[PKG-Openstack-devel] Bug#796108: CVE-2015-5694 CVE-2015-5695
Kiall Mac Innes
kiall at macinnes.ie
Wed Aug 19 14:36:14 UTC 2015
Hey - Upstream Designate maintainer here.
Icehouse - aka 2014.1 - is partially affected by CVE-2015-5695, failure
to enforce recordset quotas.
This was the less severe of the two CVEs, which we treated as a feature
not implemented rather than a security issue initially. Additionally,
the issue could only be exploited through the disabled by default +
marked experimental V2 API.
Regardless - The patch at  should be easy enough to re-work for Icehouse.
On 19/08/15 09:11, Moritz Muehlenhoff wrote:
> Source: designate
> Severity: grave
> Tags: security
> please see the thread starting here:
> Can you please check with upstream whether 2014.1 from jessie
> is affected, if so we should fix it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack-devel