Debian Bug report logs - #686812
swift: CVE-2012-4406

version graph

Package: swift; Maintainer for swift is PKG OpenStack <openstack-devel@lists.alioth.debian.org>; Source for swift is src:swift.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 6 Sep 2012 07:15:02 UTC

Severity: grave

Tags: security

Fixed in version swift/1.4.8-2

Done: Thomas Goirand <zigo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#686812; Package swift. (Thu, 06 Sep 2012 07:15:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>. (Thu, 06 Sep 2012 07:15:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: swift: CVE-2012-4406
Date: Thu, 06 Sep 2012 09:09:26 +0200
Package: swift
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2012-4406:
https://bugs.launchpad.net/swift/+bug/1006414

Cheers,
        Moritz



Reply sent to Thomas Goirand <zigo@debian.org>:
You have taken responsibility. (Thu, 06 Sep 2012 09:06:04 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Thu, 06 Sep 2012 09:06:04 GMT) Full text and rfc822 format available.

Message #10 received at 686812-close@bugs.debian.org (full text, mbox):

From: Thomas Goirand <zigo@debian.org>
To: 686812-close@bugs.debian.org
Subject: Bug#686812: fixed in swift 1.4.8-2
Date: Thu, 06 Sep 2012 09:03:00 +0000
Source: swift
Source-Version: 1.4.8-2

We believe that the bug you reported is fixed in the latest version of
swift, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 686812@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated swift package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 06 Sep 2012 08:40:18 +0000
Source: swift
Binary: python-swift swift swift-proxy swift-object swift-container swift-account swift-doc
Architecture: source all
Version: 1.4.8-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description: 
 python-swift - OpenStack Object Storage - libraries
 swift      - OpenStack Object Storage - common files
 swift-account - OpenStack Object Storage - account server
 swift-container - OpenStack Object Storage - container server
 swift-doc  - OpenStack Object Storage - documentation
 swift-object - OpenStack Object Storage - object server
 swift-proxy - OpenStack Object Storage - proxy server
Closes: 686812
Changes: 
 swift (1.4.8-2) unstable; urgency=high
 .
   * CVE-2012-4406: Do not use pickle for serialization in memcache, but JSON
   (Closes: #686812).
Checksums-Sha1: 
 8eb4306e03af91b02b7460b5b7bf56b1bcb7b896 1803 swift_1.4.8-2.dsc
 a0bcebc9c8394c6db123c9963407fe8e66f05b61 16404 swift_1.4.8-2.debian.tar.gz
 5ab786eacb09038e3163c6d07379af15a216a012 165356 python-swift_1.4.8-2_all.deb
 9555548dc7f6ddb9f48c32b51c339f91f4337c21 42818 swift_1.4.8-2_all.deb
 85c90fedc1d8551394b5c7767751d6eda9698b37 12546 swift-proxy_1.4.8-2_all.deb
 e24a66913dc6b01ff21b5868bda790e2b57df6c3 12894 swift-object_1.4.8-2_all.deb
 9f3c10343dfa0259ed3741f6b936dd1964d4eed4 11242 swift-container_1.4.8-2_all.deb
 69a68a16d345d3aca0943f1bb05e0f04e5317293 11366 swift-account_1.4.8-2_all.deb
 e73e41ecc684a873c231bf7dfe37fe59b05e1c55 255616 swift-doc_1.4.8-2_all.deb
Checksums-Sha256: 
 a648bb1f05ea89a3580f251f56ba81e67c47f93728981a4f09bdb195e59b3beb 1803 swift_1.4.8-2.dsc
 656b793df9d27ae30c5617b27464c8559a4c2f0264de4b532771521b71d908ac 16404 swift_1.4.8-2.debian.tar.gz
 cf6452e259d60d61a8b3e404f22d230e47fd28078ec7deeab388b0fbe58b5621 165356 python-swift_1.4.8-2_all.deb
 8e282689ee6e391d8c2469c94edb67d752452b5f261b78f2e2f39a90c4c9d951 42818 swift_1.4.8-2_all.deb
 84a543210847d8c3f33f3d8dc5b57c261bc6e3ce7361f9d14fda9f55028ca9f7 12546 swift-proxy_1.4.8-2_all.deb
 a1d3a3a8d0cb3580e97306b3f1c8238467e287b0f4be225f5eb7f3c61d16bfee 12894 swift-object_1.4.8-2_all.deb
 e9df54859d80b0fb18bd853aa09c09379ed565eccb5b79b45fcd001fb7910564 11242 swift-container_1.4.8-2_all.deb
 347e4a1c710652c97d49c0cc699fee4b98b81585c1bd78e6173c4f05089b0266 11366 swift-account_1.4.8-2_all.deb
 9c573c25f4ffeb2898b1a168999297069c53e2d8399b260c13e41c545ca02467 255616 swift-doc_1.4.8-2_all.deb
Files: 
 e704b2379b4e967c0b41fe606ab923ea 1803 net optional swift_1.4.8-2.dsc
 923f045213a3762f01203088923d23b7 16404 net optional swift_1.4.8-2.debian.tar.gz
 c7bbce63d1ebef5eebf2ed53b3d34fc2 165356 python optional python-swift_1.4.8-2_all.deb
 57b777a5a246f3c73d43a4dc9aa9c3a6 42818 net optional swift_1.4.8-2_all.deb
 9a9b69a4136d4eac7c52891d51de1e56 12546 net optional swift-proxy_1.4.8-2_all.deb
 791d01bae18c2a8c249b1f3f8f1b72ce 12894 net optional swift-object_1.4.8-2_all.deb
 6fa744f0aca5882c0519a530a125f2b3 11242 net optional swift-container_1.4.8-2_all.deb
 49926bedbddb9a981fbc3f7a894ed7f7 11366 net optional swift-account_1.4.8-2_all.deb
 d9b372191a6b55a0555485fec0fabdb0 255616 doc optional swift-doc_1.4.8-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBIZNMACgkQl4M9yZjvmklH1QCfZpjTWsoQR6DzbO+90vj1giV3
BkkAmwRNN8EO8m9MVRfpTkJGa8yWwmw4
=rmKT
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 07 Oct 2012 07:25:35 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 07:19:55 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.