tag 608289 + moreinfo thanks Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit : > Package: eucalyptus > Severity: serious > Tags: security > > CVE-2010-3905[0]: > | The password reset feature in the administrator interface for > | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which > | allows remote attackers to gain privileges by sending password reset > | requests for other users.
Dear Giuseppe and Eucalyptus packagers, Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that we will jump directly to 2.0.2 or later when we will upgrade the package. Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
