Debian Bug report logs -
#768408
python-requests-kerberos: CVE-2014-8650: failure to handle mutual authentication
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 7 Nov 2014 09:15:07 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version python-requests-kerberos/0.5-1
Fixed in version python-requests-kerberos/0.5-2
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
:
Bug#768408
; Package src:python-requests-kerberos
.
(Fri, 07 Nov 2014 09:15:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
.
(Fri, 07 Nov 2014 09:15:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: python-requests-kerberos
Version: 0.5-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for python-requests-kerberos.
CVE-2014-8650[0]:
does not handle mutual authentication
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8650
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1160540
[2] https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>
:
You have taken responsibility.
(Mon, 10 Nov 2014 13:36:15 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 10 Nov 2014 13:36:15 GMT) (full text, mbox, link).
Message #10 received at 768408-close@bugs.debian.org (full text, mbox, reply):
Source: python-requests-kerberos
Source-Version: 0.5-2
We believe that the bug you reported is fixed in the latest version of
python-requests-kerberos, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 768408@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-requests-kerberos package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 10 Nov 2014 21:22:51 +0800
Source: python-requests-kerberos
Binary: python-requests-kerberos python3-requests-kerberos
Architecture: source all
Version: 0.5-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
python-requests-kerberos - Kerberos/GSSAPI authentication handler for python-requests - Pyth
python3-requests-kerberos - Kerberos/GSSAPI authentication handler for python-requests - Pyth
Closes: 768408
Changes:
python-requests-kerberos (0.5-2) unstable; urgency=high
.
* CVE-2014-8650: failure to handle mutual authentication. Applied upstream
patch: CVE-2014-8650_Handle_mutual_authentication.patch (Closes: #768408).
Thanks to Salvatore Bonaccorso <carnil@debian.org> for reporting it.
Checksums-Sha1:
5f03c4ba6acfd45501f8d1c082963ccc7c295b0f 2486 python-requests-kerberos_0.5-2.dsc
813da998f758288709e7019c11ceaa0f7ad0a41a 3800 python-requests-kerberos_0.5-2.debian.tar.xz
afd6d5efe98d6750408619895d0d6e0b8f5651f1 7228 python-requests-kerberos_0.5-2_all.deb
4c0613411f7698c98d27dcf4d8c0d54093700ad2 7182 python3-requests-kerberos_0.5-2_all.deb
Checksums-Sha256:
af854ac3529eb1ee7a76dc0c70be93334cb75ded37cfe352f1476884fef2eb92 2486 python-requests-kerberos_0.5-2.dsc
0ea097722f502c9cd49abefaad88b4d4ea07f0b34cc09ebc33f19d7958485b85 3800 python-requests-kerberos_0.5-2.debian.tar.xz
93f5d113e95a487bda7ceb3c44380fa56b166e7704d987de12ed9dac1756f1dd 7228 python-requests-kerberos_0.5-2_all.deb
198e355386d9652ac8c36b000870b32f12082c074f9b943b9c8871b8561c510f 7182 python3-requests-kerberos_0.5-2_all.deb
Files:
fa69937a905ddc94d09836ff129c5b82 2486 python optional python-requests-kerberos_0.5-2.dsc
85d30ee7aeb2730c9eff58bde550bf20 3800 python optional python-requests-kerberos_0.5-2.debian.tar.xz
4835e07ff812f5926cb054613cdd2341 7228 python optional python-requests-kerberos_0.5-2_all.deb
fcb1e75cb5355168727d5a110aef306d 7182 python optional python3-requests-kerberos_0.5-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUYL0rAAoJENQWrRWsa0P+vMYP/0RtPNLkyEONs/upGInitJhT
zzy6B5kPc7bWbJzPPocTRBWxlu5y1j5w6CQ2RZQVFqUdS1tDAQjXOE8t4hKYHi8l
y7wOa952xni62sJq+dyq2+MGTh7N5PMoUgMFQRJi9jhTkJL3cqKC+YUMJ6QhAZbj
Y7Uu4N+L6xHM3Wb9DcqYkqU73nldC8lP+Dtes76If8Y3E2qACXhoHbF318TD+mmR
hgnQy8L65QtgNJ8ljdC57iVbjmgrgZM7whEMNqZHf7on65Qh6Gmr6LqnVlnB7EDe
ysCtmYjE1F3Z2CUGcmkNEWwoj3Tv+7qqI0Sr3+PbpYAB1dfMa4/fRU6n/rApQYFp
l6ztmq3M4j63zD2p3rUW+s8gFZirmsOoO8VsLaTyBACYxy288Ltu1YYxWelMhZKf
1RsQolIGa339WPxkPrmn1lOOX6GNZzperLnuDiltHphMk6JcJUtDwijrXHao2pHR
ynawxgRDLlvap3LxPGuxwh99KZCy68N94nY1CaEqQ5MIlVwzl4fKBSQGuHbYN+N3
SPgKL/j6k0syG9R5GIDV41MM8qg4TOlOLNG871etEXdER+3xVrxM1qh4BsNEso2/
uUDmdnyxQokOJKxIBCfe0BQhoTnWkHOmIU/CsdZKoKM3pzMSMXLRWx06MOSFlyDl
jgk1ibVN0ud/9yRNDUbl
=bke0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 11 Dec 2014 07:26:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:46:41 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.