Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[CVE-2014-7144] TLS cert verification option not honoured in paste configs

Related Vulnerabilities: CVE-2014-7144  

Source

Debian Bug report logs - #762748
[CVE-2014-7144] TLS cert verification option not honoured in paste configs

version graph

Package: python-keystonemiddleware; Maintainer for python-keystonemiddleware is Debian OpenStack <team+openstack@tracker.debian.org>; Source for python-keystonemiddleware is src:python-keystonemiddleware (PTS, buildd, popcon).

Reported by: Luciano Bello <luciano@debian.org>

Date: Wed, 24 Sep 2014 21:36:07 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Fixed in version python-keystonemiddleware/1.0.0-3

Done: Thomas Goirand <zigo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#762748; Package python-keystonemiddleware. (Wed, 24 Sep 2014 21:36:11 GMT) (full text, mbox, link).

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>. (Wed, 24 Sep 2014 21:36:12 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>
To: submit@bugs.debian.org
Subject: [CVE-2014-7144] TLS cert verification option not honoured in paste configs
Date: Wed, 24 Sep 2014 23:32:43 +0200
Package: python-keystonemiddleware
Severity: important
Tags: security upstream patch fixed-upstream

Hi there,
    the following vulnerabilities were published for python-keystonemiddleware:

CVE-2014-7144: TLS cert verification option not honoured in paste configs

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:
http://seclists.org/oss-sec/2014/q3/620
https://review.openstack.org/#/c/113191/

Please adjust the affected versions in the BTS as needed. 

Regards, luciano

Reply sent to Thomas Goirand <zigo@debian.org>:
You have taken responsibility. (Thu, 25 Sep 2014 07:39:29 GMT) (full text, mbox, link).

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Thu, 25 Sep 2014 07:39:29 GMT) (full text, mbox, link).

Message #10 received at 762748-close@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>
To: 762748-close@bugs.debian.org
Subject: Bug#762748: fixed in python-keystonemiddleware 1.0.0-3
Date: Thu, 25 Sep 2014 07:36:32 +0000
Source: python-keystonemiddleware
Source-Version: 1.0.0-3

We believe that the bug you reported is fixed in the latest version of
python-keystonemiddleware, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 762748@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-keystonemiddleware package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 25 Sep 2014 07:16:29 +0000
Source: python-keystonemiddleware
Binary: python-keystonemiddleware python-keystonemiddleware-doc
Architecture: source all
Version: 1.0.0-3
Distribution: unstable
Urgency: medium
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 python-keystonemiddleware - Middleware for OpenStack Identity (Keystone) - Python 2.x
 python-keystonemiddleware-doc - Middleware for OpenStack Identity (Keystone) - doc
Closes: 762748
Changes:
 python-keystonemiddleware (1.0.0-3) unstable; urgency=medium
 .
   * Added CVE-2014-7144_convert_the_conf_value_into_correct_type.patch. Thanks
     to Luciano Bello <luciano@debian.org> for the report (Closes: #762748).
Checksums-Sha1:
 f8b8c735c5895e69f01ea6dab9449e711a0cecb1 2930 python-keystonemiddleware_1.0.0-3.dsc
 6b7c2a6c42b116fa83f884efbbbd7d909dc79472 5500 python-keystonemiddleware_1.0.0-3.debian.tar.xz
 7a95c65649365e16c26aa7d3f1e8e3bc7f050a33 52174 python-keystonemiddleware_1.0.0-3_all.deb
 ce43771b8c0a3685be0d5a534f8bcdf3001648ec 68454 python-keystonemiddleware-doc_1.0.0-3_all.deb
Checksums-Sha256:
 5abb2d87b8d78ff0ccb4da5f1392173726a2f9086f2d688eff3d73303c066262 2930 python-keystonemiddleware_1.0.0-3.dsc
 c79095d6d312332c8a3b73de63f54883b3e042f059f3fdebf5e1ebda74ab26d0 5500 python-keystonemiddleware_1.0.0-3.debian.tar.xz
 252f1d75eb848e83e72c1bcd00ec9e71b7d1ef73c86e8ca1b9aebd4454672ca7 52174 python-keystonemiddleware_1.0.0-3_all.deb
 b0f26567235c0fa294a6bcd4904aaa958b8fcd08e7626f1ebfd211969ae97b59 68454 python-keystonemiddleware-doc_1.0.0-3_all.deb
Files:
 9ca7966e95ece3c9a908ae35acc7a469 52174 python optional python-keystonemiddleware_1.0.0-3_all.deb
 4258ac0b599573c52776bc4f9994c73f 68454 doc optional python-keystonemiddleware-doc_1.0.0-3_all.deb
 5c756c43af7e1e5806c6c91dff4b29bd 2930 python optional python-keystonemiddleware_1.0.0-3.dsc
 39623b270e2347dc0370d65380429e75 5500 python optional python-keystonemiddleware_1.0.0-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUI8H9AAoJENQWrRWsa0P+nvMP/280jGvNPZ4xG7xJ5IuxwWsG
PXNFi4MY06j9F7jvaI4HxboX3T5NQYH0yvUpnAX+C5fnziiuxrK+Kc00WOgGHE8b
t4aXJ9c9RnTwiz8xUMsk1OCqrunzYOmshTGBQrgbnqsJat50u1+uBZZvZyzp1OaF
xOPVOPvs59Z5FU/gOw6oHfvBTPw6hkiuRG4xYyMvpt0wdTZ7Frp0VvyAvnWgW08z
Ki57NLib6Jubw6aT9CYOuGFPS2KJkWJUuYOVfvS6NDRPfl6VpKy5PoXqGdOyyOxq
4vWUwc/ABX1RHylFxTc4ilY6c0ZdHUmQiDOEsjOzwf48/L33ChmYfjhYPusSPDYo
9LCGcv0Dd9KMoRTjj6EYjJFpatNG8LcAkW7nynoOkMbi/OGPBltxSrgnFjQ4SoGj
78sjxt6slIxyIMvYKy+N7KosG8STtWrdDGjQtZpcBTVRitvDArEqZZFFpp1+itbn
fIe8xqdX7fOK0muhoRG4ObaEf3m4S+J42FyQzUAM3CJs7TgNy04Hd0RFEnm44Bl/
Byn/UfZzVxKfAxSIvjOHrt6JuOLB3ZT9ju7xpF19gFlEHnGD5IaXFzT1QO5qbOGk
qNlvxSGM/d2fAL5Z33V9XN5LWkGYZrWUIQAuvgDTBpz3Rnc324Xl/Y/CzbIFQNer
u3F2wASkRyHznm0+9TqP
=RhKa
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 28 Oct 2014 07:35:49 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:29:17 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started