[PKG-Openstack-devel] Bug#883621: Bug#883621: CVE-2017-17051 not fixed?
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 7 15:59:01 UTC 2017
Hi Thomas,
On Thu, Dec 07, 2017 at 09:45:01AM +0100, Thomas Goirand wrote:
> On 12/06/2017 09:34 PM, Salvatore Bonaccorso wrote:
> > Hi Thomas,
> >
> > CVE-2017-17051 was not fixed afaics, only the regression which was
> > introduced by OSSA-2017-005.
> >
> > See http://www.openwall.com/lists/oss-security/2017/12/05/5 for
> > CVE-2017-17051.
> >
> > Could you relook?
> >
> > Regards,
> > Salvatore
>
> Hi Salvatore,
>
> Indeed, I misunderstood how upstream fixed the problem, and failed to
> see that there was 2 patches, the announces were indeed a bit confusing.
> Thanks a lot for finding this out, and ensuring that I did the proper
> fix. I'll try to push upstream to make a new release of Nova, so that
> we've got better assurance all issues are addressed.
>
> I've already applied upstream patch, the package is building, and I will
> upload it shortly to Sid.
Thank you! I have updated the security-tracker recording the fixed
version.
Regards,
Salvatore
More information about the Openstack-devel
mailing list