Your message dated Sat, 05 Sep 2015 14:31:07 +0100 with message-id <1441459867.2151.32.camel@adam-barratt.org.uk> and subject line Closing p-u bugs for 8.2 has caused the Debian Bug report #785780, regarding jessie-pu: package python-keystonemiddleware 1.0.0-3 -> 1.0.0-3+deb8u1 and python-keystoneclient 0.10.1-2 -> 0.10.1-2+deb8u1 (CVE-2015-1852) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 785780: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785780 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package python-keystonemiddleware 1.0.0-3 -> 1.0.0-3+deb8u1 and python-keystoneclient 0.10.1-2 -> 0.10.1-2+deb8u1 (CVE-2015-1852)
- From: Thomas Goirand <zigo@debian.org>
- Date: Wed, 20 May 2015 08:27:23 +0200
- Message-id: <20150520062723.738.63332.reportbug@buzig2.mirantis.com>
Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Dear release team, After a discussion with the security team, we agreed that this update should be done through p-u. The bug is that in keystoneclient & keystonemiddleware, the option by default is: #insecure=false If you uncomment it, and set it to either true or false, it will always be interpreted as true (even if it is set to false). This is due to the code missing options to convert the string into it's boolean value. The patch is trivial, and can be stripped down to: - insecure = conf.get('insecure', False) + insecure = strutils.bool_from_string(conf.get('insecure', False)) for both python-keystonemiddleware and python-keystoneclient. The rest of the debdiff is unecessary noise (like a new unit test to avoid regressions, adding python-oslo.utils as new (build-)dependency, which contains the function strutils.bool_from_string() and things of this kind) that isn't helpful to study the patch, so I am not sending the debdiff as attachement. If you want the full debdiff, it's available next to the packages I wish to upload. Both packages (and their corresponding debdiffs) are available at: http://sid.gplhost.com/jessie-proposed-updates/ Please allow me to upload both to jessie-proposed-updates. Cheers, Thomas Goirand (zigo) P.S: Am I right with the version numbers? I'm not sure here...
--- End Message ---
--- Begin Message ---
- To: 782381-done@bugs.debian.org, 785573-done@bugs.debian.org, 785780-done@bugs.debian.org, 787067-done@bugs.debian.org, 787299-done@bugs.debian.org, 787478-done@bugs.debian.org, 787635-done@bugs.debian.org, 787642-done@bugs.debian.org, 787692-done@bugs.debian.org, 787806-done@bugs.debian.org, 787867-done@bugs.debian.org, 787904-done@bugs.debian.org, 787952-done@bugs.debian.org, 788054-done@bugs.debian.org, 788110-done@bugs.debian.org, 788241-done@bugs.debian.org, 788283-done@bugs.debian.org, 788531-done@bugs.debian.org, 788608-done@bugs.debian.org, 788612-done@bugs.debian.org, 788615-done@bugs.debian.org, 788665-done@bugs.debian.org, 788928-done@bugs.debian.org, 788938-done@bugs.debian.org, 789189-done@bugs.debian.org, 789393-done@bugs.debian.org, 789724-done@bugs.debian.org, 789786-done@bugs.debian.org, 790060-done@bugs.debian.org, 790245-done@bugs.debian.org, 790833-done@bugs.debian.org, 790939-done@bugs.debian.org, 791792-done@bugs.debian.org, 792369-done@bugs.debian.org, 792452-done@bugs.debian.org, 793020-done@bugs.debian.org, 793163-done@bugs.debian.org, 793430-done@bugs.debian.org, 793470-done@bugs.debian.org, 793688-done@bugs.debian.org, 794003-done@bugs.debian.org, 794090-done@bugs.debian.org, 794407-done@bugs.debian.org, 795165-done@bugs.debian.org, 795271-done@bugs.debian.org, 795491-done@bugs.debian.org, 795706-done@bugs.debian.org, 795794-done@bugs.debian.org, 795911-done@bugs.debian.org, 795947-done@bugs.debian.org, 796088-done@bugs.debian.org, 796112-done@bugs.debian.org, 796379-done@bugs.debian.org, 796573-done@bugs.debian.org, 796595-done@bugs.debian.org, 796846-done@bugs.debian.org, 796975-done@bugs.debian.org, 797083-done@bugs.debian.org, 797179-done@bugs.debian.org, 797201-done@bugs.debian.org, 797209-done@bugs.debian.org, 797246-done@bugs.debian.org, 797304-done@bugs.debian.org, 797328-done@bugs.debian.org
- Subject: Closing p-u bugs for 8.2
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 05 Sep 2015 14:31:07 +0100
- Message-id: <1441459867.2151.32.camel@adam-barratt.org.uk>
Version: 8.2 Hi, These bugs correspond to updates which were included in the 8.2 point release. Regards, Adam
--- End Message ---