Your message dated Mon, 27 Jun 2016 23:29:15 +0000 with message-id <e1bhfxr-0003bx...@franck.debian.org> and subject line Bug#828064: fixed in murano-dashboard 1:2.0.0-5 has caused the Debian Bug report #828064, regarding murano-dashboard: CVE-2016-4972: RCE vulnerability in Openstack Murano using insecure YAML tags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 828064: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828064 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: murano Version: 1:2.0.0-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for murano. CVE-2016-4972[0]: RCE vulnerability in Openstack Murano using insecure YAML tags If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4972 [1] http://seclists.org/oss-sec/2016/q2/593 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: murano-dashboard Source-Version: 1:2.0.0-5 We believe that the bug you reported is fixed in the latest version of murano-dashboard, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 828...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated murano-dashboard package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 May 2016 11:56:25 +0200 Source: murano-dashboard Binary: python-murano-dashboard Architecture: source all Version: 1:2.0.0-5 Distribution: unstable Urgency: medium Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: python-murano-dashboard - cloud-ready application catalog - dashboard plugin Closes: 828064 Changes: murano-dashboard (1:2.0.0-5) unstable; urgency=medium . * Added missing EPOC in openstack-dashboard (build-)depends. * CVE-2016-4972: RCE vulnerability in Openstack Murano using insecure YAML tags. Applied upstream patch: Inherit custom yaml Loader from yaml.SafeLoader (Closes: #828064). Checksums-Sha1: 38d775854cf994af52b51980165fe256bb893ed1 2805 murano-dashboard_2.0.0-5.dsc b3276bb303a6c2aa32a3b869cd7a5bb4680af18c 5752 murano-dashboard_2.0.0-5.debian.tar.xz 7e5750b0cfe336c141051299a0ab8e4107776fca 190068 python-murano-dashboard_2.0.0-5_all.deb Checksums-Sha256: 3bed08bc8b85215efd2505cf4c4e13f36449fcf703e91c10665b7828cf20e407 2805 murano-dashboard_2.0.0-5.dsc b5da4c0560d1ac76830abff04493b722c6eec79a67af268f1bbaa7e7399e6f6e 5752 murano-dashboard_2.0.0-5.debian.tar.xz af45f3111956fd1e789bfa495f261fc84b201bdf6c180519fc4ffc72bf0786c9 190068 python-murano-dashboard_2.0.0-5_all.deb Files: fae360680d9c0b8ee9650d8f7911bf15 2805 python extra murano-dashboard_2.0.0-5.dsc 57dfdfe1ef6d2e4d2d3dad09896c6de7 5752 python extra murano-dashboard_2.0.0-5.debian.tar.xz 3ae718bfdf4feb98c127fefc50876faa 190068 python extra python-murano-dashboard_2.0.0-5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXcbMwAAoJENQWrRWsa0P+mbIP/jnjqD9LJmcxwkzjaoYx9yb1 mJtMWbIg2B5e+VQoJuN+vZeJAPZrnKK5vJsD4EHZXAXDtfS1ri91k7d3/HzOgH7v wnbuQm5KzwZbtl8zXzF8LGFEtxYuI6qKwlNRxTRhh+rBxy/XY1tlDcGIY0GuhM6B ytcnuD16oYGSEU6QJLgZBfuUAkrcSnBGV2aMPvmf0hMcDs77jBbHmdTnkFuR9Yz9 T4meLhVA7WZYLM7ify0E28T/pSxokminHrpPy/S4Ga5RoOX2zoFChCkWbT92ZzAs jyEzHSKBpMUMRAYJbMZN/VAe+WcH1SFz6PNZyznHqyn2yFSEg5VCxFf+jU5zMYII 07OZ5xDB18A+bSgv1VixzGuP/1GRnxd7HuDBKegKk1FmkCoU/9EUElCu592oW6RG JtnGJlCe5c+uBG0BGrhKf4MM9A1zMabmFXc8exCi+gA2JzEdJn/g9HWgpKx8/Fr1 SZr7kKC1LZiZsL/8S9MBQseiYoQLsgO85oCoEiWhYD+edTsRUh1lvakjNqZwwmmi baX+MxuU6/WQzvWYbN8WW9hP7kVQ7JRRu5co5Mw1OswmZ9QchV+ael2SEvgRRPWq +0Am4uAtDOmIk/Wvp51qjWhOg33HMCr3WaiWJ2JEp38KNpiJFMXOkF9k5F/IOPZJ /R4cerw0w490dfT+wQ9e =9rZM -----END PGP SIGNATURE-----
--- End Message ---
