Project

General

Profile

Actions
Copy link

Bug #26571

closed

CVE-2019-3845 - Add ACLs around Qpid QMF

Added by Jonathon Turel about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Jonathon Turel
Category:
Foreman modules
Target version:
Foreman - 1.22.0
Difficulty:
Triaged:
Yes
Bugzilla link:
1685588
Pull request:
https://github.com/theforeman/puppet-qpid/pull/120, https://github.com/theforeman/puppet-katello/pull/283, https://github.com/theforeman/puppet-foreman_proxy_content/pull/197, https://github.com/theforeman/foreman-installer/pull/341, https://github.com/theforeman/puppet-katello/pull/285, https://github.com/theforeman/puppet-foreman_proxy_content/pull/201
Fixed in Releases:
Foreman - 1.21.3, Foreman - 1.22.0
Found in Releases:
Red Hat JIRA:
Actions
Copy link
 #1

Updated by Jonathon Turel about 6 years ago

  • Project changed from Katello to Installer
  • Target version deleted (Katello 3.12.0)
Actions
Copy link
 #2

Updated by The Foreman Bot about 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-qpid/pull/120 added
Actions
Copy link
 #3

Updated by The Foreman Bot about 6 years ago

  • Pull request https://github.com/theforeman/puppet-katello/pull/283 added
Actions
Copy link
 #4

Updated by The Foreman Bot about 6 years ago

  • Pull request https://github.com/theforeman/puppet-foreman_proxy_content/pull/197 added
Actions
Copy link
 #5

Updated by Jonathon Turel about 6 years ago

To test (assumes forklifted dev env):

- follow forklift docs (https://github.com/theforeman/forklift/blob/master/docs/development.md#test-puppet-module-pull-requests) to test the linked PRs
- 'vagrant provision centos7-katello-devel'
- verify that /etc/qpid/qpid.acl is populated according to the PR
- verify that /etc/qpid-dispatch/qdrouter.conf "connector" has sasl-mechanism PLAIN, sasl-username katello_agent and sasl-password that resembles a password
- verify that services qpidd and qdrouterd are running properly
- register a client, verify that package actions can be performed as usual

Actions
Copy link
 #6

Updated by Jonathon Turel about 6 years ago

  • Bugzilla link set to 1685588
Actions
Copy link
 #7

Updated by Jonathon Turel about 6 years ago

  • Priority changed from Normal to High
Actions
Copy link
 #8

Updated by Ewoud Kohl van Wijngaarden about 6 years ago

  • Category set to Foreman modules
  • Status changed from Ready For Testing to Closed
  • Target version set to 1.22.0
  • Triaged changed from No to Yes
  • Fixed in Releases 1.22.0 added
Actions
Copy link
 #9

Updated by The Foreman Bot about 6 years ago

  • Pull request https://github.com/theforeman/foreman-installer/pull/341 added
Actions
Copy link
 #10

Updated by The Foreman Bot about 6 years ago

  • Pull request https://github.com/theforeman/puppet-katello/pull/285 added
Actions
Copy link
 #11

Updated by Tomer Brisker about 6 years ago

  • Fixed in Releases 1.21.3 added
Actions
Copy link
 #12

Updated by Tomer Brisker about 6 years ago

  • Subject changed from Add ACLs around Qpid QMF to CVE-2019-3845 - Add ACLs around Qpid QMF
Actions
Copy link
 #13

Updated by The Foreman Bot about 6 years ago

  • Pull request https://github.com/theforeman/puppet-foreman_proxy_content/pull/201 added
Actions
Copy link

Also available in: Atom PDF