[Openstack-devel] Bug#695830: Bug#695830: nova: CVE-2012-5625

Thomas Goirand zigo at debian.org
Thu Dec 13 08:34:38 UTC 2012

On 12/13/2012 03:37 PM, Moritz Muehlenhoff wrote:
> Package: nova
> Severity: grave
> Tags: security
> Justification: user security hole
> Please see http://seclists.org/oss-sec/2012/q4/435
> Cheers,
>         Moritz

Hi Moritz,

Thanks for opening this bug entry! I do appreciate (a lot) your
commitment to the security in Debian and tracking all issues.

However, this CVE is present only in Openstack Folsom, as described in
the Affects: field of this link. Debian Wheezy/SID has Openstack Essex.
Therefor, Debian isn't affected by this problem, and I'm closing this bug.

Also, I am receiving security alerts for Openstack directly from the
release manager (eg: ttx), and most of the time, one week in advance, if
the bug/security-fix can be embargoed. You can assume I am aware of it
(though reminding me is a good idea).

Note that I'm about to upload Folsom in Experimental (it's ready on
Alioth, I'm only waiting for FTP masters to approve openstack-pkg-tools
which all packages now build-depends on).

Cheers, and happy hacking,


More information about the Openstack-devel mailing list