[Openstack-devel] Bug#695830: Bug#695830: nova: CVE-2012-5625

Moritz Muehlenhoff jmm at inutil.org
Fri Dec 14 17:46:28 UTC 2012

On Thu, Dec 13, 2012 at 04:34:38PM +0800, Thomas Goirand wrote:
> On 12/13/2012 03:37 PM, Moritz Muehlenhoff wrote:
> > Package: nova
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > 
> > Please see http://seclists.org/oss-sec/2012/q4/435
> > 
> > Cheers,
> >         Moritz
> Hi Moritz,
> Thanks for opening this bug entry! I do appreciate (a lot) your
> commitment to the security in Debian and tracking all issues.
> However, this CVE is present only in Openstack Folsom, as described in
> the Affects: field of this link. Debian Wheezy/SID has Openstack Essex.
> Therefor, Debian isn't affected by this problem, and I'm closing this bug.
> Also, I am receiving security alerts for Openstack directly from the
> release manager (eg: ttx), and most of the time, one week in advance, if
> the bug/security-fix can be embargoed. You can assume I am aware of it
> (though reminding me is a good idea).
> Note that I'm about to upload Folsom in Experimental (it's ready on
> Alioth, I'm only waiting for FTP masters to approve openstack-pkg-tools
> which all packages now build-depends on).

Thanks! I don't use OpenStack and I have no idea what these codenames mean. 

If you're notified of an OpenStack issue in the future, which doesn't affect
the Debian version, please ping me on IRC or send a mail to 
team at security.debian.org so that we can update the Debian Security Tracker.


More information about the Openstack-devel mailing list