Folks, this regression was introduced in the 2.0 series and does not affect Eucalyptus 1.6.2 to the best of my knowledge.
neil On Dec 31, 2010, at 6:51 AM, Charles Plessy <ple...@debian.org> wrote: > tag 608289 + moreinfo > thanks > > Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit : >> Package: eucalyptus >> Severity: serious >> Tags: security >> >> CVE-2010-3905[0]: >> | The password reset feature in the administrator interface for >> | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which >> | allows remote attackers to gain privileges by sending password reset >> | requests for other users. > > Dear Giuseppe and Eucalyptus packagers, > > Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close > it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that > we will jump directly to 2.0.2 or later when we will upgrade the package. > > Have a nice day, > > -- > Charles Plessy > Tsurumi, Kanagawa, Japan > > > > _______________________________________________ > pkg-eucalyptus-maintainers mailing list > pkg-eucalyptus-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-eucalyptus-maintainers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
