<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">Reworked patch, minus the tests. <br>

      <br>

      The OpenStack/Designate project during icehouse did not cap

      requirements, causing the unit tests to fail to run.<br>

      <br>

      I would recommend ensuring the tests pass given the set of

      dependencies in Jessie before applying and pushing.<br>

      <br>

      Thanks,<br>

      Kiall<br>

      <br>

      On 19/08/15 09:36, Kiall Mac Innes wrote:<br>

    </div>

    <blockquote cite="mid:55D4945E.5090609@macinnes.ie" type="cite">

      <meta content="text/html; charset=windows-1252"

        http-equiv="Content-Type">

      <div class="moz-cite-prefix">Hey - Upstream Designate maintainer

        here.<br>

        <br>

        <meta http-equiv="content-type" content="text/html;

          charset=windows-1252">

        Icehouse - aka 2014.1 - is partially affected by CVE-2015-5695,

        failure to enforce recordset quotas. <br>

        <br>

        This was the less severe of the two CVEs, which we treated as a

        feature not implemented rather than a security issue initially.

        Additionally, the issue could only be exploited through the

        disabled by default + marked experimental V2 API.<br>

        <br>

        Regardless - The patch at [1] should be easy enough to re-work

        for Icehouse.<br>

        <br>

        Thanks,<br>

        Kiall<br>

        <br>

        [1]: <a moz-do-not-send="true" class="moz-txt-link-freetext"

href="https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch">https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch</a><br>

        <br>

        On 19/08/15 09:11, Moritz Muehlenhoff wrote:<br>

      </div>

      <blockquote

        cite="mid:20150819141100.15628.65061.reportbug@pisco.westfalen.local"

        type="cite">

        <pre wrap="">Source: designate

Severity: grave

Tags: security

Hi,

please see the thread starting here:

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://marc.info/?l=oss-security&m=143810184926097&w=2">https://marc.info/?l=oss-security&m=143810184926097&w=2</a>

Can you please check with upstream whether 2014.1 from jessie

is affected, if so we should fix it.

Cheers,

        Moritz

</pre>

      </blockquote>

      <br>

    </blockquote>

    <br>

  </body>

</html>