[pkg-eucalyptus-maintainers] Bug#608289: Bug#608289: CVE-2010-3905

Charles Plessy plessy at debian.org
Fri Dec 31 14:45:26 UTC 2010


tag 608289 + moreinfo
thanks

Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit :
> Package: eucalyptus
> Severity: serious
> Tags: security
> 
> CVE-2010-3905[0]:
> | The password reset feature in the administrator interface for
> | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which
> | allows remote attackers to gain privileges by sending password reset
> | requests for other users.

Dear Giuseppe and Eucalyptus packagers,

Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close
it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that
we will jump directly to 2.0.2 or later when we will upgrade the package.

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan





More information about the pkg-eucalyptus-maintainers mailing list