Your message dated Mon, 29 Jul 2013 17:03:19 +0000
with message-id <[email protected]>
and subject line Bug#718282: fixed in python-glanceclient 1:0.9.0-2
has caused the Debian Bug report #718282,
regarding CVE-2013-4111: Missing SSL certificate check in Python glance client
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
718282: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718282
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-glanceclient
Version: 1:0.9.0-1
Severity: grave
Tags: patch
Copying the email from the security team of OpenStack.
Thomas Goirand (zigo)
A vulnerability was fixed publicly in OpenStack Python Glance client
recently, and we think it warrants a security advisory to make sure
everyone is aware of it.
We obviously can't embargo anything here since the issue is public
already, but we figured you would still appreciate a day heads-up
before we publish the advisory and attract the rest of the world
attention on the issue.
Title: Missing SSL certificate check in Python glance client
Reporter: Thomas Leaman (HP)
Products: python-glanceclient
Affects: All versions
Description:
Thomas Leaman from HP reported that the Python Glance client was
failing to properly check certificates during the establishment of
HTTPS connections. A remote attacker with access over segments of the
network between client and server could potentially set up a man-in
the-middle attack and access the contents of the Glance client request
(or response).
python-glanceclient fix (will be included in future release):
https://review.openstack.org/#/c/33464/
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4111
https://bugs.launchpad.net/python-glanceclient/+bug/1192229
Regards,
- --
Thierry Carrez
--- End Message ---
--- Begin Message ---
Source: python-glanceclient
Source-Version: 1:0.9.0-2
We believe that the bug you reported is fixed in the latest version of
python-glanceclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated python-glanceclient
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 30 May 2013 13:55:25 +0800
Source: python-glanceclient
Binary: python-glanceclient
Architecture: source all
Version: 1:0.9.0-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
python-glanceclient - Client library for Openstack glance server
Closes: 718282
Changes:
python-glanceclient (1:0.9.0-2) unstable; urgency=high
.
* Ran wrap-and-sort.
* CVE-2013-4111: Fix missing SSL certificate check (Closes: #718282).
* Cleans correctly so the package can be built twice.
* Using testrepository instead of run_test.py for running tests.
* Standards-Version: is now 3.9.4.
* Explicitly using --buildsystem=python_distutils.
Checksums-Sha1:
d87dfb192641c4c895c0bb1b45b24aa829de1fa3 2024 python-glanceclient_0.9.0-2.dsc
050c483724cb98e9d117010db951a7fe9b2e2124 29421
python-glanceclient_0.9.0-2.debian.tar.gz
fae45c26f385bf0f732832944103da56756ba40c 57498
python-glanceclient_0.9.0-2_all.deb
Checksums-Sha256:
005e0b47908df29a50581af4bbf98e2f95060cb9d33f0b049d095667831b075c 2024
python-glanceclient_0.9.0-2.dsc
faad76540dccccee17402a3702eed4505e3a48f0494a7cc737fc4bac95a06f0e 29421
python-glanceclient_0.9.0-2.debian.tar.gz
b7313dc0916999944f455c7fdc873203aa7b7cc4f64c962207f57c240a3b1892 57498
python-glanceclient_0.9.0-2_all.deb
Files:
b4cad73d3b9a1c5505f1d4f3739b2421 2024 python extra
python-glanceclient_0.9.0-2.dsc
4c465413cc89eafe06227dd20c15c007 29421 python extra
python-glanceclient_0.9.0-2.debian.tar.gz
32877dabd213967bbd8168dbe3afad18 57498 python extra
python-glanceclient_0.9.0-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlH2nhYACgkQl4M9yZjvmkknGQCghXR6YvVFRO6wLgzRUeBdEB12
YAEAniAXnSkt3Er77vRuzZcmiUH/9eTV
=G361
-----END PGP SIGNATURE-----
--- End Message ---
