Hi Thomas, On Wed, Jun 22, 2016 at 11:17:44AM +0200, Thomas Goirand wrote: > On 06/22/2016 07:57 AM, Salvatore Bonaccorso wrote: > > Source: ironic > > Version: 1:5.1.0-1 > > Severity: grave > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for ironic. > > > > Setting security to grave, since looks it would allow to expose > > credentials to unauthenticated users. > > > > CVE-2016-4985[0]: > > Ironic node information including credentials exposed to unathenticated > > users > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2016-4985 > > [1] http://www.openwall.com/lists/oss-security/2016/06/21/6 > > > > Regards, > > Salvatore > > FYI, I pushed upstream new releases which include the fixes: > - 5.1.2 to Sid (with urgency high) > - 4.2.5 to jessie-backports. > > Please update the tracker.
It got accepted into the archive now, so just have update the tracker information. Thanks for your work! Regards, Salvatore
