[PKG-Openstack-devel] Bug#883621: Bug#883621: CVE-2017-17051 not fixed?
Thomas Goirand
zigo at debian.org
Thu Dec 7 08:45:01 UTC 2017
On 12/06/2017 09:34 PM, Salvatore Bonaccorso wrote:
> Hi Thomas,
>
> CVE-2017-17051 was not fixed afaics, only the regression which was
> introduced by OSSA-2017-005.
>
> See http://www.openwall.com/lists/oss-security/2017/12/05/5 for
> CVE-2017-17051.
>
> Could you relook?
>
> Regards,
> Salvatore
Hi Salvatore,
Indeed, I misunderstood how upstream fixed the problem, and failed to
see that there was 2 patches, the announces were indeed a bit confusing.
Thanks a lot for finding this out, and ensuring that I did the proper
fix. I'll try to push upstream to make a new release of Nova, so that
we've got better assurance all issues are addressed.
I've already applied upstream patch, the package is building, and I will
upload it shortly to Sid.
Cheers,
Thomas Goirand (zigo)
More information about the Openstack-devel
mailing list