Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

python-requests-kerberos: CVE-2014-8650: failure to handle mutual authentication

Related Vulnerabilities: CVE-2014-8650  

Source

Debian Bug report logs - #768408
python-requests-kerberos: CVE-2014-8650: failure to handle mutual authentication

version graph

Package: src:python-requests-kerberos; Maintainer for src:python-requests-kerberos is Debian OpenStack <openstack-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 7 Nov 2014 09:15:07 UTC

Severity: grave

Tags: fixed-upstream, patch, security, upstream

Found in version python-requests-kerberos/0.5-1

Fixed in version python-requests-kerberos/0.5-2

Done: Thomas Goirand <zigo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#768408; Package src:python-requests-kerberos. (Fri, 07 Nov 2014 09:15:11 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>. (Fri, 07 Nov 2014 09:15:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: python-requests-kerberos: CVE-2014-8650: failure to handle mutual authentication
Date: Fri, 07 Nov 2014 10:13:09 +0100
Source: python-requests-kerberos
Version: 0.5-1
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for python-requests-kerberos.

CVE-2014-8650[0]:
does not handle mutual authentication

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8650
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1160540
[2] https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6

Regards,
Salvatore

Reply sent to Thomas Goirand <zigo@debian.org>:
You have taken responsibility. (Mon, 10 Nov 2014 13:36:15 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 10 Nov 2014 13:36:15 GMT) (full text, mbox, link).

Message #10 received at 768408-close@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>
To: 768408-close@bugs.debian.org
Subject: Bug#768408: fixed in python-requests-kerberos 0.5-2
Date: Mon, 10 Nov 2014 13:33:53 +0000
Source: python-requests-kerberos
Source-Version: 0.5-2

We believe that the bug you reported is fixed in the latest version of
python-requests-kerberos, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 768408@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-requests-kerberos package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Nov 2014 21:22:51 +0800
Source: python-requests-kerberos
Binary: python-requests-kerberos python3-requests-kerberos
Architecture: source all
Version: 0.5-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 python-requests-kerberos - Kerberos/GSSAPI authentication handler for python-requests - Pyth
 python3-requests-kerberos - Kerberos/GSSAPI authentication handler for python-requests - Pyth
Closes: 768408
Changes:
 python-requests-kerberos (0.5-2) unstable; urgency=high
 .
   * CVE-2014-8650: failure to handle mutual authentication. Applied upstream
     patch: CVE-2014-8650_Handle_mutual_authentication.patch (Closes: #768408).
     Thanks to Salvatore Bonaccorso <carnil@debian.org> for reporting it.
Checksums-Sha1:
 5f03c4ba6acfd45501f8d1c082963ccc7c295b0f 2486 python-requests-kerberos_0.5-2.dsc
 813da998f758288709e7019c11ceaa0f7ad0a41a 3800 python-requests-kerberos_0.5-2.debian.tar.xz
 afd6d5efe98d6750408619895d0d6e0b8f5651f1 7228 python-requests-kerberos_0.5-2_all.deb
 4c0613411f7698c98d27dcf4d8c0d54093700ad2 7182 python3-requests-kerberos_0.5-2_all.deb
Checksums-Sha256:
 af854ac3529eb1ee7a76dc0c70be93334cb75ded37cfe352f1476884fef2eb92 2486 python-requests-kerberos_0.5-2.dsc
 0ea097722f502c9cd49abefaad88b4d4ea07f0b34cc09ebc33f19d7958485b85 3800 python-requests-kerberos_0.5-2.debian.tar.xz
 93f5d113e95a487bda7ceb3c44380fa56b166e7704d987de12ed9dac1756f1dd 7228 python-requests-kerberos_0.5-2_all.deb
 198e355386d9652ac8c36b000870b32f12082c074f9b943b9c8871b8561c510f 7182 python3-requests-kerberos_0.5-2_all.deb
Files:
 fa69937a905ddc94d09836ff129c5b82 2486 python optional python-requests-kerberos_0.5-2.dsc
 85d30ee7aeb2730c9eff58bde550bf20 3800 python optional python-requests-kerberos_0.5-2.debian.tar.xz
 4835e07ff812f5926cb054613cdd2341 7228 python optional python-requests-kerberos_0.5-2_all.deb
 fcb1e75cb5355168727d5a110aef306d 7182 python optional python3-requests-kerberos_0.5-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUYL0rAAoJENQWrRWsa0P+vMYP/0RtPNLkyEONs/upGInitJhT
zzy6B5kPc7bWbJzPPocTRBWxlu5y1j5w6CQ2RZQVFqUdS1tDAQjXOE8t4hKYHi8l
y7wOa952xni62sJq+dyq2+MGTh7N5PMoUgMFQRJi9jhTkJL3cqKC+YUMJ6QhAZbj
Y7Uu4N+L6xHM3Wb9DcqYkqU73nldC8lP+Dtes76If8Y3E2qACXhoHbF318TD+mmR
hgnQy8L65QtgNJ8ljdC57iVbjmgrgZM7whEMNqZHf7on65Qh6Gmr6LqnVlnB7EDe
ysCtmYjE1F3Z2CUGcmkNEWwoj3Tv+7qqI0Sr3+PbpYAB1dfMa4/fRU6n/rApQYFp
l6ztmq3M4j63zD2p3rUW+s8gFZirmsOoO8VsLaTyBACYxy288Ltu1YYxWelMhZKf
1RsQolIGa339WPxkPrmn1lOOX6GNZzperLnuDiltHphMk6JcJUtDwijrXHao2pHR
ynawxgRDLlvap3LxPGuxwh99KZCy68N94nY1CaEqQ5MIlVwzl4fKBSQGuHbYN+N3
SPgKL/j6k0syG9R5GIDV41MM8qg4TOlOLNG871etEXdER+3xVrxM1qh4BsNEso2/
uUDmdnyxQokOJKxIBCfe0BQhoTnWkHOmIU/CsdZKoKM3pzMSMXLRWx06MOSFlyDl
jgk1ibVN0ud/9yRNDUbl
=bke0
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 11 Dec 2014 07:26:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:46:41 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started