[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#785780: jessie-pu: package python-keystonemiddleware 1.0.0-3 -> 1.0.0-3+deb8u1 and python-keystoneclient 0.10.1-2 -> 0.10.1-2+deb8u1 (CVE-2015-1852)

Control: tags -1 + moreinfo

On 2015-05-20 7:27, Thomas Goirand wrote:
After a discussion with the security team, we agreed that this update
should be done through p-u.

The bug is that in keystoneclient & keystonemiddleware, the option by
default is:


If you uncomment it, and set it to either true or false, it will always
be interpreted as true (even if it is set to false). This is due to the
code missing options to convert the string into it's boolean value.
Both packages (and their corresponding debdiffs) are available at:

Please allow me to upload both to jessie-proposed-updates.

Please attach the debdiffs to the bug report.



Reply to: