[Openstack-devel] Bug#699835: [openstack-dev] Essex patch for CVE-2013-0270
Thomas Goirand
thomas at goirand.fr
Wed Feb 13 14:27:05 UTC 2013
On 02/12/2013 12:11 AM, Thierry Carrez wrote:
> Dolph Mathews wrote:
>> Dan Prince also wrote a more specific fix for the same issue and
>> backported it to essex here:
>> https://bugs.launchpad.net/keystone/+bug/1098307
>
> Indeed, we didn't backport the size-limiting middleware because we don't
> backport new features as part of security vulnerability fixes (following
> what distributions security teams accept).
>
> As mentioned in the advisory, the fix for CVE-2013-0270 in Essex is here:
> https://review.openstack.org/#/c/21216/
I'm quite confused now.
We have CVE-2013-0247 and CVE-2013-0270. Aren't these the same problem?
Patches are conflicting and doing approximately the same in different ways.
Thomas
More information about the Openstack-devel
mailing list