Debian Bug report logs -
#671604
[CVE-2012-2144] Horizon session fixation and reuse
Reported by: Luciano Bello <luciano@debian.org>
Date: Sat, 5 May 2012 09:54:15 UTC
Severity: important
Tags: patch, security
Fixed in version horizon/2012.1-4
Done: Ghe Rivero <ghe.rivero@stackops.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#671604; Package horizon.
(Sat, 05 May 2012 09:54:18 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Sat, 05 May 2012 09:54:22 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: horizon
Severity: important
Tags: security patch
The following vulnerability had been reported against horizon:
http://seclists.org/oss-sec/2012/q2/253
The patch can be found in the report.
Please use CVE-2012-2144 for this issue.
Cheers,
luciano
Reply sent
to Ghe Rivero <ghe.rivero@stackops.com>:
You have taken responsibility.
(Sat, 05 May 2012 10:51:09 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sat, 05 May 2012 10:51:23 GMT) (full text, mbox, link).
Message #10 received at 671604-close@bugs.debian.org (full text, mbox, reply):
Source: horizon
Source-Version: 2012.1-4
We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive:
horizon_2012.1-4.debian.tar.gz
to main/h/horizon/horizon_2012.1-4.debian.tar.gz
horizon_2012.1-4.dsc
to main/h/horizon/horizon_2012.1-4.dsc
openstack-dashboard-apache_2012.1-4_all.deb
to main/h/horizon/openstack-dashboard-apache_2012.1-4_all.deb
openstack-dashboard_2012.1-4_all.deb
to main/h/horizon/openstack-dashboard_2012.1-4_all.deb
python-django-horizon_2012.1-4_all.deb
to main/h/horizon/python-django-horizon_2012.1-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 671604@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ghe Rivero <ghe.rivero@stackops.com> (supplier of updated horizon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 05 May 2012 12:02:08 +0200
Source: horizon
Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache
Architecture: source all
Version: 2012.1-4
Distribution: unstable
Urgency: low
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Ghe Rivero <ghe.rivero@stackops.com>
Description:
openstack-dashboard - OpenStack Dashboard
openstack-dashboard-apache - OpenStack Dashboard - Apache support
python-django-horizon - Django module to provide web interaction with OpenStack
Closes: 671604
Changes:
horizon (2012.1-4) unstable; urgency=low
.
* Fixed CVE_2012-2144. Closes: #671604
Checksums-Sha1:
10227d97aa4b49c4d42f9317cfe171e7133f950e 1520 horizon_2012.1-4.dsc
57650c92048fec255e6b400baae3a7a0b18e49b4 6242 horizon_2012.1-4.debian.tar.gz
837176f51093aec0315e63458a0136961c3527ed 389554 python-django-horizon_2012.1-4_all.deb
b912a08286856004f8c879e5d1fbeaa9689f2295 193378 openstack-dashboard_2012.1-4_all.deb
fc51ab92e12ad4b535ff95d1e4812f9586fe8228 2916 openstack-dashboard-apache_2012.1-4_all.deb
Checksums-Sha256:
aa169abc9809dd1986fe90a31c216a380c79cdfdd72bab062acde5fe22e0acd7 1520 horizon_2012.1-4.dsc
e1a5c460ab0b7f8e0e7f9834305a5f80c825d18e67381929dc88beff4041dcd1 6242 horizon_2012.1-4.debian.tar.gz
862b78804af29b8c7161170abf5c675699d3f0a688860066c1b472030e0ad32e 389554 python-django-horizon_2012.1-4_all.deb
c94e1904fae9bf684dabd42313feed8dfd3565e61a855ea292db9a4aaf354ae6 193378 openstack-dashboard_2012.1-4_all.deb
23164d72db62526049ee625d58677e7f7165f8c96d66679818fdb45049ad1fb9 2916 openstack-dashboard-apache_2012.1-4_all.deb
Files:
a9a52cf47c7bd0517c987a13a9bf4548 1520 python extra horizon_2012.1-4.dsc
b9fd69adca123fc7d2b38d0a07ca278d 6242 python extra horizon_2012.1-4.debian.tar.gz
fb87691c6167d8751196c8c9f4275625 389554 python extra python-django-horizon_2012.1-4_all.deb
8e1bc652882d49a48a787f75019f58e6 193378 python extra openstack-dashboard_2012.1-4_all.deb
309f75927d1d617aa0732d32c76d16e7 2916 python extra openstack-dashboard-apache_2012.1-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+lArAACgkQZttaNibwIPeKeQCgwHy++cnHhLxFLR7C438Ryabf
R2YAoMFX1bozeR/xFJtuelipiRL3BhA8
=WbZr
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 13 Jun 2012 07:33:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:00:21 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon