Bug#712160: marked as done (keystone: CVE-2013-2157 - authentication bypass when using LDAP backend)

Sun, 16 Jun 2013 11:24:36 -0700 

Your message dated Sun, 16 Jun 2013 20:20:42 +0200
with message-id <20130616182042.GA748@eldamar.local>
and subject line Re: Bug#712160: keystone: CVE-2013-2157 - authentication 
bypass when using LDAP backend
has caused the Debian Bug report #712160,
regarding keystone: CVE-2013-2157 - authentication bypass when using LDAP 
backend
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
712160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: keystone
Severity: grave
Tags: security
Justification: user security hole

Hi,

a vulnerability was recently reported against keystone. See
http://article.gmane.org/gmane.comp.security.oss.general/10412 for the
detailed mail.

Please include the CVE number in the changelog entry when uploading, and
please contact the security team for uploads targetting stable/oldstable
if needed.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: keystone
Source-Version: 2013.1.2-1

Hi Thomas

On Thu, Jun 13, 2013 at 06:29:09PM +0200, Yves-Alexis Perez wrote:
> Package: keystone
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> 
> a vulnerability was recently reported against keystone. See
> http://article.gmane.org/gmane.comp.security.oss.general/10412 for the
> detailed mail.
> 
> Please include the CVE number in the changelog entry when uploading, and
> please contact the security team for uploads targetting stable/oldstable
> if needed.

Looks like the patch was applied to 2013.1.2-1 but this bug not
closed. Doing so manually now.

Regards,
Salvatore

--- End Message ---

Reply via email to