Your message dated Wed, 09 Oct 2019 16:19:38 +0000 with message-id <e1iiegc-000du4...@fasolo.debian.org> and subject line Bug#939288: fixed in python-os-vif 1.15.2-1 has caused the Debian Bug report #939288, regarding python-os-vif: CVE-2019-15753 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 939288: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939288 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-os-vif Version: 1.15.1-2 Severity: grave Tags: security upstream Forwarded: https://launchpad.net/bugs/1837252 Hi, The following vulnerability was published for python-os-vif. CVE-2019-15753[0]: | In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC | aging time of 0 disables MAC learning in linuxbridge, forcing | obligatory Ethernet flooding of non-local destinations, which both | impedes network performance and allows users to possibly view the | content of packets for instances belonging to other tenants sharing | the same network. Only deployments using the linuxbridge backend are | affected. This occurs in PyRoute2.add() in | internal/command/ip/linux/impl_pyroute2.py. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-15753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15753 [1] https://launchpad.net/bugs/1837252 [2] https://security.openstack.org/ossa/OSSA-2019-004.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-os-vif Source-Version: 1.15.2-1 We believe that the bug you reported is fixed in the latest version of python-os-vif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 939...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated python-os-vif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 09 Oct 2019 17:57:23 +0200 Source: python-os-vif Architecture: source Version: 1.15.2-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 939288 Changes: python-os-vif (1.15.2-1) unstable; urgency=medium . [ Ondřej Nový ] * Running wrap-and-sort -bast. * Use debhelper-compat instead of debian/compat. . [ Thomas Goirand ] * New upstream release: - Fixes CVE-2019-15753 (Closes: #939288). Checksums-Sha1: 05628cd11d0b538fe9b1daea440bcc7dca7d7f74 2682 python-os-vif_1.15.2-1.dsc 163d3d0e415da1cf8ff0a7aa9dbde613a0777f23 64512 python-os-vif_1.15.2.orig.tar.xz 1b369718462066ea40c889a915d8a9e59f50a5e1 3156 python-os-vif_1.15.2-1.debian.tar.xz 1c7d2ee046a97431cb6ea17ee16d44062185938c 12507 python-os-vif_1.15.2-1_amd64.buildinfo Checksums-Sha256: bf4b9d0966201d302db76b360e1615dad3911fec3ef5b8d3b49430c3bfda874b 2682 python-os-vif_1.15.2-1.dsc 818d27720d50a171d74019fab814e07801612f4c179dcc97d84bbcf83dfe76c7 64512 python-os-vif_1.15.2.orig.tar.xz 1dd9816312c010bd8f6f270af7f6c138383682e3a2f2b75ae7704c98e61eb6ad 3156 python-os-vif_1.15.2-1.debian.tar.xz ff9ad131aab71d5da2a5f6d3511c2ee24b4c6a123083af6871c7743616f5caf5 12507 python-os-vif_1.15.2-1_amd64.buildinfo Files: c8b117ab96d9900669a4b582558fd146 2682 python optional python-os-vif_1.15.2-1.dsc a90685145ed42d391a41db0f03cc396d 64512 python optional python-os-vif_1.15.2.orig.tar.xz 8b8d82c22e1b6062eb9302d9804cc497 3156 python optional python-os-vif_1.15.2-1.debian.tar.xz b82687b3ce7186a818c75b900813dd92 12507 python optional python-os-vif_1.15.2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl2eA/0ACgkQ1BatFaxr Q/5LXw//XzB9gGz2qBItcTD/D+kiHJb1Mi05TCWSfDM2daOh0zk+vqTyYypTZbIZ xa3g7zKx57G9M4f9TvHpdifeinz76fcTOd+pa8XaTAEEFM5UVeU1DxrlVdefNzJE sOjOxd6B50h2cDs4zJZR83Vt1z7806TiU8m6I9AbA6L3EYtrnRyKmrWOjsyUHGZn kXUq3wNNEQPk2G8SRYvq/5yoxoPA7Fn+5NvPlssltZ8T2YCu532WRag6e/urogrg zNLuO4MUmbbRMO8TyFgylBsJKcdpWr2JwWDRvaNVP2CaN3IJ7ioljdEePqu8t5Jg PlJajcjmsn4XwgyJcb/hLp3RAAd3Zm3Y6ujAueXGFMsNunc9/LFUxlE+mPtXX/Q8 jModV/ZLBf2adnbkZUZ5Yp5fmISZ7E58HvEhRlIrWUmzvo/kNkKa1X2dVE7lre5Z GLnf20+AGKSE8FcUj/K4ohByYcqlQs+MrsihZURwsv9YCtBWhiC2F5ewV753TDvA anWELzh/65B1e6TF6Xl0hHr1mE4uYfzNwQh7KW/sVurYsXArcKEgTRO4D7gUgfkp 7gcRoJVKUydFZViPj1d6Aa32gCJ8GeXxnh2OMxnt7omygxqg09kAUaesgfVtv8kT bB2/9sh7GHhovDRQOR81owr/fhky0W8xyExxRROVFadoX7T87qs= =zU92 -----END PGP SIGNATURE-----
--- End Message ---
