home  bbs  files  messages ]

      ZZLI4419             linux.debian.changes.devel             16930 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 16766 of 16930 on ZZLI4419, Wednesday 11-04-25, 5:50  
  From: DEBIAN FTP MASTERS  
  To: ALL  
  Subj: Accepted heat 1:25.0.0-2 (source) into u  
 4 
 archive/latest/1023788 
 0z@fasolo. 
 From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Tue, 04 Nov 2025 10:40:04 +0100 
 Source: heat 
 Architecture: source 
 Version: 1:25.0.0-2 
 Distribution: unstable 
 Urgency: high 
 Maintainer: Debian OpenStack  
 Changed-By: Thomas Goirand  
 Closes: 1120059 
 Changes: 
  heat (1:25.0.0-2) unstable; urgency=high 
  . 
    * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens 
 and 
      s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., 
 from 
      a presigned S3 URL), an unauthenticated attacker may obtain Keystone 
      authorization (ec2tokens can yield a fully scoped token; s3tokens can 
      reveal scope accepted by some services), resulting in unauthorized 
 access 
      and privilege escalation. Deployments where /v3/ec2tokens or 
 /v3/s3tokens 
      are reachable by unauthenticated clients (e.g., exposed on a public 
 API) 
      are affected. 
      The heat part that is using the S3 API needs to be modified to accept 
 the 
      fix for Keystone, otherwise S3 authentication will stop working. 
      Applied upstream patch (Closes: #1120059): 
      Keystone_requires_authentication_when_using_the__v3_ec3token_endpoint. 
 patch 
 Checksums-Sha1: 
  47f3e2ee4d32e09f4b993dfcf2c14bd7b004b14c 3980 heat_25.0.0-2.dsc 
  b1f49ca644235856450435130e1b5f489a433d4e 24412 heat_25.0.0-2.debian.tar.xz 
  ae1c8487dc33f49ede44fbfe40966ed287382cf1 19806 heat_25.0.0-2_amd64. 
 buildinfo 
 Checksums-Sha256: 
  97b08c59e1e819bc27cf6e02d15b3f92b2d34fd146a8f4ed392bb7c8f56614e1 3980 
 heat_25.0.0-2.dsc 
  43bd988bfffc75738917e786cd3ebc90c4c3cf74650da2e59d628af62bc448cb 24412 
 heat_25.0.0-2.debian.tar.xz 
  f40c58b22643e9898377c7958e2a173610b031c201f3deff73e9868e4173f929 19806 
 heat_25.0.0-2_amd64.buildinfo 
 Files: 
  b45c4ef5624130d744651b0434c3b39b 3980 web optional heat_25.0.0-2.dsc 
  b5af36ca22fb54c4a707df7282ef1c5a 24412 web optional heat_25.0.0-2.debian. 
 tar.xz 
  e3c567cf971dc726e7fca0670209faca 19806 web optional heat_25.0.0-2_amd64. 
 buildinfo 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmkKKM4ACgkQ1BatFaxr 
 Q/5LvQ//VWNHsN7yOhGPke31NyH+KXf0PHMX4lSXErpEaM/Yg5SYDDKL7Dmt3O74 
 3QCCw0sCFbD3CudTB3Wr1C8zoSBsNoxRu+bze7S/LuLqitt1CSCoYP0H9f8d+Qor 
 Xig0XthlMnyOZAhS/l3Od3rYFW2/qhH9Nf2XrNTzKtgSuNMuZuCMSg+DAkV+Kedq 
 ZVrTdZ8Y1U+Kt6gf8AXN5ryTcCgIj7+BaMMRIfMIVEAf+nYIqe4FhNornr4PwMWJ 
 0qev2zNxmmqVY6uCF5KtnhgL9RzFC6mpi1swnkannkckewpL5aosm8E9GwA/ExUW 
 6HMt7+e2f+WV2a/0sHoudgEGct0c5pGUDVTCeQvO2kq6y4QjptBczHDg+oyzyF/r 
 KR/uSmI36BDkU44bTQ8RfJ0lCTj7yAR6lZP1GEzKVEjdMrt0YWwpQZMa+H/7BVvu 
 2+8ja7CdBdc7eNWsnnQaeB5CAsXzvFtT72tOMy+Sr/YJf/VhE7hPgblmF3iZkgMr 
 7HPHUvZeUZVkXLC7YUy09Hs5vjd5va0RDMkc+VzACQ21drPZkEO7o3OeyIsIJVic 
 1uXA1uUYekR8xJhA8UFbqfPrkIwihttG74u4zsmEkysPBsb2scjNdPsS06M4biVr 
 HuGHEo9R+Pg2jg6G+BNWxQTi6eUaKTTt3QV+jIlqhonFZRukOFI= 
 =I8xd 
 -----END PGP SIGNATURE----- 
  
  
 --==============!24968023717294707=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaQouewAKCRCb9qggYcy5 
 IY8eAP9Z3pe+jAeTQ61h3/FIAeXqMLq3tVlAHrONW6YIlTKRogD/TocCXVi3BRCN 
 WgL7We/BD1v5IqB+TvGBR3hWYtnnHQw=bH7k 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 
    

[ list messages | list forums | previous | next | reply ]

search for:

328,089 visits
(c) 1994,  bbs@darkrealms.ca