Your message dated Mon, 02 Dec 2024 09:05:23 +0000
with message-id <[email protected]>
and subject line Bug#1088802: fixed in neutron 2:25.0.0-2
has caused the Debian Bug report #1088802,
regarding neutron: CVE-2024-53916
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1088802: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088802
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: neutron
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for neutron.

CVE-2024-53916[0]:
| In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py
| can use an incorrect ID during policy enforcement. NOTE: 935883 has
| the "Work in Progress" status as of 2024-11-24.

https://review.opendev.org/c/openstack/neutron/+/935883


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-53916
    https://www.cve.org/CVERecord?id=CVE-2024-53916

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: neutron
Source-Version: 2:25.0.0-2
Done: Thomas Goirand <[email protected]>

We believe that the bug you reported is fixed in the latest version of
neutron, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated neutron package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 02 Dec 2024 08:45:59 +0100
Source: neutron
Architecture: source
Version: 2:25.0.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1088802
Changes:
 neutron (2:25.0.0-2) unstable; urgency=high
 .
   * CVE-2024-53916: An unprivileged tenant is able to change (add and clear)
     tags on network objects which do not belong to the tenant, and this action
     is not being subjected to the rule:update_network authorisation check.
     Add upstream patch Fix-the-tagging-policy-engine.patch (Closes: #1088802).
Checksums-Sha1:
 2e88236653cd06cdbd4db989d9f1561dee1e173b 5053 neutron_25.0.0-2.dsc
 c3b3a9cf286ccec96f35ca619429d3add8a820da 44860 neutron_25.0.0-2.debian.tar.xz
 86e1064541c65317be5f0fb9556bf36972d34508 22602 neutron_25.0.0-2_amd64.buildinfo
Checksums-Sha256:
 a363db55709b95ecda62e33ea09a748db3d69b3d455b6849dc600769fa6c765b 5053 
neutron_25.0.0-2.dsc
 20c1a1d4fed73eed99422c5aa30ea42518ae856a79843fb35adf1e093cea5bef 44860 
neutron_25.0.0-2.debian.tar.xz
 a7fb7f17d2b78062b8d73407b306debe3912c246540275e8f7fae706b0eb5e84 22602 
neutron_25.0.0-2_amd64.buildinfo
Files:
 fc95015af0b5392ef63d44e67ffe46ba 5053 net optional neutron_25.0.0-2.dsc
 a0d5c498f3a9e2faed5b7256a2130b16 44860 net optional 
neutron_25.0.0-2.debian.tar.xz
 54db39609fbabc0be2a43b09eade30e2 22602 net optional 
neutron_25.0.0-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmdNc74ACgkQ1BatFaxr
Q/6fgg//YDHyfg+OED/Fp0GSYel9Z81EiOYYOvrEpLLuMBQeJNvHWu9F9a2xhiXV
YzYxO4eEYADjluwtYxBZzc9+nFaBMxM003pn+741wecJKV6TbH7qYl+rUJYOGTO5
H/0A97/Puy0N+h55XEBQBtJA3X0Zo24lmMBs5AjtDy4yb3WZ7xX+vYGCnw7wyq6K
S5M377VZE1CNd3kA6KX46dE7bYYLnEOwRZtopor9U84sdK0CY4vpveV9OFZbKSxX
xzFxKaurvHHJOergQqpd8f54FSOKwHL7x63x0Tx6O4E/65ddMvjFJE6N3zauszx5
bc5h/kqucTWAHDNnneDZn8RmqPjPDAf5fryUFzdHPBLW5xxJGeWiXWspuh2PKMAY
CTpjJft9B/iia8V5LU/sENmzAX2nUXuhO3vKld9cPG9sXleUCoV4o7BM1NVEilzn
O4ER7GJAqxWSt3hr94d202U+csWKOfFWw0gUV66HeQRCjN462cJQb7MciqCkWXeW
ChVTV/b0RlE1HDkeSlsVeXB2jkdu8S+qaQuxYXDDsLPUtn2O1eUF496mx8kt2nIy
kzuk+YvusPkZxusiL2A/EkhxvPVq+SYyk92HJi5J1LIpdB2nPF9edJAJ0MpMgADr
xTq3izBaaNvobNN25JPj8HJTzkB6Hi0MAUdKTgyteRMQceDG1oM=
=Sz3s
-----END PGP SIGNATURE-----

Attachment: pgpqgLvnlC9K4.pgp
Description: PGP signature


--- End Message ---

Reply via email to