Bug#926043: marked as done (CVE-2019-0816)

To: Thomas Goirand <zigo@debian.org>
Subject: Bug#926043: marked as done (CVE-2019-0816)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Thu, 25 Apr 2019 07:21:13 +0000
Message-id: <[🔎] handler.926043.D926043.155617671026826.ackdone@bugs.debian.org>
Reply-to: 926043@bugs.debian.org
References: <E1hJYeK-000Hi5-8P@fasolo.debian.org> <155397303933.13043.2382207774820610132.reportbug@hullmann.westfalen.local>

Your message dated Thu, 25 Apr 2019 07:18:28 +0000
with message-id <E1hJYeK-000Hi5-8P@fasolo.debian.org>
and subject line Bug#926043: fixed in cloud-init 18.3-6
has caused the Debian Bug report #926043,
regarding CVE-2019-0816
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926043
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2019-0816

From: Moritz Muehlenhoff <jmm@debian.org>

Date: Sat, 30 Mar 2019 20:10:39 +0100

Message-id: <155397303933.13043.2382207774820610132.reportbug@hullmann.westfalen.local>
Package: cloud-init
Severity: grave
Tags: security

This was assigned CVE-2019-0816:
https://code.launchpad.net/~jasonzio/cloud-init/+git/cloud-init/+merge/363445
https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm

Is this something that affects cloud-init as shipped in Debian or in the way we generate Debian
images for Azure?

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 926043-close@bugs.debian.org
Subject: Bug#926043: fixed in cloud-init 18.3-6
From: Thomas Goirand <zigo@debian.org>
Date: Thu, 25 Apr 2019 07:18:28 +0000
Message-id: <E1hJYeK-000Hi5-8P@fasolo.debian.org>

Source: cloud-init
Source-Version: 18.3-6

We believe that the bug you reported is fixed in the latest version of
cloud-init, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 926043@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated cloud-init package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 25 Apr 2019 08:54:18 +0200
Source: cloud-init
Binary: cloud-init
Architecture: source all
Version: 18.3-6
Distribution: unstable
Urgency: high
Maintainer: Debian Cloud Team <debian-cloud@lists.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 cloud-init - initialization system for infrastructure cloud instances
Closes: 926043
Changes:
 cloud-init (18.3-6) unstable; urgency=high
 .
   * CVE-2019-0816: Extraneous SSH Public Keys added to Authorized Keys file.
     Applied a refreshed patch from upstream: azure: Filter list of ssh keys
     pulled from fabric (Closes: #926043).
Checksums-Sha1:
 7e0242a1e8a484901d905968a56fe52fd8d67522 2375 cloud-init_18.3-6.dsc
 e10158ddd7f4fbc7da7b9031e28b84faf1051fd6 33632 cloud-init_18.3-6.debian.tar.xz
 9e93c969da3921d6f902fe50506373d5499eff75 403280 cloud-init_18.3-6_all.deb
 b95cc3316d7db562f05cab3b81e05c1f32979c2f 7983 cloud-init_18.3-6_amd64.buildinfo
Checksums-Sha256:
 acf6d90808345b2152bc8b3904d1a6589a454f3c7b390059594b95da4ca4ac3c 2375 cloud-init_18.3-6.dsc
 c14327d9106bcfe8c74650db5521bf8ba3fd9400f0cf88fafd3e4137d2f3a6c8 33632 cloud-init_18.3-6.debian.tar.xz
 085f7af8e7ecca9ab9c4ee041e818b01850fe3a5b53bda9b45ae299416b6a99c 403280 cloud-init_18.3-6_all.deb
 99bd208e29703790b2858836a830aac0119dd051f6a53c0fbe0e391f056b7f10 7983 cloud-init_18.3-6_amd64.buildinfo
Files:
 4dfec23986ec555e976518feef9ecead 2375 admin optional cloud-init_18.3-6.dsc
 e05be5270470060796a28d66f1c2e572 33632 admin optional cloud-init_18.3-6.debian.tar.xz
 d8051e59ece0310760af99c1434ce140 403280 admin optional cloud-init_18.3-6_all.deb
 8641b9147fa0049e8045c18b555f135e 7983 admin optional cloud-init_18.3-6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlzBWr4ACgkQq1PlA1ho
d6Zqqg/9Gy7rkttsDk88ie7ymBR6tjQW10THJ5Cszt8SQWWIBXe24RZ5e5fF1lrv
sy3o/PkUh16NjeJTIiReR1qD6EsEg8xurEUJUniiZro9GQ+KUO6Zw10iZa4tVvKh
fOO3azQyxy7duxfCSbif5bnTjp0RFqErPiMYD+xmYuTE/1F8UiY+BJw5YyhNO2No
Ez1FenFXmgupBxShjHMf8mdiZyo4FnJXOpRnWlwmSaiIaQvYTaDn+wj8Buf5NDE2
OdcIsz6wFr0TuMWQfJ1MpsRq5VJ2X4cWOcpP4eZ0N8SMasvB2avTL73lMr+s7mTQ
P6FrS9P8kFfDlvWwBkcph62h9TA/LIBBSl5TOEuMkyhkQS1Kb6NPK92FB+a4bJR5
+bPo90OOFfguoymxE5u94DLWmh6JvR0WhOEazo8gXNMdrHNYvh0YbDwVP9Zl7XoS
vNMB3KrQmOIhmWiy1dIiPgXw1KWy40KP0STqxIGbfJHkz0cvtEKZvIrm5qiGOP/X
btDkxfoGhXILsx+H+plhw6R2F3b3hu2nia5lCiLjuwV0dijiOZU/cXIX9NfOlJ4K
yqrLdyDLs/Fx2FRhSr42TR7zo9Vi0Ln2v0Nr2l8FdoVndkcMQ7A7VzZucHriRi64
Hll1JgUUnYfIOj+NQZcZke5xQHwR9059+bAfDbo4B6ReUqTuxUs=
=EdiY
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#926043: CVE-2019-0816
Next by Date: Processing of cloud-init_18.3-6_amd64.changes
Previous by thread: Re: locales vs. locales-all
Next by thread: Processing of cloud-init_18.3-6_amd64.changes
Index(es):
- Date
- Thread