Debian Bug report logs -
#719010
cinder: CVE-2013-4183: Cinder LVM volume driver does not support secure deletion
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 7 Aug 2013 18:12:02 UTC
Severity: important
Tags: patch, security, upstream
Fixed in version cinder/2013.1.2-4
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
:
Bug#719010
; Package cinder
.
(Wed, 07 Aug 2013 18:12:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
.
(Wed, 07 Aug 2013 18:12:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cinder
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for cinder.
CVE-2013-4183[0]:
Cinder LVM volume driver does not support secure deletion
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4183
[1] http://marc.info/?l=oss-security&m=137588868604447&w=2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>
:
You have taken responsibility.
(Thu, 08 Aug 2013 15:21:25 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Thu, 08 Aug 2013 15:21:25 GMT) (full text, mbox, link).
Message #10 received at 719010-close@bugs.debian.org (full text, mbox, reply):
Source: cinder
Source-Version: 2013.1.2-4
We believe that the bug you reported is fixed in the latest version of
cinder, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 719010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated cinder package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 13 Jul 2013 22:51:29 +0800
Source: cinder
Binary: python-cinder cinder-common cinder-api cinder-volume cinder-scheduler cinder-backup
Architecture: source all
Version: 2013.1.2-4
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
cinder-api - OpenStack block storage system - API server
cinder-backup - OpenStack block storage system - Backup server
cinder-common - OpenStack block storage system - common files
cinder-scheduler - OpenStack block storage system - Scheduler server
cinder-volume - OpenStack block storage system - Volume server
python-cinder - OpenStack block storage system - Python libraries
Closes: 719010 719118
Changes:
cinder (2013.1.2-4) unstable; urgency=high
.
* Adds missing depends: sqlite3.
* CVE-2013-4202: Fix DoS using XML entities in extensions (Closes: #719118).
* CVE-2013-4183: Enable zero the snapshot when delete snapshot in
LVMVolumeDriver (Closes: #719010).
Checksums-Sha1:
7027a4397e09be9986edab1c4192a97d51b84cbe 2440 cinder_2013.1.2-4.dsc
bf92fee9bdaf2edea2bd4b49ecc9dbd930797d6a 17009 cinder_2013.1.2-4.debian.tar.gz
031ecb2bcdc98609146ab9e648af01f1fe615d47 527566 python-cinder_2013.1.2-4_all.deb
735aaf2a364e82bb03565b45f6e638b09db6adc1 23748 cinder-common_2013.1.2-4_all.deb
7135b94a20735f79402076cf020bd1bd00d926c9 13930 cinder-api_2013.1.2-4_all.deb
3b98121d8e132fe282688ef30ad5e1bb94e5120d 15088 cinder-volume_2013.1.2-4_all.deb
beee267eafad6312bde4f62dff1d0d43ae09c4ac 6752 cinder-scheduler_2013.1.2-4_all.deb
d7dae1471daaf95d5fae2ae77eaf4407db102bcd 6414 cinder-backup_2013.1.2-4_all.deb
Checksums-Sha256:
e67956f17d7af7f20934fe91fca3bd0975c054eef1488b949d9b26f3ba254d1d 2440 cinder_2013.1.2-4.dsc
08ff7034e6b4f26f8901eea835ebb2b989c0a7dbe5c4166cf63390a0069d05d1 17009 cinder_2013.1.2-4.debian.tar.gz
eb82ec34a06a6f02b8402a68555422d151175c0ab750803d7874412364adaae4 527566 python-cinder_2013.1.2-4_all.deb
439667b5c5f21ba7bcc1924c24217b2502ad13e84cc8497b2098a04adb09bbe0 23748 cinder-common_2013.1.2-4_all.deb
77f1d9dfa5cb32d72879fe94d0f17cd59ba840d1dcc25fcafa9a9f1908f1dd62 13930 cinder-api_2013.1.2-4_all.deb
ac713ebb8d31370c70705484fddc6e553939b6de81c55710564af355fdeefa6b 15088 cinder-volume_2013.1.2-4_all.deb
241ddfdb8ace60d84ca7518b57d69e9e8522a334c0ad102c6470e1cce144ecb8 6752 cinder-scheduler_2013.1.2-4_all.deb
81c96c4a89c3bc3e96b50b4d5602a6821da15854dd71bb2e62abb77a20e1f82f 6414 cinder-backup_2013.1.2-4_all.deb
Files:
ed17c85037edf81d0c3aee1f005b5219 2440 net extra cinder_2013.1.2-4.dsc
db7eabc97dafaa8c3fd5f1690661ea2f 17009 net extra cinder_2013.1.2-4.debian.tar.gz
28f7c513b9c057d031844181e9573bfb 527566 python extra python-cinder_2013.1.2-4_all.deb
46566821360c7f62984bb61997d76662 23748 net extra cinder-common_2013.1.2-4_all.deb
e8c440245936c41fd9f4ba3a76769cee 13930 net extra cinder-api_2013.1.2-4_all.deb
d8c5304143d49d4580c4f6e571cd300a 15088 net extra cinder-volume_2013.1.2-4_all.deb
ac898bf5fb117c39b1b5bb1fa28bfa6b 6752 net extra cinder-scheduler_2013.1.2-4_all.deb
6adabb4acbbe998a8e61cb884ef55aa1 6414 net extra cinder-backup_2013.1.2-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEARECAAYFAlIDrsIACgkQl4M9yZjvmknO4wCffASj/gfOOHlcCarHgK4+Nap8
4HsAn211DSZL1PFcKsGP2KX/CNGWAMeC
=YugC
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 04 Nov 2013 07:27:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:15:11 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.