[Openstack-devel] Bug#728605: Bug#728605: nova: CVE-2013-4463 and CVE-2013-4469
Thomas Goirand
zigo at debian.org
Fri Dec 6 07:16:14 UTC 2013
On 11/03/2013 10:27 PM, Salvatore Bonaccorso wrote:
> Package: nova
> Severity: important
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerabilities were published for nova.
>
> CVE-2013-4463[0]:
> Compressed disk image DoS
>
> CVE-2013-4469[1]:
> Denial of Service (Incomplete fix for CVE-2013-2096)
>
> Red Hat Bugzillla provides patches for both CVE's at [2] (note the CVE
> split, but the patches are found in [2]).
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] http://security-tracker.debian.org/tracker/CVE-2013-4463
> [1] http://security-tracker.debian.org/tracker/CVE-2013-4469
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1023239
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1023581
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
This one has been fixed in Sid, please update the tracker.
I'll work on backporting the fix to Stable.
Thomas
More information about the Openstack-devel
mailing list