[Openstack-devel] Bug#695830: Bug#695830: nova: CVE-2012-5625
Thomas Goirand
zigo at debian.org
Thu Dec 13 08:34:38 UTC 2012
On 12/13/2012 03:37 PM, Moritz Muehlenhoff wrote:
> Package: nova
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see http://seclists.org/oss-sec/2012/q4/435
>
> Cheers,
> Moritz
Hi Moritz,
Thanks for opening this bug entry! I do appreciate (a lot) your
commitment to the security in Debian and tracking all issues.
However, this CVE is present only in Openstack Folsom, as described in
the Affects: field of this link. Debian Wheezy/SID has Openstack Essex.
Therefor, Debian isn't affected by this problem, and I'm closing this bug.
Also, I am receiving security alerts for Openstack directly from the
release manager (eg: ttx), and most of the time, one week in advance, if
the bug/security-fix can be embargoed. You can assume I am aware of it
(though reminding me is a good idea).
Note that I'm about to upload Folsom in Experimental (it's ready on
Alioth, I'm only waiting for FTP masters to approve openstack-pkg-tools
which all packages now build-depends on).
Cheers, and happy hacking,
Thomas
More information about the Openstack-devel
mailing list