Debian Bug report logs -
#730626
python-swiftclient: CVE-2013-6396
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#730626; Package python-swiftclient.
(Wed, 27 Nov 2013 12:27:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Wed, 27 Nov 2013 12:27:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python-swiftclient
Severity: grave
Tags: security upstream patch
Hi Thomas,
(This is similar to #718282, CVE-2013-4111 for python-glanceclient.)
the following vulnerability was published for python-swiftclient.
CVE-2013-6396[0]:
does not properly verify the server SSL certificates
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6396
http://security-tracker.debian.org/tracker/CVE-2013-6396
[1] https://bugs.launchpad.net/python-swiftclient/+bug/1199783
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#730626; Package python-swiftclient.
(Mon, 06 Jan 2014 18:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Gaudenz Steinlin <gaudenz@debian.org>:
Extra info received and forwarded to list. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Mon, 06 Jan 2014 18:36:04 GMT) (full text, mbox, link).
Message #10 received at 730626@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 730626 -patch
forwarded 730626 https://bugs.launchpad.net/python-swiftclient/+bug/1199783
Thanks
Hi Salvatore
Where did you find a patch for this issue? As you can see in the
launchpad bug report[1] and the upstream review system[2] no final patch is
available yet. Upstream is still working on a proper fix.
I suggest to wait for upstream to find a proper fix as this is not in
any Debian stable release.
Thanks
Gaudenz
[1] https://bugs.launchpad.net/python-swiftclient/+bug/1199783
[2] https://review.openstack.org/#/c/33473/
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
[Message part 2 (application/pgp-signature, inline)]
Removed tag(s) patch.
Request was from Gaudenz Steinlin <gaudenz@debian.org>
to control@bugs.debian.org.
(Mon, 06 Jan 2014 18:36:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#730626; Package python-swiftclient.
(Mon, 06 Jan 2014 21:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Mon, 06 Jan 2014 21:12:04 GMT) (full text, mbox, link).
Message #19 received at 730626@bugs.debian.org (full text, mbox, reply):
Hi Gaudenz,
On Mon, Jan 06, 2014 at 07:31:33PM +0100, Gaudenz Steinlin wrote:
>
> tags 730626 -patch
> forwarded 730626 https://bugs.launchpad.net/python-swiftclient/+bug/1199783
> Thanks
>
> Hi Salvatore
>
> Where did you find a patch for this issue? As you can see in the
> launchpad bug report[1] and the upstream review system[2] no final patch is
> available yet. Upstream is still working on a proper fix.
>
> I suggest to wait for upstream to find a proper fix as this is not in
> any Debian stable release.
Yes, apologies; I agree with you, was a mistake of mine. [1] is indeed
still in review, so agree also on your conclusion to wait for proper
fix.
[1] https://review.openstack.org/#/c/33473/
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Mon, 17 Feb 2014 18:33:20 GMT) (full text, mbox, link).
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Tue, 18 Feb 2014 04:06:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 18 Feb 2014 04:06:06 GMT) (full text, mbox, link).
Message #26 received at 730626-close@bugs.debian.org (full text, mbox, reply):
Source: python-swiftclient
Source-Version: 1:2.0.2-1
We believe that the bug you reported is fixed in the latest version of
python-swiftclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 730626@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-swiftclient package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 18 Feb 2014 11:03:09 +0800
Source: python-swiftclient
Binary: python-swiftclient
Architecture: source all
Version: 1:2.0.2-1
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
python-swiftclient - Client library for Openstack Swift API
Closes: 730626
Changes:
python-swiftclient (1:2.0.2-1) unstable; urgency=high
.
* New upstream release (Closes: #730626).
* Reviewed build-dependency for the new upstream release.
* Standards-Version: is now 3.9.5.
* Also builds the sphinx doc and package manpage.
* Adds patch to fix manpage.
Checksums-Sha1:
f75acaedf14f4b9e7549703ae2168c01dc150f98 2487 python-swiftclient_2.0.2-1.dsc
bec474512d91b9c8ad1ab75e0c1e03029f305238 43492 python-swiftclient_2.0.2.orig.tar.xz
3d764af7818c0e2acb389767eb78fe50f8c892b5 5156 python-swiftclient_2.0.2-1.debian.tar.xz
5ac6daf652fb6b82386ba05c3e1b1fcc2b9c3c93 54110 python-swiftclient_2.0.2-1_all.deb
Checksums-Sha256:
88d0137c346614eb9a35d5fc4e64ea7147b0ac3e64d5ddd710314a5c86c53aa8 2487 python-swiftclient_2.0.2-1.dsc
b8adc373a673226cef72b44eef69be09b70b4cb31ed330837cd5b6558568f952 43492 python-swiftclient_2.0.2.orig.tar.xz
2222ed9d8432ca137cfafca32598b23a37ea392de79cc72f9386e71248328d55 5156 python-swiftclient_2.0.2-1.debian.tar.xz
7f3e387cf9e9c10dbdd22b3a5790354ca579d8b09d8e20a20de3bd3dcb9cb1dd 54110 python-swiftclient_2.0.2-1_all.deb
Files:
ce4f20351e00d8ebb1380aa19a9eab51 2487 python extra python-swiftclient_2.0.2-1.dsc
09ce4ba0a00f49c1989c696e4fa09901 43492 python extra python-swiftclient_2.0.2.orig.tar.xz
f2071e28e106b7b6fb82120a23ff1de8 5156 python extra python-swiftclient_2.0.2-1.debian.tar.xz
93b9960de8e53407ab9ce8a3608d636c 54110 python extra python-swiftclient_2.0.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTAtndAAoJENQWrRWsa0P+itUP/iGXu1aP9QEIrK/SdEXUh5QI
VOWwYp+Gb6VeLTHH9Ekx60PYaEhRB0yKj+Gx8iF23/Kfxmin/vBlH2zn1VTN9UET
rimwIXwhDq6GnA8J8M+BMys1J3IXrJTkS3fjS5LnS/XyoVPwZTYnT9T8C5RX/6X3
PO2g5/kHH44KNmil3jMVoWNVf8UddilNgapoJAw+BfWSmVN8N58I997MQCWbizUY
GoFndAXb9Fuv4JMGt37doEDXhNzryheR6YYHOe75j0/pk5Xsn9TwA+f/UakJ2wht
e+vP9xkm2BUA2GluJ2E4JC+jPcsgMInqrKHiIWNtsuII7Cs0GeaG7UuEtQv9l9iu
q2JDqE5to3edurVhdeXddO0IwJcXLSMhKDLKfM9+WH0gP90ErCSTdsQTSIu58irZ
QTtUe7ev3knD90rUl+IzoptcLnyrcapnLdqByyLNUYRhD/we/bCyMhJ8gnSZHsp+
8NiDXc7zNzfodymVkKc+PYvfj2zCf3gmyDloeJ9u/WVMiiHAf3jT3VahTbJ59Xmq
lAffVRDH9S+YuWaTxpDLyglnsQZLVesiaW5L+GiAaGcVvRA1Bww8ZTi7+uKxUgPH
n2vbMyYn7XsYvzW21N5c971i4RQcA+b1Rr45Ms9ZkVVkUIeNbl+Ei+vN2L8Q4jiz
YiT7QSqsZiKcJ+CyFEjx
=i0Lr
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 20 Mar 2014 07:27:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:25:43 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon