[PKG-Openstack-devel] Bug#852742: python-oslo.middleware: CVE-2017-2592: CatchErrors leaks sensitive values in oslo.middleware
Thomas Goirand
zigo at debian.org
Fri Jan 27 15:57:09 UTC 2017
On 01/26/2017 10:11 PM, Salvatore Bonaccorso wrote:
> Source: python-oslo.middleware
> Version: 3.19.0-2
> Severity: grave
> Tags: security patch upstream
> Forwarded: https://launchpad.net/bugs/1628031
>
> Hi,
>
> the following vulnerability was published for python-oslo.middleware.
>
> CVE-2017-2592[0]:
> CatchErrors leaks sensitive values in oslo.middleware
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-2592
> [1] https://launchpad.net/bugs/1628031
>
> Regards,
> Salvatore
Hi Salvatore,
Thanks for the notification.
IMO this isn't a grave issue. To be able to read the logs, someone would
need to have access to the server logs, meaning having privileged access
to the server.
I have never the less uploaded the upstream patch to Sid, and asked for
an unblock to the release team (with 5 days delay).
Cheers,
Thomas Goirand (zigo)
More information about the Openstack-devel
mailing list