home  bbs  files  messages ]

      ZZLI4419             linux.debian.changes.devel             16930 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 16765 of 16930 on ZZLI4419, Wednesday 11-04-25, 5:40  
  From: DEBIAN FTP MASTERS  
  To: ALL  
  Subj: Accepted swift 2.36.0-5 (source) into un  
 4 
 archive/latest/1023787 
 0I@fasolo. 
 From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Fri, 31 Oct 2025 01:39:14 +0100 
 Source: swift 
 Architecture: source 
 Version: 2.36.0-5 
 Distribution: unstable 
 Urgency: high 
 Maintainer: Debian OpenStack  
 Changed-By: Thomas Goirand  
 Closes: 1120057 
 Changes: 
  swift (2.36.0-5) unstable; urgency=high 
  . 
    * Refreshed patches. 
    * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens 
 and 
      s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., 
 from 
      a presigned S3 URL), an unauthenticated attacker may obtain Keystone 
      authorization (ec2tokens can yield a fully scoped token; s3tokens can 
      reveal scope accepted by some services), resulting in unauthorized 
 access 
      and privilege escalation. Deployments where /v3/ec2tokens or 
 /v3/s3tokens 
      are reachable by unauthenticated clients (e.g., exposed on a public 
 API) 
      are affected. 
      Swift needs to be modified to accept the fix for Keystone, otherwise S3 
      authentication will stop working. 
      Deployers are advised to update Swift first, as the patched swift will 
 work 
      with unpatched keystone, while the opposite isn't true. 
      Applied upstream patch (Closes: #1120057): 
      Add bug-2119646-swift.patch, which offers swift side compatibility 
 with the 
      keystone fix. 
 Checksums-Sha1: 
  2996ed727f9438a5a39e030ce639c6e8224b63e1 3133 swift_2.36.0-5.dsc 
  c564504c8fcd5813e227bbb27852bf3c125d02b4 32248 swift_2.36.0-5.debian.tar.xz 
  5285305203933952bd80e7d05919697adaa23168 13901 swift_2.36.0-5_amd64. 
 buildinfo 
 Checksums-Sha256: 
  23797979586e1d863756e305e94a754da7f7d017cf15832050667a59aad74ca1 3133 
 swift_2.36.0-5.dsc 
  781182f81be464da3cb6ac0ad3f770667d99239e84ce38b5cc517db2cd8d374c 32248 
 swift_2.36.0-5.debian.tar.xz 
  1b760be7c7d4e6678d48f6fd4e794636c2d0bb6fba7f25394d036b96fdd7d43c 13901 
 swift_2.36.0-5_amd64.buildinfo 
 Files: 
  488b6577d5676b2e303fdda1aec90170 3133 net optional swift_2.36.0-5.dsc 
  8719d35d6dd92d766fa28fb33a395b2f 32248 net optional swift_2.36.0-5.debian. 
 tar.xz 
  f56bf05e4cf6860c6a33f4ecc9bb1f65 13901 net optional swift_2.36.0-5_amd64. 
 buildinfo 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmkKJUEACgkQ1BatFaxr 
 Q/76KQ//bAuDj+/kVoxmgWl/8UHuPGFLCOH9iHzV5gqnQ15sHxDtJbG4XQSgk3YU 
 cSaUm3UAx56Q0BrFa1/sDaNbi295rIBz09fK6fBpF6Hc/wqdM2koKmwZDKbSA75x 
 Pa5eTe7vU5VZh6FeYahUPV0wZyQoYY2USYoWiD+3H5JtF5bXDx8z/KUktrmOXBQC 
 ChnJpgtoS9Z17PO7SG54Q/Wop7G6WFtZ7ydeETHiBnw2hTxHIS7J2WVl5HaGh0Q8 
 i9g+oDNlTT9/vfO9jEZ69ADojokq6r3xq9qt5EfPfElBZ71s4BR5Y9P6iUomEkaO 
 CNvJ26lK0v/XWb+Ai2pMoDPQUrCPcaFdXWBFCD19UL/kbvO3491bNvmmv128rgj/ 
 5HHFdcMBu2JP1IZE+kkfgqiND90PKlwx090HyU2LjgWW1EBjLUilogzBJvnZL3EG 
 ALjbJH2pXnu+7wmkx7tNAjM75GWgjYb3S0MwxgReiH/Xc9IDKxa+GspvB9PZ+VWf 
 BRpZBDDwAAJw6hV26YoBDDG/UnQ+2Jo/fQ+yHysdY9folLdKWdanvkSsIf/LTf76 
 RBj7b+CZxJ0aNkFigi1HaMVbtT1fo3d/9+FwL2uiAs7Npm/91Q3BXvlzeuQtvKoO 
 W/wO61Tv/KKV8tr9e1GoUco3ypJY+6Ix/cieqzBMTZdYG28Wb3Y= 
 =bTzl 
 -----END PGP SIGNATURE----- 
  
  
 --==============T76527639655708878=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaQorFgAKCRCb9qggYcy5 
 IbrCAP0RcKycFuaOFZZVAqxuEDgS1AVoTL3h/h09QkFUnlISmgEAyKjHpekNBhUN 
 x8A2ALYxXjdUUyrdyX+jdVRz/sdHiQI¯H2 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 
    

[ list messages | list forums | previous | next | reply ]

search for:

328,116 visits
(c) 1994,  bbs@darkrealms.ca