[Secure-testing-team] Bug#720602: nova: CVE-2013-4278: Incomplete fix for CVE-2013-2256
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 23 18:44:17 UTC 2013
Package: nova
Version: 2013.1.2-3
Severity: grave
Tags: security upstream patch
*** /tmp/nova.reportbug
Package: nova
Severity: FILLINSEVERITY
Tags: security
Hi,
the following vulnerability was published for nova.
CVE-2013-4278[0]:
Nova private flavors resource limit circumvention
This is the CVE for the incomplete fix for previous CVE-2013-2256, see
bug #718905[1]. See furthermore [2] and patch for grizzly[3].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
http://security-tracker.debian.org/tracker/CVE-2013-4278
[1] http://bugs.debian.org/718905
[2] https://bugs.launchpad.net/ossa/+bug/1212179
[3] https://review.openstack.org/#/c/43281/
Regards,
Salvatore
More information about the Secure-testing-team
mailing list