[pkg-eucalyptus-maintainers] Bug#608289: [Debian] Bug#608289: Bug#608289: CVE-2010-3905
Neil Soman
neil at eucalyptus.com
Fri Dec 31 15:59:41 UTC 2010
Folks, this regression was introduced in the 2.0 series and does not
affect Eucalyptus 1.6.2 to the best of my knowledge.
neil
On Dec 31, 2010, at 6:51 AM, Charles Plessy <plessy at debian.org> wrote:
> tag 608289 + moreinfo
> thanks
>
> Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit :
>> Package: eucalyptus
>> Severity: serious
>> Tags: security
>>
>> CVE-2010-3905[0]:
>> | The password reset feature in the administrator interface for
>> | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which
>> | allows remote attackers to gain privileges by sending password reset
>> | requests for other users.
>
> Dear Giuseppe and Eucalyptus packagers,
>
> Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close
> it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that
> we will jump directly to 2.0.2 or later when we will upgrade the package.
>
> Have a nice day,
>
> --
> Charles Plessy
> Tsurumi, Kanagawa, Japan
>
>
>
> _______________________________________________
> pkg-eucalyptus-maintainers mailing list
> pkg-eucalyptus-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-eucalyptus-maintainers
More information about the pkg-eucalyptus-maintainers
mailing list