Your message dated Wed, 26 Apr 2017 00:34:06 +0000 with message-id <e1d3aue-000etv...@fasolo.debian.org> and subject line Bug#861189: fixed in keystone 2:10.0.0-9 has caused the Debian Bug report #861189, regarding keystone: CVE-2017-2673: federated user gets wrong role to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861189: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: keystone Version: 2:10.0.0-8 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for keystone. CVE-2017-2673[0]: federated user gets wrong role If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673 [1] http://www.openwall.com/lists/oss-security/2017/04/25/10 [2] https://bugs.launchpad.net/keystone/+bug/1677723 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: keystone Source-Version: 2:10.0.0-9 We believe that the bug you reported is fixed in the latest version of keystone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 861...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated keystone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Apr 2017 22:29:13 +0200 Source: keystone Binary: python-keystone keystone keystone-doc Architecture: source all Version: 2:10.0.0-9 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: keystone - OpenStack identity service keystone-doc - OpenStack identity service - documentation python-keystone - OpenStack identity service - library Closes: 861189 Changes: keystone (2:10.0.0-9) unstable; urgency=high . * CVE-2017-2673 (OSSA-2017-004): Incorrect role assignment with federated Keystone. Applied upstream patch: Do not fetch group assignments without groups (Closes: #861189). Checksums-Sha1: 2e6c0e3003d474936e4def4752110def269c0f0f 3705 keystone_10.0.0-9.dsc ef1283acffccd892c032eac3853a9516f9940eb9 37940 keystone_10.0.0-9.debian.tar.xz c7088d8f9af26a16e6d36c0bb59c72e992c028a5 240864 keystone-doc_10.0.0-9_all.deb dee33d37184cffbf77c65c7d964afa2447c63f17 71802 keystone_10.0.0-9_all.deb 8d9ecb361b1b553cb668e893680fb736ca6a74df 14537 keystone_10.0.0-9_amd64.buildinfo f953296b92b0a33bee6b0bdec07db6a36d279034 681338 python-keystone_10.0.0-9_all.deb Checksums-Sha256: 7e5c27704d67c556cd0979c8062450d0a8b2edb6e16a2af4464a49ef5003cb2a 3705 keystone_10.0.0-9.dsc 09abef1f0766112c4d1ace228c3b60634791e1329dc8ae7d1bd8c7077f6d8742 37940 keystone_10.0.0-9.debian.tar.xz abbee74d6d01c80969a3a26c51ed4652abe41237f65ed33d00ff04955592696e 240864 keystone-doc_10.0.0-9_all.deb ae367a2ec46dac1ef4c9cd7772eeea149953c48d9ff77c82d2831b8e881842ea 71802 keystone_10.0.0-9_all.deb dfc9a62e21347b822bef308d9f091bce5483a5972b9616be3a7d67bd05b4087d 14537 keystone_10.0.0-9_amd64.buildinfo 7f023c909f749c3de2ee670e39bff1ed0c4724f7fdb64d8402c976fd4430e936 681338 python-keystone_10.0.0-9_all.deb Files: 0e81899e39f020b3f014f84d4fbcf413 3705 net extra keystone_10.0.0-9.dsc da172ad3246f52b971beac0096a92656 37940 net extra keystone_10.0.0-9.debian.tar.xz 274a9dca4aa1d7a2fad523772ad5b4b0 240864 doc extra keystone-doc_10.0.0-9_all.deb 20d69dab50be9ebb8134e8a9f83b559b 71802 net extra keystone_10.0.0-9_all.deb c3db72e2b83041a8756df3b73c5ca236 14537 net extra keystone_10.0.0-9_amd64.buildinfo f8266525e41fb9993065598ea26b233c 681338 python extra python-keystone_10.0.0-9_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlj/52AACgkQ1BatFaxr Q/48qA/9HM9MFbmxROACmeefahUaOa/LPtffzgZds/iYHIUbX9dIfIt3oehSAjBq c1/l+bAfdp0komzgeXgnQhgr/HNuiB2XnznxTxy/tVga1SKTm/3NvRXgwIRLJ4I0 70lhQ5SMZ/H8DmHlFl0IbwqbmOIyQiUtp+OyOAR/ZbbSmI4UDufia+He1N2O7Q9R o+OhYNwnSQcBqpAdOzR/48tYT5v7qwp0tqtddMr16ms2WK3jmHcYIXV7HPSZGfcL vL9kFlwvCPN8F4blIf6qeAXDv5LBU3aW6h7PG4N6AJKTjerqncWUlrHo2AWyVKFT /cKEZd94vAgLBBSRkuxYrxBNaw6X7KVJEzNIbvaAQrAd0eSJRXpv6coqaiM43LqA eZu9Zz4/N34/bGBpoYPMp+zQ13A41UiWa4bCK5bMZlyiPN0wldpsAlwaqZPtBOme pDfnJta4sFTTjUHqojaI9K70yjIMoKvqNM/qvGs2URoPN1WpovKwrf3NRLrtChj2 kl+i8sdutbcxhocXdHHyvaRA8E4+4j2grVNqE/2cUrkwEDALvYEuI8PhYC3cbd5Y y4xaJHI9FVkL+AFyKLLxKGYgtiV5fwSsJv6vUYZLXr2q+u0gHefGcSJ95b12HRoh pAMd79HjjcVVwxkrkjtCuqhl1cC+fU3+Ndd+r4GDAhzecVvuJP8= =eQme -----END PGP SIGNATURE-----
--- End Message ---
