[PKG-Openstack-devel] Bug#852742: python-oslo.middleware: CVE-2017-2592: CatchErrors leaks sensitive values in oslo.middleware
zigo at debian.org
Fri Jan 27 15:57:09 UTC 2017
On 01/26/2017 10:11 PM, Salvatore Bonaccorso wrote:
> Source: python-oslo.middleware
> Version: 3.19.0-2
> Severity: grave
> Tags: security patch upstream
> Forwarded: https://launchpad.net/bugs/1628031
> the following vulnerability was published for python-oslo.middleware.
> CatchErrors leaks sensitive values in oslo.middleware
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
>  https://security-tracker.debian.org/tracker/CVE-2017-2592
>  https://launchpad.net/bugs/1628031
Thanks for the notification.
IMO this isn't a grave issue. To be able to read the logs, someone would
need to have access to the server logs, meaning having privileged access
to the server.
I have never the less uploaded the upstream patch to Sid, and asked for
an unblock to the release team (with 5 days delay).
Thomas Goirand (zigo)
More information about the Openstack-devel