Your message dated Tue, 04 Jun 2013 00:00:46 +0800
with message-id <51acbdae.5000...@debian.org>
and subject line Bug already fixed
has caused the Debian Bug report #708515,
regarding keystone: CVE-2013-2014 DoS via large POST requests
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
708515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: keystone
Severity: grave
Tags: security patch
Hi,
the following vulnerability was published for keystone.
CVE-2013-2014[0]:
| Concurrent requests with large POST body can crash the keystone process.
| This can be used by Malicious and lead to DOS to Cloud Service Provider.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Upstream patch: https://review.openstack.org/#/c/22661/
Seems to be fixed for experimental in 2013.1-1.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
http://security-tracker.debian.org/tracker/CVE-2013-2014
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgpSEDpNDGSAF.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
As per TTX email, and as I already thought, this bug has already been
fixed a long time ago, so I'm closing it.
Thomas
--- End Message ---
