Date: Thu, 19 Feb 2015 12:44:36 -0500 (EST) From: cve-assign@...re.org To: tristan.cacqueray@...vance.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request for vulnerability in OpenStack Glance -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Title: Glance import task leaks image in backend Is this about two separate findings, one in 2014 and one in 2015, that were ultimately fixed at the same time in Glance: https://review.openstack.org/#/c/122427/ Sep 18, 2014 ... an exception is raised and is not handled ... the uploaded image file stays in a storage and clogs it https://review.openstack.org/#/c/156553 Feb 17, 2015 ... Import task does not update the location of the image ... Image data remains in backend for deleted image ? If so, then it should have two CVE IDs. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU5iCbAAoJEKllVAevmvmsN9oH/ilgIGL/X5VyVLc55d4egDZs flqTOk5e7VTA6B31iX6/O3A74SUXPNTEilzzm5wsx0+fTb9cblgRSLU69PqnC45U U+FU0kjeiyEMN0UGYPGxC37EctrIBu/SMattJZ2Z9EpAZZ0eAai2zUvNt3/5DVSS +6cctx7z5jsm4Qz+gXDkYhl6HJlxJ2m596NcFZWvjEMtlTFEfKMHSSvkcYJG315O H8bvt82lZFL7df3LCsrlbdey6r/jdrLBcP0Epmv87igla211Lr21yZ/zCyJHLIpi xdiqwNcTDLrIVH7BSUrCdsS0uDfy3q05IW/9YmN/n45qO6cB22Iy03IKo/GizIc= =NiIp -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ