ironic: CVE-2015-7514: Ironic does not honor clean steps

Debian Bug report logs - #807269
ironic: CVE-2015-7514: Ironic does not honor clean steps

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ironic: CVE-2015-7514: Ironic does not honor clean steps

Date: Sun, 06 Dec 2015 22:19:24 +0100

Source: ironic
Version: 1:4.2.1-4
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for ironic.

CVE-2015-7514[0]:
Ironic does not honor clean steps

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7514
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1285809
[2] https://bugzilla.redhat.com/attachment.cgi?id=1099284

Regards,
Salvatore

Message #10 received at 807269-close@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 807269-close@bugs.debian.org

Subject: Bug#807269: fixed in ironic 1:4.2.2-1

Date: Fri, 11 Dec 2015 16:23:56 +0000

Source: ironic
Source-Version: 1:4.2.2-1

We believe that the bug you reported is fixed in the latest version of
ironic, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807269@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated ironic package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 11 Dec 2015 11:00:40 +0100
Source: ironic
Binary: python-ironic ironic-common ironic-api ironic-conductor ironic-doc
Architecture: source all
Version: 1:4.2.2-1
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 ironic-api - bare metal hypervisor API for OpenStack - API server
 ironic-common - bare metal hypervisor API for OpenStack - common files
 ironic-conductor - bare metal hypervisor API for OpenStack - conductor
 ironic-doc - bare metal hypervisor API for OpenStack - doc
 python-ironic - bare metal hypervisor API for OpenStack - Python lib
Closes: 807269
Changes:
 ironic (1:4.2.2-1) unstable; urgency=high
 .
   * New upstream release:
     - Fixes CVE-2015-7514: Ironic does not honor clean steps (Closes: #807269).
Checksums-Sha1:
 0eed5014fe35bb66fb7b6df4dfc0220d233019dd 3879 ironic_4.2.2-1.dsc
 0934e060a97d808bce0022b1618cd6c71c15d5e7 697088 ironic_4.2.2.orig.tar.xz
 5c1914422e145d0f089d8663bb36b3a96b2adcad 19200 ironic_4.2.2-1.debian.tar.xz
 2699eaceddc326d0090cc793287c6cccfcf2e043 14676 ironic-api_4.2.2-1_all.deb
 c0c9a091dfa1620b0c11a62af30fdb5e07e66603 33200 ironic-common_4.2.2-1_all.deb
 150f75275a169f277e4df8373c5214d0061298c9 6660 ironic-conductor_4.2.2-1_all.deb
 d5ab2aead6aad0960dcbd49a37a041a96a476671 324268 ironic-doc_4.2.2-1_all.deb
 75ae2315c8852add2a03c44883011798f986858c 396180 python-ironic_4.2.2-1_all.deb
Checksums-Sha256:
 bf18c805c0fc6427b353ccec2502e48d653a66382c52f32b1f39a0d992a06265 3879 ironic_4.2.2-1.dsc
 4f0649404d7a253d92d5d738768ce0108d3a7a9b1b1fb6b341bcd81187eb6c9c 697088 ironic_4.2.2.orig.tar.xz
 6d3982bf186fa0d601ef62a642c09092685590c0a5c4497343cb5307435109cc 19200 ironic_4.2.2-1.debian.tar.xz
 9c4daba080169d6206bc6971eb43bfa0304895bd5b10a65a320b7647fc201133 14676 ironic-api_4.2.2-1_all.deb
 724566893d9279a1fb1ae163f040334a44a10b2dc0af6b534f83ea8bef38f476 33200 ironic-common_4.2.2-1_all.deb
 9e7b8d1af2db594b2d49e92ba64c6eb47dc940501a2528c38af10dbe903b2ed6 6660 ironic-conductor_4.2.2-1_all.deb
 8a3f10c3e5a65237ca0527c04c37424c5920f871801fcb8566bec3168204570a 324268 ironic-doc_4.2.2-1_all.deb
 18282f4ddedce7779d7c5d5512b513d7801f06bdd559a199fa70eb5f279ec59e 396180 python-ironic_4.2.2-1_all.deb
Files:
 438843125fa131711e6069aec92d74ff 3879 net extra ironic_4.2.2-1.dsc
 b28568f9c043d0ae9446cd7ac7e65bc5 697088 net extra ironic_4.2.2.orig.tar.xz
 990572be776b72231685c88f765f945d 19200 net extra ironic_4.2.2-1.debian.tar.xz
 581a055676849bbdbdb3ca15f0f9ca53 14676 net extra ironic-api_4.2.2-1_all.deb
 115fd90803779bb1cc4bf55c66e17d23 33200 net extra ironic-common_4.2.2-1_all.deb
 b90499f8aa06cccbc6974cac081a1eff 6660 net extra ironic-conductor_4.2.2-1_all.deb
 65d764c61daa829ae8b4d4f2d30050fb 324268 doc extra ironic-doc_4.2.2-1_all.deb
 4f92104ae90242be91cec5ec7932d6c3 396180 python extra python-ironic_4.2.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWavQkAAoJENQWrRWsa0P+Gq4P/2wbaMod6zvL/vhxZqdbO94l
00i/Ci7J1sta/ldMmagpBB1jipOhAcYJ5nhtdxm0RfRJHoVW7wzXQ7bfr7EL06h6
vwAB78htKiK+QU2fWU5lK839AuTSm8KGviGI7p5jEiGC88gKhQ/3xndvEArluKrv
W8FDufo0+zZ2iJl6yEyLYbQ2fKZv3LutsQ40LBV5wSp1Fey3hFVomTDWjT2yTh+B
9Wvi2UJ6dyTReAspWp8F5aRNq8lbmZCHKg6BiMyOHUcbfT3eIXMEvhJn9Ouu3GJr
omfHdQhH9d1fpwgE6EFO6oPs4eBMSYzVfmTDU1TtJYe6ASwGCWlQnlj4DuvdJJ3e
CnhH6KiLlGZbV38QtCFc80VsYaIL6NtuuKIT4HZeMlsVN/uDXzATx9r+0BGSAa7/
48/bOxvAeluhvuyMDf5xiZOG4stz9TEuBQnG1qHNPjZolvZ1y9H4v7H1i/mwA07L
0raFymexPpurClpbn2GLJ5Z+OpgzCnY6XtI1L4JX0GNVaI2EXnwc6CWDt/KkdqUH
kDdodWiKjK6u57CNQ4Brq7i/7z1QMmmOK0tlFbfUN/twb32PTOCTt2wgjx4SFYrL
K4anQUTomZAbho9nozj9xbzAMIf3kYRevBmX/q0pMcQkZAr1GLqw+iPRsQK6QRqG
5QJH0XsjIJ4h7EuiLU4E
=5Gi8
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.