[PKG-Openstack-devel] Bug#796108: CVE-2015-5694 CVE-2015-5695
Kiall Mac Innes
kiall at macinnes.ie
Wed Aug 19 14:36:14 UTC 2015
Hey - Upstream Designate maintainer here.
Icehouse - aka 2014.1 - is partially affected by CVE-2015-5695, failure
to enforce recordset quotas.
This was the less severe of the two CVEs, which we treated as a feature
not implemented rather than a security issue initially. Additionally,
the issue could only be exploited through the disabled by default +
marked experimental V2 API.
Regardless - The patch at [1] should be easy enough to re-work for Icehouse.
Thanks,
Kiall
[1]: https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch
On 19/08/15 09:11, Moritz Muehlenhoff wrote:
> Source: designate
> Severity: grave
> Tags: security
>
> Hi,
> please see the thread starting here:
> https://marc.info/?l=oss-security&m=143810184926097&w=2
>
> Can you please check with upstream whether 2014.1 from jessie
> is affected, if so we should fix it.
>
> Cheers,
> Moritz
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20150819/35c7fae9/attachment.html>
More information about the Openstack-devel
mailing list