Debian Bug report logs -
#719008
swift: CVE-2013-4155: Swift Denial of Service using superfluous object tombstones
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 7 Aug 2013 18:03:02 UTC
Severity: important
Tags: patch, security, upstream
Fixed in versions swift/1.8.0-7, swift/1.4.8-2+deb7u1
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#719008; Package swift.
(Wed, 07 Aug 2013 18:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Wed, 07 Aug 2013 18:03:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: swift
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for swift.
CVE-2013-4155[0]:
Swift Denial of Service using superfluous object tombstones
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4155
[1] http://marc.info/?l=oss-security&m=137589052905204&w=2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Thu, 08 Aug 2013 15:27:17 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 08 Aug 2013 15:27:17 GMT) (full text, mbox, link).
Message #10 received at 719008-close@bugs.debian.org (full text, mbox, reply):
Source: swift
Source-Version: 1.8.0-7
We believe that the bug you reported is fixed in the latest version of
swift, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 719008@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated swift package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 08 Aug 2013 12:05:45 +0000
Source: swift
Binary: python-swift swift swift-proxy swift-object swift-container swift-account swift-doc
Architecture: source all
Version: 1.8.0-7
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
python-swift - distributed virtual object store - Python libraries
swift - distributed virtual object store - common files
swift-account - distributed virtual object store - account server
swift-container - distributed virtual object store - container server
swift-doc - distributed virtual object store - documentation
swift-object - distributed virtual object store - object server
swift-proxy - distributed virtual object store - proxy server
Closes: 719008
Changes:
swift (1.8.0-7) unstable; urgency=high
.
* CVE-2013-4155: DoS using superfluous object tombstones. Upstream patch
fixes handling of DELETE obj reqs with old timestamp (Closes: #719008).
* Refreshed patches.
Checksums-Sha1:
479451c15bf6fe3ae1213498a43826f3bf503bcc 1961 swift_1.8.0-7.dsc
5ddfa2a831bc933400304a485d1a7e17684a1baf 24240 swift_1.8.0-7.debian.tar.gz
14bd89e2eb6cd44671cc393ee501262012bb5109 180322 python-swift_1.8.0-7_all.deb
1049fa9261548542b1078511c6773452dae6e331 50098 swift_1.8.0-7_all.deb
ab35f9ffc35a5a8ba7a3c4758aa59123c2365cab 33932 swift-proxy_1.8.0-7_all.deb
98c0470d0941af18c8b035975549637deb8a9b39 32912 swift-object_1.8.0-7_all.deb
4d14f2307dbe5c8c507f519fe5e656f9658b67c7 27124 swift-container_1.8.0-7_all.deb
d22cbfaf283eae984b76ce5f8058a584eb56bc3f 28758 swift-account_1.8.0-7_all.deb
2777687e7fa36cc8de0c453fa27cb108589cf5b8 211872 swift-doc_1.8.0-7_all.deb
Checksums-Sha256:
ffe8110f2ee796b9a2037953b49570e25c3743b3a68c3b51e90bba58bc688db3 1961 swift_1.8.0-7.dsc
50b15d16f88087b8ca7780753ae43cbba3ba30104e30b9c126361e39b2ee7057 24240 swift_1.8.0-7.debian.tar.gz
eaa38b7ab877a4719e6d130ce172db6bf7e22801a379323b435a478117e56798 180322 python-swift_1.8.0-7_all.deb
d382061ccaee176559669d534ca8cc2071ed1ed0f63e43a82f8973bf6e5a220e 50098 swift_1.8.0-7_all.deb
0fc320164da8334e2d7abffd0f9c171a4689c74918408623933ed161ba161b35 33932 swift-proxy_1.8.0-7_all.deb
8311e4f907112f9b7847da6cd1e144f8a4f0e184c8faee7217e71a0995b29aa4 32912 swift-object_1.8.0-7_all.deb
f2c00bd723f3cbb6e98ca1d5961bb2b592625fff58f099baa2bfb9e986e53e36 27124 swift-container_1.8.0-7_all.deb
85ec3d4e59276eeea91a652eb6ad3ac5d0e685c110c9447845164ffa7c50dd02 28758 swift-account_1.8.0-7_all.deb
ca4a479bd786f9f9f21ca8bff227576beca3f6a1bef60384dc68821a469d2a55 211872 swift-doc_1.8.0-7_all.deb
Files:
08a960efa819aba85f3592eea04af81e 1961 net optional swift_1.8.0-7.dsc
57b5507c9384a2ef0e573f7160d04b59 24240 net optional swift_1.8.0-7.debian.tar.gz
c756f11deef24754aa1cc056b1632bb5 180322 python optional python-swift_1.8.0-7_all.deb
ef9fa2a9aa400ade674df72044b03fbd 50098 net optional swift_1.8.0-7_all.deb
8411ec308188649cb81edcec232887e0 33932 net optional swift-proxy_1.8.0-7_all.deb
7d6cf90c6d88f92255e05230e05b92cb 32912 net optional swift-object_1.8.0-7_all.deb
9cd9b63ce31baab9077555a70971d66c 27124 net optional swift-container_1.8.0-7_all.deb
e97d59c4f99f6ff34a9fdccbb0d3d00f 28758 net optional swift-account_1.8.0-7_all.deb
f6437d5993b3183ce9f74d4565dbd7f9 211872 doc optional swift-doc_1.8.0-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEARECAAYFAlIDsVsACgkQl4M9yZjvmklLcwCbBIh/5uhdriBLxTlMfu7b1JHS
1uoAn16ZcA7KZmLe3SNAGPiRXJYITSRJ
=QwLP
-----END PGP SIGNATURE-----
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Wed, 14 Aug 2013 21:21:26 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 14 Aug 2013 21:21:26 GMT) (full text, mbox, link).
Message #15 received at 719008-close@bugs.debian.org (full text, mbox, reply):
Source: swift
Source-Version: 1.4.8-2+deb7u1
We believe that the bug you reported is fixed in the latest version of
swift, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 719008@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated swift package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Jul 2013 13:54:33 +0800
Source: swift
Binary: python-swift swift swift-proxy swift-object swift-container swift-account swift-doc
Architecture: source all
Version: 1.4.8-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
python-swift - OpenStack Object Storage - libraries
swift - OpenStack Object Storage - common files
swift-account - OpenStack Object Storage - account server
swift-container - OpenStack Object Storage - container server
swift-doc - OpenStack Object Storage - documentation
swift-object - OpenStack Object Storage - object server
swift-proxy - OpenStack Object Storage - proxy server
Closes: 712202 719008
Changes:
swift (1.4.8-2+deb7u1) wheezy-security; urgency=high
.
* CVE-2013-2161: Applied fix for unchecked user input in Swift XML responses
(Closes: #712202).
* CVE-2013-4155: Backported fix for Denial of Service using superfluous
object tombstones (Closes: #719008).
* Updated debian/gbp.conf to track Wheezy fixes.
Checksums-Sha1:
a0f8c4bc97078453361956e1041838f4163c347b 1831 swift_1.4.8-2+deb7u1.dsc
b3ccd10902f9aa3432f02a6a0f89ed5a10e6b3ae 304096 swift_1.4.8.orig.tar.xz
986a092d9bbfbcaea7cd534bf3b0beb0511cbffa 21179 swift_1.4.8-2+deb7u1.debian.tar.gz
370be64932459c545e282ecd4b557c5c13b1984e 166230 python-swift_1.4.8-2+deb7u1_all.deb
99fd01b0ffda6c3fed2200024ae8561077d4858f 41604 swift_1.4.8-2+deb7u1_all.deb
37c0557289654b24f6d210a99e34538991fd0780 12704 swift-proxy_1.4.8-2+deb7u1_all.deb
d2ff33959ef90f57a92835982b617667895e954a 13036 swift-object_1.4.8-2+deb7u1_all.deb
b0436205f144963d124ce8921f4fda7786e4a608 11368 swift-container_1.4.8-2+deb7u1_all.deb
9f23260c937015828203c735d89d37bbf9405c6e 11524 swift-account_1.4.8-2+deb7u1_all.deb
dd5ffa91a9c8859d5bd8bbd5c56f99a27697ac6b 255802 swift-doc_1.4.8-2+deb7u1_all.deb
Checksums-Sha256:
da67ff95c99e4522676d0e0be175326c9b3039455ccef55f4bfddee4e830ab48 1831 swift_1.4.8-2+deb7u1.dsc
98c3596e0a35bc271d379d05f595c74c19de76d748b6a15873bb4ef5acaf92db 304096 swift_1.4.8.orig.tar.xz
ae23b8c5056a46d54777b0e8cd1c31a93a0272485831073fd35f7c932e4c8f4b 21179 swift_1.4.8-2+deb7u1.debian.tar.gz
5a76feca240b53592c3255a2bbc1acdd7cda03cc320ff153b90ee0d8d9ff477a 166230 python-swift_1.4.8-2+deb7u1_all.deb
c854d077cacc9df9885586e4d3624847fcc3e86594dd84cd3923ff663cd2823a 41604 swift_1.4.8-2+deb7u1_all.deb
3e07aee8a33cb1d3c589eb8863365d8e66f1bb4df616bd09ffb70fce395b7e46 12704 swift-proxy_1.4.8-2+deb7u1_all.deb
893cee1630d1534d8ba1df0dc40b8017651209c9fe7bdd6ccf2bc89ba1de9975 13036 swift-object_1.4.8-2+deb7u1_all.deb
f732b6250d0cce461fb03ab8b9ff65607eb6f37934fea74f349c0b65ce75568c 11368 swift-container_1.4.8-2+deb7u1_all.deb
33418ea49db08898f1c5549e5a7e4f5f9d0a5cede336b4a76a70984eed6300d4 11524 swift-account_1.4.8-2+deb7u1_all.deb
3aa30d2ed67cd69cac149036f863f15a693ba1696a514cec8a4a5a93163e010c 255802 swift-doc_1.4.8-2+deb7u1_all.deb
Files:
f368d5e3d33353d505c0af28ffa768ec 1831 net optional swift_1.4.8-2+deb7u1.dsc
66eb01f5e14a68e33de910acddd76b8a 304096 net optional swift_1.4.8.orig.tar.xz
c540a7c1039a322ff81763067b7b6fbb 21179 net optional swift_1.4.8-2+deb7u1.debian.tar.gz
67c44018feec8e4f2c96cd177a20a4c7 166230 python optional python-swift_1.4.8-2+deb7u1_all.deb
745f540450521d793d4f7a4fef9536b1 41604 net optional swift_1.4.8-2+deb7u1_all.deb
f2e7c954a87246aced03f30e92fb9034 12704 net optional swift-proxy_1.4.8-2+deb7u1_all.deb
07fd57d69b0630fec3d636ef95c07fb1 13036 net optional swift-object_1.4.8-2+deb7u1_all.deb
1ee0cacfb6247803d50c142b27edbdcf 11368 net optional swift-container_1.4.8-2+deb7u1_all.deb
486651afe7d8587dda8bad128ee052c1 11524 net optional swift-account_1.4.8-2+deb7u1_all.deb
b8b2ce9623d09ddf0c08354d9f84d023 255802 doc optional swift-doc_1.4.8-2+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlID4fYACgkQl4M9yZjvmkntKACg5LgNjh4G3FWNUJUwpa5WYWJs
ptEAnRU3Qy1/fJH1BPSF9LObLbugTKQH
=0rfF
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 12 Sep 2013 07:26:17 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 12:59:33 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon