[Openstack-devel] Bug#695830: Bug#695830: nova: CVE-2012-5625
Moritz Muehlenhoff
jmm at inutil.org
Fri Dec 14 17:46:28 UTC 2012
On Thu, Dec 13, 2012 at 04:34:38PM +0800, Thomas Goirand wrote:
> On 12/13/2012 03:37 PM, Moritz Muehlenhoff wrote:
> > Package: nova
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Please see http://seclists.org/oss-sec/2012/q4/435
> >
> > Cheers,
> > Moritz
>
> Hi Moritz,
>
> Thanks for opening this bug entry! I do appreciate (a lot) your
> commitment to the security in Debian and tracking all issues.
>
> However, this CVE is present only in Openstack Folsom, as described in
> the Affects: field of this link. Debian Wheezy/SID has Openstack Essex.
> Therefor, Debian isn't affected by this problem, and I'm closing this bug.
>
> Also, I am receiving security alerts for Openstack directly from the
> release manager (eg: ttx), and most of the time, one week in advance, if
> the bug/security-fix can be embargoed. You can assume I am aware of it
> (though reminding me is a good idea).
>
> Note that I'm about to upload Folsom in Experimental (it's ready on
> Alioth, I'm only waiting for FTP masters to approve openstack-pkg-tools
> which all packages now build-depends on).
Thanks! I don't use OpenStack and I have no idea what these codenames mean.
If you're notified of an OpenStack issue in the future, which doesn't affect
the Debian version, please ping me on IRC or send a mail to
team at security.debian.org so that we can update the Debian Security Tracker.
Cheers,
Moritz
More information about the Openstack-devel
mailing list