) unstable; urgency=medium
.
* CVE-2020-14019: Open-iSCSI rtslib-fb through 2.1.72 has weak permissions
for /etc/target/saveconfig.json because shutil.copyfile (instead of
shutil.copy) is used, and thus permissions are not preserved. In Debian,
this file is /etc/rtslib-fb-target/saveconfig.json. Add commits from
https://github.com/open-iscsi/rtslib-fb/pull/162/commits to fix this.
(Closes: #972227).
* Fixed rtslib-fb-targetctl systemd .service installation.
Checksums-Sha1:
7e8874ad5cf2c8aea583b55b2195e71520c48d37 2161 python-rtslib-fb_2.1.71-3.dsc
19f64cc479b989f9ae47fccc1a54e19d0391d790 6880
python-rtslib-fb_2.1.71-3.debian.tar.xz
1131b655c63d7aac0f6b2536a4e2530d7ebbfee7 6873
python-rtslib-fb_2.1.71-3_amd64.buildinfo
Checksums-Sha256:
6ac1b990f36a79334a575bf2db4d39a06cfeccfbe5901324b2003bb2014f3b1b 2161
python-rtslib-fb_2.1.71-3.dsc
c0e385016e2fe5e22a4ed72a17e107f4e39268d99efa52b6cd29ac7358c85126 6880
python-rtslib-fb_2.1.71-3.debian.tar.xz
1fa412e0b8fe8356e0b2b80d4cb4d7668c5a5238849bec5e849caa12d48d1f93 6873
python-rtslib-fb_2.1.71-3_amd64.buildinfo
Files:
cb3f38ed116df0729d1b39a2c94a6c4f 2161 python optional
python-rtslib-fb_2.1.71-3.dsc
4996a20318c76f0d118a525e90444b4e 6880 python optional
python-rtslib-fb_2.1.71-3.debian.tar.xz
52e9cbd4e86a2dd0f33e626f31efbefb 6873 python optional
python-rtslib-fb_2.1.71-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl+6xfsACgkQ1BatFaxr
Q/7A5A/9GGhjYg1Lo1Xl+LzDuzZ23MaK0PiR1oB1n1PA46U05j8UUDD5x8olQ0/t
0yReHdocRqCDtqdQcvW3k46gq/8JXaVvmrwIUzQl1+3EgNi3bxew9ej7pbgZT2ma
V05T5Npy19RfFaDykspjfNGxfybh2L65nrJotTnwF6MOBiGATIOL2eYfRPuP2fZL
OCOjpQVJrHSC/QlKv6ojMsJEYHVEPz7oNv4nx8j9hGt96tVXTme9tZ2MxiKIN+IM
GIGOSlqCE13Bwe4ylsB0/nHljXPolmN4dxbIbUa1/JvZBSA7L4YXYLiq0bBSQ3ys
Kr9S8Yjt/tabAUSoAIJMxd2OY2VDkop0Zletpn6CrZlByWZqC1tKuVA6fV6ddpoJ
YeSsTVwHDgHHQIFQT3IkqO6mBo+m/grNw18sPGFp04yAly1FKqR1oC0CNYG3dc/X
EfZZg/QpPNiOI4wIRBWNbY926ILqrUwTltZDwEtCkKqsM7GVFuwi4tjs469/GVYF
HMr+P8lpzRiNTdFildOX/BCdXorgVg0u4pF+8ktgmoOrB+qDp763jOrNkZQgIBev
HUdBQFj6FPn9j+1OnczruslqBJc3gfUpxb+IgD/U3DhMI7r1rtJorgjo4RKhpUJ3
vMKvzIS/D5Ox0AkSYUObFgWR+vJ4QtzG+UhWJ0O4x2gKIKk0nJ0=
=914j
-----END PGP SIGNATURE-----
--- End Message ---
