[Openstack-devel] Bug#732022: closed by Thomas Goirand <zigo at debian.org> (Bug#732022: fixed in nova 2013.2.1-1)
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 14 06:01:37 UTC 2014
Hi,
On Wed, Dec 18, 2013 at 11:51:16AM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the nova package:
>
> #732022: nova: CVE-2013-7048: Nova live snapshots use an insecure local directory
>
> It has been closed by Thomas Goirand <zigo at debian.org>.
>From https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.2 and looking
at nova/virt/libvirt/driver.py this looks it is fixed only in
2013.2.2.
I have adjusted the severity though, as this if I understand it
correctly needs shell access to a nova compute-node to be exploited.
Regards,
Salvatore
More information about the Openstack-devel
mailing list