Bug#608289: [Debian] [pkg-eucalyptus-maintainers] Bug#608289: Bug#608289: CVE-2010-3905
tag 608289 - moreinfo done 608289 thanks Le Fri, Dec 31, 2010 at 07:59:41AM -0800, Neil Soman a écrit : Folks, this regression was introduced in the 2.0 series and does not affect Eucalyptus 1.6.2 to the best of my knowledge. Thanks for the information, I am closing the bug accordingly. Have a nice year 2011 ! -- Charles -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 1 errors): Re: [Debian] [pkg-eucalyptus-maintainers] Bug#608289: Bug#608289: CVE-2010-3905
Processing commands for cont...@bugs.debian.org: tag 608289 - moreinfo Bug #608289 [eucalyptus] CVE-2010-3905 Removed tag(s) moreinfo. done 608289 Unknown command or malformed arguments to command. thanks Stopping processing here. Please contact me if you need assistance. -- 608289: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608289 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608289: [pkg-eucalyptus-maintainers] Bug#608289: CVE-2010-3905
tag 608289 + moreinfo thanks Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit : Package: eucalyptus Severity: serious Tags: security CVE-2010-3905[0]: | The password reset feature in the administrator interface for | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which | allows remote attackers to gain privileges by sending password reset | requests for other users. Dear Giuseppe and Eucalyptus packagers, Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that we will jump directly to 2.0.2 or later when we will upgrade the package. Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: [pkg-eucalyptus-maintainers] Bug#608289: CVE-2010-3905
Processing commands for cont...@bugs.debian.org: tag 608289 + moreinfo Bug #608289 [eucalyptus] CVE-2010-3905 Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 608289: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608289 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608289: [Debian] [pkg-eucalyptus-maintainers] Bug#608289: Bug#608289: CVE-2010-3905
Folks, this regression was introduced in the 2.0 series and does not affect Eucalyptus 1.6.2 to the best of my knowledge. neil On Dec 31, 2010, at 6:51 AM, Charles Plessy ple...@debian.org wrote: tag 608289 + moreinfo thanks Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit : Package: eucalyptus Severity: serious Tags: security CVE-2010-3905[0]: | The password reset feature in the administrator interface for | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which | allows remote attackers to gain privileges by sending password reset | requests for other users. Dear Giuseppe and Eucalyptus packagers, Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that we will jump directly to 2.0.2 or later when we will upgrade the package. Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan ___ pkg-eucalyptus-maintainers mailing list pkg-eucalyptus-maintain...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-eucalyptus-maintainers -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608289: CVE-2010-3905
Package: eucalyptus Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for eucalyptus. CVE-2010-3905[0]: | The password reset feature in the administrator interface for | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which | allows remote attackers to gain privileges by sending password reset | requests for other users. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3905 http://security-tracker.debian.org/tracker/CVE-2010-3905 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0bcX4ACgkQNxpp46476aolcACdEyRVzIIcJcjb3MnpIkIa6U/6 JMAAn2y10CbObsCW/xQxWLkOCyJIq4E6 =IPi5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org